Showing 16 results for: September 2013 ×

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code (GSoC) program through OWASP. We helped by mentoring Mihai Pitu who developed a port of ModSecurity for Java! The main problem this project...

SpiderLabs Radio September 27, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs. This weeks episode features stories about exposed.su, SSNDOB.MS, Lexis/Nexus, icefog, #istouchidhackedyet, StarBug, CCC, NYPD + iOS7, Schneider Electric, CFAA, sextortion of Miss Teen...

ModSecurity XSS Evasion Challenge Results

On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will provide an overview of the challenge and results. Value of Community Testing First of all, I would like to thank all those people that participated...

Is Oracle Application Server End-of-Life?

I was asked recently to review a web server running Oracle Application Server. The scope was quite specific, where the customer wanted a special focus on this area. In this case they wanted to know how I tested it, what...

SpiderLabs Radio September 20, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs. This weeks episode features stories about RSA, Hidden Lynx, Freedom Hosting, iPhone Lock Screen Bypass, iPhone fingerprint Bounty, NSA buys from VUPEN, IE...

Hey, can I use your server for spamming?

Over the last few months I have encountered two separate cases of our customers being impacted by outbound spam, i.e., spam originating from within their networks. The first sign that anything was wrong was that the customers' mail servers were...

Trust for Sale

Let's, for a moment, get into the mind of a cyber criminal: Say you have a malicious executable that steals sensitive data (credit card numbers, credentials, etc.), which you would like to execute on compromised computers. You put lots of...

Vino VNC Server Remote Persistent DoS Vulnerability

Last week, I was making some performance enhancements to the VNC protocol implementations in the TrustKeeper Scanning Engine. Unfortunately, in my mission to "Go Fast!", I managed to trigger a Denial of Service (DoS) vulnerability in Vino. Vino is the...

SpiderLabs Radio September 13, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs. This weeks epsidoe features stories about Santander Bank, $300K for Pwn2Own, The FOX say SEA, Russia Cybercrime 1.9N, Kim Suky, McAffee Lives!, Google...

Microsoft Patch Tuesday, September 2013

In Chicago, it's been a roller coaster of a summer with cold weather to now steaming hot. Fortunately, the weather held out for last weekend Trustwave summer outing which was held at Six Flags Great America in Gurnee, Illinois. For...

SpiderLabs Radio September 6, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs. This weeks epsidoe features stories about NSA budget reveals offensive cyber attacks, FaceBook Bug Reporter gets crowd bounty, job offer and then compromised,...

Microsoft Advance Notification for September 2013

This month Microsoft continues the recent tradition of large Patch Tuesday with fourteen Bulletins this month. No less than eight of them are categorized as remote code execution but only four of them are rated as Critical. Nothing like a...