PREVIOUS GNEWSPREVIOUS GNEWS

• 6 Patches – 9 bugs addressed

• Affecting Windows, Outlook Express / Windows Mail, Office, IE

• Other updates, MSRT, Defender Definitions, Junk Mail Filter, RootCert• ** Aug, MS pushed silent patches including devices with auto-update disabled

Patch Tuesday

• 6 Security Patches - 4 Critical, 2 Important– MS07-055 – Kodak Image Viewer (win2k) - Remote

Code Execution– MS07-056 – Outlook Express / Windows Mail -

Remote Code Execution (NNTP)– MS07-057 – IE Cumulative – MS07-058 – RPC – DoS (NTLM)– MS07-059 – SharePoint Services 3.0 / Office

SharePoint Server 2007 – Privilege Escalation (XSS, in SP)

– MS07-060 – Word – Remote Code Execution

Books• Security Data Visualization: Graphical

Techniques for Network Analysis – by Greg Conti

• Essential Silverlight– by Christian Wenz

• Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research

– by David Maynor, James C. Foster, KK Mookhey, Kevin Harriford

– HDPS. In case it wasn't clear, the Metasploit team

was not involved with this book in any shape or form.

- eBook was very briefly leaked to the metasploit mail list.

Holes / Patches• Pwnpress Exploitation Toolkit

– code posted to milw0rm

• Open Office, Tiff document handling (patch available)

• VMware ESX Server, multiple vulns (patch available)

• Tor ControlPort torrc Rewrite (patch available)– code posted to milw0rm, ControlPort must be enabled

• Ruby Net::HTTPS insufficient Validation of Server Certificate CN (patch available)

• Java JRE, Multiple Vulns (patch available)

• XEN, privilege escalation (patch available)

DATA LOSS

• 21 + reported incidents

• TD Ameritrade– 6 million Records, Database compromise

• ABN Amro– 5,000 Records on BearShare

• Western Oregon University– Student Reporter on file, Paper Advisor fired

Holes / Patches (more)

• QuickTime– JavaScript on Firefox

• Apple Patches MOAB #3 for Windows– Command injection via .qtl

• Automated Solutions Modbus TCP Slave Activex– Arbitrary code on SCADA devices

• AOL AIM– IE controls, victim must be logged on

• Gmail XSS

Hacking

• Multi-Core attacks, Cambridge Professor leverages concurrency

• New iPod linux-ized

• Apple WiFi hack details finally released

• AirRaid2, Thailand WiFi Completion Dec 21 2007

• personalwireless.org launches RFID mail list

• Are botnets are splintering to evade detection?

Holes / Patches (again)

• Microsoft SQL Server Distributed Management Objects Buffer Overflow – code posted to milw0rm

• Excel 2007 Multiplication bug– any formula that should evaluate to 65,535 will act strangely

• Undisclosed 0-day in .pdf files

• DHS mail list misconfig exposes member emails

• Citrix .ica file harvesting

Corp. Hell• Intel buys Havok (physics / animation)• Yahoo buys Zimbra (office suite)• McAfee buys SafeBoot (encryption)• Nokia Buys Navteq (mapping)• MS to increase stake in FaceBook

• One Laptop PerChild announces limited commercial sale in November

– $400, you get one, child gets one

• Google to launch Gphone in 2008• Google StreetView to blur Canada• Google drafts an open source license

• Symantec DeepSight issues false ThreatCon4 alert

• Wal-Mart RFID venture reported as not meeting expectations

Games

• All versions PSP Hack

• Halo3

• Games for Grades– Oak Cliff GameStop manager suspended

Film / Music• FCC requires analog TV until 2012• Class action suit filed for ala cart TV packaging

• Trent Reznor condones theft

• China creates it’s own hi-def format, CH-DVD

• Virgin Digital closes store• Amazon launches DRM-Free store

• AT&T planning to filter MPAA content • Canadian copyright official sacked after MPAA lobbyist relationship

exposed

• BluRay copy protection, BD+, not 100% compatible

Papers

• Blog - XP Process Throttling

• Michael G. Kaplan - Receiver Initiated Authentication: A Practical Method to Authenticate Incoming Email

• Stanford, CMU, VMware, Xen -Compatibility is Not Transparency: VMM Detection Myths and Realities

• Web Application Common Criteria scoring drafted

• Berkeley posting full lectures to YouTube

• University of Waterloo, Ann Cavoukian – Privacy By Design

Updates• iPhone firmware update 1.1.1• Apple Leopard may not support 800Mhz G4• Metasploit iPhone payloads• FireFox 2.0.0.7• FireFox 3 Anti-Phishing uses Google• FireCat 1.2 • Gnome 2.2• WordPress 2.3• Flare (flash decompiler)• rkhunter 1.3.0• aircrak-ptw• thc-orkelcracker11g• IE7 installer drops WGA checking• XP SP3 Beta released

Legal• N.runs reposts btcrack code

• Isp tax ban ends Nov 1st

• Two Patriot Act provisions ruled unconstitutional

• 17 year old with a copy of ‘The Anarchist’s Cookbook’ charged in U.K. under the Terrorism Act 2000

• New U.K. laws criminalize refusal to surrender encryption keys

• TJX ringleader gets 5 years

• Police recover data on erased CD-RW by writing to disc

• iPhone law suits

CON Results

• Simple Nomad discusses IDS / IPS at Security World

• MS Blue Hat, Blog posts by RFP, Halvar Flake and more• MS Blue Hat, Closed WabiSabiLabi exploit auction

CON Events

• Completed Cons– Security World - - San Francisco CA– MS Blue Hat – Sept 27 – 28 2007 – Redmond WA– ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA

• Future Cons– Phreaknic, 20 - 22 Oct 2007 - Nashville TN– LISA, 11 - 16 Nov 2007 - Dallas TX– OWASP + WASC, 12 -15 Nov - San Jose CA– BreakPoint, 15 - 18 Nov - Mexico– Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin– InfowarCon 2008 – 2-4 Mar 2008 - Bethesda MD

All images scavenged without permission

All images scavenged without permission