Snort-2.9.4 has been released

Recent SSH vulnerabilities

Published: 2012-12-03
Last Updated: 2012-12-03 21:34:23 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Exploit code for two different implementations of SSH were made public yesterday.  Tectia SSH (www.ssh.com) a commercial solution and freeSSH/freeFTP.  I currently do not see any public announcements from the vendor, nor any CVEs for tracking.

More to come on this.

Keywords: ssh vulnerabilities
0 comment(s)

John McAfee Exposes His Location in Photo About His Being on Run

Published: 2012-12-03
Last Updated: 2012-12-03 21:29:41 UTC
by John Bambenek (Version: 2)
2 comment(s)

Generally speaking, if you're on the run from the authorities over a homicide, you're probably best laying low and not making too much noise.  Sure, there is a case for trolling "the man", but it usually comes back to haunt you.

Take the case of John McAfee who is currently on the run.  A journalist for a shady website involving narcotics is apparently spending some time with him while he's on the run.  It put up a post with a picture with John and the Editor-in-chief of said publication.  (You can find it without too much effort, but it's NSFW).

Well, if you download the picture and use any of the standard tools to get metadata (I use exiftool), it happily reports not only the make and model of the camera, but the GPS coordinates of where the picture was taken (today).  We can say that, yes, John McAfee is apparently no longer in Belize. ;)

A humorous post to point out something many of us don't realize, our smartphones and devices are increasingly location-aware and that information makes it into the media that those devices create.

UPDATE: The website with the original image has replaced it with images that do not have GPS coordinates in them.

See earlier SANS ISC posts on EXIF/location information:

Twitpic, EXIF and GPS: I Know Where You Did it Last Summer

Snipping Leaks

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

2 comment(s)

Mobile Malware: Request for Field Reports

Published: 2012-12-03
Last Updated: 2012-12-03 16:15:04 UTC
by Kevin Liston (Version: 1)
8 comment(s)

At my last two speaking engagements, I asked a simple question: "'Have you, or anyone you know been infected with malware on you smartphone?"  So far, no one has raised their hand.

I'd like to ask the same question here, since there's a much wider audience of people who have the skills/instinct to notice such an infection.

If you, or someone you know (no friend of a friend reports, please) have witnessed a mobile malware infection in the wild please leave a comment below or send in a report via our contact page.

Keywords: malware mobile
8 comment(s)
ISC StormCast for Monday, December 3rd 2012 http://isc.sans.edu/podcastdetail.html?id=2977

Comments


Diary Archives