Difference between revisions of "Episode250"

From Security Weekly Wiki
Jump to navigationJump to search
Line 31: Line 31:
  
 
== Larry's Stories ==
 
== Larry's Stories ==
 +
#[http://community.websense.com/blogs/securitylabs/archive/2011/07/07/jailbreakme-com-3-and-security-implications.aspx iPhone Jailbreak PDF concerns] - [Larry] - Great observations here.  While we all love our iPhone jailbreaks, this one (as before) just involves a PDF reader exploit.  Browse to a website (or receive e-mail, view PDF and jailbreak.  How about the same with malicious content?  Yeah, that simple.  There are some bets as to when Apple will release a patch, but even if they do, how long will the attack surface be available for?  Those that don't update, and those who don't in order to keep their jailbreak.
 +
#[http://feedproxy.google.com/~r/digitalbond/oLPM/~3/o8QMVsIrUI4/ Incompetence or Deception] - [Larry] - So, what's worse when talking aabout vulnerability disclosure and discovery.  Specifically related to the Siemens replay issue, but can be applied elsewhere. You release a vuln for one model, but can test on the more expensive ones due to cost.  someone else confirms, but the vendor can;t make it work on the other models.  Later, they say, oh hey, we found this vulnerability in the expensive models….
 +
#[http://packetstormsecurity.org/news/view/19426/vsftpd-Download-Found-Backdoored.html vsftpd backdoored]- [Larry] - Lulz. Login s a user of :) and a TCP shell tries to connect back.  Looks like only one distribution point was compromised.
 +
#[http://www.darknet.org.uk/2011/07/security-researchers-discover-4-million-strong-indestructible-botnet-tdsstdl/ Indestructible Botnet?] - [Larry] - TDSS, a new version of the TDL Aleureon rootkit is now out there.    Why indestructible?  Arguably because it is hard to remove the client, as mostly because it goes unnoticed to begin with.
  
 
== Paul's Stories ==
 
== Paul's Stories ==
  
 
== Mystery Guest X's Stories ==
 
== Mystery Guest X's Stories ==

Revision as of 19:01, 8 July 2011


Announcements

PaulDotCom Security Weekly - Episode 250 for Friday July 8th, 2011.

  • Los tres primeros episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, y Chema Alonso esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2
    • If you can't make it to BlackHat, then consider instead the always fabulous SANS Las Vegas for "Advanced Vulnerability Scanning Techniques Using Nessus" Saturday, September 17 - Sunday, September 18.


Interview: Secret Guest!

7:30 PM

Secret Segment!

8:00 to 8:30

Stories For Discussion

PaulDotCom Blog Roundup

Larry's Stories

  1. iPhone Jailbreak PDF concerns - [Larry] - Great observations here. While we all love our iPhone jailbreaks, this one (as before) just involves a PDF reader exploit. Browse to a website (or receive e-mail, view PDF and jailbreak. How about the same with malicious content? Yeah, that simple. There are some bets as to when Apple will release a patch, but even if they do, how long will the attack surface be available for? Those that don't update, and those who don't in order to keep their jailbreak.
  2. Incompetence or Deception - [Larry] - So, what's worse when talking aabout vulnerability disclosure and discovery. Specifically related to the Siemens replay issue, but can be applied elsewhere. You release a vuln for one model, but can test on the more expensive ones due to cost. someone else confirms, but the vendor can;t make it work on the other models. Later, they say, oh hey, we found this vulnerability in the expensive models….
  3. vsftpd backdoored- [Larry] - Lulz. Login s a user of :) and a TCP shell tries to connect back. Looks like only one distribution point was compromised.
  4. Indestructible Botnet? - [Larry] - TDSS, a new version of the TDL Aleureon rootkit is now out there. Why indestructible? Arguably because it is hard to remove the client, as mostly because it goes unnoticed to begin with.

Paul's Stories

Mystery Guest X's Stories