Greetings from BsidesLV 2013!
While there are plenty of interesting things to say about the talks at BsidesLV,
one of the more interesting things here has been the Capture The Flag contest.
This year, the CTF competition is a "Pros versus Joes" event. The concept is
simple enough: pair professional penetration testers with a team of security
enthusiasts and have them defend systems from a second group of professionals.
The official site [http://prosversusjoes.net/BsidesLV2013ProsVJoesCTFrules.h
A few weeks ago, Twitter was buzzing about new and interesting Google Hacks. If
you're been visiting this community for more than one day, you'll probably know
this already; a Google Hack is a search query that produces some type of
unauthorized access to (supposedly) protected data. In this latest iteration,
the query is used to disclose private SSH keys stored on Github
. Of course, this problem isn't limited
On February 13th 2013, Cisco released a security notice related to CVE-2013-1131
. According to Cisco, the vulnerability is due to improper validation of the
Service Set Identifier (SSID) when performing a "site survey" to discover other
wireless networks. On the face of it, this vulnerability seems to be low-risk.
Indeed, site surveys are not often performed and an adversary would need to
either be incredibly luc