Episode49

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories for Discussion

da da da da daaaaa.... I'm loving it (my McTrojan) - [Joe] - "Earlier this month, McDonald's Japan shipped 10,000 MP3 players as prizes in a competition they organized with Coca-Cola. Unfortunately, the players were also preloaded with a variant of the QQPass password-stealing trojan. We haven't seen these players ourselves, so we can't confirm how exactly you would get hit by this trojan, but some sources report you only had to plug it into your Windows PC." [Paul Asadoorian - You Bastard! You steal my story, now we fight! :) ] [Larry - Dont forget the iPods in the same predicament

1 in 3 users write down passwords - [Larry] - Ouch, can you say "exposure"? I know when I dumpster dive, I look for yellow gold - Post-it Notes! How about some user education on better passwords that they can remember.

Debian Project's write-up of a server compromise with wierd 0Day (do_brk) - Even though this kernel code was improved in September by Andrew Morton and copied into a recent pre-release kernels since October, the security implication of the improvement wasn't considered. Hence, no security advisories were issued by any vendor. However, after it was discovered to be used as a local root exploit the Common Vulnerabilities and Exposures project has assigned CAN-2003-0961 to this problem. It is fixed in Linux 2.4.23 which was released last weekend and in the Debian advisory DSA 403. Debian Server Listing!

Oracle releases 101 patches - [Larry] - One hundred and one. Holy crap. Aside from the whole patch cycle issues (please, discuss!), how poorly is Oracle written that it needs 100+ patches a quarter?

Follow-up from last weeks Google code search - [Paul] - Cool searches to run. This is my favorite - [Larry] Is my favorite

Hacking tor - [Larry] - More items to be concerend about for anonymous presentations - methods for revealing the true client IP - via shockwave. I can hear Nick now, damnned web 2.0!

NVIDIA Binary Graphics Driver Exploit in Linux - [Joe] - A recent security advisory announced today by Rapid7 explains, "the NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is attached to this advisory." The advisory goes on to note that the FreeBSD and Solaris binary drivers are also likely vulnerable to the same flaw and cautions, "it is our opinion that NVIDIA's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases. [Paul] - Binary blobs are evil! And this is why...

DIY Disclosure - [Larry] - Wow, this form reads like a madlib.

Secureworks Uncovers Bluetooth Vulnerabilities - [Paul] - Such fun! Looks like the Toshiba chipset is vulnerable. Interesting points in the advisory, "execution of arbitrary code at the highest privilege level.", which to me means Ring 0 because Maynor is the king of DMA and ring 0 execution. "An attacker would need to be within approximately 10 meters of the victim" Thats BULL, my Linksys dongle and 9 Dbi Yagi can go way farther than 10 meters, and thats before I put an amp on it. "Bluetooth addresses are easily enumerated through active scanning if the device allows discovery." Will this be true forever? Redfang was the first stab at this.... "This vulnerability was discovered and researched by David Maynor of SecureWorks, Inc. and Jon Ellch." You guys rock.

Complete Security Podcast list - [Larry] - Guess who was listed first? Welcome to all of our new listeners. Now, do go check out ALL of the other podcasts on the list - there are some real good one on there, and somet that are missing: SRT...

IE 7 goes not even 24 hours before first unpatched flaw - [Paul] - A flaw already? HD must be hard at work, fresh code to work with :)

Gotchas of Rogue AP containment - [Larry] - Certainly a deployment of WIDS is a great thing, but there are some definate issues (that could be come legal issues) that you need to be careful of.

Anti-Malware tools and IE7 install do not mix - [Larry] - Looks like the anti-mailware folks had it right by preventing the install of IE7. It is out there, and M$ says to disable your anti-malware for the install. I say leave it on, and go install Firefox or opera.

Automating post-exploitation tasks with meterpreter scripts - [Paul] - This is a new feature in metasploit 3.0 that allows you to write a script that will interact with all hosts you've compromised and deployed the meterpreter. Meterpreter currently only runs on Windows and is enhanced in version 3.0. For example, "pivoting" is more stable in this version.

Password Profiling Tool - [Paul] - The general idea is to personalize or profile the available data about a "target" person or system and generate a wordlist of possible passwords/passphrases out of available informations. Download Here

Awesome guide on Identity theft prevention - [Larry] - Go give this to everyone you know. If they don't have a computer print them a copy, becasue you don't need a computer for your identity to be stolen. Thanks Martin McKeay!

Rantings Of Bruce Potter - [Security Weekly] - What I can’t accept are the fricken clowns who use that “please click on this link so I know you’re a human” anti-spam auto responder. Like hell I’m going to do that. Oh, I so agree!!!!

VoMM - [Larry] - Metasploit 3.0 features, evading detection by obfuscating code... [Paul] - This Link Goes into way more detail. Cool stuff, like white-space randomization and string encoding.

Virus Warns You Porn Can Cause Marriage Problems - [Paul] - If your computer has tracks of all adult sites you have vistited.....it can violate your online privacy and could compromise your career and your marriage. It also goes on to force you to buy a product to fix the problem. Reall nice....

Hijacking IM Accounts - [Paul] - Never trust links in an IM Windows, even if they are in someone from your "Buddie List".

Virus Without Borders - [Paul] - Malware that jumps from phone to your PC. Dangerous is its spreading via MMS and then infecting PCs via bluetooth or when connected via USB.

Other Stories of Interest

No Browser is Safe, Opera Heap Overflow - [Paul]

Web rage in UK - [thx Martin Ryan] - "Paul Gibbons, 47, tracked down John Jones using details obtained online after the pair exchanged insults in an internet chatroom, a court heard. He travelled 70 miles to Mr Jones' home in Clacton, Essex, and beat him up with a pickaxe handle in December 2005." <-- max_lulz

Backtrack 2.0 Beta Released

Nice Tutorial on using find and xargs

New Nmap OS detection - [Larry] Go help out. Download and submit your signatures.

Cool USB Hacks