PREVIOUS GNEWS. 4 Patches – 2 bugs addressed Affecting Windows, Windows Servers, Other updates,...
-
Upload
blake-campbell -
Category
Documents
-
view
218 -
download
3
Transcript of PREVIOUS GNEWS. 4 Patches – 2 bugs addressed Affecting Windows, Windows Servers, Other updates,...
PREVIOUS GNEWSPREVIOUS GNEWS
• 4 Patches – 2 bugs addressed
• Affecting Windows, Windows Servers,
• Other updates, MSRT, Defender Definitions, Junk Mail Filter, RootCert
• Vista USB Core rollup, Vista Reliability
Patch Tuesday
• 2 Security Patches - 1 Critical, 1 Important– MS07-061 – Windows URI Handling (XP, 2003) -
Remote Code Execution– MS07-062 – DNS Spoofing (2K server, 2003)
Holes / Patches• Oracle Patch Release
– 51 patches, 40 remote, 13 with no auth– Local injections posted to milw0rm
• Oracle 0-day in XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure
– Reported by idefense, code is available
• OpenBSD, DHCP DoS / possible code execution (patch available)
• OpenSS, DTLS DoS / possible code execution (patch available)
• RealPlayer, MPMedia.dll Code execution (patch available)
• AIX, Multiple local exploits (patch available)
• Lotus Notes, Multiple exploits (patch available, mostly)– Bug in wp6sr.dll not patched by ver. 8.0
DATA LOSS
• 25 + reported incidents
• Croucher Brewing Company in Rotorua, New Zealand– Beer for life (12-pack a day) for info leading to arrest on laptop theft
Holes / Patches (more)• QuickTime, Multiple exploits (patch available)
• Apple, “First Trojan”– Fake codec download, requires user action
• Mozilla Firefox / SeaMonkey / Thunderbird, Multiple exploits (patch available)
• Opera, Multiple exploits (patch available)
• Firebird SQL, BO with overlong request, printf(), and process_packet() (patch available)
• Winamp, BO in FLAC processing (patch available)
• Kaspersky, Activex Scanner (patch available)
Hacking
• RNB – gets yet more publicity – system goes dark with domain registration withdrawl
• Pirate Bay buys ifpi.com– Legal battle quickly follows
• Elcomsoft files patent for using Video RAM for processing
• OSx86 Scene Forum release details on installing Leopard on a PC
Holes / Patches (again)
• SIP receiving increased attention– Multiple vulnerabilities, Vonage specifically named– SIP XSS
• SonicWall Activex, Multiple exploits (patch available)
• Symantec Anti-Virus for SMTP, Multiple exploits (patch available)
• Windows Mobile 5, Bug in SMS handler allows sender spoofing
• Update to iPone TIFF bug, exploit tool released
• Maxtor ships HDs with preinstalled trojans (Taiwan)
• Asterick SQL Injection in cdr_addon_mysql
Corp. Hell• EA Games buys BioWare and Pandemic• Encase buys Applied Watch• McAfee buys ScanAlert (Hacker Safe)• Symantec buys Vontu• MS buys 1.6% stake of Facebook
• Govt. to step into 3Com / China deal
• Hushmail ponies up web-based logs to Feds– Full client version is still safe
• Apple announces iPhone SDK (Feb 2008)• Verizon announces to share data / offers opt-out• MS announces health record service / Google follows
• Google open phone coalition gets flamed from Symbian
• Viacom calls for copyright filtering standard
Film / Music
• Star Trek Prequel casting– Chris Pine – James T. Kirk– Eric Bana – Nero (villain)
• Viacom posts entire Daily Show archive (free)
• BluRay BD+ cracked
• Canada RCMP announce piracy for personal use is not their target. (must be this tall to ride...)
Papers
• DHS proposes ‘baseline’ for security skills
• MPAA Hacker tells all to Wired Magazine
Updates• Mac OS X 10.5 Leopard• Fedora 8• SIPVicious 0.2.1• Kismet 2007-10-R1• Openssl 0.9.8g• Netscape 9.0.0.3• Gimp 2.4• Inguma 0.0.5.1 (pentest toolkit)• Honeytrap 1.0.0• RFIDIOt 0.1q• RFDump 1.5• Bunny 0.92 (fuzzer)• Tor 0.1.2.18a• Sqlmap 0.5• Maltego Java Framework (formerly evolution)
• OLPC opens “give one get one” program (ends Nov 26th)• MS announce XP port for OLPC
• MS talks about Windows 7 at University of Illinois
Legal• Bill calls for ID Theft Restitution
• Pirate Act reintroduced
• Govt. calls for free access to email
• Judge rules RIAA “evidence” insufficient
• FISA Telecom bill placed on hold
• Schwarzenegger vetos PCI like bill
• Austria adopts use of fedware
CON Events
• Completed Cons– ToorCon 9, 19 – 21 Oct – San Diego CA– Phreaknic, 20 - 22 Oct - Nashville TN– DayCon, 12 – 14 Oct – Dayton OH
• Future Cons– LISA, 11 - 16 Nov 2007 - Dallas TX– OWASP + WASC, 12 -15 Nov - San Jose CA– BreakPoint, 15 - 18 Nov - Mexico– SecTor, 20 – 21 Nov – Toronto Canada– PacSec 2007, 29 – 30 Nov - Tokyo– Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin
All images scavenged without permission
All images scavenged without permission