Home > Uncategorized > Security News #0x5D

Security News #0x5D

Exploits
  • Back in September, we mentioned a post of Tom Van Goethem where he was able to exploit older versions of WordPress by abusing the unserialize() function. Now that some time has elapsed and systems have been patched, he is back with more details on how to make the attack work, including PoC code.
For Students
  • MalWerewolf has a nice piece on proper techniques for input sanitization, focusing on a PHP web application. Remember students- "All input is EVIL".
  • The topology for the Illinois CCDC event has been released.
Industry News
  • Google reports an issue, where ANSSI, a cyber security organization in the French government, has been spoofing certificates for various Google domains.
  • Brian Krebs has a nice analysis where he estimates the number of zero days that are currently for sale in the open market. You should also take a look at the take of Kelly Jackson Higgins over at Dark Reading. Definitely worth reading!
  • Threatpost reports on a move by the developers of FreeBSD to no longer user certain hardware random number generators on Intel and Via chips because of a fear of NSA implanted back doors.
  • Ars Technica reports on how an online poker player left his laptop in his hotel room, only to discover later that it had been infected with a remote access trojan while he was out of the room. Full disk encryption friends!
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: