IT Security

No algorithm should be kept secret; only the key should be the secret component

Adobe still fights with the vulnerability announced on 15.12.2009. All the versions prior 9.2 are vulnerable to malicious Javascripts that allow shell execution attack to be successfully performed.

The colleagues from Trend Micro had spotted a new malware able to exploit this particular vulnerability.
More info on:
http://blog.trendmicro.com/unpatched-adobe-vulnerability-is-still-being-...

Just found by accident one very nice article in SANS website with the following cool title:
"How to suck at IT security". The list writen down by Lenny Zeltser is worthy to be red so ... have fun!

Target software: Skype for Windows/Linux

What's all about?

Did you ever tried to export all your Skype history? It's a little bit boring to copy and paste every conversation in separate text file, isn't it? It's even worse if you use the Linux version of this famous chat client.

Did you ever wondered if it's possible to read your Skype chat history without having to be logged into your Skype account? And did you ever wondered if it's possible to read someone else's chat history without having to use Skype client and without knowing Skype account passwords?

NOSEC anonced a new DB security testing tool, called Pangolin. The free version of the product is able to test only Microsoft databases - have to find a way to crack it. Let's hope that Pangolin will behave better than Matrix assessment tool.

Enjoy
http://www.nosec.org/en/pangolin.html