New BlackArch – an Arch Linux-based distribution for penetration testers and security researchers

Presented new BlackArch Linux ISOs & installer, specialized distribution for security researchers and penetration testers.

Distribution built on Arch Linux packet-based and includes over 1200 security-related utilities. Supported Projects package repository is compatible with Arch Linux, and can be used in conventional plants Arch Linux.

Distribution supports assemblies for architectures: i686, x86_64, armv6h and armv7h. New BlackArch Live ISO size: 3.6 GB. As graphic environments have a choice of window managers: dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm. (more…)

System compromise in Microsoft Word

Vulnerability: System compromise in Microsoft Word

Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-0182
Impact: System Compromise
Affected Products: Microsoft Office Word 2007
Microsoft Office 2007

Affected versions: Microsoft Word 2007 (more…)

In Windows 8 found a serious vulnerability in storage passwords

Tags: Windows 8, vulnerability, authentication

Administrator Windows 8 can reveal the passwords of other users.

Company experts Password Recovery Software (PRS) have discovered a serious vulnerability in the new Windows 8 authentication mechanisms. It is about authentication methods through photographs and a PIN. Note that authentication with pictures in Windows 8 allows the user to select any photo, and then perform the following steps using the touch panel, for example, to draw a line between the hand and the nose or make a loop between two specific points in the image. Exact repeat these steps to confirm the identity of a system user. (more…)

Microsoft has released a temporary solution for a 0-day vulnerability in Internet Explorer

Tags: Internet Explorer, vulnerability, 0-day exploits

Users of Microsoft Internet Explorer versions 7, 8 and 9 is recommended as soon as possible to establish a temporary solution.

Microsoft has released a temporary solution to fix a critical vulnerability (CVE-2012-4969) in Microsoft Internet Explorer versions 7, 8 and 9. Browser users should promptly install it solution from the site manufacturer. (more…)

Nikto 2.1.5 – scanner for tested the web servers for vulnerabilities

Year and a half it took hackers Chris Sylla and David Lodge, to release a new version of the scanner Nikto 2.1.5.

It also displays the unique challenges for the more than 270 versions of the servers. The scanner also identifies common errors in web server configuration, including the presence of multiple index files, HTTP-server option, and then tries to make the most complete list of versions and modules on the server. List of objects for scanning Nikto is implemented as a plugin and is updated frequently (these plugins are not open source). (more…)

Spammers spread the links to Blackhole

Malicious messages contain a variety of important information to the user, often related to circulation of money.

According to research firm Websense, recently through spam on the Internet spread links to a set of exploits Blackhole.

According to experts, Blackhole is distributed worldwide through spam e-mail messages using a variety of schemes. In one case under the guise of spam distributed notification of a voice mail that came from servers Microsoft Exchange. In the second – the potential victims receive letters of thanks for a subscription to the premium service on the resource accountingWEB.com. In the third – users get different notifications claiming to be from the service of automatic data processing (ADP). (more…)

Reasons for the success of remote attacks on the Internet

The Internet is a distributed computing system (CS), the infrastructure which is well known and well described in various literature. Therefore the reasons for the success of remote attacks on distributed Sun may be projected on the Internet and make a conclusion about the existence of the network of significant gaps in security, which are based on reason. The attentive reader, studying the previous sections have probably mentally implemented projection and pointed out how the shortcomings inherent in the abstract distributed CS easily detected in real WAN – Internet.

• The absence of a dedicated communication channel between objects on the Internet

Global network can not be built on the principle of direct communication between objects in the system, that is not possible for every object to provide a dedicated channel to communicate with any other system. Therefore, the Internet connection is through a series of routers, and therefore, the message passes through a large number of intermediate sub-networks can be intercepted. Also connected to the Internet a great number of local Ethernet-network topology using “common rail”. In networks with a topology simple software intercepts all messages in the network. However, this weakness is common rather than the Internet, and Ethernet. (more…)

Denial of service in Cisco Unified Presence and Cisco Jabber XCP

Vulnerability: Denial of service in Cisco Unified Presence and Cisco Jabber XCP

Danger: middle
CVE ID: CVE-2012-3935
Remote:     Yes
Local:     No
Impact: Denial of service
Affected Products:

– Cisco Jabber Extensible Communications Platform (Jabber XCP) 5.x;
– Cisco Unified Presence 8.x. (more…)

Multiple vulnerabilities in Apache HTTP Server

Vulnerability: Multiple vulnerabilities in Apache HTTP Server

Danger: Low
CVE ID:

CVE-2012-0883
CVE-2012-2687

Affected products: Apache 2.2.x

Affected versions: Apache HTTP Server versions up to 2.2.23. (more…)

Hackers attacks on the operating system

Protect the operating system, as opposed to DBMS, it is much more difficult. The fact that the internal structure of modern operating systems are extremely complex, and therefore compliance with the adequate security policy is a much more difficult task. Among the people are of the opinion that the most effective attacks on operating Systems can be arranged only with the help of sophisticated tools based on the latest achievements of science and technology, and the attacker must be highly skilled programmer. This is not entirely true.

No one disputes the fact that the user should be aware of all the innovations in the field of computer technology. And the high qualification – not too much. However, art is not a hacker to break into any very “cool” computer security. You just need to be able to find a weak spot in a particular system of protection. In this case, the simplest methods of hacking are not worse than the most sophisticated, because the simpler algorithm of attack, the more likely it is completed without errors and crashes, especially where prior testing of this algorithm in conditions similar to “combat” are very limited. (more…)