November/December News (PPT)

663 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
663
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • All images scavenged without permission http://www.t-shirthumor.com/Merchant2/graphics/fullsize/bdgn_lg.gif
  • Sources: - http://www.microsoft.com/technet/security/bulletin/advance.mspx - http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx - http://blogs.technet.com/msrc/default.aspx http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx http://www.microsoft.com/technet/security/Bulletin/MS07-064.mspx http://www.microsoft.com/technet/security/Bulletin/MS07-065.mspx http://www.microsoft.com/technet/security/Bulletin/MS07-066.mspx http://www.microsoft.com/technet/security/Bulletin/MS07-067.mspx http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx http://www.infosecnews.org/hypermail/0712/14086.html Caffine
  • Sources: http://secunia.com/advisories/27450/ http://it.slashdot.org/article.pl?sid=07/11/20/0137240 http://secunia.com/advisories/27835/ http://secunia.com/advisories/27870/ http://www.securiteam.com/windowsntfocus/6C0031FKKQ.html http://secunia.com/advisories/27929/ http://secunia.com/advisories/27934/ CS Gas
  • Sources: http://www.securityfocus.com/brief/635 http://mobile.slashdot.org/article.pl?sid=07/12/04/159204 http://www.darkreading.com/document.asp?doc_id=140533&WT.svl=news1_2 http://slashdot.org/article.pl?sid=07/12/05/162244 http://www.infosecnews.org/hypermail/0712/14084.html http://www.infosecnews.org/hypermail/0712/14092.html Nicotine
  • Sources: http://secunia.com/advisories/27643/ http://docs.info.apple.com/article.html?artnum=307041 http://secunia.com/advisories/27755/ http://www.milw0rm.com/exploits/4673 http://www.milw0rm.com/exploits/4664 http://www.milw0rm.com/exploits/4657 http://www.milw0rm.com/exploits/4651 http://secunia.com/advisories/27928/ http://isc.sans.org/diary.html?storyid=3729 http://www.milw0rm.com/exploits/4701 http://www.milw0rm.com/exploits/4702 http://secunia.com/advisories/27717/ http://www.milw0rm.com/exploits/4663 Prozac
  • Sources: http://games.slashdot.org/article.pl?sid=07/12/02/1728243 http://games.slashdot.org/article.pl?sid=07/11/28/0328215 Ritalin
  • Sources: http://laptopgiving.org/en/index.php http://yro.slashdot.org/article.pl?sid=07/11/28/0319211 http://yro.slashdot.org/article.pl?sid=07/12/03/0526202 http://hardware.slashdot.org/article.pl?sid=07/12/09/1845224 http://mobile.slashdot.org/article.pl?sid=07/11/24/2015229&tid=146 http://hardware.slashdot.org/article.pl?sid=07/11/27/1818251 http://mobile.slashdot.org/article.pl?sid=07/12/04/1637219 http://mobile.slashdot.org/article.pl?sid=07/12/04/2221210 http://yro.slashdot.org/article.pl?sid=07/12/09/2045200 http://slashdot.org/article.pl?sid=07/12/05/0149227 http://yro.slashdot.org/article.pl?sid=07/12/05/2114247 Valium
  • Sources: http://slashdot.org/article.pl?sid=07/11/19/0442202 http://yro.slashdot.org/article.pl?sid=07/11/19/1948244 http://yro.slashdot.org/article.pl?sid=07/11/29/1347225 http://slashdot.org/article.pl?sid=07/12/09/2342255 Ketamine
  • Sources: http://honeyblog.org/junkyard/reports/botnet-china-TR.pdf http://www.infosecnews.org/hypermail/0711/14016.html http://csrc.nist.gov/publications/drafts/800-82/2nd-Draft-SP800-82-clean.pdf LSD
  • Sources: http://www.pcworld.ca/news/column/3eef651f0a010408008b33e8065121c5/pg1.htm http://packetstorm.linuxsecurity.com/filedesc/nikto-2.00.tar-gz.html http://www.darknet.org.uk/2007/11/medusa-14-parallel-password-cracker-released-for-download/ http://yro.slashdot.org/article.pl?sid=07/11/29/1547259 http://www.eff.org/testyourisp/pcapdiff/ http://packetstorm.linuxsecurity.com/filedesc/iodine-0.4.1.tar-gz.html http://packetstorm.linuxsecurity.com/filedesc/swfintruder-0.9-tgz.html Absinthe
  • Sources: http://www.infosecnews.org/hypermail/0711/14015.html http://slashdot.org/article.pl?sid=07/11/28/0124250 http://yro.slashdot.org/article.pl?sid=07/12/02/2356202 http://yro.slashdot.org/article.pl?sid=07/11/19/0436218 http://it.slashdot.org/article.pl?sid=07/12/05/0227255 http://www.infosecnews.org/hypermail/0712/14075.html http://www.infosecnews.org/hypermail/0711/14013.html Psilocybin
  • Sources: - Con Archive - http://mirrors.easynews.com/blackhat/ http://www.infosecnews.org/hypermail/0712/14074.html http://video.hitb.org/2007.html http://www.infosecnews.org/hypermail/0711/14035.html http://www.kiwicon.org/ Ecstacy
  • Sources: http://hacker.textfiles.com/cons/ http://www.infosecnews.org/hypermail/0710/13902.html PacSec 2007, 29 – 30 Nov - Tokyo http://pacsec.jp/ CarolinaCon 4, 28 – 29 Mar - http://carolinacon.org/ DayCon, 12 – 14 Oct – Dayton OH http://www.day-con.org/ SecTor http://www.sector.ca/schedule.htm http://www.phreaknic.info http://www.phreaknic.info/pn0x0b/ http://www.breakpointsecurity.net/ http://www.owasp.org/index.php/OWASP_&_WASC_AppSec_2007_Conference InfowarCon 2008 – 2-4 Mar 2008 - Bethesda MD http://www.infowarcon.com/ Viagra
  • Sources:
  • November/December News (PPT)

    1. 1. PREVIOUS GNEWS
    2. 2. Patch Tuesday <ul><li>7 Patches – 11 bugs addressed </li></ul><ul><li>Affecting Windows, Windows Servers, Vista, Media Player, DirectX, Macrovision (DRM) </li></ul><ul><li>Other updates, MSRT, Defender Definitions, Junk Mail Filter </li></ul><ul><li>7 Security Patches - 3 Critical, 4 Important </li></ul><ul><ul><li>MS07-063 – SMBv2 (Vista) - Remote Code Execution </li></ul></ul><ul><ul><li>MS07-064 – DirectX (Directx 7 – 10) - Remote Code Execution </li></ul></ul><ul><ul><li>MS07-065 – Message Queuing Service (2K, XP) – Remote Code Execution </li></ul></ul><ul><ul><li>MS07-066 – Windows Kernel (Vista) - Privilege Escalation </li></ul></ul><ul><ul><li>MS07-067 – Macrovision Driver (XP, 2003) – Local Privilege Escalation </li></ul></ul><ul><ul><li>MS07-068 – Media File Format (Runtime 7 - 11) - Remote Code Execution </li></ul></ul><ul><ul><li>MS07-069 – IE Cumulative Update </li></ul></ul>
    3. 3. Holes / Patches <ul><li>Samba, Overflow in “reply_netbios_packet()” and GETDC (patch available) </li></ul><ul><li>FLAC file format, eEye reports 14 vulns </li></ul><ul><li>Lotus Notes 1-2-3 File Viewer, Overflow in 123sr.dll (patch available) </li></ul><ul><li>Avaya OpenSSL, Overflow in “SSL_get_shared_ciphers()” (work around available) </li></ul><ul><li>Cygwin, Overflow in cygwin1.dll (patch available) </li></ul><ul><li>Avast, Tar handling (patch available) </li></ul><ul><li>Skype, Overflow in sykpe4com.dll (patch available) </li></ul>
    4. 4. Hacking <ul><li>FBI brags on BotNet hunting, “Operation Bot Roast II” </li></ul><ul><ul><li>8 controllers in 5 months </li></ul></ul><ul><li>AT&T plans decommissioning of payphones over next year </li></ul><ul><ul><li>RIP 1889 - 2008 </li></ul></ul><ul><li>MS 27 Mhz Keyboards cracked, Expect Logitech to follow </li></ul><ul><li>Sun announces open-source rewards program </li></ul><ul><ul><li>Code a thousand hours get a magazine subscription </li></ul></ul><ul><li>Oak Rodge National Lab compromised via phishing </li></ul><ul><ul><li>Possible link to China </li></ul></ul>
    5. 5. Holes / Patches (more) <ul><li>Apple Patch Release 2007-008 </li></ul><ul><ul><li>41 patches </li></ul></ul><ul><li>Apple QuickTime, Overflow in “content-type” header </li></ul><ul><ul><li>Multiple exploits posted to Milw0rm </li></ul></ul><ul><li>Mozilla Firefox, Multiple vulns multiple updates </li></ul><ul><li>OpenOffice, bypass security restrictions in HSQLDB engine (patch available) </li></ul><ul><li>Media Player, Overflow in 3ivx MPEG-4 5.0.1 </li></ul><ul><ul><li>Exploit posted to Milw0rm </li></ul></ul><ul><li>BitDefender ActiveX , Overflow in “InitX()” (patch available) </li></ul><ul><ul><li>Exploit posted to Milw0rm </li></ul></ul>
    6. 6. Games <ul><li>Blizzard and Activision announce merger </li></ul><ul><li>Sony game “ICO” for PS2 violates GPL </li></ul>
    7. 7. Corp. Hell <ul><li>OLPC “Give one, Get one” extended to Dec 31 2007 </li></ul><ul><ul><li>45,000 ordered (24 Nov 2007) </li></ul></ul><ul><ul><li>MS and Intel turn up competitive heat </li></ul></ul><ul><li>Nigerian Company claims patent infringement against OLPC’s XO laptop </li></ul><ul><ul><li>Multilingual keyboard technology </li></ul></ul><ul><ul><li>Prior fraud record </li></ul></ul><ul><li>Devorak says food more important than computers </li></ul><ul><li>Verizon Wireless to open network to 3 rd party devices </li></ul><ul><ul><li>Google Android on the supported list </li></ul></ul><ul><li>Germany deems network locked iPhones legal </li></ul><ul><li>Nokia Claims ogg as proprietary format </li></ul><ul><li>PDF is no ISO 32000 </li></ul><ul><li>Facebook allows Beacon to be disabled in light of privacy concerns </li></ul>
    8. 8. Film / Music <ul><li>Comcast targets fan-sub anime </li></ul><ul><li>Free Software Foundation launches “Expert Witness Defense Fund” </li></ul><ul><li>EMI to decrease funding of industry groups (RIAA, IFPI) </li></ul><ul><li>Blade Runner: The Final Cut </li></ul>
    9. 9. Papers <ul><li>German Botnet Study, “Characterizing the IRC-based Botnet Phenomenon” </li></ul><ul><li>NIST, “Guide to Industrial Control Systems (ICS) Security” </li></ul><ul><ul><li>SCADA, DCS, PLC </li></ul></ul>
    10. 10. <ul><li>Vista SP1 Preview </li></ul><ul><li>Nikto 2.00 </li></ul><ul><li>Medusa 1.4 (passwd cracker) </li></ul><ul><li>EFF ISP Forgery Detection Toolkit / pcapdiff </li></ul><ul><li>Iodine 0.4.1 (dns tunnel) </li></ul><ul><li>Swift Intruder (flash runtime analysis) </li></ul><ul><li>Snort 2.8.0.1 </li></ul><ul><li>FireFox 2.0.0.12 (and 2.0.0.10 and 2.0.011) </li></ul>Updates
    11. 11. Legal <ul><li>HushMail follow-up, Warning users of required compliance with legal “back-doors” </li></ul><ul><li>FCC cable TV vote delayed </li></ul><ul><ul><li>Measure would allow more FCC control of industry </li></ul></ul><ul><li>All US border crosses to get terrorist risk profiles and kept for 40 years </li></ul><ul><li>Japan to fingerprint all foreigners </li></ul><ul><li>Canadian Passport website allowed access to personal data </li></ul><ul><li>ISC2 claims Google and Yahoo indexing infringes on Trademarks </li></ul>
    12. 12. CON Results <ul><li>Hack In The Box Malaysia 2007 (sept), videos no on-line </li></ul><ul><li>Undisclosed MS bugs demo’ed at KiwiCon </li></ul><ul><ul><li>WPAD </li></ul></ul><ul><ul><li>Ethical hacker, Beau Butler </li></ul></ul><ul><ul><li>160,000 PCs in New Zealand reported vulnerable </li></ul></ul>
    13. 13. CON Events <ul><li>Completed Cons </li></ul><ul><ul><li>LISA, 11 - 16 Nov 2007 - Dallas TX </li></ul></ul><ul><ul><li>OWASP + WASC, 12 -15 Nov - San Jose CA </li></ul></ul><ul><ul><li>BreakPoint, 15 - 18 Nov - Mexico </li></ul></ul><ul><ul><li>SecTor, 20 – 21 Nov – Toronto Canada </li></ul></ul><ul><ul><li>PacSec 2007, 29 – 30 Nov - Tokyo </li></ul></ul><ul><li>Future Cons </li></ul><ul><ul><li>Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin </li></ul></ul><ul><ul><li>l </li></ul></ul>
    14. 14. All images scavenged without permission All images scavenged without permission

    ×