180 likes | 287 Views
PREVIOUS GNEWS. Patch Tuesday. New Format 13 Patches originally expected 6 Security Affects Windows OS, Outlook / Mail, IE, Office, Visio 7 Non-Security related updates, Malicious Tool Update. 6 Security Patches, 15 bugs addressed (eye reports 19 bugs)
E N D
Patch Tuesday • New Format • 13 Patches originally expected • 6 Security • Affects Windows OS, Outlook / Mail, IE, Office, Visio • 7 Non-Security related updates, Malicious Tool Update • 6 Security Patches, 15 bugs addressed (eye reports 19 bugs) • MS07-030 - Microsoft Visio - Remote Code Execution • MS07-031 - Schannel Security Package • XP - Remote Code Execution / 2003 - DoS • MS07-032 - Vista - Information Disclosure • MS07-033 – IE Cummulative 6 vulns, 5 Code Execution / 1 spoofing • MS07-034 – Outlook Express / Mail Cumulative Code Execution, 3 via IE • MS07-035 – An unnamed win32 API - Remote Code Execution (vector for IE, maybe more)
Books • March • Zen and the Art of Information Security • by Ira Winkler • Cross Site Scripting Attacks: XSS Exploits and Defense • by Seth Fogie, Robert Hansen, Jeremiah Grossman, Anton Rager • April • Mastering Windows Network Forensics and Investigation • by Steven Anson, Steven James Anson • May • How to Cheat at Configuring Open Source Security Tools • by Michael Gregg, Eric Seagren, Angela Orebaugh, Matt Jonkman, Raffael Marty • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems • by Chris Sanders
Holes • “Month of…” ActiveX Wrap-up • 35 bugs – LeadTools got beat up, Barcode Apps, Office Viewers • June is Month of Search Engine Bugs • Hotbot, msn, yahoo, rambler, ask.com, others • IE and Firefox bugs • cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing • Opera Right-Click Overflow (patched in 9.21) • Transfer Item Pop-up Menu Stack Overflow Vulnerability • Malicious torrents in the wild • Cisco 3rd party cypto library, ANS.1 DoS • Veritas Storage Foundation DoS, input validation • Packeteer Web Interface DoS, URL request via read-only user
DATA LOSS • 40+ Reported Cases • TX Law Enforcement, stolen laptops • Waco ISD, system compromise • IBM, missing tapes • JP Morgan Chase, missing tape • TSA, lost hard drive
Holes 2 • Botnet Mgt GUI, ‘Zunker’ reported by Panda Software • Gozi variant now has keylogger and improved signature evasion • PoC BadBunny virus for OpenOffice, (Win – Mirc / xchat, Mac – Ruby, Linux Perl / Python) • 3 variants of Trojan-SMS.SymbOS.Viver, Smart Phone virus generates text messages to premium rate numbers • Norton Personal Firewall and Internet Security 2004 • Buffer Overflow in ActiveX (ISLALERT.DLL, SET(), GET()) • Unicode Encoding Flaw (rather decoding) • Improper handling of Full-width and Half-width encoding can allow the bypass of some security devices, IIS, Cisco IPS, 3Com, McAffee
Games • Xbox Live bans hacked Xbox 360 consoles • Miami attorney Jack Thompson declares he will sue Microsoft if they perform any sale of ‘Halo 3’ to any persons under 17 • DCEmu announce Wii and GameCube coding contest
Holes 3 • Windows Updater Hi-Jack • Background Intelligent Transfer Service (BITS) • Vista Team re-launches Vista Security Blog • Apparently their job wasn’t done ; ) • 4 out of cycle MS patches, 2 related to security • Windows installer (above) • Microsoft Office Isolated Conversion Environment (MOICE) • iDefense announce bounty for 0-days in Apache httpd, BIND, Sendmail, Open SSH, MS IIS, or MS Exchange Server • Activex buffer Overflow in Ksign SWAT (pki and id mgt)
Corp. Hell • PacketFocus to provide RFID audits • eEye enters service market • Google buys FeedBurner (rss content vendor) • Verizon buys Cybertrust (managed service provider) • Symantec enters mobile 5 market • intel encroaches on one laptop per child • Time Warner implements packet shaping • MS claims patent infringement on 235 patents • FCC approves Apple iPhone (will use arm processors) • Apple sues over Ann Summers ‘iGasm’ iPod accessory ads
Holes 4 • Apple Releases Patch Set addressing 17 vulns • BIND, crontabs, fetchmail, ichat, ruby, vpn, and more • Apple Releases 2 Quick Time patches • Both for malicious java applets delivered via website • Safari for Windows hits the street an immediately vulnerable • David Maynor releases 4 DoS and 2 remote execution • Thor Larholm finds URL protocol handler command injection • Yahoo Messenger 0-day, buffer overflow in Activex for WebCam
Latest fix in AACS saga, hacked before it was officially launched • Yet another follow-up fix hacked a day after launch • NXP Semiconductors (philips) is developing an RFID activated DVD • Ritek Corp. is developing re-writable BD-RE and HD DVD-RE with sales this year • 6 Months after submissions close ReasearchChannel.org announces winners of the ’06 Educause Cyber Security Awareness Month Video Contest • Terminator “franchise” sold, Halcyon Co. shooting for 2009 release of ‘The Terminator 4’
Papers • HP performance evaluation of Xen and OpenVZ • David Litchfield 4 part Oarcle Forensics on milw0rm • Mark Russinovich TechNet article on Windows UAC • Rob Paveza 2 stage UAC bypass Proof-of-Concept • DHS Cyber Security Paper (BotNets) BAA07-09
WTF!? • DRM = Digital Consumer Enablement • HBO’s Bob Zitter calls for a re-definition of DRM to show just how positive it really is • PirateBay hacked and DB copied, blog server blamed for the vuln • National Payment Card links Drivers License and Debit Card via MagStripe in select locations, 24 states including TX • Cell Phones wipe Nissan smart keys, Altima and G35 • Apple DRM free tunes contain user info, name and email • Music purchased on itunes has always contained identifiable info however previously those tunes were “non-transferable”
Updates • (April) WhiteDust launches hackspace.net • The a5 cracking project (gsm a5/1 algorithm) • Domain keys Identified Mail Signaures DKIM • Spyware Process Detector v2.02 • Samba 3.0.25 • aircrack ng 0.9 • nipper 0.9.5 • rfidiot 0.1m and rfidiot 0.1n • Sysinternals - SigCheck v1.4, PsExec v1.83, DiskExt v1.1 • honey trap 0.7.0 • FireGPG (encrypt web based mail) • tor-0.1.2.14.tar.gz • Parallel (intel mac) • Symantec 11 • clamav-0.90.3.tar.gz • fwknop 1.8.1
Legal • MySpace Refuses to share data of known sex offenders • Myspace recants and gives data to authorities • MySpace data pops it’s first false positive • US Military networks block MySpace, YouTube, and other social networks • San Francisco court rules Google’s “thumbnail-porn” is protected by fair-use • US Anti-Spyware bill passed Congress, waiting on Senate vote • TX bill, HB 2714, requires computer companies to provide free recycling services • Robert Soloway (reported ‘spam king’) was arrested in Seattle • Fourth and Final Draft of GPLv3 released • Mods to German law makes “hacker tools” illegal • Belgium urged to withdrawal gen1 RFID enabled passports
CON Results • Microsoft BlueHat Security Briefings • Felix Domke, demonstrated his hypervisor hack of the Xbox 360 • Interop • NAC Panel • NAC TCG and Microsoft compatibility • Interop • 7 Habits of Hackers (or exploit methodology)
CON Events • Completed Cons • BlueHat, 10 May 2007 - Redmond, WA • AusCERT2007, 20 – 25 May - Australia • Interop, 20 – 25 May - Las Vegas, NV • Future Cons • REcon Party, 13 - 16 June 2007 - Montreal • BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV • DefCon, 3 – 5 August 2007 – Las Vegas, NV • Chaos Communications Camp, 8 - 12 August - Berlin • Hack In The Box, 3 – 6 Sept. – Kuala Lumpur • DefCon, 3 – 5 August 2007 – Las Vegas, NV • Hack In The Box, 3 – 6 Sept. – Kuala Lumpur • WhiteDust Black and White Ball, 18 - 23 Sept – London • ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA • Phreaknic, 20 - 22 Oct 2007 - Nashville TN
All images scavenged without permission All images scavenged without permission