HNNCast.2011.04.01
HNNCast for the last week of March, 2011
Top Stories
Running SCAreDA, VIPRE AV Poisonous, Comodo Still Open, Hacked-In Networks’ InfoSpherix Opener
News
SeQueL to 13 Years of SQL Leaks, Congress Comes a Callin’, No Gitmo for MitMo, the WiFi Transmits for Free
CORRECTION: it’s ne0h, not neo4data; sorry to both.
T00l T1m3
upates: QuickRecon
new: WebScarab NG, Hatkit Proxy, yInjector, Data Block Analyzer, DDL Dump, Monocle
news: Stuxnet Internals, X-Code Pro-Tip, MOD Security Prevails
Quickies
Ghost Exodus CHROOTED, PHP in a Fog, Trip Advisor Breached, Virtual Chip Convict CHROOTED, When Security Software Attacks, Local File Phishing Flourishes, McAffee Safe for Hackers, OS 10:Virii 4, FBI Issues RL Cyber Sleuth Challenge, POOP LOLz
Con Fu
CCD Final 9, Tak3D0wn con Speakers, Dakota Con Speakers
B-Sides Roundup: LV Registration, CFP Rounds
Stack of Shame
count: 85 (-4)
One Response to 'HNNCast.2011.04.01'
Subscribe to comments with RSS
Leave a Reply
You must be logged in to post a comment.
Posted: April 4th, 2011
at 6:52am by tan
Tagged with "cross-site scripting", 7-Technologies, Active Network, Agor SCADA Plus, Anti-Virus, Apple, ARP, Ars Technica, AV, B-Sides, Bank of America, Barnaby Jack, Berico Technologies, breach, Canvas, CCD, Chicago, cipher, Cloud Fog, Collegiate Cyber Defense, Comodo, consumer electronics, Control Microsystems, credit card fraud, Dakota Con, Data Block Analyzer, Datac, DCFluX, DDL dump, Defcon, Detroit, DNS, dod, electronic road sign, email, F-Secure, false positive, FBI, format string, Fusion middleware Web Tier, GET, Ghost Exodus, Gleg, Hatkit Proxy, HB Gary Federal, heap overflow, Holland, House Armed Services Subcommittee on Emerging Threats and Capabilities, How Strong is Your Shmooze, HP, Iconics, Identity Theft, IDS, IIS 7, InfoSpherix, IOError, Iran, Jacob Applebaum, Jared DeMott, Jennifer Granick, Jesse McGrew, JFlex, Joe Grand, John Flowers, Kaspersky, keylogger, Las Vegas, LizaMoon, Lloyds TSB, Mac, Maine Department of Conservation, malware, Mark Russinovich, McAffee, Microsoft, Microsoft Security Essentials, MitMo Trojan, mobile banking, Mobile Malware, MOD Security, Monocle, Moxie Marlinspike, MYSQL, ne0h, NSA, Onion Spy, oracle, OS X, OWASP, Palantair Technologies, PasteBin, paypal, phishing, PHP, PHP fog, POOP, POST, Properties List Editor, proxy support, QuickRecon, Rain Forest Puppy, redo logs, RFP, Rochester, Samsung, SCADA, shell assistant, Siemens, social engineering contest, SPAM, SPRING, spyeye, sql injection, SSL, St. Johns, starlogger, Stuxnet, Sun, SWING, Symbian, Sys Internals, Takedown Con, TechNet, tinkode, Tipping Point, Trip Advisor, US Congress, V3rity, VIPRE, virual poker chips, WAF, Web Application Firewall, WebScarab NG, WiFi, WPA, X-Code, XML, XSS, yInjector, YouTube, ZDI, Zero Day Initiative, Zeus, Zynga
Comments: 1 comment
Top Stories
Running SCAreDA
http://www.theregister.co.uk/2011/03/22/scada_exploits_released/
http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/229400104/us-cert-issues-warnings-on-vulnerabilities-in-siemens-other-scada-products.html
VIPRE AV Poisonous
http://www.f-secure.com/weblog/archives/00002133.html
http://www.networkworld.com/newsletters/sec/2011/032811sec2.html
http://www.samsungtomorrow.com/1071
Comodo Still Open
http://www.pcworld.com/businesscenter/article/223760/comodo_hacker_claims_another_certificate_authority.html
http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html
http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
http://pastebin.com/CvGXyfiJ
http://pastebin.com/X8znzPWH
http://pastebin.com/kkPzzGKW
http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html
Hacked-In Networks’ InfoSpherix Opener
http://www.washingtonpost.com/officials-malware-may-have-exposed-credit-cards-used-for-state-park-pass-purchases-in-maine/2011/03/24/AB7OI2QB_story.html
News
SeQueL to 13 Years of SQL Leaks
http://www.thetechherald.com/article.php/201113/6976/Oracle-attacked-MySQL-and-Sun-caught-in-the-crossfire
http://www.theregister.co.uk/2011/03/31/lizamoon_mass_injection_attack/
http://community.websense.com/blogs/securitylabs/archive/2011/03/29/lizamoon-mass-injection-28000-urls-including-itunes.aspx
http://pastebin.com/raw.php?i=BayvYdcP
http://www.scmagazineus.com/oracles-mysqlcom-hacked-via-sql-injection/article/199419/
http://singe.za.net/blog/archives/925-Which-Vulnerability-Researcher-Discovered-SQL-injection.html
Congress Comes a Callin’
http://www.wired.com/threatlevel/2011/03/congress-and-hbgary/
http://arstechnica.com/tech-policy/news/2011/03/unmasked-now-available-on-amazon-stanza-aldiko-and-more.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
No Gitmo for MitMo
http://www.f-secure.com/weblog/archives/00002123.html
the WiFi Transmits for Free
http://www.pcworld.com/article/222589/dutch_court_rules_wifi_hacking_is_now_legal.html
T00l T1m3
http://www.vulnerabilitydatabase.com/2011/03/quickrecon-v0-2-4-updated/
http://www.vulnerabilitydatabase.com/2011/03/owasp-webscarab-ng-v0-3-0-released/
http://security-sh3ll.blogspot.com/2011/03/owasp-hatkit-proxy-v1.html
http://www.vulnerabilitydatabase.com/2011/03/yinjector-sql-injection-penetration-tool/
http://www.vulnerabilitydatabase.com/2011/03/v3rity-data-block-examiner-for-oracle/
http://www.vulnerabilitydatabase.com/2011/03/ddldump-v0-1-beta/
http://www.vulnerabilitydatabase.com/2011/03/monocle-host-discovery-tool-v1-0-released/
http://blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.aspx
http://www.appleexaminer.com/
http://blog.spiderlabs.com/2011/03/modsecurity-update-increasing-community-involvement.html
Quickies
http://www.scmagazineus.com/texas-hospital-hacker-sentenced-to-nine-years/article/198833/
http://blog.phpfog.com/2011/03/22/how-we-got-owned-by-a-few-teenagers-and-why-it-will-never-happen-again/
http://www.theinquirer.net/inquirer/news/2037431/hackers-grab-travel-website-tripadvisor-emails
http://www.thinq.co.uk/2011/3/19/zynga-hacker-jailed-two-years/
http://www.theregister.co.uk/2011/03/15/f_secure_mac_security_false_alert/
http://www.theinquirer.net/inquirer/news/2035632/paypal-hit-sophisticated-phishing-attack
http://seclists.org/fulldisclosure/2011/Mar/313
http://www.theregister.co.uk/2011/03/22/apple_mac_malware_update/
http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911/cryptanalysis_032911
http://www.upi.com/Odd_News/2011/03/15/Electronic-road-sign-reads-POOP-LOL/UPI-97761300217336/
http://abclocal.go.com/ktrk/story?section=news/local&id=8015105
Con Fu
http://www.nationalccdc.org/
http://www.midatlanticccdc.org/CCDC/
http://www.takedowncon.com/?page_id=163
http://dakotacon.org/contact.html
http://www.securitybsides.com/w/page/12194156/FrontPage
http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229400287/social-engineering-capture-the-flag-contest-returns-to-defcon.html
Stack of Shame
http://www.zerodayinitiative.com/advisories/upcoming/
tan
4 Apr 11 at 7:17 am