1. PREVIOUS GNEWS

2. 7 Patches – x bugs addressed Affecting Word, Outlook, Publisher, Jet DB Engine, IE, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter 8 Security Patches - 5 Critical, 1 Moderate –MS08-030 – Bluetooth Stack - Remote Code Execution –MS08-031 – IE Cumulative Security Update –MS08-032 – ActiveX Kill Bits Cumulative Security Update –MS08-033 – DirectX - Remote Code Execution –MS08-034 – WINS - Elevation of Privilege –MS08-035 – Active Directory - Denial of Service –MS08-036 –Pragmatic General Multicast (PGM) - Denial of Service –re-released MS06-078 and MS07-068 with a detection only change

3. Holes / Patches Apple 2008-003 Apple QuickTime 7.5 Apple Safari on Windows Apple iCal Apple iPhone 2 snort ip fragment reassembly / ttl evasion openssl tls vulns, server_name set to 0x00 in handshake Samba, boundary error in "receive_smb_raw()" Adobe Flash 9 0-day OpenOffice, integer overflow in "rtl_allocateMemory()" Sun Java Active Server Pages, Multiple Vulns

4. Hacking Sample Code in RFC 3414 (snmp) contains overflow rustock.c, russian rootkit, undetected record of 1.5 years Cisco Router Rootkit? Sebastian Muniz - EuSecWest New JavaScript engine, Squirrelfish OSWA – Organizational Wireless System Auditor, Live CD

5. Corp. Hell L-1 Identity Solutions Inc. to produce RFID Passport Card Todd Davis gets sued Comcast invests in GridNetworks (a P2P start-up) Comcast web and email hacked, Defiant and EBK Dave & Busters, Packet sniifers on PoS terminals Barracuda offers buyout of SourceFire, SF rejects Nvidia enters mobile processor market Tumbleweed bought by Sopra Group (french) Canada charges Facebook with privacy infringement Explosion at ‘The Planet’ houston data center

6. Papers Apple Security Guide for OS X 1.5 Leopard NIST IT Security Configuration Scoring (call for input)

7. Film / Music NBC turns on “Broadcast Flag” Staples to sell $5 flexplay divx DVDs

8. WTF UK calls for a total phone usage database Launch of Google Health California man makes $50k opening accounts, arrested TSA ID rule change, refuse id check, get banned

9. MySpace suicide case, poses rocky precedence Anti-Counterfeiting Trade Agreement, ACTA –Pirate-bay Killer? GPLv3 gets more legal attention –Proprietary software / patents Legal

10. Ulteo Virtual Desktop, Linux virtualization on Windows blender 2.46, 3d animation rtpBreak 1.3a, rtp sniffer xprobe 2 WebKnight, mod_security for IIS Nessus 3.2.1, does not work with freebsd 6 technet opened to community contributions Snort 2.8.2 maltego videos openssl 0.9.8h kismet 2008-05-R1 opera 9.5 promises built-in malware protection Axban, ActiveX Killbit tool Updates

11. CON Events Completed Cons –Layerone, 17 – 18 May / Pasadena CA –DallasCon 2008, TBD / Dallas, TX –AusCERT 2008, 18 - 23 May / Gold Coast AU –EuSecWest, 28 May – London UK

12. CON Results EuSecWest – Hardware Flashing EuSecWest – Cisco RootKit BlackHat Preview and Webcast

13. CON Events Future Cons –HOPE 7, 18 - 20 July / New York NY –USENIX 17th Security Symposium, 28 July - 1 Aug / San Jose CA –REcon 2008, 13 – 15 June / Montreal CA –Black Hat USA, 2 - 7 Aug / Las Vegas NV –DefCon, 8 - 10 August / Las Vegas NV –Chaos Communications Camp, TBD / Berlin

14. All images scavenged without permission