PREVIOUS GNEWSPREVIOUS GNEWS

• 4 Patches – 9 bugs addressed

• Affecting Windows, SQL, Exchange (OWA)

• Other updates, MSRT, Defender Definitions, Junk Mail Filter

• 8 Security Patches - 5 Critical, 1 Moderate– MS08-037 – DNS - Spoofing – MS08-038 – Windows Explorer - Remote Code Execution – MS08-039 – OWA – Privilege Escalation– MS08-040 – SQL – Privilege Escalation

Patch Tuesday

Holes / Patches• Apple 2008-004, 25 fixes• Apple Safari 3.1.2 for Windows• Apple Safari 3.1.2 for OS X 10.4.11• AppleScript, Privilege Escalation • New Mac Trojans, one using the above AppleScript vuln

• Vim, Multiple vulnerabilities, allows code execution

• X Server, Multiple vulnerabilities, local information disclosure– Disable MIT-SHM extensions

• VMware ESX, Multiple vulnerabilities

• Ruby, Integer Handling errors, Allows code execution

• FireFox, ver 2.x and 3.x

• Adobe, error in javascript handling, Allows code execution

Hacking • MS releases free sql injection auditing tools

• UK (London) Oyster Card has been cloned

• American Airlines to launch in flight wireless, Gogo by Aircell

• VOIP on the iPhone, iCall

• Chaos Computer Club, Privacy

• N.Runs reports 800+ vulnerabilities in various Antivirus Engines

• Brightnets, Distributed File System

• Japanese Age Verification Camera system duped by magazine photos

Books• Hackerteen Volume 1: Internet Blackout

– Macelo Marques

• Crimeware: Understanding New Attacks and Defenses

– Markus Jakobsson, Zulfikar Ramzan

• VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers

– Edward L. Haletky

• Nmap Network Scanning (coming soon)– Fyodor

Corp. Hell• India to crack BlackBerry Encryption if RIM doe not open network

• Retail “Box” Sales of XP stops, Still available to large OEM companies

• John Burris from Citrix, Named new SourceFire CEO

• Pirate Bay offers SSL encryption in wake of Swedish wiretap law

• Formal Certification Standards? Office of Management and Budget

• Chrysler adds wifi to 2009 car line

• Charter Communication’s NebuAd shut down in development– Behavioral Marketing System declared a man-in-the-middle attack by Congress,

• ICANN approves expansion of TLDs, still no .XXX– Allows “vanity” TLDs like .mac .msn .cbs

• GoDaddy VP busted bidding up domain auctions

Papers

• Richard Bennet comments on NetNeutrality (against)

• NIST releases 3 revisions to the 800 series security guides.

Film / Music

• RIAA backs out of ‘Making Available” argument, requests dismissal of case

• RIAA raises settlement cost from 3,000 to 8,000

• MPAA requests FCC for waiver to SOC (selectable output control) ruling– Would allow them to block dvr recordings of HD movies

• IpTables rules to drop reset packets and evade Comcast throttling

WTF

• LA Judge presiding over obscenity trial busted with porn on public website

• AVG LinkScanner, generating mass quantities of fake traffic

• Sysinternals Live

• Windows Search 4 for XP

• Maltego Community Edition• Maltego for Windows

• Opera 9.51• FireFox 3

• ClamAV 0.93.3

• Apple SproutCore, Web App Framework

• iPhoneDbg ToolKit

• IPTables 1.4.1.1

• RFDump 1.6

• BackTrack 3

• Snort 3 Beta, Snort Security Platform (SnortSP)

• Nmap 4.68

• Google RatProxy

Updates

CON Events

• Future Cons– HOPE 7, 18 - 20 July / New York NY– USENIX 17th Security Symposium, 28 July - 1 Aug / San Jose

CA– REcon 2008, 13 – 15 June / Montreal CA– Black Hat USA, 2 - 7 Aug / Las Vegas NV– DefCon, 8 - 10 August / Las Vegas NV– Chaos Communications Camp, TBD / Berlin

All images scavenged without permission

All images scavenged without permission