Episode15
From PaulDotCom Security Weekly
http://docs.info.apple.com/article.html?artnum=61798 - Apple Releases 10.4.5, which fixes a kernel buffer overflow vulnerability
http://www.securityfocus.com/brief/142?ref=rss - A new trojan for OS X appears. "A Day in the Life of an Information Security Investigator" has published a series of articles on OS X, "Castle OS X is Stormed Part I & II" and "Redux: The Seiege Begins". And there, well, kinda like fairy tales that have proven to be reality.
http://www.f-secure.com/weblog/#00000817 - Yet ANOTHER OS X proof-of-concept malware is released, this time in the form of a Bluetooth worm.
IE Users beware, any web site can view your clipboard - USE THIS SITE AT YOUR OWN RISK!
Botnet attack shuts down hospital network
CERT Released the Windows Intruder Detection Checklist
Another Blackberry Vulnerability Released
WiFi Phone Vulnerabilities & Discussion
RSA Conference Wrap-Up Part I and Part II
Microsoft Alerts Galore:
MS06-005 - This one already has a POC exploit. It is a buffer overflow vulnerability in the way Windows Media Player handles BMP files.
MS06-006 - So, if you use an a browser other than Internet Explorer you are vulnerable when you open files associated with Windows Media Player, unless of course you apply the patches. Get your exploits HERE, and HERE
MS06-007 - DoS vulnerability in the way Windows handles IGMP packets.
MS06-008 - This patches the vulnerability in Windows Web Client service. A user must already have credentials to exploit this.
MS06-009 - The Korean Input Method Editor has a vulnerability that could allow exploitation by users who are already logged into the system.
MS06-010 - Powerpoint 2000 has an information leak vulnerability, allow attackers to access objects in the Temporary Internet Files Folder (TIFF).
