netinfinity release Ubuntu Pentest Edition …
“Ubuntu pentest edition is primarily designed as a complete system (everyday usage – office, internet etc..) and can be used in pentesting purposes, which is a big advantage because you do not need to have a dual boot or use a virtual machine to run the system for pentest.”
Try it [...]
Archives for the ‘Security’ Category
Ubuntu Pentest Edition
Friday, 15 January 2010
Sinergija 09
Sunday, 11 October 2009
I will have a technical speak at Sinergija 09 about BitLocker & BitLocker to Go in Windows 7.
Title of presentation is Fighting stealers with BitLocker.
Security Researcher Acknowledgments for Microsoft Online Services
Tuesday, 1 September 2009
… for July and August.
Thanks to Microsoft Security Response Center.
Security Researcher Acknowledgment
Thursday, 16 July 2009
… for June 2009.
http://technet.microsoft.com/en-us/security/cc308589.aspx
NetFlow Analyzer 7 Cross-Site Scripting Vulnerabilities
Thursday, 16 July 2009
I’ve discovered some XSS vulnerabilities in NetFlow Analyzer 7.
Link to Secunia SA.
PSCS VPOP3 Email Server Cross-Site Scripting Vulnerabilities
Wednesday, 25 March 2009
I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.
Secunia confirmed and published this vulnerability.
Pwn2Own 2009
Sunday, 22 March 2009
This years Pwn2Own uncover 4 new never seen before critical vulnerabilities affecting the IE8, Safari and FireFox.
More about this contest you can read at DVLabs Blog.
Analysis of Conficker
Tuesday, 10 March 2009
Guys from the SRI International were made really good analysis on the currently most active Virus/Worm, Conficker, also known as Downup, Downadup and Kido.
Analysis can be found at http://mtc.sri.com/Conficker/.
ESET Remote Administrator Script Insertion Vulnerability
Thursday, 5 February 2009
Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.
Secunia confirmed [...]
PSCS VPOP3 Email Server Script Insertion Vulnerability
Monday, 2 February 2009
I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.
Secunia confirmed vulnerability.
