1. PREVIOUS GNEWS

2. 8 Patches – 10 bugs addressed Affecting Project, Visio, DNS, GDI, Scripting, Activex, IE, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter 8 Security Patches - 5 Critical, 3 Important –MS08-018 – Project - Remote Code Execution –MS08-019 – Visio - Remote Code Execution –MS08-020 – DNS - Spoofing –MS08-021 – GDI - Remote Code Execution –MS08-022 – VBScript / JScript - Remote Code Execution –MS08-023 – Update to Activex Kill Bits –MS08-024 – IE Cumulative update –MS08-025 – Kernel Update – Privilege Escalation

3. Holes / Patches Oracle Patches Scheduled for April 15 th Apple Security Page has a new look Apple Patches released for –Safari 3.1 –Bundle 2008-002, 46 patches affecting 90+ CVEs –AirPort Extreme Base Station Firmware 3.7.1 –Digital Camera RAW Compatibility Update 2.0 –QuickTime 7.4.5 Unreleased iPhone already hacked –disables boot loader firmware check 2 Vulns in Safari, 1 allows code execution 3 Vulns in Asterisk, 1 allows code execution

4. Hacking P2P data leakage back in the news SCADA vulnerability database launched –Delphi, hosted by Wurldtech Security Technologies (closed membership) Zone-H drops defacement archive? Facebook privacy enhancements used to gain access to private photos Opus Palladianum (OP) new secure browser –University of Illinois Kraken Botnet bigger than Storm Sans April Fools Wrap Up

5. Holes / Patches (more) IE 5 an 6 FTP Command Injection Vista SP1 gets bad reviews Windows 2008 vulnerabilities bypass security features –No details released Multiple vulnerabilities in Firefox, Thunderbird, and SeaMonky Multiple Vulnerabilities in Opera Wireshark, multiple DoS vulnerabilities (tftp, ldap, sccp, and more) Cisco ACS for Windows, BO in /securecgi-bin/CSUserCGI.exe Multiple vulnerabilities in Cisco IOS, memory leak, DoS

6. Corp. Hell Peru begins teacher training for OLPC NVIDIA drivers bad for Vista –Reported cause for 28% of all crashes Sony / BMG sued for illegal software –PointDev system administration tools Feds ban IBM contracts / purchases –‘concerns raised about potential activities involving an EPA procurement‘

7. Film / Music New Futurama in June –‘The Beast with a Billion Backs’ Flat-Rate iTunes purchasing model? Canadian TV –CBC to use DRM free torrent distribution of primetime content RIAA Lawsuit –Includes provision to stop 'continuing to engage in criminal investigation of private American citizens'

8. Japanese ISP disconnect file sharers MI-5 wants Oyster Card data –British Public Transit Smart Card Foreign Intelligence Surveillance Act (FISA) –‘the FISA Amendments Act of 2008 or H.R. 3773, relaxes the requirement of emergency warrants’ Click and go directly to jail –FBI Child Porn Dragnet uses fake links and ads to target would be offenders Legal

9. SELinux build R080305 Inguma 0.0.7.2 (python pentest framework) Fwknop 1.9.2 (single packet auth) looking glass 1.0.1.0 (malware / process analysis) Photoshop Express Beta (free photoshop) –complaints spawn rewrite of TOS OpenOffice 2.4 Capture-HPC 2.1 Wireshark 1.0 freenet 0.7 (P2P) FireFox 3 beta 5 ProxyStrike 1.0 (web app proxy) Updates

10. UK wants DNA of potential offenders, as young as 5 Cat caught in dirty bomb scanner WTF

11. CON Events Completed Cons –SOURCE Boston, 12 - 14 Mar / Boston MA –Black Hat Europe, 25 - 28 Mar / Amsterdam –CanSecWest 2008, 26 - 28 Mar / Vancouver BC –CarolinaCon 4, 28 - 29 Mar / Chapel Hill NC –Notacon 5, 4 - 6 Apr / Cleveland OH RECON announces CFP

12. CON Results Source – Source Boston videos on technologytroll.com Source – symbiotic vs. parasitic computing BH Europe – Operation System Security Metric, “0-day patch rate” BH Europe – Paterva presentation BH Europe – Christopher Tarnovsky, smart card hacker BH Europe – BioLogger PoC released, biometric capture and hack CanSecWest – Pwn2Own, Mac via Safari, Vista via Adobe CanSecWest – Photos (not so much of the con)

13. CON Events Future Cons –USENIX Usability, Psychology, and Security 2007, 14 Apr / San Francisco CA –Hack In The Box, 14 - 17 Apr / Dubai –Trooper 08, 23 – 24 Apr / Munich –Infosecurity Europe 2008, 22 – 24 Apr / London –Interop, 27 Apr - 2 May / Las Vegas NV –Layerone, 17 – 18 May / Pasadena CA –DallasCon 2008, TBD / Dallas, TX –AusCERT 2008, 18 - 23 May / Gold Coast AU –HOPE 7, 18 - 20 July / New York NY

14. All images scavenged without permission