Previous gnews
Download
1 / 17

PREVIOUS GNEWS - PowerPoint PPT Presentation

PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever." Patch Tuesday 22 Fixes originally expected 12 Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


PREVIOUS GNEWS

"This is Gary Gnu... and the no gnews is good gnews show.

The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."


Patch Tuesday

22 Fixes originally expected

  • 12 Security

    • 5 fixes for Windows, 3 fix for Office, 1 for Visual Studio, 1 for Step-by-step Interactive Training, 1 for MDAC, 1 for One Live Care

  • 10 Non-Security related updates, Malicious Tool Update

    12 Patches Released, 20 vulns addressed

  • 10 remote code execution including

    • Malware engine

    • Help and MDAC activex

    • MS Office

    • IE

  • 2 Privilege escalation

    • Shell and Image Acquisition

      Other Updates

  • .Net Framework 3

  • Root Cert Update

  • Malicious Tool update


Other M$ Fun

  • 4th and 5th Word 0-days announced

  • Posts advisory 932114 for Word 2000, no patch, corresponds to 4th 0-day

  • RE-Release of MS07-002 for Excel

  • MS to support OpenID

  • Application Compatibility Toolkit 5.0 Released

  • Genius John Pallatto @ eweek finally notices IE7 as a critical update and cries foal over the Jan Patch Tuesday (john, it’s been there since nov 2006)

  • Bypass MS OGA checking, another method via compatibility mode


MS Vista

  • MS admits Vista has high impact issues

  • Announces Vista SP1 for second half of 2007, Call for beta testers

  • Vista Voice Recognition could allow “hacking activity”

  • Vista Upgrade discs require presence of old OS. Questions raised regarding clean installs.

  • Symantec to develop add-on software for expanded control of Vista UAC


Oracle Patch Quarterly

  • 51 Security Fixes, Addressing 74 bugs

  • Affects various components within 10g, 11i, 9i

  • 58 Remote, 7 High Complexity, 41 No Auth. Required.

  • 4 sploits posted to milw0rm.com


Holes – Sec Products

  • Symantec overflow shifts and also works on port 2968 (netware port)

  • Trend Micro, UPX Processing Buffer Overflow Vulnerability

    • Allows remote code execution as root / administrator – patch available

  • Cisco Mars and ASDM, SSL/TLS and SSH Validation Security Issue

    • Allows spoofing / data disclosure – patch available

  • Checkpoint, Connectra End Point Security Bypass

    • Bypass security checking – patch available


DATA LOSS

  • UTD Update – orig 6K, adjusted to 35K

  • TXJ – (tjmaxx, marshals, homegoods, a.j.wirght) Records back to 2003, declined release of numbers.

  • MoneyGram – 79K

  • Nordea – (swedish bank) 250 users hit for 1.1 mil.

  • CIBC – (canadian bank) lost tape with 470K users

  • IRS – 26 lost tapes, numbers unknown

  • VA – 48K, missing portable HD


Holes - Generic

  • Cisco IOS, Multiple Vulns in ICMP, PIMv2, PGM, URD

    • Allow device restart, crash, memory leak – patch available

  • Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

    • Allow privilege escalation – patch available

  • FireFox 1.5, pop-up blocker allows reading of arbitrary files.

  • Solaris 10 / 11 telnet authbypass

  • Google AntiPhishing exposes user data

  • TomTom GO 910 devices ship with trojans

  • Another MySpace script, spams 1.5 mil accounts

  • Unreal.A for anti-RootKit evasion

  • KREMBO – Windows kernal detouring

  • Zone-H defaced


Games

  • San Diego woman dies in “Hold your wee for Wii” radio contest.

  • Wii mod chip to hit market. Allows play of “backup” games.


MOAB Update

  • 31 bugs annouced, 29 exploits released (1 code not required, 1 code TBA)

  • Landon Fuller and Company release 27 3rd party patches

  • Jan 24th Apple responds with Quicktime update.

    • Secunia reports fix addresses Apple and leaves Windows vuln


Corp. Hell

  • Apple unviels iPhone at MacWorld

    • No 3rd party apps

  • Cisco sues Apple over iPhone trademark.

    • Owns iPhone trademark via 1996 acqusition

  • Cisco with Linksys releases their own iPhone

  • Symantec buys Altiris

  • Google loses Gmail trademark battle to Germany

    • No gmail for you!

  • Sony Settles with FTC, $150.00 per RootKit


Film

  • Mooninites invade several cites, Boston shits a meat-axe

    • Turner to pay 2 mil in “damages”

    • Mooninite lite-brites hit ebay, as high as 5k

  • Porn industry drops Blu-Ray (sites restriction and cost of media) picks HD-DVD Format

    • Blu-Ray == Betmax, Anyone, anyone??

    • Porn’s influence on format war is called into question

  • Blu-Ray sales up, Sony ready to claim winner of the format wars.

    • Some link spike to PS3 launch, and not true user adaptation

  • Serenity, crowned first HD-DVD movie to hit torrents

  • Muslix64 is back w/ Blu-Ray crack


Competitions

  • Wibu Systems Announces 40K hacker challenge

    • $40 registration required, circumvent CodeMeter encryption system

  • Nist to host competition for SHA-1 improvement / replacement


WTF

  • Sealand is for sale and PirateBay wants it

    • All contributors to be granted citizenship

  • MySpace GoDaddy turn off seclists.org

  • Fyodor repsonds with nodaddy.com

    • Calls for horror stories

    • Looking for a NoDaddy girl, spokes model

  • Root Server sustain attack

  • Skype found to read system BIOS

  • Diebold on-line store posts picture of “universal” voting machine key. Working copies made based on photo.


Updates

  • Change to Day Light Savings (hits March 11th)

  • WinPcap 4.0 (finally)

  • WireShark 0.99.5 (security fixes and WPA/WPA2 decryption)

  • Samba 3.0.24

  • Autoruns 8.61 (98/ME functionality)

  • PSexe 1.80 (enhance -i flag for Vista)

  • Linux FUSE ported to Mac, MacFuse

  • AirCrack-ng 0.7

  • Kismet

  • VirtualBox by Innotek turns open-source

  • Sun OSS ‘Fortress’ to replace Fortran


Legal

  • Federal Telephone Records and Privacy Protection Act bans ‘pretexting’

  • FCC unleashes cable boxes

  • Senator John Sununu (R-NH) takes a new stab at abolishing Broadcast Flag

  • Texas Bill for open document format

  • Conneticut Teacher charged with felony child endagerment when pop-up displays porn in class.

  • Rumors of companies dropping DRM

  • Wikileaks.org, new leaked document repository


All images scavenged without permission


ad
  • Login