metasploit

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. OT, but very cool. Make your own QR code temporary tatoos.
    QR Code Temporary Tattoos Howto | The Guerilla CISO
    Tags: ( general )
  2. I think I pointed to something about this a bit ago, but here is more on chip and pin having issues.
    Light Blue Touchpaper >> Blog Archive >> Chip and PIN is broken
    Tags: ( chip-and-pin )
  3. Fun stuff here. Using WCF to scan inside the perimeter.
    Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
    Tags: ( scanning )
  4. Dave opines about 5 reasons your security program may be struggling.
    ShackF00 >> 5 Reasons Your Security Program is a Failure
    Tags: ( general security-program )
  5. Just in case you were not aware of it, OWASP has a broken web application project. It's a VM with vulnerable apps.
    owaspbwa - Project Hosting on Google Code
    Tags: ( webappsec education )
  6. Join the rant against the term "best practice." Drives me nuts, just like it does Adam.
    Best Practices for Defeating the term "Best Practices" << The New School of Information Security
    Tags: ( general )
  7. Josh has some good point about social networking and its use are work.
    Josh More - Starmind Blog >> Should we allow our employees to engage in social networking?
    Tags: ( social-networking )
  8. Check it out if you are in Europe or have a really big travel budget.
    Pimping the Security Non-Cons: Troopers 2010 | Rational Survivability
    Tags: ( conferences )
  9. Some cool and interesting stuff going on in the A6 world. Check out Chris's post about A6 and CloudAudit.
    The Automated Audit, Assertion, Assessment, and Assurance API (A6) Becomes: CloudAudit | Rational Survivability
    Tags: ( cloud a6 cloudaudit )
  10. Fun with social engineering and Metasploit.
    Social-Engineering Toolkit (SET)
    Tags: ( social-engineering metasploit )
  11. .:[ Layered Security ]:.: 802.11n card that works with BackTrack 4 - woohoo!
    Tags: ( backtrack tools wireless )
  12. Security-Shell: NoMore AND 1=1 - Web Application Testing Tool released
    Tags: ( webappsec sql-injection )
  13. 7 Things Every Information Security Professional Should Know -- My Information Security Job
    Tags: ( careers )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Jack Daniel
    Tags: ( interview d-list )
  2. Challenge 1 of the Forensic Challenge 2010 - pcap attack trace | The Honeynet Project
    Tags: ( challenge forensics )
  3. German Government: Don't use Internet Explorer | Graham Cluley's blog
    Tags: ( wepabbsec ie )
  4. Andrew Hay >> Blog Archive >> Get the Free Andrew Hay iTunes App
    Tags: ( general )
  5. /dev/random >> Adding Data Leakage Protection into Apache
    Tags: ( dlp apache )
  6. Metasploit: Reproducing the "Aurora" IE Exploit
    Tags: ( metasploit google aurora malware exploit )
  7. A checklist approach to security code reviews, part 4 << Security Ninja
    Tags: ( assessment wepappsec code-review )
  8. Would You Have Spotted the Fraud? -- Krebs on Security
    Tags: ( atm skimming )
  9. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Benjamin Tomhave
    Tags: ( interview d-list )
  10. Roger's Security Blog : Leveraging Data Execution Prevention (DEP)
    Tags: ( system-hardening )
  11. Following Google's Lead on Security? Don't Forget to Encrypt Cookies
    Tags: ( webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Google introduced a new DNS service today.
    Google Code Blog: Introducing Google Public DNS: A new DNS resolver from Google
    Tags: ( google dns )
  2. This is pretty neat. Metasploit now has a built in vulnerability scanner.
    Metasploit Gets New Vulnerabilty Scanning Features - DarkReading
    Tags: ( metasploit vulnerability-scanning )
  3. Very cool. Sourcefire has rolled out a couple of VMWare-based virtual IDS appliances.
    Product Watch: Snort Maker Rolls Out IPSes For Virtual Environments - DarkReading
    Tags: ( snort sourcefire ids virtualization )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it.
    Reusable Code: The Mason Jars of Security | threatpost
    Tags: ( programming general )
  2. Yes, we are the unsung heroes. BTW - you have to read this if for no other reason that the Y2K reference towards the end.
    Securosis Blog | Why Successful Risk Management is Still a Failure
    Tags: ( general risk-management )
  3. I love a good walk-through and Paul provides us one that shows a step-by-step how-to on reversing some Javascript shellcode. Good stuff!
    Paul Melson's Blog: Reversing JavaScript Shellcode: A Step By Step How-To
    Tags: ( reverse-engineering javascript shellcode )
  4. The Offensive Security Exploit archive is alive and kicking. It picks up where Milw0rm left off. Go check it out.
    Offensive Security Exploit Archive Goes live | Security Active Blog
    Tags: ( exploits milw0rm )
  5. This looks to be an interesting series. Adam will be exploring ways to help information security professionals build useful and productive relationships within their enterprises.
    Adam Cardinal: Building Relationships - Internal Audit Team - IANS Perspective
    Tags: ( general )
  6. Woot! Metasploit 3.3 is out. I am hearing good things about this. Go check it out.
    Metasploit: Metasploit Framework 3.3 Released!
    Tags: ( metasploit webappsec pentesting )
  7. Here is a quick how-to describing a method to decompile flash files.
    Carnal0wnage Blog: Decompiling Flash Files with SWFScan
    Tags: ( flash decompile webappsec )
  8. An interesting article that explores some real-life cross subdomain exploits.
    Real-Life Examples of Cross-Subdomain Issues | Social Hacking
    Tags: ( cross-subdomain webappsec )
  9. This is going to be a very cool project. Get involved.
    Securosis Blog | An Open Metrics Model for Database Security: Project Quant for Databases
    Tags: ( metrics databases )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adrian takes a look at a few database encryption myths.
    Securosis Blog | Database Encryption Misconceptions
    Tags: ( database encryption )
  2. The Infosec Cynic interviews Anton Chuvakin.
    Anton Chuvakin - Stuck In the Lift With The Cynic | The Infosec Cynic
    Tags: ( interview )
  3. A new free encryption tool is available. This one is provided by Sophos. That's pretty cool.
    Guest blog: Sophos Free Encryption | Graham Cluley's blog
    Tags: ( encryption tools sophos )
  4. Mark points out that Federal CIO Council's Information Security and Identity Management Committee released a document titled "Guidelines for Secure Use of Social Media by Federal Departments and Agencies." This is good stuff even if you aren't in the public sector.
    New Social Media "Guidelines" - Securing GovSpace
    Tags: ( social-networking guidelines )
  5. This is worth a read and a watch. It is the talk given by Matsano and Nate McFetters at last year's C4 conference. It is some guidance for independent Apple software developers. It also applies to non-apple developers too.
    Matasano Security LLC - Chargen - Indie Software Security: A ~12 Step Program
    Tags: ( sdl )
  6. Jack gives his perspective of the recent Massachusetts 201 CMR 17.00 public hearing. He was not impressed.
    Uncommon Sense Security: Making sausage, one hearing at a time
    Tags: ( law policy )
  7. The BruCon videos are up on the wiki and Xavier is also hosting a local copy.
    /dev/random >> BruCON Talks Video Mirror
    Tags: ( brucon videos )
  8. If you are having some issues with sqlninja and metasploit, take a look at this post.
    RaDaJo (RAul, DAvid and JOrge) Security Blog: Sqlninja & Metasploit
    Tags: ( sqlninja metasploit )
  9. Malware, like all software, tends to have common traits. This article talks about what some of them are.
    Categories of Common Malware Traits
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Two new and nifty things are coming, a social engineering framework and a new training module from Offensive Security on Metasploit. Yum!
    Social Engineering Framework and Metasploit Unleashed | SecuraBit
    Tags: ( training social-engineering metasploit )
  2. Looks like the gubment is looking at OpenID.
    Technology Security: US Government moves towards OpenID
    Tags: ( openid governement )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft is looking for some input from us on what we would like to see in the next iteration of the fine Sysinternals Tools. Help make these tools even better.
    SysInternals Survey
    Tags: ( tools sysinternals )
  2. Not specifically information security related, but very good information for those of us with hiring responsibilities.
    Uncommon Sense Security: How to not hire someone
    Tags: ( hiring )
  3. The latest Hak5 is out. Yummy things like packet injection, WPA attacks and virtualization are the topics.
    Hak5 - Technolust since 2005 >> Episode 517 - Packet Injection, WPA Attacks, Virtualization
    Tags: ( video )
  4. Oh boy. This looks very interesting. Time to play in the lab.
    Http over SMTP Proxy << SecTech
    Tags: ( tools pentest )
  5. You see me point at a lot of stuff that Christofer writes. Why? Because he often has things to say that should be heard/read. Therefore, when he says go look at something, I do. You should too! This presentation is awesome.
    Rational Survivability >> Mark Masterson's Brilliant Cloud Security Presentation
    Tags: ( cloud )
  6. Rob has written a nice walk-through on using the PassiveX feature of Metasploit. Obviously, only to be used for good, not evil.
    PassiveX fun with Metasploit | Room362.com
    Tags: ( metasploit pentest tutorial )
  7. Here is an interesting post, even if you are not super versed in Bayesian analysis.
    Voltage Superconductor : A Bayesian approach to understanding tokenization
    Tags: ( bayes )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Looks like NSA is now better prepared to see if someone is spying on their networks.
    NSA patents a way to spot network snoops - Network World
    Tags: ( intrusion detection nsa )
  2. Looks like Mozilla made a lier out of me. The had to release another Firefox 2 patch because they left something out of the supposed final 2.0.19 version.
    Mozilla re-issues Firefox 2 update, includes missing patch - Network World
    Tags: ( firefox mozilla patches )
  3. Looks like American Express didn't quite get that problem taken care of like they thought they did.
    American Express bitten by XSS bugs (again) * The Register
    Tags: ( xss vulnerability amex )
  4. Some good tips on managing your telecommuting population.
    Manage telecommuters without losing your mind
    Tags: ( guidance telecommuting )
  5. Want to know the real IP address of the target. Here's Decloak to help you out.
    SecuriTeam Blogs >> Metasploit's Decloak, v2
    Tags: ( metasploit )
  6. A nice list of a some nifty Firefox plugins.
    HiR Information Report: Firefox plugins for security and geeky fun
    Tags: ( firefox plugins )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Well the start of a new weeks is here, along with a batch of interesting things to take a look at. Only blogs again this time.

360 Security, along with many other folks, points out that the Apple DNS Patch Fails To Randomize.

Kurt Dobbins over at Arbor Networks has an interesting post up about the Myths and Realities of the Net Neutrality Debate. Good stuff in there.

Bruce Schneier brings to our attention that the U.S. government has published its policy regarding Seizing Laptops at Borders. Basically, we take when we want to and you don't have any say in the matter.

Nifty post up at Neohapsis talking about exploiting hardware vulnerabilities in the Intel CPU. Neat stuff. Kris Kaspersky's talk "Remote Code Execution Through Intel CPU Bugs" to be given at Hack in the Box was the impetus.

Wesley has created his first Metasploit module. It is a nifty tool. You should go take a look if you are interested in pen testing.

CG points to a paper and demo for DHCP script injection. Lots of fun to be had there.

Ha.ckers.org has a nice little bookmarklet that make is easy to use MSN IP Search to find domains on the same IP address as the web page you are reading.

Chris Hayes
continues his discussion of risk in response to Shrdlu's comments on a previous post. Good stuff.

Finally, Gary Warner points us to another story about an insider selling PII.

I will be leaving for Vegas on Thursday so there will be light posting here until next week.

Kevin

Technorati Tags: , , , , , , , ,

{ 1 comment }