previous gnews
DESCRIPTION
PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter. 8 Security Patches - 5 Critical, 1 Moderate MS08-030 – Bluetooth Stack - Remote Code Execution - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/1.jpg)
PREVIOUS GNEWSPREVIOUS GNEWS
![Page 2: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/2.jpg)
• 7 Patches – x bugs addressed
• Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
• 8 Security Patches - 5 Critical, 1 Moderate– MS08-030 – Bluetooth Stack - Remote Code Execution – MS08-031 – IE Cumulative Security Update– MS08-032 – ActiveX Kill Bits Cumulative Security Update– MS08-033 – DirectX - Remote Code Execution – MS08-034 – WINS - Elevation of Privilege– MS08-035 – Active Directory - Denial of Service – MS08-036 –Pragmatic General Multicast (PGM) - Denial of
Service
– re-released MS06-078 and MS07-068 with a detection only change
![Page 3: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/3.jpg)
Holes / Patches• Apple 2008-003
• Apple QuickTime 7.5
• Apple Safari on Windows
• Apple iCal
• Apple iPhone 2
• snort ip fragment reassembly / ttl evasion
• openssl tls vulns, server_name set to 0x00 in handshake
• Samba, boundary error in "receive_smb_raw()"
• Adobe Flash 9 0-day
• OpenOffice, integer overflow in "rtl_allocateMemory()"
• Sun Java Active Server Pages, Multiple Vulns
![Page 4: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/4.jpg)
Hacking • Sample Code in RFC 3414 (snmp) contains overflow
• rustock.c, russian rootkit, undetected record of 1.5 years
• Cisco Router Rootkit? Sebastian Muniz - EuSecWest
• New JavaScript engine, Squirrelfish
• OSWA – Organizational Wireless System Auditor, Live CD
![Page 5: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/5.jpg)
Corp. Hell• L-1 Identity Solutions Inc. to produce RFID Passport Card
• Todd Davis gets sued
• Comcast invests in GridNetworks (a P2P start-up)• Comcast web and email hacked, Defiant and EBK
• Dave & Busters, Packet sniifers on PoS terminals
• Barracuda offers buyout of SourceFire, SF rejects
• Nvidia enters mobile processor market
• Tumbleweed bought by Sopra Group (french)
• Canada charges Facebook with privacy infringement
• Explosion at ‘The Planet’ houston data center
![Page 6: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/6.jpg)
Papers
• Apple Security Guide for OS X 1.5 Leopard
• NIST IT Security Configuration Scoring (call for input)
![Page 7: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/7.jpg)
Film / Music
• NBC turns on “Broadcast Flag”
• Staples to sell $5 flexplay divx DVDs
![Page 8: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/8.jpg)
WTF
• UK calls for a total phone usage database
• Launch of Google Health
• California man makes $50k opening accounts, arrested
• TSA ID rule change, refuse id check, get banned
![Page 9: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/9.jpg)
• MySpace suicide case, poses rocky precedence
• Anti-Counterfeiting Trade Agreement, ACTA– Pirate-bay Killer?
• GPLv3 gets more legal attention– Proprietary software / patents
Legal
![Page 10: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/10.jpg)
• Ulteo Virtual Desktop, Linux virtualization on Windows
• blender 2.46, 3d animation
• rtpBreak 1.3a, rtp sniffer
• xprobe 2
• WebKnight, mod_security for IIS
• Nessus 3.2.1, does not work with freebsd 6
• technet opened to community contributions
• Snort 2.8.2
• maltego videos
• openssl 0.9.8h
• kismet 2008-05-R1
• opera 9.5 promises built-in malware protection
• Axban, ActiveX Killbit tool
Updates
![Page 11: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/11.jpg)
CON Events
• Completed Cons– Layerone, 17 – 18 May / Pasadena CA– DallasCon 2008, TBD / Dallas , TX– AusCERT 2008, 18 - 23 May / Gold Coast AU– EuSecWest, 28 May – London UK
![Page 12: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/12.jpg)
CON Results
• EuSecWest – Hardware Flashing
• EuSecWest – Cisco RootKit
• BlackHat Preview and Webcast
![Page 13: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/13.jpg)
CON Events
• Future Cons– HOPE 7, 18 - 20 July / New York NY– USENIX 17th Security Symposium, 28 July - 1
Aug / San Jose CA– REcon 2008, 13 – 15 June / Montreal CA– Black Hat USA, 2 - 7 Aug / Las Vegas NV– DefCon, 8 - 10 August / Las Vegas NV– Chaos Communications Camp, TBD / Berlin
![Page 14: PREVIOUS GNEWS](https://reader035.vdocument.in/reader035/viewer/2022062410/56815738550346895dc4de0f/html5/thumbnails/14.jpg)
All images scavenged without permission
All images scavenged without permission