Difference between revisions of "Episode234"

From Security Weekly Wiki
Jump to navigationJump to search
Line 15: Line 15:
 
#[http://go.theregister.com/feed/www.theregister.co.uk/2011/03/10/router_rooting_malware/ RRouter Root] - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers.  WANT!
 
#[http://go.theregister.com/feed/www.theregister.co.uk/2011/03/10/router_rooting_malware/ RRouter Root] - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers.  WANT!
 
#[http://www.f-secure.com/weblog/archives/00002114.html FinFisher] - [Larry] - So, how do AV vendors deal with matters of State?
 
#[http://www.f-secure.com/weblog/archives/00002114.html FinFisher] - [Larry] - So, how do AV vendors deal with matters of State?
#[http://www.theregister.co.uk/2011/02/02/pwn2own_2011/ Google Offers additional $20k as price on Pwn20wn] [Carlos] Google is showing its support to researcher to show they do see the business value of making sure their products are secure.
+
#[http://www.theregister.co.uk/2011/02/02/pwn2own_2011/ Google Offers additional $20k as price on Pwn20wn] - [Carlos] Google is showing its support to researcher to show they do see the business value of making sure their products are secure.
#[https://threatpost.com/en_us/blogs/apple-safari-and-internet-explorer-8-go-down-pwn2own-iphone-next-031011 Safari and IE first to fall on Pwn20wn][Carlos] Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier.
+
#[https://threatpost.com/en_us/blogs/apple-safari-and-internet-explorer-8-go-down-pwn2own-iphone-next-031011 Safari and IE first to fall on Pwn20wn] - [Carlos] - Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier.
#[https://github.com/SpiderLabs/jboss-autopwn JBoss Autopwn] [Carlos] Nice to see more tools to test midleware and business logic centric infrastructure.
+
#[https://github.com/SpiderLabs/jboss-autopwn JBoss Autopwn] - [Carlos] - Nice to see more tools to test midleware and business logic centric infrastructure.
 +
#[http://trac.secdev.org/scapy Scapy 2.2 is Out!] - [Carlos] - May I need say more? support for CDP, EIGRP, Cisco Skinny, RSVP, VQP, OSPF Extension and much much more, let the networks hit the floor!
  
 
= Other Stories of Interest =
 
= Other Stories of Interest =
  
 
= List of beer victims =
 
= List of beer victims =

Revision as of 22:47, 10 March 2011



Announcements

PaulDotCom Security Weekly - Episode 234 for Thursday March 10th, 2011.

  • SOURCE Boston on April 20 - 22- Paul and Larry will be there to hang out, talk security and drink beer.

Stories For Discussion

  1. Wireshark multiple vulnerabilities - [Larry] -
  2. XSS in Nagios - [Larry]
  3. RRouter Root - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers. WANT!
  4. FinFisher - [Larry] - So, how do AV vendors deal with matters of State?
  5. Google Offers additional $20k as price on Pwn20wn - [Carlos] - Google is showing its support to researcher to show they do see the business value of making sure their products are secure.
  6. Safari and IE first to fall on Pwn20wn - [Carlos] - Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier.
  7. JBoss Autopwn - [Carlos] - Nice to see more tools to test midleware and business logic centric infrastructure.
  8. Scapy 2.2 is Out! - [Carlos] - May I need say more? support for CDP, EIGRP, Cisco Skinny, RSVP, VQP, OSPF Extension and much much more, let the networks hit the floor!

Other Stories of Interest

List of beer victims