Adobe Release Flash Player 10.3.181.34 available at http://get.adobe.com/flashplayer/, (Thu, Jun 30th)
Updated: 2011-06-30 17:54:59
...(more)...
Mobius Forensic Toolkit
Updated: 2011-06-30 16:31:00
Update for RSA Authentication Manager, (Thu, Jun 30th)
Updated: 2011-06-30 16:01:00RSAposted SP4 Patch 4 of their Authentication Manager product today. There are a few pages of ...(more)...WordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/, (Thu, Jun 30th)
Updated: 2011-06-30 12:38:11...(more)...Howto: Root Samsung Galaxy Tab 10.1 and Install Ubuntu on it. [Windows]
Updated: 2011-06-30 11:01:00Advanced Vulnerability Scanning Using Nessus Course
Updated: 2011-06-30 11:00:00Android app. for my site.
Updated: 2011-06-30 10:12:00Sony PSN Breach Infographic
Updated: 2011-06-30 03:50:00Symantec Report - Spam Surge against Social Networks, (Thu, Jun 30th)
Updated: 2011-06-30 01:57:17Symantec published today a report that spam attacks via social networks (Facebook, Twitter and YouTu ...(more)...Random SSL Tips and Tricks, (Wed, Jun 29th)
Updated: 2011-06-29 19:24:05SSLor TLS is *the* security protocol to encrypt in particular HTTPtraffic. We a ...(more)...Open Web Application Security Project: OWASP iGoat 1.0
Updated: 2011-06-29 17:16:09The iGoat tool is a learning tool, primarily meant for iOS developers (but also useful to IT security practitioners, security architects, and others who simply want to learn about iOS security). It takes its name and inspiration from the venerable OWASP WebGoat tool. Like WebGoat, iGoat users explore a number of security weaknesses in iOS [...]OWASP Mantra – Security Framework – OWASP
Updated: 2011-06-29 17:11:34Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is lite, flexible, portable and user friendly with a nice [...]Guest on Aluc.tv
Updated: 2011-06-29 14:06:04Over the weekend I had a chance to be a guest on the Aluc.TV podcast. I’d heard Aluc’s name several times before, but it wasn’t until the last night of the FIRST conference in Vienna that I resolved to meet him. A friend heard I was going to BSides Vienna the next morning and made [...]Security Considerations for Infrastructure as a Service Cloud Computing Model
Updated: 2011-06-29 08:00:19This article takes a look at the requirements for a cloud computing solution.
Please donate me.
Updated: 2011-06-29 04:39:00Network Security Podcast, Episode 245
Updated: 2011-06-29 00:32:29Zach is still off earning a living or being otherwise distracted, so Rich and Martin keep it simple, stick to the security news, and roll through a handful of stories. And talk about doing some fun stuff at Defcon. Network Security Podcast, Episode 245, June 28, 2011 Time: 31:41 Show Notes: Defcon adds a kids [...]Update: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222, (Tue, Jun 28th)
Updated: 2011-06-28 21:22:18------ Johannes B. Ullrich, Ph ...(more)...Deja-Vu: Cisco VPN Windows Client Privilege Escalation, (Tue, Jun 28th)
Updated: 2011-06-28 21:14:39Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Window ...(more)...Update: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/, (Tue, Jun 28th)
Updated: 2011-06-28 21:07:14------ Johannes B. Ullrich, Ph ...(more)...Update: Google Chrome 12.0.742.112 released http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html, (Tue, Jun 28th)
Updated: 2011-06-28 21:06:03------ Johannes B. Ullrich, Ph ...(more)...DHS Unveils Security Scoring System for Software Flaws, Attack Vectors
Updated: 2011-06-28 20:05:19
The Common Weakness Scoring System will give organizations a way to determine the security and safety of software to create better applications. - The United States Department of Homeland Security unveiled a
detailed guide to help software developers and vendors avoid common security
errors in their applications.
Homeland Security's Cyber-Security Division worked with the
security training and research organization SANS Institute and the n...11 Internet Security Myths That Delude Computer Users
Updated: 2011-06-28 19:36:35IT Security Network Security News Reviews eWeek HOME NEWS REVIEWS STORAGE SECURITY DESKTOPS NOTEBOOKS MOBILITY Cloud Computing Biz Advisor BLOGS WHITE PAPERS WEBCASTS Security News Security Reviews Security Blogs IT Infrastructure Government IT Open Source Enterprise Networking Applications Videos All eWeek Topics Home IT Security Network Security News Reviews News Reviews 11 Internet Security Myths That Delude Computer Users IT Security Network Security News Reviews : 11 Internet Security Myths That Delude Computer Users Share By Fahmida Y . Rashid on 2011-06-28 Many surveys have highlighted the fact that end users are not security-conscious and do not think about the implications of their online activities , making them vulnerable to attack by cyber-criminals . A recent survey of nearlyUpdate: Opera 11.50 is now available http://www.opera.com/, (Tue, Jun 28th)
Updated: 2011-06-28 17:16:17------ Johannes B. Ullrich, Ph ...(more)...CTO’s Reading List: Four Articles You Should Read Today
Updated: 2011-06-28 14:42:24Four articles you should read today: "The Current State of Mobile Device Security," "Take a bow everybody, the security industry really failed this time," "It's Getting Awfully Lonely in PC Land," and my own "Three Lessons from the RSA Hack, from a Customer's Perspective."Tip: Beginner tutorial for SQL Injection by p00l_b0y
Updated: 2011-06-28 10:03:00Northrop Grumman Regularly Repels Advanced Attacks Seeking Sensitive Data
Updated: 2011-06-28 02:40:14Advanced persistent threats are a way of life for many defense contractors such as Northrop Grumman, who has been seeing regular attacks from various groups for several years. - Organized
hackers have been attempting to breach aerospace and defense company Northrop
Grumman for years to steal sensitive information, according to a Northrop
Grumman senior executive at the Gartner security summit.
The
APTs (advanced persistent threats) are designed to infiltrate networks a...Did LulzSec expose your (friend) passwords?
Updated: 2011-06-27 04:21:004 out of 5 CISOs Don't Scan for Off-Port Web Servers
Updated: 2011-06-27 04:11:00AnonOps Shell List Leaked
Updated: 2011-06-26 17:37:00AES encryption on your gmail message with Encipher It
Updated: 2011-06-26 08:17:00Proof-Of-Concept: Session Hijacking Facebook account with Wireshark and Tamper Data
Updated: 2011-06-26 06:40:00Howto: Output From Metasploit Console
Updated: 2011-06-26 03:35:00CNET Hacker Chart
Updated: 2011-06-25 17:42:00Protecting Against the Latest Federal Reserve Malware
Updated: 2011-06-24 04:00:21In the last 24 hours, eSoft has received a few reports of business networks being infected by the latest round of Federal Reserve malware being passed through email. After some quick investigation it turns out most of these infections were completely preventable using secure web filtering and real-time reputation analysis, however, these infected systems were the result of misconfigured systems. Let’s take a quick look at the threat first, and we’ll come back to how to prevent this threat on your network.Unified Vulnerability Management – From The Cloud to Agents
Updated: 2011-06-23 17:24:28
I have written a few articles regarding comments from analysts and found a recent one that needs more visibility. In a recent paper, the analyst stated that any enterprise vulnerability assessment deployment should have at least 2 of 3 following technologies deployed for full coverage while performing a vulnerability assessment: Network Based Vulnerability Assessment Scanner [...]Comparing the PCI, CIS and FDCC Certification Standards
Updated: 2011-06-23 17:10:47Kaspersky Security for Mail Server - Voted WindowSecurity.com Readers' Choice Award Winner - Email Anti Virus
Updated: 2011-06-23 09:00:06Another Certificate Authority Compromised: No Fake SSL Certificates Issued
Updated: 2011-06-23 05:15:27The fifth certificate authority to be hacked this year, StartSSL has suspended issuing its free SSL certificates indefinitely. - StartSSL,
a certification authority offering free SSL certificates, was compromised by
unknown attackers earlier this month. The company has suspended issuing
security certificates for Websites as a quot;defensive measure. quot;
Attackers
hit StartSSL on June 15, and the company suspended issu...SSL Analyzer: Scan SSL Of Website.
Updated: 2011-06-22 17:33:00Firewall and Boundary Auditing Best Practices
Updated: 2011-06-22 09:22:49Do you want to be Anonymous? Try this
Updated: 2011-06-22 08:12:00Well-Known SIDs for Windows Server 2008 R2 Active Directory
Updated: 2011-06-22 07:00:04
This article will discuss what a SID is. Then, it continues to discuss why some SIDs are well-known, and the concept and technology of SIDs.Acrylic DNS Proxy
Updated: 2011-06-22 04:11:00Network Security Podcast, Episode 244
Updated: 2011-06-22 01:42:02Martin is back from Vienna, but Zach is off in NYC. Thus Rich and Martin catch up, talk about the cloud security class and the rest of the security news. Martin is surprisingly coherent despite the jetlag. Some might argue that Zach is one of the few things that keep Martin and Rich from rambling [...]U.S. Congress Wants to Make Hacking Government Networks a Felony
Updated: 2011-06-21 22:45:59Congressional lawmakers are revisiting the request in the White House cyber-security proposal which would make hacking government Websites a felony. - Recent high-profile attacks, including attacks on
the CIA, the International Monetary Fund, a public network for the
United States Senate and defense contractors may be spurring the
government into pushing cyber-security legislation through Congress.
If the Obama administration gets its way, the...Dropbox Accidentally Turned Off Passwords on File Storage Service
Updated: 2011-06-21 22:28:44Due to a bug in the code, anyone around the world could access any Dropbox online storage account by typing in a random string as a password over a four-hour period. - Online storage service Dropbox accidentally turned off passwords for four hours, potentially exposing data belonging to its 25 million customers to unauthorized users.
The breach occurred when the company applied a code change at 4:54 p.m. EST on June 19 that caused problems with the authentication...OpenDNS Launches DNS-Based Malware Protection Service for Enterprises
Updated: 2011-06-21 22:02:04OpenDNS will detect and block all DNS requests to malicious servers as part of its malware protection service. - OpenDNS, the domain name resolution service, launched a
DNS-based malware protection service in its enterprise offering thats designed
to detect and block infected computers from communicating with
command-and-control servers.
This security service for enterprises will examine all DNS
activity ...Plugging Into Your Remediation Process
Updated: 2011-06-21 20:12:09My team and I have spoken with a number of analysts and have confirmed that the plethora of vulnerability assessment solutions on the market share a common trait and a common flaw, the shear volume of reports that can be created based on a vulnerability assessment. Every scan can lead to a myriad of hosts [...]Linux Boot Step.
Updated: 2011-06-21 18:22:00
</pEnglish Teen Accused of Hacking, Police Hint LulzSec Link
Updated: 2011-06-21 16:55:08A teenager in Essex, England was arrested for being part of DDOS attacks against major Websites. There are reports he may be part of the LulzSec hacking group. - British police arrested a teenager based in Essex, England,
who is accused breaching networks and launching distribute denial of service
attacks around the world. He may or may not be a part of the LulzSec hacking group.
The 19 year old was arrested at his home in Wickford, Essex,
on suspicion o...How Security Experts Dodge Scams, Malware Online
Updated: 2011-06-21 05:26:33, IT Security Network Security News Reviews eWeek HOME NEWS REVIEWS STORAGE SECURITY DESKTOPS NOTEBOOKS MOBILITY Cloud Computing Biz Advisor BLOGS WHITE PAPERS WEBCASTS Security News Security Reviews Security Blogs IT Infrastructure Government IT Open Source Enterprise Networking Applications Videos All eWeek Topics Home IT Security Network Security News Reviews News Reviews How Security Experts Dodge Scams , Malware Online IT Security Network Security News Reviews : How Security Experts Dodge Scams , Malware Online Share By Fahmida Y . Rashid on 2011-06-21 The headlines can get pretty terrifying . Facebook spam , malware on the Android Market , fake Microsoft Updates , drive-by-downloads , poisoned search results , and the list goes on and on . Just as wearing a seat belt in the carSCADA Vulnerabilities Patched in Industrial Control Software From China
Updated: 2011-06-21 01:30:40Security researcher Dillon Beresford uncovered two SCADA (supervisory control and data acquisition) vulnerabilities that would allow denial-of-service attacks and remote code execution. - A
security researcher discovered several vulnerabilities in industrial control
systems software from China that can be exploited remotely.
The
vulnerabilities can be used to knock out or take over SCADA (supervisory control
and data acquisition) systems from Chinese firm Sunway ForceControl Tec...Poisoned iCloud Search Results Lead to Fake Antivirus Pages
Updated: 2011-06-20 21:10:10Scammers are poisoning search-result terms for the iCloud keyword to direct users to a fake Windows antivirus. - Businesses and analysts
arent the only ones interested in Apples upcoming iCloud service. Scammers
are moving in on the action to deliver fake antivirus software.
Cyber-criminals have already
used black-hat search engine optimization techniques to poison search results
for the iCloud keyword,...Lulzsec + Anonymous = Operation Anti Security
Updated: 2011-06-20 16:09:00</pPassword Security Remains the Weakest Link Even After Big Data Breaches
Updated: 2011-06-19 16:23:25Organizations should be implementing several measures to prevent cyber-attackers from stealing sensitive, confidential data. - Despite repeated reminders to select strong passwords and not to reuse them across Websites and services, online users continue to be frighteningly lax in their password security, according to a recent analysis of leaked passwords.
Security experts recommend taking a multilayered approach to securi...Microsoft's Kinect SDK, Patch Tuesday, Phone Scam Pushback Marked Week
Updated: 2011-06-19 16:15:36Microsoft's week involved a giant Patch Tuesday, the release of Kinect for Windows SDK beta and alerts about a phone scam. - Microsofts relatively quiet week saw a significant Patch
Tuesday and a new phase of life for its popular Kinect hands-free game
controller.
Junes Patch Tuesday tackled some 24 bugs across 16
bulletins. It wasnt quite as big as Aprils session, but certainly covered a
lot of ground: in addition t...Conn. AG Says Facebook Facial Recognition Software Violates Privacy
Updated: 2011-06-18 08:52:20Connecticut state Attorney General George Jepsen wants a meeting with Facebook concerning its controversial use of facial recognition software for photo tagging, which advocates claim violates user privacy. -
Facebook has another foe in its effort to make tagging
friends easier with facial recognition software: Connecticut state Attorney
General George Jepsen.
Jepsen said June 16 he is concerned that consumer privacy
is being compromised by a feature that uses facial recognition to help the
Websi...Find Malware Site.
Updated: 2011-06-18 03:18:00
</a
Risky Business #198 - Tenable CEO Interview on Cybercrime Insurance
Updated: 2011-06-16 11:54:01Microsoft Patch Tuesday Roundup - June 2011
Updated: 2011-06-15 18:42:08: Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners StoreHunt Down and Kill Malware with Sysinternals Tools (Part 1)
Updated: 2011-06-15 08:00:06
This article is part one of a two-part series on using Sysinternals tools to manually detect and clean malware from a Windows system.Microsoft Patch Tuesday – June 2011
Updated: 2011-06-15 07:47:53Another even month, another huge security bulletin release by Microsoft. Those who took my advice and convinced their bosses to let them take vacation this month avoided 16 security bulletins – hopefully your co-workers will have them fully tested and deployed before you return. For those of us not sitting on a beach somewhere, there [...]Unified Vulnerability Management for Financial Organizations
Updated: 2011-06-14 17:58:16If you are in the financial sector, how are you protecting your financial systems from tampering? If you are the CEO or CFO you must ensure that you financial reports are accurate, delivered in a timely fashion, and do not contain any information that was tampered with. This requires securing critical information technology systems that [...]Considerations for DMZ, iSCSI and Private vDS on same ESXi/Cluster
Updated: 2011-06-13 22:16:26Before we start on this topic, a disclaimer here: This is not the only configuration that can be used for vDS switches that is used to connect to a DMZ, iSCSI and Public networks. This is merely a configuration that...Howto: Find free proxy with Google Search
Updated: 2011-06-13 14:02:00Sony Breach All [2011-04 - Now]
Updated: 2011-06-13 05:52:00My blog in mobile version
Updated: 2011-06-11 02:09:00Metasploit Unleashed in PDF Format
Updated: 2011-06-10 19:25:00Detection shell backdoor on Web Server
Updated: 2011-06-10 02:29:00Security and the Cloud
Updated: 2011-06-08 23:37:26When enterprise applications and services migrate from the physical data center, organizations begin to lose visibility and control as the shared infrastructure model of the cloud forces IT to give up their traditional control over the network and system resources. As a result, many organizations and cloud providers will tell you that security continues to [...]The Advanced Persistent Threat - What Is It and How Does It Affect Me?
Updated: 2011-06-08 07:00:15Network Security Podcast, Episode 243
Updated: 2011-06-07 16:30:50We blame Rafal Los for this week’s podcast. He was looking for someone to host a discussion on which is easier to learn, the business side of the business or the security side of the business. And he had a cast of characters he wanted discuss it with. Being a well know sucker for these [...]My campaign to replace APT with STFU
Updated: 2011-06-03 21:03:25I don’t know about you, but I’m tired of the term Advanced Persistent Threat. Every time I see “APT”, I cringe and a little part of my soul dies. So I decided that I never need to see APT on a web page again, I’ve created a little Greasemonkey script that replaces “APT” with “STFU” [...]