uclibc-ng and uclibc 'memset.S' Remote Code Execution Vulnerability
 
Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
 
Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
 
Apache HTTP Server CVE-2015-3183 Security Vulnerability
 
cURL/libcURL 'smb_request_state()' Function Security Vulnerability
 
Apple Mac OS X APPLE-SA-2016-07-18-1 Multiple Security Vulnerabilities
 
Schneider Electric SoMachine HVAC-Application ActiveX Control Remote Code Execution Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

I know many people that like password cracking. Or that would like to try it out.

Thats why I published an Active Directory database file to practise hash extraction and password cracking. You can find it here.

If you know other resources to practise hash extraction and password cracking, please post a comment.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

A conceptual rendering of a “battery case” style Introspection Engine for an iPhone 6. (credit: https://www.pubpub.org/pub/direct-radio-introspection)

Mobile devices have without a doubt brought convenience to the masses, but that benefit comes at a high price for journalists, activists, and human rights workers who work in war-torn regions or other high-risk environments. Now, NSA whistleblower Edward Snowden has designed an iPhone accessory that could one day be used to prevent the devices from leaking their whereabouts.

Working with renowned hardware hacker Andrew “Bunnie” Huang, Snowden has devised the design for what the team is calling the "Introspection Engine." For now, it's aimed only at iPhone 6 models, but eventually the pair hopes to create specifications for a large line of devices. Once built, the "field-ready" accessory would monitor various radio components inside the phone to confirm they're not transmitting data when a user has put the device into airplane mode. The hardware is designed to be independent from the mobile device, under the assumption that malware-infected smartphones are a fact of life in high-risk environments.

Detecting intoxicated smartphones

"Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface," Huang and Snowden wrote in a blog post published Thursday. "Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive."

Read 3 remaining paragraphs | Comments

 
Mozilla Network Security Services CVE-2016-1938 Weak Encryption Multiple Security Weaknesses
 
OpenSSL CVE-2015-1790 Denial of Service Vulnerability
 
CVE-2016-5399: php: out-of-bounds write in bzread()
 
Internet Storm Center Infocon Status