IE Exploit, Silk Road Ruined, and NSA Tor Hacks
Better late than never.
This week’s regular Friday InfoSec video includes the latest on the Internet Explorer (IE) vulnerability, a warning to Adobe customers about a data breach, news of a popular Tor site takedown, and the latest NSA and Snowden leak. Watch the video below for details, and check out the Reference section for links to more interesting news.
Have a great weekend!
(Episode Runtime: 8:54)
Direct YouTube Link: http://www.youtube.com/watch?v=rtPtQU76-ak
Episode References:
- Software Updates
- Get ready for Microsoft Patch Day – WGSC
- Adobe to release Reader update – Adobe
- Latest Chrome update fixes 50 flaws – Chrome Releases
- Many attackers exploiting IE 0day – The Register
- Rapid 7 release IE 0day Metasploit exploit – Rapid 7
- Adobe warns of their major network breach; 2.9mil records stolen – Adobe
- Authorities takedown the Silk Road marketplace – Vice
- How the FBI found the “Dread Pirate Roberts” – Daily Dot
- Proxy.sh sniffs clear text customer traffic – Torrent Freak
- How NSA hacks Tor users – The Guardian
- NSA slides about Tor hacking – The Guardian
- Schneier’s OpEd on NSA attacks to Internet security – The Guardian
- Glenn Greenwald does Reddit AMA – Reddit
Extras:
- 100Gb DDoS relies only on botnets, not recursion attacks – eWeek
- 16yr old arrested for SpamHaus DDoS – The Hacker News
- Watch out for malicious Twitter DMs – CNET
- Symantec sinkholes part of ZeroAccess botnet – CSO Online
- Imprisoned ex-QWEST CEO feels validated by Snowden leaks – Washington Post
- NSA did try to claim Lavabit’s private keys – Wired
— Corey Nachreiner, CISSP (@SecAdept)
First of all – my congratulations to Feds about closing Silk Road (drug dealers Tor-based network). Nice work. Speaking about IESetMouseCapture Use-After-Free o-day should notice unusual mechanism, or trick, which allows to bypass DEP and ASLR (even space randomization!) functions with loading hxds.dll (MS Office) in IE, and allow arbitrary code execution…
I will immediately snatch your rss as I can not in finding your
e-mail subscription hyperlink or e-newsletter service.
Do you’ve any? Please permit me recognize in order that I may just subscribe.
Thanks.
Can I simply say what a comfort to discover someone that really knows what they’re discussing on the internet.
You actually understand how to bring an issue to light and make it important.
More people need to check this out and understand this side of the story.
I can’t believe you aren’t more popular because you definitely possess the gift.
This paragraph will help the internet viewers for creating new web site or even a blog from start to end.