http://www.secuobs.com L'observatoire de la securite Internet fr webmaster@secuobs.com ESRT @sambowne - Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security http://www.secuobs.com/twitter/news/253593.shtml http://www.secuobs.com/news/comments117032006-blackberry.html#11072 http://www.secuobs.com/news/comments117032006-blackberry.html#11072 SPIP recently fixed 2 vulnerabilities notified by Tehtri-Security 0day http://www.secuobs.com/revue/news/332123.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#11061 http://www.secuobs.com/news/comments205032007-wordpress.shtml#11061 PuttyHijack session hijack POC http://www.secuobs.com/revue/news/332182.shtml http://www.secuobs.com/news/comments215112008-openssh_cbc_ctr_aes_cpni.shtml#11058 http://www.secuobs.com/news/comments215112008-openssh_cbc_ctr_aes_cpni.shtml#11058 ESRT @thierryzoller - Updated BEAST blog post with Proof of Concept code and the whitepaper http://www.secuobs.com/twitter/news/252228.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#11047 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#11047 ESRT @y0ug @Securelist - New article published: MYBIOS Is BIOS infection a reality http://www.secuobs.com/twitter/news/252229.shtml http://www.secuobs.com/news/comments03092009-bmp_reflash_bios_intel_vpro_q45.shtml#11046 http://www.secuobs.com/news/comments03092009-bmp_reflash_bios_intel_vpro_q45.shtml#11046 ESRT @securityshell - Twitter URL spoofing still exploitable http://www.secuobs.com/twitter/news/251664.shtml http://www.secuobs.com/news/comments217112009-renegociation_tls_twitter_poc_mitm.shtml#11027 http://www.secuobs.com/news/comments217112009-renegociation_tls_twitter_poc_mitm.shtml#11027 ESRT @AVGFree - Google, Microsoft Mozilla all working on SSL changes in response to BEAST attack tool TheRegister http://www.secuobs.com/twitter/news/251744.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#11024 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#11024 ESRT @kaspersky @gkeizer - Apple updates OS X to block Trojan disguised as PDF But new malware appears as Flash installer http://www.secuobs.com/twitter/news/251787.shtml http://www.secuobs.com/news/comments822012009-memory_injection_mac_os_x_blackhat.shtml#11021 http://www.secuobs.com/news/comments822012009-memory_injection_mac_os_x_blackhat.shtml#11021 Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version http://www.secuobs.com/revue/news/331306.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#11016 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#11016 Apple Sandbox Guide v1.0 by fG. http://www.secuobs.com/revue/news/330886.shtml http://www.secuobs.com/news/comments822012009-memory_injection_mac_os_x_blackhat.shtml#10985 http://www.secuobs.com/news/comments822012009-memory_injection_mac_os_x_blackhat.shtml#10985 ESRT @sambowne - Who uses zero days -- WOW huge effect of firewall http://www.secuobs.com/twitter/news/250559.shtml http://www.secuobs.com/news/comments110062005-0days.shtml#10982 http://www.secuobs.com/news/comments110062005-0days.shtml#10982 Man-in-the-Middle Attack Against SSL 3.0 TLS 1.0 http://www.secuobs.com/revue/news/330696.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10971 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10971 Mac trojan poses as PDF to open botnet backdoor http://www.secuobs.com/revue/news/330655.shtml http://www.secuobs.com/news/comments822012009-memory_injection_mac_os_x_blackhat.shtml#10968 http://www.secuobs.com/news/comments822012009-memory_injection_mac_os_x_blackhat.shtml#10968 ESRT @mikkohypponen - EFF HTTPS Everywhere built-in feature to detect rogue certificates - Would've stopped Diginotar http://www.secuobs.com/twitter/news/250238.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10960 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10960 ESRT @CiscoSecurity - Interesting speculation on the BEAST SSL TLS exploit http://www.secuobs.com/twitter/news/250257.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10957 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10957 TLS 1.2 - Look before you Leap , Thu, Sep 22nd http://www.secuobs.com/revue/news/330392.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10956 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10956 Fixes in the Works For SSL Attack, But Support Lacking for Newer Versions of Protocol http://www.secuobs.com/revue/news/330448.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10955 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10955 ESRT @RandomStorm - BackTrack adds RandomStorm WordPress Scanner http://www.secuobs.com/twitter/news/249703.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#10945 http://www.secuobs.com/news/comments205032007-wordpress.shtml#10945 ESRT @eEye - Microsoft fixes SSL kill switch blooper Via @gkeizer @Computerworld http://www.secuobs.com/twitter/news/249238.shtml http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10937 http://www.secuobs.com/news/comments831122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10937 0days found in software used by banks, telcos, military, airports http://www.secuobs.com/revue/news/329996.shtml http://www.secuobs.com/news/comments110062005-0days.shtml#10935 http://www.secuobs.com/news/comments110062005-0days.shtml#10935 XSS bug in Skype iPhone app allows address book theft http://www.secuobs.com/revue/news/329946.shtml http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#10928 http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#10928 ESRT @ekoparty @DennisF - New attack by @julianor and @thaidn breaks the confidentiality model of SSL http://www.secuobs.com/twitter/news/249233.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10926 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10926 ESRT @packet_storm - Stunnel SSL Wrapper 4.44 http://www.secuobs.com/twitter/news/249171.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10921 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10921 ESRT @VUPEN - Sharing our 0-days to protect governments and major corporations months before vendor patches http://www.secuobs.com/twitter/news/248641.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#10914 http://www.secuobs.com/news/comments10062005-0days.shtml#10914 6 SCADA 0-Day Exploits http://www.secuobs.com/revue/news/329502.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#10902 http://www.secuobs.com/news/comments10062005-0days.shtml#10902 Abusing OS X TrustedBSD framework to install r00t backdoors http://www.secuobs.com/revue/news/329570.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10901 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10901 FPGA Mac http://www.secuobs.com/revue/news/329081.shtml http://www.secuobs.com/news/comments08062009-pci-fpga-sstic09.shtml#10881 http://www.secuobs.com/news/comments08062009-pci-fpga-sstic09.shtml#10881 ESRT @ChrisJohnRiley @typo3_security - TYPO3-CORE-SA-2011-002: Potential SQL injection vulnerability in TYPO3 Core http://www.secuobs.com/twitter/news/247839.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#10877 http://www.secuobs.com/news/comments205032007-wordpress.shtml#10877 GlobalSign plans to reopen Tuesday despite web server hack http://www.secuobs.com/revue/news/328333.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10825 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10825 ESRT @phenrycissp - Researcher raps Apple for not blocking stolen SSL certificates http://www.secuobs.com/twitter/news/246424.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10810 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10810 Mozilla Asks All Firefox CAs to Audit Security Systems in Wake of DigiNotar Hack http://www.secuobs.com/revue/news/327833.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10808 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10808 ESRT @adulau @SnorreFagerland - I had a look at the BIOS-flash trojan Mebrom http://www.secuobs.com/twitter/news/246220.shtml http://www.secuobs.com/news/comments03092009-bmp_reflash_bios_intel_vpro_q45.shtml#10802 http://www.secuobs.com/news/comments03092009-bmp_reflash_bios_intel_vpro_q45.shtml#10802 ESRT @packet_storm - Stunnel SSL Wrapper 4.43 http://www.secuobs.com/twitter/news/246206.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10800 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10800 ESRT @packet_storm - OpenSSL Toolkit 1.0.0e http://www.secuobs.com/twitter/news/245889.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10796 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10796 DigiNotar Hacker Says He Has GlobalSign Database Backups, Other Data http://www.secuobs.com/revue/news/327578.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10788 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10788 OpenSSL CRL bypass and ECDH DoS vulnerability http://www.secuobs.com/revue/news/327457.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10783 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10783 Microsoft Stolen SSL certs can't be used to install malware via Windows Update http://www.secuobs.com/revue/news/327308.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10773 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10773 ESRT @Ivanlef0u @virusbtn - Microsoft: how to protect yourself from attacks using the rogue Diginotar-signed CA http://www.secuobs.com/twitter/news/245388.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10766 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10766 ESRT @mikkohypponen - funny co-incidence 3 months ago Iran gov introduced new DNS servers for Iranians via @nima_bagheri http://www.secuobs.com/twitter/news/245184.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10765 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10765 ESRT @mikkohypponen - Visualisation of OCSP requests for the rogue *.google.com certificate - youtube Fox-IT - Diginotar http://www.secuobs.com/twitter/news/245451.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10764 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10764 ESRT @wikileaks @vRRitti - Dutch govt lets Jacob Appelbaum publish list of 531 compromised DigiNotar SSL-certificates http://www.secuobs.com/twitter/news/245025.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10752 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10752 ESRT @packet_storm - Sunway SCADA 6.1 SP3 Buffer Overflow http://www.secuobs.com/twitter/news/244940.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#10748 http://www.secuobs.com/news/comments10062005-0days.shtml#10748 ESRT @postmodern_mod3 @Hex000101 - SNMP Refelector DDOS 0day Exploit http://www.secuobs.com/twitter/news/244752.shtml http://www.secuobs.com/news/comments25042004ciscoios.html#10746 http://www.secuobs.com/news/comments25042004ciscoios.html#10746 ESRT @ivanristic @tqbf - Colin noticed a much better certificate to forge ssl.google-analytics.com http://www.secuobs.com/twitter/news/244236.shtml http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10733 http://www.secuobs.com/news/comments731122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10733 ESRT @JGamblin @InfowarMonitor - 200 SSL certificates including Yahoo, Tor, Mozilla may have been stolen http://www.secuobs.com/twitter/news/243929.shtml http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10712 http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10712 Mac Lion Accepts Any LDAP Password Um, oops http://www.secuobs.com/revue/news/326199.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10693 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10693 Securing Mac OS X Panther 10.3 http://www.secuobs.com/revue/news/325581.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10663 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10663 OS X Lion accused of having huge network security hole http://www.secuobs.com/revue/news/325533.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10662 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10662 ESRT @room362 - IIS Search Verb Directory Listing http://www.secuobs.com/twitter/news/241823.shtml http://www.secuobs.com/news/comments101092009-iis_ftp_nlst_exploit_kingcope_nmap.shtml#10642 http://www.secuobs.com/news/comments101092009-iis_ftp_nlst_exploit_kingcope_nmap.shtml#10642 ESRT @teamcymru - Bro: extract+log SSL certificate details - next best thing to proxy MITM SSL inspection http://www.secuobs.com/twitter/news/241442.shtml http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10636 http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10636 ESRT @mruef @r0bertmart1nez - Hardening guide for IIS 75 on Windows 2008 R2 server core platform http://www.secuobs.com/twitter/news/240621.shtml http://www.secuobs.com/news/comments101092009-iis_ftp_nlst_exploit_kingcope_nmap.shtml#10609 http://www.secuobs.com/news/comments101092009-iis_ftp_nlst_exploit_kingcope_nmap.shtml#10609 ESRT @dragosr - Skype installed, html can inject arbitrary Javascript with complicated injection text sequence: Phone Number http://www.secuobs.com/twitter/news/239756.shtml http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#10575 http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#10575 ESRT @espreto - MySQL Netcat Function, Reverse Back Connect Server http://www.secuobs.com/twitter/news/239332.shtml http://www.secuobs.com/news/comments18122008-sp_replwritetovarbin_injection_sql.shtml#10572 http://www.secuobs.com/news/comments18122008-sp_replwritetovarbin_injection_sql.shtml#10572 ESRT @opexxx @r0bertmart1nez - Pentesting MS SQL Server with SQLat, and Cain http://www.secuobs.com/twitter/news/239558.shtml http://www.secuobs.com/news/comments18122008-sp_replwritetovarbin_injection_sql.shtml#10568 http://www.secuobs.com/news/comments18122008-sp_replwritetovarbin_injection_sql.shtml#10568 Mac OS X Lion 10.7.1 released http://www.secuobs.com/revue/news/323614.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10550 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10550 TimThumb.php Vulnerability Not Only Affecting Themes Plugins too http://www.secuobs.com/revue/news/323524.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#10538 http://www.secuobs.com/news/comments205032007-wordpress.shtml#10538 ESRT @securityshell - WordPress IP-Logger plugin = 30 SQL Injections http://www.secuobs.com/twitter/news/238769.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#10534 http://www.secuobs.com/news/comments205032007-wordpress.shtml#10534 ESRT @packet_storm - OpenSSL-Based Signcode Utility 1.4 http://www.secuobs.com/twitter/news/238493.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10517 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10517 Severe Remote Flaw Fixed in BlackBerry Enterprise Server http://www.secuobs.com/revue/news/322749.shtml http://www.secuobs.com/news/comments117032006-blackberry.html#10486 http://www.secuobs.com/news/comments117032006-blackberry.html#10486 How gdb disables ASLR in Mac OS X Lion http://www.secuobs.com/revue/news/322616.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10482 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10482 Security Flaws in Encrypted Police Radios http://www.secuobs.com/revue/news/322480.shtml http://www.secuobs.com/news/comments107042009-wifi_fhss_gnu_radio_usrp_trustwave.shtml#10476 http://www.secuobs.com/news/comments107042009-wifi_fhss_gnu_radio_usrp_trustwave.shtml#10476 ESRT @ioerror @moxie__ - Today I released Convergence, an agile authenticity replacement for SSL http://www.secuobs.com/twitter/news/235149.shtml http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10388 http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10388 Hardcoded Password and Other Security Holes Found in Siemens Control Systems http://www.secuobs.com/revue/news/320895.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#10359 http://www.secuobs.com/news/comments10062005-0days.shtml#10359 ESRT @betoftw @ryanaraine - zero-day vulnerability in millions of wordpress themes http://www.secuobs.com/twitter/news/234066.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#10356 http://www.secuobs.com/news/comments205032007-wordpress.shtml#10356 ESRT @opexxx - Useless OpenSSH resources exhausion bug via GSSAPI http://www.secuobs.com/twitter/news/233878.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10351 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10351 ESRT @teksquisite - Breaking the Xilinx Virtex-II FPGA Bitstream Encryption http://www.secuobs.com/twitter/news/233840.shtml http://www.secuobs.com/news/comments08062009-pci-fpga-sstic09.shtml#10347 http://www.secuobs.com/news/comments08062009-pci-fpga-sstic09.shtml#10347 ESRT @adulau @jedisct1 - Erlang OTP SSH Library Random Number Generator Weakness http://www.secuobs.com/twitter/news/233656.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10346 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10346 ESRT @InfosecurityMag - Another XSS security flaw discovered in Skype - taps Facebook integration http://www.secuobs.com/twitter/news/233629.shtml http://www.secuobs.com/news/comments14042009-skypeskrayping_voip_botnet_spoofing.shtml#10344 http://www.secuobs.com/news/comments14042009-skypeskrayping_voip_botnet_spoofing.shtml#10344 ESRT @redragonvn @vnsec - Yet another universal OSX x86_64 dyld ROP shellcode http://www.secuobs.com/twitter/news/233291.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10328 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10328 PLCs a prison vulnerability: researchers http://www.secuobs.com/revue/news/320257.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#10318 http://www.secuobs.com/news/comments10062005-0days.shtml#10318 ESRT @packet_storm - Stunnel SSL Wrapper 4.42b2 http://www.secuobs.com/twitter/news/232294.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10299 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10299 Passwords in Mac OS X can be pilfered with new tool http://www.secuobs.com/revue/news/319561.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10296 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10296 Black Hat Embedded Web servers open printer, scanner security holes http://www.secuobs.com/revue/news/319336.shtml http://www.secuobs.com/news/comments07122009-gsdays-nbs-imprimantes.shtml#10276 http://www.secuobs.com/news/comments07122009-gsdays-nbs-imprimantes.shtml#10276 Revisiting History Sniffing http://www.secuobs.com/revue/news/319113.shtml http://www.secuobs.com/news/comments19062009-sniff_browser_history_no_javascript.shtml#10267 http://www.secuobs.com/news/comments19062009-sniff_browser_history_no_javascript.shtml#10267 ESRT @packet_storm - Stunnel SSL Wrapper 4.40 http://www.secuobs.com/twitter/news/230885.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10254 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10254 ESRT @sambowne @slashdot - FPGA Bitstream Security Broken -- power analysis http://www.secuobs.com/twitter/news/230188.shtml http://www.secuobs.com/news/comments24102009-dpa_tempest_crypto_key_smartphone.shtml#10243 http://www.secuobs.com/news/comments24102009-dpa_tempest_crypto_key_smartphone.shtml#10243 ESRT @msksecurity - By Delivering Qubits Alongside Classical Data, Researchers Move Toward Bringing Us a Quantum Internet http://www.secuobs.com/twitter/news/229245.shtml http://www.secuobs.com/news/comments124022007-qkd.shtml#10217 http://www.secuobs.com/news/comments124022007-qkd.shtml#10217 UPDATE WPScan v1.0 http://www.secuobs.com/revue/news/317839.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#10201 http://www.secuobs.com/news/comments205032007-wordpress.shtml#10201 ESRT @xanda @TheHackersNews - Skype XSS PoC http://www.secuobs.com/twitter/news/227621.shtml http://www.secuobs.com/news/comments14042009-skypeskrayping_voip_botnet_spoofing.shtml#10156 http://www.secuobs.com/news/comments14042009-skypeskrayping_voip_botnet_spoofing.shtml#10156 ESRT @ivanristic - Super useful: A bag of tricks to super-charge OpenSSL http://www.secuobs.com/twitter/news/226749.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10119 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10119 ESRT @stalkr_ @taddong - New TLSSLed version, v1.1 http://www.secuobs.com/twitter/news/226286.shtml http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10111 http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#10111 ESRT @hlixaya @danphilpott - NIST released Security Bulletin June 2011 Guidelines For Protecting BIOS Firmware http://www.secuobs.com/twitter/news/226611.shtml http://www.secuobs.com/news/comments03092009-bmp_reflash_bios_intel_vpro_q45.shtml#10104 http://www.secuobs.com/news/comments03092009-bmp_reflash_bios_intel_vpro_q45.shtml#10104 ESRT @oncee @Carlos_Perez - if you ever find your self with a shell on OSX - a hashdump ruby script for dumping hashes http://www.secuobs.com/twitter/news/225829.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10084 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#10084 ESRT @packet_storm - Stunnel SSL Wrapper 4.39 http://www.secuobs.com/twitter/news/225060.shtml http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10058 http://www.secuobs.com/news/comments105032010-rsa-openssl.shtml#10058 ESRT @seccubus @Wh1t3Rabbit @t0ka7a - winlockpwn on Ubuntu - unlock a Windows machine by writing to memory via FireWire http://www.secuobs.com/twitter/news/224291.shtml http://www.secuobs.com/news/comments15062008-dma_firewire.shtml#10034 http://www.secuobs.com/news/comments15062008-dma_firewire.shtml#10034 ESRT @komeilipour - Microsoft IIS FTP Server = 7.0 Stack Exhaustion DoS MS09-053 http://www.secuobs.com/twitter/news/224165.shtml http://www.secuobs.com/news/comments101092009-iis_ftp_nlst_exploit_kingcope_nmap.shtml#10030 http://www.secuobs.com/news/comments101092009-iis_ftp_nlst_exploit_kingcope_nmap.shtml#10030 ESRT @digininja @n00bznet @kingcope - As promised: OpenSSH 35p1 Remote Root Exploit for FreeBSD -- I would verify this http://www.secuobs.com/twitter/news/223010.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10001 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10001 ESRT @gcouprie @digdns - A bad year for SSL: CAcert fixes potential security problem http://www.secuobs.com/twitter/news/222180.shtml http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#9994 http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#9994 ESRT @2gg @jduck1337 - Free 0day from pastebin http://www.secuobs.com/twitter/news/218642.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#9944 http://www.secuobs.com/news/comments10062005-0days.shtml#9944 ESRT @keydet89 - MacOSX autoruns http://www.secuobs.com/twitter/news/215025.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#9870 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#9870 ESRT @xanda - HashClash - collision generation for the MD5 and SHA-1 hash functions http://www.secuobs.com/twitter/news/215250.shtml http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#9866 http://www.secuobs.com/news/comments631122008-md5_pki_cluster_ps3_25c3_certificat.shtml#9866 py-office-tools parse dump Excel PPT files http://www.secuobs.com/revue/news/309842.shtml http://www.secuobs.com/news/comments128062006-excel.shtml#9856 http://www.secuobs.com/news/comments128062006-excel.shtml#9856 ESRT @adulau @damienmiller - Did Redhat just fix OpenSSH by making it seed with only 6 bytes from /dev/random? http://www.secuobs.com/twitter/news/214247.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#9835 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#9835 OS X malware analysis for beginners reverse engineering Mac Defender http://www.secuobs.com/revue/news/309344.shtml http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#9822 http://www.secuobs.com/news/comments722012009-memory_injection_mac_os_x_blackhat.shtml#9822 The Flash JIT Spraying Is Back - Hints for Flash Vulnerability Researchers http://www.secuobs.com/revue/news/309301.shtml http://www.secuobs.com/news/comments104112009-heap_spraying_ms_office_flash.shtml#9817 http://www.secuobs.com/news/comments104112009-heap_spraying_ms_office_flash.shtml#9817 ESRT @k0st @moxie__ not presenting on intercepting Skype calls, but I might talk about it in my BlackHat training http://www.secuobs.com/twitter/news/213331.shtml http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#9805 http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#9805 skype open-source http://www.secuobs.com/revue/news/308787.shtml http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#9799 http://www.secuobs.com/news/comments13032006-skype_blackhat.shtml#9799 WordPress 3.1.3 available security fixes http://www.secuobs.com/revue/news/307218.shtml http://www.secuobs.com/news/comments205032007-wordpress.shtml#9728 http://www.secuobs.com/news/comments205032007-wordpress.shtml#9728 Researcher Says Siemens Downplaying Serious SCADA Holes http://www.secuobs.com/revue/news/306825.shtml http://www.secuobs.com/news/comments10062005-0days.shtml#9714 http://www.secuobs.com/news/comments10062005-0days.shtml#9714 ESRT @julianor @rootlabs - Remote timing attack in OpenSSL ECDSA http://www.secuobs.com/twitter/news/209867.shtml http://www.secuobs.com/news/comments05032010-rsa-openssl.shtml#9713 http://www.secuobs.com/news/comments05032010-rsa-openssl.shtml#9713