Hacker Highschool - Security Awareness for Teens HackinGeeK - The ethical hacking dojo ZMap · The Internet Scanner - Vimperator Top 10 Web hacking techniques of 2010 revealed Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting. Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key. That reduces the number of unknown bytes to a small enough number to be guessed. The developers of the hack -- Juliano Rizzo and Thai Duong -- have developed a tool for executing the hack. Here are the rest of the top 10 Web hacks voted in the competition: 2. 3. 4. 5. 6.
Forensics Wiki Dark Reading | Security | Protect The Business - ... The Hacker News - Security in a Serious way DARKSIDE RG Tech Insight: Making The Most Of Open-Source Forensics Tools Emerging offerings can turn network forensics into a low-cost, do-it-yourself security project A Special Analysis for Dark Reading Network forensic solutions come in many different shapes, sizes, and price ranges, but in the end they all have the same goal: recording activity on the network. As IT budgets tighten with the economy, it might be time for your organization to take a closer look at a do-it-yourself approach to forensics that leverages free and open-source tools. While your CFO might love the price of these tools, it may be difficult to "sell" them to your IT management. Most IT executives want someone to point a finger at when a product breaks, and many want 24x7 support. But don't let the support question turn you away. Making the case to build your own network forensics capabilities often means highlighting the shortcomings of your company's existing tools. Network forensic tools also fill in the blanks when performing internal investigations. Have a comment on this story?