Security Weekly News 1 April 2011 – Summary

I know it is April’s 1st but I am Spanish, don’t worry! 🙂 (we have the 28th of December for those things) Thanks to Tadek, John and Brian for contributing to this weekly security news bulletin! For the technically inclined I also put together the following this week: – iptables: white-listing TCP connections to reduce …

Security Weekly News 1 April 2011 – Full List

Category Index Hacking Incidents / Cybercrime Software Updates Business Case for Security Network Security Web Technologies Privacy General Funny Hacking Incidents / Cybercrime Comodo: two more resellers were compromised  [www.h-online.com] Comodo has confirmed that two other resellers have been compromised since the ‘Comodogate’ attacks which saw an attacker generate forged certificates for login.live.com, mail.google.com, www.google.com, …

Angry IP vs nmap

I recently got an interesting question via email: Hi Abraham, I was just wondering if you’ve ever used a tool called Angry IP scanner? Is it safe to use? Is there any risk of it crashing a host you are scanning? Regards, Short answer: Q: I was just wondering if you’ve ever used a tool …

Backtrack basics: Services => VNC

Introduction When you setup the VNC server you can connect remotely with GUI access to Backtrack, for this reason, it is best to start the VNC server BEFORE you enter the GUI, that will save a little bit on resources such as RAM. The VNC server service will provide no encryption, so make sure you …

Security Weekly News 25 March 2011 – Summary

Thanks to Tadek for contributing to this security weekly news bulletin Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “If Iran got some forged certificates, it’s only because they don’t have a CA of their own. It’s considerably less hassle for most countries.” – Moxie Marlinspike (Abraham’s …

Security Weekly News 25 March 2011 – Full List

Category Index Hacking Incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Privacy General Funny Hacking Incidents / Cybercrime   The Recent RA Compromise  [blogs.comodo.com] On March 15th 2011, a Comodo affiliate RA was compromised resulting in the fraudulent issue of 9 SSL certificates to sites in …

Backtrack basics: Networking

First Check recognised HW: # dmesg|grep eth jme: JMicron JMC2XX ethernet driver version 1.0.4 eth0: registered as PCnet/PCI II 79C970A eth1: registered as PCnet/PCI II 79C970A eth2: registered as PCnet/PCI II 79C970A Option 1 – The manual way: Static IP assignment and nework configuration: a) Sets your IP address # ifconfig eth0 192.168.0.123 b) Set …

Backtrack basics: Upgrading the proper way

NOTE: For this to work you obviously need network connectivity first! this is explained here Ok guys, finally this is the definitive guide from the Backtrack guys themselves (source): Update Back|Track Linux: apt-get update && apt-get upgrade && apt-get dist-upgrade Update Metasploit: cd /pentest/exploits/framework3 && svn update Update the Social-Engineer Toolkit (SET): cd /pentest/exploits/SET && …

Security Weekly News 18 March 2011 – Summary

Thanks to Tadek for contributing to this weekly security news bulletin Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “The media (and general community) responses on the nuke meltdown highlight human inability to contextualize risk.” – Rich Mogull “Getting a lot of enquiries lately to help orgs …