Security News

WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5

Bug Traq - 3 August, 2016 - 08:12

Posted by Maria Lemos on Aug 03


Arbitrary File Content Disclosure in Atutor

Bug Traq - 3 August, 2016 - 04:01

Posted by High-Tech Bridge Security Research on Aug 03

Advisory ID: HTB23297
Product: Atutor
Vendor: Atutor
Vulnerable Version(s): 2.2.1 and probably prior
Tested Version: 2.2.1
Advisory Publication: February 24, 2016 [without technical details]
Vendor Notification: February 24, 2016
Vendor Patch: July 1, 2016
Public Disclosure: August 2, 2016
Vulnerability Type: Path Traversal [CWE-22]
Risk Level: Medium
CVSSv3 Base Score: 5.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N]
Solution Status:...

Bugtraq: Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

Security Focus Vulnerabilities - 3 August, 2016 - 04:00
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

Re: The Correct Amount

Daily Dave - 2 August, 2016 - 17:03

Posted by Kristian Erik Hermansen on Aug 02

Do you feel the same way about FaceBook PHP? Or general PHP v7? It sounds
like everyone has cancer, smokes, and is pregnant...

Find your wireless opponents. :)

Daily Dave - 2 August, 2016 - 15:56

Posted by dave aitel on Aug 02

New SILICA Video is here! https://vimeo.com/177231337

It's worth upgrading if you bought yours to Vegas and you want to locate
whoever is messing with the wireless. :)

-dave

The Correct Amount

Daily Dave - 2 August, 2016 - 10:58

Posted by dave aitel on Aug 02

Last week I did the technical review of one of our deliverables. Super
secure website, run by smart people. They'd limited their exposure to
one PHP file. But a good security services company provides strategic
advice, along with individual tactical recommendations. In this case,
the consultant found two critical vulnerabilities in just that one
lonely PHP file. Our strategic recommendation is always this: Use as
much PHP on your website as...

Re: Clique - a stillborn project

Daily Dave - 1 August, 2016 - 09:19

Posted by Dan Guido on Aug 01

Sorry to revive a dead thread, but I think this general idea of a
re-encrypting mailing list has been implemented:

https://bitbucket.org/awruef/listcrypt/src

Enjoy!

-Dan

Re: Dailydave Digest, Vol 56, Issue 10

Daily Dave - 31 July, 2016 - 13:05

Posted by Dave Aitel on Jul 31

In my head I equate using computer and network operations (CNO) inside an
organization to enable information operations (IO) to getting exploitation
primitives and enabling a "Weird Machine
<http://www.slideshare.net/scovetta/fundamentals-of-exploitationrevisited>".
IO has a long history, but it's a completely different thing once CNE gets
involved. You get a feedback loop. It's like having a debugger, versus
blindly...

Re: "Clickbait policy-making"

Daily Dave - 31 July, 2016 - 12:57

Posted by Konrads Smelkovs on Jul 31

[..]

That's because cyber is much more about infowar than death and
destruction as with NBC. And Daily Mail is an amplifier and outlet of
propaganda regardless of whoever served it, so studying in and citing
as as an example of infowar pen-ultimate stage (the ultimate being
change in someone's mindset) is legitimate.

Re: hacking ideology

Daily Dave - 31 July, 2016 - 12:47

Posted by J.M. Porup on Jul 31

Isn't "hacking ideology" precisely the sort of speech the First
Amendment was designed to protect?

jmp

Re: "Clickbait policy-making"

Daily Dave - 29 July, 2016 - 14:43

Posted by Mara Tam on Jul 29

Dave’s not wrong about this. Cyber policy suffers horribly from the fact that it is disproportionately informed by
popular press (i.e. clickbait).

The American Academy of Arts and Sciences recently published a collection titled ‘Governance of Dual-Use Technologies :
Theory and Practice’.[1] This collection covers nuclear technologies, biological technologies, and IT / ‘cyber
weapons'. If you read all three sections, it becomes...

Re: Dailydave Digest, Vol 56, Issue 10

Daily Dave - 29 July, 2016 - 12:45

Posted by Paul Erling on Jul 29

I could agree that the damage cyberwar does is mostly to ideology, but then what is the difference between cyberwar and
propaganda or even marketing? Isn't it just the fact that you have retrieved some difficult to obtain evidence? Does
that make the propaganda/marketing more believable and so effective?

- Paul

-----Original Message-----
From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc...

Re: "Nitro Zeus" whatever whatever.

Daily Dave - 29 July, 2016 - 09:28

Posted by Ejovi Nuwere on Jul 29

This article in the New Yorker seems to align well with your explanation of cyberwar as a systemic disruption of
ideology.

http://www.newyorker.com/news/news-desk/the-real-paranoia-inducing-purpose-of-russian-hacks

Sent from my iPhone

SAINTCON Security Conference

Daily Dave - 29 July, 2016 - 08:26

Posted by Troy Jessup on Jul 29

SAINTCON 2016

SAINTCON is the Intermountain-West premiere Cybersecurity conference held in Provo, Utah. This conference is
dedicated to all things security and focuses on security discussions and trainings. If you live or work in the west,
this is your security con!

https://www.saintcon.org

"Nitro Zeus" whatever whatever.

Daily Dave - 28 July, 2016 - 17:37

Posted by dave aitel on Jul 28

<nitrozeus>

https://www.youtube.com/watch?v=GiV6am2lNTQ. You'll notice in this
Usenix talk from 2012 I inadvertently blow Nitro Zeus, which came out in
that ZeroDays movie recently. I honestly don't write my talks all by
myself, but you'll notice "we" call out Wikileaks as being a cyber
weapon as opposed to everyone else's seeming fascination with
HackingTeam or whatever the boogieman of the day is.

People...

"Clickbait policy-making"

Daily Dave - 28 July, 2016 - 17:02

Posted by dave aitel on Jul 28

https://na-production.s3.amazonaws.com/documents/Bugs-in-the-System-Final.pdf

Look, I'm sure these (Andi Wilson, Ross Schulman, Kevin Bankston, Trey
Herr) are all good people:<image about authors went here>

But I want to point out that you cannot make good policy recommendations
based on clickbait news articles you've happened to have read over the
years on a subject that is under a ton of covert protection, especially
when none...
Syndicate content