http://enablesecurity.com Security Consultancy, Research and Development Wed, 07 Jan 2009 13:38:17 +0000 http://backend.userland.com/rss092 en EnableSecurity VOIPPACK is finally out! We would like to thank everyone who made this possible. VOIPPACK can be purchased from our reseller Immunity in the US or directly for the rest of the world. More information about pricing and video demonstrations can be found in the product page. http://enablesecurity.com/2009/01/05/voippack-now-available/ This article first appeared in EnableSecurity newsletter 0x0001. Subscribe to the newsletter by sending an email to newsletter@enablesecurity.com. It is often easy to calculate risk incorrectly. This may be due to lack of information or because one is not looking at the big picture. One particular topic that came up a ... http://enablesecurity.com/2008/12/17/cross-site-scripting-on-your-non-sensitive-website/ Note: we are no longer accepting beta testing requests for VOIPPACK. Thanks for everyone who contributed to the beta testing! VOIPPACK is nearing release stage - stay tuned. For the high definition (HD) version of this video visit this page. http://enablesecurity.com/2008/12/17/demontration-of-sipautohack/ VoIPPack adds VoIP capabilities to Immunity CANVAS. For more information about VoIPPack take a look at the product page. We are currently running a private beta so send us an email to apply as a beta tester. The following is a taster showing sipautohack scanning a target network, identifying PBX server, ... http://enablesecurity.com/2008/12/11/would-you-like-to-try-the-beta-of-voippack/ This is an update of what's been happening on this end: Issue 19 of (IN)SECURE Magazine is out, and with it you'll find a report on RSA Europe 2008 and an article called "How security can hurt us" by yours truly. The magazine has a number of high quality articles and ... http://enablesecurity.com/2008/12/02/insecure-magazine-and-other-updates/ Currently at RSA Europe in London and the Keynote is about to start. While we're being given a Discovery Channel styled lecture on Alan Turing, I've been marking the sessions that have a potential of being interesting. Marked the following: Security Remodelling - Benjamin Jun Locking the Back Door: New Backdoor Threats ... http://enablesecurity.com/2008/10/27/at-rsa-europe-2008-talks-of-interest/ Note: this article originally appeared on EnableSecurity Newsletter #0x0001. To subscribe send an email to newsletter@enablesecurity.com. Most contemporary software attempts to perform automated updates for  one thing or another. Maybe it's a patch for the software itself, or simply a list of additional files that are required for day to ... http://enablesecurity.com/2008/10/13/does-your-software-check-for-updates-you-might-be-in-trouble/ The newsletter issued yesterday included an advisory on Mail.app's insecure storage of S/MIME on the email server. The main problem is that people making use of S/MIME expect encryption to protect them from a snooping mail server, and the default "store drafts on mail server" option does not respect this. At ... http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/ The first issue of the newsletter is out! Included the articles of interest: Upcoming EnableSecurity projects Events: RSA Europe 2008 New advisory: Apple's Mail.app stores your S/MIME encrypted emails in clear text Surf Jack updates and what is Surf Jack anyway? Cross Site Scripting on your non-sensitive website? Your magnetic stripe credit card is going away Does ... http://enablesecurity.com/2008/10/03/enablesecurity-newsletter-0x0001/ The latest issue of the free digital security publication is out and includes some thought provoking articles: Browser security: bolt it on, then build it in by Jeremiah Grossman Windows driver vulnerabilities: the METHOD_NEITHER odyssey by Anibal Sacco Insecurities in privacy protection software by Shrikant Raman Compliance does not equal security but it's a ... http://enablesecurity.com/2008/09/30/insecure-magazine-issue-18/