Episode15

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

http://docs.info.apple.com/article.html?artnum=61798 - Apple Releases 10.4.5, which fixes a kernel buffer overflow vulnerability

http://www.securityfocus.com/brief/142?ref=rss - A new trojan for OS X appears. "A Day in the Life of an Information Security Investigator" has published a series of articles on OS X, "Castle OS X is Stormed Part I & II" and "Redux: The Seiege Begins". And there, well, kinda like fairy tales that have proven to be reality.

http://www.f-secure.com/weblog/#00000817 - Yet ANOTHER OS X proof-of-concept malware is released, this time in the form of a Bluetooth worm.

IE Users beware, any web site can view your clipboard - USE THIS SITE AT YOUR OWN RISK!

Botnet attack shuts down hospital network

CERT Released the Windows Intruder Detection Checklist

Linux 2.6 Kernel ICMP DoS Bug

Another Blackberry Vulnerability Released

WiFi Phone Vulnerabilities & Discussion

Pod Slurping

RSA Conference Wrap-Up Part I and Part II

Microsoft Alerts Galore:

MS06-005 - This one already has a POC exploit. It is a buffer overflow vulnerability in the way Windows Media Player handles BMP files.

MS06-006 - So, if you use an a browser other than Internet Explorer you are vulnerable when you open files associated with Windows Media Player, unless of course you apply the patches. Get your exploits HERE, and HERE

MS06-007 - DoS vulnerability in the way Windows handles IGMP packets.

MS06-008 - This patches the vulnerability in Windows Web Client service. A user must already have credentials to exploit this.

MS06-009 - The Korean Input Method Editor has a vulnerability that could allow exploitation by users who are already logged into the system.

MS06-010 - Powerpoint 2000 has an information leak vulnerability, allow attackers to access objects in the Temporary Internet Files Folder (TIFF).