From Security Weekly Wiki
Jump to navigationJump to search


PaulDotCom Security Weekly - Episode 234 for Thursday March 10th, 2011.

  • SOURCE Boston on April 20 - 22- Paul and Larry will be there to hang out, talk security and drink beer.

Stories For Discussion

  1. Wireshark multiple vulnerabilities - [Larry] -
  2. XSS in Nagios - [Larry]
  3. RRouter Root - [Larry] - ELF file that bruteforces passwords on your router, then places an IRC backdoor on them. D-link routers. WANT!
  4. FinFisher - [Larry] - So, how do AV vendors deal with matters of State?
  5. Google Offers additional $20k as price on Pwn20wn - [Carlos] - Google is showing its support to researcher to show they do see the business value of making sure their products are secure.
  6. Safari and IE first to fall on Pwn20wn - [Carlos] - Browsers Safari and IE8 first to fall, IE was a difficult one according to Stephen Fewer the winner that exploited IE8, 6 weeks of work and chaining of 2 bugs to be able to get code execution, Safari was easier.
  7. JBoss Autopwn - [Carlos] - Nice to see more tools to test midleware and business logic centric infrastructure.
  8. Scapy 2.2 is Out! - [Carlos] - May I need say more? support for CDP, EIGRP, Cisco Skinny, RSVP, VQP, OSPF Extension and much much more, let the networks hit the floor!

Other Stories of Interest

List of beer victims