PREVIOUS GNEWS. New Format 10 Patches originally expected –6 Security Affects Windows OS (xp /...
-
Upload
leslie-wilkins -
Category
Documents
-
view
218 -
download
0
Transcript of PREVIOUS GNEWS. New Format 10 Patches originally expected –6 Security Affects Windows OS (xp /...
• New Format
• 10 Patches originally expected– 6 Security
• Affects Windows OS (xp / vista), Office, .net– 4 Non-Security related updates, Malicious Tool Update
Patch Tuesday
• 6 Security Patches, x bugs addressed
– MS07-036 - Excel 03 / 07- Remote Code Execution– MS07-037 – Publisher 07 - Remote Code Execution– MS07-038 - Vista Firewall - Information Disclosure– MS07-039 – Active Directory - Remote Code
Execution– MS07-040 – .NET – Remote Code Execution– MS07-042 – IIS 5.1 on XP - Remote Code Execution
– Malicious Software Removal, Root Cert
Holes 1
• Apple IPv6 DoS, Type 0 Routing Header (RH0) –cansec west
• Apple QuickTime – 1 Code execution, 1 Information disclosure
• Apple Safari– XSS via XMLHttpRequest
– Code execution via improper frameset rendering
• Apple Audio Patch, fixes popping sound in Intel Macs
• 30+ Reported Cases– Texas First Bank, 4,000 records on a stolen laptop
– Texas A&M – Corpus Christi, 8,000+ records lost on thumb drive by Professor in Madagascar
– Fidelity National Services (credit card processor), 2.2 Mil Records stolen by internal DBA
– Winn Dixie, Mississippi, Unspecified number of pharmacy records in the trash
DATA LOSS
Holes 2• Month Of Search Engine Bugs, Sum total of 104 vulns in 33 search
engines
• Mass website defacement via Mpak and malicious iframes
• RealPlayer and HelixPlayer, buffer overflow in SMIL mark-up langauge allows code execution
• Mozilla Firefox focus() Redirection allows information disclosure
• Asterisk, Multiple buffer overflows in SIP / SDP handler allow code execution (in t38 fax over SIP is enabled)
• Trillion IRC, Buffer overflow in UTF-8 string wrapping allows code execution.
Corp. Hell• Oracle vs SAP update
– SAP admits TomorrowNow Subsidiary did inappropriately access and download files from Oracle’s support knowledge base, but stress that the access was authorized.
– Inappropriate….authorized….inappropriate....authorized. WTF!?
• Gmail vs G-mail update– Germany courts rules in favor of G-mail, Google banned from using Gmail
• Google Threatens to Shut Down Germany Gmail service– New law will require data be saved for 6 months and ban anonymous services
• 3Com to release TippingPoint under IPO
• Encrypted Print Cartridges– Cryptography Research Inc. is developing brand specific certs to thwart piracy
• DHS US Visitor Database fails security audit
• NSA resorts to rolling brown outs
Holes 3• WinPcap NPF.SYS IOCTL Handler Privilege Escalation
Vulnerability– PoC on Milw0rm.com, local privelege escalation
• • Mark Litchfield drops 4 vulns on SAP
– Message Server, Internet Graphics Service, Internet Communication Manager, waHTTP.exe
• Elcomsoft cracks Quicken master password
• Youtube Script "id" SQL Injection Vulnerability – Code on Milw0rm.com
• Swiss WabSabiLabi Ltd. Launch exploit auction site
• RFID, Security researchers finally realize they can read entire truck shipments with COTS parts
• **In May PHRACK re-launched under new “management”, reviews are mixed
Film / Music• AllofMP3.com shuts down, allTunes.com attempts to fill the gap
• EMI confirm good results in DRM-Free venture with iTunes
• Minisode Network Beta on MyspaceTV crunches shows to ~6 min
• Internet Radio Update– Stations protest ruling and gain a temporary $2500 cap on advance payments 'per
channel/per station
• University of Washington will forward RIAA settlement letters to students• MPAA out’ed for sponsoring dummy websites
– Media Defender, owner of MiiVi.com supplied movies and a client that would search for other copyrighted content before reporting home
• Oregon woman initiates counter suit on RIAA under the Computer Fraud and Abuse Act and the Racketeer Influenced and Corrupt Organization Act
• NBC’s Rick Cotton says piracy is more serious than violent crime
Holes 4
• Fake MS Patch Email, possibly targeting IT executives
• MS re-release of MS07-022, Privilege Escalation
• Silent Patch release for Windows on Intel Core 2 Dou
• Dino Dai Zovi, Peter Ferrie, Nate Lawson, and Thomas Ptacek call out Joanna Rutkowska to prove her “BluePill” rootkit is truly undetectable
• Carlos Slim unseats Bill Gates as richest man
• Microsoft re-launches “HowToTell” anti-piracy website
• Dell warns companies about migration / upgrade issues with Vista
iPhone• Multiple Launch Issues
• Errata claims multiple vulns
• DVDJon bypasses Cingular/AT&T activation (iPDA)
• iPhone Hacker ‘to do’ list
• iPhone uses youtube viewer
• iPhone Killer, OpenMoko releases beta of open linux phone
• Doors of GSM fuzzing open to the masses
Papers
• CalTech developes FastTCP– Appliance based file transfer with 15-20x faster tranmission rates
• CIA Declassifies the mother load
• Blogger Jeff Jones releases his 180 day report on Vista Security
WTF!?• 7-11 sells out to Kwik-E Mart
• Ancestry.com launches on-line DNA database
• IEs4Linux and Wine on linux passes Windows Genuine Advantage
• Build you own Shopping Cart EMP
• 1992 Rubber Duck Flotilla to land in UK
• AT&T to implement copyright filter
Updates• RootKit technology, Hide ports in Vista via NSI module hook
• Windows Vista and Server 2008 pki enhancements
• Pirate Bay, image hosting
• Snort 2.7 RC2• SourceFire goes Multi Gig with the 3D9800
• Linux 6.22 Kernel
• bluediving 0.8• sqlmap 0.4• sql ninja 0.1.2• aircrack ng 0.9.1• nipper 0.10• rouge detect• Sysinternals -AccessChk v4.0 and ZoomIt v1.50
Legal• Connecticut teacher update
– The original conviction is over ruled and an awareness group formed
• Maine, first to pass net neutrality law• FTC calls for a slow approach and caution regarding net neutrality
• Canadian Parliament demands DMCA style law
• California Dem. Joe Simitian drafts legislation to limit RFID use– Essentially banning employer / employee rfid implants
• US to expands id checks for the US-VISIT program
• Expectation of privacy extended to email – EFF wins CA case requiring Feds to have a warrant for stored information
• Warrant less snarfing upheld – Another CA court upholds warrant less seizures to obtain the destination address / url
• UK Limits ‘extreme’ porn on the internet• Belgium ISP forced to filter P2P traffic
CON Preview
• BlackHat - Next Gen WebWorms• DC - Arrakis will talk on portable privacy and digital warfare tools• DC – Simple Nomad will participate in Hacker Court
CON Events
• Completed Cons– REcon Party, 13 - 16 June 2007 - Montreal
• Future Cons– BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Chaos Communications Camp, 8 - 12 August - Berlin– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– WhiteDust Black and White Ball, 18 - 23 Sept – London– ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA– Phreaknic, 20 - 22 Oct 2007 - Nashville TN– LISA, 11 - 16 Nov 2007 - Dallas TX– Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin