Great Links
IIS 6.0 WebDav Exploit, Adobe 8-9.1 JavaScript Exploits, Cisco Works TFTPD Directory Traversal
Microsoft IIS 6.0 with Webdav is vulnerable to an authentication bypass vulnerability. The exploit has already been made public:
http://www.milw0rm.com/exploits/8704
Proof of concept taken from above URL:
GET /prot%c0%afected/protected.zip HTTP/1.1
Translate: f
Connection: close
Host: servername
Adobe version 8-9.1 have been smacked with more JavaScript command execution bugs. A lot of vendors are starting to recommend disabling JavaScript, something I suggested back [...]
TCP/IP Security Assessment, FreeBSD Telnet 0-Day, RainbowCrack 1.3, Nokia N95 DoS, Bounty for Worm Author
TCP/IP Security Assessment
The United Kingdom’s Centre for the Protection of National Infrastructure has just released the document “Security Assessment of the Transmission Control Protocol (TCP)”.
I find the document title a little ambiguous, as a security assessment generally refers to active research where from my brief overview, is in fact more of a whitepaper giving an [...]
Hacker News: Backtrack 4 Beta, Web Services Testing, Monster Hacked and More
Backtrack 4 BETA released
The guys at Backtrack have released Backtrack 4 BETA. Cool changes include Kernel 2.6.28.1 with better hardware support, Pico e12, e16 support, better wireless injection support, RFID support and a bunch of new tools.
Fasttrack security tool gets spotlight
David Kennedy’s Fasttrack tool got high reviews after Shmoocon. It provides CLI and a cool [...]
Sex, Photos, Scandals…
Well hopefully got your attention here! But the old adage that sex sells and sensationalism grabs punters is always relevant. And these are the little tricks that are used to get people click, download, install malware. In general, people have wised up about download and installing software through malicious hyperlinks in email and websites.
But users [...]
Viva las vegas
Anyone who is anyone is in Las Vegas right now. No, not for the world series of the poker but for the black hat security conference. It runs from August 2nd to 7th and looks like a who’s who of security bods are in attendance. But it’s really the sister conference that probably take note, [...]
