Tuesday, August 19th, 2008
As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS - at last a decent and free Vulnerability Scanner!OpenVAS ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Monday, August 11th, 2008
Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. I’ve been working with two banks ...
Posted in Internet, Linux, Networking, Privacy, Security, Windows | No Comments
Sunday, August 10th, 2008
Microsoft is to release fixes for a dozen serious vulnerabilities next Tuesday, seven of them ranked critical. But the firm has also announced a three-stage process to reducing the effects of future vulnerabilities.Next week’s update (the regular ‘Patch Tuesday’ release which comes in the second week of each month) includes ...
Posted in General BS, Security, Windows | No Comments
Sunday, August 10th, 2008
At the Black Hat conference in Las Vegas on Thursday, Eric Filiol, the head scientist at the French Army Signals Academy's Virology and Cryptology Lab, explained how to steal data from a computer without a network connection.Filiol demonstrated what he called the Windows Jingle Attack, a method for encoding a ...
Posted in General BS, Security, Windows | No Comments
Sunday, August 10th, 2008
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.This all led to a mad dash to patch DNS servers worldwide, ...
Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
