Transcript Document

Previous Gnews
Patch
•
10 Security Patches - 6 Critical, 3 Important, 1 Moderate
–
–
–
–
–
–
–
–
–
–
•
Tuesday
MS09-018 - Active Directory Could Allow Remote Code Execution
MS09-019 - Cumulative Security Update for Internet Explorer
MS09-020 - IIS Could Allow Elevation of Privilege
MS09-021 - Excel Could Allow Remote Code
MS09-022 - Windows Print Spooler Could Allow Remote Code
Execution
MS09-023 - Windows Search Could Allow Information Disclosure
MS09-024 - Microsoft Works Converters Could Allow Remote
Code Execution
MS09-025 - Windows Kernel Could Allow Elevation of Privilege
MS09-026 - RPC Could Allow Elevation of Privilege
MS09-027 - Word Could Allow Remote Code Execution
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches
• IIS auth bypass. See MS09-020
• Ciscoworks TFTP. Enable by default
• cisco ios DoS in Cisco Tunneling Control Protocol (cTCP)
• Java for HP-UX, (yeah…..)
• Quicktime / iTunes / Safari / Java / Firefox / <insert monthly crap>
• Mac Kernal exploit on Milw0rm
• Vista SP2 released
• DirectX
Papers
• RSTEG , Retransmission Steganography
• Center for Internet Security, Concensus Metrics Definitions
v1.0.0
• Election Assistance Commission, revised e-voting standards
• IOSCat,
Corp. Hell
• DHS hacked, unclassified systems
• Craigslist removes ‘erotic services’
– Replaced with ‘adult’
• Adobe moves to quarterly releases,
– starting yesterday
• Triple Fiber Network shutdown by FTC
Film / Music
Amazon to bypass RIAA with TuneCore partnership
Original cast signed for Ghostbusters 3
Futurama signed for 26 new episodes on Comedy Central
WTF
FCC reserves the right to enter your home without a warrant.
Claims inspection of proper operation of devices
HR848 Performance Rights Act
Flat rate bulk royalty pricing, regardless of public domain or copyrighted content
Stuff
• Snort gets new preprocessor, implements ip blacklisting.
• Wepbuster 1.0, sorta an automated aircrack-ng
• Ftpxerox 1.0,
• Warvox 1.0.1, voip / war dialing
Cons
•
Black Hat USA, 2 - 7 Aug / Las Vegas NV
• http://www.blackhat.com/
•
•
-
DefCon, 8 - 10 August / Las Vegas NV
• http://www.defcon.org/
•
-
All images scavenged without permission
All images scavenged without permission