previous gnews. 5 patches – x bugs addressed other updates, msrt, defender definitions, junk mail...
TRANSCRIPT
Previous Gnews
• 5 Patches – x bugs addressed
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
• 5 Security Patches - 5 Critical– MS09-045 – JScript Scripting Engine, Remote Execution– MS09-046 – DHTML Editing Component ActiveX Control, Remote
Execution– MS09-047 – Windows Media Format, Remote Execution– MS09-048 – Windows TCP/IP, Remote Execution– MS09-049 – Wireless LAN AutoConfig Service, Remote Execution
Patch Tuesday
• Cisco Wireless Controllers– DoS, Mem Leak, HTTP Auth Bypass
• Cisco Firewall Services Module– DoS – ICMP Messages
• Adobe Flex, Multiple Vulns
• FreeBSD– DoS - kevent and syscall
• Linux 2.4/2.6 Local Privilege Escalation
• ColdFusion, XSS
Holes / Patches
• Counterstrike– DoS / Code Execution
• Half-Life 2– DoS / Security Bypass/ Code Execution
• Pidgin, Vuln in libpurple
• Chrome– JavaScript / SSL / XML
• Avast! Local Privilege Escalation
• Oracle delays patches for Con now scheduled for Oct 20th
Holes / Patches
Hacking • Microsoft FTP
• Rsnake SMB enum and decloaking
• Twitter, it’s not just for BotNet C&C anymore
• Diesel Hybrid, 78mpg
• Mitnick, booted off ISP (hostedhere.net) and AT&T Wireless
• Snow Leopard = Vuln Flash
• Wordpress Worm
Corp. Hell• London surveillance under fire
– 1 crime per 1000 cameras
• Immunet, cloud anti-virus
• Snow Leopard ships with malware detector
• Snow Leopard breaks full disk encryption
• Apache.org hacked
• Legal iPhone Jail Break• Auth’ed thru support and synced via iTunes
Corp. Hell
Film / Music
Irish ISP to block Pirate Bay
WTFEFF finds loop hole in "burning man terms of service“
Sandia launches 1 mil node bot netJericho rants
all your interwebs are belong to the white house
Wind Farm or Pending Death
DHS travel logs
Updates
xplico 0.5.2Network Forensic Tool, Pcap Parser
trafscrambler 0.2Mac, anti-sniffer
subseven back under dev with orignal author
IKECrackIKE / IPSEC authentication craker
Stoned BootkitMBR root kit
LegalOhio charges “lazy” employee as “hacker”
• SecTor, 5 – 7 Oct / Toronto• http://www.sector.ca/schedule.htm
• ToorCon, 23-25 Oct / San Diego• http://toorcon.org/
Con
All images scavenged without permission
All images scavenged without permission