Episode67

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories for Discussion

Fingerprinting School Children in the UK - [Joe] - The UK continues to be the leader in "free world" surveillance, this time by conditioning kids in school to submit to biometric identification. With all the data that the UK collects from closed circuit tv and programs like this, it makes you wonder how secure that data is and what the impact of a break-in would have on the country?

Voyage to 0Day - [Paul] - Looks like a really cool tutorial for Ruby and Metasploit.

RFID Guardian - [Larry] A personal RFID firewall developed by Melanie Rieback and colleagues. Cool.

Geek Squad to the rescue? - [Paul] - Gives a whole new meaning to the term "PEEP", I mean "PEAP".

Japanese naval porn ring probed - [Larry] - Didn't they mean Japanese Navel ring porn? Either way, 3 seamen traded porn, and confidential Aegis missile docs via P2P. So, what legiimae use does P2P have in your organization? reminds me of seewhatyoushare.com (now defunct) - I'll explain.

VMware Buffer Overflow vulnerability - [Paul] - The attack vector is not clear on this one, its for ESX server, but no telling whether or not you could be in a guest OS and exploit the host OS. There is another one as well, listed as an "unspecified buffer overflow". WTF does that mean? If its a buffer overflow, you have to specifiy a few things, like offset?!?!?!?!?!

Cisco Wireless Solutions Vulnerabilities - [Paul] - Looks like Cisco has been doing some fuzzing, "The Network Processing Unit (NPU) is responsible for handling traffic within the WLC. It is possible to cause one or more NPUs to lock up by sending certain types of traffic to an affected WLC. This traffic includes crafted SNAP packets, malformed 802.11 traffic, and packets with unexpected length values in certain headers." Think they use LORCON?

Irongeek's Wall of Social Science Majors - [Larry] - ...now via slax livecd. You're on your own for tech support though. Maybe a listener or two could provide a mirror?

Caller-ID as Authentication to Voice Mail - [Paul] - Okay, so now I am officially fired up at all the stupid crap we've found this week! If you use the following VM systems (T-Mobile, Alcatel-Lucent Lucent Technologies, Sprint Nextel, Nortel Networks CallPilot and Meridian Mail voicemail systems) you are probably already pwned. And another thing, I HATE VOICEMAIL. Email me a wav file thank you very much. Check out Ureach and Youmail.

when will the madness end? - [Larry] - Now, the month of Malware bugs from McAfee Avert Labs

Linux WiFi Bug Exploited - [Paul] - An Italian researcher, Butti, apparently wrote his own fuzzer and found some wireless driver bugs. HOT! More to come to as he claims to be working on some different attack vectors.

  • Reference 1 - MadWifi bug - "This overflow occurs because the driver does not properly process the information element part of probe response management frames. An attacker within radio range may be able to trigger the overflow by sending a specially-crafted 802.11 management frame to a vulnerable system."
  • Reference 2 - FreeBSD Bug - "An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer."

MESSAGE TO PROGRAMMERS: "Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID." Please check the length of a given SSID!!!!!

Over 2000 sites host ANI exploit - [Larry] - according to Websense. Bastards missed one too  :-( go patch now!

Botnet Theory From Blackhat EU - [Paul] - Using IRC is kinda stupid, how about using P2P protocols to communicate that are tunneled in HTTP or DNS? How about not knowing where the C&C server is, but knowing how to find out by searching for a OTP value in a Skype profile because you share a seed with the C&C server? Evil stuff!!!!

SiteKey phishing - [Larry] - The "un-phihable" can be fished. Go figure. Bank Of America's sitekey two factor authentication is real weak - I'll explain. Brought to you by the same guy who faked boarding passes.

iPod Linux Virus - [Paul] - Fun stuff, a virus for your iPod, but only if it runs iPod Linux. Still, I love to see malware that can infect a handheld or iPod, then infect a PC, then even go infect your car via bluetooth! Maybe someday my dream will become reality, I think many of the pieces are there and we may very well see an incident that helps to raise awareness.

Backup tapes lost in transit - [Larry] ...they were in a locked case. However, we've indicated in the past that locks are easily picked. How about encrypting those backups...


Stories of Interest

Layerone Conference in Cali