Black Friday Edition
- Another 0-day IE exploit has been released, no patch yet, but M$ has acknowledged it
- Paul put up the Frsirt version of a working POC that starts calc.exe
- Use Firefox, or go straight to the bleeding edge with Flock, integrates bookmarks and blogging to the web browser
- Check out Paul’s Asparagus recipe collection
- Sony Bashing Round 3, Amazon calls them “Defective”, $SYS$ T-Shirts, Sony has ninjas, Tape can bypass DRM, M$ Anti-Spyware will remove, Create canary file called “$sys$[something].txt” and if it goes away you have the Sony Rootkit (I call mine “$SYS$F-Sony.txt”)
- Xbox360, crashing, Get metal sticks to hack
- Richard Stallman gets in trouble for wearing tin foil hats
- Lexus IS pedal sequence disables traction control
- M$ has a new security tool called “Windows Live Safety Center“. Tells you about things like open ports, hard drive defrag notification, email us with feedback if you’ve used this tool
- New SANS Top 20 released this week
- TAOSecurity Blog, Good and Bad about the sans top 20, new book available at amazon called “Extrusion Detection”, Security Awareness training not effective?
- Shadow Crew busted and pleaded guilty
- Exploiting the stack series from Security Compass
- To kill or not to kill…a pix, Remote DoS Vulnerability, Exploit Available, Workarounds available
- OSSRC, (“Open Source Snort Rules Consortium”) created to make snort rules better
- Symantec to stop selling LC5 outside US, use Cain instead
- Twofish rumored to be crackable
- Sign up for Schmoocon 2006 (“Bow To My Firewall“)
- Tool Of The Week – John the Ripper – Password cracking tool, run the auto on debian install for Debian auto account audit, and use the something option to generate really good password dictionaries (“-rules” option).
- Wireless word of the week – EAP-TTLS (Extensible Authentication Protocol – Tunnel Transport Layer Security) – Requires only a server certificate, uses SSL tunnel for encryption, works with OS X built-in client, Windows client available called SecureW2, CIsco ACS is bad
Direct Download Link
(Bandwidth provided by OSHEAN, they’re the opposite of Sony and IE)

New Album Art:

About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.