What is the DC3 Challenge?
The DC3 Digital Forensics Challenge is an open, online, international Challenge held annually by the Department of Defense (DoD) Cyber Crime Center  (DC3). The DC3 Challenge is a call to the digital forensics community to pioneer new investigative tools, techniques, and methodologies. It encourages innovation from a broad range of individuals, teams, and institutions to provide technical solutions for computer forensic examiners in the lab as well as in the field.

SHODAN is an extremely useful tool for scanning the Internet without having to do any scanning. It provides a search engine for banners and SNMP information that have been harvested from Internet-facing systems. I wrote a couple of scripts to leverage the API but wanted to go further by creating a module for the Metasploit Framework.

The SHODAN Enumerator module (download here) requires two options, APIKEY and QUERY, to work. There is a third option (OUTFILE) to write the IPs from the search to a file along with advanced options for sending the request through a web proxy. Database support is included and the services information for each IP is populated with the port, protocol, and banner. NOTE: Some systems will require ruby json gem to be installed (gem install json).

Here's your chance to be "King for a Week" with our new Security Solutions Contest!

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area.  We created this contest to help increase the total number of solutions on the Security Community.  We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!"  Keep reading to find out more about the prize!

IT giant Hewlett-Packard (HP) announced on Tuesday that it has agreed to acquire San Mateo, Calif.-based  Fortify Software, maker of software security assurance solutions.

The acquisition, whose terms were not disclosed, was made to strengthen the HP application security software portfolio.

Late yesterday Oracle announced in an exceptionally brief and direct press release that it had filed a lawsuit against Google.  The statement issued by Oracle spokesperson Karen Tillman simply said: “In developing Android, Google knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property. This lawsuit seeks appropriate remedies for their infringement.” But someone at Google didn’t find this amusing and seemingly tampered with Google’s search algorithm and database by eliminating Oracle altogether.

The Desiree Alliance, along with our sponsors*, is pleased to announce our upcoming National Sex Worker Conference:

Desiree Alliance: Conference:
http://www.desireealliance.org/conference.htm

Desiree Alliance: Conference Schedule:
http://www.desireealliance.org/conference/schedule1.htm

Citigroup Inc. said its free U.S. mobile-banking application for Apple Inc.'s iPhone contained a security flaw and advised its customers to upgrade to a newer version that corrects the problem.

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users' iPhones. The information may also have been saved to a user's computer if it had been synched with an iPhone.

An anonymous group of security researchers last week published information about an unpatched Windows bug, saying that they were disclosing the vulnerability because of the way Microsoft treated a colleague.