1 / 14

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 7 Patches – 11 bugs addressed Affecting Windows, Windows Servers, Vista, Media Player, DirectX, Macrovision (DRM) Other updates, MSRT, Defender Definitions, Junk Mail Filter. 7 Security Patches - 3 Critical, 4 Important

meriel
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 7 Patches – 11 bugs addressed • Affecting Windows, Windows Servers, Vista, Media Player, DirectX, Macrovision (DRM) • Other updates, MSRT, Defender Definitions, Junk Mail Filter • 7 Security Patches - 3 Critical, 4 Important • MS07-063 – SMBv2 (Vista) - Remote Code Execution • MS07-064 – DirectX (Directx 7 – 10) - Remote Code Execution • MS07-065 – Message Queuing Service (2K, XP) – Remote Code Execution • MS07-066 – Windows Kernel (Vista) - Privilege Escalation • MS07-067 – Macrovision Driver (XP, 2003) – Local Privilege Escalation • MS07-068 – Media File Format (Runtime 7 - 11) - Remote Code Execution • MS07-069 – IE Cumulative Update

  3. Holes / Patches • Samba, Overflow in “reply_netbios_packet()” and GETDC (patch available) • FLAC file format, eEye reports 14 vulns • Lotus Notes 1-2-3 File Viewer, Overflow in 123sr.dll (patch available) • Avaya OpenSSL, Overflow in “SSL_get_shared_ciphers()” (work around available) • Cygwin, Overflow in cygwin1.dll (patch available) • Avast, Tar handling (patch available) • Skype, Overflow in sykpe4com.dll (patch available)

  4. Hacking • FBI brags on BotNet hunting, “Operation Bot Roast II” • 8 controllers in 5 months • AT&T plans decommissioning of payphones over next year • RIP 1889 - 2008 • MS 27 Mhz Keyboards cracked, Expect Logitech to follow • Sun announces open-source rewards program • Code a thousand hours get a magazine subscription • Oak Rodge National Lab compromised via phishing • Possible link to China

  5. Holes / Patches (more) • Apple Patch Release 2007-008 • 41 patches • Apple QuickTime, Overflow in “content-type” header • Multiple exploits posted to Milw0rm • Mozilla Firefox, Multiple vulns multiple updates • OpenOffice, bypass security restrictions in HSQLDB engine (patch available) • Media Player, Overflow in 3ivx MPEG-4 5.0.1 • Exploit posted to Milw0rm • BitDefender ActiveX , Overflow in “InitX()” (patch available) • Exploit posted to Milw0rm

  6. Games • Blizzard and Activision announce merger • Sony game “ICO” for PS2 violates GPL

  7. Corp. Hell • OLPC “Give one, Get one” extended to Dec 31 2007 • 45,000 ordered (24 Nov 2007) • MS and Intel turn up competitive heat • Nigerian Company claims patent infringement against OLPC’s XO laptop • Multilingual keyboard technology • Prior fraud record • Devorak says food more important than computers • Verizon Wireless to open network to 3rd party devices • Google Android on the supported list • Germany deems network locked iPhones legal • Nokia Claims ogg as proprietary format • PDF is no ISO 32000 • Facebook allows Beacon to be disabled in light of privacy concerns

  8. Film / Music • Comcast targets fan-sub anime • Free Software Foundation launches “Expert Witness Defense Fund” • EMI to decrease funding of industry groups (RIAA, IFPI) • Blade Runner: The Final Cut

  9. Papers • German Botnet Study, “Characterizing the IRC-based Botnet Phenomenon” • NIST, “Guide to Industrial Control Systems (ICS) Security” • SCADA, DCS, PLC

  10. Updates • Vista SP1 Preview • Nikto 2.00 • Medusa 1.4 (passwd cracker) • EFF ISP Forgery Detection Toolkit / pcapdiff • Iodine 0.4.1 (dns tunnel) • Swift Intruder (flash runtime analysis) • Snort 2.8.0.1 • FireFox 2.0.0.12 (and 2.0.0.10 and 2.0.011)

  11. Legal • HushMail follow-up, Warning users of required compliance with legal “back-doors” • FCC cable TV vote delayed • Measure would allow more FCC control of industry • All US border crosses to get terrorist risk profiles and kept for 40 years • Japan to fingerprint all foreigners • Canadian Passport website allowed access to personal data • ISC2 claims Google and Yahoo indexing infringes on Trademarks

  12. CON Results • Hack In The Box Malaysia 2007 (sept), videos no on-line • Undisclosed MS bugs demo’ed at KiwiCon • WPAD • Ethical hacker, Beau Butler • 160,000 PCs in New Zealand reported vulnerable

  13. CON Events • Completed Cons • LISA, 11 - 16 Nov 2007 - Dallas TX • OWASP + WASC, 12 -15 Nov - San Jose CA • BreakPoint, 15 - 18 Nov - Mexico • SecTor, 20 – 21 Nov – Toronto Canada • PacSec 2007, 29 – 30 Nov - Tokyo • Future Cons • Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin • l

  14. All images scavenged without permission All images scavenged without permission

More Related