Daily Digs – 07.31.2009
Happy (sysadmin) Friday everyone! Yes, if you must ask, I'm still stuck in "not-Las-Vegas-for-DEFCON-ville". But anyway, on to the digs...
First up we have the top 10 threats for 2011. 2011? We're not even to 2010 yet -- but ISF has staked claims already. And the #1 threat for 2011 is... [drumroll] CRIMINAL ATTACKS! I knew, it blew my mind too. I wouldn't have actually posted this, but I'm wondering what good this information even is at this point? Feel free to comment.
[Top 10 Threats for 2011]
Shawn Moyer and Nathan Hamiel pushed out the bits for MonkeyFist yesterday. The tool is a new spin on CSRF, the new spin being of the 'dynamic' fashion. Check out the article over at DarkReading or just hit up the Hexagon Security Group's lab directly.
[MonkeyFist Launches Dynamic CSRF]
[Hexagon Security Group Labs]
The Thundercats are go over at Adobe finally. Flash is now patched, so if you haven't updated recently get on it!
[Adobe Flash Vulnerability Patched]
A slightly creepy video showing Equilibrium Networks UI showing the Slammer worm mixed in with other traffic on a gigabit testbed. I rescind, the video isn't creepy - just the voiceover.
[Slammer Video]
ThreatFire has an article up shedding some light on Clampi. Although not too technically deep it's an interesting short read if you're not in "the-Clampi-know".
[Clamping down on Clampi]
As Kaspersky says, "with great power comes great responsibility". How ironic. Anyway, they've been doing some research on shortened URLs and have posted some great info.
[Twitter Short URL Statistics]
Catchy article headlines always get a quick glance from me and this one was no exception. Although highly likely that the content is driven by product line the point is something I've seen not be an issue, when it should be a big one, over the past few years. The sprawl of today's growing LANs is, seemingly, becoming a big concern.
[Survey Says: IT Managers Concerned About LAN Sprawl]
Big red, big yellow, at the end of the day they both suck in my book. The Office of Inadequate Security is running an article that catches Steve Redman in his own words.
[McAfee Keeps Leaked Details to Itself]
Well, well, it was only a matter of time before research cleared that first step towards attacking AES with some level of reliability. While the practicality isn't there yet, and there are suggestions on the table to mitigate the problem found, AES as it stands shelf life has just lost a few years.
[Practical AES Attacks Get Closer]
And for this Friday we'll close out with a new (to me) packet generator. Like we need a new tool for that you ask? Hyenae has some cool features that may just come in handy over those other tools.
[Hyenae: Platform Independent Network Generator]
If you're at DEFCON consider yourself privileged. That's all we've got for today, so enjoy the weekend!
--windexh8er
Tags
Random Musings
Twitter: windexh8er
- Zoom whitening - more painful than expected but white white teeth!
- Inception in VIP at Showplace Icon FTW to celebrate resignation! Wooo hooo!
- Coke has hybrid electric delivery trucks, interesting. http://twitpic.com/27usw6
- Mog vs Rdio, the battle for my $10/month... (Mog is now on Android)
- Wow... TrueCrypt 7 benchmarks at 1GB/sec encrypt and decrypt on the i7 in the MBP. Too bad FileVault doesn't use AES-NI. :(