Home > Uncategorized > Security News #0x2F- Happy New Year!

Security News #0x2F- Happy New Year!

  • Yep- another 0-day was released attacking Internet Explorer, versions 6, 7, and 8. Sinn3r has a nice description of the problem on the Metasploit blog. The vulnerability is CVE 2012-4792, and there is an official Microsoft Advisory. As you might expect, there is a Metasploit module, though it only is configured for IE 8, and for Windows 7, Vista, XP (SP 3), or 2003. A demo? Eric Romang has got it.
  • Want a quick guide to BASH scripting? Ask N1tr0g3n.
  • Last week, when I was putting together the stuff that ends up here in Security News, I saw a couple of announcements about a large data breach that was claimed to have occurred at Verizon. I ended up not including the links- it looked routine, and I could not get the (claimed) raw data. Boy did I luck out, as later analysis suggests that this may have been a stunt. The lead article is by ZDnet, but the debunking comes courtesy of DataLossDB and Space Rouge.
  • Jason Donenfeld recently found some vulnerabilities that affect the WordPress W3 Total Cache plugin. See Full Disclosure for the details.
  • Raphael Mudge (author of Armitage) makes his recommendations on how to develop offensive skills as a computer science student.
  • Randomness plays an important part in security, especially (but not exclusively) in cryptography. However, most people do not have a good sense of what it means for a data stream to be random. The best of us have, of course, read Volume 2 of Donald Knuth’s Art of Computer Programming. If you are a bit less mathematically inclined though, you should take a look at the blog post of Empirical Zeal who gives one of the best, non-technical description of what randomness means through examples from V2 attack sites in 1944 to shark attack data of the coast of South Africa. Most cool. If you are a student, stop and go read that piece. Seriously. I’ll wait.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: