Top Banner
PREVIOUS GNEWS PREVIOUS GNEWS
14

PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

Dec 28, 2015

Download

Documents

Gwendolyn Ross
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

PREVIOUS GNEWSPREVIOUS GNEWS

Page 2: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

• 7 Patches – x bugs addressed

• Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows

• Other updates, MSRT, Defender Definitions, Junk Mail Filter

• 8 Security Patches - 5 Critical, 1 Moderate– MS08-030 – Bluetooth Stack - Remote Code Execution – MS08-031 – IE Cumulative Security Update– MS08-032 – ActiveX Kill Bits Cumulative Security Update– MS08-033 – DirectX - Remote Code Execution – MS08-034 – WINS - Elevation of Privilege– MS08-035 – Active Directory - Denial of Service – MS08-036 –Pragmatic General Multicast (PGM) - Denial of

Service

– re-released MS06-078 and MS07-068 with a detection only change

Page 3: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

Holes / Patches• Apple 2008-003

• Apple QuickTime 7.5

• Apple Safari on Windows

• Apple iCal

• Apple iPhone 2

• snort ip fragment reassembly / ttl evasion

• openssl tls vulns, server_name set to 0x00 in handshake

• Samba, boundary error in "receive_smb_raw()"

• Adobe Flash 9 0-day

• OpenOffice, integer overflow in "rtl_allocateMemory()"

• Sun Java Active Server Pages, Multiple Vulns

Page 4: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

Hacking • Sample Code in RFC 3414 (snmp) contains overflow

• rustock.c, russian rootkit, undetected record of 1.5 years

• Cisco Router Rootkit? Sebastian Muniz - EuSecWest

• New JavaScript engine, Squirrelfish

• OSWA – Organizational Wireless System Auditor, Live CD

Page 5: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

Corp. Hell• L-1 Identity Solutions Inc. to produce RFID Passport Card

• Todd Davis gets sued

• Comcast invests in GridNetworks (a P2P start-up)• Comcast web and email hacked, Defiant and EBK

• Dave & Busters, Packet sniifers on PoS terminals

• Barracuda offers buyout of SourceFire, SF rejects

• Nvidia enters mobile processor market

• Tumbleweed bought by Sopra Group (french)

• Canada charges Facebook with privacy infringement

• Explosion at ‘The Planet’ houston data center

Page 6: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

Papers

• Apple Security Guide for OS X 1.5 Leopard

• NIST IT Security Configuration Scoring (call for input)

Page 7: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

Film / Music

• NBC turns on “Broadcast Flag”

• Staples to sell $5 flexplay divx DVDs

Page 8: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

WTF

• UK calls for a total phone usage database

• Launch of Google Health

• California man makes $50k opening accounts, arrested

• TSA ID rule change, refuse id check, get banned

Page 9: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

• MySpace suicide case, poses rocky precedence

• Anti-Counterfeiting Trade Agreement, ACTA– Pirate-bay Killer?

• GPLv3 gets more legal attention– Proprietary software / patents

Legal

Page 10: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

• Ulteo Virtual Desktop, Linux virtualization on Windows

• blender 2.46, 3d animation

• rtpBreak 1.3a, rtp sniffer

• xprobe 2

• WebKnight, mod_security for IIS

• Nessus 3.2.1, does not work with freebsd 6

• technet opened to community contributions

• Snort 2.8.2

• maltego videos

• openssl 0.9.8h

• kismet 2008-05-R1

• opera 9.5 promises built-in malware protection

• Axban, ActiveX Killbit tool

Updates

Page 11: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

CON Events

• Completed Cons– Layerone, 17 – 18 May / Pasadena CA– DallasCon 2008, TBD / Dallas , TX– AusCERT 2008, 18 - 23 May / Gold Coast AU– EuSecWest, 28 May – London UK

Page 12: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

CON Results

• EuSecWest – Hardware Flashing

• EuSecWest – Cisco RootKit

• BlackHat Preview and Webcast

Page 13: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

CON Events

• Future Cons– HOPE 7, 18 - 20 July / New York NY– USENIX 17th Security Symposium, 28 July - 1

Aug / San Jose CA– REcon 2008, 13 – 15 June / Montreal CA– Black Hat USA, 2 - 7 Aug / Las Vegas NV– DefCon, 8 - 10 August / Las Vegas NV– Chaos Communications Camp, TBD / Berlin

Page 14: PREVIOUS GNEWS. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions,

All images scavenged without permission

All images scavenged without permission