Robert Hensing's Blog

Software Security . . . and stuff.

Blogging from Bluehat V6 . . .

Blogging from Bluehat V6 . . .

  • Comments 2
  • Likes

So I'm in the speakers lounge and so far today we've had MarkRuss talk at some length about what are and are not considered 'security boundaries' in Windows.  For example, user sessions are a security boundary.  Virtual Machines are a security boundary.  Various 'Defense in Depth' technologies like UAC, IEPM (protected mode), session 0 service isolation, KMCS and PatchGuard are not.  It was a great talk as usual.  Now I'm watching Roberto Preatoni (WabiSabiLabi - aka 'zero bay') explain to us why he thinks his "security marketplace" is such a great thing . . . next Kaminsky is going to do a talk on DNS which should be highly entertaining - Dan's a great speaker.

Here are some security related things going on today that I find interesting.

  1. Google vulns including a nasty Gmail one: http://blogs.zdnet.com/security/?p=539
  2. Apple vulns added to Metasploit (i.e. iPhone modules): http://www.darkreading.com/document.asp?doc_id=134869&f_src=darkreading_section_296 - note that it sounds like H.D. has some 0-days for the iPhone. :)
    Wow - Apple just released their most recent update for the iPhone fixing 10 CVEs: http://docs.info.apple.com/article.html?artnum=306586  What's interesting about the iPhone is that people don't seem to realize they are carrying OSX running as root in their pocket.
  3. VMWare vulns announced: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html (I counted 20 CVE's being announced / fixed in that update - holy crap!).

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment