Difference between revisions of "Episode234"
From Security Weekly Wiki
Jump to navigationJump to searchDarkoperator (talk | contribs) |
Darkoperator (talk | contribs) |
||
| Line 15: | Line 15: | ||
#[http://go.theregister.com/feed/www.theregister.co.uk/2011/03/10/router_rooting_malware/ RRouter Root] - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers. WANT! | #[http://go.theregister.com/feed/www.theregister.co.uk/2011/03/10/router_rooting_malware/ RRouter Root] - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers. WANT! | ||
#[http://www.f-secure.com/weblog/archives/00002114.html FinFisher] - [Larry] - So, how do AV vendors deal with matters of State? | #[http://www.f-secure.com/weblog/archives/00002114.html FinFisher] - [Larry] - So, how do AV vendors deal with matters of State? | ||
| − | #[http://www.theregister.co.uk/2011/02/02/pwn2own_2011/ Google Offers additional $20k as price on Pwn20wn] [Carlos] Google is showing its support to researcher to show they do see the business value of making sure their products are secure. | + | #[http://www.theregister.co.uk/2011/02/02/pwn2own_2011/ Google Offers additional $20k as price on Pwn20wn] - [Carlos] - Google is showing its support to researcher to show they do see the business value of making sure their products are secure. |
| − | #[https://threatpost.com/en_us/blogs/apple-safari-and-internet-explorer-8-go-down-pwn2own-iphone-next-031011 Safari and IE first to fall on Pwn20wn][Carlos] Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier. | + | #[https://threatpost.com/en_us/blogs/apple-safari-and-internet-explorer-8-go-down-pwn2own-iphone-next-031011 Safari and IE first to fall on Pwn20wn] - [Carlos] - Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier. |
| − | #[https://github.com/SpiderLabs/jboss-autopwn JBoss Autopwn] [Carlos] Nice to see more tools to test midleware and business logic centric infrastructure. | + | #[https://github.com/SpiderLabs/jboss-autopwn JBoss Autopwn] - [Carlos] - Nice to see more tools to test midleware and business logic centric infrastructure. |
| + | #[http://trac.secdev.org/scapy Scapy 2.2 is Out!] - [Carlos] - May I need say more? support for CDP, EIGRP, Cisco Skinny, RSVP, VQP, OSPF Extension and much much more, let the networks hit the floor! | ||
= Other Stories of Interest = | = Other Stories of Interest = | ||
= List of beer victims = | = List of beer victims = | ||
Revision as of 22:47, 10 March 2011
Contents
Announcements
PaulDotCom Security Weekly - Episode 234 for Thursday March 10th, 2011.
- SOURCE Boston on April 20 - 22- Paul and Larry will be there to hang out, talk security and drink beer.
Stories For Discussion
- Wireshark multiple vulnerabilities - [Larry] -
- XSS in Nagios - [Larry]
- RRouter Root - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers. WANT!
- FinFisher - [Larry] - So, how do AV vendors deal with matters of State?
- Google Offers additional $20k as price on Pwn20wn - [Carlos] - Google is showing its support to researcher to show they do see the business value of making sure their products are secure.
- Safari and IE first to fall on Pwn20wn - [Carlos] - Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier.
- JBoss Autopwn - [Carlos] - Nice to see more tools to test midleware and business logic centric infrastructure.
- Scapy 2.2 is Out! - [Carlos] - May I need say more? support for CDP, EIGRP, Cisco Skinny, RSVP, VQP, OSPF Extension and much much more, let the networks hit the floor!
