by Bill Sempf
6. May 2018 16:44
Good intro to fingerprinting web servers. This has been codified in the past but the tools are all old. Need to resurrect an open source project.
https://isc.sans.edu/forums/diary/Another+approach+to+webapplication+fingerprinting/23605/
I mentioned CVE-2018-2628 and my Nikto test for it in an earlier newsletter. Well, apparently the patch doesn't work.
https://securityaffairs.co/wordpress/71951/hacking/oracle-botches-cve-2018-2628-patch.html
Nice video of finding and exploiting another hole in the PDF format. Apparently they are so common now we just livestream them.
https://www.youtube.com/watch?v=8VLNPIIgKbQ
I am fond of saying that the government can outlaw as much encryption as they want, if the bad guys have two coins and a pencil, they can make as much unbreakable encryption as they want with a one-time pad. (Not my line and I don't remember the source sorry) Here is another nice new pencil and paper cipher.
https://www.schneier.com/blog/archives/2018/05/lc4_another_pen.html
Finally. PHP has a security flaw. WHAT YEAR IS IT??
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2018-046/
And that's the news.
dd87c23c-d741-4e99-84bc-d172217d18ca|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: