pages.kr 날으는물고기·´″°³о♡

2010년 8월 11일 수요일

AppSec Ireland, AppSec DC, and AppSec US updates

OWASP Ireland September 17th 2010

The agenda has been finalized for the OWASP Ireland event. We have the pleasure to announce a number of key figures from industry which should provide some unique insight into the latest trends, threats and methodologies in the world of application security.

http://www.owasp.org/index.php/OWASP_IRELAND_2010

Keynotes:

John Viega: “Application Security in the Real World” - Considerations for AppSec in non-security companies.

http://www.owasp.org/index.php/John_Viega

Professor Fred Piper "The changing face of cryptography"

http://www.owasp.org/index.php/User:Professor_Fred_Piper

Damian Gordon Phd: “Hackers and Hollywood: The Implications of the Popular Media Representation of Computer Hacking"

http://www.owasp.org/index.php/User:Damian_Gordon

We also have some great international and local speakers covering topics from Smart phone application security to SDLC to Penetration testing techniques:

· Dan Cornell ("Smart Phones with Dumb Apps")

· Ryan Berg ("Path to a Secure Application")

· Dr Marian Ventunaec ("Testing the Enterprise E-mail Security - from Software to Cloud-based Services")

· Fred Donovan and (“Counter Intelligence as Defense……”)

· Nick Coblentz (“Microsoft's Security Development Lifecycle……”) but to name a few

http://www.owasp.org/index.php/OWASP_IRELAND_2010#Agenda_and_Presentations_-_September_17

Training:

http://www.owasp.org/index.php/OWASP_IRELAND_2010#Training

“Secure Application Development: Writing secure code (and testing it)”


AppSec DC: CFP Round Two:

AppSec DC 2010 is the East Coast's premiere Information Security Conference for 2010.

**AppSec DC has added a second round for CFP until August 31st, so there is still time to get submissions in for our CFP!**

Building on the success of last year's AppSec DC 2009, the AppSec DC team is working to further the OWASP conference mission of hosting the best minds in application security in a forum to share innovations and ideas. AppSec DC's unique location and relationship with federal entities in the Washington DC area also allows OWASP and affiliates to continue to reach out to and interact with the federal government in this time of ever-increasing National Security concerns.

This year, in addition to content from industry leaders in application security research, entities within the Department of Homeland Security, the Department of Defense, the National Institute of Standards and Technology and other government agencies will be contributing content focusing on Software Assurance and the role that that plays areas of extreme concern in the current climate, such as protecting Critical Infrastructure or Supply Chain Risk Management. If you work in or with the federal government, regardless of branch or service, this is likely a critical concern for some subset of your workplace, and the combination of content at this event will provide an incredible value to your and your employer.

In addition to two days of great speaking content, keynotes and panels, AppSec DC will also provide two days of world class training on applications security from a variety of vendors at a fraction of the cost found at other events. This year featured panels will not only include federal "what works" in application security, but several other areas of interest so that there will be engaging discussion for all types of attendees. The AppSec DC crew is also working a great vendor space and engaging contests, including a hacking competition built specifically for our event.

AppSec DC will take place at the Walter E. Washington Convention Center in Washington DC on November 8-11. Training will be on the 8th and 9th, talks will be on the 10th and 11th. Our partner hotel is the Grand Hyatt again this year, and a discounted rate will be available for attendees who register in Advance.

For more information visit the OWASP wiki at http://www.owasp.org/index.php/OWASP_AppSec_DC_2010

or the AppSec DC website (updates coming soon!) at http://appsecdc.org

CFP submissions should use the Easy Chair system, our URL is at http://www.easychair.org/conferences/?conf=appsecdc2010 -- Registration is required.

AppSec US 2010, CA

Register before August 15, 2010 and you may be eligible to win a free iPad! Details can be found here: http://www.owasp.org/index.php/AppSec_US_2010,_CA

Kate Hartmann

Operations Director

301-275-9403

www.owasp.org

Skype: Kate.hartmann1

2010년 8월 6일 금요일

Cracking software retrieves iPhone 4 passwords

A Russian password-cracking company has released software it says can recover passwords stored on Apple's latest iPhone without modifying the device or any of the data stored on it.

ElcomSoft of Moscow says the latest version of its iPhone Password Breaker will recover the encrypted keychains that the iPhone 4 uses to store passwords for email accounts, websites, and third-party software. The company markets the software as a tool for forensic investigators, but there's nothing stopping creepy roommates and spouses from using it to surreptitiously snoop on people who use the Apple smartphone.

The software works by extracting the password used to encrypt an iPhone keychain once it has been backed up on a computer hard drive. iOS 4, which Apple released in June, gives users the option of encrypting the backup using a hardware key that's unique to each iPhone, or with a dedicated backup password.

“The latest update allows ElcomSoft tool to grant forensic access to passwords stored in iPhone devices running iOS 4, with known or unknown backup passwords and without altering the content of the phone,” the company said in a press release issued Thursday. “In case the original backup password is unknown, ElcomSoft iPhone Password Breaker will perform the recovery of the original password to backup. With a known backup password, keychains are recovered near instantly.”

The company offers a wide variety of password-cracking tools that make use of video acceleration hardware from ATI or Nvidia, a process that's “orders of magnitude faster than traditional CPU-only algorithms.” The software is designed to work seamlessly with higher end PCs that have a GPU card installed.

A PDF of ElcomSoft's press release is here.

2010년 8월 4일 수요일

웹방식의 간편한 아이폰 탈옥 - jailbreakme.com

새롭게 등장한 iOS4 탈옥

아이폰의 사파리로 jailbreakme.com 접속만으로 간편하게 아이폰 탈옥이 진행된다.
( 펌웨어 4.1 베타는 미지원 )

접속 후 slide to jailbreak 화면에서 슬라이딩을 해주면 다운 로드가 시작되고
여기서 시디아 설치까지 진행된다.

iPhone, iPad, iPod 용 PDF 악성코드?

iPad1,1_3.2.1.pdf 2010-Aug-02 18:24:16 13.1K application/pdf
iPad1,1_3.2.pdf 2010-Aug-02 18:24:16 13.1K application/pdf
iPhone1,x_3.1.2.pdf 2010-Aug-02 18:24:16 13.1K application/pdf
iPhone1,x_3.1.3.pdf 2010-Aug-02 18:24:17 13.1K application/pdf
iPhone1,x_4.0.1.pdf 2010-Aug-02 18:24:17 13.1K application/pdf
iPhone1,x_4.0.pdf 2010-Aug-02 18:24:17 13.1K application/pdf
iPhone2,1_3.1.2.pdf 2010-Aug-02 18:24:17 12.9K application/pdf
iPhone2,1_3.1.3.pdf 2010-Aug-02 18:24:19 12.9K application/pdf
iPhone2,1_4.0.1.pdf 2010-Aug-02 18:24:20 12.9K application/pdf
iPhone2,1_4.0.pdf 2010-Aug-02 18:24:21 12.9K application/pdf
iPhone3,1_4.0.1.pdf 2010-Aug-02 18:24:22 12.9K application/pdf
iPhone3,1_4.0.pdf 2010-Aug-02 18:24:23 12.9K application/pdf
iPod1,1_3.1.2.pdf 2010-Aug-02 18:24:24 13.1K application/pdf
iPod1,1_3.1.3.pdf 2010-Aug-02 18:24:25 13.1K application/pdf
iPod2,1_3.1.2.pdf 2010-Aug-02 18:24:26 13.1K application/pdf
iPod2,1_3.1.3.pdf 2010-Aug-02 18:24:26 13.1K application/pdf
iPod2,1_4.0.pdf 2010-Aug-02 18:24:26 13.1K application/pdf
iPod3,1_3.1.2.pdf 2010-Aug-02 18:24:27 12.9K application/pdf
iPod3,1_3.1.3.pdf 2010-Aug-02 18:24:27 12.9K application/pdf
iPod3,1_4.0.pdf 2010-Aug-02 18:24:27 12.9K application/pdf

http://www.exploit-db.com/sploits/ios_pdf_exploit.7z