Usb To Rca Cable - Best Buy

And the winner is ...

Like every month, the Microsoft approach to publishing, the "sécurosphère" is boiling. What will it take to patch this month? A total of 8 bulletins, 6 critical. list here . We will say that this is a menu "usual" (Although some habits should be lost ...:)).

But this month ... Chef's surprise: a 0-day flaw in IE7. And as is the 0-day, the patches released today, including the MS08-073, do not correct the fault. And to accompany that of the PoC (Proof of Concept) were released into the wild.

What does this little beast? It operates mismanagement XML malicieu to inject code into memory.

The SANS Institute tells us more in advising us an alternative browser and Secunia advises us not to click links "Trusted".

And if you test Firefox ? :)

Other sources:
eEye Digital Security - Research - link
Blog - ZDNet - link
McAfee Avert Labs Blog - link


Update of 11/12: A peeling the attack was carried out by CERT-LEXSI. Their blog .

Ellectro Gay Men Group

Security by obfuscation. An analyzer

Always on a mission away from my country, I still resides at the hotel. And the evenings are long and cold this season ... This pretty hotel has WiFi ... Unsecured, but one that requires a login / password to browse the Web. Let's take a closer close ...

Already I was told at the beginning of the stay mdp connection changes daily. And it gives me a paper with written on it: Client / Edf45sEr. Here is the login / password. Brute-force? No it means bof bof. Looking shorter.

So Let's login to the WiFi. Trying to connect to my friend Google ... A nice login screen appears:

And in the url, a bunch of parameters:
https: / / 192.168.2.1/cgi-bin/hotspotlogin.cgi? Res = & notyet uamip = 192.168.2.1 & uamport = 3990 & challenge = 3c1d263bd4ac9a9dcaaf25e62d416650 userURL & = & Nasidi etap = & mac = 00-AA-DE-8B-78-A4

It shows the MAC address, port and other info. Good and what is hidden in the site root?
Aahhh damn, I can not connect to localhost ... :) Well it not replace the IP address ... ;)


And duh, what I get ... Administration Console users. With the couple login / password for the account "customer."


And if you looked at the list of other users ... Ah ben y 'admin account ... Bravo calf! :)


So login and pwd for connection can be found as soon as one is connected to a WiFi network. Not glop: (lol

Conclusion:
obfuscation Security through these limitations and is very very limited as security strategy ... You still hide your keys under the flowerpot of the entry you? And ben ... there is such

By scratching a little more, we see that it is an apache that runs the service ... it would have been wise to separate the authentication client to the administration and restrict access with a setting like "Allow from localhost . Hoping a screen to be connected ...:)

How Do You Unblock Runescape At School?

frame with super-powers!

In an infrastructure it is often necessary to use a probe to analyze the traffic flowing on the network. In general it is a good server with big disks and a tcpdump, Wireshark a or another. A shot ntop over there and talk about it more.
But here is a new beast. His name? NetWitness Investigator Software v8.6.4.9 . Some data? While the program:

• Capture Ethernet or Wireless
• 25 instances in simultaneous 1 GB each
  
• analysis possible until level 7 of the OSI model
• IPv6 Support Import / Export format pcap
• Decrypting SSL certificate
• Summaries and interactive whiteboards
• Hash PCAP files for export
• Tutorials on YouTube:)
  
• ... That

a little silly. Well there are some drawbacks still, would not it be funny if:

• free version on Windows (Linux version)
  
• It takes a pretty tough setup (Dual-core 2GHz, 2GHz RAM)
• IE 6.x or 7.x

I'll let you make your own mind about Soft ... :)

Links:
Source :: Hack
NetWitness: site
NetWitness Investigator Software: download
Tutorials: YouTube
A blog about it: TaoSecurity

Katherine Beich Candies

Baby, One More Time ... !

hop And after 067, I ask for 068! I'm bad language, he was bound to happen, but not so early in the season!

I speak of course of a new Microsoft exploit the MS08-068. From what I read, I would say that the vulnerability is less critical than his little sister. Nevertheless exploit code is already available.

To learn more, I recommend the excellent article by HD Moore of Metasploit's blog explaining why and how this fault and what are the "criteria" Success or relief (it depends on your point of view).

Bon ben as usual, Patch soon as you can ... :)

Links: Article
HD Moore - here
SecurityFocus - here
Microsoft Blog - here

Unseen Boobs Of Yogita Bali

Détendons us before the weekend!

Go, a little word game geek to end the week (thanks Jerome ).

  What did "C: / darthvader Said to C: / darthvader / LUKESKYWALKER? 
 
 I'm your folder!  
 

Anyway better than tar gz ... If

with that I do not spend a good we ... :) Good

Piano Notes Reading In Bed

The battle rages!

see our previous posts, I was aware of the blog Orange safety but in doing basic research that I stumbled upon the blog of security NeufBox - SFR.

In view of archives, the SFR is younger than 3 months. Orange did he also have control over the security ... ?

Go, choose your color: red or orange ... (Aahh not brand lol). And happy reading:)

link: Blog NeufBox , Blog Orange

First Check Home Drug Test Faint Pink Line

The rootkit that is much fear.

Rustock.C. The name tells you nothing can be and yet it would be better! lol. At the security conference Hack.lu , Boldewin Frank gave a presentation on this rootkit son who gives a lot of headaches for analysts. For the protection of this malware in our program:

• Anti-debugging
• of ofuscation code
• engines polymorphic and metamorphic (Morpheus, is that you?: Op)
• and garbage collection .

All for this little rootkit does not deliver all its secrets. My god that's scary. I will not sleep a wink the night!

Sources: SecuObs.com
Presentation Frank Boldewin: reconstructer.org (PDF)