sql injection

Here are today's Interesting Information Security Bits from around the web.

  1. You've probably already seen this, but if you haven't, Kaspersky had a little problem this weekend. They did get it corrected quickly.
    Kaspersky database exposed | Security and the Net
    Tags: ( vulnerability sql )
  2. Folks, as Graham says, secret is secret. Don't chatter about stuff on Facebook, Twitter, etc. that should be secret. Seems obvious, but apparently, some people are quite adept at missing the elephant standing in the room.
    Congressman Twitters secret trip to Iraq | Graham Cluley's blog
    Tags: ( privacy socialnetworking confidentiality )
  3. If you use OpenDNS as your name resolution provider, which I heartily recommend, you will have some additional protection in place this week.
    OpenDNS to step up fight against Conficker worm
    Tags: ( malware opendns conficker worms )
  4. A nice primer on DLP.
    What You Really Need To Know About Data Loss Prevention - insider threats/Management - DarkReading
    Tags: ( dlp )
  5. A nice post with some good recommendations.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: People Hacking 101: How to Infiltrate a Credit Agency
    Tags: ( data-leakage )
  6. The 2008 SANS Salary Survey is available.
    salary_survey_2008.pdf (application/pdf Object)
    Tags: ( salary )
  7. The latest Ethical Hacker Network challenge is up. Go get'em!
    The Ethical Hacker Network - Brady Bunch Boondoggle
    Tags: ( challenge )
  8. A new man-in-the-middle tool is available. It was released a Schmoo Con this weekend. Mubix has a copy for us if you are interested in playing with it.
    The Middler gets released at ShmooCon! - Room362.com
    Tags: ( pentest mitm )
  9. New version available of Samurai.
    Samurai LiveCD version 0.4 released | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( tools samarai )
  10. Something to think about. BTW - You might want to think about leaving your garage door opener in your vehicle. Or locking the door from the garage to the house if you do.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: Your GPS is evil
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.


Reblog this post [with Zemanta]


Hello all. Sorry I didn't get yesterday's post out. Today's includes yesterday's stuff and today's so it is a bit long.

From the Blogosphere.

DVLabs put a post up yesterday that is the first in a weekly feature that Cody is starting regarding reverse engineering tips and tricks. The first post takes a look at the Rhapsody Media Player. Interesting stuff.

Rafal gives us a real-world example of XSS. Worth a look.

Frank Cassano has part 2 of his Assessing your Organization's Network Perimiter available. Part 1 is here. Good stuff.

Rich points out that it in the world of SQL injection, it is very important that collaboration occur with our database admins and architects to ensure we are restricting rights appropriately.

Lori points out that dynamic resource obfuscation can help us make the target much harder to find, let alone hit for the evil haxors out there. She is not promoting security through obscurity, but suggesting that we can actively make it very difficult for an attacker to figure out what to attack.

Donald Donzal, the editor in chief at the Ethical Hacker Network has posted a recording and slides of the presentation he gave at the Sans What Works in Pen Testing Summit titled "Remodeling your career for little to no money down". I've got my copies downloaded and will be listening soon.

Via Xavier are /dev/random, Michael Boelen, the creator RootKit Hunter, has released a new tool that should be welcomed by all UNIX folks, Lynis: Security and System Auditing Tool. Go take a look.

Adam Dodge has a post up over at Security Catalyst that reminds us to keep in mind the samples used when reading a report. This applies to every report you might read that has statistical data in it, but he is specifically talking about the number of reports that have come out recently regarding breach statistics.

0x000000 has updated the mod_rewrite signatures used as a poor man's web application firewall to add some banner obsfucation stuff. If you haven't seen the full set, poke around on the site. It is good stuff.

Finally, the folks at wartchfire have an article up talking about cross environment hopping. This is where an XSS vulnerability is exploited to hop to another service hosted on the target client machine. Not cool. Go read it...twice 🙂

I will be posting the interesting bits from news sources a little later today.


Technorati Tags: , , , , , , , , ,