Episode37

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Story Time With "Twitchy"

Twitchy tells stories from the recent HOPE conference

Stories For Discussion

Internet Drive-By Shootings - Quite possibly one of the best blog postings I've read this year. The metasploit team lead by HD Moore (recently launching the Browser Vulnerability A Day and Malware Search Engine Sites) describes just how dangerous web browser attacks can be in great detail. They found code that can fingerprint everything from a Windows 98 host all they way to a Windows XP SP2 host and launch the appropriate exploit. Cool stuff.

Hostfinger printing and portscanning with javaScript and XSS - Very cool tactic that uses JavaScript to identify remote web servers and portscan networks. See demo here.

Mobile Anti-Virus Protection Services - "The fact is that there are over 300 known mobile malware. That is not hype. We estimate that tens of thousands of phones have been infected so far, worldwide." Wow, just Wow. I'd also like to thank the F-Secure folks again for bringing us timely, insightful, and really cool research. You guys rock, even if you are from Finland (kidding of course, reference: Daily Show skit...).

MS06-036 DHCP Client Exploit - Useful for exploiting hosts on the internal network, wired or wireless. Scenario - compromise workstation via web browser, have it spread DHCP exploit, build up your botnet a subnet at a time from the inside out :) From exploit code readme file: "This is our present to BlackHat/Defcon. If you're attending this year, STAY OFF THE INTRAWEBZ." Cool, a present, and its not even Christmas or my birthday!

Firefox trojan as extension - I suspect we will see more of this. Of course you allready need to be infected with Downloader-AXM for this to get delivered.

HOPE speaker arrested before talk - Turns out it was unrelated to his talk on privacy (which was frigtening), but because he impersonated a federal agent.

Blue Cross Idaho: "No wireless" - Now the auditors are challenging them with how to enforce it.

65 Oracle patches - Freaking Oracle! 65 at once is too many, and why do you have to hide them from legitimate security professionals?

Cracking Vista Beta 2 Local passwords - SAM databases (and SYSKEY), but you need to make sure you have updated tools. Thanks IronGeek! (also check out his Truecrypt and ADS video!)

Mitigating Wireless Driver Attacks - A response form Mike Kershaw (of kismet fame) for the upcoming wireless driver vulnerability talks at Black Hat. And the solution is...

Cisco VPN 3000 Concentrator DoS - By exhausting resources with IKE requests. Use "Call Admission Control for IKE". Other IKE compatible devices may be vulnerable. [Paul Asadoorian - The 3000 series VPN concentrators are reaching their end of life. The 5500 series is the replacement and is a much better processor platform, in addition to being IOS based. Latest version is 7.1]

Want to win some Cash? Crack these hashes! - An interesting challenge from Roger Grimes on the discussion of password complexity versus length. He puts his money where his mouth is. Article here

Symantec Hacks Vista - Sounds like marketing hype, but they were able to perform priveledge escallation due to implementation flaws in UAC (User Account Control). MS says using a beta is unfair...

Crypto protects criminals too - Kaspersky is claiming that "ransomware' Crypto is quickly becoming unbreakable. Ouch. When will they apply the strong crypto to other ingenious methods?

Other Stories Of Interest

Hping2 Works On Windows Again - Get packet crafting!

Malicious Anti-Spyware Software At Work Videos - From F-Secure, F$%@#*G Finland!

RFID Attack Vector - Researcher uses an RFID tag to run code on a system scanning it. Is this lack of security in RFID or just another attack vector for vulnerable systems.

IPS Evasion Talk - A French researcher will give a talk at Black Hat about how he was able to evade well known IPS' with a well known old worm, along with tools to detect IPS'

Symantec Expresses Concern Over Municipal WiFi (In)Security - Rhode Island will be next.

Netscape Hacked! - Well, if you count XSS. The hacker redirected users to Digg, Netscape's competitor. No malicious use...yet.