Kodak EasyShare Wireless Picture Frame RSS Feed is world readable

Published: 2010-01-05
Last Updated: 2010-01-05 21:53:54 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Garrett pointed us at this blog post: http://seattlewireless.net/~casey/?p=13 which discusses an interesting.... feature of the Kodack EasyShare Wireless Picture Frames. The frames use a site called FrameChannel to read an RSS feed consisting of anything you would like which is pulled down and then displayed. The catch is that the feeds are public and easily discoverable. At this point, when I looked through a handful of possible feeds it appears that they have nothing but the default images available, which suggests that it may have been taken offline at least for the moment. The comments for the post include a lovely example script for bruteforcing all possible URLs for the frames.

Keywords:
0 comment(s)

Report of Java Object Serialization exploit in use in web drive-by attacks

Published: 2010-01-05
Last Updated: 2010-01-05 21:46:24 UTC
by Toby Kohlenberg (Version: 1)
1 comment(s)

We've had a report (thanks Tom!) of a java applet exploiting CVE-2008-5353 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353) as part of a web drive-by attack. While PoC has been around for a long time for this, this is the first time I've heard of it being used in the wild for a general attack. If anyone else has seen this, we'd be interested to hear about it.

The applet is already being detected by some A/V packages according to VirusTotal: https://www.virustotal.com/analisis/d4f5bcc9acecb2f53a78313fc073563de9fc4f7045dd8123a23a08f926a3974d-1262270360

As we get more details on what it does, we'll update this entry with it.

UPDATE: Minnie Mouse was kind enough to write and let us know that exploits for this vuln apparently are available and included in the LuckySploit, Liberty and Fragus kits. In at least one case the exploit was a recent addition


Keywords:
1 comment(s)
New poll on handling PDF documents

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives