Episode69

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Technical Discussion

  • Wi-Spy Tools from Kismetwireless.net project are kewl, and if you want to see beta stuff they have an svn. Wi-Spy now has a GTK gui which is pretty hot!
  • patternCreate.pl from the metasploit project is for finding the offset in buffer overflows, not so much fuzzing.

Paul's Metasploit Tags http://del.icio.us/kungfuhacker/metasploit

Stories for Discussion

Month of ActiveX bugs - [Joe] - more MO-LOLs [Larry] - I thought English was the language of the internet?

VMware multiple DoS - [Larry] - ...and possible information disclosure. This is the other way around guys, break out of a VM, not into. Hmmm. Into a VM could be promising.

New Version Of Rogue Scanner Released - [PaulDotCom] - Rogue scanner is kewl!

Insecure Magazine 11 Released - [PaulDotCom] - Free online security magazine, good stuff. Topics include passport security, lots of ads (but its okay), and a quantitative look at pen testing. Pen tests are important, and I don't say that just because I am a pen tester, they help you focus your IT security efforts.

VoIPong - [Larry] - VOIP Sniffer for setecting calls, and produces audio. Neat. They even have a live CD (23 Meg - good for business size CDs). Sounds like a useful too for auditing a VOIP network.

LeetUpload.com - A database of security tools - [PaulDotCom] - A web site dedicated to cataloging security tools. w00t.

Norton AV, and PC anywhere flaws - [Larry] - Ouch. An ActiveX control tha tallows for code to be executed on th machine via web browser for Norton AV. PcAnywhere 11.5.0 stores session credentials on clear text of memory. Now, this version of PcAnywhere is no longer supported, but the patch is available. That's good karma right there.

Top Five Security Priorities - [PaulDotCom] - USB thumb drives, blissfully ignorant end users, mobile devices, and Web 2.0 top the list. I think its good to produce these short lists and back them up with examples to help focus on the current efforts. Realize, you need to be worrying about more that these 5 things.

MS patches - DNS and Exchange - [Larry] - Let's dicsuss the DNS implications. Exchange had issues with MIME. Ouch.

Yet another default password flaw, in Cisco device - [PaulDotCom] - I like the way OpenWrt does it, you must login and change the password, there is no default!

.shenanigans with .bank - [PaulDotCom] - What does everyone think, would forcing banks to use .bank be helpful? Are users just stupid anyway?


Airdefense Hacks that Hacker - [PaulDotCom] - Airdefense claims to be able to prevent people from your WEP network by injecting bogus WEP packets.

Remote SCADA hole - [Larry] - Wow, 5 bugs. at least one remotely exploitable. This is the stuff that controls damns, powerplants, water treatment. Now this stuff should be attached to air-gapped networks. One of my favorite quotes from the article: "These backend protocols are often based upon standards that pre-date Windows," Graham wrote in his blog. "They are horribly insecure because few people in the SCADA industry know what a 'buffer-overflow' is."

TJX + WiFi + WEP = PWN3D - [Larry] - So now we know how it all went down. Come on people, get rid of WEP, of severeley segment, firewall and monitor it! I'm not convinced by any stretch of the imagination that WEP cloaking is valuable (you know who you are, AirDefense).

Hacking contests. Good or evil? - [Larry] - PWN to OWN, etc. We talked about this with Futo and Ivan, but what to we think...

VMware Shared folders directory Traversal - [Larry] - Paul, good reasons to disable shared folders in your VMs.

Satnav hacking - [Larry] - This is what happens when you take data, unauthenticated form unknown sources  :-)

IPv6 Type 0 Routing Headers can cause DoS - [Andrew] - Basically type 0 routing headers in IPv6 are equivalent to using source routing in IPv4. IPv6 can allow for more nodes to be specified, so the DoS effects are worse.

Other Stories of Interest

RSnake Interviews a Social Networking Site Phisher - [Joe] - Interesting to hear it from the horses mouth on how easy and profitable phishing myspace usahs really is

Remove your Phone Number from Google Search - [Joe] - Quick how-to on how to remove your phone # from google's phonebook

AOL.com only looks at the first 8 chars of a password - [Andrew] - Not hard to believe since it's AOL.com, but their demographic is already probably lacking sorely in security knowledge.

eGold indicted in online money laundering scheme - [Andrew] - eGold is an online gold transfer company that is alleged to have been involved in money laundering operations.