From Paul's Security Weekly
PaulDotCom Security Weekly - Episode 234 for Thursday March 10th, 2011.
- SOURCE Boston on April 20 - 22- Paul and Larry will be there to hang out, talk security and drink beer.
Stories For Discussion
- Wireshark multiple vulnerabilities - [Larry] -
- XSS in Nagios - [Larry]
- RRouter Root - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers. WANT!
- FinFisher - [Larry] - So, how do AV vendors deal with matters of State?
- Google Offers additional $20k as price on Pwn20wn - [Carlos] - Google is showing its support to researcher to show they do see the business value of making sure their products are secure.
- Safari and IE first to fall on Pwn20wn - [Carlos] - Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier.
- JBoss Autopwn - [Carlos] - Nice to see more tools to test midleware and business logic centric infrastructure.
- Scapy 2.2 is Out! - [Carlos] - May I need say more? support for CDP, EIGRP, Cisco Skinny, RSVP, VQP, OSPF Extension and much much more, let the networks hit the floor!