An interesting read on gnucitizen.org on the UPnP attack via Flash.
A user visiting a webpage that is hosting a malicious SWF file (Flash) might allow an attacker to remotely take control of UPnP devices (like routers) on the users’ private network. Because of the lack of authentication mechanisms this can happen without any user authentication.
A successful attack would allow an attacker to change the firewall setup or administrative setup of broadband modems. Most … Read more.
An article on the blog of Evan Weaver talks about having you logs forwarded to twitter.
It doesn’t sound like such a good idea because you’re relying on the “privacy” protection mechanism of Twitter. This mechanism is acting as a black box so you could as well not be using any protection mechanism.
The idea itself isn’t that bad, having your critical messages (like process xxx not running)- forwarded to twitter might be more useful … Read more.
A list of useful networking monitoring tools. This is not a Top 10 or Top 5 or Top whatever, the usefulness of these applications depends on your environment and what exactly you want to monitor for.
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run … Read more.
If you care at all about Snort you must read Snort 3.0 Architecture Series by Marty Roesch.
Op Dimva 2007 een heel interessante lezing gevolgd van Bojan Zdrnja. Hij vertelde op’n heel simpele manier hoe hij aan de hand van de queries op DNS-servers het gedrag van botnets (en malware in het algemeen onderzocht).
… later meer …
Powered by ScribeFire.
From Wednesday 11 July until Friday 14 July I’ll attend Dimva 2007, the Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment in Luzern.
If someone wants to hang out during this conference then feel free to drop me a note. Outside the conference hours I’ll probably be paying for beers at an Irish pub.
Op de blog van Neil Carpenter, een medewerker van Microsoft van het PSS Security Support Team, valt er een interessant artikel te lezen over een ARP Cache Poisoning Incident.
De auteur beschrijft een situatie waarbij bij welke web-request een iframe werd ingevuld. Na hun onderzoek kwamen ze er op uit dat de invoegingen gebeurden via’n gehackte machine die zich via ARP packets als de nieuwe default gateway bekend maakte.
De worm Worm.Delf.fs is één van … Read more.
Een nieuwe hoax vertelde over de laatste versie van het hacker magazine Phrack . De nieuwe editie zou te vinden zijn op Phrack.ru. Let op de “.ru” ….
Op het archief van Full-Disclosure staan nog enkele van de “nieuwe” artikels :
PHRACK 64: INTRODUCTION PHRACK 64: YOUTUBE IS THE ATTACK PHRACK 64: PHRACK WORLD NEWS PHRACK 64: THE UNDERGROUND SCENE PHRACK 64: PROPEDOPHILE PHRACK 64: AUTOMATED VULNERABILITY AUDITING IN MACHINE CODE PHRACK 64: THE … Read more.
A tutorial by Peter Hansteen on PF.
A recently detected flaw in the Microsoft DNS (Domain Name Services) Server’s RPC (Remote Procedure Call) management server might allow a remote attacker to execute arbitrary code.
The folks at MSRC updated their data and indicated that when a Windows DNS server is not properly protected (firewalling, ip-filtering) it can be exploited by sending malicious packets to the RPC ports (tcp/135, tcp/445, tcp/>1024).
The Metasploit framework already has a plugin to test vulnerable servers.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.