1 / 14

PREVIOUS GNEWS

PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter. 8 Security Patches - 5 Critical, 1 Moderate MS08-030 – Bluetooth Stack - Remote Code Execution

gauri
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PREVIOUS GNEWS

  2. 7 Patches – x bugs addressed • Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows • Other updates, MSRT, Defender Definitions, Junk Mail Filter • 8 Security Patches - 5 Critical, 1 Moderate • MS08-030 – Bluetooth Stack - Remote Code Execution • MS08-031 – IE Cumulative Security Update • MS08-032 – ActiveX Kill Bits Cumulative Security Update • MS08-033 – DirectX - Remote Code Execution • MS08-034 – WINS - Elevation of Privilege • MS08-035 – Active Directory - Denial of Service • MS08-036 –Pragmatic General Multicast (PGM) - Denial of Service • re-released MS06-078 and MS07-068 with a detection only change

  3. Holes / Patches • Apple 2008-003 • Apple QuickTime 7.5 • Apple Safari on Windows • Apple iCal • Apple iPhone 2 • snort ip fragment reassembly / ttl evasion • openssl tls vulns, server_name set to 0x00 in handshake • Samba, boundary error in "receive_smb_raw()" • Adobe Flash 9 0-day • OpenOffice, integer overflow in "rtl_allocateMemory()" • Sun Java Active Server Pages, Multiple Vulns

  4. Hacking • Sample Code in RFC 3414 (snmp) contains overflow • rustock.c, russian rootkit, undetected record of 1.5 years • Cisco Router Rootkit? Sebastian Muniz - EuSecWest • New JavaScript engine, Squirrelfish • OSWA – Organizational Wireless System Auditor, Live CD

  5. Corp. Hell L-1 Identity Solutions Inc. to produce RFID Passport Card Todd Davis gets sued Comcast invests in GridNetworks (a P2P start-up) Comcast web and email hacked, Defiant and EBK Dave & Busters, Packet sniifers on PoS terminals Barracuda offers buyout of SourceFire, SF rejects Nvidia enters mobile processor market Tumbleweed bought by Sopra Group (french) Canada charges Facebook with privacy infringement Explosion at ‘The Planet’ houston data center

  6. Papers • Apple Security Guide for OS X 1.5 Leopard • NIST IT Security Configuration Scoring (call for input)

  7. Film / Music • NBC turns on “Broadcast Flag” • Staples to sell $5 flexplay divx DVDs

  8. WTF • UK calls for a total phone usage database • Launch of Google Health • California man makes $50k opening accounts, arrested • TSA ID rule change, refuse id check, get banned

  9. MySpace suicide case, poses rocky precedence Anti-Counterfeiting Trade Agreement, ACTA Pirate-bay Killer? GPLv3 gets more legal attention Proprietary software / patents Legal

  10. Updates • Ulteo Virtual Desktop, Linux virtualization on Windows • blender 2.46, 3d animation • rtpBreak 1.3a, rtp sniffer • xprobe 2 • WebKnight, mod_security for IIS • Nessus 3.2.1, does not work with freebsd 6 • technet opened to community contributions • Snort 2.8.2 • maltego videos • openssl 0.9.8h • kismet 2008-05-R1 • opera 9.5 promises built-in malware protection • Axban, ActiveX Killbit tool

  11. CON Events Completed Cons Layerone, 17 – 18 May / Pasadena CA DallasCon 2008, TBD / Dallas , TX AusCERT 2008, 18 - 23 May / Gold Coast AU EuSecWest, 28 May – London UK

  12. CON Results EuSecWest – Hardware Flashing EuSecWest – Cisco RootKit BlackHat Preview and Webcast

  13. CON Events • Future Cons • HOPE 7, 18 - 20 July / New York NY • USENIX 17th Security Symposium, 28 July - 1 Aug / San Jose CA • REcon 2008, 13 – 15 June / Montreal CA • Black Hat USA, 2 - 7 Aug / Las Vegas NV • DefCon, 8 - 10 August / Las Vegas NV • Chaos Communications Camp, TBD / Berlin

  14. All images scavenged without permission All images scavenged without permission

More Related