Difference between revisions of "Episode66"

From Security Weekly Wiki
Jump to navigationJump to search
Line 6: Line 6:
  
 
[http://portal.spidynamics.com/blogs/spilabs/archive/2007/04/02/Jikto-in-the-wild.aspx Jikto leaked!] - [Joe] - Billy Hoffman's Shmoocon presentation "JavaScript Malware for a Grey Goo Tomorrow" uncovered a URL to the Jikto source code and LogicX nabbed it. It is now out in the wild... ([http://www.spidynamics.com/spilabs/education/presentations/Javascript_malware.pdf Here is a link to his presentation])
 
[http://portal.spidynamics.com/blogs/spilabs/archive/2007/04/02/Jikto-in-the-wild.aspx Jikto leaked!] - [Joe] - Billy Hoffman's Shmoocon presentation "JavaScript Malware for a Grey Goo Tomorrow" uncovered a URL to the Jikto source code and LogicX nabbed it. It is now out in the wild... ([http://www.spidynamics.com/spilabs/education/presentations/Javascript_malware.pdf Here is a link to his presentation])
 +
 +
[http://www.cbronline.com/article_news.asp?guid=484BC88B-630F-4E74-94E9-8D89DD0E6606 "JavaScript hijacking" <3's Web 2.0] - [Joe] - "Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"

Revision as of 18:17, 2 April 2007

TWOVB aka The Week Of Vista Bugs - [PaulDotCom] - This is the year of the week of bugs! BONUS: Default Password List from the same site, kewl!

Windows ANI "Unspecified" Vulnerability - [PaulDotCom] - The link provided contains more resources, a patch installation file, and complete patch source code. Good, Bad, Indifferent? I think for individuals, a 3rd party patch is great. For organizations with more than a few desktops, its debatable.

Busting Bluetooth: Finding Bluetooth Sniffing Hardware - [PaulDotCom] - From what I can tell you can buy an off-the-shelf bluetooth dongle and turn it into a sniffer by flashing the firmware. However, this still requires a commercial application to sit on top of this in order to collect the packets.

Jikto leaked! - [Joe] - Billy Hoffman's Shmoocon presentation "JavaScript Malware for a Grey Goo Tomorrow" uncovered a URL to the Jikto source code and LogicX nabbed it. It is now out in the wild... (Here is a link to his presentation)

"JavaScript hijacking" <3's Web 2.0 - [Joe] - "Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"