Scary Beasts Security
FEBRUARY 3, 2013
Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome patches and autoupdates bugs pretty fast but this is a WebKit bug and not every consumer of WebKit patches bugs particularly quickly. So I've waited a few months to release a full breakdown of the exploit.
Elie
MARCH 7, 2013
Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Kali Linux
DECEMBER 7, 2013
We’re always on the lookout for and interesting ARM hardware for Kali Linux. Whether it’s a Galaxy Note or a USB stick sized SS808 , we want to see Kali run on it. You can therefore imagine our excitement, when we first laid our eyes on the Utilite pro. Utilite Pro is a quad core ARM cortex-A9 machine with up to 4 GB of RAM, up to 512 GB mSATA SSD , HDMI and DVI-D output, dual (2x) 1GB nics , a built in wireless card and 4 USB ports.
NopSec
MARCH 26, 2013
Penetration testing is one of the services that we offer NopSec customers. A vulnerability assessment and penetration test provide an excellent snapshot of an organization’s risk at a given point in time. By simulating a real-world attack, our Security Engineers actively attempt to exploit vulnerabilities and gain access to system resources without damaging or disrupting any of our customer’s production services.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
FEBRUARY 19, 2013
Prevention vs. clean up. It’s a security question all financial institutions should ask themselves. When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. That’s because they continue to allow criminals to get their foot in the door.
Privacy and Cybersecurity Law
SEPTEMBER 10, 2013
Focussed enforcement action The UK Information Commissioner’s Office (ICO) recently published its new policy on regulatory and enforcement action. The […].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Kali Linux
SEPTEMBER 4, 2013
Today we are pleased to announce the immediate availability of Kali Linux 1.0.5 with a rollup of various tool additions, fixes, and upgrades , including our fix for the encrypted encrypted LVM installation issue that we documented last week. As usual, users with Kali already installed just need to run a simple update to get the latest goodness: root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade We’ve also received updated ARM images from OffSec, which bring several fixes to issu
Kali Linux
SEPTEMBER 2, 2013
Kali Linux on any Android Phone or Tablet Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, we’ve built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android.
Kali Linux
AUGUST 28, 2013
A little while back, a bug with the LVM encrypted install in Kali Linux 1.0.4 was reported in our bug tracker. This bug was high priority in our TODO as encrypted installs are an important feature in our industry so we wanted to squash this bug ASAP. This article will describe the process of debugging, identifying, and fixing this bug in Kali, and ultimately in Debian as well.
Kali Linux
JULY 30, 2013
Whenever we are given the opportunity to describe Kali Linux, we use the word “ powerful ” Have you ever wondered or asked yourself why exactly we consider Kali to be so “Powerful”? Why is Kali any different or better from say, an Ubuntu machine with a bunch of security tools preinstalled on it? After all, our nmap package isn’t any better than anyone else’s, is it ?
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Kali Linux
JULY 24, 2013
In keeping with our tradition of publishing new releases during the annual Black Hat and DEF CON conferences, we are pleased to announce the availability of Kali Linux 1.0.4. The last few months since the initial release of Kali have seen a large number of changes, upgrades, and improvements in the distribution, all of which are included in version 1.0.4.
Kali Linux
JULY 14, 2013
We’ve just pushed a bunch of packages, tools, and utilities to the main Kali repositories. These tools have been on the top of our wish list for a while and some of them were quite challenging to package. Before we start telling you of our packaging woes, here’s how to update your Kali installation and get the latest goodness from our repos: apt-get update apt-get dist-upgrade apt-get install passing-the-hash unicornscan winexe apt-get install unicornscan enum4linux polenum apt-get i
Kali Linux
APRIL 25, 2013
A couple of weeks ago, we were approached (independently) by two blind security enthusiasts who both drew our attention to the fact that Kali Linux had no built-in accessibility features. This made Kali difficult, if not impossible, to both install and use from a blind or visually impaired user’s perspective. Our first attempts at building an accessible version of Kali failed and after a bit of digging, we found that there were several upstream GNOME Display Manager (GDM3) bugs in Debian ,
Kali Linux
MARCH 24, 2013
We’ve been busy this week, still behind on our emails, but going strong with Kali development. We packaged some new tools which were pointed out by the community as missing, such as inguma , arachni , bully , lbd , uniscan , automater , as well as started to build a framework of libraries and patches for bluetooth sniffing and ubertooth tools.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Kali Linux
MARCH 17, 2013
Five days into the Kali Linux release at BlackHat EU in Amsterdam, and we’re still not fully recovered. Since the release, we’ve had just over 90,000 downloads , a dozen or so package updates, added more articles to the Kali Documentation, started a Portuguese translation , and we even managed to squeeze in a small bugfix release (Kali 1.0.1), which resolved an annoying USB keyboard issue some users reported.
Kali Linux
MARCH 12, 2013
Enter Kali Linux “ So, what’s the difference between BackTrack and Kali? ” you might be asking. Unfortunately for us, that’s not a simple question to answer. It’s a mix between “everything” and “not much”, depending on how you used BackTrack. From an end user perspective, the most obvious change would be the switch to Debian and an FHS-compliant system.
Kali Linux
MARCH 12, 2013
Kali Linux, the rising It’s been 7 years since we released our first version of BackTrack Linux , and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version” Scrapping it all and starting afresh It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all t
NopSec
FEBRUARY 22, 2013
NopSec is pleased to announce the immediate availability of a new Executive Dashboard for Unified VRM. NopSec continues the rapid pace of innovation with new capabilities that provide customers with a graphical view of prioritized vulnerabilities and at-a glance progress toward fixes. Michelangelo Sidagni, Chief Technology Officer at NopSec, had this to say about the Executive Dashboard, “Our customers requested the ability to confidently gauge the vulnerabilities and risk at the present moment
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Scary Beasts Security
DECEMBER 29, 2013
Recently, there's been a reasonable amount of activity in the vtable protection space. Most of it is compiler-based. For example, there's the GCC-based virtual table verification, aka. VTV. There are also multiple experiments based on clang / LLVM and of course MSVC's vtguard. In the non-compiler space, there's Blink's heap partitioning, enabled by PartitionAlloc.
Elie
OCTOBER 25, 2013
I was lucky enough to get the new 2013 high-end Macbook Pro Retina (15in) yesterday and started wondering about how it compares to the mid-2012 Retina (15in) model. On a personal level, I'm also pretty interested in how its gaming performance compares with its predecessor's.
Elie
SEPTEMBER 17, 2013
Nearly everyone loves mobile apps that can perform local searches, get directions, or find the nearest decent restaurant. But what’s not so obvious is that these local apps can have hidden bandwidth costs — meaning that, in some cases, they can run up your phone bill in ways you might not expect.
NopSec
NOVEMBER 8, 2013
Many federal regulations such as GBLA, HIPAA and PCI require an annual penetration test. Customers often ask for our penetration testing services in direct response to a compliance request from an auditor or industry regulator. NopSec recommends a penetration test to determine a baseline of your company’s security posture. With that in mind, we have compiled some of our popular blog posts relevant to penetration testing for your reading enjoyment.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
NopSec
NOVEMBER 1, 2013
This is the time of the year that we get a lot of inquiries about performing an annual penetration test. In every organization there are trade-offs of time, resources and budgets. So the inevitable question that arises is, “How much does/should a penetration test cost ?” The truthful answer to this question is, it depends. Deciding what and when to test can be the hardest step.
NopSec
OCTOBER 25, 2013
Reports in the news make it clear that the sophistication of cyber-attackers continues to evolve. So why do so many companies rely on an annual penetration test as the only safeguard against a cyber-attack? Some reasons include: lack of resources, limited budgets, insufficient leadership support, and organizational barriers. However, another reason is that the role of penetration testing in overall vulnerability risk management is not well understood.
NopSec
OCTOBER 15, 2013
When IBM Security announced availability of its QRadar Vulnerability Manager earlier this year, vulnerability risk management was solidified as an important and developing category in the information security market. Moreover, it got me thinking about a common dilemma faced by our customers. What are the benefits of horizontal solutions versus point solutions and is there a middle ground?
NopSec
OCTOBER 4, 2013
In September the deadline for compliance with changes to the HIPAA rules relating to breaches of unsecured electronic Protected Health Information went into effect. At NopSec, we understand security-related processes and the risks associated with electronic protected health information (ePHI). The following post describes a recent penetration testing engagement that helped one of our customers address serious security vulnerabilities in an embedded medical device.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
NopSec
SEPTEMBER 17, 2013
The SANS 20 Critical Security Controls are prioritized mitigation steps to improve cybersecurity. Coordinated through the SANS Institute , many companies with mature security programs are aware of and have adopted the security controls with the objectives of increasing visibility of attacks, improving response preparedness and reducing information security risk.
NopSec
SEPTEMBER 13, 2013
One of the most important aspects of every complex system is flexibility. Flexibility of adapting to changing circumstances and leveraging existing investments in technology solutions. The architecture of Unified VRM was designed with flexibility as a primary consideration. It not only has the capability to perform native scans on a wide variety of assets (external, internal, configuration, web application, wireless and more to come) but it also has the flexibility to import scan results from ex
NopSec
SEPTEMBER 10, 2013
Cyber forensic investigators report that some of the most complicated and audacious hacks started in two simple ways: either with the compromise of an Internet-exposed web application or through the compromise of a misconfigured wireless network. Unified VRM Wireless module allows an organization to perform on-demand wireless penetration testing remotely and without cumbersome equipment.
NopSec
SEPTEMBER 6, 2013
As the benefits of cloud computing drive increased adoption by businesses, the fastest growing area of public cloud computing appears to be Infrastructure-as-a-Service (IaaS).But with adopting an IaaS model, businesses are often leaving the safety of their applications to the service provider and blindly moving to the cloud with disregard for commonly held security practices.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
82 
Let's personalize your content