PREVIOUS GNEWSPREVIOUS GNEWS

• 11 Patches – bugs addressed

• Affecting Windows (all versions)

• Other updates, MSRT, Defender Definitions, Junk Mail Filter

• 11 Security Patches - 6 Critical, 5 Important– MS08-003 – AD - DoS– MS08-004 – TCP/IP – DoS– MS08-005 – IIS – Privilege Escalation– MS08-006 – IIS - Remote Code Execution– MS08-007 – WebDAV - Remote Code Execution *– MS08-008 – OLE Automation - Remote Code Execution– MS08-009 – Word - Remote Code Execution– MS08-010 – IE Cumulative -– MS08-011 – Works File Converter - Remote Code Execution *– MS08-012 – Publisher - Remote Code Execution– MS08-013 – Office - Remote Code Execution

Patch Tuesday

Holes / Patches• IE 7 Moved back into ‘High Priority’

• Vista SP1 released to Manufacturers

• Another Windows 0-day bounty– Digital Armaments, 20K Hacker’s Challenge, ends Feb 29th

• Another Excel 0-day, Malformed file grants privilege escalation

• MS08-001 Update, MS Small Business Sever vuln to IGMP

• AOL Radio, BO in OLMediaPlaybackControl.exe, allows code execution

• Winamp, BO in in_mp3.dll, allows code execution

• Yahoo! Music Jukebox Activex, BO in datagrid.dll, allows code execution– Multiple exploits posted to milw0rm

• uTorrent, crafted packet with overly long client string, allows code execution

Hacking

• Drive-by pharming in the wild

• Polish TV Remote used to control train switch

• vLite, Windows Vista Stripper

• Malicious Facebook page poses as Windows Update

• Mitnick Probation ends

• iPhone / iPod Touch 1.1.3 firmware jail busted– Paper on milw0rm

• NIAP Group posts new anti-rootkits to rootkit.com

• Yahoo! Captcha Cracked

Holes / Patches (more)• Oracle Patch Release, 27 patches

– Multiple local exploits posted to milw0rm

• Oracle Siebel SimBuilder NCTAudioFile2 ActiveX

• Apple Patch Release 2008-001, 411 fixes

• Apple QuickTime, BO in handling RTSP relies, code execution

• iPhone application signing key leaked

• MBR Rootkit

• Cisco, BO in CTLProvider.exe, DoS / Code execution

• Cisco ASA, TTL decrement feature enabled, DoS

• Home Routers, exploited via flash swf file and UPNP

Corp. Hell• OLPC coming to America

• Time Warner Cable Beaumont TX tests tiered internet plans

• Hasbro issues DMCA against Facebook applications

• Oracle buys BEA

• Sun buys mysql.

• HackerSafe (or not)

• Windows 7 scheduled for 2nd half of 2009

• MS virtualization strategy announced– Possible partnership with Citrix / reverses EULA prohibiting Vista under virtualization

• No open source for os/2

• NVIDIA buys AGEIA

• Yahoo! Music closing, converts user to Real / Rhapsody

• new comcast tos

• Do Not Call Registry to be made permanent

Holes / Patches (again)• TSA Website hacked (data loss)

• Citadel SMTP, BO in user_ops.c, allows code execution

• Facebook Photo Uploader– Multiple exploits on milw0rm

• Another Adobe Reader vulnerability

• Mozilla Firefox and Thunderbird, Multiple vulns

• GNUCitizen release PoC code for BT Home Hub 6.2.6.B, VOIP hijacking

• Skype IE zone allows malicious code execution

• Nokia / Symbian worm, SymbOS/Beselo.A!worm

• Lots of SQL injection posted to milw0rm

Film / Music

• Netflix removes steaming limits

• Possible deal in writers strike

Papers• RBN, Shadowserver Foundation

• Flash Memory, Robert Graham (blog)

• NIST draft for IPv6– ICANN adds IPv6 to internet backbone routers

• Risking Communications Security: Potential Hazards of the Protect America Act, Steve Bellovin, Matt Blaze, Whit Diffie, Susan Landau, Peter Neumann, and Jennifer Rexford

• Covert channel vulnerabilities in anonymity systems, Steven Murdoch – University of Cambridge

• NIST approved scanners

• gay authentication– Undercover: Authentication Usable in Front of Prying Eyes

• UK proposes chipping prisoners

• RealID requirements issued

• UK considering a German hacking tool law

• Dakota makes DNS zone transfers illegal.

• Maryland ditches digital voting

• EU slams ISP filtering

• Canadian DMCA takes more heat

• EU recommends IPs be considered personal data.

• Electronics freely searchable

• Bush security plan

Legal

• Sun Java 6 update 4• VOIP hopper 0.9.7• tor 0.1.2.19• wifizoo 1.3 (dsniff-ish)• sqlmap 0.5• sysinternals

– autoruns 9.02– psservice 2.22– tcpview 2.53– psexec 1.94

• KDE 4.0 goes cross platform• linux kernel 2.6.24• metasploit 3.1• OSVDB API beta• PostgreSQL 8.3 • aircrack ng 0.9.2

Updates

• student expelled for misquoted Facebook image

• QuickTime DRM disables 3rd party video editing.

• apple cripples their dtrace port

• under water cables cut in Mediterranean

• SCADA security mailing list – (don't talk security)

• more fedware

WTF

CON Events

• Future Cons– Ebay RedTeam, ? Feb / SanJose– Shmoocon, 15 - 18 Feb / Washington DC– Black Hat DC, 18 - 21 Feb / Washington DC– InfowarCon 2008, 2 - 4 Mar / Bethesda MD– Infosec World, 10 - 12 Mar / Orlando FL– SOURCE Boston, 12 - 14 Mar / Boston MA– Black Hat Europe, 25 - 28 Mar / Amsterdam– CanSecWest 2008, 26 - 28 Mar / Vancouver BC– CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC

All images scavenged without permission

All images scavenged without permission