Episode28

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories For Discussion

Running Metasploit on a WRT54GS

Turkish Lame Hacker Defaces 21,000+ Web Sites - I am calling these guys the geriatric defacers: "Script Kiddies or Script Grannies? Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacment activities by another Turkish "senior cracker" (42) going by the handle of Metlak"

Putty <= 0.53 Remote Buffer Overflow - Metasploit has added this to the framework. It requires the client (target) to connect to your SSH server for successful exploitation.

Stealing Cars with RFID Videos - All sorts of fun here, cool videos of RFID hacking, stealing gas, etc... (Thanks to BlackDrag0n)

Wireless Attacks and Defense - Not one mention of EAP types. Luke, use the EAP types. EAP-TTLS especially.

Twitchy eats 43 Apple flaws - E-mail, flash, web, pictures and movies can get you pwned (and Larry even submitted this one!)

OS X Kernel now closed source - What does this mean for wireless drivers in OS X? Not that I am into re-compiling my OS X kernel, but do want to run different wireless cards in OS X.

Real VNC 4.1.1 Auth Bypass - I find it interesting that the company that found this vulnerability makes a competing product. UPDATE: Real VNC exploit Sans is reporting that a exploit is currently in the wild for Real VNC , Here is the link to the exploit. (Thanks Jon335)

Can Your Car Get a Virus? - F-Secure tried and was only able to hang the display in a prius. We'll see what the future will bring...

Good advice on and for Security consultants - ...and the corporate types too. Know your customer!

Other Stories Of Interest

Paros Proxy 3.2.11 Released

Top 5 Web Application Vulnerabilities - Nice article...

CoWF WPA-PSK Hash Tables Mirror - For those asking (and because I know I would lose the link)

Poor BlueSecurity - so sad. - UltraDNS got 4-5 Gigs a SECOND of traffic!

Lame Firefox DoS

Informational Non-Security Related Stories

Free Skype Out Not just skype-skype is free as a test they are making the skype-out service free to US/Canada

Firefox2 Alpha "Bon Echo" Why not? [PaulDotCom - Because this isn't security news :)]