3 patches – x bugs addressed affecting kernel, schannel, dns/wins other updates, msrt, defender...
Post on 19-Dec-2015
223 views
TRANSCRIPT
• 3 Patches – x bugs addressed
• Affecting Kernel, SChannel, DNS/WINS
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
• 3 Security Patches - 1 Critical, 2 Important– MS09-006 – Kernel (GDI via EMF or WMF image) , Remote
Execution– MS09-007 – SChannel, Allows Spoofing
“Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.”
– MS09-008 – DNS/WINS (WPAD and ISATAP registration), Allows Spoofing
Patch Tuesday
• Apple 2009-001– 55 fixes– Some reports of broken Perl
• Mac OS X xnu nel memory disclosure
• Telent FreeBSD 7.0– Exploit on milw0rm
• Yet another Adobe Reader bug– PoC on milw0rm
• …and Flash Player
• Gmail CSRF
• BlackBerry Activex component
• Opera / Winamp / Excel
Holes / Patches
Hacking • MS ponies up 250K confiker bounty
• Air Force claims tool can id “bad” torrents…mean while back at the ranch
• Maxwell AFB cuts external connection
• MS09-002 exploits seen in the wild– Sourcefire release home brew patched .dll
• MS release autorun patch
• Rumors of Windows 7 DRM badness
• TrapCall service bypasses CallerID blocking
• VMWare demos dual OS phone (simultaneous ops)
Games
• Sega cuts jobs
• Quake Live– Open beta feb 24
Corp. Hell• Metasploit to offer services
• Novell Launches Moonlight (silverlight for linux)
• Leak of Windows 7 Beta
• Palm drops PalmOS for WebOS
• FaceBook changes TOS and changes back
• Twitter is master of downtime
• Symantec takes down server after the SQL Injection that did not happen
• X-Box cuts gay subscriptions
• Linux Foundation buys linux.com
• Gmail Outage
Papers
• "Security Assessment of the Transmission Control Protocol (TCP)“– UK - Centre for the Protection of National Infrastructure
• Fortify code review of NIST SHA-3 contestants
• MS Gazelle – secure web browser
• Summary of Metasploit DDoS
Film / Music• 6th season of Futurama
• Netflix to launch streaming only plan
WTF
• Wisconsin download tax
• Solar power hits $1 a watt
• Diebold logs are crap
Legal
• PirateBay in Court
• All your RFID are belong to felons• Senate Bill 125 - felony for anyone to
possess, read or capture the personally identifying RFID information of others without their consent
• Internet Saftey Act of 2009
• Debian 5.0
• PcapParser
• Ratproxy 1.5.4
• dragonflybsd 2.2
• D ported to Mac
• Safari 4
• OSSEC 2.0
• Qt 4.5
Updates
CON Events• BlackHat DC• Kaminsky / DNSSEC
• Militarized cyberspace
• New XSS
• Fun with Facial Biometrics
• SSL Strip
• CanSecWest (5 days)• Pwn2Own – Laptop and Mobile devices
• DefCon CFP
• SOURCE Boston, 11 - 13 Mar / Boston MA• http://www.sourceboston.com/
• CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC• http://www.carolinacon.org/
• Notacon 5, 4 - 6 Apr / Cleveland OH• http://www.notacon.org/
• Hack In The Box, 20-23 Apr / Dubai• http://conference.hitb.org/hitbsecconf2009dubai/
• ToorCon Seattle, 18 – 20 Apr / Seattle• http://seattle.toorcon.org/2008/about.php
• Trooper 08, 23 – 24 Apr / Munich • http://www.troopers08.org/content/
• Interop, 27 Apr - 2 May / Las Vegas NV• http://www.interop.com/lasvegas/
• Layerone, 17 – 18 May / Pasadena CA• http://layerone.info
• DallasCon 2008, TBD / Dallas , TX• http://www.dallascon.com
• MS BlueHat Spring 2008, May 2 2008 / Redmond WA• http://www.microsoft.com/technet/security/bluehat/
All images scavenged without permission
All images scavenged without permission