Daily Digs – 08.31.2009
It's Monday and, unfortunately, that means August 2009 is almost behind us. That means, for many, back to school and the end of summer. If only I was that lucky! It's this time of year that the cool air and soon-to-be-colorful trees remind me of those days gone by of college campus life. Enjoy it while you can you youngins! On to the digs...
Uh oh! Microsoft and the Linux kernel today faced exploit code being posted to milw0rm. Although the Microsoft vuln is, obviously, getting much more attention do your due diligence to check both out. The Microsoft exploit affects IIS5.0/6.0 and is a remote overflow while the Linux sploit code is the local NULL pointer dereference we've seen talked about more recently. Get 'em while they're hot!
[Linux Kernel sock_sendpage()]
[Microsoft 5.0/6.0 FTPd Remote Root]
ThreatChaos is claiming Cisco better be watching their back due to a new integrated platform 3COM has just unveiled. Basically the claim is that routing platforms are, and have been, a commodity for years now and that integrating security functionality (not sure how firewall functionality is "new" here since all of the features listed are, and have been in high-end firewall platforms for a considerable time now) will be the new defacto standard.
[Watch out Cisco]
MacPorts, today, get's a significant point release. 1.8.0 is out on the table now with disk images out for Snow Leopard if you've done a clean install over the weekend (I did).
[MacPorts 1.8.0 Released]
The TrendLabs Malware Blog has a good rundown of info around the trojan that's targeting Skype users. The trojan hooks the send and receive APIs so that the voice conversations can be saved before any encryption is applied. Trend says the trojan looks to be rather tame now with regards to the fact that it's not actively sending data out today, but that doesn't mean it won't in the future either.
[Trojan Targets Skype Users]
Now I'm not a big fan of SolarWinds utilities to begin with. Sure, over the years I've used some of their utilities but when it takes multiple megs of proprietary code to install a TFTP server one has to wonder what's really packed in there. The products themselves are rather underwhelming and there's far better free alternatives available. But, if you'd like to mess with that coworker that is all about SolarWinds tools tell him/her to spin up the TFTP server for you to DoS. The PoC code is there in the links as well.
[SolarWinds TFTP Server DoS]
Saint 7.1.1 was released today with some handy new features and vulnerability checks. Check out the Security Database Tools site for the rundown.
[Saint 7.1.1 Released]
Could that medical imaging procedure you just had pose a serious risk to your long-term health? CNET has published that 2% of all cancers could be attributed to radiation during CT scans alone. Scary stuff. So should more disclosure be required to help patients make a more informed decision?
[Medical-Imaging Procedures Always Worth the Risk]
The SSA is supposedly testing Microsofts HealthVault (their online health record service). It's one thing for a particular hospital or clinic to do this, because then I can avoid them at all costs. The SSA on the other hand, not very avoidable. Who's making these decisions?
[SSA Testing Microsoft HealthVault]
When in doubt, reformat. An interesting and, rather non-technical and unscientific, reasoning behind the motto. Interesting for the perspective alone from a typical end user. I got the chills when reading the part about IE 6.
[When in Doubt, Reformat]
So is the Conficker worm sitting dormant until an opportune time? John Markoff has a slightly FUDish piece up that describes the "rogue software" as a ghost ship. Maybe it was written by the Chinese government to see how far it could infect machines deep within the confines of the Pentagon? But maybe our own government is behind it... What do YOU think?
[Conficker Waiting to Strike]
And that's all for the commentary tonight boys and girls. Here's some links that are news noteworthy as well!
-windexh8er
[Best Definition Ever]
[Security Solution for Craigslist]
[St. Luke Worker Accused of Stealing CC]
[Bill Tones Down Power to Shut Web]
[Trend Launches New Security Tracking Tool]
Daily Digs – 08.13.2009
Ohhh we were so close to a Friday the 13th. Some of the stories for today may have been better served by that date / day combination. I suppose it felt like it for Robert Carr (CEO of Heartland) though as Mogull laid the open-letter-smackdown fo' sho'. All in all it's been an interesting day with some great news so let's get to the digs!
First up is an interesting analogy of cracks to Microsoft. The "dorky tale" can be had over at EvilFingers and is, well, lighthearted in nature.
[Patching the Patches]
It seems to me as if Firewire is always ripe with authentication bypass flaws. Help Net Security has a paper that you can download to read all about it. What OS are we talking about here? None other than the shiny new Windows 7.
[Firewire Based Physical Security Attacks]
There's not a whole lot to say about this one because Rich Mogull said most of it already. If you haven't already read the open letter to Robert Carr you'll want to.
[An Open Letter to Robert Carr]
From the are-you-completely-stupid-bin we pull out the misunderstandings of non-technical government officials. This time, however, the stupid policies being pushed aren't originating out of DC! Belgium wants to keep all email traffic for two years. Supposedly this will help in some way, shape, or form to combat criminal activity. Because, there's not fabulous free encryption out there or anything.
[Belgium Would Like to Track Your Email for Two Years?]
I'm jealous. Joel Esler was raving about the SourceFire Exploit Development class today. He makes the comment about those typical classes where 80% of the content is rather trivial and the other 20% you could have figured out anyway and how this class is not that type. Again, I'm jealous and might actually take this class later this year if I can swing the time off in December. Thanks Joel!
[SourceFire's Exploit Development Class]
Think you know enough about ERP, dB, gain, etc. with regards to 802.11 antennas? Well, then you probably haven't a clue on the changes in 802.11n antennas. There's a great article on SearchNetworking today with links to a few other antenna references.
[Understanding 802.11n Wireless Antennas]
Your organization still running IE6? That's too bad, maybe you should inject some code into the front page of their site displaying your disgrace for the browser that just won't die (but kills machines).
[IE 6 No More!]
Oh, joy -- pretty much every Linux kernel running on the planet is broken, and can allow remote exploitability. Yes, pretty much every kernel since early 2001. This will be a great exploit for time to come!
[Bug Exposes 8 Years of Linux Kernel]
We leave you this week with some great key size explanation by Luther Martin of Voltage. If I could sum it up as well as his post was written I'd do just that, but it's easier for you to read his explanation.
[Comparing Key Sizes]
Have a great weekend everyone! We'll be in touch with some of the things we talked about earlier in the week.
--windexh8er
Tags
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Random Musings
Twitter: windexh8er
- Zoom whitening - more painful than expected but white white teeth!
- Inception in VIP at Showplace Icon FTW to celebrate resignation! Wooo hooo!
- Coke has hybrid electric delivery trucks, interesting. http://twitpic.com/27usw6
- Mog vs Rdio, the battle for my $10/month... (Mog is now on Android)
- Wow... TrueCrypt 7 benchmarks at 1GB/sec encrypt and decrypt on the i7 in the MBP. Too bad FileVault doesn't use AES-NI. :(