Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-05-07 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 38566, Update to Firefox weakness, Packetfoo site launched!

Published: 2006-05-07
Last Updated: 2006-05-08 00:21:25 UTC
by Mike Poor (Version: 1)
0 comment(s)
 Lots of scanning on port 38566

http://isc.sans.org/port_details.php?port=38566

Shows a very large number of records and sources, and a small set of targets.  

Its is currently #1 in the Dshield Ports list:

http://www.dshield.org/topports.php


Update to Firefox vulnerability posted  earlier

http://secunia.com/advisories/19698/

This particular vulnerability could be exploited by a malicious web site, enabling the remote site to open and view content of local files.  This is enabled by the site tricking the user into right-clicking (alt-clicking) and choosing the "view image" on a broken image link.  The malicious site links to a file on your machine, which then exposes the file.


Packetfoo launched

Many of us have been wanting packet capture file archives for a while.  Richard Beijtlich started a project called OpenPacket.org and I startedPacketfoo.  I have talked to Richard briefly about collaborating, and Im sure we will further that as the projects grow.  Ill be setting up the charter, and putting up files as the days go by.  Any support would be  appreciated.

domo arigato gozaimas,

Mike Poor
Handler on Duty
Intelguardians
Keywords:
0 comment(s)

New Firefox Vulnerability(?)

Published: 2006-05-07
Last Updated: 2006-05-07 01:24:42 UTC
by Tony Carothers (Version: 1)
0 comment(s)

Today on Bugtraq a message was posted that listed a possible vulnerability in Firefox 1.5.0.3.  Several attempts by various Handlers were unable to determine that a new vulnerability actually exists.  The link posted to Bugtraq took us to a web page that was purported to run the exploit, which did not appear to work.  Stay tuned for further details.

The "exploit" appears to be a simple link to an audio file (claims to be an image). If you, as instructed by the exploit page, open the "image", you will launch your media player and load a local .wav file. Nothing actually "bad" about that as far as we can tell, so this is probably just a joke to point out some of the social engineering aspects of hyperlinked media.


Keywords:
0 comment(s)
Diary Archives