[Plug-security] Security News

Lisa Kachold lisakachold at obnosis.com
Wed Oct 17 12:22:05 MST 2012 

November's Hackfest will include a custom server provided by Scott Beccera
with ample flags. Scott provided a server last year that was very fun to
exploit so we look forward to great things.  Obviously, when 20 people
attack a virtualbox server, there's a distributed Denial of Service and we
all get timeouts, so we have an actual server to setup to provide a better
example.  Scott will be presenting and providing support in November as
well.  Scott Beccera is a seasoned security professional currently employed
in the online educational arena.

[1986][Timeless] The Hacker Manifestohttp://tinyurl.com/cweynt6
<http://t.co/evfAi3Md>


Deep Web Tor
http://1.bp.blogspot.com/-D-pIOpMpQoA/T8cESu6x3VI/AAAAAAAAGaY/CgLZb6xcIr0/s1600/2.jpg

A good number of vulnerabilities have been announced:

Java [Jeeze!] 30 vulns
http://krebsonsecurity.com/2012/10/critical-java-patch-plugs-30-security-holes/?utm_medium=twitter&utm_source=dlvr.it

Oracle [Oh My!]:
http://www.darkreading.com/vulnerability-management/167901026/security/news/240009195/3-must-fix-vulnerabilities-top-oracle-cpu-patches.html

Oracle Boat Fail
http://www.nbcbayarea.com/news/local/Capsized-Oracle-Boat-Brought-Ashore-174596811.html

*Adobe* <https://twitter.com/Adobe> upgrades Reader & Acrobat
*security*<https://twitter.com/search?q=%23security&src=hash> by
extending *sandbox* <https://twitter.com/search?q=%23sandbox&src=hash>
functionality
& forcing DLLs to load using ASLR:http://ow.ly/eywlc  <http://t.co/jC8IieGT>

Information disclosure
*zeroday*<https://twitter.com/search?q=%23zeroday&src=hash> found
in *Novell* <https://twitter.com/Novell> ZENworks Asset Management Software
7.5, exploit posted to *Metasploit* <https://twitter.com/metasploit>:
http://ow.ly/eyz2d  <http://t.co/s6ryIaVB>

MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) SQL Injection
http://dlvr.it/2L1mvd  <http://t.co/dAHFQzPd>

RedHat kernel socket buffers TSO sfc driver DoS
http://packetstormsecurity.org/files/117416

RedHat OpenStack Swift:  http://packetstormsecurity.org/files/117413

RedHat Keystone OpenStack:  http://packetstormsecurity.org/files/117414

RedHat OpenStack Horizon:  http://packetstormsecurity.org/files/117415

Setup a disposable "test framework" to check your sec:  Setting up
Backtrack over the Cloud: http://j.mp/S3MEPC  <http://t.co/n9Oc8FfZ>

Other:

Security researcher discovers pacemaker vulnerability that has the
"potential to commit mass murder". http://bit.ly/TuWDdR <http://t.co/MKgmUiUc>

Facebook partners with Panda Security http://www.
net-security.org/secworld.php?id=13787 … <http://t.co/blSZIjBL> free
6-month version of Panda Internet Security 2013

Browser Protocol Security: http://t.co/409GSllT

Using A Mobile Phone To Get Information About A
Targethttp://bit.ly/QrTMBO <http://t.co/6N7MZ9l6>

Android Pixie Sniff Traffic in Promiscous Mode https://t.co/7In3uX4z

Android 4 DNS Poisoning
https://c0rrupt.net/forum/android/410-android-4-0-4-dns-poisoning.html

*mubix <https://twitter.com/mubix>  *{blog} Mounting SMB shares over
Meterpreter http://j.mp/RD98nW  <http://t.co/pmjLfwBN>

Check out the presentations and cheat sheets available from October
https://it-clowns.com/c/index.php

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-security/attachments/20121017/ae61ec5a/attachment.html>

More information about the Plug-security mailing list