Slide 1:PREVIOUS GNEWS
"This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."
Slide 2:Patch Tuesday
8 Patches originally expected, reduced to 4 Pulled 2 for windows, 1 for office, and 1 for Visual Studio 4 Patches, 10 bugs addressed 3 fixes for Office, 1 fix for windows MS07-001 – Office 2003 Brazillian Grammer Checker Remote code Exec – Exploit available MS07-002 – Excel Remote code Exec – No Known Exploits MS07-003 – Outlook Remote code Exec – Exploit available MS07-004 – VML (ie / outlook) Remote code Exec – Exploit available Replaces 06-055
Syndicate of London releases “End of Dayz” www.endofdayz.net End Of Dayz is an eclectic collection of underground text files compiled from Soljo Publishing’s full 1992 to 2006 run - a snapshot of creativity and opinion from the digital jilted generation, right from the ASCII edge and onto your bookshelf. Hacking, politics, science, fiction and humour from the group that brought you The Soljo, The Discordant Opposition Journal, SPACT and the RWM Collective. A must read for any self respecting old school geek, or indeed any geek interested in the history and traditions of underground geekdom. Internet counter culture at it's best.
LMH announces Jan. as “Month of Apple Bugs” http://projects.info-pull.com/moab/ http://applefun.blogspot.com Landon Fuller, former Apple engineer, launches counter effort to provide fixes for each bug http://landonf.bikemonkey.org/code/macosx Adobe Acrobat allows remote execution of arbitrary commands. memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll) Version 7.0.8 is patched. Adobe also gets a XSS bug, for potential arbitrary code Version 7.0.9 is patched. MS Vista reported to have a new Vulnerability. Client Server Run-Time subsystem allows local elevation of privileges. Code on milw0rm.com Determina, reported four other vulns to MS. Sources http://projects.info-pull.com/moab/ http://applefun.blogspot.com http://landonf.bikemonkey.org/code/macosx http://secunia.com/advisories/23138/ http://secunia.com/advisories/23483/Sources http://projects.info-pull.com/moab/ http://applefun.blogspot.com http://landonf.bikemonkey.org/code/macosx http://secunia.com/advisories/23138/ http://secunia.com/advisories/23483/
Slide 5:DATA LOSS
UCLA – 800,000 UTD – 6,000
Slide 6:Holes 2
VMWare ESX Patch released Happy New Year worm, standard email based crap Will users never learn Six month old Symantec buffer overflow seeing much exploitation over the holidays. eBay “cross verification bug”. Paypal checkout and auction creation broke. Hidattack and BTCrack released during Chaos Communications Congress in Berlin. Both are Bluetooth tools. Hidattack, hijack keyboard BTCrack, full access to two connected devices AJAX, Security firm Imperva.com reports flaw in DWR (direct web reporting) allowing access to sensitive functions. Sources http://www.mulliner.org/bluetooth/hidattack.php http://www.zoller.lu/ http://www.imperva.com/application_defense_center/papers/web20-ajax-dwr-01032007.html Sources http://www.mulliner.org/bluetooth/hidattack.php http://www.zoller.lu/ http://www.imperva.com/application_defense_center/papers/web20-ajax-dwr-01032007.html
Wii remotes hacked http://carl.kenner.googlepages.com/glovepie_download Old power glove code adapted to Wii nunchuk. Controls use IR for triangulation to control movement But wait there’s more…. Remotes used to control Roomba wireless vaccum. PS3, Demo machines purpose made to freeze up. "We do that so that people won't play it all day long“
Slide 8:Holes 3
Slide 9:Corp. Hell
CheckPoint buys NFR Ah… didn’t NFR fold…a while ago?! NetClarity sues SourceFire and Inflection Point Ventures Claims theft of intellectual property IPO Impact? Cisco buys IronPort New lawsuits challenging DRM under Anti-Trust laws.
“Kitty Porn” – Masterbating cat named #1 internet film of the year by VH1. Montreal, CA. – Filming has started for War Games 2: The Dead Code. A hacker breaks into ‘Ripley’ a terrorist simulation super computer. Director of Teenage Mutant Ninja Turtles 3 and Poltergeist: The Legacy TV series. Staring no body anyone has heard of. BackupHDDVD is posted to RapidShare.com. AACS cracked. DVD enthusiast muslix64 shares the HD-DVD / BluRay ripper. AACS (Advanced Access Control System) is the DRM protection used on HD-DVD and Blu-Ray discs. Each movie requires a known crypto key, it is stated these will be shared as they are found. Lucas and Spielberg finalize script for 4th Indiana Jones, filming in 2007. New Futurama in 2008. Entire cast and most of the writers return. Sources http://www.engadget.com/2006/12/27/aacs-drm-cracked-by-backuphddvd-tool/ http://forum.doom9.org/showthread.php?t=119871Sources http://www.engadget.com/2006/12/27/aacs-drm-cracked-by-backuphddvd-tool/ http://forum.doom9.org/showthread.php?t=119871
Tor - 0.1.1.26 Snort – 220.127.116.11 Nessus – 32 SCADA specific checks SafetyCheck 1.5 beta – a Windows RootKit detector PacketFence 1.6.2 – Opensource NAC solution Falcon Storage Engine for MySQL made Open-Source Plash 1.17 – GNU / Linux Sandbox VMware Fusion – Beta Version of VMware desktop for Macintosh Once you go mac you never go bac (okay yeah shoot me) MS releases 64bit kernel API criteria. Linux Kernel 2.6.20 to include full virtualization, KVM http://www.vmware.com/products/beta/fusion/ http://www.microsoft.com/downloads/details.aspx?FamilyId=4C7561E6-6F9D-4125-8A8C-AEAF8E3342B9&displaylang=en http://plash.beasts.orghttp://www.vmware.com/products/beta/fusion/ http://www.microsoft.com/downloads/details.aspx?FamilyId=4C7561E6-6F9D-4125-8A8C-AEAF8E3342B9&displaylang=en http://plash.beasts.org
Slide 12:Hong Kong, Chan Nai-Ming receives first jail sentence for bittorrent piracy. Philadelphia, Combination of Homeland Security and Private Surveillance cameras used to id killer. .XXX, new contract which promises approval. May be open for registering this summer.