pen testing and uncategorized Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

Patch Tuesday: 7 bulletins, 18 flaws, all critical: Its an all-critical Patch Tuesday.Microsoft has just released seven advisories -- all rated critical -- with patches for at least 18 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser.Five of the 18 vulnerabilities affect Windows Vista.The batch of updates includes...; Tags: apple, botnets, browsers, data theft, exploit code, hackers, metasploit, microsoft, open source, patch watch, pen testing, responsible disclosure, spam and phishing, spyware and adware, uncategorized, viruses and worms, vulnerability research, windows vista, zero-day attacks; Blog posts 2007-05-08
Botnet herders pounce on Windows DNS RPC flaw: Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets.The latest twist in the ongoing attacks comes less than a week after Microsofts pre-patch advisory provided clues for hackers to write and release detailed exploit code.Anti-virus researchers have...; Tags: zero-day attacks, vulnerability research, viruses and worms, uncategorized, symantec, spyware and adware, spam and phishing, rootkits, responsible disclosure, pen testing, patch watch, microsoft, metasploit, hackers, exploit code, data theft, browsers, botnets; Blog posts 2007-04-17
Oracle Patch Day: 37 flaws fixed: Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products.The April 2007 CPU addresses a wide range of vulnerabilities affecting the following product lines:* Oracle Database (14 flaws, including one with a CVSS base score of...; Tags: vulnerability research, pen testing, uncategorized, responsible disclosure, patch watch, oracle, metasploit, hackers, exploit code, data theft; Blog posts 2007-04-17
How to turn off RPC management of DNS on a large scale: In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if youre in charge of a large-scale Windows...; Tags: zero-day attacks, uncategorized, responsible disclosure, pen testing, patch watch, microsoft, metasploit, hackers, exploit code, data theft, browsers; Blog posts 2007-04-13
Microsoft: Beware of .HLP files: Microsoft is urging Windows users to be very careful when opening ".hlp" attachments.The warning follows the release of exploit code for possible new zero-day bug in the Microsoft Help subsystem, which is used to display files with the ".hlp" extension. The proof-of-concept code, posted at Milw0rm.com, provides instructions on how...; Tags: zero-day attacks, viruses and worms, spam and phishing, rootkits, pen testing, patch watch, microsoft, hackers, exploit code, data theft, vulnerability research, uncategorized, spyware and adware, responsible disclosure, browsers; Blog posts 2007-04-11

Microsoft knew of Windows .ANI flaw since December 2006: A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.According to Alexander Sotirov, chief reverse engineer at Determina, his research team discovered and reported the flaw to...; Tags: zero-day attacks, windows vista, vulnerability research, uncategorized, spyware and adware, spam and phishing, rootkits, responsible disclosure, pen testing, patch watch, mozilla, microsoft, hackers, firefox, exploit code, data theft, browsers, botnets; Blog posts 2007-03-30
Black Hat RFID hacking demo threatened: Another Black Hat conference, another vulnerability disclosure debate.IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal stumbling block after secure card maker HID Corp. raised objections in a letter that claims possible patent infringement.InfoWorld's Paul Roberts is reporting that HID sent...; Tags: wi-fi security, pen testing, black hat, exploit code, responsible disclosure, punditocracy, cisco, vulnerability research, oracle, hackers, zero-day attacks, uncategorized; Blog posts 2007-02-27
Symantec: Vista's UAC prompts can't always be trusted: Microsofts implementation of the UAC user account control mechanism in Windows Vista continues to take a beating from security researchers. Less than a week after Polish hacker Joanna Rutkowska raised an alert for design -- and implementation -- bugs in the default no-admin component, a member of Symantecs Advanced...; Tags: black hat, data theft, exploit code, hackers, microsoft, pen testing, punditocracy, responsible disclosure, uncategorized, vulnerability research, windows vista; Blog posts 2007-02-20
Sun rushes out patch for Solaris Telnet exploit: Sun Microsystems has rushed out patches to fix a code execution hole in the Solaris 10/11 telnet daemon (in.telnetd). The companys fix comes just days after a hacker known as "Kingcope" went public with details of the vulnerability, which allows a remote attacker to bypass the Sun Solaris telnet...; Tags: exploit code, hackers, patch watch, pen testing, responsible disclosure, uncategorized, viruses and worms, vulnerability research; Blog posts 2007-02-13

Additional Resources

Nokia Email service drastically improves the email experience on S60 devices: The Nokia S60 Nseries and Eseries devices are incredible mobile devices, but the email client is very basic and has a rather plain look and feel to it aka BlackBerry look. The default Messaging client does a poor job with hyperlinks, doesn't display my messages forwarded from other services, and...; Tags: device, nokia corp., mobile, client, service, nokia email service, e-mail, online communications, matthew miller; Blog posts 2008-08-07
Oracle: Gimme an L. Gimme an I. Gimme an N-U-X: Enterprise software giant Oracle is at LinuxWorld this week, positioning itself as head cheerleader for widespread adoption in the Enterprise. In addition to a keynote speech that discussed Oracle's position around Linux, as well as details of its own deployment, there were two announcements issued today. The...; Tags: data center, oracle corp., linux, data centers, unix, operating systems, open source, software, storage, hardware, data management, sam diaz; Blog posts 2008-08-06
Useful: Cradlepoint PHS300 Personal Hotspot: The Cradlepoint PHS300 (US$179) creates a personal hotspot with a mobile broadband card like the many EV-DO data cards from carriers like Verizon. I recently got a chance to test a PHS300 on a trip to Bonnaroo in Manchester, TN. Several of us were traveling to the...; Tags: card, hotspot, mobile broadband, cradlepoint phs300, wireless, jason d. o\'grady; Blog posts 2008-08-06
(Photos: More planes from the Oshkosh air show): (Photos: More planes from the Oshkosh air show)Osprey[i]The Osprey can take off and land vertically--then fly at 240 knots in airplane mode. Plus, it can carry loads of up to 10,000 pounds. [/i]...and kill pilots.RE: (Photos: More planes from the Oshkosh air show)How cool is the F22-A Raptor? An...; Tags: aerospace & defense, osprey, oshkosh air show, oshkosh, photograph; Discussion threads 2008-08-06
Glaucoma-monitoring contact lenses engineered at UC Davis: There's nothing I love more than a great tech development from the lab. Researchers at UC Davis have engineered a new material that could make "smart" contact lenses that measure pressure within the eye and dispense medication accordingly possible. Crafted into lenses with a...; Tags: eye, healthcare, andrew nusca; Blog posts 2008-08-06
IBM's clever idea is Linux on a stick: IBM's clever idea is Linux on a stickGood Lord. Paleeze get a Laptop already! ;)Or, did you get one and not tell us????.............RE: IBM's clever idea is Linux on a stickWhen IBM have everything under control....linux will be next.RE: IBM's clever idea is Linux on a stickHuh? That's only been...; Tags: unix, operating systems, open source, linux, ibm corp., clever idea; Discussion threads 2008-08-06
Cheap and cheerful Vista-capable PC for $260 plus change: Cheap and cheerful Vista-capable PC for $260 plus changeA sempron could run aeroI got a AMD Sempron for my neice with only 512mb RAM. Windows Vista32 Ultimate, it could run aero. I use a ATI 9600 vid card. I had to get rid of XP, hurts my...; Tags: microsoft windows vista (longhorn), refurbished pc, microsoft windows vista, vista capable pc, cheerful vista capable pc, vista capable, pc; Discussion threads 2008-08-06
NETGEAR RangeMax Dual Band Wireless-N Router WNDR3300 - wireless router: The Netgear RangeMax Dual Band Wireless-N Router WNDR3300 features a rather misleading name. The router doesn't support true dual-band wireless-N, nor does it offer very good range. It's a basic router with two separate access points AP, one of which supports Wireless-N and can operate in either 2.4GHz or...; Tags: routers & switches, network technology, networking, home networking, wireless, wireless router, router, wndr3300, netgear, netgear rangemax, netgear rangemax dual band wireless-n router wndr3300; Product reviews 2008-08-05
Indictments in huge hacking & theft case: Indictments in huge hacking & theft caseNo sympathy on my partThere's something terribly ironic that hackers "concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States." I thought information was suppose to be free...I'm not interested in hearing about good hackers and...; Tags: security, wi-fi, retail, hacker, hacking, huge hacking, wireless, manifesto, theft case; Discussion threads 2008-08-05
Copying pasting blogging = trouble: Copying pasting blogging = troubleAgreeI agree... Too many people talking about the same thing.RE: Copying pasting blogging = troubleIt drives me nuts. The amounts of comments pinged back to my blog are purely regurgitated, as if it's been automatically picked. It's just...; Tags: blog, blogging, cut-and-paste; Discussion threads 2008-08-05
Microsoft sending mixed messages about Windows futures with 'Fiji'?: Microsoft sending mixed messages about Windows futures with 'Fiji'?This isn't even strictly a Beta Tester issueMicrosoft realised that MCE systems just weren't flying out the door and then correctly perceived that it makes more sense to bundle it with Vista so that OEMs can either make a "home entertainment center"...; Tags: microsoft windows vista (longhorn), microsoft windows, fiji, microsoft windows vista, microsoft corp., beta tester, windows future, mce; Discussion threads 2008-08-05