links of the day 10/01/2014 (a.m.)

• SSH Scanning Activity - Internet Security | SANS ISC

• https://isc.sans.edu/feeds/suspiciousdomains_High.txt

  ".be"

• SSL CRL Activity - Internet Security | SANS ISC

• Internet Storm Center - Internet Security | SANS ISC

• BusyBox Alternatives and Similar Software - AlternativeTo.net

• A tempest in a toybox [LWN.net]

• What is toybox?

• license - Are there non-GPL alternatives to Busybox? - Super User

• BusyBox

• All About Bash Bug - CVE-2014-6271 - Pastebin.com

• inurl:/cgi-bin/ ext:sh site:be - Google Search

• inurl:/cgi-bin/ ext:cgi site:be - Google Search

• How to exploit a shellshock vulnerability to get a reverse shell ~ Linux | Android | Windows Tricks, Hacks and Exploits

• DanMcInerney/shellshock-hunter · GitHub

• busybox - Google Search

• Six key defenses against Shellshock attacks | CSO Online

• Londoners give up eldest children in public Wi-Fi security horror show | Technology | The Guardian

• Apple may have to repay millions from Irish government tax deal

• stupidity of denial : Shellshock just 'a blip' says Richard Stallman

• Why the Guardian is wrong, and Soviet monuments should not be protected | EUROMAIDAN PRESS | News and Opinion from Across Ukraine

• oss-sec: by thread

• lcamtuf's blog: Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)

• Shellshock proof of concept - Reverse shell - Ole Aass

• Troy Hunt: Lessons in insecure SSL courtesy of Hoyts cinemas

• Shellshock Scanner

• Bash ‘Shellshock’ Bug – Now You Can Panic | OxCERT's blog

• #TrendnetExposed october 2013 - Pastebin.com

• TRENDnet Exposed (@TRENDnetExposed) | Twitter

• ISC DHCPv4 Options

• Troy Hunt: Everything you need to know about the Shellshock Bash bug

• NotSoSecureLtd

• CVE-2014-6271: Bash lets you do bad things. (Shellshock) | Invisible Threat

• cve-2014-6271 PoC by using HHP - @irsdl - Pastebin.com

• [Python] # #CVE-2014-6271 cgi-bin reverse shell # import httplib,urllib,sys if (l - Pastebin.com

• gry/shellshock-scanner · GitHub

• Shellshock DHCP RCE Proof of Concept -

• IBM shellshock Bad news is it totally works in bash on z/os and...

• shellshocker-pocs/README.md at master · mubix/shellshocker-pocs · GitHub

• Bash To Require Further Patching, As More Shellshock Holes Found - Slashdot

• Shellshock-Bash CVE List | Akamai

• Information Security News: Shellshock DDoS Attacks Spike

• Shellshock FAQ | Fortinet Blog

• Why the Shellshock Vulnerability Is A Perfect 10 — ITGrok

• Juniper Networks - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash - Knowledge Base

• Internet Storm Center - Internet Security | DShield shell shocks

• Detectify - Go hack yourself!

• Finding the Shellshock Vulnerability with CloudPassage Halo | Javalobby

• Is there a short command to test if my server is secure against the shellshock bash bug? - Information Security Stack Exchange

• It's time to shock shells and chew bubblegum and I'm all outta gum!

• FireEye - Fox IT Scanner decryptolocker

• CryptoLocker Decryption Engine - Kyrus

• bash - Is this a demonstration that the shellshock patch isn't working? - Information Security Stack Exchange

• known vulnerabilities - Attack scenarios of the new Bash vulnerability - Information Security Stack Exchange

• ssh - How does the ShellShock exploit work over OpenSSH? - Information Security Stack Exchange

• android - Is connecting to an open WiFi router with DHCP in Linux susceptible to Shellshock? - Information Security Stack Exchange

• Bash attack. Am I vulnerable? - Information Security Stack Exchange

• Are python's popen (and similar) functions affected by Shellshock? - Information Security Stack Exchange

• FBI — U.S. Leads Multi-National Action Against GameOver Zeus Botnet and Cryptolocker Ransomware, Charges Botnet Administrator

• CryptoLocker ransomware intelligence report | Fox-IT International blog

• CryptoWall Ransomware | Dell SecureWorks

• CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files | PCWorld

• Malvertising campaign (Nuclear EK redir) Read: https://blog.malwarebytes.org/ma - Pastebin.com

• Malwarebytes | Malwarebytes Anti-Exploit - Free Zero-Day Exploit Protection

• Beware of Risky Ads on Tumblr

• Malvertising hits ‘The Times of Israel’ and ‘The Jerusalem Post’, redirects to Nuclear Exploit Kit

• Large malvertising campaign under way involving DoubleClick and Zedo | Malwarebytes Unpacked

• Bank IT Asia - Malvertising campaign delivers digitally signed CryptoWall ransomware

• Errata Security: Bash 'shellshock' bug is wormable

• Errata Security: Bash 'shellshock' scan of the Internet

• Some Personal Shellshock Stats | /dev/random

• Bank IT Asia - Attacks against Shellshock continue as updated patches hit the Web

• Unix bug 'Shellshock' leaves software experts, industry shocked - The Economic Times

• The Shellshock Aftermath – How Hackers Are “Bashing” Servers | Incapsula.com

• AlienVault Labs: Hackers Can Launch Shellshock Attacks on VoIP Systems | Telco Hub content from Talkin' Cloud

• The Bash Bug: What you need to know about the latest security flaw - Vox

• McAfee KnowledgeBase - McAfee Security Bulletin - The Bash Shellshock Code Injection Exploit Updates for CVE-2014-6271 and CVE-2014-7169

• Free Cloud-based Vulnerability Scanner | Tripwire 100 IP addresses

• Tripwire/bashbug-shellshock-test · GitHub

• Understanding ShellShock Attack Vectors - The State of Security

• Mitigating the shellshock vulnerability (CVE-2014-6271 and ...

• Apple releases patches for OS X's 'Shellshock' Bash shell ...

• CVE-2014-6271 / Shellshock & How to handle all the shells! ;) | ClevCode

• Google shows 1.7 million websites which are vulnerable to the ShellShock Bash exploit - Cyberwarzone

• Anonymous leaked Islamic State Training Camp Location - Cyberwarzone

• How everyone got fooled with "The Fappening" - Cyberwarzone

• iBrute Python script allows you to brute force Apple accounts - Cyberwarzone

• PDF Exploit Generator - Cyberwarzone

• ShellShock CGI Bash Script tool - Pastebin.com

• email=lam.thanhtuu@yahoo.com pass=001121 email=nha_sat_trong_cong_vien@yah - Pastebin.com

• 1121 - Pastebin.com

• /b/ - Random

• The Fappening 3: More Nude Photos of Jennifer Lawrence Leaked Online | Hack Read

• The Fappening 3: Nicki Minaj’s Nude Photos also Leaked Online | Hack Read

• carst@xs4all.nl gijs@karnaticlab.com kenjschoute@freeler.nl nedmcgowan@yahoo. - Pastebin.com

• emails of superbabyonline.com | SkyNet Group - Pastebin.com

• HQ Email Combo 29/09/2014 - Pastebin.com

• jstchr@gmail.com csmt@aliceadsl.fr olivtuning@orange.fr claquebecpat@yahoo.fr - Pastebin.com

• www.pixheaven.net - login database By @BIuffing - Pastebin.com

• -atmdepartmentbeninrepublic11@live.fr -atmdepartmentbeninrepublic@live.fr -ben - Pastebin.com

• clone - Pastebin.com

• Shell startup scripts — flowblok’s blog

• Hong Kong protesters targeted with Android spyware disguised as OccupyCentral‬ app | Hack Read

• The biggest sources of stolen banking information? | Blog on Kaspersky Lab business

• Here’s Why Mail.Ru’s Complete Control Over VKontakte Is Bad News · Global Voices

• Cyberguerrilla PasteBin between Russia and LDR

Posted from Diigo. The rest of my favorite links are here.