Research, NIST Speaks

Over the past week some researchers have published new methods and tools for embedded device hacking and ways to improve blind SQL injection. It will be interesting to see the scope of where embedded device hacking goes, as more devices are getting additional capabilities, that may be coming in exchange for security. Also, the NIST says the feds are keeping up on their own penetration testing and will release new guidelines in March required third party testing for federally controlled facilities.

A new version of Nipper has been released. This handy tool performs configuration auditing for various network devices and can make limited security recommendations. When was the last time you went through your firewall rules? This should be happening at some regular occurrence, however dull it may be.

Another worm, Nugache, has recently been covered in an article by Bruce Schneier, where he talks about some interesting stuff. No direct C&C server, encrypted packets all around, and the ability for any node to become the “leader”. Bot development is becoming more sophisticated, and funded. Expect to see some serious Trojans in the coming future.