It’s been a long time since our last post.. what can we do? jsz and I have been really busy this month and I hope we can make time to post here. I promise we’ll post a lot of interesting stuff soon.
Every month we’ll post the latest month security news highlights. So, here we go:
Phrack Magazine #64
“As long as there is technology, there will be hackers. As long as there
are hackers, there will be PHRACK magazine. We look forward to the next
20 years”
That’s how Phrack #63 Introduction ended. Phrack magazine is revived with a new staff calling them selfs “The Circle of Lost Hackers”. Phrack is (was?) the best online hacking magazine in the world and a lot of people say that it can never be revived. The new issue, although it doesn’t have the regular amount of technical articles in it, seems like a good start. But to determine rather Phrack will continue to be the best, true underground hacking magazine or not, only time will say…
Uniformed vol.7
Three great articles on the latest vol of Uniformed:
Reducing the Effective Entropy of GS Cookies, and a Memalyze – Dynamic Analysis of Memory Access Behavior in Software by skape.
The last article by |)roid is about Mnemonic Password Formulas witch discuss easy and advanced ways for creating mnemonic passwords and its weaknesses.
If you never heard of mnemonic passwords, I strongly suggest you read the following research – Human selection of mnemonic phrase-based passwords (PDF).
the Month of ActiveX Bugs
May was announced to be the Month of ActiveX Bugs (MoAxB). You won’t find a lot of interesting vulnerabilities there.. most of them was found in 3rd party application.
Last year H D Moore presented some fuzzing techniques that disclosed more then 100 bugs in Windows XP default ActiveX controls. Of course not all of the bugs are exploitable but the point is that finding ActiveX bugs it’s not that big of a deal.
H D Moore also started the Month of [somthing] Bugs with the Month of Browser Bugs (MoBB) back on June 2006. Followed by the Month of Kernel Bugs (MoKB) on November and the Month of Apple Bugs (MoAB) on January this year, both by LMH.
Later on, on March, Stefan Esser who retired from the PHP Security Response Team because of slow response time to security holes (one of many reasons. Read more at Stefan’s blog), announced the Month of PHP Bugs (MoPB), in which he disclosed a lot of serious security issues in PHP core along with some bonus bugs in Mod Security and the Zend Platform.
On April, two weird dudes – Mondo Armando and M?¼staschio announced the Month of Myspace Bugs, Yuss! (MoMBY) which mostly included XSS vulnerabilities, different HTML Injections bugs and more, nothing fancy.
This month is the Month of Search Engine Bugs (MOSEB) which we’ll sum up at the end of the month.
Google Security Blog
Google launches a new, homemade security blog. Nothing much to see there for now except a paper regarding the dangerous in virtualizations. Very interesting subject, not so interesting paper (read with 90% caffeine in blood).
BSD Rootkits
Joseph Kong published his first book Designing BSD Rootkits. I ordered a copy and I can’t wait to read it.
I think it’s about time someone publish this kind of book, this subject suffers from a serious lack of resources on the web.
Some of you might know Joseph from his article on Phrack #63 Games With Kernel Memory – FreeBSD Style.
Anyway, I’ll review the book when I finish reading it.
That’s it for now, have a great month!
Categories: Security News
1 Comments | 
Comments RSS | 
TrackBack URL
RSS 2.0
ATOM 1.0
RDF 1.0
Links OPML
OpenSearch
[...] Trancer Filed under by Permalink • Print [...]