From Security Weekly Wiki
Jump to navigationJump to search
1,557 bytes added ,  21:10, 11 January 2007
no edit summary
[ "bugging" coins with RFID] - [Joe] - "Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence. Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology." [Larry] - Holy crap! Besides the potential tracking and provacy issues, I want one! Any Canadians care to send me one?
[ Keep Your Client Software Up-To-Date] - [PaulDotCom] - If you are using Adobe Reader, Java, WinZip, or Open Office, get updating. Also, note to the software makers, firefox does an excellent job of keeping itself up-to-date, why can't you? Users, consider something like Version Tracker software to help keep your software up-to-date or you will be pwned. That goes for Windows and OS X, Linux users use a distribution that offers automatic updates (like Debian, Gentoo, or uBuntu) and try not to stray from the provided packages.
[ We are controlling transmission] - [Larry] - This hack is old, but very neat. Chicago, Novermber 22, 1987, Chicago land viewers for to see Max Headroom and a naked butt on the TV instead of Dr. Who. Apparently someone was able to inject their own data in to a licensed microwave transmission array. Alegedly, the equipment could have been rented for about 25K, or built by hand. Either way, it was illegal to operate - just because it is illegal or expensive, doesn't mean hackers won't do it
[ iDefense wants your vulnerabilities/exploits] - [PaulDotCom] - I have mixed feelings on this one. On one hand, its good that bug hunters are being encouraged, okay bribed, to release their exploits so that vendors can fix them. However, this all depends on how well it is handled. Most of the companies that are buying exploits have some vested interest, iDefense is owned by Verisign who offers managed IDS/IPS, and the 3com project of a similar nature has potential benefits to the Tipping Point product line. COI if you ask me...
[ Apple's Bug Fix Buggy!] - [Joe] - "Vulnerability researchers behind the "Month of Apple Bugs" project, which aims to publish one flaw per day throughout January in software used on Apple platforms, announced on Monday that they have found a vulnerability in a tool that is used by a group involved in finding fixes for the flaws. APE is a third-party piece of software, written by Unsanity, designed to "enhance and redefine" the behavior of applications running on Apple platforms. APE loads plug-ins containing executable code into active applications. Month of Apple Fixes uses the software to apply run-time patches to the flaws found by the Month of Apple Bugs project. The patches insert themselves into applications when they run, find the vulnerable code and apply themselves."
[ Best site to hit with a XSS attack and/or hijack] - [PaulDotCom] - Good idea, but big red target in my opinion. Do I really trust it?
== Other Stories Of Interest ==
[,72478-0.html Electronic Lust, sex toys for your computer] - [PaulDotCom] - When I was in college, my friend and I used to try and come up with business ideas. One of them was this, and then we started to see people actually doing it... Ewwww, dirty USB ports...


Navigation menu