Episode26

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories For Discussion

SANS Updated Top 20 Vulnerabilities - This list has been updated to point out that attackers are targeting web browsers and OS X more than we have seen before. All web browsers we called out, not just IE (although IE is the worst).

Hacking LED Signboards in Canada - Twitchy, were you in Canada lately?

Bruce wants to know: Who owns your computer? - Fantastic article from Bruce Schneier.

Metsploit 3.0 - New framework based on Ruby, multi-user interface for team pen tests, fancy new GUI, IDS/IPS evasion, etc.. Based on Ruby, see presentation from CANSECWEST here.

Security Tools Integration Framework - "provide a unified environment and data exchange platform for automated security assessments in heterogeneous environments. In simple words it is a platform for “hacking” automation, where STIF emulates the “brain” of a security analyst to perform repetitive tasks."

Microsoft Bitlocker - Drive encryption in Vista. Hmmm, considering most users are completely stumped when it comes to simple things, like passwords, this could spell disaster.

Medusa Password Cracker - Supposed to be better and faster than THC-Hydra. Supports newer versions of protocols, like MySQL 4.1+. See the comparison doc here.

MySQL Vulnerabilities - I heard some underground buzz about these a month or so ago. One requires that you have anonymous users enabled, and the other requires a valid account. However, a valid account could be taken with the tool we mentioned above :-)

Holy Encrypted Botnet Batman! - We knew this was coming, but as Johannes states, encryption takes up code space. See Larry's write-up HERE.

Mozilla Firefox Releases 1.5.0.3 - This fixes a DoS vulnerability.

Steal a BMW with a laptop - Gotta love keyless entry and starting. Can you say two-factor authentication?

Other Stories Of Interest

New Linux WiFi Drivers - Big question, will they support monitor mode?

RI State Wide WiFi - Not certain what I can comment on here, so, no comment :)

Legit Open WiFi? - "PERM is the Practical End-host collaborative Residential Multihoming framework. 802.11 networks have spread rapidly in the residential area, and it is common for neighbors to receive signals from each other's home wireless networks. PERM allows residents to leverage such an opportunity" [Thanks to my cow-worker "Dr. J" for passing this one along]

Dilbert funny - ahahahhahaha!!!

New Paper on cracking WEP using Fragmentation

Add link for Security Forrest