Talk Security

The 2nd CTF organised by NotSoSecure.com from the 18th to 20th of April was hit with a DNS Amplification DDoS attack midway through the event. Contestant voiced out on twitter but it took some hours to get everything back under control. Despite the DDoS, the organisers hailed the event as a successful one, though a lot of contestants were stuck at the 2nd flag even with hints from @notsosecure. The leaderboard can be seen at http://ctf.notsosecure.com/leaderboard/

What is the Heartbleed Bug ? The Heartbleed bug is a vulnerability in the OpenSSL cryptographic library that allows stealing of information normally protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is open-source software that is widely used to encrypt web communications. SSL/TLS is what normally provides secure and private communication over the Internet via websites, email, IM, and VPNs. According to CNET , an attacker can exploit Heartbleed to essentially “get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.” The versions of OpenSSL that are affected, version 1.0.1 and 1.02-beta release have been widely deployed for some time. The bug has been described as a program error, and a fix has been published for the 1.01 program in OpenSSL 1.01g. The bug was found in the heartbeat extension (RFC6520) of the Transport Layer Security/Datagram Transport Layer Sec...

Hi Everyone, It has been a while I wrote stuff about anything...blame my employers...:D. Anyway, I just want to put down a short note on why pentesters are not performing well in Nigeria. The Nigerian Cyber Environment is filled with low-hanging fruits - poorly designed system and application infrastructures are all around the corner. Thus, a regular pentester can WooooW his/her client by just running few commercial tools. In a more difficult terrain, the same pentester will issue a certificate of no risk to the client. Ok, moving ahead of myself, back to the matter - most uses I have seen of hacking tools in the real world in this part of the globe is so limited, a bit script-kiddish I might say. Even the commercial ones that come with graphical tutorials are even not fully utilised. I dont really know the reason for this, but i think we are less inquisitive about what we see or observe, we still think that some things are really hard to understand, when in ac...