Dailydave mailing list archives
Huahine Boys
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 17 Jan 2008 11:33:26 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm back from pow-wowing with the Huahine Boys and among other things, preparing to give the second day keynote ("The Hacker Strategy") at the S4 conference here in Miami on SCADA security [1]. Steve Lipner is giving the first day's keynote, so you'll get both sides of the story if you sign up for the "Virtual Attendee" ticket (or if you show up in person - I think there are a couple seats left if you hurry). I see that Alex Wheeler and Ryan Smith have delivered a late Christmas present with the first remote vulnerability on XP SP2 and Vista. ISS's Holly Stewart has an interesting blog on it today as well talking about some of the potential problems with IPS and this kind of bug[2]. Microsoft makes triggering the issue sound a bit harder than it actually is in their weblog posting [3]. You'll be able to trigger it every time, especially on a local LAN. This vulnerability may or may not have anything to do with the Vista bug in the screenshot at the end of Justine's 0days presentation [4]. :> I do think this vulnerability is going to be one of the biggest of 2008 - but this is possibly due to the vulnerability marketplace sucking the air out of the publicly released vulnerabilities. Very rarely does anyone go deep sea fishing and talk about it any more. - -dave [1] http://www.digitalbond.com/wp-content/uploads/2007/10/S4_2008_Agenda.pdf [2] http://blogs.iss.net/archive/howtoprotectMS08-001.html [3] http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx """ The attacker can run their attack non-stop, and eventually they will be lucky enough to have the timer fire with the appropriate conditions to trigger the vulnerability. However, they don’t know for sure how many packets to send, or what will be in the buffer when they trigger the vulnerability. """ (The PoC in the CANVAS Early Updates program will challenge that assumption a bit.) [4] http://www.immunityinc.com/downloads/0day_IPO.odp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHj4NPB8JNm+PA+iURAtx1AJ9MJnEvkGN7L3fyCiBq1YEqsVjXYwCg0wdx bXBkhY+ol0OWHYwtuUlaaHc= =o0bF -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Huahine Boys Dave Aitel (Jan 17)