Pages

Tuesday, April 8

Podcast Episode 2 available tomorrow

Our second podcast at the internet storm center should be available tomorrow, we recorded the second portion of it tonight, and I am sitting here listening to it to make sure it sounds nice and clean, so we should have it up on iTunes tomorrow.  I need to get a pop blocker for my mic, I have a couple red peaks in this record...  Here's the link were you can subscribe.

 Subscribe in a reader

17 comments:

Anonymous said...

Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?

Joel Esler said...

Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.

Anonymous said...

your podcast only comes in iTunes?

Damn!

we're using Linux, seems like we're not welcomed ;-)

Joel Esler said...

Its available from the isc directly on the XML link. Take a look at http://isc.sans.org today for the article I wrote that has the link. I am on my iPhone so I don't have the link right now.

Anonymous said...

Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?

Anonymous said...

Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?

Joel Esler said...

Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.

Joel Esler said...

Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.

Anonymous said...

your podcast only comes in iTunes?Damn!we're using Linux, seems like we're not welcomed ;-)

Anonymous said...

your podcast only comes in iTunes?Damn!we're using Linux, seems like we're not welcomed ;-)

John C. A. Bambenek said...

I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.

I never asked them how they did it. Just said invalid file format

Joel Esler said...

Its available from the isc directly on the XML link. Take a look at http://isc.sans.org today for the article I wrote that has the link. I am on my iPhone so I don't have the link right now.

John C. A. Bambenek said...

I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.I never asked them how they did it. Just said invalid file format

John C. A. Bambenek said...

I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.I never asked them how they did it. Just said invalid file format

Anonymous said...

Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.

Anonymous said...

Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.

Anonymous said...

Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.