Security News #0x1F: Learning Opportunities….
- Here is a nice site filled with examples of exploitable programs. It looks to be a great learning resource!
- Here is a web site with a nice lesson on how to perform SQL injection and move from there to a shell.
- What is a CTF exercise like? If only some folks took the time to write up their experiences.
- The Register has an interesting discussion of how Stuxnet may have gotten into the wild, suggesting that there may be some flaws in the most commonly held account.
- Last week we discussed the leak of Apple UIUDs. Despite the hacker’s claim that the data came from the FBI, it appears that the data came from a web application developer. If you want to see how a classy professional responds to this, you should read how David Schuetz responded.
- Grey Hat Hacker has a nice discussion on some new ways to bypass ASLR on Windows 7 system.
- Last week, GoDaddy was hit by a major outage. Despite some claims to the contrary, it does not appear to have been the result of an attack. You may also be interested in a technical discussion of some of the architectural decisions that contributed to the problem. As for what happened to GoMommy at the National CCDC last year? Well, Red Team may have been involved.