MediaDefender DDoS’s Revision3

So Revision3 seems to be using BitTorrent to distribute legitimate / legal content that they either own or properly license.  They found some folks using their Torrents without permission and blocked them . . . then they came under attack from a fairly large DDoS that took them off the Internet for a few days…

0

Adobe (non)0-day

Nice blog from Adobe laying some authoritative smack down: http://blogs.adobe.com/psirt/2008/05/more_information_on_recent_fla.html Yeah I know this is old news – I’m on the road . . . I was pretty sure the day that this released that this was Dowd’s vulnerability . . . my Bluehat blog gives advice on how to ASLR enable Flash which should…

0

Dear China, I can haz power now plz? okthxbai

Interesting read: http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php Some interesting parts: A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be…

0

SensePost blog on arbitrary file downloads in a Juniper AX

Fascinating blog over @ SensePost about a Juniper AX control that allowed arbitrary file downloads to a predictable location ala Apple/Safari: http://www.sensepost.com/blog/2237.html Haroon makes some excellent points about the inability of standard fuzzers to find design flaws such as the one they identified in the AX and how good ole human intuition is still a…

0

Safari "carpet bombing" Fail Open Goat Award

So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you’re using Safari on Windows.  Apple doesn’t see this as a security vulnerability and thus isn’t too interested in fixing it (which boggles my mind…

3

F-Response

So I admit I’m a bit out of date on the ‘incident response’ scene since I don’t really do it for a living anymore.  Well fortunately Harlan Carvey isn’t and he has a blog post up with a mini-review of some bad-ass new software that could be *really* interesting for people who do forensics /…

0

Live.com video search!

Whoa – check this out: http://search.live.com/video/results.aspx?q=ferrari&form=QBVR Use Live.com to search videos . . . hover the mouse over a video and see what happens.  Wow.  I’m so easily amused. 🙂

0

All your SSH keys are belong to HD Moore

Today’s Fail Open Goat Award goes to the Debian / Ubuntu distros (a friend assures me that Ubuntu is derived from Debian and as such is also vulnerable?).HD Moore has decided to completely rape the Debian predictable RNG bug by generating all of the possible 1024bit DSA and 2048bit RSA keys (currently) that an affected user…

3

Microsoft Research – World Wide Telescope

This is the official unveiling of the app that made Scoble cry . . . now available to anyone on the Internets. http://www.worldwidetelescope.org/ So what is it?  MSR has essentially used something like Photosynth (I’m guessing) to stitch together images of space from all over so that you can basically navigate the universe in 3D…

0

Gmail – Fail Open Goat Award

Gmail is this month’s winner of the Fail Open Goat Award: http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html

0