Security Weekly – Episode 7 – Dec 16, 2005 | SC Media

Security Weekly – Episode 7 – Dec 16, 2005

December 19, 2005
'- Make sure you check out Friends In Tech, the two I have been listening to are In The Trenches and ChuckChat Technorama - Thanks to Jennifer we post a short summary of each show on the Snort Blog - MS "Black Tuesday" produces two matches, Internet Explorer Cumulative Patches (MS05-054), and MS05-055 - Microsoft Windows firewall vulnerability, patch available for download (not via Windows Update) - Firefox users have been more savy, IE users are more likely to click on links - Dell is including Firefox on pc's in UK - "Return of the Land Attack" , many devices vulnerable, WRT54g, Cable Modems, Ingress filtering!! Ingress Filtering!!!, Using Linksys in layers - Test the LAND attack with hping and NetDude ("The Hackers Choice!") - Ironic vulnerability of the week, AppScan QA automated vulnerability testing tool buffer overflow - Nortel SSL VPN Web Interface Input Validation, Larry shares his thoughts - Does anyone ever look at the list of trusted sites in your browser? - Opera - Security bug could allow for exec of code, Google was going to buy Opera?, Is it a rumor? - Bluetooth Widcomm driver vulnerability allows remote attacker to inject audio and enable mic - Paul Sings The Italian Christmas Donkey song - The Do's and Don'ts of Picking up a girl in a computer lab - Schneier's blog post on Airport Security Software Releases: - Nessus 3.0, faster, free not open-source, less false positives? - Metasploit 3.0 Alpha Release 1 Tool of the week - libPJL from the Phenoelit group, also check out Paul's printer audit script Wireless word of the week - WPA-PSK (Wi-Fi Protected Access-Pre-Shared Key) - Offers great security, GRC Password generator is great, protect your key Hosts: Larry Pesce, Paul Asadoorian Email: [email protected] Direct Download Link (Bandwidth provided by OSHEAN, like WuTang, they ain't nuttin' to f*** wit')
prestitial ad