tag:blogger.com,1999:blog-10259481.post6818578326600623417..comments2023-10-30T09:25:19.881-05:00Comments on Joel Esler: Podcast Episode 2 available tomorrowJoel Eslerhttp://www.blogger.com/profile/05018134738510159518noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-10259481.post-11875252698135201302008-04-09T09:58:00.000-05:002008-04-09T09:58:00.000-05:00Joel, Great job on the podcast. This is the first ...Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-25941240875812567362008-04-09T10:03:00.000-05:002008-04-09T10:03:00.000-05:00Good question. I am not sure how wikipedia blocks...Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.Joel Eslernoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-84608409323377279922008-04-09T13:03:00.000-05:002008-04-09T13:03:00.000-05:00your podcast only comes in iTunes?Damn!we're u...your podcast only comes in iTunes?<br><br>Damn!<br><br>we're using Linux, seems like we're not welcomed ;-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-36187870547355065542008-04-09T13:57:00.000-05:002008-04-09T13:57:00.000-05:00Its available from the isc directly on the XML lin...Its available from the isc directly on the XML link. Take a look at http://isc.sans.org today for the article I wrote that has the link. I am on my iPhone so I don't have the link right now.Joel Eslernoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-10683018246001296572008-04-09T18:19:00.000-05:002008-04-09T18:19:00.000-05:00I tested WMF bugs to see if I could upload an infe...I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.<br><br>I never asked them how they did it. Just said invalid file formatJohn C. A. Bambeneknoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-42658717690751058932008-04-15T10:38:00.000-05:002008-04-15T10:38:00.000-05:00Well we definitely have the answer to my original ...Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-12023496019640083562008-04-15T15:38:00.001-05:002008-04-15T15:38:00.001-05:00Well we definitely have the answer to my original ...Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-18068038445149744622008-04-09T23:19:00.001-05:002008-04-09T23:19:00.001-05:00I tested WMF bugs to see if I could upload an infe...I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.I never asked them how they did it. Just said invalid file formatJohn C. A. Bambenekhttp://www.parttimepundit.com/noreply@blogger.comtag:blogger.com,1999:blog-10259481.post-85130264554731741912008-04-09T18:57:00.001-05:002008-04-09T18:57:00.001-05:00Its available from the isc directly on the XML lin...Its available from the isc directly on the XML link. Take a look at http://isc.sans.org today for the article I wrote that has the link. I am on my iPhone so I don't have the link right now.Joel Eslerhttp://www.blogger.com/profile/05018134738510159518noreply@blogger.comtag:blogger.com,1999:blog-10259481.post-77349524827711024332008-04-09T18:03:00.001-05:002008-04-09T18:03:00.001-05:00your podcast only comes in iTunes?Damn!we're u...your podcast only comes in iTunes?Damn!we're using Linux, seems like we're not welcomed ;-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-76971570440403040742008-04-09T15:03:00.001-05:002008-04-09T15:03:00.001-05:00Good question. I am not sure how wikipedia blocks...Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.Joel Eslerhttp://www.blogger.com/profile/05018134738510159518noreply@blogger.comtag:blogger.com,1999:blog-10259481.post-79900770741053723252008-04-09T14:58:00.001-05:002008-04-09T14:58:00.001-05:00Joel, Great job on the podcast. This is the first ...Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-63358994109945239562008-04-09T14:58:00.000-05:002008-04-09T14:58:00.000-05:00Joel, Great job on the podcast. This is the first ...Joel, Great job on the podcast. This is the first one of yours that I had the opportunity to listen. I had one question on the comments on MS08-021. You guys mentioned replacing the picture of George Bush on Wikipedia as an exploitation mechanism but they block EMF and WMF. My question is would it matter? Is it true that often with image files you could rename the extension and based on metadata or something in the file, the appropriate program would process the image file anyway?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-15981940616840380422008-04-09T15:03:00.000-05:002008-04-09T15:03:00.000-05:00Good question. I am not sure how wikipedia blocks...Good question. I am not sure how wikipedia blocks. If it blocks by extension or file type. Let me get John and see if he has an answer for you.Joel Eslernoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-44795653589442320942008-04-09T18:03:00.000-05:002008-04-09T18:03:00.000-05:00your podcast only comes in iTunes?Damn!we're u...your podcast only comes in iTunes?Damn!we're using Linux, seems like we're not welcomed ;-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-41744824808314723202008-04-09T23:19:00.000-05:002008-04-09T23:19:00.000-05:00I tested WMF bugs to see if I could upload an infe...I tested WMF bugs to see if I could upload an infected image to wikipedia when it WMF first came out. All I know is wikipedia denied the upload. They may have scanned it with AV, not sure, but I couldn't send a token infected image to wikipedia when I tested.I never asked them how they did it. Just said invalid file formatJohn C. A. Bambeneknoreply@blogger.comtag:blogger.com,1999:blog-10259481.post-75630307304794460432008-04-15T15:38:00.000-05:002008-04-15T15:38:00.000-05:00Well we definitely have the answer to my original ...Well we definitely have the answer to my original question :) The current exploit for 021 is disguised as a JPG extension when it really is a EMF. So file extension blocking will not help much.Anonymousnoreply@blogger.com