1 / 13

PREVIOUS GNEWS

PREVIOUS GNEWS. "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever.". Patch Tuesday. 8 Patches originally expected, reduced to 4 Pulled 2 for windows, 1 for office, and 1 for Visual Studio

lcolby
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."

  2. Patch Tuesday • 8 Patches originally expected, reduced to 4 • Pulled 2 for windows, 1 for office, and 1 for Visual Studio • 4 Patches, 10 bugs addressed • 3 fixes for Office, 1 fix for windows • MS07-001 – Office 2003 Brazillian Grammer Checker • Remote code Exec – Exploit available • MS07-002 – Excel • Remote code Exec – No Known Exploits • MS07-003 – Outlook • Remote code Exec – Exploit available • MS07-004 – VML (ie / outlook) • Remote code Exec – Exploit available • Replaces 06-055

  3. Books • Syndicate of London releases “End of Dayz” • www.endofdayz.net • End Of Dayz is an eclectic collection of underground text files compiled from Soljo Publishing’s full 1992 to 2006 run - a snapshot of creativity and opinion from the digital jilted generation, right from the ASCII edge and onto your bookshelf. Hacking, politics, science, fiction and humour from the group that brought you The Soljo, The Discordant Opposition Journal, SPACT and the RWM Collective. A must read for any self respecting old school geek, or indeed any geek interested in the history and traditions of underground geekdom. Internet counter culture at it's best.

  4. Holes • LMH announces Jan. as “Month of Apple Bugs” • http://projects.info-pull.com/moab/ • http://applefun.blogspot.com • Landon Fuller, former Apple engineer, launches counter effort to provide fixes for each bug • http://landonf.bikemonkey.org/code/macosx • Adobe Acrobat allows remote execution of arbitrary commands. • memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll) • Version 7.0.8 is patched. • Adobe also gets a XSS bug, for potential arbitrary code • Version 7.0.9 is patched. • MS Vista reported to have a new Vulnerability. Client Server Run-Time subsystem allows local elevation of privileges. • Code on milw0rm.com • Determina, reported four other vulns to MS.

  5. DATA LOSS • UCLA – 800,000 • UTD – 6,000

  6. Holes 2 • VMWare ESX Patch released • Happy New Year worm, standard email based crap • Will users never learn • Six month old Symantec buffer overflow seeing much exploitation over the holidays. • eBay “cross verification bug”. Paypal checkout and auction creation broke. • Hidattack and BTCrack released during Chaos Communications Congress in Berlin. Both are Bluetooth tools. • Hidattack, hijack keyboard • BTCrack, full access to two connected devices • AJAX, Security firm Imperva.com reports flaw in DWR (direct web reporting) allowing access to sensitive functions.

  7. Games • Wii remotes hacked • http://carl.kenner.googlepages.com/glovepie_download • Old power glove code adapted to Wii nunchuk. • Controls use IR for triangulation to control movement • But wait there’s more…. • Remotes used to control Roomba wireless vaccum. • PS3, Demo machines purpose made to freeze up. • "We do that so that people won't play it all day long“

  8. Holes 3 • Cisco Clean Access (NAC), Patch Available • Unchangeable Shared Secret, • Readable Snapshots, access to DB archives w/o authenication • Opera • Malformed jpeg header, crash opera • createSVGTransformFromMatrix, Javascript allows arbitrary code • IE 6.x Race Condition, CVE-2007-009 • Possibly on IE 7 under Vista also • Yahoo Messenger, Activex Heap Overflow • Kaspersky AV, DoS condition

  9. Corp. Hell • CheckPoint buys NFR • Ah… didn’t NFR fold…a while ago?! • NetClarity sues SourceFire and Inflection Point Ventures • Claims theft of intellectual property • IPO Impact? • Cisco buys IronPort • New lawsuits challenging DRM under Anti-Trust laws.

  10. Film • “Kitty Porn” – Masterbating cat named #1 internet film of the year by VH1. • Montreal, CA. – Filming has started for War Games 2: The Dead Code. • A hacker breaks into ‘Ripley’ a terrorist simulation super computer. Director of Teenage Mutant Ninja Turtles 3 and Poltergeist: The Legacy TV series. Staring no body anyone has heard of. • BackupHDDVD is posted to RapidShare.com. AACS cracked. • DVD enthusiast muslix64 shares the HD-DVD / BluRay ripper. • AACS (Advanced Access Control System) is the DRM protection used on HD-DVD and Blu-Ray discs. • Each movie requires a known crypto key, it is stated these will be shared as they are found. • Lucas and Spielberg finalize script for 4th Indiana Jones, filming in 2007. • New Futurama in 2008. Entire cast and most of the writers return.

  11. Updates • Tor - 0.1.1.26 • Snort – 2.6.1.2 • Nessus – 32 SCADA specific checks • SafetyCheck 1.5 beta – a Windows RootKit detector • PacketFence 1.6.2 – Opensource NAC solution • Falcon Storage Engine for MySQL made Open-Source • Plash 1.17 – GNU / Linux Sandbox • VMware Fusion – Beta Version of VMware desktop for Macintosh • Once you go mac you never go bac (okay yeah shoot me) • MS releases 64bit kernel API criteria. • Linux Kernel 2.6.20 to include full virtualization, KVM

  12. Hong Kong, Chan Nai-Ming receives first jail sentence for bittorrent piracy. • Philadelphia, Combination of Homeland Security and Private Surveillance cameras used to id killer. • .XXX, new contract which promises approval. May be open for registering this summer.

More Related