Features: crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or file size * now has resume support * pattern now supports number and symbols * pattern now supports upper and lower case characters separately * adds a status report when generating multiple files * new -l option for literal support of @,%^ * new -d option to limit duplicate characters see man file for details * now has unicode support...
http://hack-tools.blackploit.com/2014/11/crunch-password-cracking-wordlist.html
SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government
This white paper will explore where the SEC is headed on this issue and propose a novel solution that's both specific to the company and avoids the potential danger of revealing too much information about company vulnerabilities - the ability to verifiably assess the value of your intellectual property (IP) to a rival Nation State by establishing its Target Asset Value™.
http://jeffreycarr.blogspot.co.uk/2014/11/sec-risk-factors-how-to-determine.html
TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav)
It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.0 Vulnerability Type: Improper Access Control Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-017/
Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
Acceleration support for the "REP MOVS" instruction, when the first iteration accesses memory mapped I/O emulated internally in the hypervisor, incorrectly assumes that the whole range accessed is handled by the same hypervisor sub-component. Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests. Resolution: Applying the appropriate attached patch resolves this issue.
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00006.html
Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests on any version of Xen so far released by xenproject.org. Resolution: Applying the appropriate attached patch resolves this issue.
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00005.html