http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-09-08 11:08:11 - usefulfor.com security : The Centre for the Protection of National Infrastructure CPNI has published today the Technical Note on developing secure web applications that I have been working on for the last few months Among the topics covered are Introduction to web application security General aspects of web application security Access handling Injection flaws Thick-client security Preparing the http://www.secuobs.com/revue/news/327681.shtmlhttp://www.secuobs.com/revue/news/327681.shtml Secuobs.com : 2011-02-17 20:46:05 - usefulfor.com security - Following the series of articles on how to get the Dradis Framework running in different operating system, this time is the turn of BackTrack 4 R2 A couple of weeks ago we discussed how to get Dradis running in Ubuntu 1010 this time we are going to install Dradis 261 in the latest release of http://www.secuobs.com/revue/news/286021.shtmlhttp://www.secuobs.com/revue/news/286021.shtml Secuobs.com : 2011-02-01 19:07:57 - usefulfor.com security - This is a step-by-step guide on how to get Dradis v26 up and running in a fresh install of the latest Ubuntu 1010 - Maverick Meerkat Lets create a folder in our home etd host cd etd host mkdir dradis etd host cd dradis First download the tarbz2 from the downloads page http dradisframeworkorg downloadhtml And uncompress etd host dradis tar -xvvjf http://www.secuobs.com/revue/news/282178.shtmlhttp://www.secuobs.com/revue/news/282178.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - The administrative web interfaces for many wireless access points APs provide users with Neighbourhood Wireless Scan functionality This functionality scans for all accessible APs and displays the details of any APs which are identified However, examination of these administrative interfaces revealed that a large number of them do not properly sanitise the parameters that are http://www.secuobs.com/revue/news/244521.shtmlhttp://www.secuobs.com/revue/news/244521.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - hack-fu by Matt Hillman Last week I attended DEFCON 16 in Las Vegas I went last year as well, so I knew to expect the huge throngs of people, the strange mix of young, old, and crazy-haired and all the usual antics that happens when you gather around 7 thousand hackers in one place There's a lot http://www.secuobs.com/revue/news/244520.shtmlhttp://www.secuobs.com/revue/news/244520.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - Recently I had to go through the ruleset of a Lucent firewall, and the truth is that the export format of the rules is everything but easy to read The information is split into three files rules file Contains the rules, each one takes about 72 lines rules have many properties, each property is written in a http://www.secuobs.com/revue/news/244519.shtmlhttp://www.secuobs.com/revue/news/244519.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - DeepSec 2008 took place in Vienna in November For a period of two days attendees enjoyed a good set of talks, a good atmosphere and had the chance to talk to different people from different security backgrounds I was invited to present my 'Behind Enemy lines' research, which mainly focused on different attack techniques that are http://www.secuobs.com/revue/news/244518.shtmlhttp://www.secuobs.com/revue/news/244518.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - It has been a long time since the last formal release of dradis remember the dradis v12 one-click installer But that does not mean we have been doing nothing in the mean time We have been working as hard as one can work over 487 commits since then check the stats , we went to http://www.secuobs.com/revue/news/244517.shtmlhttp://www.secuobs.com/revue/news/244517.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - x509 certificate generation Generate the certificate using OpenSSL - openssl genrsa 1024 fookey openssl req -new -x509 -nodes -sha1 -days 7300 -key fookey foocrt openssl pkcs12 -export -out foop12 -in foocrt -inkey fookey -name your name You will need the p12 file contains key and certificate to configure Burp And the crt file to add it http://www.secuobs.com/revue/news/244516.shtmlhttp://www.secuobs.com/revue/news/244516.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - This year's DEFCON was quite amazing, apparently 10k people showed up in the Riviera for it This is a late write up because everybody knows already about the fake ATM and the RFID reader near the Wall of Sheep, on the other hand, not everybody knows about other things that also took place By the http://www.secuobs.com/revue/news/244515.shtmlhttp://www.secuobs.com/revue/news/244515.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - From JBoss' Community Wiki EncryptingDataSourcePasswords page The orgjbossresourcesecuritySecureIdentityLoginModule from jboss-jcajar can be used to encrypt database passwords rather than using clear text passwords in the DataSource configuration Which in principle, is a great thing The problem being that usually database credentials end up being placed in the web application configuration file in clear text However It http://www.secuobs.com/revue/news/244514.shtmlhttp://www.secuobs.com/revue/news/244514.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - When assessing the security posture of a Java thick application we can usually process the code through a decompiler such as Jad and have a proper look at the code It may be the case that we need to bypass the SSL checks but that is usually it However, every now and then, we stumble upon http://www.secuobs.com/revue/news/244513.shtmlhttp://www.secuobs.com/revue/news/244513.shtml Secuobs.com : 2010-07-28 08:31:48 - usefulfor.com security - Just got this on my inbox Compensation From The Government The Chairman DEBT MANAGEMENT OFFICE Committee On Government Compensation, Wuse Zone II, FCT, ABUJA Our Ref FGN SNT STB Dear Beneficiary, Re Government Compensation on Scams Victims, Lotto, Unpaid Unclaimed Contract Donation The Federal Government of Nigeria through the President DrGoodluck Jonathan GCFR CON, has mandated the Debt management office in colaboration with Nigeria Financial Intelligence http://www.secuobs.com/revue/news/244512.shtmlhttp://www.secuobs.com/revue/news/244512.shtml