Hackin9

InfoSec News


My Infosec Wish for 2013: A Balanced Cyberwarfare Debate
SYS-CON Media (press release) (blog)
Cybersoldiers I can already hear the chuckling. “Cyber warfare? Balanced? And I'd like partisanship in Washington to end, a double date with Mila Kunis and Scarlett Johansson, and some fries with that!” Yes, my desire is utopian, but the fact that I ...

 



Kick off the New Year by solving a hands-on adventure to fire up any dulled brain cells, lulled in to hibernation over the last few weeks festivities.



Ed Skoudis and Tim Medin created a fun, hands-on technical challenge providing a wonderful piece of learning and a number of marvellous trials to understanding uncover flaws in web applications. We, the defenders, need to understand the attackers approaches in seeking chinks in web application this mischievously engaging, and possibly enraging, puzzle helps build our skills.



Without further to-do, leap forth and battle Mr Skoudis and Medins Holiday Challenge:




http://pen-testing.sans.org/holiday-challenge/2012



Not sure what tools to use to get started understanding the nooks and crannies of the web applications? Kevin Johnstons, fellow ISC Handler, Samurai Web Testing Framework - a LiveCD focused on web application testing - is a perfect companion for this adventure.



Have fun learning and practicing!



Setting up WTF Samurai on VMware:

http://blog.taddong.com/2012/09/how-to-create-samuraiwtf-20-virtual.html



[1] WTF Samurai download http://sourceforge.net/projects/samurai/

Ps the password for WTF Samurai is samurai [2]

[2] In case you forget: http://www.whatisthesamuraipassword.com/





Chris Mohan --- Internet Storm Center Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has released a quick fix for a vulnerability in older versions of its Internet Explorer browser that is actively being used by attackers to take over computers.
 
CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability
 
AthCon 2013 CFP OPEN
 
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
 
CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities
 
When analysing an infected web page, security experts discovered a critical hole in IE that allows attackers to inject malicious code. Microsoft have confirmed the hole and a metasploit module already exists
 
Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities
 

Microsoft made a Fix It available for the currently unpatched vulnerability in Internet Explorer 6,7,8. Fix Its are not a patch, but an easy method to apply workaround configuration changes. At this point, it is highly recommended to apply the Fix it if you cant upgrade to Internet Explorer 9 or 10 or if you havnet already applied one of the workarounds. The Fix It will not conflict with the final patch.

http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Before diving into what's sure to be another rollercoaster year in IT, take a moment to retool your personal and professional priorities with some of our most insightful tech management articles.
 
grep CVE-2012-5667 Remote Integer Overflow Vulnerability
 
Ruby on Rails CVE-2012-5664 Multiple SQL Injection Vulnerabilities
 
Internet Storm Center Infocon Status