http://pipes.yahoo.com/pipes/pipe.info?_id=5f1dcd4397142867d586ae88e192f796 FULL FEED LOCATED AT feeds.rmccurdy.com http://pipes.yahoo.com/pipes/pipe.info?_id=5f1dcd4397142867d586ae88e192f796 CODENAME: Samurai Skills – Real World Penetration Testing Training http://feedproxy.google.com/~r/darknethackers/~3/whHlgz-flc0/ t2'12: Call for Papers 2012 (Helsinki / Finland) http://seclists.org/pen-test/2012/May/4 A survey on web application attacks http://seclists.org/pen-test/2012/May/3 Webcast: Penetration Testing - Not Just For Networks Anymore http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1379 TA12-129A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA12-129A.html Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool http://feedproxy.google.com/~r/darknethackers/~3/GDBZuVhVWIo/ Announce: Italian Hacker Game Cracca al Tesoro - Crack A Treasure http://seclists.org/pen-test/2012/May/2 VU#520827: PHP-CGI query string parameter vulnerability http://www.kb.cert.org/vuls/id/520827 nullcon Delhi 2012 Call for Paper/Call for Event http://seclists.org/pen-test/2012/May/1 VU#359816: Oracle database TNS listener vulnerability http://www.kb.cert.org/vuls/id/359816 xSQL Scanner 1.6 - Released http://seclists.org/pen-test/2012/May/0 With a real team, it's not about the numbers http://seclists.org/dailydave/2012/q2/41 Russian Cyber-Crime Market Doubled In 2011 http://feedproxy.google.com/~r/darknethackers/~3/3-oIv8M-UcA/ [Tool update] VoIP Hopper 2.04 released http://seclists.org/pen-test/2012/Apr/15 ERPScan has released ERPScan Security Scanner for Sap 2.0 http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1378 72 hours http://seclists.org/dailydave/2012/q2/40 Spooked at RSA 2012 http://seclists.org/dailydave/2012/q2/39 Abusing Password Managers with XSS http://seclists.org/webappsec/2012/q2/6 What's happening at SyScan'12 Singapore http://seclists.org/dailydave/2012/q2/38 Anti-fingerprinting techniques http://seclists.org/pen-test/2012/Apr/14 creepy – A Geolocation Information Aggregator AKA OSINT Tool http://feedproxy.google.com/~r/darknethackers/~3/rNb4CLC6NAM/ [HITB-Announce] HITB Magazine Issue 008 (now with print edition!) http://seclists.org/pen-test/2012/Apr/13 [New tool] - Exploit Pack - Web Security http://seclists.org/pen-test/2012/Apr/12 Save yourself 20% by tweeting http://seclists.org/dailydave/2012/q2/37 Anonymous Take Down Official F1 Site As Bahrain Protest http://feedproxy.google.com/~r/darknethackers/~3/6hbw9vVCvXM/ Clowns Base Key Financial Rate on Feelings, Not Data http://taosecurity.blogspot.com/2012/04/clowns-base-key-financial-rate-on.html TIME IS RUNNING OUT http://seclists.org/dailydave/2012/q2/36 Ruxcon 2012 Call For Papers http://seclists.org/pen-test/2012/Apr/11 RIT! http://seclists.org/dailydave/2012/q2/35 CISPA == MAPP http://seclists.org/dailydave/2012/q2/34 Passwords^12 : Call for Presentations http://seclists.org/webappsec/2012/q2/3 winAUTOPWN v3.0 Released http://seclists.org/webappsec/2012/q2/2 SEC Consult whitepaper :: The Source Is A Lie http://seclists.org/webappsec/2012/q2/1 NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account http://feedproxy.google.com/~r/darknethackers/~3/zMuQwjwUjZI/ Android Trojan Targets Japanese Market – Steals Personal Data http://feedproxy.google.com/~r/darknethackers/~3/eGSIYlAU7bM/ web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc) http://feedproxy.google.com/~r/darknethackers/~3/h17CDz9k4T4/ TA12-101B: Adobe Reader and Acrobat Security Updates and Architectural Improvements http://www.us-cert.gov/cas/techalerts/TA12-101B.html TA12-101A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA12-101A.html VU#400619: Pluck SiteLife software multiple XSS vulnerabilities http://www.kb.cert.org/vuls/id/400619 OWASP ZAP 1.4.0 released http://seclists.org/webappsec/2012/q2/0 Salvaging Poorly Worded Statistics http://taosecurity.blogspot.com/2012/04/salvaging-poorly-worded-statistics.html VU#232979: Multiple vulnerabilities in Intuit QuickBooks http://www.kb.cert.org/vuls/id/232979 VU#928795: Netgear FVS318N router default remote management vulnerability http://www.kb.cert.org/vuls/id/928795 VU#834723: TP-Link 8840T DSL router default remote management vulnerability http://www.kb.cert.org/vuls/id/834723 Rootcon Blog: Introducing 35 Pentesting Tools Used for Web Sec Assessments http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1376 <br />Nikto is an open source web server scanner &#8220;<em>which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files or CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.</em>" The good thing about Nikto is that it easy to use and and performs scanning faster. Nikto is coded in Perl and written by Chris Sullo and David Lodge. Although not all checks are really a big security problem but most are like XSS (Cross Site Scripting) Vulnerabilities, phpmyadmin logins, etc. Nikto alerts and gives you security tips in order to prevent your website from various attacks.<br /><br /><strong>5. SQLmap</strong><br /><br /> Time based Blind SQL injection http://seclists.org/webappsec/2012/q1/37 Inside a Commission Hearing on the Chinese Threat http://taosecurity.blogspot.com/2012/03/inside-commission-hearing-on-chinese.html Job opportunities in Kuwait and Dubai http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1375 VU#551715: Quagga contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/551715 Zend Server Multiple HTML Injection Vulnerabilities http://www.net-security.org/vuln.php?id=16279 EJBCA "issuer" Parameter Cross-Site Scripting http://www.net-security.org/vuln.php?id=16278 Vegas Movie Studio HD "CFHDDecoder.dll" DLL Loading Arbitrary Code Execution http://www.net-security.org/vuln.php?id=16276 Microsoft Expression "wintab32.dll" DLL Loading Arbitrary Code Execution http://www.net-security.org/vuln.php?id=16275 Jenkins Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities http://www.net-security.org/vuln.php?id=16274 SquirrelMail Autocomplete Plugin Email Addresses Cross-Site Scripting http://www.net-security.org/vuln.php?id=16273 Google Chrome Remote Code Execution http://www.net-security.org/vuln.php?id=16272 XnView Multiple Buffer Overflow Vulnerabilities http://www.net-security.org/vuln.php?id=16271 VU#743555: @Mail Open webmail client contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/743555 VU#523027: LG-Nortel ELO GS24M Switch contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/523027 winAUTOPWN v2.9 - As [ C4 - WAST ] http://seclists.org/webappsec/2012/q1/34 VU#364363: WebGlimpse command injection vulnerability http://www.kb.cert.org/vuls/id/364363 VU#212651: InspIRCd heap corruption vulnerability http://www.kb.cert.org/vuls/id/212651 VU#913483: Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries web interface and preconfigured password vulnerabilities http://www.kb.cert.org/vuls/id/913483 FBController - (Facebook Control Utility) version 4.0 { With 0-DAY Features } http://seclists.org/webappsec/2012/q1/33 VU#624051: Microsoft Remote Desktop Protocol (RDP) insecurely deallocates memory http://www.kb.cert.org/vuls/id/624051 VU#339177: Cisco AnyConnect Clientless SSL VPN Portforwarder ActiveX control buffer overflow http://www.kb.cert.org/vuls/id/339177 Impressions: Fuzzing http://taosecurity.blogspot.com/2012/03/impressions-fuzzing.html TA12-073A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA12-073A.html Impressions: Hunting Security Bugs http://taosecurity.blogspot.com/2012/03/impressions-hunting-security-bugs.html Impressions: The Web Application Hacker's Handbook, 2nd Ed http://taosecurity.blogspot.com/2012/03/impressions-web-application-hackers.html Impressions: Web Application Security: A Beginner's Guide http://taosecurity.blogspot.com/2012/03/impressions-web-application-security.html VU#504019: AjaXplorer contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/504019 Review of SSH Mastery Posted http://taosecurity.blogspot.com/2012/03/review-of-ssh-mastery-posted.html Keep CIRT and Internal Investigations Separate http://taosecurity.blogspot.com/2012/03/keep-cirt-and-internal-investigations.html TaoSecurity Blog Wins Most Educational Security Blog http://taosecurity.blogspot.com/2012/03/taosecurity-blog-wins-most-educational.html VU#523889: libpng chunk decompression integer overflow vulnerability http://www.kb.cert.org/vuls/id/523889 Secure Ninja Appoints Leonard Chin as VP to Lead International Expansion http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1373 VU#273502: EasyVista single sign-on authentication bypass vulnerability http://www.kb.cert.org/vuls/id/273502 VU#707254: UTC Fire & Security Master Clock contains hardcoded default administrator login credentials http://www.kb.cert.org/vuls/id/707254 VU#885499: HP StorageWorks P2000 G3 directory traversal vulnerability http://www.kb.cert.org/vuls/id/885499 TA12-045A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA12-045A.html I Want to Detect and Respond to Intruders But I Don't Know Where to Start! http://taosecurity.blogspot.com/2012/02/i-want-to-detect-and-respond-to.html Pen Tests Evolved: The Advanced Threat Cycle http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1371 VU#542123: ISC BIND 9 resolver cache vulnerability http://www.kb.cert.org/vuls/id/542123 Impressions: Network Warrior, 2nd Ed http://taosecurity.blogspot.com/2012/02/impressions-network-warrior-2nd-ed.html Impressions: Windows Sysinternals Administrator's Reference http://taosecurity.blogspot.com/2012/02/impressions-windows-sysinternals.html Impressions: The Tangled Web http://taosecurity.blogspot.com/2012/02/impressions-tangled-web.html VU#732115: Project Open cross-site scripting vulnerability http://www.kb.cert.org/vuls/id/732115 Security Kaizen Magazine Issue 4 is released http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1370 VU#410281: Apple Mac OS X CoreText embedded font vulnerability http://www.kb.cert.org/vuls/id/410281 VU#403593: Apple Mac OS X ATS data-font memory corruption vulnerability http://www.kb.cert.org/vuls/id/403593 VU#763355: 802.1X password exploit on many HTC Android devices http://www.kb.cert.org/vuls/id/763355 VU#470151: Linux Kernel local privilege escalation via SUID /proc/pid/mem write http://www.kb.cert.org/vuls/id/470151 Modeling Security Pentests - New Issue of WebAppPentesting is Out! http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1369 VU#738961: Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser http://www.kb.cert.org/vuls/id/738961 TA12-010A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA12-010A.html Best Book Bejtlich Read in 2011 http://taosecurity.blogspot.com/2012/01/its-time-to-name-winner-of-best-book.html Telling a Security Story with Charts http://taosecurity.blogspot.com/2012/01/telling-security-story-with-charts.html Happy 9th Birthday TaoSecurity Blog http://taosecurity.blogspot.com/2012/01/happy-9th-birthday-taosecurity-blog.html TA11-350A: Adobe Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA11-350A.html FULL FEED LOCATED AT feeds.rmccurdy.com http://pipes.yahoo.com/pipes/pipe.info?_id=5f1dcd4397142867d586ae88e192f796 TA11-347A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA11-347A.html Mandiant Webinar Wednesday; Help Us Break a Record! http://taosecurity.blogspot.com/2011/12/mandiant-webinar-wednesday-help-us.html Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security" http://taosecurity.blogspot.com/2011/12/tripwire-names-bejtlich-1-of-top-25.html Bugtraq: [ MDVSA-2012:079 ] sudo http://www.securityfocus.com/archive/1/522811 Bugtraq: DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012 http://www.securityfocus.com/archive/1/522822 Bugtraq: [Announcement] CHMag's Issue 28, May 2012 Released http://www.securityfocus.com/archive/1/522821 Xen PV Bootloader Bug Lets Local Guest Users Crash the System http://www.securitytracker.com/id/1027090 PHP Windows com_print_typeinfo() Buffer Overflow Lets Local Users Gain Elevated Privileges http://www.securitytracker.com/id/1027089 Linux Kernel kiocb_batch_free() Bug Lets Local Users Deny Service http://www.securitytracker.com/id/1027085 Linux Kernel KVM Memory Slot Management Flaw Lets Local Guest Users Deny Service on the Guest Operating System http://www.securitytracker.com/id/1027083 SANSFIRE 2011 http://www.sans.org/info/74039 (1) HIGH: Google Chrome Sandbox Escapes http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#widely1 (2) HIGH: Microsoft Remote Desktop Protocol Vulnerability http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#widely2 (3) HIGH: Mozilla Firefox Use-After-Free Vulnerability http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#widely3 2.8 Mozilla Firefox/Thunderbird/SeaMonkey "shlwapi.dll" Use-After-Free Memory Corruption http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#2.8 12.11.11 IBM DB2 Multiple Security Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.11 12.11.12 IBM Maximo Asset Management Multiple Security Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.12 12.11.14 Google Chrome Remote Code Execution http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.14 12.11.16 Apple Safari International Domain Name URI Spoofing http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.16 12.11.5 Microsoft Expression "wintab32.dll" DLL Loading Arbitrary Code Execution http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.5 12.11.6 Microsoft Visual Studio Add-In Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.6 12.11.7 DAEMON Tools "IOCTL" Handling Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.7 12.11.9 XnView Multiple Buffer Overflow Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.9 12.11.10 Vegas Movie Studio HD "CFHDDecoder.dll" DLL Loading Arbitrary Code Execution http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.10 12.11.23 LotusCMS Multiple PHP Code Execution Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.23 12.11.24 Jenkins Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.24 12.11.25 Zend Server Multiple HTML Injection Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.25 12.11.26 Invision Power Board Unspecified HTML Injection http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.26 12.11.18 Splunk Unspecified Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.18 12.11.19 SquirrelMail Autocomplete Plugin Email Addresses Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.19 12.11.20 EJBCA "issuer" Parameter Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.20 12.11.21 Synology Photo Station "photo_one.php" Script Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.21 12.11.22 Aurora WebOPAC "txtEmailAliasBarcode" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.22 12.11.1 Microsoft Remote Desktop Protocol Multiple Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.1 12.11.3 Microsoft Windows Kernel "Win32k.sys" Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=11&i=11&rss=Y#12.11.3 ffmpeg library multiple security vulnerabilities http://securityvulns.com/news/ffmpeg/1205.html OpenOffice multiple security vulnerabilities http://securityvulns.com/news/OpenOffice/1205.html OpenSSL DoS http://securityvulns.com/news/OpenSSL/CVE-2012-2333.html Apple QuickTime multiple security vulnerabilities http://securityvulns.com/news/Apple/QuickTime/1205.html Microsoft Windows Keyboard Layout Local Privilege Escalation http://www.vupen.com/english/ADV-2012-0267.php Symantec Web Gateway Remote Code Execution and Data Manipulation http://www.vupen.com/english/ADV-2012-0266.php HP Business Service Management Remote Code Execution Vulnerability http://www.vupen.com/english/ADV-2012-0265.php HP OpenVMS ACMELOGIN Local Unauthorized Access Vulnerability http://www.vupen.com/english/ADV-2012-0264.php Off-the-Record Messaging (OTR) for Pidgin Remote Format String http://www.vupen.com/english/ADV-2012-0262.php RealNetworks RealPlayer Data Processing Remote Code Execution http://www.vupen.com/english/ADV-2012-0261.php Opera Browser URL Constructs Processing Remote Code Execution http://www.vupen.com/english/ADV-2012-0259.php Google Chrome Multiple Use-after-free and Memory Corruptions http://www.vupen.com/english/ADV-2012-0258.php Sympa "wwsympa/wwsympa.fcgi.in" Archives Access Control Issue http://www.vupen.com/english/ADV-2012-0257.php Socat "xioscan_readline()" Data Processing Heap Buffer Overflow http://www.vupen.com/english/ADV-2012-0256.php Apple QuickTime Data Processing Multiple Remote Code Execution http://www.vupen.com/english/ADV-2012-0253.php Apple Safari WebKit Remote Code Execution and Cross Site Scripting http://www.vupen.com/english/ADV-2012-0252.php Apple Mac OS X Multiple Remote Code Execution and Security Bypass http://www.vupen.com/english/ADV-2012-0251.php TorBrowser SOCKS Proxy DNS Configuration Bypass Weakness http://www.vupen.com/english/ADV-2012-0250.php PHP Remote Command Injection and Buffer Overflow Vulnerabilities http://www.vupen.com/english/ADV-2012-0249.php Pidgin XMPP File Transfer Requests Remote Memory Corruption http://www.vupen.com/english/ADV-2012-0247.php Apple iOS Code Execution and Location Bar Spoofing Vulnerabilities http://www.vupen.com/english/ADV-2012-0246.php Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities http://www.vupen.com/english/ADV-2012-0245.php Adobe Flash Professional Data Processing Buffer Overflow Vulnerability http://www.vupen.com/english/ADV-2012-0244.php Adobe Photoshop Data Processing Code Execution Vulnerabilities http://www.vupen.com/english/ADV-2012-0243.php Adobe Illustrator Data Processing Multiple Code Execution Vulnerabilities http://www.vupen.com/english/ADV-2012-0242.php Microsoft Products Multiple Code Execution and Privilege Escalation http://www.vupen.com/english/ADV-2012-0241.php IBM AIX RPC Portmapper Access Restriction Bypass Vulnerability http://www.vupen.com/english/ADV-2012-0240.php Adobe Flash Player Object Confusion Remote Code Execution vulnerability http://www.vupen.com/english/ADV-2012-0239.php PHP "QUERY_STRING" Parameter Processing Command Injection http://www.vupen.com/english/ADV-2012-0238.php IBM AIX LDAP Authentication "getpwnam()" Local Privilege Escalation http://www.vupen.com/english/ADV-2012-0237.php FULL FEED LOCATED AT feeds.rmccurdy.com http://pipes.yahoo.com/pipes/pipe.info?_id=5f1dcd4397142867d586ae88e192f796