Episode139

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security

Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!


Announcements & Shameless Plugs

Welcome to PaulDotCom Security Weekly, Episode 139 for February 7th, 2009. A special live Shmoocon show for security professionals and by security professionals who love to party!

Episode Media

mp3

Tech segment: How to stay in the 'good buzz' zone during Shmoocon

Stories For Discussion

  • The middler gets released! This just in, Josh Wright releases 4 wireless tools in the time it took Jay Beale to give the presentation! Get it Here!

Feeddemon Buffer Overflow - [PaulDotCom] - Three letters, W-T-F "Bkis recommends that users of FeedDemon should be careful when importing RSS feed lists from untrustworthy sources. "

Detecting Binary Packers With Snort - [PaulDotCom] - Very cool stuff on detecting a binary payload as it traverses the network and detecting which binary packer was used to pack it. This implementation uses snort rules, I think that a pre-processor is a much better idea for performance and flexibility.

PassiveX on IE8, W00t! - [PaulDotCom] - Sweet, can't wait to play with this one. Yet more browser abuse, bashing, hacking, and cracking. Defense is becoming much harder for the browser every day, maybe I'l just use my RSS reader, oh wait...

Saying "No" isn't always the best answer - [PaulDotCom] - This post brings up some good points, like really how do you prevent your employees from visiting social networking sites? Sure, you can block them at work, but what about your mobile work force with cellular Internet and hotspots? Okay, you can even block them on the client system, so that they will use the home computer to setup Facebook, LInked IN, and even MySpace. The real answer is you need to educate your users, AND monitor these sites for content related to your organization. A Google alert or two doesn't hurt.

phpBB Hack - [Larry] - Great write up of the phpBB hack by the attackers. Just goes to show that even the developers can get owned - nothing like third party addins.

Google Latitude - [Larry] Google's interesting new GPS location "tracking service". This one has potential for all sorts of potential abuses.

Backtrack 4 - [Larry] - W00t! BT4. Nuff said. Muts rocks.

Netware GWIA buffer overflow - [Larry] - Yeah, I know, Novel Groupwise for e-mail...but, all you need to do is sent an RCPT command with an overly long e-mail address...

Broswer explots make it to meatspace - [Larry] - Get a "ticket" for bad parking, and go to the website listed to see the pictures of you parking like a moron. On the site, you get owned with a broswer sploit...

HP Printer directory traversal - [Larry] - Nothing like a gold old web interface directory traversal vulnerability that allows for documents left in the document cache that has already been printed. I'm in agreement with the SANS handler assessment, that this stuff won't go away any time soon, as this stuff is really low in the priority list for patches...


IRC Channel Link Game

http://blogs.technet.com/swi/archive/2009/01/30/xss-filter-improvements-in-ie8-rc1.aspx

http://www.labnol.org/internet/microsoft-outlook-ruins-birthday-cake/6824/