Ubuntu Pentest Edition

netinfinity release Ubuntu Pentest Edition …
“Ubuntu pentest edition is primarily designed as a complete system (everyday usage – office, internet etc..) and can be used in pentesting purposes, which is a big advantage because you do not need to have a dual boot or use a virtual machine to run the system for pentest.”
Try it … link.

Sinergija 09

I will have a technical speak at Sinergija 09 about BitLocker & BitLocker to Go in Windows 7.
Title of presentation is Fighting stealers with BitLocker.

Security Researcher Acknowledgments for Microsoft Online Services

… for July and August.
Thanks to Microsoft Security Response Center.

Security Researcher Acknowledgment

… for June 2009.

http://technet.microsoft.com/en-us/security/cc308589.aspx

NetFlow Analyzer 7 Cross-Site Scripting Vulnerabilities

I’ve discovered some XSS vulnerabilities in NetFlow Analyzer 7.

Link to Secunia SA.

Security Researcher Acknowledgments for Microsoft Online Services

I got Acknowledgment for Security Researcher fourth time this year … Great me! :)

Security Researcher Acknowledgments for Microsoft Online Services

Third time in a row …
http://technet.microsoft.com/en-us/security/cc308589.aspx

PSCS VPOP3 Email Server Cross-Site Scripting Vulnerabilities

I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.

Secunia confirmed and published this vulnerability.

Pwn2Own 2009

This years Pwn2Own uncover 4 new never seen before critical vulnerabilities affecting the IE8, Safari and FireFox.
More about this contest you can read at DVLabs Blog.

Analysis of Conficker

Guys from the SRI International were made really good analysis on the currently most active Virus/Worm, Conficker, also known as Downup, Downadup and Kido.

Analysis can be found at http://mtc.sri.com/Conficker/.