Säkerhetspodcasten avs.111 - Jul 2017
Lyssna
Innehåll
I dagens avsnitt firar panelen jul med lite bra tips inför helgerna. Vi diskuterar även gamla attacker som blivit nya igen (och fått en logotyp), konstaterar att Amazon Key var en dålig idé och hastar oss igenom en snygg sårbarhetskedja i Palo Alto-prylar.
Inspelat: 2017-12-14. Längd: 00:54:31.
Länkar
ROBOT ATTACK
Return of Bleichenbacher's Oracle Threat - ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
Amazon Key
https://boingboing.net/2017/11/16/dont-use-amazon-key.html
Hackers can freeze the camera that lets you know whether your “Amazon Key” equipped door is locked and who is using it.
Palo Alto Networks firewalls remote root code execution
http://seclists.org/fulldisclosure/2017/Dec/38
Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.5 and earlier.