securitybananas.com

My dear friend Ivan Buetler from Compass & Hacking-LAb posted a movie of the SSL/TLS re-negotiation attack on his site.

Have a look here

Great work and thanx for sharing!

The European Network and Information Security Agency) released their 124 page report on Cloud Computing Security Risk Assessment.

It’s a great project; I will dig into this document this week.

You can download the document here

After two interesting days of talks, meetings and really interesting conversations about security the conference was closed.  Security experts from all over Europe gave presentations and training about VoIP, BGP hacking, Application hacking/Wargames, Virtualization security and Digital Forensics. Thanks for the great organization and it was really nice to meet you!

Some pictures of the conference:

http://s962.photobucket.com/albums/ae109/tenict2009/

The next couple of days I will be present at ITUnderground Warsaw 2009.

Would be nice to meet you there.

Agenda:

http://itunderground.org/en/wydarzenia/50-IT_Underground_Warsaw tab ‘Agenda’

I will cover the conference from my Twitter account

Convinced from spending hours reading rave reviews, Bob eagerly clicked “Proceed to Checkout” for his gallon of Tuscan Whole Milk and…

Whoa! What just happened?

In the 220 milliseconds that flew by, a lot of interesting stuff happened to make Firefox change the address bar color and put a lock in the lower right corner. With the help of Wireshark, my favorite network tool, and a slightly modified debug build of Firefox, we can see exactly what’s going on.

By agreement of RFC 2818, Firefox knew that “https” meant it should connect to port 443 at Amazon.com:

Most people associate HTTPS with SSL (Secure Sockets Layer) which was created by Netscape in the mid 90′s. This is becoming less true over time. As Netscape lost market share, SSL’s maintenance moved to the Internet Engineering Task Force (IETF). The first post-Netscape version was re-branded as Transport Layer Security (TLS) 1.0 which was released in January 1999. It’s rare to see true “SSL” traffic given that TLS has been around for 10 years.

Read the rest of this must read on the blog of Jef Moser:

http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Botnets, networks of malware-infected machines that are controlled
by an adversary, are the root cause of a large number of security
problems on the Internet. A particularly sophisticated and insidious
type of bot is Torpig, a malware program that is designed to
harvest sensitive information (such as bank account and credit card
data) from its victims. In this paper, we report on our efforts to take
control of the Torpig botnet and study its operations for a period of
ten days.

Read the full paper:

http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf

Trend Micro’s Senior Threat Researcher David Sancho has written a great in-depth analysis of this new threat.

Read it here:

http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/bredolab_final.pdf