Tuesday, January 12, 2010

China steals Google's data

| Armando Romeo |
In an astonishing post, today Google admitted that Chinese hackers have successfully stolen intellectual property from the big G corporate network and from other 20 large companies in the U.S.

Gmail accounts of Chinese activists were the hackers primary goal according to Google, adding that these accounts have been accessed by third-parties through the use of malwares and phishing attacks.

After this attack Google will UNFILTER Google.cn and whether this will not be possible (due to Chinese government opposition), Google is ready to shut office in China

Read the full post here

Friday, January 8, 2010

PortSwigger.net - web application security

| Brett D. Arion |
Burp Suite v1.3 released

Burp Suite v1.3 is now available to
download. This is a major upgrade with a host of new features.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

New features in Burp Suite free edition include:

A new message editor/viewer optimised for HTTP requests and responses, with colourised syntax, mouse-over decoding, and quick conversion functions.

Facility to add comments and highlights to the proxy history and site map.

Support for AMF-encoded messages.

Improved handling of SSL server certificates, to eliminate browser SSL warnings and connection problems with thick clients.

Copy to file / paste from file to facilitate working with binary content.

New display filters.

Much enhanced extensibility.

Configurable DNS resolution, to override host resolution, facilitating work with non-proxy-aware clients.

Fine-grained upstream proxy rules.

Exporting of HTTP messages and metadata in XML format.

New features in Burp Suite Professional include:

Improved text search, with regex support, scope restrictions, dynamically updating results, etc.

Automated discovery of unreferenced content.

Scripts and comments search.

Wizard for performing more effective scans of multiple items.

Target analyser.

Manual testing simulator."

Free Security Magazines