In association with heise online

18 January 2013, 11:41

Lost+Found: Moxie on the beach, hacker flair, Volatility and NTLM

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found logo Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been been on The H's radar this week. In this edition: an SSL guru in search of new challenges, hacker flair for all, guidelines for advisory authors, a Volatility contest and a very liberal URL shortener.

  • "Today is my last day working at Twitter," announced encryption expert Moxie Marlinspike last Friday, without providing any reasons. After Twitter took over his company, Whisper Systems, Marlinspike worked at Twitter for over a year. When asked about his next steps, the researcher replied: "The beach, to begin with."

  • The laugh is always on the loser. "Turns out 'Java' stands for 'Just Another Vulnerability Announcement'" is the word going around on Twitter. Not without reason: apparently, another new security hole has been found in Java.

  • Those who have looked over the shoulder of a pen tester or hacker at work – or are such persons themselves – know that, from a visual point of view, these jobs aren't anywhere near as spectacular as Hollywood would make them look. This GIF animation, on the other hand, oozes with hacker flair. Simply play it in full-screen mode.

  • You've found a security issue and want to tell the world about it? The Open Security Foundation (OSF) will tell you how to write a good advisory.

  • Computers sometimes do strange things, a security expert who goes by the name of n0x00 has found. He implemented a public server that requested an NTLM login when establishing a connection on port 80. Then, n0x00 requested a short URL that pointed to the server's IP address (http://31.3.3.7:80) from GoDaddy's x.co URL shortening service. He was baffled by the result: his server was visited by one of the URL shortener's systems, which wanted to log in via NTLM using internal Active Directory credentials.

(fab)

Print Version | Send by email | Permalink: http://h-online.com/-1786830
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit