Security Weekly – Episode 5 – Dec 2, 2005

December 5, 2005
NOTE: By episode #227 we should have all of the audio problems worked out. Until then, please except our deepest apolgies for the audio quality. We learn more each time, but then we drink and somehow go backwards. Also, if someone has a diagram/description of a good audio setup for a recording to a video camera and a laptop, we could use it. - We promise not to talk about Sony DRM and IE. Okay, so we do anyway, but not as much. - Paul is paranoid about Sony, IE PoC exploit is given birth to new trojan - Hijack a podcast, Please don't hijack us, basically done by spoofing the feed URL of podcast and listing it on itunes and others - Apple OS X Security Updates, Safari has bugs, Paul is lazy still on Panther, email him to harras him, No Java fixes for Panther, Hopefully Paul doesn't get rooted? - Mozilla Firefox 1.5, Contains bug/Security fixes, GO GET IT!, Paul & Larry like the "Page not found with "Try Again" button" feature - Cisco http cross site scripting, DO NOT manage routers using HTTP or TELNET, do use TACACS+ and SSH - Cisco Security Agent has local privilege escelation exploit, oh the irony! - Perl Format string exploit, Fundimental flaws in perl stemming from format string vulnerabilities in printf functions. H.D Moore has been seen posting about these issues, so look for Metalsploit updates, may cover more than just ""
- Speaking of exploit frameworks, here's the top three:
- Metasploit - Perl-based, open-source exploit framework
- CANVAS - commercial, python based, exploit framwork. More features that metasploit, commercial support, etc..
- Core Impact - Commercial, Python Framework runs in windows-only, highly automated, shell code acts as a proxy to own more hosts
- Larry has a small font.. - Core Force is a new Endpoint Security Framework from Core Security. Its still in beta, and has malware prevention. * Beer is Magic Hat #9 and tastes so much better from the Keg (party at Larry's house next week, details to follow...) - Exploits available for MS 05-051, 05-053, get em' while their hot. Patching helps. - Update your java, new JREs released - What really grinds Paul's Gears - 180solutions suing Zone Labs stating they are a marketing company and not spyware - Sobering return from Holiday weekend, 1 in 14 emails on the internet is a virus - SANS Top 20 has been updated to clean-up language (threat vs. vulnerability), OS X called out in top 20, wake up call for OS X users. OS X is hackable, send Paul email for shellcode/exploit site. - New Orleans launches free Wireless, is Rhode Island doing the same? (I guess it makes sense, you could cover RI with like 2 access points :) - Wiretapping, Signaling vulnerabilities in wiretapping systems, C-Tone will fake the hang-up, read paper here - Cracking Safes with thermal imaging, Scrambling LCD Keypads are a good defense - Tools Of The Month, NTP OS finger printing and DHCP fake - Wireless Word Of The Week, WRT54G, series 5 now run VxWorks, WRT54GL is the latest linux hacking version Direct Download Link (Bandwidth provided by OSHEAN, they got skillz)
prestitial ad