1. PREVIOUS GNEWS "This is Gary Gnu... and the no gnews is good gnews show. The ONLY tv gnews show guar-an-TEED-- to contain NO gnews what-so-ever."

2. Patch Tuesday 8 Patches originally expected, reduced to 4 –Pulled 2 for windows, 1 for office, and 1 for Visual Studio 4 Patches, 10 bugs addressed –3 fixes for Office, 1 fix for windows MS07-001 – Office 2003 Brazillian Grammer Checker –Remote code Exec – Exploit available MS07-002 – Excel –Remote code Exec – No Known Exploits MS07-003 – Outlook –Remote code Exec – Exploit available MS07-004 – VML (ie / outlook) –Remote code Exec – Exploit available –Replaces 06-055

3. Books Syndicate of London releases “End of Dayz” –www.endofdayz.netwww.endofdayz.net –End Of Dayz is an eclectic collection of underground text files compiled from Soljo Publishing’s full 1992 to 2006 run - a snapshot of creativity and opinion from the digital jilted generation, right from the ASCII edge and onto your bookshelf. Hacking, politics, science, fiction and humour from the group that brought you The Soljo, The Discordant Opposition Journal, SPACT and the RWM Collective. A must read for any self respecting old school geek, or indeed any geek interested in the history and traditions of underground geekdom. Internet counter culture at it's best.

4. Holes LMH announces Jan. as “Month of Apple Bugs ” –http://projects.info-pull.com/moab/http://projects.info-pull.com/moab/ –http://applefun.blogspot.comhttp://applefun.blogspot.com Landon Fuller, former Apple engineer, launches counter effort to provide fixes for each bug –http://landonf.bikemonkey.org/code/macosxhttp://landonf.bikemonkey.org/code/macosx Adobe Acrobat allows remote execution of arbitrary commands. –memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll) –Version 7.0.8 is patched. Adobe also gets a XSS bug, for potential arbitrary code –Version 7.0.9 is patched. MS Vista reported to have a new Vulnerability. Client Server Run- Time subsystem allows local elevation of privileges. –Code on milw0rm.com –Determina, reported four other vulns to MS.

5. DATA LOSS UCLA – 800,000 UTD – 6,000

6. Holes 2 VMWare ESX Patch released Happy New Year worm, standard email based crap –Will users never learn Six month old Symantec buffer overflow seeing much exploitation over the holidays. eBay “cross verification bug”. Paypal checkout and auction creation broke. Hidattack and BTCrack released during Chaos Communications Congress in Berlin. Both are Bluetooth tools. –Hidattack, hijack keyboard –BTCrack, full access to two connected devices AJAX, Security firm Imperva.com reports flaw in DWR (direct web reporting) allowing access to sensitive functions.

7. Games Wii remotes hacked –http://carl.kenner.googlepages.com/glovepie_download –Old power glove code adapted to Wii nunchuk. –Controls use IR for triangulation to control movement –But wait there’s more…. –Remotes used to control Roomba wireless vaccum. PS3, Demo machines purpose made to freeze up. –"We do that so that people won't play it all day long“

8. Holes 3 Cisco Clean Access (NAC), Patch Available –Unchangeable Shared Secret, –Readable Snapshots, access to DB archives w/o authenication Opera –Malformed jpeg header, crash opera –createSVGTransformFromMatrix, Javascript allows arbitrary code IE 6.x Race Condition, CVE-2007-009 –Possibly on IE 7 under Vista also Yahoo Messenger, Activex Heap Overflow Kaspersky AV, DoS condition

9. Corp. Hell CheckPoint buys NFR –Ah… didn’t NFR fold…a while ago?! NetClarity sues SourceFire and Inflection Point Ventures –Claims theft of intellectual property –IPO Impact? Cisco buys IronPort New lawsuits challenging DRM under Anti-Trust laws.

10. Film “Kitty Porn” – Masterbating cat named #1 internet film of the year by VH1. Montreal, CA. – Filming has started for War Games 2: The Dead Code. –A hacker breaks into ‘Ripley’ a terrorist simulation super computer. Director of Teenage Mutant Ninja Turtles 3 and Poltergeist: The Legacy TV series. Staring no body anyone has heard of. BackupHDDVD is posted to RapidShare.com. AACS cracked. –DVD enthusiast muslix64 shares the HD-DVD / BluRay ripper. –AACS (Advanced Access Control System) is the DRM protection used on HD-DVD and Blu- Ray discs. –Each movie requires a known crypto key, it is stated these will be shared as they are found. Lucas and Spielberg finalize script for 4 th Indiana Jones, filming in 2007. New Futurama in 2008. Entire cast and most of the writers return.

11. Updates Tor - 0.1.1.26 Snort – 2.6.1.2 Nessus – 32 SCADA specific checks SafetyCheck 1.5 beta – a Windows RootKit detector PacketFence 1.6.2 – Opensource NAC solution Falcon Storage Engine for MySQL made Open-Source Plash 1.17 – GNU / Linux Sandbox VMware Fusion – Beta Version of VMware desktop for Macintosh –Once you go mac you never go bac (okay yeah shoot me) MS releases 64bit kernel API criteria. Linux Kernel 2.6.20 to include full virtualization, KVM

12. Hong Kong, Chan Nai-Ming receives first jail sentence for bittorrent piracy. Philadelphia, Combination of Homeland Security and Private Surveillance cameras used to id killer..XXX, new contract which promises approval. May be open for registering this summer.