Archive for March, 2010

Practical Approaches for Securing Web Applications Across the Software Delivery Lifecycle

Posted in IT Security on March 25, 2010 by cobra

Most organizations understand the importance of securing web applications to protect critical data. However, what many don’t understand is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle.
In this SecurityCurve white paper, discover:

The high cost of implementing security testing at the end of the cycle
A practical approach for building security into the cycle
Business benefits of integrated testing

Access this white paper to learn more

Advertisements

Exploit code with DNS tunnel

Posted in IT Security on March 22, 2010 by cobra

Hacker Ron Bowes has released various payloads that connect a shell’s standard input and output with a suitable online counterpart through DNS. This allows attackers to bypass many firewalls and even attack systems that have no internet connection themselves.
For a DNS tunnel, the host computer only needs to be able to resolve external host names such as http://www.h-online.com. It can then handle its network traffic via sent DNS queries and responses. This concept was already demonstrated by Julien Oster and Florian Heinz via the Name Server Transfer protocol (NSTX), which tunnels entire IP connections via DNS.

Ron Bowes has combined this with a command line shell for Linux and Windows, packaging the shell code in such a way that it can conveniently be integrated into exploits. He has even created a metasploit payload.

Please access the link below for complete information about this subject.

Weaponizing dnscat with shellcode and Metasploit

Tracking down malware

Posted in IT Security on March 15, 2010 by cobra

Criminals increasingly attempt to camouflage the traces of their malware on the internet to keep control of a hijacked server for as long as possible. However, their paths can be retraced using special tools to identify the vulnerability the malware intends to exploit to enter a system.

Enter the link to read more about various Tools and methods that can be used to Track down these enemies like never before.

πŸ˜€

Hardware attack on RSA implementation

Posted in IT Security on March 6, 2010 by cobra

Researchers at the University of Michigan have succeeded in accessing the private RSA key used by an embedded processor by manipulating the power supply to the processor. The attack targets the calculation of RSA signatures using the FWE (fixed window exponentiation) algorithm, which is used, for example, in the OpenSSL cryptographic library. The attack was carried out on a SPARC-based Leon3 Soc embedded processor, which runs on an FPGA from Xilinx and is, according to the researchers, a representative embedded system.

Click here to read the complete University of Michigan white paper about this subject.

πŸ˜€