Taking Care of The BAD Stuff, again!

Taking Care of The BAD Stuff, again!

=================================================

Security Now 223: The Trouble With SSL

=================================================

Get The MP3 PodCast Here:

Link: http://www.twit.tv/sn


Link to Shownotes: http://wiki.twit.tv/wiki/Security_Now_223

=================================================

Steve (Steve Gibson: Security Now!) Warns Us About:

07:23 - 13:54

* Their is a problem with the embedded open type fonts, EOT fonts in Windows
* It's a font-parsing bug which allows remote code execution that is also a kernel bug
* So its a buffer overflow in the Kernel
* It is expected this exploit will no be detected by many anti virus products as it can come in

encrypted
* You can fall victim to this exploit just by loading a malicious webpage

13:55 - 15:32

* The exploit that is being used against jailbroken iPhones is now stealing data from the users

phones
* If you have a jailbroken iPhone you need to change the SSH password

15:33 - 18:17

* There's a recently acknowledged by Microsoft zero-day problem with Windows 7 and Server

2008 Release 2.
* This is another problem with Server Message Blocks, the SMB protocol.
* Microsoft is suggesting people block ports 139 and 445

18:18 - 20:54

* Another reason Steve does not like port knocking is:
o It is susceptible to a Denial of Service attack where a person sends random packets to

your IP address and causes the port knocking sequence to never be completed

=================================================

=================================================

Hack-in-the-Box and Anit-Virus Suites:

Link: http://www.hackinthebox.org/index.php?name=News&file=article&sid=33994

=================================================