News Bytes - May by corrupt
-
Upload
nu-the-open-security-community -
Category
Technology
-
view
977 -
download
0
description
Transcript of News Bytes - May by corrupt
![Page 1: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/1.jpg)
C () r r |_| p -|- NewsBytes
![Page 2: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/2.jpg)
![Page 3: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/3.jpg)
Pacman on google.com is playable (when click on insert coin). :P
AWESOME !!!!
![Page 4: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/4.jpg)
A hacker, who calls himself “ins3cted”, has demonstrated to Webwereld via video how by exploiting a simple SQL injection, he can retrieve 168,000 personal records from a Dutch website called Experience the OV (http://www.ervaarhetov.nl).
Hopefully this incident will raise much needed awareness around the world of the need to ensure secure development and web application penetration tests
The video is available from the following URL; http://webwereld.nl/nieuws/66012/ov-site-lekt-persoonlijke-data-168-000-reizigers.html
Oops, SQL Injection Did it Again !!!
![Page 5: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/5.jpg)
AusCERT, Australia's premier information security event on the Gold CoastIn an email, IBM advised visitors to its AusCERT
booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine.
Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.
"The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.
http://www.itnews.com.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx
IBM unleashes virus on AusCERT delegates
![Page 6: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/6.jpg)
US security software vendor Symantec has reached an agreement to acquire VeriSign's web
security business.Symantec has agreed to pay approximately $1.28 billion
in cash for VeriSign's identity and authentication business assets.
Symantec will take over the company's Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. According to Symantec, the deal is expected to close in "the September quarter
More details about the acquisition can be found in slides and a press release from Symantec.
Symantec acquires VeriSign's web security business
![Page 7: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/7.jpg)
vulnerability count of 40 vulnerabilities, which is nearly as much as disclosed during the whole Month of PHP Bugs in 2007
For those that don't already know you can follow the Month of PHP Security on Twitter, too. Just follow @mops_2010
http://www.php-security.org/
May – Month of PHP Bugs
![Page 8: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/8.jpg)
This codelab is built around Jarlsberg, a small, cheesy web application that allows
its users to publish snippets of text and store assorted files. "Unfortunately," Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general.
Jarlsberg - A Codelab by Bruce Leban, Mugdha Bendre, and Parisa Tabriz
![Page 9: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/9.jpg)
http://jarlsberg.appspot.com
![Page 10: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/10.jpg)
John Shepherd-Barron – ATM Inventor
India-Born Scottish inventor
ATM inspired by Vending Machines
also invented the PIN number
(23 June 1925 – 15 May 2010) 84
![Page 11: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/11.jpg)
Metasploit now has 551 exploit modules and 261 auxiliary modules (from 445 and 216 respectively in v3.3)
Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (400K lines of Ruby)
Over 100 tickets were closed since the last point release and over 200 since v3.3
http://blog.metasploit.com/2010/05/metasploit-framework-340-released.html
Metasploit 3.4.0 Released
![Page 12: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/12.jpg)
A commercial Metasploit Express variant by Rapid7 has been released at the same time. It offers a graphical user interface, is said to be more user friendly and simplifies report generation. Rapid7 offers a free 14-day trial licence and a full Metasploit Express licence costs $3,000 per year.
Metasploit Express
![Page 13: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/13.jpg)
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
To download Metasploitable, you can pick up the torrent on the Express Community site. If you are an Express customer, you can pick up a direct HTTP download from the Customer Center. See the README.txt here for additional information, but be aware, there are spoilers in it.
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Metasploitable
![Page 14: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/14.jpg)
![Page 15: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/15.jpg)
Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.
Bizploit Opensource ERP Penetration Testing framework released
![Page 16: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/16.jpg)
Right click and start busting!
http://www.sittinglittleduck.com/DirBuster-1.0-RC1.xpi
Dirbuster Firefox Plugin
![Page 17: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/17.jpg)
makes firefox can't make texts into body element and then it crashed.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
Firefox 3.6.3 memory exhaustion crash vulnerabilities
![Page 18: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/18.jpg)
http://www.nirsoft.net/utils/router_password_recovery.html
New password recovery tool for router files
![Page 19: News Bytes - May by corrupt](https://reader036.fdocuments.in/reader036/viewer/2022081413/549f6f1eac795910768b4a4c/html5/thumbnails/19.jpg)
THANK YOU