previous gnews
Download
Skip this Video
Download Presentation
PREVIOUS GNEWS

Loading in 2 Seconds...

play fullscreen
1 / 17

PREVIOUS GNEWS - PowerPoint PPT Presentation


  • 294 Views
  • Uploaded on

PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever." Patch Tuesday 22 Fixes originally expected 12 Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PREVIOUS GNEWS' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
previous gnews

PREVIOUS GNEWS

"This is Gary Gnu... and the no gnews is good gnews show.

The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."

patch tuesday
Patch Tuesday

22 Fixes originally expected

  • 12 Security
    • 5 fixes for Windows, 3 fix for Office, 1 for Visual Studio, 1 for Step-by-step Interactive Training, 1 for MDAC, 1 for One Live Care
  • 10 Non-Security related updates, Malicious Tool Update

12 Patches Released, 20 vulns addressed

  • 10 remote code execution including
    • Malware engine
    • Help and MDAC activex
    • MS Office
    • IE
  • 2 Privilege escalation
    • Shell and Image Acquisition

Other Updates

  • .Net Framework 3
  • Root Cert Update
  • Malicious Tool update
other m fun
Other M$ Fun
  • 4th and 5th Word 0-days announced
  • Posts advisory 932114 for Word 2000, no patch, corresponds to 4th 0-day
  • RE-Release of MS07-002 for Excel
  • MS to support OpenID
  • Application Compatibility Toolkit 5.0 Released
  • Genius John Pallatto @ eweek finally notices IE7 as a critical update and cries foal over the Jan Patch Tuesday (john, it’s been there since nov 2006)
  • Bypass MS OGA checking, another method via compatibility mode
ms vista
MS Vista
  • MS admits Vista has high impact issues
  • Announces Vista SP1 for second half of 2007, Call for beta testers
  • Vista Voice Recognition could allow “hacking activity”
  • Vista Upgrade discs require presence of old OS. Questions raised regarding clean installs.
  • Symantec to develop add-on software for expanded control of Vista UAC
oracle patch quarterly
Oracle Patch Quarterly
  • 51 Security Fixes, Addressing 74 bugs
  • Affects various components within 10g, 11i, 9i
  • 58 Remote, 7 High Complexity, 41 No Auth. Required.
  • 4 sploits posted to milw0rm.com
holes sec products
Holes – Sec Products
  • Symantec overflow shifts and also works on port 2968 (netware port)
  • Trend Micro, UPX Processing Buffer Overflow Vulnerability
    • Allows remote code execution as root / administrator – patch available
  • Cisco Mars and ASDM, SSL/TLS and SSH Validation Security Issue
    • Allows spoofing / data disclosure – patch available
  • Checkpoint, Connectra End Point Security Bypass
    • Bypass security checking – patch available
data loss
DATA LOSS
  • UTD Update – orig 6K, adjusted to 35K
  • TXJ – (tjmaxx, marshals, homegoods, a.j.wirght) Records back to 2003, declined release of numbers.
  • MoneyGram – 79K
  • Nordea – (swedish bank) 250 users hit for 1.1 mil.
  • CIBC – (canadian bank) lost tape with 470K users
  • IRS – 26 lost tapes, numbers unknown
  • VA – 48K, missing portable HD
holes generic
Holes - Generic
  • Cisco IOS, Multiple Vulns in ICMP, PIMv2, PGM, URD
    • Allow device restart, crash, memory leak – patch available
  • Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability
    • Allow privilege escalation – patch available
  • FireFox 1.5, pop-up blocker allows reading of arbitrary files.
  • Solaris 10 / 11 telnet authbypass
  • Google AntiPhishing exposes user data
  • TomTom GO 910 devices ship with trojans
  • Another MySpace script, spams 1.5 mil accounts
  • Unreal.A for anti-RootKit evasion
  • KREMBO – Windows kernal detouring
  • Zone-H defaced
games
Games
  • San Diego woman dies in “Hold your wee for Wii” radio contest.
  • Wii mod chip to hit market. Allows play of “backup” games.
slide10
MOAB Update
  • 31 bugs annouced, 29 exploits released (1 code not required, 1 code TBA)
  • Landon Fuller and Company release 27 3rd party patches
  • Jan 24th Apple responds with Quicktime update.
    • Secunia reports fix addresses Apple and leaves Windows vuln
corp hell
Corp. Hell
  • Apple unviels iPhone at MacWorld
    • No 3rd party apps
  • Cisco sues Apple over iPhone trademark.
    • Owns iPhone trademark via 1996 acqusition
  • Cisco with Linksys releases their own iPhone
  • Symantec buys Altiris
  • Google loses Gmail trademark battle to Germany
    • No gmail for you!
  • Sony Settles with FTC, $150.00 per RootKit
slide12
Film
  • Mooninites invade several cites, Boston shits a meat-axe
    • Turner to pay 2 mil in “damages”
    • Mooninite lite-brites hit ebay, as high as 5k
  • Porn industry drops Blu-Ray (sites restriction and cost of media) picks HD-DVD Format
    • Blu-Ray == Betmax, Anyone, anyone??
    • Porn’s influence on format war is called into question
  • Blu-Ray sales up, Sony ready to claim winner of the format wars.
    • Some link spike to PS3 launch, and not true user adaptation
  • Serenity, crowned first HD-DVD movie to hit torrents
  • Muslix64 is back w/ Blu-Ray crack
competitions
Competitions
  • Wibu Systems Announces 40K hacker challenge
    • $40 registration required, circumvent CodeMeter encryption system
  • Nist to host competition for SHA-1 improvement / replacement
slide14
WTF
  • Sealand is for sale and PirateBay wants it
    • All contributors to be granted citizenship
  • MySpace GoDaddy turn off seclists.org
  • Fyodor repsonds with nodaddy.com
    • Calls for horror stories
    • Looking for a NoDaddy girl, spokes model
  • Root Server sustain attack
  • Skype found to read system BIOS
  • Diebold on-line store posts picture of “universal” voting machine key. Working copies made based on photo.
updates
Updates
  • Change to Day Light Savings (hits March 11th)
  • WinPcap 4.0 (finally)
  • WireShark 0.99.5 (security fixes and WPA/WPA2 decryption)
  • Samba 3.0.24
  • Autoruns 8.61 (98/ME functionality)
  • PSexe 1.80 (enhance -i flag for Vista)
  • Linux FUSE ported to Mac, MacFuse
  • AirCrack-ng 0.7
  • Kismet
  • VirtualBox by Innotek turns open-source
  • Sun OSS ‘Fortress’ to replace Fortran
legal
Legal
  • Federal Telephone Records and Privacy Protection Act bans ‘pretexting’
  • FCC unleashes cable boxes
  • Senator John Sununu (R-NH) takes a new stab at abolishing Broadcast Flag
  • Texas Bill for open document format
  • Conneticut Teacher charged with felony child endagerment when pop-up displays porn in class.
  • Rumors of companies dropping DRM
  • Wikileaks.org, new leaked document repository
ad