Transcript previous gnews

PREVIOUS GNEWS
Patch
•
•
4 Patches – x bugs addressed
Affecting Windows, SQL, Office, Visual Studio, .Net
•
8 Security Patches - 5 Critical, 1 Moderate
–
–
–
–
•
Tuesday
MS08-052 –
MS08-053 –
MS08-054 –
MS08-055 –
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches
• Opera, Multiple Vulns. 9.52 patches
• Google Chrome (Beta), Apple CarpetBomb
–
–
–
–
Chrome is built on Apple WebKit engine
More bloated then IE 8
Spiked to 3% market share, drops to 1.9%
fixed multiple issues (after ver. 0.2.149.27)
• Facebook, allows javascript to do pretty much anything
– Discover during dev for MyChess app
– Facebook denies its existence
• Facebook, Photo of the Day (fake nat geo app)
– Botnet PoC, via javascript
• Nokia, Series 40 OS (VOIP). Nokia admits to vulns
Hacking
• RedHat Breached
• iPhone password bypass
• Mobile Remote Wipe (iPhone, Blackberry)
• New Media attention on BGP snarfing
Holes / Patches
• Multiple VMWare
– VMWare Server, multiple vulns
– VMWare Workstation, multiple vulns
– VMWare ESX Server, multiple vulns
• Awstats, multiple vulns
• Postfix, local privilege escalation
• Wireshark, DoS
• FreeBSD, DoS
• Cisco PIX / ASA, Information Disclosure and DoS
• Secunia site redesign
– Highlights commercial services
Film / Music
• Myth Busters + RFID = Corporate Cover-up ???
• Real Networks to make crippled DVD copier
WTF
•
EULAs
– Google, all your data are belongs to us, and we can filter it too
– Facebook, all your photos are bleongs to us, and we can sell it too
– YouTube, all your videos are belong to us, and we can keep it regardless of
deletion too
•
California Law is Copyrighted
•
Scientologists issue YouTube 4000 DMCA take down notices
•
OS/2 launches bounties for new code
Updates
• Tor 0.2.0.30
• porkbind
• open vas
• ubuntu kernal fixes
• DNSSEC by 2009
• Snort 2.8.3
Legal
• No –Fly list is now contestable
• No-Fly list database / backend is fubar
All images scavenged without permission
All images scavenged without permission