Our second podcast at the internet storm center should be available tomorrow, we recorded the second portion of it tonight, and I am sitting here listening to it to make sure it sounds nice and clean, so we should have it up on iTunes tomorrow. I need to get a pop blocker for my mic, I have a couple red peaks in this record... Here's the link were you can subscribe.
Subscribe in a reader
17 comments:
Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?
Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.
your podcast only comes in iTunes?
Damn!
we're using Linux, seems like we're not welcomed ;-)
Its available from the isc directly on the XML link. Take a look at http://isc.sans.org today for the article I wrote that has the link. I am on my iPhone so I don't have the link right now.
Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?
Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?
Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.
Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.
your podcast only comes in iTunes?Damn!we're using Linux, seems like we're not welcomed ;-)
your podcast only comes in iTunes?Damn!we're using Linux, seems like we're not welcomed ;-)
I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.
I never asked them how they did it. Just said invalid file format
Its available from the isc directly on the XML link. Take a look at http://isc.sans.org today for the article I wrote that has the link. I am on my iPhone so I don't have the link right now.
I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.I never asked them how they did it. Just said invalid file format
I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.I never asked them how they did it. Just said invalid file format
Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.
Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.
Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.
Post a Comment