PREVIOUS GNEWSPREVIOUS GNEWS
Patch Tuesday• New Format• 13 Patches originally expected
– 6 Security • Affects Windows OS, Outlook / Mail, IE, Office, Visio
– 7 Non-Security related updates, Malicious Tool Update
• 6 Security Patches, 15 bugs addressed (eye reports 19 bugs)
– MS07-030 - Microsoft Visio - Remote Code Execution– MS07-031 - Schannel Security Package
• XP - Remote Code Execution / 2003 - DoS– MS07-032 - Vista - Information Disclosure– MS07-033 – IE Cummulative 6 vulns, 5 Code
Execution / 1 spoofing– MS07-034 – Outlook Express / Mail Cumulative Code
Execution, 3 via IE– MS07-035 – An unnamed win32 API - Remote Code
Execution (vector for IE, maybe more)
Books
• March• Zen and the Art of Information Security
– by Ira Winkler
• Cross Site Scripting Attacks: XSS Exploits and Defense– by Seth Fogie, Robert Hansen, Jeremiah Grossman, Anton Rager
• April• Mastering Windows Network Forensics and Investigation
– by Steven Anson, Steven James Anson
• May• How to Cheat at Configuring Open Source Security Tools
– by Michael Gregg, Eric Seagren, Angela Orebaugh, Matt Jonkman, Raffael Marty
• Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
– by Chris Sanders
Holes• “Month of…” ActiveX Wrap-up
– 35 bugs – LeadTools got beat up, Barcode Apps, Office Viewers
• June is Month of Search Engine Bugs– Hotbot, msn, yahoo, rambler, ask.com, others
• IE and Firefox bugs– cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing
• Opera Right-Click Overflow (patched in 9.21)– Transfer Item Pop-up Menu Stack Overflow Vulnerability – Malicious torrents in the wild
• Cisco 3rd party cypto library, ANS.1 DoS
• Veritas Storage Foundation DoS, input validation
• Packeteer Web Interface DoS, URL request via read-only user
DATA LOSS
• 40+ Reported Cases– TX Law Enforcement, stolen laptops– Waco ISD, system compromise– IBM, missing tapes– JP Morgan Chase, missing tape– TSA, lost hard drive
Holes 2• Botnet Mgt GUI, ‘Zunker’ reported by Panda Software
• Gozi variant now has keylogger and improved signature evasion
• PoC BadBunny virus for OpenOffice, (Win – Mirc / xchat, Mac – Ruby, Linux Perl / Python)
• 3 variants of Trojan-SMS.SymbOS.Viver, Smart Phone virus generates text messages to premium rate numbers
• Norton Personal Firewall and Internet Security 2004– Buffer Overflow in ActiveX (ISLALERT.DLL, SET(), GET())
• Unicode Encoding Flaw (rather decoding)– Improper handling of Full-width and Half-width encoding can allow the
bypass of some security devices, IIS, Cisco IPS, 3Com, McAffee
Games
• Xbox Live bans hacked Xbox 360 consoles
• Miami attorney Jack Thompson declares he will sue Microsoft if they perform any sale of ‘Halo 3’ to any persons under 17
• DCEmu announce Wii and GameCube coding contest
Holes 3• Windows Updater Hi-Jack
– Background Intelligent Transfer Service (BITS)
• Vista Team re-launches Vista Security Blog– Apparently their job wasn’t done ; )
• 4 out of cycle MS patches, 2 related to security– Windows installer (above)– Microsoft Office Isolated Conversion Environment (MOICE)
• iDefense announce bounty for 0-days in Apache httpd, BIND, Sendmail, Open SSH, MS IIS, or MS Exchange Server
• Activex buffer Overflow in Ksign SWAT (pki and id mgt)
Corp. Hell
• PacketFocus to provide RFID audits• eEye enters service market• Google buys FeedBurner (rss content vendor)• Verizon buys Cybertrust (managed service provider)
• Symantec enters mobile 5 market• intel encroaches on one laptop per child• Time Warner implements packet shaping
• MS claims patent infringement on 235 patents• FCC approves Apple iPhone (will use arm processors)
• Apple sues over Ann Summers ‘iGasm’ iPod accessory ads
Holes 4• Apple Releases Patch Set addressing 17 vulns
– BIND, crontabs, fetchmail, ichat, ruby, vpn, and more
• Apple Releases 2 Quick Time patches– Both for malicious java applets delivered via website
• Safari for Windows hits the street an immediately vulnerable• David Maynor releases 4 DoS and 2 remote execution• Thor Larholm finds URL protocol handler command injection
• Yahoo Messenger 0-day, buffer overflow in Activex for WebCam
• Latest fix in AACS saga, hacked before it was officially launched• Yet another follow-up fix hacked a day after launch
• NXP Semiconductors (philips) is developing an RFID activated DVD
• Ritek Corp. is developing re-writable BD-RE and HD DVD-RE with sales this year
• 6 Months after submissions close ReasearchChannel.org announces winners of the ’06 Educause Cyber Security Awareness Month Video Contest
• Terminator “franchise” sold, Halcyon Co. shooting for 2009 release of ‘The Terminator 4’
Papers• HP performance evaluation of Xen and OpenVZ
• David Litchfield 4 part Oarcle Forensics on milw0rm
• Mark Russinovich TechNet article on Windows UAC
• Rob Paveza 2 stage UAC bypass Proof-of-Concept
• DHS Cyber Security Paper (BotNets) BAA07-09
WTF!?
• DRM = Digital Consumer Enablement– HBO’s Bob Zitter calls for a re-definition of DRM to show just how
positive it really is
• PirateBay hacked and DB copied, blog server blamed for the vuln
• National Payment Card links Drivers License and Debit Card via MagStripe in select locations, 24 states including TX
• Cell Phones wipe Nissan smart keys, Altima and G35
• Apple DRM free tunes contain user info, name and email– Music purchased on itunes has always contained identifiable info
however previously those tunes were “non-transferable”
Updates• (April) WhiteDust launches hackspace.net• The a5 cracking project (gsm a5/1 algorithm)• Domain keys Identified Mail Signaures DKIM• Spyware Process Detector v2.02• Samba 3.0.25• aircrack ng 0.9• nipper 0.9.5• rfidiot 0.1m and rfidiot 0.1n• Sysinternals - SigCheck v1.4, PsExec v1.83, DiskExt v1.1• honey trap 0.7.0• FireGPG (encrypt web based mail) • tor-0.1.2.14.tar.gz• Parallel (intel mac)• Symantec 11• clamav-0.90.3.tar.gz• fwknop 1.8.1
Legal• MySpace Refuses to share data of known sex offenders• Myspace recants and gives data to authorities• MySpace data pops it’s first false positive
• US Military networks block MySpace, YouTube, and other social networks
• San Francisco court rules Google’s “thumbnail-porn” is protected by fair-use• US Anti-Spyware bill passed Congress, waiting on Senate vote• TX bill, HB 2714, requires computer companies to provide free recycling
services
• Robert Soloway (reported ‘spam king’) was arrested in Seattle
• Fourth and Final Draft of GPLv3 released
• Mods to German law makes “hacker tools” illegal• Belgium urged to withdrawal gen1 RFID enabled passports
CON Results• Microsoft BlueHat Security Briefings
– Felix Domke, demonstrated his hypervisor hack of the Xbox 360
• Interop– NAC Panel– NAC TCG and Microsoft compatibility
• Interop– 7 Habits of Hackers (or exploit methodology)
CON Events• Completed Cons
– BlueHat, 10 May 2007 - Redmond, WA – AusCERT2007, 20 – 25 May - Australia– Interop, 20 – 25 May - Las Vegas, NV
• Future Cons– REcon Party, 13 - 16 June 2007 - Montreal– BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Chaos Communications Camp, 8 - 12 August - Berlin– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– WhiteDust Black and White Ball, 18 - 23 Sept – London– ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA– Phreaknic, 20 - 22 Oct 2007 - Nashville TN
All images scavenged without permission
All images scavenged without permission