-
The Emergence Of A Theme (flaws in BGP, DNS & SNMPv3) (6)
on
DoxPara Research (9) permalink
I’m not sure what it is, but there continues to be some sort of “competition” for “who can find the biggest bug” — as if attackers had to choose, and more importantly, as if any bug was so big that it could not be made even better by combined use with its “competition”. Before my DNS talk, my old friend FX from Recurity Labs was comparing DNS issues to the Debian Non-Random Number Generator issue ...Shared by Benny Ketelslegers (0) Dave Dugal (13) edsmiley (16) Petr Ruzicka (1) Shannon Prickett (34) snod (12)Contribute comment -
June 25 2008 (1)
on
MIKE'S GYM (0) permalink
To get what we've never had, we must do what we've never done. -- Anonymous-- Delivered by Feed43 serviceShared by Petr Ruzicka (1)Contribute comment -
Second Half (1)
on
T-Nation | Strong Words (0) permalink
The second half of a man's life is made up of nothing but fighting the habits he has acquired during the first half.—Fyodor DostoevskyShared by Petr Ruzicka (1)Contribute comment -
Mercy Centre, Bangkok (1)
on
...blahg (0) permalink
In April I returned to the Mercy Center in the Klong Toey slum of Bangkok. I shot a couple of things.Shared by Petr Ruzicka (1)Contribute comment -
GNS3 - The Full Story (2)
on
Cisco Blog (2) permalink
It looks like someone has decided to write some awesome documentation / tutorials for GNS3. Answers plenty of the questions I had when I first got into it (installation, optimization, etc...). Check it out here.Shared by Dadone (14) Petr Ruzicka (1)Contribute comment -
Karmetasploit Wireless Fun (5)
on
Metasploit (0) permalink
I just posted the first public documentation on Karmetasploit. This project is a combination of Dino Dai Zovi and Shane Macaulay's KARMA and the Metasploit Framework. The result is an extremely effective way to absorb information and remote shells from the wireless-enabled machines around you. This first version is still a proof-of-concept, but it already has an impressive feature list: - Capture POP3 and IMAP4 passwords (clear-text and SSL) - Accept outbound email sent over ...Contribute comment -
Emergencies (1)
onEmergencies have always been necessary to progress. It was darkness which produced the lamp. It was fog that produced the compass. It was hunger that drove us to exploration. And it took a depression to teach us the real value of a job.—Victor HugoShared by Petr Ruzicka (1)Contribute comment
-
THE UNMISTAKABLE SPLATTER OF ROTTEN MELONS (1)
on
THE FITNESS CONDUIT (0) permalink
Dana Torres 41 years of age. Olympian again.Dumbbell Deadlift 10,9,8,7,6,5,4,3,2,1Dumbbell Bench Press 10,9,8,7,6,5,4,3,2,1Dumbbell Hang Clean 10,9,8,7,6,5,4,3,2,1Complete 10 reps of each, then 9 reps of each, then 8.... until completed. Loading equals your 10 Rep max on each movement.Shared by Petr Ruzicka (1)Contribute comment -
Evilgrade Will Destroy Us All (4)
onFrancisco Amato of Infobyte Security Research just announced ISR-evilgrade v1.0.0, a toolkit for exploiting products which perform online updates in an insecure fashion. This tool works in conjunction with man-in-the-middle techniques (DNS, ARP, DHCP, etc) to exploit a wide variety applications. The demonstration video uses the CAU/Metasploit DNS exploit in conjunction with the Sun Java update mechanism to execute code on a fully patched Windows machine. For more information, see the README and slide deck. ...Contribute comment
-
The Prison Workout (4)
on
Mark's Daily Apple (3) permalink
The Prison Workout. New idea? Nah. It’s been around as long as there has been anyone locked up that is looking to stay in shape. Still compelling? Absolutely. Here is MDA’s take on why we think it is worth another look, along with our own variations on this classic routine. Why We Can Appreciate the Prison Workout: 1. Unlimited time You have no excuses. You can’t fall back on the most often used excuse to ...Contribute comment -
“The-Cat-is-Out-of-The-Bag” DNS Bug (5)
on
Aggregated Vendor and Security News Sites (0) permalink
There has been a lot of hush-hush recently regarding a DNS security issue finding by Dan Kaminsky. Industry wide coordinated effort led by Dan ensured that patches were released by multiple vendors. Even though the technical details of the issue were not yet made public by Dan, an inadvertent leak by Matasano Security blog seems to have given out a lot of the information regarding the issue. At this time I cannot confirm that the ...Shared by Andrew Becherer (13) Chris (1) handir (5) Moderated AppSec Feed - OWASP Foundation (20) Petr Ruzicka (1)Contribute comment -
Security Matters: Lesson From the DNS Bug: Patching Isn't Enough (19)
on
Wired: Top Stories (160) permalink
Despite the best efforts of the security community, the details of a critical internet vulnerability discovered by Dan Kaminsky about six months ago have leaked. Hackers are racing to produce exploit code, and network operators who haven't already patched the hole are scrambling to catch up. The whole mess is a good illustration of the problems with researching and disclosing flaws like this. The details of the vulnerability aren't important, but basically it's a form ...Shared by Benjamin (1052) David Eaves (0) Derek Edmond (88) Dicky S (25) Digg Boss (641) digits12 (716) Felix Bredoteau (56) FVT or FVTer (21) GerardM (25) Glenn Batuyong (61) gnusic (80) idhorat (2) Karoli (22) Moderated AppSec Feed - OWASP Foundation (20) Nathaniel Dean (21) Petr Ruzicka (1) ProfVegas (179) Sandra (2) XeZaR (0)Contribute comment -
Kaminsky on How He Discovered DNS Flaw and More (24)
on
Wired: Threat Level (132) permalink
Dan Kaminsky is understandably swamped today, given the unexpected early release of information about the critical DNS flaw he discovered that potentially affects the security of every web site on the internet. But he found some time to speak with Threat Level about how he discovered the vulnerability that has system administrators scrambling to patch before an exploit -- which is expected to go public by the end of today -- is widely available. Kaminsky ...Shared by Adam (15) andronin (5) Angelica (14) blindsurf3r (8) Brian Wilson (2) CampMaster (21) Carl (0) Daemach (9) Dicky S (25) DigitalMike (60) doransky (43) Eric Carlson (7) Gene Locklin (49) Jason (20) Loyolny (3) Matt Southworth (30) Moderated AppSec Feed - OWASP Foundation (20) Petr Ruzicka (1) Reem Abeidoh (49) Romain (0) Steve (30) Tomo (20) tomwsmf (10) Uzair (203)Contribute comment -
DNS Vulnerability; The Other Part of that Partial Disclosure (2)
on
Security to the Core | Arbor Networks Security (0) permalink
Just under two weeks ago, on July 8, a vulnerability disclosure was released warning of multiple DNS implementations being susceptible to yet another new DNS cache poisoning attack, but one professed to be far worse than previous attacks. Dan Kaminsky, in cooperation of with a large number of well-respected security and DNS experts, and a convincingly long list of organizations in tow, attempted to make a compelling argument to the community regarding the severity of ...Shared by Ade (22) Petr Ruzicka (1)Contribute comment -
Reliable DNS Forgery in 2008: Kaminsky’s Discovery (17)
on
Matasano Chargen (6) permalink
0. The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat. 1. Pretend for the moment that you know only the basic function of DNS — that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets ...Shared by Adam Hupp (0) André (12) Andrew Becherer (13) BIGODE (23) Chris (14) Cooper (11) grutzski (1) gyakusetsu (13) jchris (4) jlapenna (4) John T. (6) Moderated AppSec Feed - OWASP Foundation (20) Neil (7) Pedro Pinheiro (0) Petr Ruzicka (1) tabo (31) Zhasper (45)Explore read five notes- jchris said: thanks @_evan, good read!
- John T. said: This is why that whole "don't talk about it yet" idea is bad. Because smart people can figure this out. And the bad guys probably already have.
- Neil said: This is really scary, but it's also sort of brilliant.
- Cooper said: most awesome vulnerability of 2008
- grutzski said: I don't think this was meant to get out yet. :P
Contribute comment -
Hawaiian (1)
on
Eva T's Blog (0) permalink
Carmella, the little stunned one and Eva, the crazed one, both take part in a fundraiser for the local Hawaiian outrigger canoe paddlers.Workout: 10 push ups 10 sit ups 10 squats, 10 rounds.Post experiences to comments.Shared by Petr Ruzicka (1)Contribute comment -
Google's Services Converge in the New iGoogle (117)
on
Google Operating System (1074) permalink
Is this Google Reader? It's actually an iGoogle feed in canvas view, which happens to borrow Google Reader's interface. If you click on the drop-down, you can access all your Google Reader subscriptions.Is this Gmail? It's the Gmail gadget in canvas view, but you get almost all the features available in Gmail's standard interface.Is this Gmail Chat? It's the chat feature from Gmail integrated in iGoogle's sidebar so that you can chat with your contacts ...Shared by abe (41) Adam (36) adang001 (9) Alan (0) Alex (16) Ameer (18) Andrew Girdwood (33) arturo.servin (10) atul (75) Avinash (5) badpazzword (20) Ben Pettit (0) Bhavesh (36) Brit (24) Cast42 (19) cdogzilla (10) Cédric Merland (9) chachra (8) Christopher (41) Cogo (20) Dave E. (3) David (44) Dimitar D (37) duguguiyu (4) Dzu (19) Eater (20) Edwin Khodabakchian (20) ehu4ever (87) eighthrs (17) ema (3) everyone loves a wee sombrero (126) Fernando B (5) Franklin P (0) fyc (38) geekblake (8) gisc (24) Gothy (17) Götz (26) Greg Tidwell (2) handir (5) HBreda (20) hombrelobo (18) howking (0) imma (4) Israel (0) Javed (119) JensMinor (1) Joe (7) Jon (7) JuanPablo (12) Jupega (17) Karpuscul (3) KenFan (20) Leo Romanovsky (15) louisgray (148) Lu Tao (26) Marie (18) Mathieu Ravaux (10) Mihai (4) Mike F (460) naovouporai (1) Natanael Disla (19) Nathan Reale (2) Nemo (0) Nick (10) Nkululeko Masondo (0) noattention (20) Olivier G. (4) Patrick (14) paul (2) Paul (19) perspikace (26) Peter (6) Petr Ruzicka (1) Philou (16) pio (14) pkj (9) PMinze (28) Polle de Maagt (9) Pozsi (16) ppalli (24) presveva (6) R (35) R Daneel Olivaw (6) reisfeldt (11) Riaz (21) ricardo (20) Robert Birming (33) Rodrigo (10) romano (10) Roy (3) rveguilla (5) Sam (7) samikki (1) Scott (3) Sean Harvell (0) senpi (2) SilverStag (3) Sky-Walker (38) Slim (4) Stanley (10) Steve (14) StevieB (71) swined (24) Tewe (4) The Big Guy (2) Tim (25) Todd Mundt (70) Tom (8) Tommy (4) Tony Ruscoe (14) Votis (12) wanszezit (13) Will WM (1) Wulf (3) xeal (13) Yvette (22)Explore read seven notes- Götz said: Quick tip to access the new iGoogle: - go to google.com/ig - paste this in the address bar: javascript:_dlsetp('v2=1');
- Scott said: Suddenly iGoogle becomes much more the central hub that I want it to be."
- chachra said: This is awesome. I might use the Google Personalized homepage more now!
- Olivier G. said: Si vous voulez tester le nouveau google IG, suivez la procédure en bas. PS : Comme par hasard chez moi le chat ne marche pas :(
- Mihai said: Yay, people are noticing this (the iGoogle feed canvas view is my most recent Reader project).
- howking said: かっこいい。よーやくiGoogle使おうかなって気になった。
- senpi said: our new information-consuming-mad-going-future
Contribute comment -
TrueCrypt's Deniable File System (18)
on
Schneier on Security (265) permalink
Together with Tadayoshi Kohno and four of his students at the University of Washington, I have a new paper that breaks the deniable encryption feature of TrueCrypt version 5.1a. Basically, modern operating systems leak information like mad, making deniability a very difficult requirement to satisfy. ABSTRACT: We examine the security requirements for creating a Deniable File System (DFS), and the efficacy with which the TrueCrypt disk-encryption software meets those requirements. We find that the Windows ...Shared by Antoine (33) arturo.servin (10) booyaa (16) Damon (16) FVT or FVTer (21) Hasan (23) JohnMu (12) Matthew (16) Noah (9) Noah (36) Patrick (3) Petr Ruzicka (1) Quasidot (22) Ricardo M. (25) Shannon Prickett (34) Stephen (10) Surferbill (5) Svitlana (22)- Patrick said: shit.
Contribute comment -
Are you using the latest web browser? (23)
on
Google Online Security Blog (1) permalink
Written by Thomas DuebendorferIn view of mass defacements of hundreds of thousand of web pages - with the intent to misuse them to launch drive-by download attacks - security researchers from ETH Zurich, Google, and IBM Internet Security Systems were interested in looking at the other side of the attack: the web browser. By analyzing the web browser versions seen in visits to Google websites, they have shown that more than 600 million Internet users ...Shared by Adam Maldonado (155) AJ (190) Angela (1) BuzzDiggity (1) Denis (8) Götz (26) JC (11) Jeff (43) JohnMu (12) livibetter (2) Lu Tao (26) Matt (6) MH (44) Paul (19) Petr Ruzicka (1) Phil (0) phillip (21) ro11z (7) rOckY (154) Ryan O (15) Tech For Novices (4) Tony Ruscoe (14) WindPower (28)- Götz said: The problem is that most users are unaware that they are not using their browser's latest version. It must be made clear to web browser users that outdated software is associated with significantly higher risk. - Kann man Updates eigentlich noch einfacher machen, wie sie bereits schon bei einigen Browsern sind?
- phillip said: Nice idea for warning browser users.
Contribute comment -
0wN3d by 5 characters (3)
on
Jeremiah Grossman (3) permalink
RSnake: My number one problem with WAFs is they don't protect against _all_ the vulns.Jeremiah: Sure, but secure code doesn't fix all the vulns eitehrRSnake: Depends on _how_ secure! I could easily create a peice of code that was 100% secure. You wouldn't find it fun to interact with, but it would be secure.Jeremiah: while (1) { exit; }RSnake: Sure, if you want to get crazy. I was thinking: exit;Jeremiah: dammit, 5 characters.RSnake: I rule ...Contribute comment
