Changes

From Security Weekly Wiki
Jump to navigationJump to search
1,392 bytes added ,  21:18, 11 January 2007
no edit summary
[http://news.com.com/Flaw+found+in+Apple+bug-fix+tool/2100-1002_3-6148606.html Apple's Bug Fix tool...is Buggy!] - [Joe] - "Vulnerability researchers behind the "Month of Apple Bugs" project, which aims to publish one flaw per day throughout January in software used on Apple platforms, announced on Monday that they have found a vulnerability in a tool that is used by a group involved in finding fixes for the flaws. APE is a third-party piece of software, written by Unsanity, designed to "enhance and redefine" the behavior of applications running on Apple platforms. APE loads plug-ins containing executable code into active applications. Month of Apple Fixes uses the software to apply run-time patches to the flaws found by the Month of Apple Bugs project. The patches insert themselves into applications when they run, find the vulnerable code and apply themselves."
 
[http://www.darkreading.com/document.asp?doc_id=114424&f_src=darkreading_section_296 Bluetooth Security Worse than Wifi?] - [PaulDotCom] - Interesting article, HD, Zoller, and Finestere, all weigh in. I think its interesting to think of every Bluetooth device as an access point.
[http://www.theregister.co.uk/2007/01/09/scam_decline/ SPAM decline?] - [Larry] - Spam rose to unbelievable levels before the Holidays, now where did it all go? Rumor has it that a large botnet went all pear-shape. If the bot-nerder owns it, who does?
 
[http://jeremiahgrossman.blogspot.com/2007/01/review-of-subverting-ajax-white-paper.html Detailed Analysis of the Adobe vulns releaesed at CCC] - [PaulDotCom] - I was not able to digest this one in time for the show, but wanted to get other people's thoughts.
[http://applefun.blogspot.com/2007/01/canary-trap-leak-and-mole.html How to catch a mole] - [Larry] - More MOAB craziness. Release an "exploit" earlier to those trolling the site before releases. PWN3D!
 
[http://www.f-secure.com/weblog/#00001075 F-Secure has a signature for the MMS exploit] - [PaulDotCom] - It is also clear that it is still very much a PoC, only working on certain phones. To get it to work on other phones/MMS applications you need to port the shellcode.
[http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=22177&mode=thread&order=0&thold=0 Where's Nick?] - [Larry] - Lindend labs release the code to the second life client - Open Source.
 
[http://www.f-secure.com/weblog/#00001073 Some Laptops Come with Vulnerabilities] - [PaulDotCom] - First, Acer should be smacked. Second, the laptop is butt ugly. Third, Make sure you wipe your laptops and re-install before you use them to get rid of all the vendor crap.
[http://www.securityfocus.com/infocus/1885?ref=rss More Raul] - [Larry] - More of Raul's great article on wireless forensics.
 
[http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro.html NSA helps Microsoft] - [PaulDotCom] - Great Schenier posting, so what does the NSA do when it finds a vulnerability? Flip a coin? Heads, use it to spy on Americans. Tails, tell M$ about it. Could it be a double headed quarter? :)
[http://irongeek.com/i.php?page=security/networkprinterhacking#DoSing%20the%20network%20or%20the%20printer Irongeek's HP Printer hackin'] - [Larry] - Updated to include the FTP exploits a few shows ago. Adrian, Please drop Joe a note.
2,337

edits

Navigation menu