previous gnews. 4 patches – 9 bugs addressed affecting windows, sql, exchange (owa) other updates,...
Post on 19-Dec-2015
220 views
TRANSCRIPT
PREVIOUS GNEWSPREVIOUS GNEWS
• 4 Patches – 9 bugs addressed
• Affecting Windows, SQL, Exchange (OWA)
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
• 8 Security Patches - 5 Critical, 1 Moderate– MS08-037 – DNS - Spoofing – MS08-038 – Windows Explorer - Remote Code Execution – MS08-039 – OWA – Privilege Escalation– MS08-040 – SQL – Privilege Escalation
Patch Tuesday
Holes / Patches• Apple 2008-004, 25 fixes• Apple Safari 3.1.2 for Windows• Apple Safari 3.1.2 for OS X 10.4.11• AppleScript, Privilege Escalation • New Mac Trojans, one using the above AppleScript vuln
• Vim, Multiple vulnerabilities, allows code execution
• X Server, Multiple vulnerabilities, local information disclosure– Disable MIT-SHM extensions
• VMware ESX, Multiple vulnerabilities
• Ruby, Integer Handling errors, Allows code execution
• FireFox, ver 2.x and 3.x
• Adobe, error in javascript handling, Allows code execution
Hacking • MS releases free sql injection auditing tools
• UK (London) Oyster Card has been cloned
• American Airlines to launch in flight wireless, Gogo by Aircell
• VOIP on the iPhone, iCall
• Chaos Computer Club, Privacy
• N.Runs reports 800+ vulnerabilities in various Antivirus Engines
• Brightnets, Distributed File System
• Japanese Age Verification Camera system duped by magazine photos
Books• Hackerteen Volume 1: Internet Blackout
– Macelo Marques
• Crimeware: Understanding New Attacks and Defenses
– Markus Jakobsson, Zulfikar Ramzan
• VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers
– Edward L. Haletky
• Nmap Network Scanning (coming soon)– Fyodor
Corp. Hell• India to crack BlackBerry Encryption if RIM doe not open network
• Retail “Box” Sales of XP stops, Still available to large OEM companies
• John Burris from Citrix, Named new SourceFire CEO
• Pirate Bay offers SSL encryption in wake of Swedish wiretap law
• Formal Certification Standards? Office of Management and Budget
• Chrysler adds wifi to 2009 car line
• Charter Communication’s NebuAd shut down in development– Behavioral Marketing System declared a man-in-the-middle attack by Congress,
• ICANN approves expansion of TLDs, still no .XXX– Allows “vanity” TLDs like .mac .msn .cbs
• GoDaddy VP busted bidding up domain auctions
Papers
• Richard Bennet comments on NetNeutrality (against)
• NIST releases 3 revisions to the 800 series security guides.
Film / Music
• RIAA backs out of ‘Making Available” argument, requests dismissal of case
• RIAA raises settlement cost from 3,000 to 8,000
• MPAA requests FCC for waiver to SOC (selectable output control) ruling– Would allow them to block dvr recordings of HD movies
• IpTables rules to drop reset packets and evade Comcast throttling
WTF
• LA Judge presiding over obscenity trial busted with porn on public website
• AVG LinkScanner, generating mass quantities of fake traffic
• Sysinternals Live
• Windows Search 4 for XP
• Maltego Community Edition• Maltego for Windows
• Opera 9.51• FireFox 3
• ClamAV 0.93.3
• Apple SproutCore, Web App Framework
• iPhoneDbg ToolKit
• IPTables 1.4.1.1
• RFDump 1.6
• BackTrack 3
• Snort 3 Beta, Snort Security Platform (SnortSP)
• Nmap 4.68
• Google RatProxy
Updates
CON Events
• Future Cons– HOPE 7, 18 - 20 July / New York NY– USENIX 17th Security Symposium, 28 July - 1 Aug / San Jose
CA– REcon 2008, 13 – 15 June / Montreal CA– Black Hat USA, 2 - 7 Aug / Las Vegas NV– DefCon, 8 - 10 August / Las Vegas NV– Chaos Communications Camp, TBD / Berlin
All images scavenged without permission
All images scavenged without permission