SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 24th 2017

#IPv6 Fragments; #Apple Updates Everything; #WebEx Backdoor

00:00

My Next Class

Help us make this podcast better by participating in a simple two question survey

Experimenting With IPv6 Fragments
https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/

Apple Updates Everything
https://support.apple.com/en-us/HT201222

WebEx Secret Install URL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096

Vulnerability in Symantec Norton Download Manager
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00

Exploit for Microsoft RDC Client on Mac
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

iTunes

MP3 Download

RSS Feed

Google

Stitcher

Podbean

Amazon Echo

YouTube

Spreaker

iOS App

Spotify

Discussion

Looked at the Chromium site for the WebEx bug and the status shows fixed. When I listened to the show this morning, it was reported as still a bug. What's up?

Also, is IE or Safari a problem? I would suspect it is, but would like to know if anyone has confirmed.

Posted by EricC on Tue Jan 24 2017, 15:55

It was fixed after the podcast was recorded. When I recorded the podcast, version 1.0.3 had been released, which included an incomplete fix. I believe the latest version is not 1.0.5 which does fix the problem. (but then again, maybe they will update it again after I hit submit)

as far as other browsers go: there is a chance that they are vulnerable too, but Google only looked into the Chrome plugin.

Posted by Johannes on Tue Jan 24 2017, 16:07

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Top of page