spamversand

On the last meeting of the AK Sicherheit (ECO Verband) we could see a live demo
of the tool Beef (Browser Exploitation Framework). Nice to see that XSS-attacks
(cross-site-scripting) is not only a nice POP-UP window, but is indeed a real attack
vector for anyone.
Try yourself, the software can be downloaded from www.bindshell.net

I finally managed to create my own RBL (realtime blocklist) feeded by my honeypot.
All verified IPs which successfully attacked the honeypot are put into a database, which
provides a rbl for our MXes. The IPs are held for 24 hours except those which have more than 50
successful attacks within the last day. I was wondering if there were any mail-hits to be seen
at all; at least these are totally different attack vectors. But strangely enough I could see
blocked emails because of the entries made by the honeypot. We will see how well this
performs.

Today the Bundesverfassungsgericht judged about the 6 months collection
of ip addresses and email-data. Result: The current laws are not satisfying the german
Grundgesetz (constitution). All saved data are to be deleted.

Press information

On the other hand are these kinds of collection not impossible at all, as long as the
laws are made right. We will see if we can use our boxes for binary-news storage
instead

Do you believe your neighbour is using your WLAN without your permission?
Here is a funny solution what to do with him:
(found in “Full Disclosure”)

http://www.ex-parrot.com/pete/upside-down-ternet.html

I’ve added quite a lot of target ips to the honeypot. The number of successfully analyzed attacks per hour
raised to more than 750. Each attack generates an automatic complaint or results in blocking our own customer.
Must have a look if the honeypot and the following systems are powerful enough..

The famous backup-software Mondo has been released with a new version:


Project mondorescue version 2.2.9.1 is now available
Now available at ftp://ftp.mondorescue.org



Thanks to Bruno Cornec for this flexible image-generating tool.

Nessus, the popular Security-Scanner has been released in a new version:
(continue reading…)

Rumors say that str0ke, the maintainer of milw0rm has
died. There has been a lag recently in publishing new exploits on this website, so it might be true?

— Update —

Seems it was a fake: http://twitter.com/str0ke says he’*s alive and kicking.

Yamata Li from the Palo Alto Networks threat research team has developed a plugin for wireshark that allows you to view the obfuscated traffic generated by a Mariposa (Botnet) infected client.
This info was published on Full Disclosure today. The website mariposa-tool shows the detailed usage of this tool.

A post in Full Disclosure reminded me of Nikto,
a security tool for webservices. Based on libwhisker it tests a whole lot of possible bugs
in a webserver/application. Works nice .. just wondering why it says spamversand.de runs on Microsoft IIS 5/0 ..?