Episode47

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

Episode 47 Audio (mp3)

Fingerprinting 802.11 Implementations via Statistical Analysis of the Duration Field - [Paul] - By none other than Johnny Cache, a fantastic paper.

Safe Porn Browsing - [Larry] - How does onen browse for porn safely?

Local Root Exploit For OS X - [Paul] - and it works, really well, giving you a root shell. According to the comments released in the latest exploit, it works on a fully patched Mac OS X 10.3 system. A good write-up from Matasano ( By Dino Dai Zovi, the researcher who discovered this bug and also the author of our favorite wireless hacking tool Karma).

OS X 10.4.8 is out, holy patches!!!! - [Paul] - Many more patches have been released for OS X.

Global Hotspots Violate ISP agreements - [Paul] - So, maybe sharing your internet connection via FON wasn't such a good idea after all! Doh!

Nokia Phone Unlock - [Paul] - Sweet little hack to unlock a phone.

Top 11 Computer Attacks Against Celebrities - [Paul] - My favorite: "Hasslehoffed: This Germany-based virus is actually very popular in that country, as it plays continuous loops of David Hasslehoff's greatest hits."

Fighting Phishing From Phishtank - [Paul] - Once you've registered you are able to submit information on phishing attacks via email. Complete with an archive of phishing attacks with screenshots!

Full Details on the SSdeep forensics tool have been released - Certain helps determine if someone has made minor changes, came to me when discussing md5 has collision, not that this will help that, but a cool tool none the less!

30 0Day flaws found in Firefox at Toorcon - [Paul] - One was released, all should be patching in the coming weeks. UPDATE: Researchers back off their claim that that found 30 vulnerabilities and admit that they can only crash browsers, not execute code. Full Story

Pact With The Devil - [Paul] - The basic premise is that you get access to someone's personal information, then blackmails you, threatening to rat you out. Fun stuff!

Threat Update From ISC - [Paul] - 0Day for firefox, upgrade to OpenSSH 4.4, and a PHPMyadmin bug pointed out all by Lenny Z. I hope that OS X updates OpenSSH as well, as I believe it is the same codebase.

Forensics Wiki Picking Up Steam - [Paul] - Does anyone use this resource on a regular basis? Supposed to be some good stuff, and have picked up a good amount of content recently.

ZERT releases VML patch - [Larry] - ...for Windowes 98!

BeEF - Browser Exploitation Framework - [Paul] - An entire framework dedicated to browser exploits and XSS.