Hello, welcome to the Monday, August 20th, 2018 edition of the Sandcent, Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Stockholm, Germany.

Remko published a diary collecting some of the resources regarding the fragment smack attack.

And essentially just summarizing what we know

about this attack so far, I mentioned it last week. That's this denial of service attack in

recent versions of Linux that's triggered by IP fragments. You don't actually need to necessarily

apply the patch to protect yourself from this problem.

You can also just reduce some of the fragment buffers back to the values actually they had before this became an issue.

Then I have another item that actually may have belonged into last week's podcast, and that's

a faxploit.

That's an exploit that checkpoint found against a number of HP multifunction devices.

What was sort of neat different about it was that in order to exploit this vulnerability, you have to send

a fax to that device via a good old phone line.

Now, one of the reasons I didn't actually cover it last week was the checkpoint release about

this, used a lot of hype in it.

Yes, it's a problem.

Yes, in particular large companies still use faxes. A lot of small companies too, I know a lot of hype in it. Yes, it's a problem. Yes, in particular large companies still use faxes.

A lot of small companies, too. I know a lot of contractors and such construction contractors

use still faxes. But there's sort of another facet to this that a reader sort of alerted me to.

And that's that, yes, HP has released updates for these machines but

if you're not using Windows you probably have a hard time applying this patch the patch so far

has only been released as a Windows executable so to apply it from a Mac, you essentially need to somehow boot Windows,

...