Changes

From Security Weekly Wiki
Jump to navigationJump to search
2,496 bytes added ,  15:21, 1 December 2011
no edit summary
Matias Eissler is a Sr. Developer at Core Security. He has been working on the fields of information gathering, attack planning, file infection and client-side capabilities. Lately he has joined the Exploit Writing Team where he contributes with exploit effectiveness and reliability.
 
= Stories For Discussion =
 
== Larry's Stories ==
 
#[https://community.rapid7.com/community/metasploit/blog/2011/11/30/test-results-for-javarhino The Rhino in the Room] - [Larry] - Yikes, a cross platform Java exploit, tested by Rapid7 on Windows, Ubuntu and OSX, albeit recently patched. I wholeheartedly agree with a quote from @Viss - I cant wait to use this with SET.
#[http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/ Carrier IQ] - [Larry] Interesting. Data gathering of all data-ish traffic on your phone, including EVERYTHING typed into the phone. Scary. First off, how is a normal person supposed to be able to detect this? The point is, they aren't….
#[https://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-digit-password-secure-internet-facing-scada-system-112011 3 Character passwords is not APT] - [Larry] = OMG SCADA HAX! While we've heard reports lately about water pumps blowing up after hacks, which the FBI says isn't true (coverup maybe?), another hacker was upset. So, the new hacker makes their own statement by allegedly compromising A Seimens HMI system that was internet accessible with a 3 character password. Wow, not only are the folks who implement and maintain SCADA-ish networks not learning about internet connectivity issues, the password thing is inexcusable.
#[http://news.hitb.org/content/us-police-use-radio-encryption-stop-iphone-eavesdropping Encrypted wireless for Law enforcement] - [Larry] - Ok, claims that criminals are using fixed radios with remote access via smartphones to monitor law enforcement radio comms. Ok, cool, so law enforcement says that they will encrypt communications. I wonder if they will attempt to use P-25, or something else. Of course this becomes interesting if they are using public radio space…
#[http://rss.computerworld.com/~r/computerworld/s/feed/topic/17/~3/E9tF86-neck/Enterprises_struggle_to_update_browser_plug_ins Update broswer plugins?] - [Larry] - So, we've done a better job of updating our OSes (arguably), a little bit better job of updating third party apps (marginally), and a decent job of updating our browsers (as a part of the OS, irony much?), but how about those browser plugins? (Shockwave, Adobe, etc.), yeah, we don't have a real great insight into browser plugins and maintenance. In many cases, we can;t restrict our users from what they install, let alone if they use a different browser. What are we to do?
 
== Paul's Stories ==
 
== Jack's Stories ==
940

edits

Navigation menu