HNNCast.2010.08.27
HNNCast for the last week of August 2010 -
Top Stories:
Dejavu Microsoft Style, Middle Eastern USB Sticks it to US, PayPal/iTunes Warning, SpanAir Malware not in the Air
News:
Far East Joint Police Actions, Halo Reach Leak, Yo Yo Dos, AutoTrader Raiders
Tool Time:
Fast HTTP Vulnerability Scanner, XSSer, HTTP4e, DotDotPwn, RootKitUnhooker, OpenSSH, RS Mangler Correction
Quickies:
Indian Election Integrity in Question, Miss Vietnam Election Integrity NOT in Question, Seymour’s Butt, Irish Youth Identities Likely Leaked, UN Still SQL Injectable, Holly Benson DoS’d, InfoSec M&A, a REAL MIT Hack
Con Fu:
DefCon 18 Archive, RuxCon CFP, BlackHat Abu Dhabi CFP, Source Barcelona Registration, BruCon Beta Schedule, HacKid Con Registration, Malcon CFP
Stack of Shame:
Count: 151
Birthdays:
- ZDI-CAN-381 from IBM ( 730 days )
- ZDI-CAN-375 from IBM ( 730 days )
- ZDI-CAN-374 from IBM ( 730 days )
- ZDI-CAN-373 from IBM ( 730 days )
- ZDI-CAN-372 from IBM ( 730 days )
- ZDI-CAN-371 from IBM ( 730 days )
Posted: August 29th, 2010
at 4:49pm by tan
Tagged with "South Korea", agent.btz, ATM fraud, Autotrader.com, BlackHat Abu Dhabi CFP, botnet, BruCon Beta Schedule, BSA, CAO, China, classified networks, credit card skimming, DC-9, DDoS, DefCon 18 Archive, DigiNinja, DOM, DotDotPwn, e-voting system, election fraud, Fast HTTP Vulnerability Scanner, FDC worm, Fortify, Fuzz, Germany, HacKid Con Registration, Halo reach, Hari Prasad, Holly Benson, HP, HTTP4e, IBM, Intel, Ireland, itunes, JSON, LNK bug, Malcon CFP, malware, McAffee, metasploit, Microsfot, Microsoft, Miss Vietnam World, MIT, online auction fraud, OpenSSH, password reset, Paypal Apple, process control vulnerability, Random Storm, REST, RKU, Robin, root-kit, RootKitUnhooker, RS Mangler, RuxCon CFP, Seymour Connecticut, Source Barcelona Registration, SpanAir, sql injection, Taiwan, TARDIS, telecom fraud, Tipping Point, Trojan, UN, United Nations, USB, voting machines, William J. Lynn III, Windows, XBox Live, XSSer, yoyodos, ZDI, Zero Day Initiative
Comments: 1 comment
HNNCast.2010.08.20
HNNCast for the third week of August 2010 -
Top Stories:
Free Malware from Network Solutions, Virgin’s Love Letter to the Bot Herd, V(D)-Cards, Facebook Likes Malware, iPhone Suck and Sell Scam
News:
Defacement Buffet, OhyouwantAUTH? Celebrity Twits, Month of Abyssec Bugs, Underworld Transaction Processor Popped, Facebook Hack 1.0
Tool Time:
RIPS, RS Mangler, ROPME, Halbred, SAMHAIN, nfex, URLVoid, MBSA 2.0 (NOT), nmapsi4
Quickies:
Cold Fusion’s Hot Mess, Facebook Leak, Passwords are Pointless, Insert Mens Room Joke Here, Smudge Attack, Shopping for SQL Injections
Con Phooey:
Hurricane Labs Hack Challenge, LockCon, Hack in the Box, Security B-Sides, ToonCON
Stack of Shame:
-count: 159
-Turning 1 Year Old This Week:
- RealNetworks: ZDI-CAN-569 & ZDI-CAN-568/RISK:HIGH (10=AV:N/AC:L/Au:N/C:C/I:C/A:C)&AV:N/AC:L/Au:N/C:C/I:C/A:C) Discovered 2009-08-20 (365 days ago) by: Anonymous
- Hewlett-Packard , IBM , Sun Microsystems: ZDI-CAN-561/RISK:HIGH (10=AV:N/AC:L/Au:N/C:C/I:C/A:C) Discovered 2009-08-20 (365 days ago) by: Rodrigo Rubira Branco (BSDaemon)
- Sun Microsystems: ZDI-CAN-552/RISK: HIGH (9.4=AV:N/AC:L/Au:N/C:C/I:C/A:N) Discovered 2009-08-20 (365 days ago) by: Sami Koivu
Posted: August 21st, 2010
at 10:52pm by tan
Tagged with "Network Solutions", Abysssec, Adobe, Android, Anti-Virus, API, Apple, AV, Axel Rose, binary analysis, botnet, brute force, CCBill, ColdFusion, cPanel, Dallas, darknet.org, defacement, Delaware, dictionary, dislike button, DSS, Essen, Excel, exploit, exploit database, Facebook, Facebook Hacker 1.0, Fethard Finance, file integrity, Fort Worth, gadgets, Georgia Tech Research Institute, GPS Spy, GPU, Guns and Roses, Hack In The Box, Halbred, HP, Hurricane Labs Hack Challenge, IBM, India, Indian Cyber Army, IndiShell, Internet Explorer, Intrusion Detection, iPhone, ISP, Justin Bieber, Kansas City, Koobface, lockcon, LSASS, Malaysia, malware, MBSA 2.0 (NOT), Microsoft, Microsoft codecs, MOAUB, mobile security, Month of Abysssec Undisclosed Bugs, Mozilla, Newcastle, nfex, nmapsi4, OAUTH, Ohio, online supermarket, oracle, PAK Cyber Army, PAK haxors, Pakistan, Palm, passwords, patch, PCI, Penn State, PHP, Pre, python, QT, Real Networks, RIPS, rogue facebook application, ROP Exploit, ROPME, RS Mangler, SAMHAIN, scam, Security B-Sides, securitybsides.com, Shadowserver Foundation, SIM cards, smart phone, smudge attack, sql injection, static source code analysis, Sun, Tapsnake, tcpxtract, tinyurl, Tipping Point, ToonCON, Trojan, Twitter, URLVoid, vCard, Vijay Mallya, Virgin media, virtual business card, vulnerability, WebOS, widget, ZDI, Zero Day Initiative
Comments: 1 comment
HNNCast.2010.08.06
HNNCast for the second week of August 2010
Top Stories
Jailbreak Me Demos Threat, Full Disclosure: Crappy Software Ahead
Courtnee: BlackHat/B-Sides/Defcon Wrap-Up
News
StuxNet Tongue-Twister, Masato Notoutforlong, Citi App Spills Secrets, Wake Up People
T00l Time
Aanval, Razorback, DFF, Passware, BinPack, BinNavi, PDF Dissector, PinTool, Seccubus, SotF, L0phtCrack
Quickies
Bulletin on vBulletin, Houston We Have a < 140 Character Problem, Carbon Trading Site Polluted, the Mets Bust Some Marlins, Ausi Malware Author Pleas, Virus Variants Spike, Inside Mumba, Moving Money from QA
Hong CON Phooey
Excaliber Con, H2H, HoaP, Thotcon 2, Shmoocon, HacKid Con, HNN in the Defcon Badge
Stack of Shame
count: 117
Posted: August 8th, 2010
at 1:47pm by tan
Tagged with "cross-site scripting", "open source", Aanval, ACME Pharm, activists, Adobe, airpwn, android rootkit, Anthony Harrison, anti-carbon trading, Apple, arrest, ATM, B-Sides, back door, banking credentials, Banking Trojan, barcode, Barnaby Jack, Behind the Firewall, binary analysis, BinNavi, BinPack, Blackhat, botnet, Brad Threatt, breeches, bugs, c, cancelled talks, Capture the Flag, carbon trading, Central e-Crime Unit, Chinese Cyber Army, Chymine, Cigigroup, CityBank, compiler optimization, coordinated disclosure, Cross Site Scripting Filters, CTF, Dark Tangent, debugging, decrypt, Defcon 18, Defcon 19, Defcon Badge, DFF, Digital Forensic Framework, digital forensics, disclosure, distribution, distro, driver debugging, dynamic instrumentation, dynamic instrumentation framework, eBay, emo, emulator, enterprise equipment, Excaliber Con, exploit, filters", flat screen TV, forensic framework, Forrester, forum software, framework, full disclosure, Goat Bar, Google, GPU, Grand Idea Studio, grandideastudio.com, GSM eavesdropping, guilty, H2H, Hacker News, Hacker News Network, HacKid Con, hacktivism, high speed trading, HNN, HoaP, IBM, IDA Pro, IE, Intel, Internet Explorer 8, iPad, iPhone, jackpotting, jailbreaking, jailbreakme.com, java script, javascript, Jeff Moss, Joe Grand, kernel debugging, keynote, L0phtCrack, Las Vegas Edition, LNK, local, malware, management console, manga octopus, manga sea urchin, manga squid, Masato Nakatsuji, McAffee, Members 1st Federal Credit Union, metasploit, Metropolitan Police, Microsoft, mobile banking, mobile device security, Most Epic Fail, Mozilla, Mumba, NASA, Nessus, obfuscated java script, Octopus virus, Passware, passwords, patches, PDF, PDF Dissector, phishing, PIN, PinTool, plea, Power Point, profiling, Pwnie Awards, python, Razorback, RC4, remote, remote debugging, remote jailbreak, responsible disclosure, Rio, Riv, Riviera, Robin Sage, Sality, SANS, SANS Boston, SCADA, Seccubus, Security, security research, security researchers, security tools, Seimans, ShmooCon, SIMATIC, smart phone botnet, SMTP, Snort, social engineering contest, social networking, SotF, Sourcefire, stack of shame, Stuxnet, syslog, Thotcon 2, Tipping Point, TrueCrypt, Twitter, University of Virginia, UPC, usernames, vBulletin, Vegas, Verizon Data Breach Investigations Report, Vobfus, vulnerability reporting, website defacement, West Coast Hackers, Win32 driver debugging, Win32 kernel debugging, WinCC, Word, worm, XSS, ZDI, Zero Day Initiative, Zeus, Zeus botnet, Zynamics
Comments: 1 comment
