PREVIOUS GNEWS
4 Patches – 2 bugs addressed Affecting Windows, Windows Servers, Other updates, MSRT, Defender Definitions, Junk Mail Filter, RootCert Vista USB Core rollup, Vista Reliability Patch Tuesday 2 Security Patches - 1 Critical, 1 Important –MS – Windows URI Handling (XP, 2003) - Remote Code Execution –MS – DNS Spoofing (2K server, 2003)
Holes / Patches Oracle Patch Release –51 patches, 40 remote, 13 with no auth –Local injections posted to milw0rm Oracle 0-day in XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure –Reported by idefense, code is available OpenBSD, DHCP DoS / possible code execution (patch available) OpenSS, DTLS DoS / possible code execution (patch available) RealPlayer, MPMedia.dll Code execution (patch available) AIX, Multiple local exploits (patch available) Lotus Notes, Multiple exploits (patch available, mostly) –Bug in wp6sr.dll not patched by ver. 8.0
DATA LOSS 25 + reported incidents Croucher Brewing Company in Rotorua, New Zealand –Beer for life (12-pack a day) for info leading to arrest on laptop theft
Holes / Patches (more) QuickTime, Multiple exploits (patch available) Apple, “First Trojan” –Fake codec download, requires user action Mozilla Firefox / SeaMonkey / Thunderbird, Multiple exploits (patch available) Opera, Multiple exploits (patch available) Firebird SQL, BO with overlong request, printf(), and process_packet() (patch available) Winamp, BO in FLAC processing (patch available) Kaspersky, Activex Scanner (patch available)
Hacking RNB –gets yet more publicity –system goes dark with domain registration withdrawl Pirate Bay buys ifpi.com –Legal battle quickly follows Elcomsoft files patent for using Video RAM for processing OSx86 Scene Forum release details on installing Leopard on a PC
Holes / Patches (again) SIP receiving increased attention –Multiple vulnerabilities, Vonage specifically named –SIP XSS SonicWall Activex, Multiple exploits (patch available) Symantec Anti-Virus for SMTP, Multiple exploits (patch available) Windows Mobile 5, Bug in SMS handler allows sender spoofing Update to iPone TIFF bug, exploit tool released Maxtor ships HDs with preinstalled trojans (Taiwan) Asterick SQL Injection in cdr_addon_mysql
Corp. Hell EA Games buys BioWare and Pandemic Encase buys Applied Watch McAfee buys ScanAlert (Hacker Safe) Symantec buys Vontu MS buys 1.6% stake of Facebook Govt. to step into 3Com / China deal Hushmail ponies up web-based logs to Feds –Full client version is still safe Apple announces iPhone SDK (Feb 2008) Verizon announces to share data / offers opt-out MS announces health record service / Google follows Google open phone coalition gets flamed from Symbian Viacom calls for copyright filtering standard
Film / Music Star Trek Prequel casting –Chris Pine – James T. Kirk –Eric Bana – Nero (villain) Viacom posts entire Daily Show archive (free) BluRay BD+ cracked Canada RCMP announce piracy for personal use is not their target. (must be this tall to ride...)
Papers DHS proposes ‘baseline’ for security skills MPAA Hacker tells all to Wired Magazine
Updates Mac OS X 10.5 Leopard Fedora 8 SIPVicious Kismet R1 Openssl 0.9.8g Netscape Gimp 2.4 Inguma (pentest toolkit) Honeytrap RFIDIOt 0.1q RFDump 1.5 Bunny 0.92 (fuzzer) Tor a Sqlmap 0.5 Maltego Java Framework (formerly evolution) OLPC opens “give one get one” program (ends Nov 26 th ) MS announce XP port for OLPC MS talks about Windows 7 at University of Illinois
Legal Bill calls for ID Theft Restitution Pirate Act reintroduced Govt. calls for free access to Judge rules RIAA “evidence” insufficient FISA Telecom bill placed on hold Schwarzenegger vetos PCI like bill Austria adopts use of fedware
CON Events Completed Cons –ToorCon 9, 19 – 21 Oct – San Diego CA –Phreaknic, Oct - Nashville TN –DayCon, 12 – 14 Oct – Dayton OH Future Cons –LISA, Nov Dallas TX –OWASP + WASC, Nov - San Jose CA –BreakPoint, Nov - Mexico –SecTor, 20 – 21 Nov – Toronto Canada –PacSec 2007, 29 – 30 Nov - Tokyo –Chaos Communication Congress, Dec Berlin
All images scavenged without permission