Security
OSSEC: Agentless to save the day
OSSEC is a Host Intrusion detection system (HIDS) in name, but in reality it is far more. It’s able to look for rootkits, monitor logs (LIDS), and even actively respond to defined events. While all these features are great the unsung hero is agentless monitoring.
Replace watch.swf with warp.swf on YouTube
If you replace watch.swf with warp.swf in a url on youtube, a new application shows up that dynamically opens up new nodes of related videos. Its both interesting and bizarre, anda good way to burn five minutes: Youtube Warp.
The Barack Obama Donations Site was Hacked…err, no it wasn’t.
This morning a security researcher identified that he was able to carry out a successful SQL Injection attack against donate.barackobama.com, the official campaign donation site of current President Barack Obama, and gain access to credentials such as user names and passwords for persons who have donated to the Obama campaign, as well as administrative user credentials. On his blog he goes on to postulate the further attack possibilities with admin access such as web site defacement, uploading phpshells, and so forth. The problem is that the researcher Unu didn’t find an SQL injection site on donate.barackobama.com, he found one on a calendar application at Roosevelt University. In the process of finding out how that would be possible, a real web site vulnerability on the Obama web site reveals itself.
Where is your BES Policy?
Several months ago, users of a wireless carrier in the United Arab Emirates (UAE) were sent an SMS message to their Blackberry devices instructing them to install a software patch that would resolve recent network trouble they’ve been experiencing. The patch turned out to be spyware (Etisalat.A[MA]) and would intercept the user’s email, sending the [...]
Are Borderless Networks Possible?
I attended SC World Congress in New York this week and a keynote from Cisco caught my attention: Securing the Cloud: Building the Borderless Network. I became fixated on the words used over and over by Joel McFarland. Borderless this, borderless that, borderless everything. This campaign started to bother me as this was [...]
NSA.gov Site Defacement
It appears, according to the site defacement archive hosted at Zone-H, that on or around October 5th an NSA web site application was the victim of an SQL injection exploit resulting in a web site defacement. A web application loading a list of recruitment events at colleges was compromised on the careers section of nsa.gov.
Adobe to release critical update on patch Tuesday
A new zero-day vulnerability in Adobe Reader and Acrobat 9.1.3 has been identified by Chia-Ching Fang and the Taiwanese Information and Communication Security Technology Service Center that allows an attacker to remotely execute arbitrary code. The attack is seeded by providing via e-mail or download a specially crafted PDF file which in current examples will then drop a malware executable as well as an unaffected pdf file.
Colbert’s Human DDOS
Stephen Colbert launched an impromptu human distributed denial of service (DDOS) by instructing his viewers, or the Colbert Nation, to make edits to the collaborative wiki encyclopedia Conservapedia. Specifically he wants to be added as a character in the Conservapedia translated version of the bible, an ongoing crowd sourcing project of the web site.
[...]
Server 2008 R2: Active Directory Functional Levels
Windows Server 2008 R2 was released in August, and it introduced new functional levels for Active Directory. This article takes a look back at the different functional levels of the past and what is new in the latest release of the server operating system for Active Directory (yes, a recycle bin for AD objects!).
Functional levels [...]
Facebook’s Faith: A New Scareware Attack
On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image (seen at left) but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs.
Categories
- Access Control
- Administration
- Botnet
- Censorship
- Certification
- Content Filtering
- Cross Site Scripting
- Cyberwar
- Data Breach
- data leak prevention
- Disaster Recovery
- enumeration
- Forensics
- funny
- homeland security
- Incident Response
- Industry News
- Intrusion Detection
- Law
- Malware
- Networking
- Patch Management
- Phishing
- Physical Security
- Remote Exploit
- scareware
- Security
- Security Policy
- Social Networking
- SQL Injection
- Stay Safe Online
- Technology in Society
- Tools
- Uncategorized
- Vulnerability
- Web Site Defacement
- windows
Recent Comments