PREVIOUS GNEWSPREVIOUS GNEWS

• 4 Patches – 12 bugs addressed

• Affecting Office, Visual Studio, BizTalk

• Other updates, MSRT, Defender Definitions, Junk Mail Filter

• 4 Security Patches - 4 Critical– MS08-014 – Excel - Remote Code Execution – MS08-015 – Outlook - Remote Code Execution– MS08-016 – Office - Remote Code Execution– MS08-017 – Office Web Components - Remote Code Execution

Patch Tuesday

Holes / Patches

• Cisco ip phone, Multiple Vulns• apache htpasswd predictable salt weakness• openbsd dns cache poisoning• opera version update• Netscape 9 vulns• BEA weblogic, Multiple Vulns• Cold Boot RAM Hack• Vista SP1 Delayed• Mozilla info leak• Apple ipv6 DoS

Hacking • Chujwamwdupe not credited with vulnerability find by MS

• Rootkit.com off-line (relocation of server)

• cDc releases Goolag

• Google annonunces Summer of Code 2008

• Gmail captcha cracked

• ‘Out of Office’ feature harnessed as spam engine

• Pantheon releases a true MS Vista activation crack

• Apps disable Vista ASLR feature (apple quicktime)

• Windows Firewire allows system access

Holes / Patches (more)

• Move networks streaming, Activex – Code Execution• open bsd dos• vmware esx mutli vuln• LinkedIn used for spam• Novell evolution, Code Execution• old libs in google andriod• Aurigma ActiveX , Buffer Overflow in photo uploader• Cisco adopts regular patch cycle (only core and security)• Real Player, Activex – Code Execution• Java, Multiple Vulns (dos, code execution)

Corp. Hell• SGI buys Linux Networx

• SCO goes private with 100 mil. financing

• 3COM bid on hold

• Verified Identity Pass offers 500 K for better airport security solution

Games

• Linux on Wii

• Gary Gygax, R.I.P.

Film / Music

• EU Proposes 95 year copyright for musical recordings

• Convert HD-DVD to Blu-Ray

• RIAA Training Video leaked to torrent

• University of San Francisco Law Clinic goes pro bono against RIAA

• Follow-up to TSA laptop Searches, 5 things to know

• Protect America Act lapsed

• N-DEx

• Section 104 cut from PRO-IP Act

• RIAA ‘making available’ defense shot down in Connecticut

Legal

• Clam AV 0.92.1

• RSBAC 1.3.7

• OSSIM 0.9.9

• Windows 2008 sneak peek

• Aircrack-NG 0.9.3

• Free BSD 7

• Open Office changes license to LGPLv3

• Snort 2.8 something

Updates

• Pakistan DoS’ed YouTube

• Firefox developer uncovers Apple API thumb breakers

WTF

CON Events

• Completed Cons– Ebay RedTeam, ? Feb / SanJose– Shmoocon, 15 - 18 Feb / Washington DC– Black Hat DC, 18 - 21 Feb / Washington DC– InfowarCon 2008, 2 - 4 Mar / Bethesda MD– Infosec World, 10 - 12 Mar / Orlando FL

• VOIP, GSM, RFID enabled CC

CON Events

• Future Cons– SOURCE Boston, 12 - 14 Mar / Boston MA

– Black Hat Europe, 25 - 28 Mar / Amsterdam– CanSecWest 2008, 26 - 28 Mar / Vancouver BC– CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC– Notacon 5, 4 - 6 Apr / Cleveland OH– USENIX Usability, Psychology, and Security 2007, 14 Apr / San

Francisco CA– Hack In The Box, 14 - 17 Apr / Dubai– Infosecurity Europe 2008, 22 – 24 Apr / London

All images scavenged without permission

All images scavenged without permission