(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Wonderware Information Server CVE-2014-2381 Weak Encryption Security Weakness
The Pwn Pro, Pwnie Express' newest network penetration tool, is designed to provide long-term persistent testing of an organization's information security.
Sean Gallagher

At Black Hat and Def Con earlier this month, the penetration testing tool makers at Pwnie Express unveiled two new products aimed at extending the company's reach into the world of continuous enterprise security auditing. One, the Pwn Pro, is essentially a souped-up version of Pwnie Express' Pwn Plug line of devices; the other, Pwn Pulse, is a cloud-based software-as-a-service product that provides central control of a fleet of Pwn Pro “sensors.” Combined, the two are a whitehat’s personal NSA—intended to discover potential security problems introduced into enterprise networks before someone with malevolent intent does.

While Ars was given a brief look at the new products in Las Vegas, we’ll be conducting a more intensive, full review of Pwn Pro and Pwn Pulse in the near future. Rest assured that our review will be heavily informed by our experience with the Pwn Plug 2. But despite our somewhat brief experience with the new products, it’s not a stretch to say that they are a significant upgrade to Pwnie’s previous capabilities.

First, some full disclosure: Ars has worked in the past with Pwnie Express Chief Technology Officer Dave Porcello. Specifically, Porcello helped us turn a Pwn Plug R2 into a miniature deep packet inspection machine during our collaboration with NPR. After that experience, we purchased a Pwn Plug R2 of our own to continue to perform vulnerability testing in our own lab. That means we have more than a passing familiarity with the team behind the Pwn products, but it also means we’ve put some mileage on the technology that underlies them as well.

Read 12 remaining paragraphs | Comments

ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability

Posted by InfoSec News on Aug 26


By Violet Blue for Zero Day
ZDNet News
August 26, 2014

At no time in history has there been a greater need to hire security
professionals to protect and defend infrastructures from an inexhaustible
onslaught of organized crime, industrial espionage, and nation-state

A small talent pool, an inflated wage bubble and the high...
Cisco IOS XR Software Packet Parsing CVE-2014-3335 Denial of Service Vulnerability

Posted by InfoSec News on Aug 26


By Ryan Gabrielson, ProPublica and Andrew Becker, Center for Investigative
Reporting, illustration by David Sleight, ProPublica
August 26, 2014

LIZHONG FAN’S DESK WAS AMONG A CROWD of cubicles at the Arizona Counter
Terrorism Information Center in Phoenix. For five months in 2007, the
Chinese national and computer programmer opened his laptop and enjoyed
access to a wide range of sensitive...

Posted by InfoSec News on Aug 26


26 August 2014

Hackers attacked Sony's PlayStation Network and apparently disrupted the
travel plans of a top company executive by going on Twitter to suggest
that there was a bomb on his American Airlines plane.

American cut short the Sony Corp. executive's flight on Sunday and made an...

Posted by InfoSec News on Aug 26

Forwarded from: Hazel Ann <hazel.sdiwc (at) gmail.com>

November 17-19, 2014
Asia Pacific University of Technology and Innovation (APU), Kuala Lumpur,


All registered papers will be included in the publisher's Digital Library.
The conference aims to enable researchers build connections between different

Posted by InfoSec News on Aug 26


By George V. Hulme
Aug 25, 2014

If you don’t understand the capabilities and motivations of your
adversaries – you can’t expect to be very successful in managing your
relationship with them, negotiating, or defending against their

This is especially true today when it comes to...
Chinese authorities say Microsoft has yet to fully comply with the government's antimonopoly investigation, and they want more information about its media player and Web browser distribution.
U.S. data centers use more electricity than they need, a new report finds, and IT managers are too cautious about managing power and businesses are unwilling to invest in energy conservation.
php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
Ubisoft Uplay Insecure File Permissions Vulnerability
innovaphone PBX CVE-2014-5335 Multiple Cross Site Request Forgery Vulnerabilities
OpenVPN PrivateTunnel 'ptservice' Service Local Arbitrary Code Execution Vulnerability
Drupal Social Stats Module HTML Injection Vulnerability
Chinese authorities say Microsoft has yet to fully comply with the government's anti-monopoly investigation, and want more information about its media player and Web browser distribution.
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification
ntopng 1.2.0 XSS injection using monitored network traffic
[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
HTML Purifier 'HTMLPurifier_URIFilter_Munge' Class Security Bypass Vulnerability
HP Service Manager CVE-2014-2634 Unspecified Remote Unauthorized Access Vulnerability
Internet Storm Center Infocon Status