Web application privilege escalation, the Movie, from last years Security BSides London 2012. This year's event, Security BSides London 2013 [slated for 2013/04/24; at the Kensington and Chelsea Town Hall, ensconced on Hornton Street in London ] is this month's MustAttend event.
via San Francisco Chronicle and The Verge, by way of the Associated Press, comes the sorry tale of failed information security software development governance, leadership failures and jurisprudence [both military and civilian], otherwise known as "How To Build Patriot Missiles With Purloined Bits"...
A newly discovered and pernicious SQL Server targeting malware package has emerged, in this case targeting Microsoft Corporation (NasdaqGS: MSFT) SQL Server databases utilizing an OLEDB vector, specifically in the Middle East. Monikered W32.Narilam, this worm appears to function like most other infect code, copying and traversing drives and network file shares.
Simply astounding. In an effort to control it's apparently pirated bits, Enfour's licensing code fails to measure up, and tweets false statements related to legal licensees of the company's products. What next - public spanking?
Solar collector systems management and control products are apparently vulnerable to attack. Certainly, in-line with other reported SCADA vulns, this news is not altogether surprising. Dark skies ahead, indeed...
via Ivan Ristić, author of ModSecurity, and Apache Security, and one of the great minds in information security today, comes news of The Trustworty Internet MovementSSL Pulse. SSL Pulse, is essentially, a information dashboard provisioning significant data relevant to the current state of the SSL ecosystem, if you will. Absolutely Outstanding.
"...Archive Team is a loose collective of rogue archivists, programmers, writers and loudmouths dedicated to saving our digital heritage. Since 2009 this variant force of nature has caught wind of shutdowns, shutoffs, mergers, and plain old deletions - and done our best to save the history before it's lost forever. Along the way, we've gotten attention, resistance, press and discussion, but most importantly, we've gotten the message out: IT DOESN'T HAVE TO BE THIS WAY. This website is intended to be an offloading point and information depot for a number of archiving projects, all related to saving websites or data that is in danger of being lost. Besides serving as a hub for team-based pulling down and mirroring of data, this site will provide advice on managing your own data and rescuing it from the brink of destruction. Feel free to join us on the IRC channel! We're on the EFnet network in a channel called #archiveteam, where we say truly awful things..." via The Archive Team