Security News #0x11: Take Hold of the Flame
- Earlier this week, the big news was, of course, Flamer. The folks at SecureList have a nice set of questions and answers. I also found the discussion at Information Week valuable.
- Even bigger news later in the week though, was the article by the New York Times discussing the American and Israeli development of Stuxnet.
- The Washington Post had a nice article this week about careers in cybersecurity.
- I know that a number of my students are currently working on the DC3 Cyber Crime Challenge. Those of you who are may be interested in the Forensics Wiki. Johnathan Fragale from last year’s DC3 team found the page quite helpful.
- Cal Poly Pomona is holding tryouts for spots on their cyber-defense team. I wonder why they are asking if potential team members have Juniper experience?
- A beta (1.0) version of mimikatz has been released.
- There is an SQL injection vulnerability in Ruby on Rails 3.0 (CVE 2012-2661); Pentester Lab has a nice write-up.
- Are you still learning how Metasploit works? Having trouble? Take a look at a blog post by Chirstian Kirsch that provides a Metasploit troubleshooting howto.
- It looks like iSight is hosting a CTF event later this month.
- Speaking of contests, there is a forensics contest centered around PaulDotCom.
And if you need some good music…