PREVIOUS GNEWS Patch • • New Format 13 Patches originally expected – – • Tuesday 6 Security • Affects Windows OS, Outlook / Mail, IE, Office, Visio 7 Non-Security related updates, Malicious Tool Update 6 Security Patches, 15 bugs addressed (eye reports 19 bugs) – – – – – – MS07-030 - Microsoft Visio - Remote Code Execution MS07-031 - Schannel Security Package • XP - Remote Code Execution / 2003 - DoS MS07-032 - Vista - Information Disclosure MS07-033 – IE Cummulative 6 vulns, 5 Code Execution / 1 spoofing MS07-034 – Outlook Express / Mail Cumulative Code Execution, 3 via IE MS07-035 – An unnamed win32 API - Remote Code Execution (vector for IE, maybe more) Books • • March Zen and the Art of Information Security – by Ira Winkler • Cross Site Scripting Attacks: XSS Exploits and Defense – by Seth Fogie, Robert Hansen, Jeremiah Grossman, Anton Rager • • April Mastering Windows Network Forensics and Investigation – by Steven Anson, Steven James Anson • • May How to Cheat at Configuring Open Source Security Tools – by Michael Gregg, Eric Seagren, Angela Orebaugh, Matt Jonkman, Raffael Marty • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems – by Chris Sanders Holes • “Month of…” ActiveX Wrap-up – 35 bugs – LeadTools got beat up, Barcode Apps, Office Viewers • June is Month of Search Engine Bugs – Hotbot, msn, yahoo, rambler, ask.com, others • IE and Firefox bugs – cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing • Opera Right-Click Overflow (patched in 9.21) – Transfer Item Pop-up Menu Stack Overflow Vulnerability – Malicious torrents in the wild • Cisco 3rd party cypto library, ANS.1 DoS • Veritas Storage Foundation DoS, input validation • Packeteer Web Interface DoS, URL request via read-only user DATA LOSS • 40+ Reported Cases – – – – – TX Law Enforcement, stolen laptops Waco ISD, system compromise IBM, missing tapes JP Morgan Chase, missing tape TSA, lost hard drive Holes 2 • Botnet Mgt GUI, ‘Zunker’ reported by Panda Software • Gozi variant now has keylogger and improved signature evasion • PoC BadBunny virus for OpenOffice, (Win – Mirc / xchat, Mac – Ruby, Linux Perl / Python) • 3 variants of Trojan-SMS.SymbOS.Viver, Smart Phone virus generates text messages to premium rate numbers • Norton Personal Firewall and Internet Security 2004 – Buffer Overflow in ActiveX (ISLALERT.DLL, SET(), GET()) • Unicode Encoding Flaw (rather decoding) – Improper handling of Full-width and Half-width encoding can allow the bypass of some security devices, IIS, Cisco IPS, 3Com, McAffee Games • Xbox Live bans hacked Xbox 360 consoles • Miami attorney Jack Thompson declares he will sue Microsoft if they perform any sale of ‘Halo 3’ to any persons under 17 • DCEmu announce Wii and GameCube coding contest Holes 3 • Windows Updater Hi-Jack – Background Intelligent Transfer Service (BITS) • Vista Team re-launches Vista Security Blog – Apparently their job wasn’t done ; ) • 4 out of cycle MS patches, 2 related to security – Windows installer (above) – Microsoft Office Isolated Conversion Environment (MOICE) • iDefense announce bounty for 0-days in Apache httpd, BIND, Sendmail, Open SSH, MS IIS, or MS Exchange Server • Activex buffer Overflow in Ksign SWAT (pki and id mgt) Corp. Hell • • • • PacketFocus to provide RFID audits eEye enters service market Google buys FeedBurner (rss content vendor) Verizon buys Cybertrust (managed service provider) • Symantec enters mobile 5 market • intel encroaches on one laptop per child • Time Warner implements packet shaping • MS claims patent infringement on 235 patents • FCC approves Apple iPhone (will use arm processors) • Apple sues over Ann Summers ‘iGasm’ iPod accessory ads Holes 4 • Apple Releases Patch Set addressing 17 vulns – BIND, crontabs, fetchmail, ichat, ruby, vpn, and more • Apple Releases 2 Quick Time patches – Both for malicious java applets delivered via website • Safari for Windows hits the street an immediately vulnerable • • David Maynor releases 4 DoS and 2 remote execution Thor Larholm finds URL protocol handler command injection • Yahoo Messenger 0-day, buffer overflow in Activex for WebCam • Latest fix in AACS saga, hacked before it was officially launched • Yet another follow-up fix hacked a day after launch • NXP Semiconductors (philips) is developing an RFID activated DVD • Ritek Corp. is developing re-writable BD-RE and HD DVD-RE with sales this year • 6 Months after submissions close ReasearchChannel.org announces winners of the ’06 Educause Cyber Security Awareness Month Video Contest • Terminator “franchise” sold, Halcyon Co. shooting for 2009 release of ‘The Terminator 4’ Papers • HP performance evaluation of Xen and OpenVZ • David Litchfield 4 part Oarcle Forensics on milw0rm • Mark Russinovich TechNet article on Windows UAC • Rob Paveza 2 stage UAC bypass Proof-of-Concept • DHS Cyber Security Paper (BotNets) BAA07-09 WTF!? • DRM = Digital Consumer Enablement – HBO’s Bob Zitter calls for a re-definition of DRM to show just how positive it really is • PirateBay hacked and DB copied, blog server blamed for the vuln • National Payment Card links Drivers License and Debit Card via MagStripe in select locations, 24 states including TX • Cell Phones wipe Nissan smart keys, Altima and G35 • Apple DRM free tunes contain user info, name and email – Music purchased on itunes has always contained identifiable info however previously those tunes were “non-transferable” Updates • • • • • • • • • • • • • • • • (April) WhiteDust launches hackspace.net The a5 cracking project (gsm a5/1 algorithm) Domain keys Identified Mail Signaures DKIM Spyware Process Detector v2.02 Samba 3.0.25 aircrack ng 0.9 nipper 0.9.5 rfidiot 0.1m and rfidiot 0.1n Sysinternals - SigCheck v1.4, PsExec v1.83, DiskExt v1.1 honey trap 0.7.0 FireGPG (encrypt web based mail) tor-0.1.2.14.tar.gz Parallel (intel mac) Symantec 11 clamav-0.90.3.tar.gz fwknop 1.8.1 Legal • • • MySpace Refuses to share data of known sex offenders Myspace recants and gives data to authorities MySpace data pops it’s first false positive • US Military networks block MySpace, YouTube, and other social networks • • • San Francisco court rules Google’s “thumbnail-porn” is protected by fair-use US Anti-Spyware bill passed Congress, waiting on Senate vote TX bill, HB 2714, requires computer companies to provide free recycling services • Robert Soloway (reported ‘spam king’) was arrested in Seattle • Fourth and Final Draft of GPLv3 released • • Mods to German law makes “hacker tools” illegal Belgium urged to withdrawal gen1 RFID enabled passports CON Results • Microsoft BlueHat Security Briefings – Felix Domke, demonstrated his hypervisor hack of the Xbox 360 • Interop – NAC Panel – NAC TCG and Microsoft compatibility • Interop – 7 Habits of Hackers (or exploit methodology) CON Events • Completed Cons – BlueHat, 10 May 2007 - Redmond, WA – AusCERT2007, 20 – 25 May - Australia – Interop, 20 – 25 May - Las Vegas, NV • Future Cons – – – – – – – – – – REcon Party, 13 - 16 June 2007 - Montreal BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV DefCon, 3 – 5 August 2007 – Las Vegas, NV Chaos Communications Camp, 8 - 12 August - Berlin Hack In The Box, 3 – 6 Sept. – Kuala Lumpur DefCon, 3 – 5 August 2007 – Las Vegas, NV Hack In The Box, 3 – 6 Sept. – Kuala Lumpur WhiteDust Black and White Ball, 18 - 23 Sept – London ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA Phreaknic, 20 - 22 Oct 2007 - Nashville TN All images scavenged without permission All images scavenged without permission