News Bytes for null Pune Meet May

1. C () r r |_| p -|- NewsBytes

3. Pacman on google.com is playable (when click on insert coin). :P AWESOME !!!!

4. A hacker, who calls himself “ins3cted”, has demonstrated to Webwereld via video how by exploiting a simple SQL injection, he can retrieve 168,000 personal records from a Dutch website called Experience the OV (http://www.ervaarhetov.nl). Hopefully this incident will raise much needed awareness around the world of the need to ensure secure development and web application penetration tests The video is available from the following URL; http://webwereld.nl/nieuws/66012/ov-site-lekt-persoonlijke-data-168-000-reizigers.html Oops, SQL Injection Did it Again !!!

5. AusCERT, Australia's premier information security event on the Gold Coast In an email, IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine. Wightwick said the malware, which dated to 2008, was detected by most anti-virus products. "The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. http://www.itnews.com.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx IBM unleashes virus on AusCERT delegates

6. US security software vendor Symantec has reached an agreement to acquire VeriSign's web security business. Symantec has agreed to pay approximately $1.28 billion in cash for VeriSign's identity and authentication business assets. Symantec will take over the company's Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. According to Symantec, the deal is expected to close in "the September quarter More details about the acquisition can be found in slides and a press release from Symantec. Symantec acquires VeriSign's web security business

7. vulnerability count of 40 vulnerabilities, which is nearly as much as disclosed during the whole Month of PHP Bugs in 2007 For those that don't already know you can follow the Month of PHP Security on Twitter, too. Just follow @mops_2010 http://www.php-security.org/ May – Month of PHP Bugs

8. This codelab is built around Jarlsberg, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general. Jarlsberg - A Codelab by Bruce Leban, MugdhaBendre, and Parisa Tabriz

9. http://jarlsberg.appspot.com

10. John Shepherd-Barron – ATM Inventor India-Born Scottish inventor ATM inspired by Vending Machines also invented the PIN number (23 June 1925 – 15 May 2010) 84

11. Metasploit now has 551 exploit modules and 261 auxiliary modules (from 445 and 216 respectively in v3.3) Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (400K lines of Ruby) Over 100 tickets were closed since the last point release and over 200 since v3.3 http://blog.metasploit.com/2010/05/metasploit-framework-340-released.html Metasploit 3.4.0 Released

12. A commercial Metasploit Express variant by Rapid7 has been released at the same time. It offers a graphical user interface, is said to be more user friendly and simplifies report generation. Rapid7 offers a free 14-day trial licence and a full Metasploit Express licence costs $3,000 per year. Metasploit Express

13. Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. To download Metasploitable, you can pick up the torrent on the Express Community site. If you are an Express customer, you can pick up a direct HTTP download from the Customer Center. See the README.txt here for additional information, but be aware, there are spoilers in it. http://blog.metasploit.com/2010/05/introducing-metasploitable.html Metasploitable

15. Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term. BizploitOpensource ERP Penetration Testing framework released

16. Right click and start busting! http://www.sittinglittleduck.com/DirBuster-1.0-RC1.xpi Dirbuster Firefox Plugin

17. makes firefox can't make texts into body element and then it crashed. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571 Firefox 3.6.3 memory exhaustion crash vulnerabilities

18. http://www.nirsoft.net/utils/router_password_recovery.html New password recovery tool for router files

19. THANK YOU