Security News #0x1E: Competition Season heats up
- The CSAW CTF 2012 has been announced. Qualifiers run from Friday 9/28 through Saturday 9/30.
- Registration is open for the National Cyber League.
- NSA is looking to hire Computer Science Interns.
- Kevin Townsend talks about responsible disclosure in the light of Javageddon. Plus he has great taste in WordPress themes.
- AntiSec claims to have obtained 12 million Apple device IDs (UIUDs) from a compromised FBI laptop. The FBI states that they did not have the data to lose; this is apparently supported by a statement from Apple.
- Christopher Truncer posted a a nice description of how to modify meterpreter so as to avoid detection by anti-virus solutions.
- It may be possible to bruteforce PHPSESSIDs.
- Apparently the UPEK Protector Suitse, software used with various windows fingerprint readers stores the user’s passwords encrypted (not hashed) in the registry possibly exposing them to folks with physical access to the system.
- Speaking of pulling passwords from a system, apparently it is now possible on a Mac to dump all of the passwords (not hashes) for all of the users on the system, provided you have administrator rights.
- A video of Hitler learning about security in the cloud. I will stop laughing soon. Someday. "You outsourced all our data to a Cloud Computing provider that hosts in Leningrad!"