Create an Account
username: password:
 
  MemeStreams Logo

Security Reads's MemeStream

search

Security Reads
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Security Reads's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
TippingPoint | DVLabs | MOBOTS: WeatherFist Exposed
Topic: Miscellaneous 10:51 am EST, Mar 11, 2010

MOBOTS: WeatherFist Exposed

* By Daniel Tijerina
* Wed 10 Mar 2010 11:41am
* 266 Views
* 0 Comments
* Link

Last week, San Francisco was kind enough to play host to the annual RSA Security Conference. As you may remember from Jason Avery's last post, several TippingPointers were on-hand for the festivities.

TippingPoint | DVLabs | MOBOTS: WeatherFist Exposed


Hex blog: Preview of the new cross-platform IDA Pro GUI
Topic: Miscellaneous 10:43 am EST, Mar 11, 2010

Preview of the new cross-platform IDA Pro GUI

In order to provide our customers with the best user experience and in order to target many different platforms, the IDA Pro graphical user interface is currently being rewritten using the Qt technology.

Hex blog: Preview of the new cross-platform IDA Pro GUI


BlackHat-DC-2010-Bailey-Neat-New-Ridiculous-flash-hacks-slides.pdf (application/pdf Object)
Topic: Miscellaneous 10:38 am EST, Mar 11, 2010

This is ok, I guess.

BlackHat-DC-2010-Bailey-Neat-New-Ridiculous-flash-hacks-slides.pdf (application/pdf Object)


Testing and Validation of Network Security Devices — BreakingPoint
Topic: Miscellaneous 9:31 pm EST, Mar 10, 2010

2010-03-01
Testing and Validation of Network Security Devices

While catching up on security news and blogs the other day, I came across a blog post from ICSA Labs entitled "Why a Test Lab Needs to be Wary of Commercial Exploit Packet Captures" and thought that it would be a good conversation starter to inform our readers about how BreakingPoint approaches developing test cases for security device testing, our methodology behind why we develop our test cases the way we do, and the thought processes and conclusions behind those decisions.

Pretty good overview of how BreakingPoint devices work.

Testing and Validation of Network Security Devices — BreakingPoint


VRT: APT: Should your panties be in a bunch, and how do you un-bunch them?
Topic: Miscellaneous 5:08 pm EST, Mar 10, 2010

Tuesday, March 9, 2010
APT: Should your panties be in a bunch, and how do you un-bunch them?
There is no more predictable group of people than marketers. Once a term reaches a certain tipping point, they grab onto it for dear life and choke it until it means nothing. Apparently, the Advanced Persistent Threat (APT) hit that point somewhere around December. Despite the term being used by the defense industrial base for years, it wasn’t until this year that firms really started pounding the “Come to us my children, only we can save you from death by APT” drum.

I agree with the first portion re: marketing. The rest is kinda, blah.

VRT: APT: Should your panties be in a bunch, and how do you un-bunch them?


Operation Aurora
Topic: Miscellaneous 6:48 pm EST, Mar  8, 2010

The news was alive in January 2010 with talk of how Google was thinking of a new approach to China, possibly including to withdraw its business, after what was said to be a “highly sophisticated and targeted attack on our corporate infrastructure originating from China” in December 2009. Early technical analysis, including to publish that the attack exploits a vulnerability in Internet Explorer that had been unknown to the security industry, seems to have been in the hands of MacAfee, whose page Operation Aurora Hit Google, Others christens the attack and has George Kurtz effusing that “the world has changed” and that “everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats”.

Great IE Internals discussion of the Aurora bug

Operation Aurora


Confusion about Opera vulnerability - Blog - Blog & News - Company
Topic: Miscellaneous 6:34 pm EST, Mar  8, 2010

The vulnerability was reported as an integer overflow when processing the "Content-Length" header and accompanied by a PoC that always crashed when copying memory due to an overly large size. Based on the provided PoC and report, it immediately seemed like the crash would always occur and executing code would not be possible.

Secunia gives you the straight dope.

Confusion about Opera vulnerability - Blog - Blog & News - Company


As Memory Protections Advance, Exploits Stay a Step Ahead | threatpost
Topic: Miscellaneous 10:52 am EST, Mar  8, 2010

SAN FRANCISCO--Despite years of efforts by software security teams at major vendors to harden the operating systems and browsers that are the most common targets of attackers, exploitation of new as well as older vulnerabilities is still simpler than many people might think.

As Memory Protections Advance, Exploits Stay a Step Ahead | threatpost


Microsoft BlueHat Blog : Parser Central: Microsoft .NET as a Security Component
Topic: Miscellaneous 9:13 am EST, Mar  8, 2010

Thursday, March 04, 2010 7:44 AM BlueHat
Parser Central: Microsoft .NET as a Security Component

During the past decade or so, a significant portion of the computer industry has set out in a quest for secure software. That this sizable force of smart people with all their resources and market power has not yet brought us a secure and safe computing experience, should be an indication that this task is not something you can just turn around and do.

Great guest-blog by FX. I couldn't agree more.

Microsoft BlueHat Blog : Parser Central: Microsoft .NET as a Security Component


Skypher · ASPsh – A remote shell written in ASP.
Topic: Miscellaneous 9:03 am EST, Mar  8, 2010

ASPsh – A remote shell written in ASP.

Skypher · ASPsh – A remote shell written in ASP.


(Last) Newer << 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0