Original Article: http://sunbeltblog.blogspot.com/2008/09/how-to-make-notepadexe-malicious-file.html Archive.org Saved Page Alex Eckelberry over at Sunbelt got an itch to see which virus vendors were just using packer signatures instead of emulating the defaltion process and detecting the virus inside. This is a shortcut that can yield false positives such as demonstarted in Alex’s experiment, but is done due to the overhead such an undertaking would introduce, I assume, to the client software. I bring this up here because I recently conducted a somewhat similar test, although I admittedly know very little about packers.
Just like it’s LOVELY auto download feature, Google Chrome slipped in a new version. I was testing out some of the latest and greatest posts of exploits for .27 and they were failing to work. Checked my version and low and behold a new version number was displayed. I didn’t upgrade, all done automagically. (Evilgrade anyone?) I wonder what will pop on this new version.
For some reason LinkedIn has become unavailable: Earlier when going to LinkedIn, I was greeted by a wizard saying that they will performing upgrades tonight. I guess they didn’t go as wel as planned. As a security addict though, I always have that sinking feeling when a server is down. Especially one that has personal information about so many people. Hope it’s nothing Fear it’s bad It’s nothing WINS!
As you may have heard me rant and rave about a special USB stick that downloads contact, messaging, and other information from phones just by plugging them in on Episode 5 of Securabit or read about it via an earlier posting on my blog (Crazed Bovine Traversal). A company called Paraben Corporation went out and made it (Motorola and Samsung support only so far) I first learned about it via CNet’s report “CSI Stick grabs data from cell phones” and you can find it directly on http://csistick.
So there is already an exploit: http://blogs.zdnet.com/security/?p=1843 There are naysayers: http://www.tgdaily.com/content/view/39154/108/ And then there is the truth: http://www.stillsecureafteralltheseyears.com/ashimmy/2008/09/sucking-the-chr.html I like the design of the tabs and address bar, but I can do that with a theme in firefox. I want my add-ons, even with the memory problems. Chrome is great for Mom and Pap, but for “Internet Power Users” it falls lightyears short on features. So where is the brass tax?
**EDIT: I got to talk about this DVD on the latest episode of **Securabit** (**Episode 9) Edit 2: There is a cool new Live DVD by the guys at Sun Tzu Data. (Click here for post) NERV-LABS subsidiary Badfoo.net has released quite the awesome DVD. Now, the lucky few of you who have suffered through my constant microsoft-bashing linux evangelism alright have heard about all the Multiboot LiveDVDs out there. Until now, they have all been booting various generic Linux distro.
Originally posted to the Zero Day blog on Ziff Davis: http://blogs.zdnet.com/security/?p=1735 This article was also referenced in a Dark Reading blog post by John Sawyer: http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=162049 All updates will reside here as I have no control over the article on Ziff Davis. DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique.
So, just monitoring twitter for Defcon tweets and came across this one: Matthewneely status update 878833018 Screencap: Link to video: HERE So what is cool about this tool? It generates an SQL injection that skirts the 64k size limit using MS Debugger on the victim end. And of course the DEFCON 16 via Wired Mag (Artcile)
I recently was Stumbling and happened across the following video. Now, when people use StumbleUpon they are usually bored and aren’t really contributing to the world as we know it. It strikes me as ironic that I found and watched a video like this, via StumbleUpon. I promise, it is well worth the fraction of a wikipedia project cycle you will utilize on it. My favorite quote out of the whole deal: “Media that is made for you, but does not include you, is not worth sitting still for”
This may not be safe for work, but it’s your call as everyone in my office got quite the kick out of it. Definitely not security related, and loosely tech related (twitter’s use from a mobile). Proceed with caution.