arjun | 16 Jul 09:27 2014

Hashes/encoded for a string input

Greetings!

Is there any convenient way to compute different hash values / encoded 
strings for a string?
Or a bash/python/perl script that could facilitate same?

 <at> 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

cfp | 15 Jul 07:16 2014
Picon

Ruxcon 2014 Final Call For Presentations

______________________________________________________________ _._) (_._ | .%$$% .. | ' __________. ._____ ________.&&$ '$$%$.__________ ' ._\ /___.___\ \_____/ ____/$ &&$\ /_ -:-\ \_____\ | /____/ /________\'$#%. .$&&'/____/ /-:- /____/ \________/ \____\ ' %$$$%' /_____/ . www.ruxcon.org.au . _|_ _|_ '(______________________________________________________________)'
Introduction

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

About Ruxcon

Ruxcon is the premier technical computer security conference in Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

Important Dates

  • September 15 - Call For Presentations Close
  • October 6-7 - Ruxcon/Breakpoint Training
  • October 8-9 - Breakpoint Conference
  • October 11-12 - Ruxcon Conference

Topic Scope

Topics of interest include, but are not limited to:

  • Mobile Device Security
  • Virtualization, Hypervisor, and Cloud Security
  • Malware Analysis
  • Reverse Engineering
  • Exploitation Techniques
  • Rootkit Development
  • Code Analysis
  • Forensics and Anti-Forensics
  • Embedded Device Security
  • Web Application Security
  • Network Traffic Analysis
  • Wireless Network Security
  • Cryptography and Cryptanalysis
  • Social Engineering
  • Law Enforcement Activities
  • Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
Submission Guidelines

In order for us to process your submission we require the following information:

1. Presentation title
2. Detailed summary of your presentation material
3. Name/Nickname
4. Mobile phone number
5. Brief personal biography
6. Description of any demonstrations involved in the presentation
7. Information on where the presentation material has or will be presented before Ruxcon

As a general guideline, Ruxcon presentations are between 45 and 60 minutes, including question time.

Please note that Ruxcon isn't able to cover any travel expenses for speakers. Speakers in the past have had success in having their employer cover conference related expenses. Our other conference Breakpoint does cover travel expenses and runs 3 days before Ruxcon.

If you have any enquiries about submissions, or would like to make a submission, please send an email to presentations <at> ruxcon.org.au

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Phil Fagan | 11 Jul 04:46 2014
Picon

Re: Windows Active Directory Domains

I'll take the pro side for academic reasons....

I can see a benefit for having uniq forests for this function assuming
you also have uniq roles and responsibilities. Generally through
object permissions, network segmentation, and proxy-auth access to
protected resources you can achieve an extra level of security. So if
you have a team maintain the HR firewall, HR AD assets, and HR
services wholly separate from the team that you have maintaining the
remainder of the Enterprise then yes, you improve your security
posture.

If its all the same team maintaining all the gear....its an overly
complex design and provides no true gains.

On Thu, Jul 10, 2014 at 8:40 PM, Phil Fagan <philfagan <at> gmail.com> wrote:
> I'll take the pro side for academic reasons....
>
> I can see a benefit for having uniq forests for this function assuming you
> also have uniq roles and responsibilities. Generally through object
> permissions, network segmentation, and proxy-auth access to protected
> resources you can achieve an extra level of security. So if you have a team
> maintain the HR firewall, HR AD assets, and HR services wholly separate from
> the team that you have maintaining the remainder of the Enterprise then yes,
> you improve your security posture.
>
> If its all the same team maintaining all the gear....its an overly complex
> design and provides no true gains.
>
>
> On Tue, Jul 8, 2014 at 2:48 PM, <joeb1kenobe <at> gmail.com> wrote:
>>
>> I have a scenario where I am trying to evaluate the security benefits of
>> an Active Directory domain structure.
>>
>> We will call the company XYX Inc. They have an AD Forest/Domain for
>> general users. They also have a separate AD Forest/Domain for their HR Users
>> that is behind a firewall.
>>
>> The claim is that the separate forests with a one way trust provides the
>> necessary security to protect the HR Information.
>>
>> My thinking is that having the users/servers in the same forest would
>> provide additional benefit of ease of use for the technical team. Using the
>> already existing firewall, separate the servers behind the firewall for the
>> needed protection of HR files.
>>
>> Before I make a recommendation of one way or the other, I wanted to elicit
>> the ideas of others who may have seen similar situations.
>>
>> Thanks
>>
>> Joe Brown
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate.  We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>> ------------------------------------------------------------------------
>>
>
>
>
> --
> Phil Fagan
> Denver, CO
> 970-480-7618

--

-- 
Phil Fagan
Denver, CO
970-480-7618

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

joeb1kenobe | 8 Jul 22:48 2014
Picon

Windows Active Directory Domains

I have a scenario where I am trying to evaluate the security benefits of an Active Directory domain structure.

We will call the company XYX Inc. They have an AD Forest/Domain for general users. They also have a separate
AD Forest/Domain for their HR Users that is behind a firewall. 

The claim is that the separate forests with a one way trust provides the necessary security to protect the HR
Information.  

My thinking is that having the users/servers in the same forest would provide additional benefit of ease of
use for the technical team. Using the already existing firewall, separate the servers behind the
firewall for the needed protection of HR files.

Before I make a recommendation of one way or the other, I wanted to elicit the ideas of others who may have seen
similar situations. 

Thanks

Joe Brown

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Rællic Systems | 4 Jul 19:28 2014

White hat referral request

Hi,

So far I've been laughed out of #crypto and #security.  Could someone suggest where else to find
professional info security consultants who are reasonably comfortable working with regular people? 
Project is a communications system for journalists, and others if it is good enough.

Thanks,

Andrew Watters

-
Director
Rællic Systems
director <at> raellic.com
https://www.raellic.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Muhammad Saqib | 4 Jul 08:15 2014
Picon

Fake Security Certificate

Hello All

I am in a little bit of fix relating to security of my office email
and thought to seek advice of community here.

I work in a small company and our office email is hosted on Google. A
few days ago, I tried to change the password of my email and instead
of opening the usual Google page for password change, it redirected me
to passwordchange.mycompanydomain.com and my browser told me that the
security certificate of this webpage cannot be trusted. nslookup
passwordchange.mycompanydomain.com revealed that this webpage is
indeed hosted by the server managed by our system administrator.
Obviously, the password change link in the Google mail has been
redirected to this webpage by our system administrator who is also
responsible for managing and hosting of office email on Google and has
the rights to edit such information.

I would like to ask:

1. Is this something which I should ignore and continue with my email
as earlier?

2. One possible reason for system administrator to do this could be
enabling single sign on service for the users i.e. same password for
email and the domain log on on office computers. By collecting the
password from the email, the system admin can save the same password
for domain log on. However, is this excuse good enough to allow for
such practice?

3. Even if it is being used for single sign on, isn't there any way
that an application using a trusted certificate can be used for this
purpose?

I would greatly appreciate your expert opinion on this.

Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Hafez Kamal | 24 Jun 16:28 2014

[HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week

The deadline to submit your papers for the the 12th and FINAL HITB
Security Conference in Malaysia is just around the corner! Paper
selection will be done in two rounds:

ROUND 1 DEADLINE: 30th June 2014
FINAL DEADLINE: 31st July 2014

HITBSecConf2014 - Malaysia takes place at Intercontinental Kuala Lumpur
from October 13th - 16th (13th / 14th = training // 15th / 16th =
conference)

http://conference.hitb.org/hitbsecconf2014kul/

---

As always, we're looking for talks that are highly technical, but most
importantly, material which is new, fresh and that _hasn't been
presented previously_

HITB CFP: http://cfp.hackinthebox.org/

===

Each accepted submission will entitle the speaker(s) to
accommodation for 3 nights / 4 days at the Hilton DoubleTree and travel
expense reimbursement up to EUR1200.00 per speaking slot.

Topics of interest include, but are not limited to the following:

   Cloud Security
   File System Security
   3G/4G/WIMAX Security
   SS7/GSM/VoIP Security
   Security of Medical Devices
   Critical Infrastructure Security
   Smartphone / MobileSecurity
   Smart Card and Physical Security
   Network Protocols, Analysis and Attacks
   Applications of Cryptographic Techniques
   Side Channel Analysis of Hardware Devices
   Analysis of Malicious Code / Viruses / Malware
   Data Recovery, Forensics and Incident Response
   Hardware based attacks and reverse engineering
   Windows / Linux / OS X / *NIX Security Vulnerabilities
   Next Generation Exploit and Exploit Mitigation Techniques
   NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security

WHITE PAPER: If your presentation is short listed for inclusion into the
conference program, a technical white paper must also be provided for
review (3000 - 5000 words).

Your submissions will be reviewed by The HITB CFP Review Committee:

Charlie Miller, Twitter
Katie Moussouris, Chief Policy Officer, HackerOne
Itzik Kotler, Chief Technology Officer, Security Art
Cesar Cerrudo, Chief Technology Officer, IOActive
Jeremiah Grossman, Founder, Whitehat Security
Andrew Cushman, Senior Director, Microsoft
Saumil Shah, Founder CEO Net-Square
Thanh 'RD' Nguyen, THC, VNSECURITY
Alexander Kornburst, Red Database
Fredric Raynal, QuarksLab
Shreeraj Shah, Founder, BlueInfy
Dr. Marco Balduzzi, Senior Researcher, Trend Micro
Emmanuel Gadaix, Founder, TSTF
Andrea Barisani, Inverse Path
Philippe Langlois, TSTF
Ed Skoudis, InGuardians
Haroon Meer, Thinkst
Chris Evans, Google
Raoul Chiesa, TSTF/ISECOM
rsnake, SecTheory
Gal Diskin, Intel
Skyper, THC

Regards,
Hafez Kamal
Hack in The Box (M) Sdn. Bhd
36th Floor, Menara Maxis
Kuala Lumpur City Centre
50088 Kuala Lumpur, Malaysia
Tel: +603-26157299
Fax: +603-26150088

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

kartik.netec | 16 Jun 10:16 2014
Picon

DDoS protection

Hi,

My question is about the DDoS protection appliances. Is it really worth spending $$$$$ buying a DDoS
appliance if we already had DDoS subscription from the ISPs?

And apart from Arbor and Fortinet, do we have any other big player in this technology?

PS: we are not evaluating cloud based DDoS protection.

Please advise.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

amit malik | 14 Jun 17:14 2014
Picon

SecurityXploded Meet - 21st June 2014, Bangalore, India!

Hi All,

This is an announcement for SecurityXploded meet on 21st june 2014 in
bangalore, india. This meet is completely free and doesn’t require any
registration or any other formalities to attend. The meet will start
at 10 AM IST.

After the meet, we will upload the presentations/videos for our online
users to our website.

| Download our free malware analysis trainings:
http://securitytrainings.net/security-trainings/ |

Talks:

10:00-10:30 – Introduction – SecurityXploded Team
10:30-11:30 – Watering Hole Attacks, case study and analysis –  Monnappa
11:30-12:10 – Chronicles of Malwares and Detection Systems –  Amit Malik
12:10-12:30 – Discussion

Venue:

Startup Warehouse,Tower D, 5th Floor, NASSCOM

Diamond District, Old Airport Road

Bangalore.

LandMark: Near Domlur Flyover, ISRO colony.

Contact Details:

email: team <at> securityxploded.com, m.amit30 <at> gmail.com

Group mailing list:
https://groups.google.com/forum/?fromgroups#!forum/securityxploded

Website: www.securityxploded.com, www.securitytrainings.net

Reference post:
http://securitytrainings.net/securityxploded-meet-21st-june-bangalore-india/

Cheers,

Amit

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Julian Kirsch | 15 May 12:06 2014
Picon

Collecting data to demonstrate TCP ISN-based port knocking


Hi all,

some of you might know a project called "Knock", which implements
a variant of port-knocking in the Linux kernel that can be used to
check the authenticity of arbitrary TCP connections and even can do
integrity checking of the TCP payload by using a pre-shared key.

We still hope that Knock will be eventually useful for adding an extra
layer of security to applications like SSH, VNC or Tor (think:
bridges), but could use your help to collect data to help convince the
Linux people to adopt the latest patch.

As Knock uses two fields in the TCP header in order to hide information
and we explicitly want to be compatible with machines sitting in
typical home networks, we need to make sure that this information
doesn't get corrupted by the majority of NAT boxes out there. We thus
created a program which tests if Knock would work in your environment.
It would be great if some of you were able to execute the program on
your machines in order to help us to get an estimation of if Knock one
day could be used in a larger scale.

You can find sources, binaries and a more elaborate description here:
https://gnunet.org/knock_nat_tester
Technical details about Knock and a (somewhat outdated) research paper
as well as kernel patches are provided here:
https://gnunet.org/knock

Best,
Julian & Christian
DjinnS C. | 13 May 12:11 2014
Picon

CERT and ISO 27001

Hi,

I'm searching a service/company doing continuos review of security
alerts for various tools, software and hardware (Apache, PHP, Cisco
IOS, Juniper JunOS, Netapp Ontap, etc ...).

I think the right way is to use a CERT offering commercial services
with daily notifications about a list of specifics choosen subjects.

I found some companies with a commercial CERT offering this services:
Lexsi, XMCO, Intrinsec.

Do you know or use a service link this ?

We need this for our implementation of ISO 27001 standard.

Thank you in advance.

Regards,

--
Guillaume

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Gmane