News » News Feed

The following section combines some of the best News feeds related to field of information security.

Blogs » Blogs Feed

Blogs are important as they represent an independant view of the information security landscape. The following section combines some of the best Blog feeds related to field of information security.

Research » Research Feed

This is the research section. It currently lists feeds from organizations and individuals who are actively performing information security research.

  • The Latest Adobe Exploit and Session Upgrading

    On March 12th and 13th, a researcher named "villy" posted a couple of blogs relating to an exploit for CVE-2010-0188. On the 15th, I ported that exploit (python) over to Metasploit (ruby), which you can find here , in the module browser . Doing so is often rather straight forward, and in…

    » temp link

  • vsftpd HTTP lunacy!

    Ok, so I was bored and I added very very basic HTTP support to vsftpd. vsftpd is now perhaps the only FTP server to have an option ftp_enable=NO . Basically none of the HTTP protocol is implemented, but it might suffice for someone who is super-paranoid and needs to serve some static files over the…

    » temp link

  • MOBOTS: WeatherFist Exposed

    Posted by Daniel Tijerina Last week, San Francisco was kind enough to play host to the annual RSA Security Conference. As you may remember from Jason Avery's last post, several TippingPointers were on-hand for the festivities. My colleague Derek Brown and I were fortunate to be granted an…

    » temp link

  • Locate and Exploit the Energizer Trojan

    The newsophere was abuzz this morning with the discovery that Energizer's "DUO" USB Battery Charger included a malicious backdoor in the accompanying software. This backdoor was only discovered after the product was discontinued, leading some to believe that it went through its entire…

    » temp link

  • Help keypress vulnerability in VBScript enabling Remote Code Execution

    The MSRC Engineering team has been investigating reports of a vulnerability involving the use of VBScript and Windows Help files. What is the impact and affected platforms? Our investigation has determined that Windows 7, Windows Server 2008, and Windows Vista are not impacted. Only Windows…

    » temp link

  • Assured Exploitation Training

    This year, Alex Sotirov and I will be teaching our first Assured Exploitation training class at CanSecWest. This training class is focused on various topics in advanced exploitation of memory corruption vulnerabilities. This includes a thorough understanding of exploitation mitigations (where…

    » temp link

  • Using code coverage to improve fuzzing results

    Hi all, Im Lars Opstad, an engineering manager in the MSEC Science group supporting the SDL within Microsoft. I wanted to share with you some of the ways that we are improving our internal security practices, specifically in the area of file fuzzing. Many fuzzers take a good file (template) as a…

    » temp link

  • Hacking Linksys IP Cameras (pt 6)

    This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here. As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the…

    » temp link

  • RSA Conference 2010 Talks

    Posted by Jason Avery Hey all! Jason here giving this year's RSA participates a heads up on talks to not miss. This year, TippingPoint is presenting five talks and panels, with three sessions by members of the DVLabs team. If you're going to be at the show, be sure not to miss these talks. …

    » temp link

  • dnsmap v0.30 is now out!

    After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the…

    » temp link

Advisories » Advisories Feed

This section contains a list of recent advisories automatically collected from various sources.

Yahoo! Pipes - Error

No Results

Exploits » Exploits Feed

This section contains aggregated feeds of recent exploits published by some of the best resources online.

Yahoo! Pipes - Error

No Results

Podcasts » Podcasts Feed

This section contains aggregated feeds of recent security podcasts.

  • Sophos Security Week - March 15, 2010

    Sophos Senior Security Advisor Chester Wisniewski and Head of Global Sales Engineering Michael Argast discuss the biggest security stories for the week of March 15, 2010.

    » temp link

  • Windows 7 - Security updates and features, part 2

    In this second half of a two-part podcast, Sophos experts Chester Wisniewski and Michael Argast continue their conversation on the updates and changes made to Windows 7 security.

    » temp link

  • Windows 7 - Security updates and features

    Sophos experts Chester Wisniewski and Michael Argast of Sophos Canada discuss the latest security updates and features of Windows 7.

    » temp link

  • Security threat report: 2010

    Carole Theriault interviews Chester Wisniewski, senior security advisor at Sophos Canada, about the latest findings in the 2010 Sophos security threat report, discussing the latest trends in malware as well as exploring topical issues such as security on Windows 7 and Apple Mac threats.

    » temp link

  • Operation Aurora: The attack on Google

    Chester Wisniewski of Sophos Canada and James Lyne from the Office of the CTO discuss Operation Aurora: The attack on Google, what it means to businesses, and what we should be doing to better protect our networks.

    » temp link

  • Facebook, identity theft and the plastic duck

    Sean Richmond of Sophos Australia talks to Paul Ducklin, head of technology for APAC, about the results of Sophos's latest Facebook experiment, revealing that users are still failing to take adequate security steps on the popular social network.

    » temp link

  • Kanye West, SEO and scareware

    Senior technology consultant Graham Cluley explains how hackers have been taking advantage of the hoax news stories about the death of Kanye West, using search optimisation techniques to infect computer users with scareware.

    » temp link

  • A lesson in cloud computing and software as a service

    Paul Ducklin, head of technology for Sophos APAC, defines cloud computing and SaaS, explaining the associated security risks and gives his opinion on whether cloud and SaaS mean the end of desktop security software.

    » temp link

  • Windows 7 in the security spotlight

    Sophos senior technologist James Lyne discusses Windows 7 from the security point of view, looking at the Action Centre, enhancements in the Windows firewall, Direct Access and the controversy surrounding XP mode.

    » temp link

  • Virtualization and encryption: the security facts

    More organizations are looking to virtualize their servers, but few are considering the associated security concerns. James Lyne, senior technologist at Sophos, explains why encrypting virtualized servers will avoid costly leaks.

    » temp link

Culture » Culture Feed

This section contains a list of cultural hacker blogs.

  • Jerry Rice on Success

    There is a nice story about Jerry Rice, american football player, running in the Sunday, February 9, 2010 print edition of the San Francisco Chronicles. The story is about the secrets of success. [...]

    » temp link

  • Time Blocking

    This is an interesting video which discusses why you should avoid distractions while working in order to stay as much productive as possible. ---gnucitizen information security gigs part of the cutting-edge network:No active items found!GNUCITIZEN NETWORK ---recent posts from the gnucitizen…

    » temp link

  • Leadership Lessons from Dancing Guy

    What lessons can we learn from the crazy dancing guy? ---gnucitizen information security gigs part of the cutting-edge network:No active items found!GNUCITIZEN NETWORK ---recent posts from the gnucitizen cutting-edge network:Jerry Rice on SuccessTime Blocking0.5 is up for grabsWebsecurify 0.5RC1 Is…

    » temp link

  • Augmented-reality Maps

    Well, augmented-reality is pretty much one of the hot topics these days. Here is a video of Blaise Aguera y Arcas demoing the new feature that come in MS Bing Maps. [...]

    » temp link

  • Ed Catmull on Keep Your Crises Small

    I stumbled upon the following video by browsing twitter. I find it interesting and quite enlightening. Pixar is truly remarkable company and there is a lot one can learn from them.---gnucitizen information security gigs part of the cutting-edge network:No active items found!GNUCITIZEN NETWORK…

    » temp link

  • Was Huxley right?

    I stumbled upon the following cartoon on twitter. I have read 1984 but not Brave New World. Will be visiting the local library soon. Some interesting stuff!---gnucitizen information security gigs part of the cutting-edge network:No active items found!GNUCITIZEN NETWORK ---recent posts…

    » temp link

  • Working Hard is Overrated?

    I often hear about success stories where the direct cause for the success is someones hard work and persistence. Although in my mind persistence is important, it seems that hard work is seriously overrated according to the founders of Flickr and a bunch of neuroscientists, as reported here and…

    » temp link

  • How Derren Brown Predicted the Lottery Numbers

    Last Wednesday (09/09/2009) Derren Brown predicted, or at least he made us to believe that he did, five numbers from the lottery draw aired on BBC. For those of you who have no clue what I am talking about, here is a video footage from the show. How did he do it? I was eager to find out but since he…

    » temp link

  • Simple and Obvious

    When we see something that is simple and obvious we automatically assume that we can reach the same idea because after all it is simple and obvious. However, simple and obvious concepts are hard to come up with. Do not ignore the simple and the obvious. [...]

    » temp link

  • Micro Communities

    I think that we are at the verge of another online change. We are going from hyper global communities, to ultra local and even micro communities. Global communities are places such as Facebook, Twitter, MySpace and all other social networks which sole purpose is to get as many users on board as…

    » temp link