security

< tech <
TwitterFacebook
Get flash to fully experience Pearltrees
ReAssure is written in Ruby and Python. Ruby is used for cgi scripts, and python for the management of the experimental switch and PCs. Scripts are organized hierarchically based on the SQL tables they affect; click on an item on the sidebar menu for details. The software is available for download according to the terms of the following license: The Purdue University CERIAS ReAssure Project Copyright (c) 2006-2009 Purdue University All rights reserved. http://projects.cerias.purdue.edu/reassure/Software/

ReAssure Project Home Page

coms

Since October 2011 we watch this affiliate system. Money Racing AV , a private PPS ( Pay-Per-Sale ) affiliate who spread actively fake antispywares (rogue). We have already seen this gang active in August 2009: A recent tour of scareware XII .Advertising can be found on various russian underground communities: The money racing gang operate from moneyracing.ru . And are know to for spread scarewares who have this type of graphical user interface: Money Racing website login: http://malwareint.blogspot.com/

Malware Intelligence Blog. A division of MalwareIntelligence

Security Research by Alexander Sotirov

Feb 9, 2011 This year Dino Dai Zovi and I are teaching our Assured Exploitation class again at the CanSecWest conference. This is a two day training on March 7-8, focusing on on the advanced exploitation techniques required for developing state of the art exploits for the latest Windows 7 systems. http://www.phreedom.org/
http://www.darknet.org.uk/ Introduction It’s been a while since we’ve mentioned this course, of course since we mentioned it back in May 2010 – eLearnSecurity – Online Penetration Testing Training – eLearnSecurity has been making continuous improvements to the course-ware and the subject matter. The crew over at eLearnSecurity has drastically improved the overall course material, and if you are familiar with the first iteration you can see they’ve put a lot of effort into it. Whats New With v2 There’s a lot of new stuff 4 hours of new up to date videos, 800 new slides and even completely new modules – with a makeover on all material.

Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security

http://blog.skeptikal.org/

Skeptikal.org

Last fall I wrote a bit about cross-subdomain cookie attacks . As often as I come across more uses for them, I think that they are a much more serious issue than most people (myself included) have made them sound. Today, I came across a variant which I'd theorized about in the past, but never bothered to find in the wild, and I think it merits some attention.
http://packetstormsecurity.org/ This Metasploit module exploits a vulnerability found in Dolibarr ERP/CRM's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input given to the sql_compat parameter, which allows a remote authenticated attacker to inject system commands into it, and then gain arbitrary code execution.

.:[ packet storm ]:. - http://packetstormsecurity.org/

Skywing In August 2008 Verizon Wireless released a firmware upgrade for their xv6800 (rebranded HTC Titan) line of Windows Mobile smartphones that provided a number of new features previously unavailable on the device on the initial release firmware. In particular, support for accessing the device's built-in Qualcomm gpsOne assisted GPS chipset was introduced with this update. However, Verizon Wireless elected to attempt to lock down the GPS hardware on xv6800 such that only applications authorized by Verizon Wireless would be able to access the device's built-in GPS hardware and perform location-based functions (such as GPS-assisted navigation). The mechanism used to lock down the GPS hardware is entirely client-side based, however, and as such suffers from fundamental limitations in terms of how effective the lockdown can be in the face of an almost fully user-programmable Windows Mobile-based device. http://www.uninformed.org/

Uninformed - vol 10

Black Hat ® Technical Security Conference // Archives

http://www.blackhat.com/html/archives.html Speaker presentations and materials are put on-line generally two weeks after the event. Audio and video are generally available 6-9 months after the conference. If a speaker is listed on the conference page, but their speech is not present here it generally means there is no available audio, video or materials. Archive pages are collected by event, then divided by year. Looking for media, speakers and briefing info? Each link here takes you to the event microsite where you can find all event information.

HackerspaceWiki

http://hackerspaces.org/wiki/ Call-in - Call-ins provide an opportunity for existing hackerspaces to provide an update and highlight upcoming events, and new/planned hackerspaces can ask questions. First Sunday each month. Synchronous Hackathon - Hackerspaces worldwide use the internet to interact and hack for the weekend. Third weekend each month. Global Hackerspace Hackathon Challenges - Each month, we'll come up with a challenge for all hackerspaces around the world to participate in during their Global Synchronous Hackathon . The challenge will be decided and discussed on the Call-in .
http://www.defcon.org/

DEF CON® Hacking Conference - The Hacker Community's Foremost So

We'd like to announce that the price for DEF CON 20 will be $200 USD. What will we do with our ill-gotten gains, you may ask? We're going to make the 20th anniversary of DEF CON one to remember.