• 3 Patches – x bugs addressed

• Affecting Kernel, SChannel, DNS/WINS

• Other updates, MSRT, Defender Definitions, Junk Mail Filter

• 3 Security Patches - 1 Critical, 2 Important– MS09-006 – Kernel (GDI via EMF or WMF image) , Remote

Execution– MS09-007 – SChannel, Allows Spoofing

“Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.”

– MS09-008 – DNS/WINS (WPAD and ISATAP registration), Allows Spoofing

Patch Tuesday

• Apple 2009-001– 55 fixes– Some reports of broken Perl

• Mac OS X xnu nel memory disclosure

• Telent FreeBSD 7.0– Exploit on milw0rm

• Yet another Adobe Reader bug– PoC on milw0rm

• …and Flash Player

• Gmail CSRF

• BlackBerry Activex component

• Opera / Winamp / Excel

Holes / Patches

Hacking • MS ponies up 250K confiker bounty

• Air Force claims tool can id “bad” torrents…mean while back at the ranch

• Maxwell AFB cuts external connection

• MS09-002 exploits seen in the wild– Sourcefire release home brew patched .dll

• MS release autorun patch

• Rumors of Windows 7 DRM badness

• TrapCall service bypasses CallerID blocking

• VMWare demos dual OS phone (simultaneous ops)

Games

• Sega cuts jobs

• Quake Live– Open beta feb 24

Corp. Hell• Metasploit to offer services

• Novell Launches Moonlight (silverlight for linux)

• Leak of Windows 7 Beta

• Palm drops PalmOS for WebOS

• FaceBook changes TOS and changes back

• Twitter is master of downtime

• Symantec takes down server after the SQL Injection that did not happen

• X-Box cuts gay subscriptions

• Linux Foundation buys linux.com

• Gmail Outage

Papers

• "Security Assessment of the Transmission Control Protocol (TCP)“– UK - Centre for the Protection of National Infrastructure

• Fortify code review of NIST SHA-3 contestants

• MS Gazelle – secure web browser

• Summary of Metasploit DDoS

Film / Music• 6th season of Futurama

• Netflix to launch streaming only plan

WTF

• Wisconsin download tax

• Solar power hits $1 a watt

• Diebold logs are crap

Legal

• PirateBay in Court

• All your RFID are belong to felons• Senate Bill 125 - felony for anyone to

possess, read or capture the personally identifying RFID information of others without their consent

• Internet Saftey Act of 2009

• Debian 5.0

• PcapParser

• Ratproxy 1.5.4

• dragonflybsd 2.2

• D ported to Mac

• Safari 4

• OSSEC 2.0

• Qt 4.5

Updates

CON Events• BlackHat DC• Kaminsky / DNSSEC

• Militarized cyberspace

• New XSS

• Fun with Facial Biometrics

• SSL Strip

• CanSecWest (5 days)• Pwn2Own – Laptop and Mobile devices

• DefCon CFP

• SOURCE Boston, 11 - 13 Mar / Boston MA• http://www.sourceboston.com/

• CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC• http://www.carolinacon.org/

• Notacon 5, 4 - 6 Apr / Cleveland OH• http://www.notacon.org/

• Hack In The Box, 20-23 Apr / Dubai• http://conference.hitb.org/hitbsecconf2009dubai/

• ToorCon Seattle, 18 – 20 Apr / Seattle• http://seattle.toorcon.org/2008/about.php

• Trooper 08, 23 – 24 Apr / Munich • http://www.troopers08.org/content/

• Interop, 27 Apr - 2 May / Las Vegas NV• http://www.interop.com/lasvegas/

• Layerone, 17 – 18 May / Pasadena CA• http://layerone.info

• DallasCon 2008, TBD / Dallas , TX• http://www.dallascon.com

• MS BlueHat Spring 2008, May 2 2008 / Redmond WA• http://www.microsoft.com/technet/security/bluehat/

All images scavenged without permission

All images scavenged without permission