WSJ’s Wireless Savings Calculator – WSJ.com
August 10th, 2013
very nice tool for comparing plans from different wireless providers
Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog
August 10th, 2013
Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb
Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog
August 10th, 2013
Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb
Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure
August 10th, 2013
Recent security hole in wifi authentication -- fix requires a roll-out of PKI (i.e. certificate-based auth ) for all devices . (Great ?! )
Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure
August 10th, 2013
Recent security hole in wifi authentication -- fix requires a roll-out of PKI (i.e. certificate-based auth ) for all devices . (Great ?! )
CRIME (security exploit) – Wikipedia, the free encyclopedia
July 14th, 2013
from http://tech.slashdot.org/story/13/07/09/1455200/ It works like this. You visit a site that has malicious JavaScript which sends a HTTPS request to some site (like your bank). This request will include whatever known plain-text that the JavaScript wants to send, *plus* any cookies you have stored for the target site, possibly including authentication cookies. If the plain text happens to match part of that authentication cookie, then the compressed headers will be smaller than if they if they don't match. If the attacker can monitor this encrypted traffic and see the sizes of the packets, then they can systematically select the known plaintext to slowly learn the value of the authentication cookie. This can be done today in about half an hour. And the attack setup is feasible - consider a public WiFi access point that requires you to keep a frame open in order to use their WiFi. This gives them both the MITM and JavaScript access needed to perfo...
CRIME (security exploit) – Wikipedia, the free encyclopedia
July 14th, 2013
from http://tech.slashdot.org/story/13/07/09/1455200/ It works like this. You visit a site that has malicious JavaScript which sends a HTTPS request to some site (like your bank). This request will include whatever known plain-text that the JavaScript wants to send, *plus* any cookies you have stored for the target site, possibly including authentication cookies. If the plain text happens to match part of that authentication cookie, then the compressed headers will be smaller than if they if they don't match. If the attacker can monitor this encrypted traffic and see the sizes of the packets, then they can systematically select the known plaintext to slowly learn the value of the authentication cookie. This can be done today in about half an hour. And the attack setup is feasible - consider a public WiFi access point that requires you to keep a frame open in order to use their WiFi. This gives them both the MITM and JavaScript access needed to perfo...
The Legitimate Vulnerability Market – Inside the Secretive World of 0-day Exploit Sales [.pdf]
July 14th, 2013
Old (2007 ) paper by Charlie Miller about trading of 0-day exploits
The Legitimate Vulnerability Market – Inside the Secretive World of 0-day Exploit Sales [.pdf]
July 14th, 2013
Old (2007 ) paper by Charlie Miller about trading of 0-day exploits
Software Quality – Be Careful What You Measure – Beyond Bandwidth
June 9th, 2013
Notes from level3 communications about what to measure (and what not) in software development
