6 patches, 15 bug – 3 critical, affects 2000, xp, srv 2003 / 8, vista, office other updates, msrt,...
TRANSCRIPT
• 6 Patches, 15 bug – 3 Critical, Affects 2000, XP, Srv 2003 / 8, Vista, Office
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS09-063 - Web Services on Devices API Remote Code Execution– MS09-064 - License Logging Server Remote Code Execution– MS09-065 - Windows Kernel-Mode Drivers Remote Code Execution– MS09-066 - Active Directory Denial of Service– MS09-067 - Microsoft Office Excel Remote Code Execution– MS09-068 - Office Word Remote Code Execution
Patch Tuesday
• VMWare, Multiple Vulns– DHCP DoS– Guest Escaltion, Directory Traversal
• SSL/TLS is broken
• Java
• Adobe
• Wireshark, DoS Paltalk dissector
• Browsers– Firefox, Chrome, Opera, Safari
Holes / Patches
Hacking • VM Detection in Malware
• Evil-Maid– Drive Encryption Bypassing
• CSS History HiJacking
• Facebook HiJacking– crossdomain.xml
• Stroke dies, kinda, maybe...
• Apple 2009-006– 10.6.2 breaks atom support
• iPhone worm– root - alpine
• Google Cloud used for bot master
• Windows 7 / 2008 kernal crash
Holes / Patches
Books
• Free COFEE– Computer Online Forensic Evidence Extractor
• Rapid7 acquires Metasploit
• CyberTerror… it’s all in your head
• Hulu proxy blocking
• ICANN approves non-latin chars in TLD
• Skype for Linux to go open
• MS and NC State create Hypervisor based rootkit detection
Papers
Mostrame la Guita! Adventures in Buying Vulnerabilities
Pedram Amini
Web Application Security Consortium (WASC) 2008 Statistics
Microsoft Security Intelligence Report
WTF
• CIA invests in social network mining
• MS reports profits under Nevada
• New Zealand recommends eating your pets to go green
Legal
• FCC and Net Neutrality
• Pirate Bay (almost dead this time…)
• Email not protected by 4th Ammendment
• Congress wants ISPs to block fraud sites
UpdatesOragami 1.0.0
PDF forensics and forgery
Mozilla RaindropThink Google Wave
Nikto 2.1
KrbGuess 0.21Kerberos brute forcer
Yokoso 0.1Web finger printing
Chrome 4 Beta
RATS proxy 2.3
Google Go
All images scavenged without permission
All images scavenged without permission