Posted in links on February 28, 2007 | No Comments »
I read a blog posting by Ed Finkler “Do Open Source Devs Get Web App Security? Does Anybody?“.
In it he described disturbing statements contained in one of Open Source Content Management System :
A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing documents [...]
Posted in guides on February 23, 2007 | No Comments »
I just found out that OWASP has released “The OWASP Testing Guide v2″ on February 10, 2007.
You can read the guide online at Testing Guide v2 Wiki or you can download it in PDF format.
Posted in tools on February 23, 2007 | No Comments »
Tenable has released Nessus 3.1.2 for Linux, FreeBSD and Solaris which is a beta version of the upcoming Nessus 3.2.
Nessus 3.2 contains the following new features :
- Experimental IPv6 support- Improved bandwidth throttling- Extended nessusd.rules to add support for ports and plugins- New command ‘nessuscmd’ which lets you do a quick command-line scan- Improved [...]
Posted in guides, links on February 22, 2007 | No Comments »
NIST have released a new publication (SP800-94) that covers just about everything you can think of when it comes to IDS and IPS. The report is titled “Guide to Intrusion Detection and Prevention Systems (IDPS)“.
Posted in articles, links on February 22, 2007 | No Comments »
Dheera Venkatraman has published an article describing how to attack blurring image to conceal information.
In the article, he describes :
Undoubtedly you have all seen photographs of people on TV and online who have been blurred to hide faces.
For the most part this is all fine with peoples’ faces as there isn’t a convenient way to [...]
Posted in general, hacks on February 22, 2007 | No Comments »
I just found out the following news :
Malicious JavaScript placed on web sites could be used to change DNS settings on home routers that are still using default passwords. Once the change has been made, the next time the router is rebooted, the user would be redirected to spoofed, possibly malicious web sites. [...]
Posted in links on February 22, 2007 | No Comments »
The National Institute of Standards and Technology (NIST) has released two new information security documents.
NISTIR 7359, “Information Security Guide for Government Executives,” is designed to “assist senior leaders in understanding how to oversee and support the development and implementation of information security programs.”
NISTIR 7358, “Program Review for Information Security Management Assistance (PRISMA)” [...]
Posted in vulnerabilities on February 20, 2007 | No Comments »
I just found out about the vulnerability in Snort DCE/RPC Preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary.
It affected the followings :
Snort 2.6.1, 2.6.1.1, and 2.6.1.2
Snort 2.7.0 beta 1
Recommended Actions:
Open-source Snort 2.6.1.x users are advised to upgrade [...]
Posted in hacks on February 15, 2007 | No Comments »
In my previous blog (Testing Snort 2.7.0 Beta 1) , I described about my endeavour to install Snort 2.7.0Beta1. After successfully install Snort, I want to create a simple IDS rule and use my Snort as a simple IDS.
To test Snort as an IDS, first I created a simple rule like the following :
Then I [...]
Posted in tools on February 12, 2007 | No Comments »
Feature Overview :
Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications
Runs through your browser. No installation or download is required.
The Secunia Software Inspector covers the most common/popular end user applications:
Internet browsers
Internet browser plugins
Instant messaging clients
Email clients
Media players
Operating systems
You can find it here.
