previous gnews. 7 patches – x bugs addressed affecting word, outlook, publisher, jet db engine,...
TRANSCRIPT
• 7 Patches – x bugs addressed
• Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
• 8 Security Patches - 5 Critical, 1 Moderate– MS08-030 – Bluetooth Stack - Remote Code Execution – MS08-031 – IE Cumulative Security Update– MS08-032 – ActiveX Kill Bits Cumulative Security Update– MS08-033 – DirectX - Remote Code Execution – MS08-034 – WINS - Elevation of Privilege– MS08-035 – Active Directory - Denial of Service – MS08-036 –Pragmatic General Multicast (PGM) - Denial of
Service
– re-released MS06-078 and MS07-068 with a detection only change
Holes / Patches• Apple 2008-003
• Apple QuickTime 7.5
• Apple Safari on Windows
• Apple iCal
• Apple iPhone 2
• snort ip fragment reassembly / ttl evasion
• openssl tls vulns, server_name set to 0x00 in handshake
• Samba, boundary error in "receive_smb_raw()"
• Adobe Flash 9 0-day
• OpenOffice, integer overflow in "rtl_allocateMemory()"
• Sun Java Active Server Pages, Multiple Vulns
Hacking • Sample Code in RFC 3414 (snmp) contains overflow
• rustock.c, russian rootkit, undetected record of 1.5 years
• Cisco Router Rootkit? Sebastian Muniz - EuSecWest
• New JavaScript engine, Squirrelfish
• OSWA – Organizational Wireless System Auditor, Live CD
Corp. Hell• L-1 Identity Solutions Inc. to produce RFID Passport Card
• Todd Davis gets sued
• Comcast invests in GridNetworks (a P2P start-up)• Comcast web and email hacked, Defiant and EBK
• Dave & Busters, Packet sniifers on PoS terminals
• Barracuda offers buyout of SourceFire, SF rejects
• Nvidia enters mobile processor market
• Tumbleweed bought by Sopra Group (french)
• Canada charges Facebook with privacy infringement
• Explosion at ‘The Planet’ houston data center
Papers
• Apple Security Guide for OS X 1.5 Leopard
• NIST IT Security Configuration Scoring (call for input)
WTF
• UK calls for a total phone usage database
• Launch of Google Health
• California man makes $50k opening accounts, arrested
• TSA ID rule change, refuse id check, get banned
• MySpace suicide case, poses rocky precedence
• Anti-Counterfeiting Trade Agreement, ACTA– Pirate-bay Killer?
• GPLv3 gets more legal attention– Proprietary software / patents
Legal
• Ulteo Virtual Desktop, Linux virtualization on Windows
• blender 2.46, 3d animation
• rtpBreak 1.3a, rtp sniffer
• xprobe 2
• WebKnight, mod_security for IIS
• Nessus 3.2.1, does not work with freebsd 6
• technet opened to community contributions
• Snort 2.8.2
• maltego videos
• openssl 0.9.8h
• kismet 2008-05-R1
• opera 9.5 promises built-in malware protection
• Axban, ActiveX Killbit tool
Updates
CON Events
• Completed Cons– Layerone, 17 – 18 May / Pasadena CA– DallasCon 2008, TBD / Dallas , TX– AusCERT 2008, 18 - 23 May / Gold Coast AU– EuSecWest, 28 May – London UK
CON Results
• EuSecWest – Hardware Flashing
• EuSecWest – Cisco RootKit
• BlackHat Preview and Webcast
CON Events
• Future Cons– HOPE 7, 18 - 20 July / New York NY– USENIX 17th Security Symposium, 28 July - 1
Aug / San Jose CA– REcon 2008, 13 – 15 June / Montreal CA– Black Hat USA, 2 - 7 Aug / Las Vegas NV– DefCon, 8 - 10 August / Las Vegas NV– Chaos Communications Camp, TBD / Berlin