InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘iphone’

Info Sec News, Dec 2, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 2, 2008

A rootkit was found in an Enterprise Information Security software, reports Heise Security and The Register.

Another vulnerability was found in the popular VLC media player. So if you can, update.

The Chicago Tribune reports that a new round of cyber attacks has the Pentagon worried. They normally get a whole number of attacks per day, however, the magnitude and way the new attacks are being done are apparently designed to specifically attack military networks. Heise also covers the same topic here and here.

The Linux on iPhone project has released the first results of its project.

Anti-virus seems to be ineffective versus new malware that makes zombies out of PCs. Stuart Staniford talks about it in his blog.

WordPress update fixes XSS vulnerability.

Google denies security hole in GMail.

Microsoft adds malware detection to its Webmaster tools. Speaking of Microsoft, a new windows worm builds a massive botnet worth around half a million computers and growing.

For the first time, Apple quietly recommended Anti Virus software in a technote. About.com has Mac Anti-Virus recommendations. iAntivirus and ClamXav are free.

Advertisements

Posted in News, vulnerability | Tagged: , , , , , , , , , , , | Leave a Comment »

Hack in The Box Conference 2008 Materials

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 1, 2008


Amitpal Dhillon – Addressing Identity Management.pdf
3.7M


Dino Dai Zovi – Mac OS Xploitation.pdf
623K


Ero Carrera – Analysis and Visualization of Common Packers.pdf
3.7M

Hernan Ochoa – Pass-The-Hash Toolkit for Windows.pdf 535K


Jim Geovedi – Hacking a Bird in the Sky 2.0.pdf
3.1M


Julian Ho – Moocherhunter.pdf
124K


Peter Silberman – Full Process Reconstitution from Memory.pdf
144K


Alexander Tereshkin – Bluepilling the Xen Hypervisor.pdf
8.3M


Alexander Tereshkin – Bluepilling the Xen Hypervisor Demo (Large File)
142M


Eric Lawrence – IE 8 – Engineering a Trustworthy Browser.pdf
13M


Jonathan Squire – A Fox in the Hen House.pdf
3.5M


Paul Craig – Hacking Internet Kiosks.pdf
1.2M


Roberto Preatoni – Time for a Free Hardware Foundation.pdf
11M


Saumil Shah – Browser Exploits – A New Model for Browser Security.pdf
2.1M


The Grugq – How the Leopard Hides His Spots.pdf
01-Nov-2008 12:39 128K


Mel Mudin and Lee – Advanced Network Forensics Lab Demo (Large File)
29M


Charlie Miller – iPwning the iPhone.pdf
9.8M


Charl van Der Walt – Pushing the Camel Through the Eye of a Needle.pdf
23M


Ilfak Guilfanov – Decompilers and Beyond.pdf
418K


Kris Kaspersky – Remote Code Execution Through Intel CPU Bugs.pdf
1.3M


Petko D Petkov – Client Side Security.pdf
1.0M


AR Samhuri – Next Generation Reverse Shell.pdf
7.7M


Adrian Pastor – Cracking into Embedded Devices and Beyond.pdf
889K


Mary Yeoh – Security Penetration Testing at RTL Level.pdf
4.4M


Matthew Geiger – How to Build Your Own Password Cracker and Disassembler.pdf
471K


Shreeraj Shah – Top 10 Web 2.0 Attacks.pdf
1.1M


Advanced Wireless Lab (Very Large File)
1.2G


Ching Tim Meng – Detecting and Removing Malware without Antivirus Software.pdf
321K


KEYNOTE 1 – Jeremiah Grossman – The Art of Click-Jacking.pdf
2.5M


KEYNOTE 2 – Marcus Ranum – Cyberwar is Bullshit.pdf
54K


KEYNOTE 3 + 4 – The Pirate Bay Dissolving a Billion Dollar Industry as a Hobby.zip
38M

Posted in conferences, News, Whitepapers | Tagged: , , , , , , , , , , , , , | Leave a Comment »

Launching of DefCon Philippines

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 24, 2008

Soft Launching of Defcon Philippines (DC3662) will be on Dec 20, 2008 with a half day event (1-6PM) at Handuraw, 460 Gorordo Avenue, Cebu City.

For more info, check out www.defconph.org.
There’s also great info in their blog section. They will be sponsored by opononline and Empress of Drac.

A couple of Blogs about this event:

  • Beyond the norms
  • cebubloggers
  • Third Wave

  • Since I posted something about Social Networks and the Philippines probably around a week back, you might want to check out the Pinoy Post Blog by Melvin Calimag over at ZDNetAsia who recently wrote an informative article about the same topic.

    Since the author seems to be one of the few writers on IT in the Philippines, I googled him and came upon this interesting article written around the start of this year.


    Other Info Sec News
  • Security update for xt:commerce Shop system
  • Obama’s cell phone records breached
  • Verizon staff break into Obama’s cell phone account
  • US Military’s ban of USB thumb drives highlights security risks
  • Buffer overflow in Vista’s TCP/IP stack
  • Microsoft to offer free security solution, discontinue OneCare. This is also related to,
    Microsoft hopes free security means less malware
  • Key Logger Spyware ordered off the market
  • Brief study shows difficulty in detecting malware
  • Apple plugs a dozen iPhone security holes
  • Computer virus brings London hospital networks to a standstill

  • New Links:

    MASE Consulting – Policies and Procedures
    Software Assurance Forum for Excellence in Code

    Posted in News, Philippines, Social Networking | Tagged: , , , , , , , , , , , , , , | Leave a Comment »

    Wireless Hacking part 2

    Posted by Jaime Raphael Licauco, CISSP, GSEC on November 7, 2008

    Yesterday, I had a post on Using Nmap to detect Rouge Wireless Access Points. With that post were various links to tools on hacking wireless networks that are freely available on the net. This is of course to help inform the public on the perils of wireless network computing. However, I also posted a link on the advantages on wireless and how to secure it. As is often the case, one must seek a balance or prioritize among that OTHER security triad of COST vs SECURITY vs CONVENIENCE.

    For the history buffs, there is a A Brief History of Wireless Security from SecurityUncorked.com. CSOonline, back in May 2008, also published a very informative article on Wireless Security: The Basics.

    News from SC Magazine US, SecurityFocus.com and Heise Security just came out that WPA can now be cracked in around 15 minutes.

    The SecurityFocus.com news item above talks about Recovering a WEP key in less than a minute using the aircrack-ptw tool that is used with the aircrack-ng toolsuite.

    I remember a few months ago Risky Business podcasts interviewed the maker of Metasploit framework, HD Moore, regarding his evil Eee PC. It’s about the new KARMA+Metasploit 3 framework which is a set of tools that listens to all client probe requests and can then become a fake wireless AP for any requested network. The scary thing here is that you can possibly get owned as long as your wireless is enabled and its automatically looking for a wireless access point, without the user even knowing it. The older Karma framework is available here.

    If the Risky Business podcast didn’t get you a wee bit paranoid, an interview by Network World on, Wireless security foiled by new exploits, just might do the trick. They interviewed Joshua Wright who writes the security blog WillHackforSushi.com and is also the author of the six-day SANS Institute course, Assessing and Securing Wireless Networks.

    I wonder what tools were used for the “Wall of Sheep” at the Defcon conferences, which was also at the BlackHat, this year. In case you’ve never heard of the “Wall of Sheep”, its a wall with a projection of Usernames and part of the passwords for the users foolish enough to not have enough security on their wireless connections. MySpace and Gmail accounts have also shown up (in spite of Gmail using the default https, but just for log-on) through the use of replay attacks. Apple iPhones and Window’s mobile phones have also shown up.

    Since you’ll want to save some of the information from the KARMA+Metaploit 3 framework, I’m guessing newer mini-notebooks like the Acer Aspire One which retails for around $350, and Lenovo Ideapad S10 which retails for around $400, would both be great for this.

    Since its related, there’s an On Demand Webcast sponsored by Nokia on, Corporate Mobility Policy and Device Management. In case your organization is PCI compliant or is looking forward (or dreading) compliance in the future, Network World will be having a webcast next month on PCI Wireless Compliance Demystified.

    Posted in ISMS, News, Philippines, vulnerability, Wireless | Tagged: , , , , , , , , , , , , , , , , , | 1 Comment »