previous gnews. 4 patches – 12 bugs addressed affecting office, visual studio, biztalk other...
TRANSCRIPT
PREVIOUS GNEWSPREVIOUS GNEWS
• 4 Patches – 12 bugs addressed
• Affecting Office, Visual Studio, BizTalk
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
• 4 Security Patches - 4 Critical– MS08-014 – Excel - Remote Code Execution – MS08-015 – Outlook - Remote Code Execution– MS08-016 – Office - Remote Code Execution– MS08-017 – Office Web Components - Remote Code Execution
Patch Tuesday
Holes / Patches
• Cisco ip phone, Multiple Vulns• apache htpasswd predictable salt weakness• openbsd dns cache poisoning• opera version update• Netscape 9 vulns• BEA weblogic, Multiple Vulns• Cold Boot RAM Hack• Vista SP1 Delayed• Mozilla info leak• Apple ipv6 DoS
Hacking • Chujwamwdupe not credited with vulnerability find by MS
• Rootkit.com off-line (relocation of server)
• cDc releases Goolag
• Google annonunces Summer of Code 2008
• Gmail captcha cracked
• ‘Out of Office’ feature harnessed as spam engine
• Pantheon releases a true MS Vista activation crack
• Apps disable Vista ASLR feature (apple quicktime)
• Windows Firewire allows system access
Holes / Patches (more)
• Move networks streaming, Activex – Code Execution• open bsd dos• vmware esx mutli vuln• LinkedIn used for spam• Novell evolution, Code Execution• old libs in google andriod• Aurigma ActiveX , Buffer Overflow in photo uploader• Cisco adopts regular patch cycle (only core and security)• Real Player, Activex – Code Execution• Java, Multiple Vulns (dos, code execution)
Corp. Hell• SGI buys Linux Networx
• SCO goes private with 100 mil. financing
• 3COM bid on hold
• Verified Identity Pass offers 500 K for better airport security solution
Games
• Linux on Wii
• Gary Gygax, R.I.P.
Film / Music
• EU Proposes 95 year copyright for musical recordings
• Convert HD-DVD to Blu-Ray
• RIAA Training Video leaked to torrent
• University of San Francisco Law Clinic goes pro bono against RIAA
• Follow-up to TSA laptop Searches, 5 things to know
• Protect America Act lapsed
• N-DEx
• Section 104 cut from PRO-IP Act
• RIAA ‘making available’ defense shot down in Connecticut
Legal
• Clam AV 0.92.1
• RSBAC 1.3.7
• OSSIM 0.9.9
• Windows 2008 sneak peek
• Aircrack-NG 0.9.3
• Free BSD 7
• Open Office changes license to LGPLv3
• Snort 2.8 something
Updates
• Pakistan DoS’ed YouTube
• Firefox developer uncovers Apple API thumb breakers
WTF
CON Events
• Completed Cons– Ebay RedTeam, ? Feb / SanJose– Shmoocon, 15 - 18 Feb / Washington DC– Black Hat DC, 18 - 21 Feb / Washington DC– InfowarCon 2008, 2 - 4 Mar / Bethesda MD– Infosec World, 10 - 12 Mar / Orlando FL
• VOIP, GSM, RFID enabled CC
CON Events
• Future Cons– SOURCE Boston, 12 - 14 Mar / Boston MA
– Black Hat Europe, 25 - 28 Mar / Amsterdam– CanSecWest 2008, 26 - 28 Mar / Vancouver BC– CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC– Notacon 5, 4 - 6 Apr / Cleveland OH– USENIX Usability, Psychology, and Security 2007, 14 Apr / San
Francisco CA– Hack In The Box, 14 - 17 Apr / Dubai– Infosecurity Europe 2008, 22 – 24 Apr / London
All images scavenged without permission
All images scavenged without permission