SBS 2003 and Microsoft Security Bulletin MS08-006

by File in: SBS, security

I was scanning through Microsoft Security Bulletin MS08-006 and saw the Aggregate Severity Rating was ‘Important’ for all versions of Windows XP and Windows 2003. Because no critical ratings were listed, I felt secure in waiting a day or two before applying this patch. I tend to wait for others to find patch problems before […]

New TrueCrypt Available – Free Open Source Disk Encryption Software for Windows Vista/XP , Mac OS X, and Linux

by File in: security, utilities

TrueCrypt is a great little freeware tool I’ve used on my USB flash drive for quite a while. A new version was just released that includes the following features: Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, […]

Check out Hello Secure World Virtual Labs

by File in: security

Microsoft’s Hello Secure World web site has some very nice virtual labs all network administrators should take a run through. You’ll be introduced to some of the attacks the bad guys use to try to penetrate our networks, such as Cross Site Scripting and SQL Injection. This site is definitely targeted towards the MSDN/developer crowd, […]

MS08-001 details and exploit video

by File in: security, Windows

Here is an interesting, albeit highly technical video analyzing a buffer overflow vulnerability described in MS08-001. I knew assembly language back in college, but it was still tough for me to understand how the code analysis was performed. For those who are not familiar with this security bulletin: According to ISS, who discovered this issue, […]

For Pentesters, Maltego is all about discovering relationships between objects

by File in: security

Maltego is a nifty application that help penetration testers and other security professionals determine relationships between objects, all presented in a graphical fashion. Why would a pentester want to do that? Because the majority of pentesting work is reconnaissance, not vulnerability detection and exploitation, and Maltego helps automate the recon work. Potenially valuable items the […]

Printer spamming on port 9100

by File in: security

Jeremiah Grossman posted about an interesting proof of concept paper Aaron Weaver wrote about spamming printers from the Internet. He is able to perform this cross-site printing exploit that uses RAW IP printing on port 9100 to print out ascii art on an unsuspecting user’s printer. I decided to try this out for myself on […]