Episode130

From Security Weekly Wiki
Jump to navigationJump to search

Stories For Discussion

Stephen Northcutt's Security Predictions Page - [PaulDotCom] - Experts from the field weigh in on security predictions. You know, I've changed my mind about predictions. I've decided that they are fun to make because you can think big and outlandish, and hey, its just a prediction. I make some more serious predictions, as do Josh Wright, Eric Cole, Rob Lee, and several others..

Tcpdump and Libpcap Updates - [PaulDotCom] - I have to tell you, while wireshark is all sexy, gui, and pretty, I MUCH perfer tcpdump. There is something just so familiar to me and comfortable about the command line (in fact, I have been actually enjoying windows by using more of the command line). I also found it interesting in the release notes when it mentions "Add support for Bluetooth Sniffing", really?

Metadata, PDF files, and watching attackers - [PaulDotCom] - I don't recommend actually watching hackers. For one, most are not super models (nor are many of them actually females), second, its pretty boring to watch someone type, even if they are doing cool, sexy hacking things. But here is a way to look into how an attacker created a malicious PDF, how long it took, what version he used to create it, etc... I like this idea, using metadata techniques against the attackers!

SOHO Router Wireless Security Report - [PaulDotCom] - This paper details some attacks against SOHO routers. First, they go over the DHCP name XSS vulnerability, which can execute XSS vulns against an administrator. Another attack, which I thought was neat, what that they registered their hostname with DHCP as "www.google.com", and got the router to update its DNS cache accordingly so that www.google.com resolved to a local IP address. So, if you have a Linksys WRT160N, D-Link DIR-615, Belkin F5D8233-4v3, or ActionTec MI424-WR you want to read this paper :)

Caller-ID Spoofing = Voicemail access - [PaulDotCom] - Voicemail can contain sensitive information (never leave passwords on someone's voicemail). Also, information gathering potential is huge. Set a pin!

I <3 Protocol Attacks - [PaulDotCom] - The main reason I love design flaws is that they stick around a lot longer than software vulnerabilities. Simply because they are harder to fix :) SMBrelay was great, and let me tell ya, you can have a FIELD DAY with it :)