2006.09.25 Daily Security Reading

Well after being away at a Crossbeam and Checkpoint VSX training course all last week I’m back and trying to catch up on my security reading 🙂

Wireless Penetration Testing with OS X

When people think of attacking wireless networks, Linux is the first operating system that comes to mind. Although there are great tools and resources available for Linux, there are also several outstanding auditing tools available for the OS X wireless hacker. To perform a penetration test on a wireless network, you need first to find your target network. One good tool for discovering and attacking wireless networks is KisMAC.

Seven tips for optimizing shell script security

The shell script is ubiquitous on Linux hosts. Administrators use shell scripts to run backups, purge /tmp directories, monitor processes and create users, just to name a few tasks. Some applications are written in shell script also, and some users rely on shell scripts for installation or integration purposes.

Gartner highlights five high impact IT security risks

Gartner has advised businesses to plan for five increasingly prevalent cyber-threats that have the potential to inflict significant damage on organisations during the next two years. They are; targeted threats, identity theft, spyware, social engineering and viruses.

Zero-Day Response Team Launches with Emergency IE Patch

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.

Bypassing Network Access Control Systems

This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.

Metasploit 3.0 Automated Exploitation

Bank machine reprogramming made easy

OK, so we have all heard of the ATM giving money away in VB. This article gives a bit more info; a WAVY video and a link to a blog with additional info; ATM’s have passwords to access diagnostics (OK…), which, if not specially requested to be changed by buyers, is set to defualts which are found in the manual and More Vulnerable ATM Models Discovered and an ATM hack roundup.

Network Security: Be Afraid, Be Very Afraid

There’s a lot to be afraid of in the world of network security threats. That was the general consensus of a diverse panel at Interop that included vendors, an analyst and an enterprise user. Guarding against viruses? It’s like giving vaccine to a corpse.