Posts by rapidmb

2 min Events

Capture The Flag At BsidesLV

Greetings from BsidesLV 2013! While there are plenty of interesting things to say about the talks at BsidesLV, one of the more interesting things here has been the Capture The Flag contest. This year, the CTF competition is a "Pros versus Joes" event. The concept is simple enough: pair professional penetration testers with a team of security enthusiasts and have them defend systems from a second group of professionals. The official site [http://prosversusjoes.net/BsidesLV2013ProsVJoesCTFrules.h

2 min PCI

Do You (Un)knowingly Exfiltrate?

A few weeks ago, Twitter was buzzing about new and interesting Google Hacks. If you're been visiting this community for more than one day, you'll probably know this already; a Google Hack is a search query that produces some type of unauthorized access to (supposedly) protected data. In this latest iteration, the query is used to disclose private SSH keys stored on Github [https://github.com/search?q=size:%3E1+path:.ssh/id_rsa&type=Code&ref=searchresults] . Of course, this problem isn't limited

2 min Compliance

Malicious SSIDs And Web Apps

On February 13th 2013, Cisco released a security notice related to CVE-2013-1131 [http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1131] . According to Cisco, the vulnerability is due to improper validation of the Service Set Identifier (SSID) when performing a "site survey" to discover other wireless networks. On the face of it, this vulnerability seems to be low-risk. Indeed, site surveys are not often performed and an adversary would need to either be incredibly luc