http://www.secuobs.com L'observatoire de la securite Internet fr webmaster@secuobs.com ESRT @Beaker - @BrianDuPrix - security Researchers Develop Enhanced Security for Cloud Computing - So little detail http://www.secuobs.com/twitter/news/255060.shtml http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#11119 http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#11119 ACTA To Be Signed This Weekend http://www.secuobs.com/revue/news/331444.shtml http://www.secuobs.com/news/comments627042009-hadopi-retour.shtml#11028 http://www.secuobs.com/news/comments627042009-hadopi-retour.shtml#11028 ESRT @opexxx - sshtrix - a very fast multithreaded SSHv1 and SSH1v2 login cracker version 0.0.2 http://www.secuobs.com/twitter/news/251322.shtml http://www.secuobs.com/news/comments308122008-ssh_attaque_botnet_syncrhonisation.shtml#11004 http://www.secuobs.com/news/comments308122008-ssh_attaque_botnet_syncrhonisation.shtml#11004 ESRT @DarkOperator - SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker http://www.secuobs.com/twitter/news/248907.shtml http://www.secuobs.com/news/comments308122008-ssh_attaque_botnet_syncrhonisation.shtml#10909 http://www.secuobs.com/news/comments308122008-ssh_attaque_botnet_syncrhonisation.shtml#10909 SSHatter 1.0 http://www.secuobs.com/revue/news/329343.shtml http://www.secuobs.com/news/comments308122008-ssh_attaque_botnet_syncrhonisation.shtml#10893 http://www.secuobs.com/news/comments308122008-ssh_attaque_botnet_syncrhonisation.shtml#10893 ESRT @secdocs - Paper Payload already inside: data re-use for ROP exploits http://www.secuobs.com/twitter/news/248208.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10885 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10885 ESRT @_MDL_ @peterkruse - uTorrent.com compromised The popular uTorrent client got replaced with rogue av installer http://www.secuobs.com/twitter/news/247797.shtml http://www.secuobs.com/news/comments627042009-hadopi-retour.shtml#10875 http://www.secuobs.com/news/comments627042009-hadopi-retour.shtml#10875 ESRT @MarioVilas @d_olex - PyKd saves my night: ROP gadgets searching script for kernel debugger http://www.secuobs.com/twitter/news/247005.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10839 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10839 ESRT @Ivanlef0u @JonathanSalwan - ROPgadget tool v3.1 is out - Now you can make a bindport shellcode ROP, AutoROP ROPmaker http://www.secuobs.com/twitter/news/245387.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10768 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10768 ESRT @Ivanlef0u @sleepya_ - ROP with common functions in Ubuntu and Debian x86 http://www.secuobs.com/twitter/news/244836.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10747 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10747 ESRT @FlUxIuS @shell_storm - How to make a ROP when gadgets seems to miss - kind of universal ROP under linux by @Agixid http://www.secuobs.com/twitter/news/243062.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10689 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10689 The 20ll Vegas Black Hat Archives Are Up http://www.secuobs.com/revue/news/323878.shtml http://www.secuobs.com/news/comments123032009-har2009.shtml#10559 http://www.secuobs.com/news/comments123032009-har2009.shtml#10559 ESRT @tomaszmiklas @OpenDLP - OpenDLP 0.4.1 Ubuntu 11.04 VirtualBox VM released with everything ready to go http://www.secuobs.com/twitter/news/238409.shtml http://www.secuobs.com/news/comments203022009-nist_dlp_fuite_information_mesure.shtml#10514 http://www.secuobs.com/news/comments203022009-nist_dlp_fuite_information_mesure.shtml#10514 ESRT @gianlucaSB @iamnion - autocreate ROP payload bypassing ASLR DEP w small areas of unrand mem for 80 pct of linux bins =20KB http://www.secuobs.com/twitter/news/237927.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10502 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10502 ESRT @CiscoSecurity - When cloud and pentester meet, things can be different from the old school status quo http://www.secuobs.com/twitter/news/238199.shtml http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10494 http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10494 ESRT @rhalbheer - Cool research by Microsoft Research: Searchable Encryption for the Cloud – soon? http://www.secuobs.com/twitter/news/237068.shtml http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10466 http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10466 ESRT @chiefmonkey - DefCon 19 Presentations available here - Some had issues with last link http://www.secuobs.com/twitter/news/236369.shtml http://www.secuobs.com/news/comments123032009-har2009.shtml#10432 http://www.secuobs.com/news/comments123032009-har2009.shtml#10432 Assessing the security of cloud providers http://www.secuobs.com/revue/news/321666.shtml http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10414 http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10414 ESRT @iben - OpenStack Quantum and Open vSwitch http://www.secuobs.com/twitter/news/235306.shtml http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10405 http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10405 ESRT @MarioVilas @shell_storm - ROPgadget tool v3.0 is out http://www.secuobs.com/twitter/news/233609.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10329 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10329 New OAuth toolkit http://www.secuobs.com/revue/news/319437.shtml http://www.secuobs.com/news/comments20092006-openid.shtml#10292 http://www.secuobs.com/news/comments20092006-openid.shtml#10292 Universal ROP shellcode for OS X x64 http://www.secuobs.com/revue/news/318974.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10262 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10262 ESRT @mbenlakhoua @TmHalL - How Does Google Protect Your Data in The Cloud - via @zite http://www.secuobs.com/twitter/news/230719.shtml http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10252 http://www.secuobs.com/news/comments928012009-cloud-computing-securite.shtml#10252 ESRT @prohack - Amazing whitepaper on JOP Jump Oriented Programming http://www.secuobs.com/twitter/news/225647.shtml http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10087 http://www.secuobs.com/news/comments114082008-return-oriented-programming.shtml#10087 ESRT @antic0de @dfunc - Packed, Printable, Polymorphic Return-Oriented Programming http://www.secuobs.com/twitter/news/224364.shtml http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#10025 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#10025 Skyrack, ROP for masses http://www.secuobs.com/revue/news/314443.shtml http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#10000 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#10000 EFF Releases 'Know Your Digital Rights' Guide http://www.secuobs.com/revue/news/314004.shtml http://www.secuobs.com/news/comments527042009-hadopi-retour.shtml#9979 http://www.secuobs.com/news/comments527042009-hadopi-retour.shtml#9979 ESRT @winsec - Critical vulnerability in open source Eucalyptus clouds http://www.secuobs.com/twitter/news/212118.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9764 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9764 ESRT @sbrabez @ZXlain - Fimap v0.9 released - Local and Remote file inclusion auditing Tool http://www.secuobs.com/twitter/news/210812.shtml http://www.secuobs.com/news/comments116112009-malfi_botnet_rfi_lfi_xsa_rce.shtml#9730 http://www.secuobs.com/news/comments116112009-malfi_botnet_rfi_lfi_xsa_rce.shtml#9730 BlackHole Exploit Kit 1.0.2 Available http://www.secuobs.com/revue/news/306741.shtml http://www.secuobs.com/news/comments11112005-nepenthes.shtml#9706 http://www.secuobs.com/news/comments11112005-nepenthes.shtml#9706 ESRT @Montejam @jeremiahg - Researchers at Stanford Security Laboratory release tool, Decaptcha, to defeat Audio CAPTCHAs http://www.secuobs.com/twitter/news/209442.shtml http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#9699 http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#9699 ROPdefender A Detection Tool to Defend Against Return-Oriented Programming Attacks http://www.secuobs.com/revue/news/306613.shtml http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#9696 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#9696 ESRT @SPoint @xme - NIST draft publication about cloud computing synopsis and recommendations http://www.secuobs.com/twitter/news/207217.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9642 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9642 ESRT @mattjay @alexstamos - We just posted a new whitepaper by Paul Youn, Creating a Safer OAuth User Experience http://www.secuobs.com/twitter/news/205131.shtml http://www.secuobs.com/news/comments20092006-openid.shtml#9609 http://www.secuobs.com/news/comments20092006-openid.shtml#9609 ESRT @revskills @pauldotcom - Using SSH Logs For Remote File Include - So freakin' cool http://www.secuobs.com/twitter/news/205291.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#9607 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#9607 ESRT @maltainfosec - Homomorphic encryption: Can it save cloud computing http://www.secuobs.com/twitter/news/204149.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9598 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9598 OpenID Warns of Serious Bug in Some Implementations http://www.secuobs.com/revue/news/303095.shtml http://www.secuobs.com/news/comments20092006-openid.shtml#9553 http://www.secuobs.com/news/comments20092006-openid.shtml#9553 Microsoft Private Cloud Security Overview http://www.secuobs.com/revue/news/302670.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9545 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9545 ESRT @darkoperator - Advanced Persistent Tweets: Zero-Day in 140 Characters - via @BrianKrebs http://www.secuobs.com/twitter/news/201992.shtml http://www.secuobs.com/news/comments03022007-vente_0day.shtml#9530 http://www.secuobs.com/news/comments03022007-vente_0day.shtml#9530 Volatility 1.4 UserAssist plugin http://www.secuobs.com/revue/news/301835.shtml http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#9511 http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#9511 Volatility and a Python Implementation of RegRipper http://www.secuobs.com/revue/news/301830.shtml http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#9510 http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#9510 ESRT @bojanz @DragonResearch - SSH brute force attack source insight http://www.secuobs.com/twitter/news/201104.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#9506 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#9506 HES 2011 Videos available http://www.secuobs.com/revue/news/300680.shtml http://www.secuobs.com/news/comments123032009-har2009.shtml#9463 http://www.secuobs.com/news/comments123032009-har2009.shtml#9463 ESRT @hdmoore @rootwyrm - Wow Now this, ladies and gentlemen, is an example of EXTREMELY DANGEROUS STUPIDITY - Its the cloud http://www.secuobs.com/twitter/news/198660.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9450 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9450 ESRT @tnicholson - Creating a distributed SSH brute forcer in Python - Part 1 planning the system http://www.secuobs.com/twitter/news/190295.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#9274 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#9274 Video: Windows Azure Platform Security Essentials for Technical Decision Makers http://www.secuobs.com/revue/news/294601.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9251 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9251 ESRT @tomaszmiklas - Researcher Overcomes Legal Setback Over Cloud Cracking Suite http://www.secuobs.com/twitter/news/187182.shtml http://www.secuobs.com/news/comments103112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#9187 http://www.secuobs.com/news/comments103112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#9187 papers - PHP LFI to Arbitrary Code Execution via rfc1867 File Upload Temporary Files http://www.secuobs.com/revue/news/292821.shtml http://www.secuobs.com/news/comments116112009-malfi_botnet_rfi_lfi_xsa_rce.shtml#9171 http://www.secuobs.com/news/comments116112009-malfi_botnet_rfi_lfi_xsa_rce.shtml#9171 Dynamic Binary Instrumentation as base for security product full system protection http://www.secuobs.com/revue/news/292769.shtml http://www.secuobs.com/news/comments14102006-shellcode-nop-sleds.shtml#9155 http://www.secuobs.com/news/comments14102006-shellcode-nop-sleds.shtml#9155 ESRT @pello @atoonk - Impressed with the innovation at Amazon Create your own network on demand: IP subnets, ACL, VRF, VPN http://www.secuobs.com/twitter/news/185077.shtml http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#9138 http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#9138 ESRT @adulau - Scheduler Vulnerabilities and Attacks in Cloud Computing http://www.secuobs.com/twitter/news/180917.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9040 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#9040 ESRT @k4l4m4r1s @adulau - Another way to bypass a DLP Data Leak Prevention system via a faked USB keyboard http://www.secuobs.com/twitter/news/173291.shtml http://www.secuobs.com/news/comments203022009-nist_dlp_fuite_information_mesure.shtml#8883 http://www.secuobs.com/news/comments203022009-nist_dlp_fuite_information_mesure.shtml#8883 Offensive OpenDLP Part 1 Installing http://www.secuobs.com/revue/news/283927.shtml http://www.secuobs.com/news/comments103022009-nist_dlp_fuite_information_mesure.shtml#8853 http://www.secuobs.com/news/comments103022009-nist_dlp_fuite_information_mesure.shtml#8853 ESRT @revskills @stalkr_ - Parallel ssh private key cracker http://www.secuobs.com/twitter/news/171080.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#8832 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#8832 UPDATE NiX Brute Forcer v1.1.0 http://www.secuobs.com/revue/news/280185.shtml http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#8720 http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#8720 ESRT @darkoperator - Trojan built to disable cloud antivirus http://www.secuobs.com/twitter/news/164174.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8681 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8681 Mozilla accidentally publishes user IDs and passwords http://www.secuobs.com/revue/news/274461.shtml http://www.secuobs.com/news/comments103022009-nist_dlp_fuite_information_mesure.shtml#8464 http://www.secuobs.com/news/comments103022009-nist_dlp_fuite_information_mesure.shtml#8464 ESRT @bkdelong - MSFT BPOS cloud service accidental data breach http://www.secuobs.com/twitter/news/156916.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8444 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8444 ESRT @taylorbanks @mza - Introducing VM Import Bring your VMware images to Amazon EC2 http://www.secuobs.com/twitter/news/154127.shtml http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#8372 http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#8372 Video - ESRT @grecs @novahackers - SSH Patching at November NoVAH Meeting http://www.secuobs.com/twitter/news/149327.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#8259 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#8259 LFIMAP Scan For Files Vulnerable To LFI Local File Inclusion http://www.secuobs.com/revue/news/269128.shtml http://www.secuobs.com/news/comments116112009-malfi_botnet_rfi_lfi_xsa_rce.shtml#8232 http://www.secuobs.com/news/comments116112009-malfi_botnet_rfi_lfi_xsa_rce.shtml#8232 ESRT @rcecoder @0x58 - @brucon 2010 videos released http://www.secuobs.com/twitter/news/147786.shtml http://www.secuobs.com/news/comments23032009-har2009.shtml#8209 http://www.secuobs.com/news/comments23032009-har2009.shtml#8209 New Tool Patches Offline VMs http://www.secuobs.com/revue/news/268405.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8201 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8201 ESRT @cloudsa - Help Net Security: Toolkit to implement and assess cloud security http://www.secuobs.com/twitter/news/143373.shtml http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8047 http://www.secuobs.com/news/comments828012009-cloud-computing-securite.shtml#8047 ESRT @xme - There is now a git repository for my SSH known_files bruteforcer script http://www.secuobs.com/twitter/news/142223.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#8012 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#8012 ESRT @lithium - Using WolframAlpha to hack CAPTCHA text http://www.secuobs.com/twitter/news/141516.shtml http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#7997 http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#7997 ESRT @xanda - NiX - Linux Brute Forcer - the beast - has been released http://www.secuobs.com/twitter/news/141620.shtml http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#7996 http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#7996 ESRT @xme - Bruteforcing SSH Known_Hosts Files http://www.secuobs.com/twitter/news/138544.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#7910 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#7910 ESRT @Infosanity - SSH Hardening with Breakinguard - @andyb2000 http://www.secuobs.com/twitter/news/133970.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#7818 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#7818 Defeating Return-Oriented Rootkits with Return-less Kernels http://www.secuobs.com/revue/news/257273.shtml http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#7732 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#7732 DARPA Project To Tackle Inside Security Threats http://www.secuobs.com/revue/news/256880.shtml http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#7722 http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#7722 How To Make Your Own Eavesdropping Social Engineering Tool http://www.secuobs.com/revue/news/255951.shtml http://www.secuobs.com/news/comments11052007-melani.shtml#7686 http://www.secuobs.com/news/comments11052007-melani.shtml#7686 Inside Phoenix Exploit's Kit v2.3 http://www.secuobs.com/revue/news/254978.shtml http://www.secuobs.com/news/comments09122008-fsecure.shtml#7647 http://www.secuobs.com/news/comments09122008-fsecure.shtml#7647 Why IF-MAP v2.0 is important http://www.secuobs.com/revue/news/253770.shtml http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#7579 http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#7579 ESRT @Infosanity @lvdeijk - some kippo honeypot results and a video - Thanks @justinelze for help http://www.secuobs.com/twitter/news/126565.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#7542 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#7542 ESRT @obsequens - Feds want backdoors built into VoIP and email, instant-me http://www.secuobs.com/twitter/news/126221.shtml http://www.secuobs.com/news/comments527042009-hadopi-retour.shtml#7531 http://www.secuobs.com/news/comments527042009-hadopi-retour.shtml#7531 ESRT @McGrewSecurity - Blackhat USA 2010 and Defcon 18 videos are now available on the hacker con media archive http://www.secuobs.com/twitter/news/120947.shtml http://www.secuobs.com/news/comments23032009-har2009.shtml#7405 http://www.secuobs.com/news/comments23032009-har2009.shtml#7405 HP Scanners exposing sensitive information http://www.secuobs.com/news/comments08122003enquete-ibas-photocopieurs.html#7254 http://www.secuobs.com/news/comments08122003enquete-ibas-photocopieurs.html#7254 ESRT @matrosov - DrGadget IDAPython plugin which helps in writing and analyzing ROP payload http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#7080 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#7080 ESRT @Ivanlef0u @fr33project - Blackhat 2010 payload already insinde: data reuse for ROP exploits http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#7019 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#7019 Videos demo - Defcon Advanced Format String Attacks http://www.secuobs.com/news/comments23032009-har2009.shtml#6995 http://www.secuobs.com/news/comments23032009-har2009.shtml#6995 ESRT @danielsnyder1 @DrInfoSec - 7 myths of 0-day vulns debunked by @danchodanchev - must-read great recap http://www.secuobs.com/news/comments03022007-vente_0day.shtml#6948 http://www.secuobs.com/news/comments03022007-vente_0day.shtml#6948 ESRT @HenkvanRoest - Google fixes flaw in Audio CAPTCHA http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#6946 http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#6946 Dino Dai Zovi on Return-Oriented Exploitation and Bug Bounties http://www.secuobs.com/revue/news/243355.shtml http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#6839 http://www.secuobs.com/news/comments14082008-return-oriented-programming.shtml#6839 Exploiting remote timing attacks http://www.secuobs.com/revue/news/241862.shtml http://www.secuobs.com/news/comments20092006-openid.shtml#6787 http://www.secuobs.com/news/comments20092006-openid.shtml#6787 ESRT @msksecurity @fak3r @emerose - Every OpenID implementation allow to remotely forge valid tokens http://www.secuobs.com/news/comments20092006-openid.shtml#6756 http://www.secuobs.com/news/comments20092006-openid.shtml#6756 Crypto tool predicts password cracking time http://www.secuobs.com/revue/news/240590.shtml http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#6753 http://www.secuobs.com/news/comments03112009-edpr_cloud_amazon_ec2_pgp_zip.shtml#6753 ESRT @mikkohypponen - Presentation materials from HITBSecConf2010 Amsterdam http://www.secuobs.com/twitter/news/112086.shtml http://www.secuobs.com/news/comments23032009-har2009.shtml#6691 http://www.secuobs.com/news/comments23032009-har2009.shtml#6691 ESRT @xanda @MarioVila - U3 USB Metasploit attack http://www.secuobs.com/twitter/news/105063.shtml http://www.secuobs.com/news/comments14122006-usb_u3.shtml#6501 http://www.secuobs.com/news/comments14122006-usb_u3.shtml#6501 ESRT @netsecpodcast - MS CAPTCHA Broken http://www.secuobs.com/twitter/news/97076.shtml http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#6293 http://www.secuobs.com/news/comments02122008-pramana_captcha_comportemental.shtml#6293 Five Ways To (Physically) Hack A Data Center http://www.secuobs.com/revue/news/223024.shtml http://www.secuobs.com/news/comments17042008-social_engineering_chocolat.shtml#6208 http://www.secuobs.com/news/comments17042008-social_engineering_chocolat.shtml#6208 ESRT @Beaker - Hey CloudSleuth - I likey http://www.secuobs.com/twitter/news/91694.shtml http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6132 http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6132 OpenSAMM Assessment Spreadsheet v0.4 available http://www.secuobs.com/revue/news/220204.shtml http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#6108 http://www.secuobs.com/news/comments207032009-fair_gestion_risque_information_cc.shtml#6108 ESRT @ITVulnerability : CloudStack - Open source software for cloud services deployment http://www.secuobs.com/twitter/news/90189.shtml http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6065 http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6065 Video : ESRT @CiscoSecurity - Cisco's Advances in Cloud Protection http://www.secuobs.com/twitter/news/89914.shtml http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6056 http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6056 Webroot adds vulnerability scanning to cloud-based web security service http://www.secuobs.com/revue/news/218595.shtml http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6051 http://www.secuobs.com/news/comments728012009-cloud-computing-securite.shtml#6051 HADOPI Le Deep Packet Inspection est bien au menu http://secuobs.com/revue/news/218544.shtml http://www.secuobs.com/news/comments527042009-hadopi-retour.shtml#6040 http://www.secuobs.com/news/comments527042009-hadopi-retour.shtml#6040 ProSSHD 1.2 remote post-auth exploit w ASLR and DEP bypass http://www.secuobs.com/revue/news/218393.shtml http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#6036 http://www.secuobs.com/news/comments208122008-ssh_attaque_botnet_syncrhonisation.shtml#6036 ESRT @Beaker @SecurityBSides - SOURCE Boston 2010 videos http://www.secuobs.com/twitter/news/89395.shtml http://www.secuobs.com/news/comments23032009-har2009.shtml#6026 http://www.secuobs.com/news/comments23032009-har2009.shtml#6026 OpenDLP v0.1 released http://www.secuobs.com/revue/news/217982.shtml http://www.secuobs.com/news/comments103022009-nist_dlp_fuite_information_mesure.shtml#6010 http://www.secuobs.com/news/comments103022009-nist_dlp_fuite_information_mesure.shtml#6010