cestmir.holub.ext | 16 Apr 16:02 2014

NMAP service detection for https before http

Hello,
do you know how to make NMAP service detection for https (ssl/http) before http?
I have both protocols http and https on one port enable.
The nmap service detection discovered only http (probably first found known service), but I need to have
https listed and don't need the http information.
Thank you, C.Holub

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Vic Vandal | 13 Mar 21:57 2014
Picon

CarolinaCon-10 - May 2014 - FINAL ANNOUNCEMENT

CarolinaCon-10 will be held on May 16th-18th, 2014 in Raleigh NC.  For the cheap price of your average movie
admission with popcorn and a drink ($20) YOU could get a full weekend of talks, hacks, contests, and
parties.  

We've selected as many presentations as we can fit into the lineup.  Here they are, in no particular order:

- Bypassing EMET 4.1 - Jared DeMott
- Password Cracking for noobs - smrk3r
- AV Evasion with the Veil Framework - HarmJ0y, Christopher Truncer, Michael Wright
- Simple Network Management Pwnd - Deral Heiland & Matthew Kienow
- F*ck These Guys: Practical Counter-surveillance - Lisa Lorenzin
- Carding Markets: Comparing Apples and Lemons - Professor Tom Holt
- Exploiting the Bells and Whistles: Uncovering OEM Vulnerabilities in Android - Jake Valletta
- How To Get Money Fast Using A Pwned PBX - unregistered436
- MDM is gone, MAM is coming - Yury Chemerkin
- Demystifying The Cloud, a look at Hyperscale Computing From a Hacker Perspective - Nick Fury
- The Insider Threat: From Snowden to the Unspoken - Omar Santos
- Reverse Engineering Executables - Math 400
- Armageddon In The Air - Guarav Raj Anand
- Hack Android Using Normal Permissions & Broadcast Receivers - Fadi Mohsen
- Exceptions In Java Frameworks That Will Get You Owned - Benjamin Watson
- Attacker Ghost Stories: Mostly Free Defenses That Gives Attackers Nightmares - mubix
- Hacking the Hackerspace - Steven Sutton and Alan Fay

**and possibly another presentation, plus another possible surprise yet to be locked-in**


CarolinaCon-10 Contests/Challenges:

- Capture The Flag
(Continue reading)

bezrin | 6 Mar 19:54 2014
Picon

IMAP STARTTLS sniff tool

Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables &
sslsplit to make MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't
supports STARTTLS. Is there/do you know another SSL/TLS tool supporting IMAP over STARTTLS to make MITM?

Many thanks
B.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Pranav Lal | 3 Mar 16:43 2014
Picon

Looking for reading material on incident management and response

Hi all,

I am going to be a part of  the incident management team at my employer's.
The policies and procedures a are already in place. Most of my experience
has been in the attacker side of things. Can anyone suggest a set of books
that I can read to better understand defensive security? See the list below.

1. Computer Security Incident Handling
By Stephen Northcutt
2. Incident Response and Computer Forensics, Third Edition
by Chris Prosise, Kevin Mandia and Matt Pepe (I will get the newer adition
when it is realsed)
3. Inside Network Perimeter Security, 2nd Edition
 By Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent, Ronald W.
Ritchey
 ISBN: 0672327376
 Sams Publishing
 March, 2005  
4. Real Digital Forensics: Computer Security and Incident Response - Jones,
Bejtlich, Rose
5. Security Metrics: Replacing Fear, Uncertainty, and Doubt - Andrew
Jacquith  

The above are all that I could come up with after searching. I have already
bought a book called  counter hack reloaded.

Any more pointers?
Pranav 

------------------------------------------------------------------------
(Continue reading)

Hafez Kamal | 20 Feb 03:19 2014

[HITB-Announce] Haxpo CFP

As part of our all new HITB Haxpo or 'hacker expo', we are calling on
the community of hackers, makers, builders and breakers to send us their
30 minute talk abstracts for consideration to be included in the 3-day
single-track agenda.

Taking place at De Beurs van Berlage on the 28th, 29th and 30th of May,
this single track, like the Haxpo itself,  is completely FREE TO ATTEND
and we are encouraging everyone to come! If you're in Amsterdam during
these dates, this is the place you want to be!

In total we have spots for 30 x 30 minute presentations and we're
looking for talks that cover a wide range of topics including:

- Electronics & Micro Controllers - things like Arduino's, ARM,
RaspberryPi, etc
- Mobile Communications (GPRS/3G/HSDPA etc)
- Hardware / Embedded Reverse Engineering
- Home Automation
- Network Security
- Software Security
- RFiD, Bluetooth and NFC
- Next Generation Application Development
- 3D Printing / Fabrication
- Programming
- Privacy
- Data Security

Submissions must be sent via email to haxpocfp <at> haxpo.nl NO LATER THAN
28th February 2014 with the following details included:

(Continue reading)

spamadmin | 5 Feb 12:12 2014

[MailServer Resend] Resending quarantined email -- use caution when opening.Damn Vulnerable IOS App v1.0 launched


----- Original Message Header -----
Subject: Damn Vulnerable IOS App v1.0 launched
From: prateek.searchingeye <at> gmail.com;
To: pen-test <at> securityfocus.com; security-basics <at> securityfocus.com; 
webappsec <at> securityfocus.com;
Cc:
-----------------------------------

Warning: Attachment contains virus code or meets the filtering/blocking 
rules.  Use caution when accessing the contents. 
Picon
From: Prateek Gianchandani <prateek.searchingeye <at> gmail.com>
Subject: Damn Vulnerable IOS App v1.0 launched
Date: 2014-02-04 12:07:33 GMT
Hi All,

It gives me great pleasure to announce v1.0 of Damn Vulnerable IOS =

Application http://damnvulnerableiosapp.com

Damn Vulnerable IOS App (DVIA) is an IOS application that is damn =

vulnerable. Its main goal is to provide a platform to mobile security =
(Continue reading)

Carmela Troncoso | 4 Feb 21:21 2014

PETS 2014 Call For Papers - deadline February 13, 2014, 23:59 GMT

========================================================
PETS 2014: 14th Privacy Enhancing Technologies Symposium
July 16-18, 2014, Amsterdam, Netherlands
http://petsymposium.org/
CALL FOR PAPERS
========================================================

The Privacy Enhancing Technologies Symposium (PETS) aims to advance the
state of the art and foster a world-wide community of researchers and
practitioners to discuss innovation and new perspectives.

PETS seeks paper submissions for its 14th event to be held in Amsterdam,
July 16- 18, 2014. Papers should present novel practical and/or
theoretical research into the design, analysis, experimentation, or
fielding of privacy-enhancing technologies. While PETS has traditionally
been home to research on anonymity systems and privacy-oriented
cryptography, we strongly encourage submissions in a number of both
well-established and some emerging privacy-related topics. Some
suggested topics are listed below.

IMPORTANT DATES (all deadlines are firm):
Abstract registration deadline:	     February 10, 2014, 23:59 GMT
Paper submission deadline:           February 13, 2014, 23:59 GMT
Author notification:                 April 13, 2014
Camera-ready deadline:               May 4, 2014
Symposium: July 16-–18, 2014

TOPICS OF INTEREST (Suggested topics include but are not restricted to):
- Behavioral targeting
- Building and deploying privacy-enhancing systems
(Continue reading)

d56r8dl+o6t7n4 | 27 Jan 10:18 2014

ipx routing

Hi there,

I'm wondering if it's possible redirect all the home router's traffic to a public server, using IPX and SPX.
Considering that the home router is not reachable from the Internet, how can you do that?

----
Sent using GuerrillMail.com
Block or report abuse: https://www.guerrillamail.com/abuse/?a=UkR3EB8JV61Yig%2Bn%2BX0MUgfCTt%2BC28NJwatBacy4CAsz

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

marco cohen | 20 Jan 17:52 2014
Picon

test load internet web app

HI
I have an online web app which I
want to test it load.which tool you recommend? I want to simulate 15K
cuncurrent users. can I test this load my self using another server with
 open source tools to send trafic to the web app or do I need to
contract an online service? <br>
if yes which one you recommend ?

thanks

marco

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Peter Odigie | 17 Jan 15:37 2014
Picon

cloud back up

Hello all!

Please, I will like a recommendation for a security conscious cloud
back up service. Also, one that I can easily migrate from when I want
to.

Many thanks!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Peter Odigie | 17 Jan 15:36 2014
Picon

Router for filtering

Hi All!

I am trying to get my hands on a router that will seamlessly enable me
to prevent some people on the network from being able to browse (use
http et al) and others set to a specific time for being able to use
the net.

Many thanks!

Pete

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Gmane