This past Monday, some silly hacker got the idea that he could easily redirect traffic from Metasploit.com to some Chinese forum using some ARP poisoning directed at the router that the metasploit.com domain resides. Basically he did a MITM attack. Here is an excerpt from HD Moore’s reply on the Full Disclosure mailing list: “Problem […]
Metasploit.com Attempted Hijack Read More »
Seriously…I don’t go looking for web site security issues or vulnerabilities but sometimes you do “stumble” upon them. 😛 Several weeks ago I was looking for an online schedule of events at one of the local community centers where I live so I did what anyone would do and typed in the URL of the
Stumbling upon Security Issues Read More »
Amazing that security breaches like the one I am about to tell you about are becoming more common…so common that the mainstream media like CNN doesn’t even report it anymore. If you haven’t read about this pretty significant security breach yet…let me briefly tell you about it… Bank of New York (BNY) Mellon and People’s
Raiders of the Lost Backup Tapes Read More »
I wrote an article some time ago about multiple platform password managers. At the time I talked about PasswordSafe and Password Gorilla. While both of these are really good password managers that work on Linux, Windows and OSX…Matt Neely talked about KeePass at the NEO InfoSec Forum last week and how KeePass is probably the
KeePass Password Manager Read More »
This is just classic. A TJX employee, Nick Benson, was fired for posting about security issues on the TJX internal network to this sla.ckers.org forum. Nick attempted to report security issues to his management back in 2006 (before the massive TJX security breach) and nothing changed. Apparently things like having blank passwords on servers were
TJX Employee Fired for Posting Security Issues Read More »
Looking for a fresh, new look at all the recent security news and threats? Check out the new security podcast called “SecuraBit“. The crew of the SecuraBit podcast includes Jason Mueller, Chris Gerling (you may know him from Hak5), Anthony Gartner and Christopher Mills. It’s nice to have another podcast following in the footsteps of
SecuraBit: New Security Podcast Read More »
Very good interview over at The Ethical Hacker Network with Ed Skoudis of Intelguardians. Ed talks about his career, how Intelguardians came to be, his new SANS 560 Course, and a little about his hacker challenges that he is famous for. I know several of the Intelguardians and I have a huge amount of respect
The Ethical Hacker Network: Interview with Ed Skoudis of Intelguardians Read More »
According to 2600 News, 1,500 attendees of this years Last HOPE (Hackers On Planet Earth) hacker conference will be tracked via RFID in a large social experiment which will include games focused on RFID technology. From the press release: “Players will seek ways to protect their privacy, find vulnerabilities in the tracking system, employ data
Attendees to be tracked with RFID at The Last HOPE Read More »
I won’t go into all the details since every other security blogger on earth is covering it….however, as a reminder this issue is pretty serious if you had generated any keys on affected Debian or Ubuntu systems. The best summary I have found of the issue with links to all the “toys” that have come
Debian and Ubuntu OpenSSL Vulnerability Read More »
I came across this post by Martin McKeay on the Network Security Blog today talking about changes to the Nessus license that Tenable will be starting July 31st. Martin makes some really good points and I recommend you read his post. Basically as a corporate user you will need to pay for the new “ProfessionalFeed”.
Nessus “registered” plugin feed to be discontinued Read More »
