Date post: | 01-Jan-2016 |
Category: |
Documents |
Upload: | blaise-lewis |
View: | 219 times |
Download: | 1 times |
• 7 Patches – 11 bugs addressed
• Affecting Windows, Windows Servers, Vista, Media Player, DirectX, Macrovision (DRM)
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
Patch Tuesday
• 7 Security Patches - 3 Critical, 4 Important– MS07-063 – SMBv2 (Vista) - Remote Code Execution– MS07-064 – DirectX (Directx 7 – 10) - Remote Code Execution– MS07-065 – Message Queuing Service (2K, XP) – Remote Code Execution– MS07-066 – Windows Kernel (Vista) - Privilege Escalation– MS07-067 – Macrovision Driver (XP, 2003) – Local Privilege Escalation– MS07-068 – Media File Format (Runtime 7 - 11) - Remote Code Execution– MS07-069 – IE Cumulative Update
Holes / Patches• Samba, Overflow in “reply_netbios_packet()” and GETDC (patch
available)
• FLAC file format, eEye reports 14 vulns
• Lotus Notes 1-2-3 File Viewer, Overflow in 123sr.dll (patch available)
• Avaya OpenSSL, Overflow in “SSL_get_shared_ciphers()” (work around available)
• Cygwin, Overflow in cygwin1.dll (patch available)
• Avast, Tar handling (patch available)
• Skype, Overflow in sykpe4com.dll (patch available)
Hacking
• FBI brags on BotNet hunting, “Operation Bot Roast II”– 8 controllers in 5 months
• AT&T plans decommissioning of payphones over next year– RIP 1889 - 2008
• MS 27 Mhz Keyboards cracked, Expect Logitech to follow
• Sun announces open-source rewards program– Code a thousand hours get a magazine subscription
• Oak Rodge National Lab compromised via phishing– Possible link to China
Holes / Patches (more)• Apple Patch Release 2007-008
– 41 patches
• Apple QuickTime, Overflow in “content-type” header– Multiple exploits posted to Milw0rm
• Mozilla Firefox, Multiple vulns multiple updates
• OpenOffice, bypass security restrictions in HSQLDB engine (patch available)
• Media Player, Overflow in 3ivx MPEG-4 5.0.1– Exploit posted to Milw0rm
• BitDefender ActiveX , Overflow in “InitX()” (patch available)– Exploit posted to Milw0rm
Corp. Hell• OLPC “Give one, Get one” extended to Dec 31 2007
– 45,000 ordered (24 Nov 2007)– MS and Intel turn up competitive heat
• Nigerian Company claims patent infringement against OLPC’s XO laptop– Multilingual keyboard technology– Prior fraud record
• Devorak says food more important than computers
• Verizon Wireless to open network to 3rd party devices– Google Android on the supported list
• Germany deems network locked iPhones legal • Nokia Claims ogg as proprietary format
• PDF is no ISO 32000
• Facebook allows Beacon to be disabled in light of privacy concerns
Film / Music
• Comcast targets fan-sub anime
• Free Software Foundation launches “Expert Witness Defense Fund”
• EMI to decrease funding of industry groups (RIAA, IFPI)
• Blade Runner: The Final Cut
Papers
• German Botnet Study, “Characterizing the IRC-based Botnet Phenomenon”
• NIST, “Guide to Industrial Control Systems (ICS) Security”– SCADA, DCS, PLC
• Vista SP1 Preview
• Nikto 2.00
• Medusa 1.4 (passwd cracker)
• EFF ISP Forgery Detection Toolkit / pcapdiff
• Iodine 0.4.1 (dns tunnel)
• Swift Intruder (flash runtime analysis)
• Snort 2.8.0.1
• FireFox 2.0.0.12 (and 2.0.0.10 and 2.0.011)
Updates
Legal• HushMail follow-up, Warning users of required compliance with
legal “back-doors”
• FCC cable TV vote delayed– Measure would allow more FCC control of industry
• All US border crosses to get terrorist risk profiles and kept for 40 years
• Japan to fingerprint all foreigners
• Canadian Passport website allowed access to personal data
• ISC2 claims Google and Yahoo indexing infringes on Trademarks
CON Results
• Hack In The Box Malaysia 2007 (sept), videos no on-line
• Undisclosed MS bugs demo’ed at KiwiCon– WPAD
– Ethical hacker, Beau Butler
– 160,000 PCs in New Zealand reported vulnerable
CON Events
• Completed Cons– LISA, 11 - 16 Nov 2007 - Dallas TX– OWASP + WASC, 12 -15 Nov - San Jose CA– BreakPoint, 15 - 18 Nov - Mexico– SecTor, 20 – 21 Nov – Toronto Canada– PacSec 2007, 29 – 30 Nov - Tokyo
• Future Cons– Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin– l