Home page logo
/

dailydave logo Dailydave mailing list archives

Huahine Boys
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 17 Jan 2008 11:33:26 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm back from pow-wowing with the Huahine Boys and among other things,
preparing to give the second day keynote ("The Hacker Strategy") at
the S4 conference here in Miami on SCADA security [1]. Steve Lipner is
giving the first day's keynote, so you'll get both sides of the story
if you sign up for the "Virtual Attendee" ticket (or if you show up in
person - I think there are a couple seats left if you hurry).

I see that Alex Wheeler and Ryan Smith have delivered a late Christmas
present with the first remote vulnerability on XP SP2 and Vista. ISS's
Holly Stewart has an interesting blog on it today as well talking
about some of the potential problems with IPS and this kind of bug[2].
Microsoft makes triggering the issue sound a bit harder than it
actually is in their weblog posting [3]. You'll be able to trigger it
every time, especially on a local LAN. This vulnerability may or may
not have anything to do with the Vista bug in the screenshot at the
end of Justine's 0days presentation [4]. :>

I do think this vulnerability is going to be one of the biggest of
2008 - but this is possibly due to the vulnerability marketplace
sucking the air out of the publicly released vulnerabilities. Very
rarely does anyone go deep sea fishing and talk about it any more.

- -dave

[1]
http://www.digitalbond.com/wp-content/uploads/2007/10/S4_2008_Agenda.pdf
[2]
http://blogs.iss.net/archive/howtoprotectMS08-001.html
[3]
http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx
"""
The attacker can run their attack non-stop, and eventually they will
be lucky enough to have the timer fire with the appropriate conditions
to trigger the vulnerability. However, they don’t know for sure how
many packets to send, or what will be in the buffer when they trigger
the vulnerability.
"""
(The PoC in the CANVAS Early Updates program will challenge that
assumption a bit.)
[4]
http://www.immunityinc.com/downloads/0day_IPO.odp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHj4NPB8JNm+PA+iURAtx1AJ9MJnEvkGN7L3fyCiBq1YEqsVjXYwCg0wdx
bXBkhY+ol0OWHYwtuUlaaHc=
=o0bF
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Huahine Boys Dave Aitel (Jan 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]