From Security Weekly Wiki
Revision as of 20:56, 10 May 2007 by Jconlin (talk | contribs)
Jump to navigationJump to search

Stories for Discussion

Month of ActiveX bugs - [Joe] - more MO-LOLs [Larry] - I thought English was the language of the internet?

VMware multiple DoS - [Larry] - ...and possible information disclosure. This is the other way around guys, break out of a VM, not into. Hmmm. Into a VM could be promising.

VoIPong - [Larry] - VOIP Sniffer for setecting calls, and produces audio. Neat. They even have a live CD (23 Meg - good for business size CDs). Sounds like a useful too for auditing a VOIP network.

Norton AV, and PC anywhere flaws - [Larry] - Ouch. An ActiveX control tha tallows for code to be executed on th machine via web browser for Norton AV. PcAnywhere 11.5.0 stores session credentials on clear text of memory. Now, this version of PcAnywhere is no longer supported, but the patch is available. That's good karma right there.

MS patches - DNS and Exchange - [Larry] - Let's dicsuss the DNS implications. Exchange had issues with MIME. Ouch.

Remote SCADA hole - [Larry] - Wow, 5 bugs. at least one remotely exploitable. This is the stuff that controls damns, powerplants, water treatment. Now this stuff should be attached to air-gapped networks. One of my favorite quotes from the article: "These backend protocols are often based upon standards that pre-date Windows," Graham wrote in his blog. "They are horribly insecure because few people in the SCADA industry know what a 'buffer-overflow' is."

TJX + WiFi + WEP = PWN3D - [Larry] - So now we know how it all went down. Come on people, get rid of WEP, of severeley segment, firewall and monitor it! I'm not convinced by any stretch of the imagination that WEP cloaking is valuable (you know who you are, AirDefense).

Hacking contests. Good or evil? - [Larry] - PWN to OWN, etc. We talked about this with Futo and Ivan, but what to we think...

VMware Shared folders directory Traversal - [Larry] - Paul, good reasons to disable shared folders in your VMs.

Satnav hacking - [Larry] - This is what happens when you take data, unauthenticated form unknown sources :-)

Other Stories of Interest

RSnake Interviews a Social Networking Site Phisher - [Joe] - Interesting to hear it from the horses mouth on how easy and profitable phishing myspace usahs really is

Remove your Phone Number from Google Search - [Joe] - Quick how-to on how to remove your phone # from google's phonebook