Bojan Zdrnja Diaries
- A day in the life of a pentester, or is my job is too sexy for me?
- YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday
- Equifax breach
- Modern Web Application Penetration Testing , Hash Length Extension Attacks
- Struts vulnerability patch released by apache, patch now
- Infocon change to yellow for Adobe Flash issues
- OOB Adobe patch!
- Less is, umm, less?
- Security update for Adobe Flash player
- Guest diary: Detecting Suspicious Devices On-The-Fly
- Adobe updates for 2014/08
- Something is amiss with the Interwebs! BGP is a flapping.
- Host discovery with nmap
- Complete application ownage via Multi-POST XSRF
- OWASP Zed Attack Proxy
- Wireshark 1.10.4 and 1.8.12 are available
- Apple security updates Mac OS X and Safari
- VMware Security Advisory VMSA-2013-0014
- New spamming technique - onmicrosoft.com
- Microsoft phish
- Internet wide DNS scanning
- Access denied and blockliss
- CSAM! Send us your logs!
- Twitter DM spam/malware
- Would you hire a spammer?
- BGP multiple banking addresses hijacked
- Multiple Cisco security advisories
- MoVP II
- Privilege escalation, why should I care?
- Moore, Oklahoma tornado charitable organization scams, malware, and phishing
- Phishing/spam via SMS
- RuggedCom fails key management 101 on Rugged Operating System (ROS)
- Apple Remote Desktop update fixes no encryption issue
- YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
- Who protects small business?
- Microsoft advanced notification for July 2012 patch Tuesday
- New OS X trojan backdoor MaControl variant reported
- Adobe January 2012 Black Tuesday overview
- January 2012 Microsoft Black Tuesday Summary
- Microsoft Security Bulletin Advance Notification for December 2011
- Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
- GET BACK TO ME ASAP
- www.disa.mil down?
- Sysinternals updates, a new blog post, and webcast
- Two Cisco advisories: cisco-sa-20110330-nac and cisco-sa-20110330-acs
- What’s New, it's Python 3.2
- Winamp forums compromised
- Kaspersky update servers unreachable
- Microsoft Security Advisory 975191 Revised
- OpenSSL V 1.0.0 released!
- Time to change your hotmail/gmail/yahoo password
- Security Update available for Wyse Device Manager
- Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
- Disable MS09-054 patch, or Firefox Plugin?
- YYAMCCBA
- Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0
- Authorize.net down
- Password != secure
- Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
- Change your clocks?
- Bot honeypot
- October 2010 Microsoft Black Tuesday Summary
- OT: Happy Thanksgiving Day Canada
- Canada's Cyber Security Strategy released today
- H went down.
- Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
- MS OOB patch tomorrow for Security Advisory 2416728
- September 2010 Microsoft Black Tuesday Summary
- BlackEnergy DDoS
- Apple QuickTime potential vulnerability/backdoor
- Multiple Cisco Advisories
- autorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
- Dell PowerEdge R410 replacement motherboard firmware contains malware
- Adobe Reader Protected Mode
- Update on .LNK vulnerability
- GoDaddy Scam/Phish/Spam
- Distributed SSH Brute Force Attempts on the rise again
- End of the road for Cisco CSA
- Upswing in port 23/TCP scanning
- Shadowserver botnet rules
- Security update available for Adobe Reader and Acrobat
- Web App Testing Tools
- Get yer bogons out!
- OOB Update for Internet Explorer MS10-018
- Nmap 5.30BETA1 released
- APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
- Spamassassin Milter Plugin Remote Root Attack
- When is a 0day not a 0day? Samba symlink bad default config
- When is a 0day not a 0day? Fake OpenSSh exploit, again.
- BoA Offline?
- Neo-legacy applications
- PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
- PostgreSQL 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23 and 7.4.27 have security fixes http://www.postgresql.org/docs/current/static/release.html
- Anti-forensics, COFEE vs. DECAF
- Facebook Password Reset Confirmation. Customer Support. (Malware)
- Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
- Conficker patch via email?
- Flash Origin Policy Attack
- TLS & SSLv3 renegotiation vulnerability explained
- Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
- Truecrypt 6.3 released
- Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
- Cyber Security Awareness Month - Day 5 port 31337
- SeaMonkey Security Update
- Fake anti-virus
- So, you updated your Flash did you?
- apache.org compromised
- WPA with TKIP done
- YAMWD: Yet Another Mass Web Defacement
- Twitter spam/phish
- MS released two OOB bulletins and an advisory
- Infocon returning to green from MS Advisory 973472
- * Infocon raised to yellow for Excel Web Components ActiveX vulnerability
- Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
- Happy 4th of July!
- FCKEditor advisory
- BCP/DRP
- OT: Happy Birthday Canada!
- From the mailbag: Sympatico hacked, TCP dead, SHA-1 out, Belarus DoS
- Green Dam
- Google updates for Chrome
- IIS admins, help finding WebDAV
- Gumblar analysis and writeup
- Incident Management
- OpenBSD 4.5
- Adobe Flash Media Server privilege escalation security bulletin
- Odd packets
- Some conficker lessons learned
- Strange Windows Event Log entry
- Incident Response vs. Incident Handling
- Abuse addresses
- Adobe Security Bulletin Adobe Reader and Acrobat
- Fake stimulus payments
- Other patches and updates du jour...
- Time to patch your HP printers
- Obamamania
- Vmware patches
- Daylight saving time
- Day 13 - Containment: Containing on Production Systems Such as a Web Server
- OT: Happy Turkey Day Canada
- National Do Not Respond List
- TCp Sockstress vulnerability
- Apple updates iPod Touch + Bonjour for Windows
- Mailbag: OSSEC 1.6 released, NMAP 4.75 released
- OT: Happy Labo(u)r day!
- From the mailbag, Opera 9.52...
- CNN switched to MSNBC
- Exit process?
- OT: Happy Canada Day!
- Another example of malicious SWF
- Malicious swf files?
- Adobe flash player vuln
- Hi, remember me?...
- Windows Detours
- Windows XP SteadyState
- When is a DMG file not a DMG file
- When is your VM not your VM?
- BBB is back
- Patches and Vista service pack
- Upswing UDP/7100
- One explanation for 127.0.0.1
- How and when to contact the Internet Storm Center
- Another trojan embedded in a MS-Word DOC
- XO seems to be back, Hotmail intermittent
- Don't download the Dancing Skeleton!
- Happy Samhain / All Hallows Eve
- Cyber Security Awareness Tip #31: Legal Awareness (Regulatory, Statutory, etc.)
- Request for info, IPs, exploit examples on PDF mailto documents
- Vulnerability in JRE VM
- PDF mailto exploit documents in the wild
- Cyber Security Awareness tip #23 Using Browsers, SSL, Domain Names
- TOTALLY OT! Happy Thanksgiving Canada!
- Alleged Acrobat Vulnerability
- Pen Testing - Dangerous side effects?
- Blocking spoofed internal email from external sources
- Iframe > malicious javascript > trojan
- We need a new poll
- Thunderbird 2.0.0.0 released
- Oracle CPU
- Remove old JRE!
- My CERT/SIRT...
- Port 2968 update - Same as 2967 ever was
- Computer Associates Arcserve Buffer Overflow Vulnerability
- Concurrency strikes MSIE (potentially exploitable msxml3 flaws)
- MS06-071 is available via SUS 1.0
- Reverse Cross-Site Request (RCSR) vulnerability
- Mac OS X Apple UDIF Disk Image Kernel Memory Corruption
- ADODB.connection Vuln
- De-registering vgx.dll in an enterprise
- VML vuln being actively exploited
- Using ISA to help block VML exploit
- Tip of the Day : snort rule management
- NT 4.0 Protection
- Snort rulez management
- McAfee EPO fix
- Reported Shockwave issue with Myspace.com
- Empty emails?
- Excel new vuln FAQ
- Reports of multiple OS X vulnerabilities with PoC
- Microsoft patch problems
- Wireless security?
- Sendmail vuln
- Ubuntu install passwd in log
- Malware quiz
- nmap 4.00 released
- Cisco VPN 3000 crafted HTTP attack
- It is all about the risk.
- Microsoft advanced bulletin
- Sober, Bagles, and Mytobs ad nauseum...
- PHP 5.1 update with several security fixes
- New Skype vulnerabilities
- Happy turkey day
- IE 6 SP1 and Direct X downloads
- Zen approach to backups
- Infocon gone yellow; Patch available for Internet Explorer (.Net) 0day Exploit; Open letter; OS-X Patches; 1433 scans after Zotob; Zotob MSRT updated
- Microsoft patches are out; Port 80 spike; Mail bag; Firefox 1.0.5 released; Oracle and Apple too!
- More tools, Google summer of code
- Top 20 update; IM malware and IRC bots are the flavor of the day; Sober variant
- DNS cache poisoning, again.
- LLSSRV; The end of the Internet; DNS Cache Poisoning; New Handler
- Microsoft non-patch; 8181 TCP; Safer Internet Day
- Tsunami.exe, Oracle critical patch update, got packets?
- Sun bulletins, MS04-040 discussion, anti-spam vigilante-ism dumb, did you know?
- Dshield down, Sun releases Solaris 10, Bots new?, Some links, Vuln in Skype