Feed on Posts or Comments | Font Size: Decrease Font Size Increase Font Size 23 December 2024

Filed under: Exploits, Security News
posted by D1m on 02 Dec 2006

Remote Root Exploit For Linux Kernel 2.6.x. At Auction!

It pays to get 0day remote root exploits for vulnerabilities! Digital Armaments Inc. – an IT security company based in the US – launched a hacking challenge on the 1st of November on the topic of “Remote Kernel Exploitation” . The challenge will end on the 31st of December and prizes will be given to the authors of the official advisory reporting the identified vulnerabilities which must result to remote code execution. The winning advisory will be then sold in an auction.

Although the official rules of the challenge forbid the disclosure of any vulnerability related information before the end of the challenge, according to the organizers, news information about important vulnerabilities that worth the early attention of the IT community should be made known before public disclosure of the related exploits. Read More » » »


Filed under: Research Papers
posted by D1m on 29 Nov 2006

Which RDBMS is more secure? Microsoft vs. Oracle

This research paper by David Litchfield from Next Generation Security Software (NGSSoftware), examines the differences between the security posture of Microsoft’s SQL Server and Oracle’s RDBMS based upon security vulnerabilities reported by external security researchers and since fixed by the vendor in question.

You can download it from:

http://www.databasesecurity.com/dbsec/comparison.pdf


Filed under: Presentations, Research Papers
posted by D1m on 29 Nov 2006

Exploiting and Defending Against Search Engine Attacks

Search engines such as Google and Yahoo are crucial to regular use of the Internet. They are also indispensable tools for hackers who can perform information gathering without ever visiting the victim site. In this presentation Security Compass founder Nish Bhalla walks through examples of how search engines could be used to aid hackers. The presentation is structured as follows:

  • Web Application Review Methodology

Threat Analysis

Architecture Review

Application Review

  • Search Engine Basics
  • Google Hacking

…and can be downloaded from:

http://www.securitycompass.com/resources/SecurityCompass-Search Attacks.pdf

or

http://www.ddosed.com/uploads/presentations/SecurityCompass-Search Attacks.pdf


Filed under: Presentations, Research Papers
posted by D1m on 29 Nov 2006

Hunting Down a DDoS Attack

Lars Axeland from TeliaSonera – the largest  telecommunications company in Sweden and Finland - made an interesting presentation on how internet service providers (ISPs) can prevent distributed denial of service (DDoS) attacks  and thus protect their network and their customers. He also briefly introduces TeliaSonera’s DDoS protection service.

The presentation can be downloaded from:

http://www.iis.se/Internetdagarna/2006/21-dos-attacker/LarsAxeland.pdf

or

http://www.ddosed.com/uploads/presentations/LarsAxeland.pdf


« Previous Page