1 / 14

PREVIOUS GNEWS

PREVIOUS GNEWS. 8 Patches – 10 bugs addressed Affecting Project, Visio, DNS, GDI, Scripting, Activex, IE, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter. 8 Security Patches - 5 Critical, 3 Important MS08-018 – Project - Remote Code Execution

mbui
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. 8 Patches – 10 bugs addressed • Affecting Project, Visio, DNS, GDI, Scripting, Activex, IE, Windows • Other updates, MSRT, Defender Definitions, Junk Mail Filter • 8 Security Patches - 5 Critical, 3 Important • MS08-018 – Project - Remote Code Execution • MS08-019 – Visio - Remote Code Execution • MS08-020 – DNS - Spoofing • MS08-021 – GDI - Remote Code Execution • MS08-022 – VBScript / JScript - Remote Code Execution • MS08-023 – Update to Activex Kill Bits • MS08-024 – IE Cumulative update • MS08-025 – Kernel Update – Privilege Escalation

  3. Holes / Patches • Oracle Patches Scheduled for April 15th • Apple Security Page has a new look • Apple Patches released for • Safari 3.1 • Bundle 2008-002, 46 patches affecting 90+ CVEs • AirPort Extreme Base Station Firmware 3.7.1 • Digital Camera RAW Compatibility Update 2.0 • QuickTime 7.4.5 • Unreleased iPhone already hacked • disables boot loader firmware check • 2 Vulns in Safari, 1 allows code execution • 3 Vulns in Asterisk, 1 allows code execution

  4. Hacking • P2P data leakage back in the news • SCADA vulnerability database launched • Delphi, hosted by Wurldtech Security Technologies (closed membership) • Zone-H drops defacement archive? • Facebook privacy enhancements used to gain access to private photos • Opus Palladianum (OP) new secure browser • University of Illinois • Kraken Botnet bigger than Storm • Sans April Fools Wrap Up

  5. Holes / Patches (more) • IE 5 an 6 FTP Command Injection • Vista SP1 gets bad reviews • Windows 2008 vulnerabilities bypass security features • No details released • Multiple vulnerabilities in Firefox, Thunderbird, and SeaMonky • Multiple Vulnerabilities in Opera • Wireshark, multiple DoS vulnerabilities (tftp, ldap, sccp, and more) • Cisco ACS for Windows, BO in /securecgi-bin/CSUserCGI.exe • Multiple vulnerabilities in Cisco IOS, memory leak, DoS

  6. Corp. Hell Peru begins teacher training for OLPC NVIDIA drivers bad for Vista Reported cause for 28% of all crashes Sony / BMG sued for illegal software PointDev system administration tools Feds ban IBM contracts / purchases ‘concerns raised about potential activities involving an EPA procurement‘

  7. Film / Music • New Futurama in June • ‘The Beast with a Billion Backs’ • Flat-Rate iTunes purchasing model? • Canadian TV • CBC to use DRM free torrent distribution of primetime content • RIAA Lawsuit • Includes provision to stop 'continuing to engage in criminal investigation of private American citizens'

  8. Japanese ISP disconnect file sharers MI-5 wants Oyster Card data British Public Transit Smart Card Foreign Intelligence Surveillance Act (FISA) ‘the FISA Amendments Act of 2008 or H.R. 3773, relaxes the requirement of emergency warrants’ Click and go directly to jail FBI Child Porn Dragnet uses fake links and ads to target would be offenders Legal

  9. Updates • SELinux build R080305 • Inguma 0.0.7.2 (python pentest framework) • Fwknop 1.9.2 (single packet auth) • looking glass 1.0.1.0 (malware / process analysis) • Photoshop Express Beta (free photoshop) • complaints spawn rewrite of TOS • OpenOffice 2.4 • Capture-HPC 2.1 • Wireshark 1.0 • freenet 0.7 (P2P) • FireFox 3 beta 5 • ProxyStrike 1.0 (web app proxy)

  10. UK wants DNA of potential offenders, as young as 5 Cat caught in dirty bomb scanner WTF

  11. CON Events Completed Cons SOURCE Boston, 12 - 14 Mar / Boston MA Black Hat Europe, 25 - 28 Mar / Amsterdam CanSecWest 2008, 26 - 28 Mar / Vancouver BC CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC Notacon 5, 4 - 6 Apr / Cleveland OH RECON announces CFP

  12. CON Results Source – Source Boston videos on technologytroll.com Source – symbiotic vs. parasitic computing BH Europe – Operation System Security Metric, “0-day patch rate” BH Europe – Paterva presentation BH Europe – Christopher Tarnovsky, smart card hacker BH Europe – BioLogger PoC released, biometric capture and hack CanSecWest – Pwn2Own, Mac via Safari, Vista via Adobe CanSecWest – Photos (not so much of the con)

  13. CON Events • Future Cons • USENIX Usability, Psychology, and Security 2007, 14 Apr / San Francisco CA • Hack In The Box, 14 - 17 Apr / Dubai • Trooper 08, 23 – 24 Apr / Munich • Infosecurity Europe 2008, 22 – 24 Apr / London • Interop, 27 Apr - 2 May / Las Vegas NV • Layerone, 17 – 18 May / Pasadena CA • DallasCon 2008, TBD / Dallas , TX • AusCERT 2008, 18 - 23 May / Gold Coast AU • HOPE 7, 18 - 20 July / New York NY

  14. All images scavenged without permission All images scavenged without permission

More Related