1 / 17

PREVIOUS GNEWS

PREVIOUS GNEWS. "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever.". Patch Tuesday. 22 Fixes originally expected 12 Security

lali
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."

  2. Patch Tuesday 22 Fixes originally expected • 12 Security • 5 fixes for Windows, 3 fix for Office, 1 for Visual Studio, 1 for Step-by-step Interactive Training, 1 for MDAC, 1 for One Live Care • 10 Non-Security related updates, Malicious Tool Update 12 Patches Released, 20 vulns addressed • 10 remote code execution including • Malware engine • Help and MDAC activex • MS Office • IE • 2 Privilege escalation • Shell and Image Acquisition Other Updates • .Net Framework 3 • Root Cert Update • Malicious Tool update

  3. Other M$ Fun • 4th and 5th Word 0-days announced • Posts advisory 932114 for Word 2000, no patch, corresponds to 4th 0-day • RE-Release of MS07-002 for Excel • MS to support OpenID • Application Compatibility Toolkit 5.0 Released • Genius John Pallatto @ eweek finally notices IE7 as a critical update and cries foal over the Jan Patch Tuesday (john, it’s been there since nov 2006) • Bypass MS OGA checking, another method via compatibility mode

  4. MS Vista • MS admits Vista has high impact issues • Announces Vista SP1 for second half of 2007, Call for beta testers • Vista Voice Recognition could allow “hacking activity” • Vista Upgrade discs require presence of old OS. Questions raised regarding clean installs. • Symantec to develop add-on software for expanded control of Vista UAC

  5. Oracle Patch Quarterly • 51 Security Fixes, Addressing 74 bugs • Affects various components within 10g, 11i, 9i • 58 Remote, 7 High Complexity, 41 No Auth. Required. • 4 sploits posted to milw0rm.com

  6. Holes – Sec Products • Symantec overflow shifts and also works on port 2968 (netware port) • Trend Micro, UPX Processing Buffer Overflow Vulnerability • Allows remote code execution as root / administrator – patch available • Cisco Mars and ASDM, SSL/TLS and SSH Validation Security Issue • Allows spoofing / data disclosure – patch available • Checkpoint, Connectra End Point Security Bypass • Bypass security checking – patch available

  7. DATA LOSS • UTD Update – orig 6K, adjusted to 35K • TXJ – (tjmaxx, marshals, homegoods, a.j.wirght) Records back to 2003, declined release of numbers. • MoneyGram – 79K • Nordea – (swedish bank) 250 users hit for 1.1 mil. • CIBC – (canadian bank) lost tape with 470K users • IRS – 26 lost tapes, numbers unknown • VA – 48K, missing portable HD

  8. Holes - Generic • Cisco IOS, Multiple Vulns in ICMP, PIMv2, PGM, URD • Allow device restart, crash, memory leak – patch available • Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability • Allow privilege escalation – patch available • FireFox 1.5, pop-up blocker allows reading of arbitrary files. • Solaris 10 / 11 telnet authbypass • Google AntiPhishing exposes user data • TomTom GO 910 devices ship with trojans • Another MySpace script, spams 1.5 mil accounts • Unreal.A for anti-RootKit evasion • KREMBO – Windows kernal detouring • Zone-H defaced

  9. Games • San Diego woman dies in “Hold your wee for Wii” radio contest. • Wii mod chip to hit market. Allows play of “backup” games.

  10. MOAB Update • 31 bugs annouced, 29 exploits released (1 code not required, 1 code TBA) • Landon Fuller and Company release 27 3rd party patches • Jan 24th Apple responds with Quicktime update. • Secunia reports fix addresses Apple and leaves Windows vuln

  11. Corp. Hell • Apple unviels iPhone at MacWorld • No 3rd party apps • Cisco sues Apple over iPhone trademark. • Owns iPhone trademark via 1996 acqusition • Cisco with Linksys releases their own iPhone • Symantec buys Altiris • Google loses Gmail trademark battle to Germany • No gmail for you! • Sony Settles with FTC, $150.00 per RootKit

  12. Film • Mooninites invade several cites, Boston shits a meat-axe • Turner to pay 2 mil in “damages” • Mooninite lite-brites hit ebay, as high as 5k • Porn industry drops Blu-Ray (sites restriction and cost of media) picks HD-DVD Format • Blu-Ray == Betmax, Anyone, anyone?? • Porn’s influence on format war is called into question • Blu-Ray sales up, Sony ready to claim winner of the format wars. • Some link spike to PS3 launch, and not true user adaptation • Serenity, crowned first HD-DVD movie to hit torrents • Muslix64 is back w/ Blu-Ray crack

  13. Competitions • Wibu Systems Announces 40K hacker challenge • $40 registration required, circumvent CodeMeter encryption system • Nist to host competition for SHA-1 improvement / replacement

  14. WTF • Sealand is for sale and PirateBay wants it • All contributors to be granted citizenship • MySpace GoDaddy turn off seclists.org • Fyodor repsonds with nodaddy.com • Calls for horror stories • Looking for a NoDaddy girl, spokes model • Root Server sustain attack • Skype found to read system BIOS • Diebold on-line store posts picture of “universal” voting machine key. Working copies made based on photo.

  15. Updates • Change to Day Light Savings (hits March 11th) • WinPcap 4.0 (finally) • WireShark 0.99.5 (security fixes and WPA/WPA2 decryption) • Samba 3.0.24 • Autoruns 8.61 (98/ME functionality) • PSexe 1.80 (enhance -i flag for Vista) • Linux FUSE ported to Mac, MacFuse • AirCrack-ng 0.7 • Kismet • VirtualBox by Innotek turns open-source • Sun OSS ‘Fortress’ to replace Fortran

  16. Legal • Federal Telephone Records and Privacy Protection Act bans ‘pretexting’ • FCC unleashes cable boxes • Senator John Sununu (R-NH) takes a new stab at abolishing Broadcast Flag • Texas Bill for open document format • Conneticut Teacher charged with felony child endagerment when pop-up displays porn in class. • Rumors of companies dropping DRM • Wikileaks.org, new leaked document repository

  17. All images scavenged without permission

More Related