PREVIOUS GNEWSPREVIOUS GNEWS

• New Format

• 10 Patches originally expected– 6 Security

• Affects Windows OS (xp / vista), Office, .net– 4 Non-Security related updates, Malicious Tool Update

Patch Tuesday

• 6 Security Patches, x bugs addressed

– MS07-036 - Excel 03 / 07- Remote Code Execution– MS07-037 – Publisher 07 - Remote Code Execution– MS07-038 - Vista Firewall - Information Disclosure– MS07-039 – Active Directory - Remote Code

Execution– MS07-040 – .NET – Remote Code Execution– MS07-042 – IIS 5.1 on XP - Remote Code Execution

– Malicious Software Removal, Root Cert

Books• WIndowos Forensic Analysis

– By Harlan Carvey

Holes 1

• Apple IPv6 DoS, Type 0 Routing Header (RH0) –cansec west

• Apple QuickTime – 1 Code execution, 1 Information disclosure

• Apple Safari– XSS via XMLHttpRequest

– Code execution via improper frameset rendering

• Apple Audio Patch, fixes popping sound in Intel Macs

• 30+ Reported Cases– Texas First Bank, 4,000 records on a stolen laptop

– Texas A&M – Corpus Christi, 8,000+ records lost on thumb drive by Professor in Madagascar

– Fidelity National Services (credit card processor), 2.2 Mil Records stolen by internal DBA

– Winn Dixie, Mississippi, Unspecified number of pharmacy records in the trash

DATA LOSS

Holes 2• Month Of Search Engine Bugs, Sum total of 104 vulns in 33 search

engines

• Mass website defacement via Mpak and malicious iframes

• RealPlayer and HelixPlayer, buffer overflow in SMIL mark-up langauge allows code execution

• Mozilla Firefox focus() Redirection allows information disclosure

• Asterisk, Multiple buffer overflows in SIP / SDP handler allow code execution (in t38 fax over SIP is enabled)

• Trillion IRC, Buffer overflow in UTF-8 string wrapping allows code execution.

Corp. Hell• Oracle vs SAP update

– SAP admits TomorrowNow Subsidiary did inappropriately access and download files from Oracle’s support knowledge base, but stress that the access was authorized.

– Inappropriate….authorized….inappropriate....authorized. WTF!?

• Gmail vs G-mail update– Germany courts rules in favor of G-mail, Google banned from using Gmail

• Google Threatens to Shut Down Germany Gmail service– New law will require data be saved for 6 months and ban anonymous services

• 3Com to release TippingPoint under IPO

• Encrypted Print Cartridges– Cryptography Research Inc. is developing brand specific certs to thwart piracy

• DHS US Visitor Database fails security audit

• NSA resorts to rolling brown outs

Holes 3• WinPcap NPF.SYS IOCTL Handler Privilege Escalation

Vulnerability– PoC on Milw0rm.com, local privelege escalation

• • Mark Litchfield drops 4 vulns on SAP

– Message Server, Internet Graphics Service, Internet Communication Manager, waHTTP.exe

• Elcomsoft cracks Quicken master password

• Youtube Script "id" SQL Injection Vulnerability – Code on Milw0rm.com

• Swiss WabSabiLabi Ltd. Launch exploit auction site

• RFID, Security researchers finally realize they can read entire truck shipments with COTS parts

• **In May PHRACK re-launched under new “management”, reviews are mixed

Film / Music• AllofMP3.com shuts down, allTunes.com attempts to fill the gap

• EMI confirm good results in DRM-Free venture with iTunes

• Minisode Network Beta on MyspaceTV crunches shows to ~6 min

• Internet Radio Update– Stations protest ruling and gain a temporary $2500 cap on advance payments 'per

channel/per station

• University of Washington will forward RIAA settlement letters to students• MPAA out’ed for sponsoring dummy websites

– Media Defender, owner of MiiVi.com supplied movies and a client that would search for other copyrighted content before reporting home

• Oregon woman initiates counter suit on RIAA under the Computer Fraud and Abuse Act and the Racketeer Influenced and Corrupt Organization Act

• NBC’s Rick Cotton says piracy is more serious than violent crime

Holes 4

• Fake MS Patch Email, possibly targeting IT executives

• MS re-release of MS07-022, Privilege Escalation

• Silent Patch release for Windows on Intel Core 2 Dou

• Dino Dai Zovi, Peter Ferrie, Nate Lawson, and Thomas Ptacek call out Joanna Rutkowska to prove her “BluePill” rootkit is truly undetectable

• Carlos Slim unseats Bill Gates as richest man

• Microsoft re-launches “HowToTell” anti-piracy website

• Dell warns companies about migration / upgrade issues with Vista

iPhone• Multiple Launch Issues

• Errata claims multiple vulns

• DVDJon bypasses Cingular/AT&T activation (iPDA)

• iPhone Hacker ‘to do’ list

• iPhone uses youtube viewer

• iPhone Killer, OpenMoko releases beta of open linux phone

• Doors of GSM fuzzing open to the masses

Papers

• CalTech developes FastTCP– Appliance based file transfer with 15-20x faster tranmission rates

• CIA Declassifies the mother load

• Blogger Jeff Jones releases his 180 day report on Vista Security

WTF!?• 7-11 sells out to Kwik-E Mart

• Ancestry.com launches on-line DNA database

• IEs4Linux and Wine on linux passes Windows Genuine Advantage

• Build you own Shopping Cart EMP

• 1992 Rubber Duck Flotilla to land in UK

• AT&T to implement copyright filter

Updates• RootKit technology, Hide ports in Vista via NSI module hook

• Windows Vista and Server 2008 pki enhancements

• Pirate Bay, image hosting

• Snort 2.7 RC2• SourceFire goes Multi Gig with the 3D9800

• Linux 6.22 Kernel

• bluediving 0.8• sqlmap 0.4• sql ninja 0.1.2• aircrack ng 0.9.1• nipper 0.10• rouge detect• Sysinternals -AccessChk v4.0 and ZoomIt v1.50

Legal• Connecticut teacher update

– The original conviction is over ruled and an awareness group formed

• Maine, first to pass net neutrality law• FTC calls for a slow approach and caution regarding net neutrality

• Canadian Parliament demands DMCA style law

• California Dem. Joe Simitian drafts legislation to limit RFID use– Essentially banning employer / employee rfid implants

• US to expands id checks for the US-VISIT program

• Expectation of privacy extended to email – EFF wins CA case requiring Feds to have a warrant for stored information

• Warrant less snarfing upheld – Another CA court upholds warrant less seizures to obtain the destination address / url

• UK Limits ‘extreme’ porn on the internet• Belgium ISP forced to filter P2P traffic

CON Preview

• BlackHat - Next Gen WebWorms• DC - Arrakis will talk on portable privacy and digital warfare tools• DC – Simple Nomad will participate in Hacker Court

CON Events

• Completed Cons– REcon Party, 13 - 16 June 2007 - Montreal

• Future Cons– BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Chaos Communications Camp, 8 - 12 August - Berlin– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– WhiteDust Black and White Ball, 18 - 23 Sept – London– ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA– Phreaknic, 20 - 22 Oct 2007 - Nashville TN– LISA, 11 - 16 Nov 2007 - Dallas TX– Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin

All images scavenged without permission

All images scavenged without permission