News Bytes - May by corrupt

C () r r |_| p -|- NewsBytes

Pacman on google.com is playable
(when click on insert coin). :P
AWESOME !!!!

A hacker, who calls himself “ins3cted”, has demonstrated to Webwereld via video how by exploiting a simple SQL injection, he can retrieve 168,000 personal records from a Dutch website called Experience the OV (http://www.ervaarhetov.nl).
Hopefully this incident will raise much needed awareness around the world of the need to ensure secure development and web application penetration tests
The video is available from the following URL; http://webwereld.nl/nieuws/66012/ov-site-lekt-persoonlijke-data-168-000-reizigers.html
Oops, SQL Injection Did it Again !!!

AusCERT, Australia's premier information
security event on the Gold Coast
In an email, IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine.
Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.
"The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.
http://www.itnews.com.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx
IBM unleashes virus on AusCERT delegates

US security software vendor Symantec
has reached an agreement to acquire VeriSign's web security business.
Symantec has agreed to pay approximately $1.28 billion in cash for VeriSign's identity and authentication business assets.
Symantec will take over the company's Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. According to Symantec, the deal is expected to close in "the September quarter
More details about the acquisition can be found in slides and a press release from Symantec.
Symantec acquires VeriSign's web security business

vulnerability count of 40 vulnerabilities, which is nearly as much as disclosed during the whole Month of PHP Bugs in 2007
For those that don't already know you can follow the Month of PHP Security on Twitter, too. Just follow @mops_2010
http://www.php-security.org/
May – Month of PHP Bugs

This codelab is built around Jarlsberg,
a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general.
Jarlsberg - A Codelab by Bruce Leban, MugdhaBendre, and Parisa Tabriz

http://jarlsberg.appspot.com

John Shepherd-Barron – ATM Inventor
India-Born Scottish inventor
ATM inspired by Vending Machines
also invented the PIN number
(23 June 1925 – 15 May 2010) 84

Metasploit now has 551 exploit modules and 261 auxiliary modules (from 445 and 216 respectively in v3.3)
Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (400K lines of Ruby)
Over 100 tickets were closed since the last point release and over 200 since v3.3
http://blog.metasploit.com/2010/05/metasploit-framework-340-released.html
Metasploit 3.4.0 Released

A commercial Metasploit Express variant by Rapid7 has been released at the same time. It offers a graphical user interface, is said to be more user friendly and simplifies report generation. Rapid7 offers a free 14-day trial licence and a full Metasploit Express licence costs $3,000 per year.
Metasploit Express

Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
To download Metasploitable, you can pick up the torrent on the Express Community site. If you are an Express customer, you can pick up a direct HTTP download from the Customer Center. See the README.txt here for additional information, but be aware, there are spoilers in it.
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Metasploitable

Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.
BizploitOpensource ERP Penetration Testing framework released

Right click and start busting!
http://www.sittinglittleduck.com/DirBuster-1.0-RC1.xpi
Dirbuster Firefox Plugin

makes firefox can't make texts into body element and then it crashed.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
Firefox 3.6.3 memory exhaustion crash vulnerabilities

http://www.nirsoft.net/utils/router_password_recovery.html
New password recovery tool for router files

THANK YOU

News Bytes - May by corrupt

by n|u - The Open Security Community on May 27, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

2 Embeds 57

Statistics

News Bytes - May by corrupt — Presentation Transcript

http://null.co.in	52
http://www.slideshare.net	5