Presentation on theme: "PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever.""— Presentation transcript:
PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."
0 WE DON’T NEED NO STINKING PATCHES! 4 Patches originally expected –0 Security –4 Non-Security related updates, Malicious Tool Update 4 Patches, –Reliability update, corrects issue with Stop 0x1a (mem mgt) and Stop 0x0a5 (IRQL not less or equal) –Patch for Media Format 11 SDK, DRM subscriptions between hardware devices –Junk Mail Filter Update –Malicious Software Removal Tool Update
Books Windows PowerShell in Action was written –Bruce Payette The Oracle Hacker's Handbook: Hacking and Defending Oracle –David Litchfield Microsoft Vista for IT Security Professionals –Anthony Piltzecker Kismet Hacking –Brad Haines, Frank Thornton
Holes Stefan Esser Launches Month Of PHP Bugs –Formerly of Zend now heading the PHP Hardening Project Day one was a rehash of five (5) known but previously unpatched bugs Is tossing out the occasional “bonus” bug 21 total bugs as of March 13th 11 released with code, 10 labeled as no code required.
DATA LOSS Texas A&M –System hacked, School changes all 96,000 passwords University of Idaho –Web site post includes 2,700 employee records Census Bureau –Web site post 5x between Oct 2006 and Feb 2007 includes 302 housholds Speedmark (texas marketing firm) –Stolen laptop with employee and contractor data Stop and Shop Supermarket (new england) –Card Reader Hack Kiaser Medical Center (california) –Stolen laptop with 22,000 patient records
Holes II Cisco Network Analysis Module (patch available) –Spoof SNMP, take over switch via NAM FireFox locations.hostname DOM Bypass (patch available) –10 other fixes, includes password manage, sslv2 Apple Patches four (4) more MOAB vulns –Disk image file, user notification center, ichat (x2) Apple Security Update release March 13 th –30 patches, reported to fix 45 holes Snort Exploit post to milw0rm.com (patch available) Windows RealDirectoryChangesW information leak –Sub directory access where user has access to parent directory
Games X-Box Hypervisor Hacked –Allows arbitrary code and alternate OS –Requires Physical Access
Corp. Hell SourceFire IPO hits the markets –Trades start at $15.45 and spikes to $18.50 –Originally expected to open between $12 and $14 Cisco and Apple settle over iPhone. Cisco acquires XML vendor Reactivity
Papers 2 nd (another) Paper on TOR vulnerabilities OWASP releases testing guide NIST release new security docs –Email, IDS/IPS, wireless security Computer Investigation Guide for Windows
Film Die Hard 4: Live Free Or Die –Semi retired alcoholic cop is throwing it part time for DHS Star Trek prequeal is set to stun X-mas 2008 –Matt Damon, Adrien Brody and Gary Sinise will play Kirk, Spock, and Scotty, respectively
WTF?! RadarSync.com – posting Vista drivers not made available by Windows MS Release list of “official” support Apps for Vista “Not Sure” added to Windows Genuine Advantage categories Estonia may be first to allow on-line voting Konami pulls slots machine after detection of subliminal jackpot image No MS Security Patches for March.
Updates Nessus Beta 3.2 Nikto 1.36 Clam AV 0.90 WS Fuzzer AxMan ReactOS 0.3.1 Process Monitor v1.1 AccessChk v3.0 Fierce Domain Scanner Helios Lite, Rootkit Detection Future Releases –Longhorn Server might be seen in 2007 –Torment, H.D.Moores’s answer to TOR based (anti-)kiddie porn
Legal FBI and MPAA hired to train Swedish Police Anti-Child Porn Bill H..R 837, Lamar Smith (R-TX) –Calls for requirement of ISPs to be able to track users DoD, Drink or Die warez leader charged with copyright infringement Fair Use Act, Bouche (D-VA) and Doolittle (R-CA) to update the DMCA DMCA charges against Musilx64 for the AACS decrypt utility ‘BackupHDDVD’ MS vs Iowa Anti-Trust YouTube.com identifies users for FOX
CON BlackHat DC –RFID Demo was pulled, –Rehash of Apple WiFi Drivers Future Cons –ShmooCon, 23 – 25 March 2007 – Washington D.C (sold out) –CanSecWest, 18 – 20 April 2007 – Vancouver CA –DallasCon – 11 – 12 May 2007 – Dallas, TX –BlackHat – 28 July thru 2 Aug 2007 – Las Vegas, NV –DefCon – 3 – 5 August 2007 – Las Vegas, NV