Sponsored By:
Wishing everyone a happy and safe holiday season. Be certain to check out our short holiday video clip:
Short Video Clip Direct Download Link (iPod Video)
We will be taking some time off, returning the week of January 2, 2006. There are good things coming in 2006. For now, eat, drink, and be merry... (I certainly will :)
.com
Wishing everyone a happy and safe holiday season. Be certain to check out our short holiday video clip:
Short Video Clip Direct Download Link (iPod Video)
We will be taking some time off, returning the week of January 2, 2006. There are good things coming in 2006. For now, eat, drink, and be merry... (I certainly will :)
.com
- Paul & Larry drink spiked egg nog
- Our Friends in Tech have put out their own "Geek Christmas Carol"
- New format of the show for the new year, keep the main show short, add-in special features- Listener feedback: John writes in and asks us to share some of our training and real life experiences, as far as training how it helped us in our jobs and sharing some more stories. We do, and we will :-)
- Check out the SANS Policy Resources
- Question of the week from Jeff - "Is there a tool you can run to catch insiders tunneling ssh over outbound 443/tcp to their home *nix box and then tunneling X back so they can surf and/or download software?" Check out the Bleeding Snort sigs for monitoring SSH on a non-std port, try a Packeteer or Netenforcer, Proxy all outbound connections (Squid perhaps), Monitor the desktop (CSA maybe?)
- Paul's conspiracy theory on Internet Week, Firefox "flaws"
- Never use IE on a Mac, Support Ending
- Guidance Software, makers on the forensic tool Encase, got hacked
- Nikon Coolpix P2 is pretty cool, supports Wi-Fi and WPA
- Oracle has partnered with Fortify Software, makers of Source Code Analysis software
- If you want to hack your Linksys, don't buy a Series 5 WRT54G- Bypassing VLANs for Fun and Profit with Yersinia
- A little history about PaulDotCom Security Weekly- Single packet authentication with fwknop, and a new version of SSH
Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com
Short Video Clip Direct Download Link (iPod Video)
(Bandwidth provided by OSHEAN, powerful they are, like egg nog)
- Paul & Larry drink spiked egg nog
- Our Friends in Tech have put out their own "Geek Christmas Carol"
- New format of the show for the new year, keep the main show short, add-in special features- Listener feedback: John writes in and asks us to share some of our training and real life experiences, as far as training how it helped us in our jobs and sharing some more stories. We do, and we will :-)
- Check out the SANS Policy Resources
- Question of the week from Jeff - "Is there a tool you can run to catch insiders tunneling ssh over outbound 443/tcp to their home *nix box and then tunneling X back so they can surf and/or download software?" Check out the Bleeding Snort sigs for monitoring SSH on a non-std port, try a Packeteer or Netenforcer, Proxy all outbound connections (Squid perhaps), Monitor the desktop (CSA maybe?)
- Paul's conspiracy theory on Internet Week, Firefox "flaws"
- Never use IE on a Mac, Support Ending
- Guidance Software, makers on the forensic tool Encase, got hacked
- Nikon Coolpix P2 is pretty cool, supports Wi-Fi and WPA
- Oracle has partnered with Fortify Software, makers of Source Code Analysis software
- If you want to hack your Linksys, don't buy a Series 5 WRT54G- Bypassing VLANs for Fun and Profit with Yersinia
- A little history about PaulDotCom Security Weekly- Single packet authentication with fwknop, and a new version of SSH
Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com
Short Video Clip Direct Download Link (iPod Video)
(Bandwidth provided by OSHEAN, powerful they are, like egg nog)
With his old friend Steve Marley and 3 ghosts of Tech Christmas past in tow, Scrooge is confronted with the decisions he is making and the life that he has had before…
Are you a geek not in the Christmas spirit? Do you "bah" and "humbug" at your users when they ask you to fix their printer or clean spyware from their computers? Well, nothing gets people in the Christmas spirit more than a good old fashioned Christmas Carol story, and this one is well-done and really funny if you are a geek. So go check it out! It was put together by the Friends In Tech
My ghost of Christmas past would have shown me opening an Apple IIe :)
.com
With his old friend Steve Marley and 3 ghosts of Tech Christmas past in tow, Scrooge is confronted with the decisions he is making and the life that he has had before…
Are you a geek not in the Christmas spirit? Do you "bah" and "humbug" at your users when they ask you to fix their printer or clean spyware from their computers? Well, nothing gets people in the Christmas spirit more than a good old fashioned Christmas Carol story, and this one is well-done and really funny if you are a geek. So go check it out! It was put together by the Friends In Tech
My ghost of Christmas past would have shown me opening an Apple IIe :)
.com
"...new tunneling support allows you to make a real VPN using OpenSSH without the need for any additional software. This goes well beyond the TCP port forwarding that we have supported for years - each end of a ssh connection that uses the new tunnel support gets a tun(4) interface which can pass packets between them. This is similar to the type of VPN supported by OpenVPN or other SSL-VPN systems, only it runs over SSH."
Most excellent! I can't wait to play around with this feature. It has the potential to solve many remote access issues, and make the current ones a little easier to setup. Combine that with a little Singe Packet Authentication and I think you could have a winning combination.
.com
"...new tunneling support allows you to make a real VPN using OpenSSH without the need for any additional software. This goes well beyond the TCP port forwarding that we have supported for years - each end of a ssh connection that uses the new tunnel support gets a tun(4) interface which can pass packets between them. This is similar to the type of VPN supported by OpenVPN or other SSL-VPN systems, only it runs over SSH."
Most excellent! I can't wait to play around with this feature. It has the potential to solve many remote access issues, and make the current ones a little easier to setup. Combine that with a little Singe Packet Authentication and I think you could have a winning combination.
.com
We have been experimenting with video lately and hope to have it become a regular thing after Christmas. You can find the video formatted for the iPod video at the following link:
The audio gain levels were set too high, we will be working this week to correct this problem and hope to offer episode 8 this coming week. But, we thought we would throw this one out there just for fun (make sure you turn down the volume of your player :)
.com
We have been experimenting with video lately and hope to have it become a regular thing after Christmas. You can find the video formatted for the iPod video at the following link:
The audio gain levels were set too high, we will be working this week to correct this problem and hope to offer episode 8 this coming week. But, we thought we would throw this one out there just for fun (make sure you turn down the volume of your player :)
.com
- Make sure you check out Friends In Tech, the two I have been listening to are In The Trenches and ChuckChat Technorama
- Thanks to Jennifer we post a short summary of each show on the Snort Blog
- MS "Black Tuesday" produces two matches, Internet Explorer Cumulative Patches (MS05-054), and MS05-055
- Microsoft Windows firewall vulnerability, patch available for download (not via Windows Update)
- Firefox users have been more savy, IE users are more likely to click on links
- Dell is including Firefox on pc's in UK
- "Return of the Land Attack" , many devices vulnerable, WRT54g, Cable Modems, Ingress filtering!! Ingress Filtering!!!, Using Linksys in layers
- Test the LAND attack with hping and NetDude ("The Hackers Choice!")
- Ironic vulnerability of the week, AppScan QA automated vulnerability testing tool buffer overflow
- Nortel SSL VPN Web Interface Input Validation, Larry shares his thoughts
- Does anyone ever look at the list of trusted sites in your browser?
- Opera - Security bug could allow for exec of code, Google was going to buy Opera?, Is it a rumor?
- Bluetooth Widcomm driver vulnerability allows remote attacker to inject audio and enable mic
- Paul Sings The Italian Christmas Donkey song
- The Do's and Don'ts of Picking up a girl in a computer lab
- Schneier's blog post on Airport Security
Software Releases:
- Nessus 3.0, faster, free not open-source, less false positives?
- Metasploit 3.0 Alpha Release 1
Tool of the week - libPJL from the Phenoelit group, also check out Paul's printer audit script
Wireless word of the week - WPA-PSK (Wi-Fi Protected Access-Pre-Shared Key) - Offers great security, GRC Password generator is great, protect your key
Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com
(Bandwidth provided by OSHEAN, like WuTang, they ain't nuttin' to f*** wit')
- Make sure you check out Friends In Tech, the two I have been listening to are In The Trenches and ChuckChat Technorama
- Thanks to Jennifer we post a short summary of each show on the Snort Blog
- MS "Black Tuesday" produces two matches, Internet Explorer Cumulative Patches (MS05-054), and MS05-055
- Microsoft Windows firewall vulnerability, patch available for download (not via Windows Update)
- Firefox users have been more savy, IE users are more likely to click on links
- Dell is including Firefox on pc's in UK
- "Return of the Land Attack" , many devices vulnerable, WRT54g, Cable Modems, Ingress filtering!! Ingress Filtering!!!, Using Linksys in layers
- Test the LAND attack with hping and NetDude ("The Hackers Choice!")
- Ironic vulnerability of the week, AppScan QA automated vulnerability testing tool buffer overflow
- Nortel SSL VPN Web Interface Input Validation, Larry shares his thoughts
- Does anyone ever look at the list of trusted sites in your browser?
- Opera - Security bug could allow for exec of code, Google was going to buy Opera?, Is it a rumor?
- Bluetooth Widcomm driver vulnerability allows remote attacker to inject audio and enable mic
- Paul Sings The Italian Christmas Donkey song
- The Do's and Don'ts of Picking up a girl in a computer lab
- Schneier's blog post on Airport Security
Software Releases:
- Nessus 3.0, faster, free not open-source, less false positives?
- Metasploit 3.0 Alpha Release 1
Tool of the week - libPJL from the Phenoelit group, also check out Paul's printer audit script
Wireless word of the week - WPA-PSK (Wi-Fi Protected Access-Pre-Shared Key) - Offers great security, GRC Password generator is great, protect your key
Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com
(Bandwidth provided by OSHEAN, like WuTang, they ain't nuttin' to f*** wit')
The latest edition of the SANS Advisor has been posted and this month's topic is disaster recovery. Having helped with the editing process in this edition, I highly recommend that everyone not only read this issue, but send it along to the people responsible for coordinating disaster recovery in your organization. Many experienced professionals have published their knowledge of this subject in this edition, including some excellent real life stories and lessons learned from recent disasters.
Sign-up for a SANS Portal Account and receive free monthly notifications
.com
The latest edition of the SANS Advisor has been posted and this month's topic is disaster recovery. Having helped with the editing process in this edition, I highly recommend that everyone not only read this issue, but send it along to the people responsible for coordinating disaster recovery in your organization. Many experienced professionals have published their knowledge of this subject in this edition, including some excellent real life stories and lessons learned from recent disasters.
Sign-up for a SANS Portal Account and receive free monthly notifications
.com
This setting allows anyone to remotely inject audio into a victim's PCspeakers, as well as remotely monitor audio via the microphone.
This is one of the scariest hacks I've seen lately. As indicated above, it allows you to record or play audio remotely on a victim's machine! This vulnerability applies to the Widcomm Windows bluetooth drivers which do not require authentication in order to connect to the Audio Gateway.
More information, including remediation steps, can be found here.
What would people hear you saying at your desk? (I mostly curse certain vendors web browsers, occasionally burp, and say "wow, that's cool" a lot). Now, as far as being able to play audio on a remote machine I could have so much fun with that one. Just think, the "The Italian Christmas Donkey" song playing over and over and over and over and over......
.com
This setting allows anyone to remotely inject audio into a victim's PCspeakers, as well as remotely monitor audio via the microphone.
This is one of the scariest hacks I've seen lately. As indicated above, it allows you to record or play audio remotely on a victim's machine! This vulnerability applies to the Widcomm Windows bluetooth drivers which do not require authentication in order to connect to the Audio Gateway.
More information, including remediation steps, can be found here.
What would people hear you saying at your desk? (I mostly curse certain vendors web browsers, occasionally burp, and say "wow, that's cool" a lot). Now, as far as being able to play audio on a remote machine I could have so much fun with that one. Just think, the "The Italian Christmas Donkey" song playing over and over and over and over and over......
.com
Chris Brenton has written an article for Sys Admin titled "Phishing Solutions". It outlines many good tips for protecting yourself or your users from phishing attacks.
Some of the suggested tools include:
Clam Anti-Virus - Includes support for preventing a good number of phishing attacks.
Petname - Allows you to mark sites as trusted and displays the trust status each time you visit a site.
FraudEliminator - A commercial product that will do essentially the same thing as Petname, with added features. (I like their slogan, "No Phishing Beyond This Point").
There are also many other tips and strategies to prevent phishing attacks, but you'll have to go read it for yourself. Check out Chris's article in this month's edition of Sys Admin Magazine.
.com
Chris Brenton has written an article for Sys Admin titled "Phishing Solutions". It outlines many good tips for protecting yourself or your users from phishing attacks.
Some of the suggested tools include:
Clam Anti-Virus - Includes support for preventing a good number of phishing attacks.
Petname - Allows you to mark sites as trusted and displays the trust status each time you visit a site.
FraudEliminator - A commercial product that will do essentially the same thing as Petname, with added features. (I like their slogan, "No Phishing Beyond This Point").
There are also many other tips and strategies to prevent phishing attacks, but you'll have to go read it for yourself. Check out Chris's article in this month's edition of Sys Admin Magazine.
.com
Well, its Black Tuesday and Microsoft has released to patches, one of which is a Cumulative Security Update for Internet Explorer. Many sources, including myself, report that is does fix the JavaScript vulnerability that was made public a couple of weeks ago. You can test it here.
You know, the one that has a published proof-of-concept exploit and associated trojan.
.com
Well, its Black Tuesday and Microsoft has released to patches, one of which is a Cumulative Security Update for Internet Explorer. Many sources, including myself, report that is does fix the JavaScript vulnerability that was made public a couple of weeks ago. You can test it here.
You know, the one that has a published proof-of-concept exploit and associated trojan.
.com
"Security zones are groupings of sites that give them different levels of access to the local system. The zoning system has been an achilles heel for Explorer in the past, with malicious sites able to gain access to the user's system by tricking the browser."
More like, "The zoning system has been the achilles heel for attackers...". There is no question that the zoning model needs to change in Internet Explorer. However, the changes they are developing are on only modifications to the existing model. The zone model needs to be completely redesigned, not just given a facelift. Example:
"One of the most significant changes for enterprise users will be the elimination of the intranet zone."
Okay, so you removed a zone that uses a worn out buzzword. This does little to improve the security of the browser. But wait, there's more:
"If a user wants to re-enable their intranet zone, they'll be able to."
Nice! There are some positive changes:
"By default Explorer 7 will assign "trusted sites" a "Medium" security level, the level given to Internet-zone sites under Explorer 6, Microsoft said. Users will get the option of manually lowering the trusted-sites security settings back to the Explorer 6 level via Internet Options or through policy settings, Microsoft said.
This is a step in the right direction. However, if the trusted zone still exists, and the user has the ability to allow sites to run in its context, attackers could also find a way to allow their sites to run in it too. I really do hope version 7 helps to improve the security of the browser. However, in order to keep pace with Firefox their going to have to add new features, which means new code to exploit :-)
You can find more information about all things IE on the IE Blog from Microsoft (What, has PaulDotCom lost his mind? He's linking to Micro$oft? Yikes!)
.com
"Security zones are groupings of sites that give them different levels of access to the local system. The zoning system has been an achilles heel for Explorer in the past, with malicious sites able to gain access to the user's system by tricking the browser."
More like, "The zoning system has been the achilles heel for attackers...". There is no question that the zoning model needs to change in Internet Explorer. However, the changes they are developing are on only modifications to the existing model. The zone model needs to be completely redesigned, not just given a facelift. Example:
"One of the most significant changes for enterprise users will be the elimination of the intranet zone."
Okay, so you removed a zone that uses a worn out buzzword. This does little to improve the security of the browser. But wait, there's more:
"If a user wants to re-enable their intranet zone, they'll be able to."
Nice! There are some positive changes:
"By default Explorer 7 will assign "trusted sites" a "Medium" security level, the level given to Internet-zone sites under Explorer 6, Microsoft said. Users will get the option of manually lowering the trusted-sites security settings back to the Explorer 6 level via Internet Options or through policy settings, Microsoft said.
This is a step in the right direction. However, if the trusted zone still exists, and the user has the ability to allow sites to run in its context, attackers could also find a way to allow their sites to run in it too. I really do hope version 7 helps to improve the security of the browser. However, in order to keep pace with Firefox their going to have to add new features, which means new code to exploit :-)
You can find more information about all things IE on the IE Blog from Microsoft (What, has PaulDotCom lost his mind? He's linking to Micro$oft? Yikes!)
.com
This was our first podcast to use Skype. We like it. Also, the audio quality should be much better, we read the manuals to all our equipment, and watched a fantastic video on Skype podcasting from the guys at Friends In Tech, you can download it here.
- Cisco IOS under attack, again
- More on podjacking, how to deal with it
- Black Tuesday is coming, previews here
- Podcasting added to Oxford dictionary
- Sharing stories about people still running windows 95/98
- Stopping filesharing in hotel networks with social engineering
- Check out Security Now!
- Sophos Threat Report was released this week
- Paul found an evil OS X site
- Paul went on a Mac rant
- Gifts for the security professional
- Syngress publishes the "How to steal an identity" book
Hosts: Paul Asadoorian, Larry Pesce, "The Mason"
Email the entire PaulDotCom Security Weekly Crew at psw@pauldotcom.com
- Tools Of The Month - New Nmap release, New MwCollect released, Rootkit revealer has been updated, and iwar war-dialer. Remote Rogue Network Detection
- Wireless Word Of The Week - Wireless Vulnerabilities and Exposures
(Bandwidth provided by OSHEAN, they're good, like beer)
This was our first podcast to use Skype. We like it. Also, the audio quality should be much better, we read the manuals to all our equipment, and watched a fantastic video on Skype podcasting from the guys at Friends In Tech, you can download it here.
- Cisco IOS under attack, again
- More on podjacking, how to deal with it
- Black Tuesday is coming, previews here
- Podcasting added to Oxford dictionary
- Sharing stories about people still running windows 95/98
- Stopping filesharing in hotel networks with social engineering
- Check out Security Now!
- Sophos Threat Report was released this week
- Paul found an evil OS X site
- Paul went on a Mac rant
- Gifts for the security professional
- Syngress publishes the "How to steal an identity" book
Hosts: Paul Asadoorian, Larry Pesce, "The Mason"
Email the entire PaulDotCom Security Weekly Crew at psw@pauldotcom.com
- Tools Of The Month - New Nmap release, New MwCollect released, Rootkit revealer has been updated, and iwar war-dialer. Remote Rogue Network Detection
- Wireless Word Of The Week - Wireless Vulnerabilities and Exposures
(Bandwidth provided by OSHEAN, they're good, like beer)
One of the many things I found interesting was this quote:
"...spyware has become one of the biggest threats that businesses now face."
Hmmm, I wonder how they are defining Spyware? I've seen malware, labeled as "Spyware", that created a backdoor on a users system. I believe that malware is a more appropriate term, and agree that malware on the desktop poses the greatest threat to businesses.
They also list Zafi.D as being the most critical malware threat. It seems to fit the profile of typical malware that we have seen in the past: Spreads through email, adds itself to the system startup in the registry, masks itself as anti-virus software, kills all processes that contain the term "firewall" and "virus", sets up a backdoor listener, and has the capabilty to update itself.
Whew, I used to say "Glad I run a Mac with OS X", however Mac users are facing new and uglier threats than ever before (Of course, there is no mention of them in the report). I debated whether or not to post this link (there is no information targeted at "good guys" on this site), however I believe people should know:
http://felinemenace.org/~nemo/
This site contains shellcode, presentations, and exploits targeted specifically at OS X. This is only going to get worse with the switch to Intel, I'm told that shellcode (the bytecode injected into the system once exploited) is easier to write for Intel than for PowerPC. And with Apple potentially gaining more marketshare, they become more of a target.
Sophos Security Threat Management Report 2005
.com
One of the many things I found interesting was this quote:
"...spyware has become one of the biggest threats that businesses now face."
Hmmm, I wonder how they are defining Spyware? I've seen malware, labeled as "Spyware", that created a backdoor on a users system. I believe that malware is a more appropriate term, and agree that malware on the desktop poses the greatest threat to businesses.
They also list Zafi.D as being the most critical malware threat. It seems to fit the profile of typical malware that we have seen in the past: Spreads through email, adds itself to the system startup in the registry, masks itself as anti-virus software, kills all processes that contain the term "firewall" and "virus", sets up a backdoor listener, and has the capabilty to update itself.
Whew, I used to say "Glad I run a Mac with OS X", however Mac users are facing new and uglier threats than ever before (Of course, there is no mention of them in the report). I debated whether or not to post this link (there is no information targeted at "good guys" on this site), however I believe people should know:
http://felinemenace.org/~nemo/
This site contains shellcode, presentations, and exploits targeted specifically at OS X. This is only going to get worse with the switch to Intel, I'm told that shellcode (the bytecode injected into the system once exploited) is easier to write for Intel than for PowerPC. And with Apple potentially gaining more marketshare, they become more of a target.
Sophos Security Threat Management Report 2005
.com
" ...IM bots are leveraging social engineering techniques to spread among users, most of whom are unaware that they are extending the bots' reach.The most notable new threat is the IM.Myspace04.AIM worm. It attempts to convince AIM users to download malicious content. Once infected, the host acts as a bot by sending out new messages to infect others, plus responding blindly to messages it receives."
Sounds very similar to IRC bots (Like Darkbot) that have plagued chatrooms for years. Now the attack is targeted at AIM users, who may not be savy enough to recognize a bot. This bot also appears to be a bit smarter than your average AIM bot, using popular lingo like "lol thats cool". The bot presents you with a link to a web site that infects you with Malware.
.com
" ...IM bots are leveraging social engineering techniques to spread among users, most of whom are unaware that they are extending the bots' reach.The most notable new threat is the IM.Myspace04.AIM worm. It attempts to convince AIM users to download malicious content. Once infected, the host acts as a bot by sending out new messages to infect others, plus responding blindly to messages it receives."
Sounds very similar to IRC bots (Like Darkbot) that have plagued chatrooms for years. Now the attack is targeted at AIM users, who may not be savy enough to recognize a bot. This bot also appears to be a bit smarter than your average AIM bot, using popular lingo like "lol thats cool". The bot presents you with a link to a web site that infects you with Malware.
.com
I have updated my links so that you do not have to leave the site to view my links collection. They are now all pulling from Del.icio.us, a fantastic bookmarking site. Here's how it works:
- I install a button in firefox that lets me post the current page to my del.icio.us bookmarks
- Each bookmark can have one or more "Tags" (categories really)
- The top of the links page represents my "Tag cloud", which is a listing of all my tags.
- The larger the text, the more sites I have put in that tag
- The listing below will always have my last 25 sites that I tagged
- I will be working on adding descriptions
My username on Del.icio.us is "kungfuhacker", in case anyone wants to tag links for me.
Enjoy!
.com
I have updated my links so that you do not have to leave the site to view my links collection. They are now all pulling from Del.icio.us, a fantastic bookmarking site. Here's how it works:
- I install a button in firefox that lets me post the current page to my del.icio.us bookmarks
- Each bookmark can have one or more "Tags" (categories really)
- The top of the links page represents my "Tag cloud", which is a listing of all my tags.
- The larger the text, the more sites I have put in that tag
- The listing below will always have my last 25 sites that I tagged
- I will be working on adding descriptions
My username on Del.icio.us is "kungfuhacker", in case anyone wants to tag links for me.
Enjoy!
.com
NOTE: By episode #227 we should have all of the audio problems worked out. Until then, please except our deepest apolgies for the audio quality. We learn more each time, but then we drink and somehow go backwards.
Also, if someone has a diagram/description of a good audio setup for a recording to a video camera and a laptop, we could use it.
- We promise not to talk about Sony DRM and IE. Okay, so we do anyway, but not as much.
- Paul is paranoid about Sony, IE PoC exploit is given birth to new trojan
- Hijack a podcast, Please don't hijack us, basically done by spoofing the feed URL of podcast and listing it on itunes and others
- Apple OS X Security Updates, Safari has bugs, Paul is lazy still on Panther, email him to harras him, No Java fixes for Panther, Hopefully Paul doesn't get rooted?
- Mozilla Firefox 1.5, Contains bug/Security fixes, GO GET IT!, Paul & Larry like the "Page not found with "Try Again" button" feature
- Cisco http cross site scripting, DO NOT manage routers using HTTP or TELNET, do use TACACS+ and SSH
- Cisco Security Agent has local privilege escelation exploit, oh the irony!
- Perl Format string exploit, Fundimental flaws in perl stemming from format string vulnerabilities in printf functions. H.D Moore has been seen posting about these issues, so look for Metalsploit updates, may cover more than just "miniserv.pl"
- Speaking of exploit frameworks, here's the top three:
- Metasploit - Perl-based, open-source exploit framework
- CANVAS - commercial, python based, exploit framwork. More features that metasploit, commercial support, etc..
- Core Impact - Commercial, Python Framework runs in windows-only, highly automated, shell code acts as a proxy to own more hosts
- Larry has a small font..
- Core Force is a new Endpoint Security Framework from Core Security. Its still in beta, and has malware prevention.
* Beer is Magic Hat #9 and tastes so much better from the Keg (party at Larry's house next week, details to follow...)
- Exploits available for MS 05-051, 05-053, get em' while their hot. Patching helps.
- Update your java, new JREs released
- What really grinds Paul's Gears - 180solutions suing Zone Labs stating they are a marketing company and not spyware
- Sobering return from Holiday weekend, 1 in 14 emails on the internet is a virus
- SANS Top 20 has been updated to clean-up language (threat vs. vulnerability), OS X called out in top 20, wake up call for OS X users. OS X is hackable, send Paul email for shellcode/exploit site.
- New Orleans launches free Wireless, is Rhode Island doing the same? (I guess it makes sense, you could cover RI with like 2 access points :)
- Wiretapping, Signaling vulnerabilities in wiretapping systems, C-Tone will fake the hang-up, read paper here
- Cracking Safes with thermal imaging, Scrambling LCD Keypads are a good defense
- Tools Of The Month, NTP OS finger printing and DHCP fake
- Wireless Word Of The Week, WRT54G, series 5 now run VxWorks, WRT54GL is the latest linux hacking version
(Bandwidth provided by OSHEAN, they got skillz)
NOTE: By episode #227 we should have all of the audio problems worked out. Until then, please except our deepest apolgies for the audio quality. We learn more each time, but then we drink and somehow go backwards.
Also, if someone has a diagram/description of a good audio setup for a recording to a video camera and a laptop, we could use it.
- We promise not to talk about Sony DRM and IE. Okay, so we do anyway, but not as much.
- Paul is paranoid about Sony, IE PoC exploit is given birth to new trojan
- Hijack a podcast, Please don't hijack us, basically done by spoofing the feed URL of podcast and listing it on itunes and others
- Apple OS X Security Updates, Safari has bugs, Paul is lazy still on Panther, email him to harras him, No Java fixes for Panther, Hopefully Paul doesn't get rooted?
- Mozilla Firefox 1.5, Contains bug/Security fixes, GO GET IT!, Paul & Larry like the "Page not found with "Try Again" button" feature
- Cisco http cross site scripting, DO NOT manage routers using HTTP or TELNET, do use TACACS+ and SSH
- Cisco Security Agent has local privilege escelation exploit, oh the irony!
- Perl Format string exploit, Fundimental flaws in perl stemming from format string vulnerabilities in printf functions. H.D Moore has been seen posting about these issues, so look for Metalsploit updates, may cover more than just "miniserv.pl"
- Speaking of exploit frameworks, here's the top three:
- Metasploit - Perl-based, open-source exploit framework
- CANVAS - commercial, python based, exploit framwork. More features that metasploit, commercial support, etc..
- Core Impact - Commercial, Python Framework runs in windows-only, highly automated, shell code acts as a proxy to own more hosts
- Larry has a small font..
- Core Force is a new Endpoint Security Framework from Core Security. Its still in beta, and has malware prevention.
* Beer is Magic Hat #9 and tastes so much better from the Keg (party at Larry's house next week, details to follow...)
- Exploits available for MS 05-051, 05-053, get em' while their hot. Patching helps.
- Update your java, new JREs released
- What really grinds Paul's Gears - 180solutions suing Zone Labs stating they are a marketing company and not spyware
- Sobering return from Holiday weekend, 1 in 14 emails on the internet is a virus
- SANS Top 20 has been updated to clean-up language (threat vs. vulnerability), OS X called out in top 20, wake up call for OS X users. OS X is hackable, send Paul email for shellcode/exploit site.
- New Orleans launches free Wireless, is Rhode Island doing the same? (I guess it makes sense, you could cover RI with like 2 access points :)
- Wiretapping, Signaling vulnerabilities in wiretapping systems, C-Tone will fake the hang-up, read paper here
- Cracking Safes with thermal imaging, Scrambling LCD Keypads are a good defense
- Tools Of The Month, NTP OS finger printing and DHCP fake
- Wireless Word Of The Week, WRT54G, series 5 now run VxWorks, WRT54GL is the latest linux hacking version
(Bandwidth provided by OSHEAN, they got skillz)
"Linksys last month switched the standard model of its ubiquitous WRT54G wireless router from Linux to VxWorks, starting with the "series 5" version. Now, LinkSys is shipping a Linux-based WRT54GL model that it says it created specially for Linux hobbyists, hackers, and aficianados. The L version is identical to the "series 4" WRT54G units that Linux hobbyists have long enjoyed hacking, according to the company."
This is an interesting move by Cisco/Linksys. The new versions of the WRT54G, dubbed "series 5", will run VxWorks and have half the RAM and flash of previous versions (going from 4Mb of flash and 16Mb of RAM, to 2Mb of Flash and 8Mb of RAM). VxWorks is a slimmed down OS intended for embedded devices and Linksys says this will offer come speed improvements. This is very different from the WRT54GL model, which runs Linux and is intended to be hacked and the last remaining 54g to run Linux. Some sites I've read say, "stock up now". I think I will do just that right now...
"Linksys last month switched the standard model of its ubiquitous WRT54G wireless router from Linux to VxWorks, starting with the "series 5" version. Now, LinkSys is shipping a Linux-based WRT54GL model that it says it created specially for Linux hobbyists, hackers, and aficianados. The L version is identical to the "series 4" WRT54G units that Linux hobbyists have long enjoyed hacking, according to the company."
This is an interesting move by Cisco/Linksys. The new versions of the WRT54G, dubbed "series 5", will run VxWorks and have half the RAM and flash of previous versions (going from 4Mb of flash and 16Mb of RAM, to 2Mb of Flash and 8Mb of RAM). VxWorks is a slimmed down OS intended for embedded devices and Linksys says this will offer come speed improvements. This is very different from the WRT54GL model, which runs Linux and is intended to be hacked and the last remaining 54g to run Linux. Some sites I've read say, "stock up now". I think I will do just that right now...
While Firefox and IE are getting all the hype lately, Apple has released four patches for Safari as part of its latest round, two of which claim to be remotely exploitable:
CVE-2005-2491 - Processing a regular expressions may result in arbitrary code executionCVE-2005-3702 - Safari may download files outside of the designated download directory
CVE-2005-3703 - JavaScript dialog boxes in Safari may be misleading
CVE-2005-3705 - Visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution
I believe this ties into the SANS Top 20 list, which has listed OS X for the first time as having vulnerabilities (which pose a threat :) This was intended as a wake up call of sorts for OS X users and hopefully sends the message that we all need to pay attention to security, even if we do use a Mac. WeaponX anyone?
While Firefox and IE are getting all the hype lately, Apple has released four patches for Safari as part of its latest round, two of which claim to be remotely exploitable:
CVE-2005-2491 - Processing a regular expressions may result in arbitrary code executionCVE-2005-3702 - Safari may download files outside of the designated download directory
CVE-2005-3703 - JavaScript dialog boxes in Safari may be misleading
CVE-2005-3705 - Visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution
I believe this ties into the SANS Top 20 list, which has listed OS X for the first time as having vulnerabilities (which pose a threat :) This was intended as a wake up call of sorts for OS X users and hopefully sends the message that we all need to pay attention to security, even if we do use a Mac. WeaponX anyone?