Posts Tagged ‘apple’

Info Sec News, Dec 4, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 4, 2008

In a series of twists, Apple has pulled out its quietly released Anti-virus technote, stating that it was old. Noted exploit hunter Charlie Miller said that it was much to do about nothing (take note that this is the same guy that won the $10k who hacked the MacBook Air in under two minutes). On the same day that story went out, a new Apple malware was announced in SecurityPark.com. I’ll take the same line as Apple spokesman Bill Evans in saying, “Since no system can be 100% immune from every threat, running anti-virus software may offer additional protection”.

CSO Online Interviewed Gary Hinson a few weeks ago on the future of ISO 27000

‘Dumbing down’ the security profession

Bot-wielding hackers crash eBay holiday giveaway

SonicWALL licensing snafu short-circuits protection

Online payment site hijacked by notorious crime gang

Pentagon hacker tries one more time to avoid extradition

Botnet master sees himself as next Bill Gates

U.S. report sees major terror attack by 2013, ignores cyberattack risk

Lenovo arms ThinkPads with Intel’s built-in security

High tech attacks need high tech response

Computer systems are supposedly attacked a few minutes after going online. Here’s just another story about it: IBM in New Zealand did an experiment which resulted in an unprotected system that was rendered useless in around two hours.

Posted in ISMS, News, vulnerability | Tagged: 27001, Antivirus, apple, blog, charlie miller, dumbing down, experiment, gary hinson, ibm, mumbai, new zealand, security profession, software vulnerability, unprotected | Leave a Comment »

Info Sec News, Dec 2, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 2, 2008

A rootkit was found in an Enterprise Information Security software, reports Heise Security and The Register.

Another vulnerability was found in the popular VLC media player. So if you can, update.

The Chicago Tribune reports that a new round of cyber attacks has the Pentagon worried. They normally get a whole number of attacks per day, however, the magnitude and way the new attacks are being done are apparently designed to specifically attack military networks. Heise also covers the same topic here and here.

The Linux on iPhone project has released the first results of its project.

Anti-virus seems to be ineffective versus new malware that makes zombies out of PCs. Stuart Staniford talks about it in his blog.

WordPress update fixes XSS vulnerability.

Google denies security hole in GMail.

Microsoft adds malware detection to its Webmaster tools. Speaking of Microsoft, a new windows worm builds a massive botnet worth around half a million computers and growing.

For the first time, Apple quietly recommended Anti Virus software in a technote. About.com has Mac Anti-Virus recommendations. iAntivirus and ClamXav are free.

Posted in News, vulnerability | Tagged: Antivirus, apple, bot, botnet, Gmail, iphone, malware, Microsoft, tools, vlc, webmaster, worm | Leave a Comment »

Hack in The Box Conference 2008 Materials

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 1, 2008

Amitpal Dhillon – Addressing Identity Management.pdf 3.7M

Dino Dai Zovi – Mac OS Xploitation.pdf 623K

Ero Carrera – Analysis and Visualization of Common Packers.pdf 3.7M

Hernan Ochoa – Pass-The-Hash Toolkit for Windows.pdf 535K

Jim Geovedi – Hacking a Bird in the Sky 2.0.pdf 3.1M

Julian Ho – Moocherhunter.pdf 124K

Peter Silberman – Full Process Reconstitution from Memory.pdf 144K

Alexander Tereshkin – Bluepilling the Xen Hypervisor.pdf 8.3M

Alexander Tereshkin – Bluepilling the Xen Hypervisor Demo (Large File) 142M

Eric Lawrence – IE 8 – Engineering a Trustworthy Browser.pdf 13M

Jonathan Squire – A Fox in the Hen House.pdf 3.5M

Paul Craig – Hacking Internet Kiosks.pdf 1.2M

Roberto Preatoni – Time for a Free Hardware Foundation.pdf 11M

Saumil Shah – Browser Exploits – A New Model for Browser Security.pdf 2.1M

The Grugq – How the Leopard Hides His Spots.pdf 01-Nov-2008 12:39 128K

Mel Mudin and Lee – Advanced Network Forensics Lab Demo (Large File) 29M

Charlie Miller – iPwning the iPhone.pdf 9.8M

Charl van Der Walt – Pushing the Camel Through the Eye of a Needle.pdf 23M

Ilfak Guilfanov – Decompilers and Beyond.pdf 418K

Kris Kaspersky – Remote Code Execution Through Intel CPU Bugs.pdf 1.3M

Petko D Petkov – Client Side Security.pdf 1.0M

AR Samhuri – Next Generation Reverse Shell.pdf 7.7M

Adrian Pastor – Cracking into Embedded Devices and Beyond.pdf 889K

Mary Yeoh – Security Penetration Testing at RTL Level.pdf 4.4M

Matthew Geiger – How to Build Your Own Password Cracker and Disassembler.pdf 471K

Shreeraj Shah – Top 10 Web 2.0 Attacks.pdf 1.1M

Advanced Wireless Lab (Very Large File) 1.2G

Ching Tim Meng – Detecting and Removing Malware without Antivirus Software.pdf 321K

KEYNOTE 1 – Jeremiah Grossman – The Art of Click-Jacking.pdf 2.5M

KEYNOTE 2 – Marcus Ranum – Cyberwar is Bullshit.pdf 54K

KEYNOTE 3 + 4 – The Pirate Bay Dissolving a Billion Dollar Industry as a Hobby.zip 38M

Posted in conferences, News, Whitepapers | Tagged: 2008, apple, click-jacking, clickjacking, conference, Forensics, hackin the box, hacking, internet kiosks, iphone, leopard, Mac, OS X, satellite | Leave a Comment »

Launching of DefCon Philippines

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 24, 2008

Soft Launching of Defcon Philippines (DC3662) will be on Dec 20, 2008 with a half day event (1-6PM) at Handuraw, 460 Gorordo Avenue, Cebu City.

For more info, check out www.defconph.org.
There’s also great info in their blog section. They will be sponsored by opononline and Empress of Drac.

A couple of Blogs about this event:

Beyond the norms

cebubloggers

Third Wave

Since I posted something about Social Networks and the Philippines probably around a week back, you might want to check out the Pinoy Post Blog by Melvin Calimag over at ZDNetAsia who recently wrote an informative article about the same topic.

Since the author seems to be one of the few writers on IT in the Philippines, I googled him and came upon this interesting article written around the start of this year.