PREVIOUS GNEWS

4 Patches – 9 bugs addressed Affecting Windows, SQL, Exchange (OWA) Other updates, MSRT, Defender Definitions, Junk Mail Filter 8 Security Patches - 5 Critical, 1 Moderate –MS – DNS - Spoofing –MS – Windows Explorer - Remote Code Execution –MS – OWA – Privilege Escalation –MS – SQL – Privilege Escalation Patch Tuesday

Holes / Patches Apple , 25 fixes Apple Safari for Windows Apple Safari for OS X AppleScript, Privilege Escalation New Mac Trojans, one using the above AppleScript vuln Vim, Multiple vulnerabilities, allows code execution X Server, Multiple vulnerabilities, local information disclosure –Disable MIT-SHM extensions VMware ESX, Multiple vulnerabilities Ruby, Integer Handling errors, Allows code execution FireFox, ver 2.x and 3.x Adobe, error in javascript handling, Allows code execution

Hacking MS releases free sql injection auditing tools UK (London) Oyster Card has been cloned American Airlines to launch in flight wireless, Gogo by Aircell VOIP on the iPhone, iCall Chaos Computer Club, Privacy N.Runs reports 800+ vulnerabilities in various Antivirus Engines Brightnets, Distributed File System Japanese Age Verification Camera system duped by magazine photos

Books Hackerteen Volume 1: Internet Blackout –Macelo Marques Crimeware: Understanding New Attacks and Defenses –Markus Jakobsson, Zulfikar Ramzan VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers –Edward L. Haletky Nmap Network Scanning (coming soon) –Fyodor

Corp. Hell India to crack BlackBerry Encryption if RIM doe not open network Retail “Box” Sales of XP stops, Still available to large OEM companies John Burris from Citrix, Named new SourceFire CEO Pirate Bay offers SSL encryption in wake of Swedish wiretap law Formal Certification Standards? Office of Management and Budget Chrysler adds wifi to 2009 car line Charter Communication’s NebuAd shut down in development – Behavioral Marketing System declared a man-in-the-middle attack by Congress, ICANN approves expansion of TLDs, still no.XXX –Allows “vanity” TLDs like.mac.msn.cbs GoDaddy VP busted bidding up domain auctions

Papers Richard Bennet comments on NetNeutrality (against) NIST releases 3 revisions to the 800 series security guides.

Film / Music RIAA backs out of ‘Making Available” argument, requests dismissal of case RIAA raises settlement cost from 3,000 to 8,000 MPAA requests FCC for waiver to SOC (selectable output control) ruling –Would allow them to block dvr recordings of HD movies IpTables rules to drop reset packets and evade Comcast throttling

WTF LA Judge presiding over obscenity trial busted with porn on public website AVG LinkScanner, generating mass quantities of fake traffic

Sysinternals Live Windows Search 4 for XP Maltego Community Edition Maltego for Windows Opera 9.51 FireFox 3 ClamAV Apple SproutCore, Web App Framework iPhoneDbg ToolKit IPTables RFDump 1.6 BackTrack 3 Snort 3 Beta, Snort Security Platform (SnortSP) Nmap 4.68 Google RatProxy Updates

CON Events Future Cons –HOPE 7, July / New York NY –USENIX 17th Security Symposium, 28 July - 1 Aug / San Jose CA –REcon 2008, 13 – 15 June / Montreal CA –Black Hat USA, Aug / Las Vegas NV –DefCon, August / Las Vegas NV –Chaos Communications Camp, TBD / Berlin

All images scavenged without permission