Who's Online
There are currently, 155 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
Secure Ninja Appoints Leonard Chin as VP to Lead International Expansion
Posted by cdupuis on Wednesday, 22 February 2012 @ 20:56:44 EST (514 reads)
Topic In the News
With 80% of its target market overseas Secure Ninja expands globally to meet the growing demand for Information Security training and service solutions.
Secure Ninja is pleased to announce the appointment of Leonard Chin as Vice President to lead its international marketing and business development. In response to the global opportunity for its leading edge security services, Secure Ninja also announces its expansion into Europe, the Middle East and Africa (EMEA), along with select markets in Asia Pacific and South America.
With a decade of experience in developing new business and driving international sales, Leonard will be a key asset to Secure Ninja as the company grows its customer and value-added reseller (VAR) base in the coming year.
Leonard possesses extensive field experience specializing in sales and marketing functions across numerous industries including finance, conference, seminars, franchise, technical training and education. Leonard has established countless strategic partnerships with numerous Fortune 500 companies and government organizations. Leonard is well known as a conference specialist, having successfully managed a string of highly successful EC-Council conferences during his tenure. He was instrumental in conceptualizing and organizing the first Hacker Halted USA in 2008 and thereafter making it a mainstay in Miami. Leonard was responsible for launching, designing and directing the highly technical TakeDownCon series, which was recently hosted in Dallas and Las Vegas in 2011.
“We are delighted to have Leonard Chin on our team. He is an extremely knowledgeable and well-connected infosec business professional who possesses great leadership ability and outstanding communication skills, which are crucial elements to effectively manage and influence people towards meeting our company’s international business objectives,” said Ned Snow, President, Secure Ninja. “By combining Leonard’s expertise to manage a strong team of subject matter experts and sales engineers in key regions, Secure Ninja will be well positioned for our next phase of innovation and growth.”
Prior to this appointment, Leonard was a key executive at EC-Council, creator of the world renowned Certified Ethical Hacker (CEH) programs as well as numerous other recognized certifications such as the CHFI, ECSA and Licensed Penetration Tester (LPT). He held various roles within the organization including Director of Marketing, and Director of Conferences & Events, as well as concurrently being the Conference Director for both the TakeDownCon and Hacker Halted conference series. And in 2011, he was appointed as the Vice Chair of the world’s first international team ethical hacking games - the Global CyberLympics.
"It is an honor and I’m excited to be part of Secure Ninja’s immensely qualified team, which is on the leading edge of information security services and training methodology development," said Leonard. "I'm looking forward to expanding Secure Ninja’s suite of security services and training offerings internationally, ensuring its growth and market captivity, as well as attaining global branding.”
About Secure Ninja
Secure Ninja is a leader in Information Security, IT training and certification such as CISSP, Security+, CEH, CAP, CISM, ISSEP, ISSMP, ISSAP, Cloud Security, Wireless Security and Computer Forensics to name a few. Secure Ninja has been providing businesses with programs that answer regulatory needs and skills gaps for over 8 years. Our training programs educate and certify employees in the areas that are critical to business operations. With certified professionals on staff, the company demonstrates that it is seriously engaged in producing ROI on technology investments and handling compliance requirements competently. Our programs also create solutions for the DOD and the system integrator community by answering the certification needs of the 8570.01-M mandate. Secure Ninja’s assessment, consulting and security services division specializes in governance, risk and compliance programs for both corporate & government agencies including information assurance, IV&V security audits and cyber-security solutions. For more information visit http://www.secureninja.com
ClubHACK Magazine January 2012 Edition
Posted by cdupuis on Thursday, 19 January 2012 @ 14:10:14 EST (876 reads)
Topic In the News
As seen http://www.pentestit.com/
Contents of ClubHACK Magazine January 2012:
- Tech Gyan: One Link Facebook
Can Facebook accounts be hacked? Is it be possible to access your account without your permission and without knowing your username and password? Unfortunately “YES” is the answer.
- Legal Gyan: Powers of Government under the Information Technology Act, 2000
Internet Censorship is today‘s hot topic with the passage of statements by our Honorable Ministers. But the billion dollars question is ?Can online activities of individuals be censored/monitored in India?
- Tool Gyan: SQLMAP – Automated Sql Injection Testing Tool
Sql injection is one of the most common vulnerability found in web applications today. Exploiting SQL Injection through manual approach is somewhat tedious. Using flags like ?or 1=1–? , ?and 1>2? we can find out if vulnerability is present but exploiting the vulnerability needs altogether different approach. Tools like Sqlmap, Havij and Pangolin are helpful in exploiting sql injection.
- Matriux Vibhag: Setting up and Getting started with Matriux Krypton
Wish you a very happy and prosperous new year from team Matriux. 2011 has been a great year for us where we along with CHmag have made it possible to reach you better. A special thanks to CHmag team for making it with us. It has been noticed that due to a custom and special installer MID used in Matriux Krypton, many users are confused on how to get Matriux setup on their Hard disk or VirtualBox, so this month we bring you with how to setup and get started with Matriux Krypton, a better way to start 2012.
- Mom’s Guide: Social Networking and its Application Security
Social Networks have been an important part of our life, yes, we tweet for photos we click, every moment of happiness, sadness and the news around, we update our status if we start a relationship or end one, or even travel itinerary and hotel check-ins, movie moments, fun with friends, in fact everything that we do every moment in our life is open to the world we want to share. Play games with friends and make new friends.
Download ClubHACK Magazine January 2012:
ClubHACK Magazine Issue 24, January 2012 – jan2012.pdf – http://chmag.in/issue/jan2012.pdf
SOPA and PIPA -- What`s in it for you
Posted by cdupuis on Thursday, 19 January 2012 @ 13:23:08 EST (794 reads)
Topic In the News
As seen on one of my hosting company mailing list:
Greetings Site5 Customers!
The U.S. Congress is currently considering two bills -- one in the House of Representatives called SOPA (Stop Online Piracy Act) and another in the Senate called PIPA (Protect IP Act). These bills both attempt to use similar methods to further criminalize and police intellectual property infringement. Although protecting intellectual property is important, these bills would use heavy-handed tactics that would censor and splinter the Internet.
SOPA and PIPA would grant the U.S. government the ability to block almost any website on the Internet if the site is perceived to be an "infringing site." Search engines would be required to remove the site from their search listings, payment processors and advertisement networks would be forbidden from doing business with the site, and ISPs could be forced to block access to the site for Americans. The bill provides little detail about what would constitute an infringing site, which makes the potential for abuse far greater. We have already seen how these kind of systems can be abused. In 2010, ICE (Immigration and Customs Enforcement) mistakenly seized a domain name belonging to a music blog and labeled it as a "rogue site" — the domain name was not returned until a year later (source: http://nyti.ms/uF73mZ). If you would like to see a video explanation of how the bill works and its dangers, please go here: http://vimeo.com/31100268
Site5 has publicly declared our opposition to both bills, and we encourage you to do the same. Contact your representatives in Congress to let your opposition to these bills be known! To locate the contact information for your representatives, visit one of the following websites:
http://www.contactingthecongress.org
http://www.grassroutes.us/sopa
If you're located outside the United States, you can let your voice be heard as well by sending your thoughts via this website:
http://americancensorship.org
Another way to get involved in the fight against SOPA and PIPA is to join in on the blackouts. Many well-known websites such as Wikipedia, Google, and Reddit are demonstrating their opposition, and you can too. Site5 has sponsored a WordPress plugin for participating in blackouts, and it features an easy setup and configuration options within the WordPress admin area:
http://wordpress.org/extend/plugins/sopa-blackout-plugin/
We feel very strongly that the future of the Internet is at stake, and we urge everyone to get involved!
Thanks,
The Site5 Management Team
Clement Dupuis, CLO of Secure Ninja on you tube
Posted by cdupuis on Friday, 16 December 2011 @ 18:53:46 EST (1123 reads)
Topic In the News
Copyright Dispute resolved between Infosec Institute and Corelan
Posted by anonymous on Friday, 18 November 2011 @ 04:38:11 EST (1072 reads)
Topic In the News
Anonymous writes "Today I have received the following update from Peter on the ongoing battle between the Infosec Institute and Corelan
November 18, 2011 07:16
Corelan Team (corelanc0d3r) has published a new post : Copyright Dispute resolved
Hello community, friends, visitors,
I can now report that the Copyright dispute between the Infosec Institute and myself have been settled as of november 18, 2011.
Please find below and extract from the official statement announcing the settlement.
Infosec Institute admits that it used certain of Peter Van Eeckhoutte’s work without his permission, proper attribution of authorship, or proper copyright notice.
Infosec Institute takes full responsibility for its actions.
Read the full annoncement at the following links:
https://www.corelan.be/index.php/2011/11/18/copyright-dispute-resolved/
RELATED LINKS:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,8068.0/
http://attrition.org/errata/plagiarism/infosec_institute/
http://www.reddit.com/r/netsec/comments/lui6j/infosec_institute_plagiarized_course_material/
"
Brad Smith (aka TheNurse) donation page
Posted by cdupuis on Tuesday, 01 November 2011 @ 08:10:34 EDT (1006 reads)
Topic In the News
Anonymous writes "We all know and love Brad Smith, aka theNurse.
His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital in a coma for a few days. I was in the room attending his presentation when it happened and it was a shocker. At first we all taught he was joking around as he always does but it was no joke at all. He is now fighting for his life.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks you for your support, prayers and positive thoughts.
These donations are to help Brad and his wife with any out of pocket expenses they have.
For updates please visit: http://www.social-engineer.org/brad-smith-updates/
Get weel soon, Our prayers are with you
Clement "
Professional Tester Magazine, October 2011: the future of testing certification
Posted by cdupuis on Tuesday, 04 October 2011 @ 09:43:37 EDT (1646 reads)
Topic In the News
In the new issue of PT expert trainers propose practical ways to improve qualifications for testers.
Plus: Martin Mudge demonstrates using Excel for automated test generation, Devyani Borade reacts to our last issue by arguing for discussion in testing and Geoff Quentin maps the relationship between his Consolidated Testing Process and ISO/IEC 12207’s acquisition activities.
(IN)SECURE Magazine Issue 31 has been released
Posted by cdupuis on Monday, 26 September 2011 @ 08:10:46 EDT (894 reads)
Topic In the News
Anonymous writes "
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 31 has been released today.
Table of contents:
- The changing face of hacking
- Review: [hiddn] Crypto Adapter
- A tech theory coming of age
- SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
- The need for foundational controls in cloud computing
- A new approach to data centric security
- The future of identity verification through keystroke dynamics
- Visiting Bitdefender's headquarters
- Rebuilding walls in the clouds
- Testing Domino applications
- Report: Black Hat 2011 USA
- Safeguarding user access in the cloud with identity governance.
CLICK HERE TO DOWNLOAD
"
NATO Cooperative Cyber Defence Centre of Excellence New book released for FREE
Posted by cdupuis on Tuesday, 05 July 2011 @ 19:14:42 EDT (1847 reads)
Topic In the News
NATO Cooperative Cyber Defence Centre of Excellence
5.07.2011
New NATO CCD COE book available for download
Title: Strategic Cyber Security
Author: Kenneth Geers
PDF, ePub: www.ccdcoe.org/278.html
Hard copy: publications@ccdcoe.org
Pages: 169
This book argues that computer security has evolved from a technical discipline to a strategic concept, and that strategic challenges require strategic solutions.
Dr. Geers examines, evaluates and prioritizes four likely nation-state approaches to mitigate the cyber attack threat and to improve a nation’s cyber defense posture:
• Internet Protocol version 6 (IPv6)
• Sun Tzu’s Art of War
• Cyber attack deterrence
• Cyber arms control
Kenneth will present his research at DEF CON 19 in Las Vegas in August, and as the Keynote Speaker at Hack-in-the-Box Malaysia in October.
About the Author: Kenneth Geers, PhD, CISSP, Naval Criminal Investigative Service (NCIS), is a Scientist and the U.S. Representative to NATO CCD COE.
The NATO Cooperative Cyber Defence Centre of Excellence is a Tallinn-based international military organisation whose sponsoring nations include Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Slovakia and Spain. The Centre's mission is to improve the cyber defence capabilities, cooperation and information exchange of NATO member states and their partners.
Tools list from the InfosecEvents Mailing List
Posted by cdupuis on Monday, 23 May 2011 @ 16:01:36 EDT (1926 reads)
Topic In the News
Tools
- Microsoft EMET v2.1
EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. This helps prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited.
- BackTrack V5 Released – digitalbond.com
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
- UPDATE: Safe3 Sql Injector v.8.1 – sourceforge.net/projects/safe3se/files
Safe3 is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
- UPDATE: Google Hack Database Tool v1.2! – secpoint.com/freetools
Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.
- UPDATE: Microsoft We Application Configuration Analyzer v2.0! – microsoft.com/downloads
Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications.
- Metasploit Framework 3.7.1 Released! – blog.metasploit.com
We are happy to announce the immediate availability of version 3.7.1 of the Metasploit Framework, Metasploit Express, and Metasploit Pro. This is a relatively small release focused on bug fixes and performance improvements.
- The DOMinator Project – blog.mindedsecurity.com
DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss.
- Nuf-fuzzer: A Browser Fuzzer Based On The Mangleme Fuzer Concept – nuf-fuzzer.sourceforge.net
We wrote about a similar tool – iExploder that was based on the mangleme fuzzing concept. mangleme helps you to automatically check for HTML parsing flaws. It generates a basic set of badly mangled tags on request, with auto-refresh back to the script, so that you can point a browser to it once, and let it run until it crashes.
- AndroidAudittools : Dynamic Android Analysis tools – intrepidusgroup.com
When taking the SANS reverse engineering malware class, the two analysis techniques taught are dynamic and static. These concepts/techniques are directly applicable to any sort of reverse engineering. When I am assessing, or pen-testing an application I usually separate my thought process into one of those two buckets.
- Androguard – code.google.com/p/androguard/
You can analyze, display, modify and save your apps easily and statically by creating your own software (by using the API), or by using the tool (androlyze) in command line. This tool is useful when you would like to do reverse engineering on a specific application (e.g : malware).
- Oracle Auditing Toolkit - blog.0x0lab.org
The Oracle Auditing Toolkit can be used to audit security within Oracle database servers.
Hackers are worried the Sony compromize will lower the Value of stolen cards
Posted by cdupuis on Wednesday, 04 May 2011 @ 09:20:04 EDT (2667 reads)
Topic In the News
I was reading my morning email and I taught this one is hilarious. I am sure you will feel just as bad as I do for them. If they could fall to a cent maybe crime would slow down at that point:
Hackers who claim they are responsible for the Sony breach wrote on underground forums last week that they had access to over 2.2 million credit cards. If these millions of new stolen cards were sold online, the price could fall to well below the standard rate to as low as $1 or $2 each.
HERE IS THE ARTICLE:
May 3, 2011, 3:30 pm
How Credit Card Data Is Stolen and Sold By NICK BILTON
Bobby Yip/Reuters Stolen credit card numbers can sell for up to $10 each in online underground markets.
Last week, after the Sony PlayStation Network was attacked by a group of unknown hackers, Sony’s 77 million customers, along with security specialists and government officials, were surprised by the amount of information that might have been stolen from the company.
But there was another group that worried about the attack: other hackers who steal credit card numbers and personal identity online and then sell and trade this information in underground markets.
“We’re keeping a close eye on the Sony story as it would drastically affect the resale of other cards,” explained an experienced hacker based in Europe who declined to share his name due to the nature of his work.
Kevin Stevens, senior threat researcher at the computer security firm Trend Micro, explained in an interview last week that there was a lot of discussion taking place in hacker forums about the Sony data breach. Several credit card dealers are worried that the distribution of millions of credit cards would flood the market and lower prices, he said.
According to a number of security researchers, the sale of stolen information and credit cards often takes place completely underground in secret credit forums, where hackers exchange or sell data. These forums are closed to the public, and people who join the groups are vetted by forum administrators to ensure they are not from law enforcement.
Posts on the forums usually list the type of information for sale, including names and addresses associated with the cards, and a price that can be negotiated. Once someone agrees to buy the information, the transaction takes place out of the forum in a secret chat room, usually using a private and secure I.C.Q. room.
Mr. Stevens said stolen credit cards usually sold for about $5 to $10 online, yet the prices vary based on the amount of information supplied with the card data and the account limit.
Hackers who claim they are responsible for the Sony breach wrote on underground forums last week that they had access to over 2.2 million credit cards. If these millions of new stolen cards were sold online, the price could fall to well below the standard rate to as low as $1 or $2 each.
To make matters worse, Sony said Monday that another server had been affected by the breach last week and as many as 12,700 credit and debit cards could have been stolen during the attack.
Mathew Solnik, a security consultant with iSEC Partners, said he doesn’t see any signs of a slowdown with the sale of credit card data or personal information online. “As more companies keep databases of people’s personal data, including credit cards, there is more incentive for hackers to gain access to their servers and make a lot of money reselling this sensitive information.”
So what can be done to stop the resale of personal information?
Kevin Mahaffey, the chief technology officer at Lookout Mobile Security, said companies needed to stop collecting so much personal information. “Data has a new lever of value in society,” he said in an interview. “We now have robust economies that have grown around personal information and credit cards.”
“One of the best things companies can do is not collect the data in the first place,” explained Mr. Mahaffey. “Some companies now consider this type of data nuclear waste; you don’t want to store if you don’t have to.”
See original at:
http://bits.blogs.nytimes.com/2011/05/03/card-data-is-stolen-and-sold/?pagemode=print
ArpON 2.2 released
Posted by cdupuis on Monday, 02 May 2011 @ 09:27:27 EDT (1790 reads)
Topic In the News
Anonymous writes "
.: What is ArpON? :.
ArpON (ARP handler inspection) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.
This is possible using three kinds of anti ARP Poisoning tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dinamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.
SARPI, DARPI and HARPI protects both unidirectional, bidirectional and distributed attacks: into "Unidirectional protection" is required that ArpON is installed and running on one node of the connection attacked; into "Bidirectional protection" is required that ArpON is installed and running on two nodes of the connection attacked; into "Distributed protection" is required that ArpON is installed and running on all nodes of the connections attacked. All other nodes whitout ArpON will not be protected from attack.
ArpON is therefore a host-based solution that doesn't modify ARP's standard base protocol, but rather sets precise policies by using SARPI for static networks, DARPI for dynamic networks and HARPI for hybrid networks thus making today's standardized protocol working and secure from any foreign intrusion.
.: Features :.
- It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
- It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
- It detects and blocks unidirectional, bidirectional and distributed attacks
- Doesn't affect the communication efficiency of ARP protocol
- Doesn't affect the race response time from attacks
- Multithreading on all OS supported
- It manages the network interface into unplug, boot, hibernation and suspension OS features
- It works in userspace for OS portability reasons
- Easily configurable via command line switches, provided that you have root permissions
- Tested against Ettercap, Cain & Abel, dsniff and other tools
.: Platform compatibility :.
"
Penetration Testing Execution Standard
Posted by cdupuis on Friday, 04 March 2011 @ 08:12:36 EST (2204 reads)
Topic In the News
Anonymous writes "Iftach Ian Amit announced on facebook:
Penetration Testing Execution Standard
We have been working hard on this for the past few months, and are at a stage where we can show everyone where we are at:
Finally, a true definition of what a penetration test really is. This is a pre-alpha release, so go check out the website, poke at it, see what we are looking to do, contribute, criticize, and help out.
"
Announcing cross_fuzz, a potential 0-day in circulation, and more
Posted by cdupuis on Monday, 03 January 2011 @ 15:26:42 EST (2980 reads)
Topic In the News
As seen on the Full Disclosure and Bugrack mailing list:
== SUMMARY ==
I am happy to announce the availability of cross_fuzz - an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market - many
of said bugs exploitable - and is still finding more.
The fuzzer owes some of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across multiple documents, inspecting returned objects, recursing into them, and creating circular node references that stress-test garbage collection algorithms. More info about the exact algorithm used is given here:
http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
The design of the fuzzer makes it unexpectedly difficult to get clean, deterministic repros; to that effect, in the current versions of all the affected browsers, we are still seeing a collection of elusive problems when running the tool - and some not-so-elusive ones. I believe that at this point, a broader community involvement may be instrumental to tracking down and resolving these bugs.
***
I also believe that at least one of the vulnerabilities discovered by cross_fuzz may be known to third parties - which makes getting this tool out a priority.
***
== VENDOR RESPONSE / STATUS ==
* Internet Explorer: MSRC notified in July 2010. Fuzzer observed to trigger several exploitable crashes - e.g.:
http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt
...ad well as some security-relevant GDI corruption issues.
***
Reproducible, exploitable faults still present in current versions of the browser. I have reasons to believe that one of these vulnerabilities is known to third parties: http://goo.gl/7tcWh
***
Comment: Vendor has acknowledged receiving the report in July (case 10205jr), but has not contacted me again until my final ping in December. Following that contact attempt, they were able to quickly reproduce multiple exploitable crashes, and asked for the release of this tool to be postponed indefinitely. Since they have not provided an explanation as to why these issues could not be investigated earlier, I refused; more info here:
http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt
* All WebKit browsers: WebKit project notified in July 2010. About two dozen crashes identified and addressed in bug 42959 and related efforts by several volunteers. Relevant patches generally released with attribution in security bulletins. Some extremely hard-to-debug memory corruption problems still occurring on trunk.
* Firefox: Mozilla notified in July 2010. Around 10 crashes addressed in bug 581539, with attribution in security bulletins where appropriate. Fuzzing approach subsequently rolled into Jesse Ruderman's fuzzing infrastructure under bug 594645 in September; from that point on, about fifty additional bugs identified (generally with no specific attribution at patch time). Several tricky crashes still occurring on trunk.
Note: Flash-related (npswf32.dll) bad read/write offset crashes are also common if the plugin is installed.
* Opera: vendor notified in July 2010. Update provided in December stated that Opera 11 fixes all the frequent crashes, and that a proper security advisory will be released at a later date. Release notes state: "Fixed a high severity issue; details will be disclosed at a later date". Several hard-to-debug crashes reportedly still waiting to be resolved.
Note that with Opera, the fuzzer needs to be restarted frequently due to OOM conditions.
== DEMO / DOWNLOAD URL ==
Please see: http://lcamtuf.coredump.cx/cross_fuzz/
== MISC NOTES ==
Cross_fuzz can be easily extended to fuzz any DOM-enabled documents or browser plugins simply by providing new target documents. This may be an interesting area for future research.
I believe that releasing the tool at this point is considerably more prudent than the approach taken with ref_fuzz in 2008-2010:
http://lcamtuf.blogspot.com/2010/06/announcing-reffuzz-2yo-fuzzer.html
For updates, you can actually follow me on Twitter (gasp):
http://twitter.com/lcamtuf
Quiz: Donations are helping to help you
Posted by cdupuis on Sunday, 02 January 2011 @ 05:08:08 EST (2009 reads)
Topic In the News
Good day to all,
The CCCure.Org web site is totally self supported through a few sponsors and user donations.
Any amount you donate can help us to provide better content and also to hire resource that can do some developement for us. Although we do try to do as much as we can ourselves, there are cases where special skill might be required such as PHP development for example. In the past year we have spent over $4500 USD to add new features to the quiz engine. Our monthly hosting cost now exceed $400 USD. We do have to pay people to maintain the site as I can no longer do it alone. As you can see a FREE website is NOT free for us to maintain.
Today the CCCure Family of Portals reaches more than 100,000 members, it has provided millions of downloads to it's visitors, it has one of the best quiz engine on the net, it has close to half a terabyte of traffic per month, it is used by dozens of training company and universities in multiple countries. We are extremely proud of our achievement and would definitively like to continue providing such a FREE service to the community in the years to come.
This is why we must call for help. We kindly ask you to consider donating to the web site. We also strongly encourage you to get your company, organization, or department to make a donation as well. They are the first who benefit when you better your skills and knowledge, not to mention that they do save significant money by having free resources that you can use instead of them having to pay for such resources.
Thanks in advance
Clement and Nathalie
Maintainers of www.cccure.org
CLICK HERE TO DONATE
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
| Friday, November 05 | | · | ddosim (v0.2) - the application layer DDOS simulator |
| Wednesday, October 27 | | · | USBsploit v0.4b has been released |
| Tuesday, June 08 | | · | Protect yourself against ARP Poisoning attacks |
| Friday, June 04 | | · | New Open-Source OS Will Feature 'Disposable' Virtual Machines |
| Monday, March 15 | | · | SecurityFocus will reduce it's content and partially shut down |
| Wednesday, March 03 | | · | HPING3 Cheatsheet |
| Saturday, February 13 | | · | Security+ Tutorial for the CompTIA certification SY0-201 |
| Friday, February 12 | | · | Hacking games: Key to finding cybersecurity talent |
| Tuesday, February 09 | | · | More evidence of value of security certification |
| Thursday, February 04 | | · | Is my network part of a Botnet -- How do I find out? |
| Wednesday, February 03 | | · | A new version of [IN]SECURE magazine is ready for download |
| Monday, February 01 | | · | The H Security: Scareware becomes ransomware again |
| Friday, January 29 | | · | New logo for the CCCure Family of Portals |
| Thursday, January 28 | | · | What is rogue security software? |
| Friday, January 15 | | · | News from the Pauldotcom Crew |
Older Articles
|
