A+ R A-

Week 10 in Review – 2010

Events Related: RSA related posts Chattin’ With the Boss: “Securing the Network” (Waiting For the Jet Pack) rationalsurvivability.com RSA Interview (c/o Tripwire) On the State Of Information Security In Virtualized/Cloud Environments. rationalsurvivability.com RSAC2010: ISC2 mckeay.net Pics from the RSA Codebreakers Bash tripwire.com Videos from the RSA Codebreakers Bash – Spinning and Hoops tripwire.com RSA Conference 2010 Recap [...]

Resources:

Tools:

  • SAHI – Web Automation & Application Security Testing Tool – sahi.co.in
    Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications.
  • Plecost v0.2.2-7 – iniqua.com
    Wordpress finger printer tool to search and retrieve information about the plugins versions installed in Wordpress systems.
  • OpenSCAP v0.5.7 – scap.nist.gov
    The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas.
  • Flint v1.0 – runplaybook.com
    Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.
  • Samhain v2.6.3 – la-samhna.de
    The update includes fixes for email code regression.
  • Beltane v2.3.19 -  la-samhna.de
    Fixes for Oracle database paths were included here.
  • Vordel SOAPbox – vordel.com
    SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes.
  • S-E Ninja v0.1 Beta – brokenpixel.com
    S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
  • Sniff-n-Spit v1.0 – andlabs.org
    It sniffs for HTTP packets from the client to server and forwards them to your favorite proxy.
  • Imposter v0.9 – andlabs.org
    Imposter is a flexible framework to perform Browser Phishing attacks.

Techniques:

Vulnerabilities:

  • Apache bug prompts update advice – zdnet.com.au
    Sense of Security has discovered a serious bug in Apache’s HTTP web server, which could allow complete control of a database.

Vendor/Software Patches:

  • Apple Plugs 16 Safari Security Holes – threatpost.com
    The Safari 4.0.5 update fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged site.

Other News:



Read Full Article

Got News?

Popular

Get email updates