Addendum: Daily Link List Pt 2 — 10/24/06
It seems I have a few more links to share
Blackberry Security (PDF):
Update: This link had originally shown up at roughly 10:30 am EST.. It seems to have been pulled as of 5:30 pm EST. The original blog posting is still around, however the pdf link is gone. If anyone saved this file (as I didn't) please let me know and send it my way. The image below proves that I'm not losing my mind
Symantec Security Researcher James O'Connor has recently published an article on the Blackberry and it's inherit flaws and problems... The article looks as though it is definitely worth the read.
It seems that a new file system fuzzer has been released by L.M.H. which has brought forth a concept similar to MoBB. The idea was issued across several mailing lists where the tool was released -- "The Month of Kernel Bugs will start on 1st November, and will be announced this next Monday (Oct 30). I'm looking for other people interested on providing bugs forXNU (also for the "good old" Darwin), win32, *BSD, etc. If youwant to contribute, drop me a line. Please note that only 'fresh',unknown bugs will be accepted, and submissions should be brieflydocumented. The goal is disclosing a kernel bug (DoS, privilegeescalation, whatever interesting) on a daily basis for November." More details will be announced on his blog.
A new service/product has been launched by Sunbelt Software. You can upload malware and it will scan it with several AV engines, similar to VirusTotal.com. The difference is that CWSandbox will also execute the malware in a sandbox session... Monitoring files downloaded, local actions take, network activity and so forth. I currently have a file submitted and will be doing a complete write-up after the I receive the results of their testing over at the nCircle blog. Original Sunbelt Blog Anouncement.
Update: Here's the direct link to the article I published on the nCircle blog.
That's all... just three more things that I wanted to share.
Peace,
HT