NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

9.04.2004

 
WinXP SP2 = security placebo? Apparently M$ spent $300 MIllion Dollars to develop a bandaid.

posted by GeeWhiz Saturday, September 04, 2004

 
Exploitation Engines from SecurityWizardry

posted by GeeWhiz Saturday, September 04, 2004

 
w00w00 on heap overflows. What is a woowoo anyway?

posted by GeeWhiz Saturday, September 04, 2004

 
Net-Twister bills itself as an automated pen-testing tool.

Warning: some "open source" security tools have back doors.

posted by GeeWhiz Saturday, September 04, 2004



9.03.2004

 
Breaking into voicemail systems is a ‘trivial task’

posted by arkng Friday, September 03, 2004

 
ICAT

If nothing else, it's a nice little research tool.

posted by Anonymous Friday, September 03, 2004

 
Host-based intrusion prevention free for your home:

Prevx releases free intrusion prevention software

Available at Prevx.com


posted by arkng Friday, September 03, 2004

 
Cyberterrorism OR hoax?

posted by GeeWhiz Friday, September 03, 2004

 
SSH and CVS Possibly Prone Port Bouncing Attack

posted by GeeWhiz Friday, September 03, 2004

 
AIM Away Message Buffer Overflow Exploit by John Bissell A.K.A. HighT1mes (first to reserve this for the project gets it)

posted by GeeWhiz Friday, September 03, 2004

 
More Oracle Issues! Where is your ERP application going today?

posted by GeeWhiz Friday, September 03, 2004



9.02.2004

 
NmapWin3.70

posted by Anonymous Thursday, September 02, 2004

 
CompleteWhois

posted by Anonymous Thursday, September 02, 2004

 
Protocom Announces Availability Of SecureLogin Advanced Authentication 1.9

For MS Networks, this software allows companies to incorporate the latest hardware into Active Directory to create a Multifactor Authentication environment.

posted by arkng Thursday, September 02, 2004

 
Wi-Fi group backs brawnier security standard

posted by arkng Thursday, September 02, 2004

 
ShmooCon Announcement and Call for Papers

Watch the Commercials! They're going to be the subject of a contest at ToorCon on September 23rd. The event is February 4th-6th at the Wardman Park Marriot in Washington, DC. Registration will open very soon and registering ASAP is highly advised.

Call for papers. Preliminary papers will be reviewed on Septembet 15th but the CFP is open until late fall. Somebody really should try. 757.org is already listed!

Topics for the “Break It!” track may include, but are not limited to, EXPLOITATION of:
· Consumer electronic devices
· Application, host, and network security
· Telephony
· Physical security

Topics for the “Build It!” track may include, but are not limited to, inventive software & hardware
SOLUTIONS in:
· Robotics
· Distributed computing
· Community wireless networking
· Mobile personal computing

Topics for the “BoF It!” track may include, but are not limited to, open DISCUSSION of the following:
· Privacy and anonymity
· Exploit and vulnerability disclosure / databases
· DRM (Digital Rights Management), fair use, copyright infringement
· Open source software world domination strategies

This is going to be awesome.

posted by GeeWhiz Thursday, September 02, 2004

 
A decent PowerPoint presentation on directory transversal attacks.
Another (more detailed) PPT on directory transversal (Dot Dot) attacks on an IIS box

posted by Anonymous Thursday, September 02, 2004

 
44 New Buffer Overflow Conditions in Oracle Database Server!
Oracle's announcement is very short but to the point: "exposure risk is high." If you think that proprietary software is any more secure than open source, I have an enterprise application that I'd like to sell to you.

posted by GeeWhiz Thursday, September 02, 2004

 
Honeynet Project: Scan of the Month (32)

This month challenge purpose is to reverse engineer a malware specimen, called "RaDa", and its main goal is learning from the community the methods, tools and procedures used to do it. Submissions should be sent no later than Friday, 1 October, 2004. The three best answers will win an author-signed copy of the book, "Malware: Fighting Malicious Code" by Ed Skoudis. This months challenge image and questions are managed by Jorge Ortiz, David Perez, and Raul Siles, all from HP Spain.

posted by GeeWhiz Thursday, September 02, 2004

 
Shellcoding for Linux and Windows Tutorial by Steve Hanna

Writing Windows Shellcode by Skape at NoLogin.org

posted by GeeWhiz Thursday, September 02, 2004



9.01.2004

 
Multiple Vulnerabilities in Oracle Products
Several vulnerabilities exist in the Oracle Database Server, Application Server, and Enterprise Manager software. Oracle's Collaboration Suite and E-Business Suite 11i contain the vulnerable software and are affected as well.

posted by Brenda Wednesday, September 01, 2004

 
Publication of Personal Information Probed

The Secret Service is investigating the publication of personal information about GOP convention delegates on a Web site, prompting complaints from the American Civil Liberties Union that the government is infringing upon the free-speech rights of political dissidents.

Federal authorities have subpoenaed Calyx Internet Access seeking to learn the Internet address of the person who posted a spreadsheet on Aug. 18 containing the names of about 1,600 delegates, along with their home addresses, phone numbers and e-mail addresses and the hotels at which they are staying in New York City.

Consultants Deliver Politics To Voters' Inboxes, at a Price

Millions of Americans who are already trying to fight off unwanted electronic mail from direct marketers are about to get deluged by another source: politicians and lobbying groups.

For the first time, a nationwide list of registered voters has been cross-referenced with multiple lists of e-mail addresses collected from magazine subscribers, catalogue shoppers, online poll participants and the like. The result is that legislators, candidates for office and interest groups can buy more than 25 million e-mail addresses of registered voters and contact them at will.

Sounds like information leaking to me.

WinZip 9.0 SR-1 Now Available

WinZip 9.0 SR-1 is a maintenance release of WinZip 9.0 containing important security-related fixes (including a privately reported buffer overflow) and improvements to WinZip.

posted by Brenda Wednesday, September 01, 2004

 
Doug sent in a link to Steve Gibson's Paper on Being DDos'ed By a 13 Year Old

posted by GeeWhiz Wednesday, September 01, 2004

 
NetSolve Outlines New Approach To Cyber Security

posted by arkng Wednesday, September 01, 2004

 
Phishers successfully get a DNS transfer for Ebay Germany.

posted by Anonymous Wednesday, September 01, 2004

 
Due to MD5 weaknesses, Bruce Schneier is Calling for NIST to Create New Hash Standards

Hash Collision Q&A: Cryptography Research has received many inquiries about the hash collision attacks that were recently announced at the CRYPTO 2004 conference. This document attempts to address these questions.

posted by GeeWhiz Wednesday, September 01, 2004

 
Maybe Outsourcing Isn't Such a Good Idea?

posted by GeeWhiz Wednesday, September 01, 2004

 
Richard Clarke Offers 10 Recommendations to Secure Systems

posted by GeeWhiz Wednesday, September 01, 2004

 
Tests Reveal e-Passport Flaws

posted by GeeWhiz Wednesday, September 01, 2004

 
FBI busts alleged DDoS Mafia as part of Operation Web Snare

posted by GeeWhiz Wednesday, September 01, 2004

 
Three seperate articles:

Kerberos critical hole allows system access
Report casts doubt on IRS hacking-detection system
Sophos reveals top ten Viruses and Hoaxes

posted by arkng Wednesday, September 01, 2004

 
An example of posting too much info in a blog:

Friendster Fires Developer for Blog

posted by arkng Wednesday, September 01, 2004

 
White Paper: A Model for when Disclosure Helps Security: What Is Different About Computer and Network Security? by Peter P. Swire

posted by GeeWhiz Wednesday, September 01, 2004



8.31.2004

 
Star38 is Planning to Offer Caller ID Spoofing as a Service Starting Next Week

posted by GeeWhiz Tuesday, August 31, 2004

 
Is it cynical to be circumspect about the Direct Marketing Association (paper SPAMmers) and the Business Software Alliance (Microsoft Front) Funding Federal Law Enforcement Operations Like Operation Web Snare?

posted by GeeWhiz Tuesday, August 31, 2004

 
SANS First Wednesday Webcast - Trends in Malware Evolution from Ed Skoudis
Wednesday, September 1, 2004, at 1:00 PM EDT (1700 UTC)

posted by GeeWhiz Tuesday, August 31, 2004

 
The case of Randall Schwartz

posted by Anonymous Tuesday, August 31, 2004

 
Fingerprinting Port 80 Attacks, Part 1
Fingerprinting Port 80 Attacks, Part 2

posted by Anonymous Tuesday, August 31, 2004



8.29.2004

 
Comprehensive Information Assurance Dictionary 3rd Draft (PDF Document)

posted by GeeWhiz Sunday, August 29, 2004

 
RFC 2828: Internet Security Glossary

posted by GeeWhiz Sunday, August 29, 2004





This page is powered by Blogger.
Site Meter Locations of visitors to this page