Taking Care of The BAD Stuff, again!
Security Now 223: The Trouble With SSL
Get The MP3 PodCast Here:
Link to Shownotes: http://wiki.twit.tv/wiki/Security_Now_223
Steve (Steve Gibson: Security Now!) Warns Us About:
07:23 - 13:54
* Their is a problem with the embedded open type fonts, EOT fonts in Windows
* It's a font-parsing bug which allows remote code execution that is also a kernel bug
* So its a buffer overflow in the Kernel
* It is expected this exploit will no be detected by many anti virus products as it can come in
* You can fall victim to this exploit just by loading a malicious webpage
13:55 - 15:32
* The exploit that is being used against jailbroken iPhones is now stealing data from the users
* If you have a jailbroken iPhone you need to change the SSH password
15:33 - 18:17
* There's a recently acknowledged by Microsoft zero-day problem with Windows 7 and Server
2008 Release 2.
* This is another problem with Server Message Blocks, the SMB protocol.
* Microsoft is suggesting people block ports 139 and 445
18:18 - 20:54
* Another reason Steve does not like port knocking is:
o It is susceptible to a Denial of Service attack where a person sends random packets to
your IP address and causes the port knocking sequence to never be completed
Hack-in-the-Box and Anit-Virus Suites: