Security News
SecurityFocus vor dem (Teil-) Aus
ICANN-Chef eckt mit DNS-Sicherheitswarnung an
Episode 190 - live from CCDC tonight!
Please join us for a special live recording tonight at 7:30 EST from the Collegiate Cyber Defense Competition in Maryland for Episode 190 of PaulDotCom Security Weekly.
Please join the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.
When active, the live stream(s) can be found at:
PaulDotCom Livestream - All new with Video and Chat! You can access the streaming videos at any time by visiting http://pauldotcom.com/live/
Break out your adult beverage of choice and join us, enjoy the show live, and thanks for listening!
- Larry, Mick, Carlos, John, Darren & Paul
IIS Web Server Security how to
With the sharp increase of hacking attacks over the last couple of years, and the introduction of a number of regulatory compliance guidelines to follow, web application security has become a key concern for many online businesses, and also a common expense in a company’s budget. Although many businesses are focusing on securing their web applications, unfortunately they are not looking at the whole picture. A vital part of securing a business’s whole web infrastructure also includes having a secure web server configuration. Securing a web server’s configuration is as important as securing the web application itself.
Click here to read the full article and learn more how you can secure your Microsoft IIS web server!
Social-Engineering Ninja v0.1 Beta - PHP scripts
Available Sites:
amazon.com
digg.com
ebuddy.com
facebook.com
gmail.com
hotmail.com
msn.com (hotmail)
myspace.com
onecard.com (AR,EN Langs)
paypal.com
travian.com (AR,EN Langs)
twitter.com
yahoo.com
youtube.com
Features:
Fakepages.
IP, malicious page gives you the ip address of victim.
Mailer.
You can send an anonymous message using PHP mail() (...) - Security Tools / Attack, Stupidity, S-E Ninja ToolsTracker02921839077878952869
Exploit für neue IE-Lücke
<p>Who?s the hardest working researcher of all time? Of 2009?</p>
Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition
There are many reasons why attackers may target your organization: they could be after your intellectual property, they may have political reasons or there may be financial motivations (if you have credit card data stored on your network). I've often heard people say, "Why would someone want to attack us?" The question should really be phrased, "Why would someone need to attack us?" Often you are targeted not because of who you are, but what you have. Google hosts email accounts that are interesting to certain parties. You may be a university with plenty of bandwidth or a business partner with a company who makes electronics that the attacker is after. The point is that you can't limit the reasons why you are going to be attacked. You have to secure your network with the mindset that someone will eventually come after you.
This brings us to this month's "Patch Tuesday". Two bulletins have been released by Microsoft, and I've included some examples of how they can be used for targeted attacks:
- MS10-016 - Nessus Plugin ID 45020 (Credentialed Check) - This bulletin discloses vulnerabilities associated with Windows Movie Maker that occur when a user opens a Windows Movie Maker file. While this may be used in some targeted attacks, I suspect that not many organizations have this software widely deployed. However, the interesting thing about this vulnerability is that Movie Maker is built-in to certain versions of Windows Vista, which makes uninstallation very difficult. This means even if you are not using the software, you still need to apply the patches. While Movie Maker may not be the most popular client application available, as a penetration tester I would search for it anyway. For example, I found a web site that is hosting a forum for Windows Movie Maker users. A query for "running version" results in several pages of matches. You can even be more specific with your search and enter "2.1", which is the vulnerable version running on Windows XP. Most of the posts are made by people looking for help with a specific version of Movie Maker and they will reveal this information during troubleshooting. An attacker just needs to associate the forum userid or email with the target they are going after for a potentially successful attack to be well under way.
Microsoft ranks this vulnerability as "Important". The vulnerability itself does not exploit a remotely accessible network service and execute remote code, but that doesn't mean an attacker cannot use this information to construct specifically targeted attacks. Consider the following Google query:
filetype:xls inurl:xls site:.gov
The above search (as of today) returns 3,560,000 results (coincidentally, this number was the largest out of ".com", ".edu" and ".mil" top level domains). While this may not seem relevant, what stops an attacker from downloading all of the spreadsheets posted by a particular organization and analyzing the document metadata? Metadata is information contained within a document that can reveal the software type, version and platform it is running on in addition to the user who created it. With this information you could easily launch a targeted email attack. In fact, the attackers could have enough information to launch automated attacks that read the document metadata from a target's web site and then send the appropriate malicious Microsoft Excel document. While malicious PDF documents are all the rage these days with attackers, there is no reason why they cannot easily make a shift or use Microsoft Office documents along with the more traditional PDF attacks. One could make the argument that the attackers could do the same with PDF documents (and they probably are), but since malicious PDFs are something that organizations are now expecting, attackers may choose to mix up their attack vectors.

Recent comments
3 weeks 1 day ago
3 weeks 3 days ago
3 weeks 4 days ago
5 weeks 3 days ago
8 weeks 3 hours ago
8 weeks 1 day ago
14 weeks 4 days ago
15 weeks 3 hours ago
15 weeks 1 day ago
15 weeks 5 days ago