Your cart is empty
Visit The Shop

Archive for the ‘Adobe’ tag

HNNCast.2010.08.20

HNNCast for the third week of August 2010 -

Top Stories:
Free Malware from Network Solutions, Virgin’s Love Letter to the Bot Herd, V(D)-Cards, Facebook Likes Malware, iPhone Suck and Sell Scam

News:
Defacement Buffet, OhyouwantAUTH? Celebrity Twits, Month of Abyssec Bugs, Underworld Transaction Processor Popped, Facebook Hack 1.0

Tool Time:
RIPS, RS Mangler, ROPME, Halbred, SAMHAIN, nfex, URLVoid, MBSA 2.0 (NOT), nmapsi4

Quickies:
Cold Fusion’s Hot Mess, Facebook Leak, Passwords are Pointless, Insert Mens Room Joke Here, Smudge Attack, Shopping for SQL Injections

Con Phooey:
Hurricane Labs Hack Challenge, LockCon, Hack in the Box, Security B-Sides, ToonCON

Stack of Shame:
-count: 159
-Turning 1 Year Old This Week:

RealNetworks: ZDI-CAN-569 & ZDI-CAN-568/RISK:HIGH (10=AV:N/AC:L/Au:N/C:C/I:C/A:C)&AV:N/AC:L/Au:N/C:C/I:C/A:C) Discovered 2009-08-20 (365 days ago) by: Anonymous
Hewlett-Packard , IBM , Sun Microsystems: ZDI-CAN-561/RISK:HIGH (10=AV:N/AC:L/Au:N/C:C/I:C/A:C) Discovered 2009-08-20 (365 days ago) by: Rodrigo Rubira Branco (BSDaemon)
Sun Microsystems: ZDI-CAN-552/RISK: HIGH (9.4=AV:N/AC:L/Au:N/C:C/I:C/A:N) Discovered 2009-08-20 (365 days ago) by: Sami Koivu

Posted: August 21st, 2010
at 10:52pm by tan

Tagged with "Network Solutions", Abysssec, Adobe, Android, Anti-Virus, API, Apple, AV, Axel Rose, binary analysis, botnet, brute force, CCBill, ColdFusion, cPanel, Dallas, darknet.org, defacement, Delaware, dictionary, dislike button, DSS, Essen, Excel, exploit, exploit database, Facebook, Facebook Hacker 1.0, Fethard Finance, file integrity, Fort Worth, gadgets, Georgia Tech Research Institute, GPS Spy, GPU, Guns and Roses, Hack In The Box, Halbred, HP, Hurricane Labs Hack Challenge, IBM, India, Indian Cyber Army, IndiShell, Internet Explorer, Intrusion Detection, iPhone, ISP, Justin Bieber, Kansas City, Koobface, lockcon, LSASS, Malaysia, malware, MBSA 2.0 (NOT), Microsoft, Microsoft codecs, MOAUB, mobile security, Month of Abysssec Undisclosed Bugs, Mozilla, Newcastle, nfex, nmapsi4, OAUTH, Ohio, online supermarket, oracle, PAK Cyber Army, PAK haxors, Pakistan, Palm, passwords, patch, PCI, Penn State, PHP, Pre, python, QT, Real Networks, RIPS, rogue facebook application, ROP Exploit, ROPME, RS Mangler, SAMHAIN, scam, Security B-Sides, securitybsides.com, Shadowserver Foundation, SIM cards, smart phone, smudge attack, sql injection, static source code analysis, Sun, Tapsnake, tcpxtract, tinyurl, Tipping Point, ToonCON, Trojan, Twitter, URLVoid, vCard, Vijay Mallya, Virgin media, virtual business card, vulnerability, WebOS, widget, ZDI, Zero Day Initiative

Categories: HNNCast, podcasts

Comments: 1 comment

HNNCast.2010.08.13

HNNCast for the second week of August, 2010

Top Stories
RBS Coming to a Close, Phat Patch Tuesday, Kryogeniks R0×0r3d by defiant

News
the Disclosure Game, pr0n m0de Still Unsafe Sex, Wireless Tires, moar Wargames, VxWorks because Rockwell Rox Well

Tool Time
Grid Computing Hackers Kit, Acunetix WVS beta, winAUTOPWN, listener, wpbruteforcer, Debian Live Studio, PHP IDS, IP Tables, Forensic Tool Kit, Titan Mist, Malheur, DOMScan, DOMTracer, Sploitware CORRECTION.

Quickies
RIM’s Lies, the Cyber Mongoose, Shot Heard Round the Facebook, Dutch Durka Durkas, Don’t Get Media Playa’d, Verizon Crypto Challenge, Too Many Holes

Con Phooey
the Next HOPE, Confcon 2010, DerbyCon 2011, Toorcon XII, B-Sides Abound, Notacon

Stack of Shame
count: 157
Birthdays:
ZDI-CAN-543 – v. Microsoft
Risk: 10 (High: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Discovered 2009-08-06 ( 370 days ago )
by: Peter Vreugdenhil (http://vreugdenhilresearch.nl)

Posted: August 14th, 2010
at 11:47pm by tan

Tagged with "Network Solutions", AccessData, account lockout, Acunetix WVS beta, Adobe, andriod, ATM, B-Sides Abound, Blackberry, Blackhat, Blue-infy, BSD, BSDAUTOPWN, Charlie Miller, China, Christopher Lewis, Cleaveland, Cold Fusion, Comcast, Confcon 2010, crypto challenge, Cyber Army, Cyber RAID, Debian Live Studio, Defiant, Delaware, DerbyCon 2011, disclosure, DOM, DOMScan, DOMTracer, Drupal, Dutch Intelligence Service, EBK, Eergei Tsurikov, EFF, Facebook, Firefox, firewall, font rendering engine, Forensic Tool Kit, Google, grid computing, Grid Computing Hackers Kit, GridFTP, Gridsphere, Haddonfield, HD Moore, Hilton Garden Inn, Hosni Mubarak, IBM, IE, IETF, India, IP Tables, IPSEC, Islamic, James Black, Kansas City, Kentucky, keystroke logger, Kryogeniks, listener, London, Los Angeles Times, Malheur, malware, Media Player, Michael Nebel, Microsoft, Mozilla, New Dehli, notacon, OASIS, Oleg Covelin, Opera, patch Tuesday, PHP IDS, phreak, PIN cracking, PKI, porn mode, portlet framework, premium text messages, private browsing mode, RBS WorldPay, Research in Motion, RIM, Rockwell Automation, Russian Federal Security Service, Rutgers University, Saudi Arabia, Slacker, SploitWare, Stanford University, Starving Hacker rate, static build, Tennable, the Next HOPE, Tipping Point, Titan Mist, TNG, Toorcon XII, Toronto, TPWS, Travis Ormandy, Trojan, Unix, Usenix, Verizon Data Breech Investigations Report, Viktor Pleshchuk, Vulnerability Scanner, VxWorks, webservice containers, winAUTOPWN, Windows, Wordpress, wpbruteforcer, ZDI, Zero Day Initiative

Categories: HNNCast, podcasts

Comments: 1 comment

HNNCast.2010.08.06

HNNCast for the second week of August 2010

Top Stories
Jailbreak Me Demos Threat, Full Disclosure: Crappy Software Ahead
Courtnee: BlackHat/B-Sides/Defcon Wrap-Up

News
StuxNet Tongue-Twister, Masato Notoutforlong, Citi App Spills Secrets, Wake Up People

T00l Time
Aanval, Razorback, DFF, Passware, BinPack, BinNavi, PDF Dissector, PinTool, Seccubus, SotF, L0phtCrack

Quickies
Bulletin on vBulletin, Houston We Have a < 140 Character Problem, Carbon Trading Site Polluted, the Mets Bust Some Marlins, Ausi Malware Author Pleas, Virus Variants Spike, Inside Mumba, Moving Money from QA

Hong CON Phooey
Excaliber Con, H2H, HoaP, Thotcon 2, Shmoocon, HacKid Con, HNN in the Defcon Badge

Stack of Shame
count: 117

Posted: August 8th, 2010
at 1:47pm by tan

Tagged with "cross-site scripting", "open source", Aanval, ACME Pharm, activists, Adobe, airpwn, android rootkit, Anthony Harrison, anti-carbon trading, Apple, arrest, ATM, B-Sides, back door, banking credentials, Banking Trojan, barcode, Barnaby Jack, Behind the Firewall, binary analysis, BinNavi, BinPack, Blackhat, botnet, Brad Threatt, breeches, bugs, c, cancelled talks, Capture the Flag, carbon trading, Central e-Crime Unit, Chinese Cyber Army, Chymine, Cigigroup, CityBank, compiler optimization, coordinated disclosure, Cross Site Scripting Filters, CTF, Dark Tangent, debugging, decrypt, Defcon 18, Defcon 19, Defcon Badge, DFF, Digital Forensic Framework, digital forensics, disclosure, distribution, distro, driver debugging, dynamic instrumentation, dynamic instrumentation framework, eBay, emo, emulator, enterprise equipment, Excaliber Con, exploit, filters", flat screen TV, forensic framework, Forrester, forum software, framework, full disclosure, Goat Bar, Google, GPU, Grand Idea Studio, grandideastudio.com, GSM eavesdropping, guilty, H2H, Hacker News, Hacker News Network, HacKid Con, hacktivism, high speed trading, HNN, HoaP, IBM, IDA Pro, IE, Intel, Internet Explorer 8, iPad, iPhone, jackpotting, jailbreaking, jailbreakme.com, java script, javascript, Jeff Moss, Joe Grand, kernel debugging, keynote, L0phtCrack, Las Vegas Edition, LNK, local, malware, management console, manga octopus, manga sea urchin, manga squid, Masato Nakatsuji, McAffee, Members 1st Federal Credit Union, metasploit, Metropolitan Police, Microsoft, mobile banking, mobile device security, Most Epic Fail, Mozilla, Mumba, NASA, Nessus, obfuscated java script, Octopus virus, Passware, passwords, patches, PDF, PDF Dissector, phishing, PIN, PinTool, plea, Power Point, profiling, Pwnie Awards, python, Razorback, RC4, remote, remote debugging, remote jailbreak, responsible disclosure, Rio, Riv, Riviera, Robin Sage, Sality, SANS, SANS Boston, SCADA, Seccubus, Security, security research, security researchers, security tools, Seimans, ShmooCon, SIMATIC, smart phone botnet, SMTP, Snort, social engineering contest, social networking, SotF, Sourcefire, stack of shame, Stuxnet, syslog, Thotcon 2, Tipping Point, TrueCrypt, Twitter, University of Virginia, UPC, usernames, vBulletin, Vegas, Verizon Data Breach Investigations Report, Vobfus, vulnerability reporting, website defacement, West Coast Hackers, Win32 driver debugging, Win32 kernel debugging, WinCC, Word, worm, XSS, ZDI, Zero Day Initiative, Zeus, Zeus botnet, Zynamics

Categories: HNNCast, podcasts

Comments: 1 comment

« Older Entries

/////////////////////

RT @AdobeSecurity MOAUB Adobe Flash Player and Reader vuln already fixed in June - details at http://bit.ly/9v6YC6 and http://bit.ly/aiCei2 02:51:31 PM September 01, 2010 from Twitterrific
RT @1337bot 3NV!0u$ 0f Y0uR fR!3Nd$ wh0 g07 7h3!R hNN 7$h!R7 #Defcon? N0w Y0u c4N 83 ju$7 4$ 1337 g37 Y0uR hNN 7$h!R7! http://3.ly/HNNTshirt 11:32:31 AM September 01, 2010 from web
Envious of your friends who got their HNN TShirt at #Defcon? Now you can be just as 1337 Get your very own HNN TShirt! http://3.ly/HNNTshirt 10:31:43 AM September 01, 2010 from web
Hack is Whack? SnoopDog teams with SYMC to solicit rap videos http://3.ly/HNNwhack Win a trip to LA and a free laptop. whoop. 10:07:33 AM September 01, 2010 from web
RT @abysssec MOAUB started http://www.abysssec.com/blog/2010/09/moaub-1/ today featuring cpanel and adobe flash and reader. 09:04:33 AM September 01, 2010 from Twitterrific

Breaking News

A Fair(y) Use Tale August 5, 2010
[…]
log2timeline July 1, 2010
Looks pretty neat… for free… …a tool that could take timeline analysis to a new level. That is to create a single tool that could parse various artifacts found on a suspect drive and include them in the timeline, a some sort of super timelining… via log2timeline. […]
The Irrelevancy of Industry Accepted Malware Testing Standards June 30, 2010
I have to say that DannyQuist has it right. The AV industry is not real world and not effective. The fact remains that the AV industry is about selling signatures, not about preventing malware from infesting your PC. The fact that they can take a finger print of what they’ve found “in the wild” is [...] […]
NeoPwn Mobile Pentesting June 29, 2010
We are proud to announce that we are finally approaching a beta release of the first BackTrack Mobile operating system for the Nokia N900! The release will be public shortly before the Blackhat and Defcon conferences in July 2010. via NeoPwn Mobile Pentesting – First Ever Network Auditing Distribution for a Mobile Phone Platform. […]
Dark Tangent’s Tamper Evident Contest RULES June 16, 2010
This looks like a really cool contest – other cons take note. There are all sorts of variations on this theme – who’s going to do the counterfeiting competition? I know one year HOPE held one with their badges – whether they realized it or not – LOL. I suppose counterfeit DEFCON badges would be… [...] […]
THE CYBER WAR THREAT HAS BEEN GROSSLY EXAGGERATED (Washington DC) | Intelligence Squared US June 15, 2010
Interesting debate – it starts off all over the road but eventually gets to the point – that even though our new Cyber Czar talks about making us more secure, the policies he is pushing are not secure software, and not about shaking up an industry that perpetuates the problem. Instead they’re about establishing power [...] […]
UK Met Police Using ENF Analysis for Forensics June 9, 2010
So audio forensic techniques have only been around since Watergate and haven’t really progressed since then… until now. It would be very interesting to read up on the details but it appears that the “grid” has a fingerprint that constantly changes. It appears there is also a way to find this signature in an audio [...] […]
DHS May Merge Infrastructure Protection and Cybersecurity Units June 8, 2010
Seems reasonable to me – get them all in 1 “room” so the talented one can get their hands into more stuff. Telecom is way behind and needs some infusion of critique like they can get from web app testers. Your automated telephone attendant systems for example – it’s like they were invented before we [...] […]
Billionaire Polluters Defacement June 8, 2010
A quick looksie into this shows we’re talking Cross Site Scripting (XSS) here… http://energiser.bp.com/login/index.php?lang= + trigger, + iFrame of content to display Which is why this is up on XSSED.NET I guess – LOL. You can visit the archive and follow the actual link to see the site is STILL VULNERABLE. Found by: holisticinfosec Past XSS finds by holist […]
Android App Aims to Allow Wiretap-Proof Cell Phone Calls « The Firewall – Forbes.com May 25, 2010
On Tuesday, an independent hacker and security researcher who goes by the handle Moxie Marlinspike and his Pittsburgh-based startup Whisper Systems launched free public betas for two new privacy-focused programs on Google's Android mobile platform: RedPhone, a voice over Internet protocol (VoIP) program that encrypts phone calls, and TextSecure, an app […]
Fuzzdb Beta Release April 20, 2010
Web Fuzzing Discovery and Attack Pattern Database – A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications. This is especially useful for many filter bypass type exploits. Identical encoding sequences have been observed to bypass filters for more than one application. Examples can be ob […]
Spotlight: Cyber Terrorism Roundtable April 19, 2010
OK, so it’s from 2007 but given the recent news around Google/China and the push by Uncle Sam reaching the point that “return fire” in “cyber space” is the “rule of engagement”, this is still very timely. Great stuff from Marcus… Spotlight: Cyber Terrorism Roundtable with Sami Saydjari, Marcus Ranum, Dean Turner and hosted by Nicole [...] […]
Congress questions Keth Alexander April 16, 2010
Let’s hope we ALL get to ‘return fire’ and that this ‘right’ is not limited to the military and DHS. …One of the major themes of Thursday’s hearing was questioning where the Cyber Command would fit within the traditional military chain of command and when and how Alexander and his team of computer whizzes would launch [...] […]
Navy cyber leader expects proactive capabilities this year April 10, 2010
As much as we at HNN balk at all the cyber warfare talk out there, here’s some solid thinking that applies to just about everyone. When the the Lower Colorado River Authority finally notices people are trying to login to their site – but only because one of the IPs resolved to China… that’s just [...] […]
Researcher Releases ‘Qubes’ Hardened OS April 7, 2010
It’s been far too long since we’ve seen an effort like this. First there was multix; then there was OpenBSD; now, hold on to your qubes – LOL. Pretty exciting stuff. Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide [...] […]

Classifieds

Software Engineer – ExtraHop Networks June 16, 2010
Do you want to solve problems instead of sitting through meetings? Do you work better as part of a small, focused team? Do you want to feel a sense of ownership in what you do and make a real impact? So do we. We are looking for individuals who love technology, appreciate elegant solutions to hard problems, and want [...] […]
Python / Django – Satchmo (Deer Park, Long Island, NY) June 16, 2010
Exciting start-up is looking for an experienced Python/Django developer…. experience required: Python / Django – Satchmo html/CSS/ html5 and Javascript/jQuery Experience developing with Web Services (REST, SOAP, etc) Our current project is an audible Tweet platform: http://ShoutOmatic.com allowing your voice to be “heard” within your facebook status updates. […]
Mobile Developer Magazine is looking for mobile device or application hackers… June 8, 2010
* If you are interested in contributing to our team please send an email to contact [at] mobilenewsmedia.net * […]
Ultimate Hacker Sticker Collection on eBay April 18, 2010
Anyone that supports 501(c)(3) not-for-profit organizations that promote security. “Huh?!” you say? All proceeds of this auction are being donated to the Open Security Foundation (OSF), maintainers of the Open Source Vulnerability Database and the DatalossDB project. Anyone who likes stickers should bid. Bosses, get them for your employees. Security types, g […]
Developer Wanted: FreshBooks April 18, 2010
Job Description: Enterprise Software Developer - FreshBooks – Toronto, ON FreshBooks is looking for an experienced Enterprise Software Developer to help build out our world-class invoicing platform. Thousands of people use FreshBooks every day to manage their businesses — tracking time, billing and getting paid more easily and more reliably. Your role is to […]
Developer Wanted: FreshBooks April 18, 2010
Job Description: Software Developer - FreshBooks – Toronto, ON Love the fast-paced and creative environment of a start-up, but could do without the stress and chaos? FreshBooks has been around for more than five years now and has a fanatical fan base of over 900,000 people who use our groundbreaking Web 2.0 application. Whatever “Web 2.0″ means. We [...] […]
HELP WANTED: Java/Ruby/Django Developer March 8, 2010
Aftershock is looking for great developers to join our team. http://www.aftershocksf.com/ Web Application Developers: Java, Ruby on Rails, or Django About Aftershock: We make software for mobile devices, we’ve launched 2 apps that made it into the Top 5 of the iTunes App Store. We’ve launched more than 10 apps that have been downloaded cumulatively more than […]
HELP WANTED: HNNCast January 17, 2010
It’s a regular thing for us to decide we need specific help or for us to receive offers of help in areas we have no immediate need for. Hacker News Network is still at a stage where things are VERY tight. The burglary of Space Rogue’s car during his move took all the equipment we [...] […]
Hackers for Charity – Help us get video content! December 8, 2009
The Plea from HFC What I need is for a small army of people to swarm the net in search of training courses (Office, Graphics packages, just about anything). We need to: Find sites that offer training If free, search for a terms of use prohibiting downloading If terms restrict downloading, send an email explaining what we’re doing and ask [...] […]

Avatars by Sterling Adventures

Site last updated August 29, 2010 @ 10:49 pm

Your cart is empty
Visit The Shop

Archive for the ‘Adobe’ tag

HNNCast.2010.08.20

HNNCast.2010.08.13

HNNCast.2010.08.06

HNN IS SPONSORED BY…

/////////////////////

FOLLOW

Breaking News

HNN IS SPONSORED BY…

CONS CALENDAR

Upcoming Events

THE DEFINITIVE LIST OF…

Classifieds

HNN MERCHANDISE

Your cart is emptyVisit The Shop

Archive for the ‘Adobe’ tag

HNNCast.2010.08.20

HNNCast.2010.08.13

HNNCast.2010.08.06

HNN IS SPONSORED BY…

/////////////////////

FOLLOW

Breaking News

Log In

HNN IS SPONSORED BY…

CONS CALENDAR

Upcoming Events

THE DEFINITIVE LIST OF…

Classifieds

HNN MERCHANDISE

Your cart is empty
Visit The Shop