PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."
Patch Tuesday 1 Out of Cycle Patch, 7 bugs addressed –MS07-017, Vulnerabiities in GDI could allow remote executioin (925902) 10 Patches originally expected –5 Security, 4 Non-Security related updates, Malicious Software Removal Tool Update 5 Security Patches, 8 bugs addressed –MS Microsoft Content Management Server Could Allow Remote Code Execution (925939) –MS Universal Plug and Play Could Allow Remote Code Execution (931261) –MS Microsoft Agent Could Allow Remote Code Execution (932168) –MS CSRSS Could Allow Remote Code Execution (930178) –MS Windows Kernel Could Allow Elevation of Privilege (931784)
Holes Month of PHP Bugs (March), 45 Bugs released –14 do not require PoC/Exploit code –7 PoC/Exploit code coming soon –3 Bonus bugs, not in PHP (1 mod_security, 2 Zend Platform) –PHP expected April 5 th (late) –Stefan eludes to repeat perfromance “Yeah “The Return of the MOPB” will be better prepared…” Week of Vista Bugs (First Week of April), Hoax / bad social experiment Month of MySpace Bugs (April), –Mondo Armando and Müstaschio –Not limited to one sploit per day –Bug submissions must include PoC code –self admitted XSS lame-ness PoC Virus for iPod with Linux
DATA LOSS RadioShack, Corpus Christi –CC #s and Personal Information found in the trash California Secretary of State web site, selling ID’s since 2004 Attrition.org lists 14 other Data Loss incidents TrustedID.com lists 2 other Data Loss incidents TJX update, information now found in circulation and use IRS, 500 Stolen laptops, 2,300 records Japan, 8.6 milion records
Holes 2 Open BSD IPv6, - patch available –Remote kernel buffer overflow, improper mbuf handling in ICMP6 Telnet Redux / MIT krb5, - patch available –RedHat McAfee ePolicy Orchestrator / ProtectionPilot ActiveX Control Buffer Overflows, - patch available –boundary errors within the SITEMANAGER.DLL ActiveX Control when processing arguments passed to the "ExportSiteList()" and "VerifyPackageCatalog()" methods. Trend Micro UPX Processing DoS, patch available –Divide by zero error in the anti-virus engine RFID + SQL Injection = ACCESS, PoC to be released –Joshua Perrymon of PacketFocus Security Solutions –SQL inject code written to RFID tag
Games Sony RootKit hacks WOW –Hides cheat processes from Blizzard’s process monitor Xbox Live account hi-jacking Xbox 360 Elite Upgrade –120 GB HD, wireless headset, HiDef port Wii Helm –Good-Bye carpal tunnel, Hello whiplash
Holes 3 IE 7 XSS –navcancl.htm local resource Vista, Windows Mail – with a link, code execution with no warning 0-day, Windows Animated Cursor Handling, - patch availableI –Out of cycle patch released –Reported 113,000 malicious sites via a Google Query Shady Blogger Flamed for posting a speculative view of SP1 –Vista hotfix tracking blog was misrepresented as an SP1 leak Vulnerabilities in Vista implementation of Symbolic Links
Corp. Hell ICANN may seek to be a Private International Organization FCC rules to keep cell phone ban for aircraft Microsoft sued for deceptive Vista advertising, “Vista Capable” DHS Opens National Computer Forensic Institute Oracle sues SAP, claiming documents and software were pilfered from the customer’s only support site
Papers Mark Russinovich wraps up Vista Kernel Series NSA releases Mac Security Guide A new radio spectrum? –A "metamaterial" that selectively filters terahertz radiation could perhaps be used for short-range wireless communications. WEP busted in 1 minute
Film Apple TV –Kernel mod allows full OS X on Apple TV Apple + EMI = AAC standard –DRM-Free deal suggests a shift in the de-facto format
WTF!? Washington State OK’s RFID driver’s license XXX Domain voted down, again Carder Community Releases Private IM Service, CarderIM WiFi Proof Paint Discotequezone, Italian P2P site raided FBI launches “raids” of Second Life casinos Hackers profiled, 8 distinct profiles Air Car Car Navigation Hacking, Radio Data System-Traffic Message Channel (RDS-TMC)
Apollo by Adobe, runtime environment TrueCrypt 4.3 MetaSploit 3 THC Hydra 5.4 Nessus Beta Snortalog Snort 3.0 Beta Python on Planes Windows Change Analysis Tool for XP
Legal 3 rd attempt for Tougher anti-spyware bill –Securely Protect Yourself Against Cyber Trespass Act Potential changes for internet radio based on ruling by the Copyright Royalty Board –Rather than the previous fee based on estimation of plays new rules state fees are based per play NFL Violates DMCA McCain Myspace page ‘goatsed’ Court upholds use of counter hack, generates questions regarding the use of warrantless seizures
CON Results Con Archive - Jikto, Java Script based scanner and more, Shmoocon –Billy Hoffman of SpiDynamics, Choose not to release code but exposed the url with a subsequent leak Cisco NAC bypassed with Credentials Spoofing, Black Hat Europe –Michael Thurmann and Dror-John Roecher of ERNW GmbH Vbootkit, a Vista RooKit,Black Hat Europe –Nitin and Vipin Kumar of NV Labs Flaws in ARM and XScale microprocessors will be demo’ed at CanSec West –Barnaby Jack of Juniper, porcessors used in cell phones and routers
CON Events Completed Cons –ShmooCon, 23 – 25 March Washington D.C –Black Hat Europe, 27 – 30 March - Amsterdam –Hack In The Box, 2 – 5 April - Dubai Future Cons –CanSecWest, 18 – 20 April 2007 – Vancouver –Infosec Europe, 24 – 26 April London –NOTACON, 27 – 29 April Chapel Hill NC –Layerone, 5 – 6 May Pasadena CA –DallasCon, 11 – 12 May 2007 – Dallas, TX –H2K2, 7 – 12 April New York NY –BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV –DefCon, 3 – 5 August 2007 – Las Vegas, NV –Hack In The Box, 3 – 6 Sept. – Kuala Lumpur CanSecWest hosts Apple Hacking Competition
All images scavenged without permission