Security News #0x5F
- Raphael Mudge has added a new feature to Cobalt Strike where if a target browser is authenticated to a remote web site, the attacker can also pivot through that browser and make authenticated connections to that remote site.
- Did you know that you can use NTP as a DoS reflection multiplier? The fine folks at Team Cymru have some suggestions on securing NTP.
- Fifteen years ago this week, rain.forest.puppy provided the first public example of an SQL injection attack. Go back and read the original paper.
- Microsoft has a nice piece on the different techniques it uses to protect software applications.
- Alan Turing has been granted a Royal pardon by the Queen. Despite being a genius (read his Wikipedia page!) and a leader in the development of computers and cryptanalysis, he was prosecuted by his government in the 1950’s simply for being gay. As I read about the pardon, I felt it gives the impression that the government has forgiven Turing; in fact the government should be asking Turing for forgiveness, not the other way around.