DNS cache poisoning
I recently gave a short presentation on DNS and cache poisoning. The slides can be found here. Enjoy.
Pinta seems to be alive
Last year, I wrote a tool called Pinta. It's an AMF debugging utility. One can use it the place calls to AMF (ActionScript Message Format) services, and observe the results. Normally, you'd need to create a Flash/Flex app to send these requests, but this is much quicker and easier for debugging your server-side service.
I didn't bother with the project after placing an initial version on google code, but this week I thought I might pick up development again. It occurred to me that few people writing AMF services will think through the security aspects of their service. You don't make service calls by hand, so it's easy for a developer to assume that only his app will be making calls. Wrong.
At least, that would be nice. As it turns out, the tool (which I've spent only 2 days on developing) is already being recommended for pentesting of AMF services. Which attests to the complete lack of tools, but still is nice 
I'll be picking up development again and adding some fuzzing functionality. If you have any feedback, please leave it here or at the google code project!