Papers | The Honeynet Project

Papers | The Honeynet Project

Hack In The Box Forums • View topic - Penetration Tester's Lab - Hack your own machine (win2k sp4)

Hack In The Box Forums • View topic - Penetration Tester's Lab - Hack your own machine (win2k sp4):

"I just install windows 2000 pro sp4 into vmware & now I want to do some penetration testing on this machine…hopefully u can help me to find all vulnerabilities in this machine…"

CITRIX: Owning the Legitimate Backdoor | GNUCITIZEN

CITRIX: Owning the Legitimate Backdoor | GNUCITIZEN:

"The other day I was performing some CITRIX poking, so I had a lot of fun with breaking GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate many things about ICA (Independent Computing Architecture). For example, when querying Google and Yahoo for public .ICA files, I was presented with tones of wide open services, some of which were located on .gov and .mil domains."

Two convicted for refusal to decrypt data • The Register

Two convicted for refusal to decrypt data • The Register:

"Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years."

Chinese Spying Claimed in Purchases of NSA Crypto Gear | Threat Level | Wired.com

Chinese Spying Claimed in Purchases of NSA Crypto Gear | Threat Level | Wired.com:

"A Chinese national was indicted this week for conspiring to violate U.S. export law, following a nearly three-year investigation into his alleged efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources."

Microsoft knew of nasty IE bug a year before attacks • The Register

Microsoft knew of nasty IE bug a year before attacks • The Register: "Microsoft was aware of a critical vulnerability in an Internet Explorer component at least 12 months before attackers started targeting it in lethal exploits that take full control of end-users' PCs, a member of its security team said Wednesday."

Online attack hits US government Web sites

Online attack hits US government Web sites:

"A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.

The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT)."