I’m back home after my NSM presentation in Ottawa only to find out that I’m heading to Houston, TX on Sunday for a few days.

Here’s the list:

Find vulnerable Windows wireless drivers – Maybe it’s a good time to audit your own laptop 🙂

As more and more businesses move from legacy wireless security models, attackers are looking for new techniques to exploit wireless networks. One technique that is rapidly gaining popularity is to exploit vulnerabilities in wireless network drivers.

Taxonomy of glitch and side channel attacks – Very interesting article.

There are a number of things to try when developing such attacks, depending on the device and countermeasures present. We’ll assume that the attacker has possession of several instances of the device and a moderate budget. This limits an attacker to non-invasive and slightly invasive methods.

Technitium Free MAC Address Changer v4.5 Released – Be on the lookout for a tool of this nature on your network.

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. Every NIC has an MAC address hard coded in its circuit by its manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Networks (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.

MPack, Packed Full of Badness – Nice piece of analysis in this article.

A nasty piece of malware was sent our way this weekend that we are detecting as Trojan.Mpkit!html and Downloader. This malware is yet another malware distribution and attack kit in the same vein as other kits, such as WebAttacker. This kit, called MPack, is a professionally written collection of PHP software components designed to be hosted and run from a PHP server with a database backend. It is sold by a Russian gang and comes ready to install on a PHP server, and it also comes complete with a collection of exploit modules to be used out of the box.

Snort Report 6 Posted – I’m looking forward to reading this whole report (probably some time this weekend when I have some time).

This is the first of two Snort Reports in which I address output options. Without output options, consultants and VARs can’t produce Snort data in a meaningful manner. Because output options vary widely, it’s important to understand the capabilities and limitations of different features. In this edition of Snort Report, I describe output options available from the command line and their equivalent options (if available) in the snort.conf file. I don’t discuss the Unix socket option (-A unsock or alert_unixsock). I will conclude with a description of logging directly to a MySQL database, which I don’t recommend but explain for completeness.