previous gnews - DC214

townripeData Management

Jan 31, 2013 (4 years and 6 months ago)

189 views

PREVIOUS GNEWS



11
Patches


bugs addressed


Affecting Windows (all versions)













Other updates, MSRT, Defender Definitions, Junk Mail Filter


11
Security Patches
-

6
Critical,
5
Important


MS
08
-
003



AD
-

DoS


MS
08
-
004



TCP/IP


DoS


MS
08
-
005



IIS


Privilege Escalation


MS
08
-
006



IIS
-

Remote Code Execution


MS
08
-
007



WebDAV
-

Remote Code Execution *


MS
08
-
008



OLE Automation
-

Remote Code Execution


MS
08
-
009



Word
-

Remote Code Execution


MS
08
-
010



IE Cumulative
-


MS
08
-
011



Works File Converter
-

Remote Code Execution *


MS
08
-
012



Publisher
-

Remote Code Execution


MS
08
-
013



Office
-

Remote Code Execution



Patch Tuesday

Holes / Patches


IE
7
Moved back into ‘High Priority’



Vista SP
1
released to Manufacturers



Another Windows
0
-
day bounty


Digital Armaments,
20
K Hacker’s Challenge, ends Feb
29
th



Another Excel
0
-
day, Malformed file grants privilege escalation



MS
08
-
001
Update, MS Small Business Sever vuln to IGMP



AOL Radio, BO in OLMediaPlaybackControl.exe, allows code execution



Winamp, BO in in_mp
3
.dll, allows code execution



Yahoo! Music Jukebox Activex, BO in datagrid.dll, allows code execution


Multiple exploits posted to milw
0
rm



uTorrent, crafted packet with overly long client string, allows code execution

Hacking


Drive
-
by pharming in the wild



Polish TV Remote used to control train switch



vLite, Windows Vista Stripper



Malicious Facebook page poses as Windows Update



Mitnick Probation ends



iPhone / iPod Touch
1.1.3
firmware jail busted


Paper on milw
0
rm



NIAP Group posts new anti
-
rootkits to rootkit.com



Yahoo! Captcha Cracked

Holes / Patches (more)


Oracle Patch Release,
27
patches


Multiple local exploits posted to milw
0
rm



Oracle Siebel SimBuilder NCTAudioFile
2
ActiveX



Apple Patch Release
2008
-
001
,
411
fixes



Apple QuickTime, BO in handling RTSP relies, code execution



iPhone application signing key leaked



MBR Rootkit



Cisco, BO in CTLProvider.exe, DoS / Code execution



Cisco ASA, TTL decrement feature enabled, DoS



Home Routers, exploited via flash swf file and UPNP

Corp. Hell


OLPC coming to America



Time Warner Cable Beaumont TX tests tiered internet plans



Hasbro issues DMCA against Facebook applications



Oracle buys BEA



Sun buys mysql.



HackerSafe (or not)



Windows
7
scheduled for
2
nd

half of
2009



MS virtualization strategy announced


Possible partnership with Citrix / reverses EULA prohibiting Vista under virtualization



No open source for os/
2




NVIDIA buys AGEIA



Yahoo! Music closing, converts user to Real / Rhapsody



new comcast tos



Do Not Call Registry to be made permanent

Holes / Patches (again)


TSA Website hacked (data loss)



Citadel SMTP, BO in
user_ops.c, allows code execution



Facebook Photo Uploader


Multiple exploits on milw
0
rm



Another Adobe Reader vulnerability



Mozilla Firefox and Thunderbird, Multiple vulns



GNUCitizen release PoC code for
BT Home Hub
6.2.6
.B, VOIP
hijacking



Skype IE zone allows malicious code execution



Nokia / Symbian worm, SymbOS/Beselo.A!worm



Lots of SQL injection posted to milw
0
rm

Film / Music


Netflix removes steaming limits



Possible deal in writers strike

Papers


RBN, Shadowserver Foundation



Flash Memory, Robert Graham (blog)



NIST draft for IPv
6


ICANN adds IPv
6
to internet backbone routers



Risking Communications Security: Potential Hazards of the Protect America
Act, Steve Bellovin, Matt Blaze, Whit Diffie, Susan Landau, Peter
Neumann, and Jennifer Rexford



Covert channel vulnerabilities in anonymity systems, Steven Murdoch


University of Cambridge



NIST approved scanners



gay authentication


Undercover: Authentication Usable in Front of Prying Eyes


UK proposes chipping prisoners



RealID requirements issued



UK considering a German hacking tool law



Dakota makes DNS zone transfers illegal.



Maryland ditches digital voting



EU slams ISP filtering



Canadian DMCA takes more heat



EU recommends IPs be considered personal data.



Electronics freely searchable



Bush security plan


Legal


Sun Java
6
update
4


VOIP hopper
0.9.7


tor
0.1.2.19


wifizoo
1.3
(dsniff
-
ish)


sqlmap
0.5


sysinternals


autoruns
9.02


psservice
2.22


tcpview
2.53


psexec
1.94


KDE
4.0
goes cross platform


linux kernel
2.6.24


metasploit
3.1


OSVDB API beta


PostgreSQL
8.3


aircrack ng
0.9.2

Updates


student expelled for misquoted Facebook image



QuickTime DRM disables
3
rd party video editing.



apple cripples their dtrace port



under water cables cut in Mediterranean



SCADA security mailing list


(don't talk security)



more fedware

WTF

CON Events


Future Cons


Ebay RedTeam, ? Feb / SanJose


Shmoocon,
15
-

18
Feb / Washington DC


Black Hat DC,
18
-

21
Feb / Washington DC


InfowarCon
2008
,
2
-

4
Mar / Bethesda MD


Infosec World,
10
-

12
Mar / Orlando FL


SOURCE Boston,
12
-

14
Mar / Boston MA


Black Hat Europe,
25
-

28
Mar / Amsterdam


CanSecWest
2008
,
26
-

28
Mar / Vancouver BC


CarolinaCon
4
,
28
-

29
Mar / Chapel Hill NC

All images scavenged without permission

All images scavenged without permission