A few great first person write-ups I found documenting how these companies below were breached…
Please share other posts/write-ups you’re aware of…
It turns out Kevin discovered a way to access video dumps from a police dash cam. After a little more digging he was able to tap into “real time GPS tagged live audio and video from the cruiser.”
Kevin has a nice writeup of the exercise here, Owning a Cop Car.
Some of the highlights are:
There’s been a lot of talk recently about using graphics processing units (GPU) to crack passwords. This was due to a recent paper published by a researchers from the Georgia Tech Research Institute. Long story short: Make sure your passwords are now a minimum of 12 characters in length. Optimally, you should choose passwords from a universe of 4 character sets (Uppercase, lowercase, numbers, spec!al ch@racters).
One of the GTRI researchers who authored the paper was interviewed on the Cyber Jungle SU Root #164. The audio file is 25 minutes long.
On another note, the alternative uses of GPU’s won’t be going away anytime soon but could be renamed. Both large chip makers, AMD and Intel, are working on or have already released hybrid CPU/GPU chips. Read more here.
Back in November I posted a list of intentionally vulnerable web applications for educational purposes. You can find that list here: http://www.system7.org/2009/11/05/test-your-web-pentest-skillz/
A new one to add to the list is OWASP’s Broken Web Application Project. There was a great talk at Shmoocon about the project. This project might end up taking the gold medal in vulnerable web application projects. They plan to include versions of actual applications you see in the wild (Yazd, WordPress, phpBB) and all of the other web app testing projects (Damn Vulnerable Web App, Mutillidae, WebGoat).