may/june news (ppt) - dc214
Post on 19-Oct-2014
488 views
DESCRIPTION
TRANSCRIPT
PREVIOUS GNEWSPREVIOUS GNEWS
Patch Tuesday
• New Format
• 13 Patches originally expected– 6 Security
• Affects Windows OS, Outlook / Mail, IE, Office, Visio
– 7 Non-Security related updates, Malicious Tool Update
• 6 Security Patches, 15 bugs addressed (eye reports 19 bugs)
– MS07-030 - Microsoft Visio - Remote Code Execution
– MS07-031 - Schannel Security Package
• XP - Remote Code Execution / 2003 - DoS
– MS07-032 - Vista - Information Disclosure
– MS07-033 – IE Cummulative 6 vulns, 5 Code Execution / 1 spoofing
– MS07-034 – Outlook Express / Mail Cumulative Code Execution, 3 via IE
– MS07-035 – An unnamed win32 API - Remote Code Execution (vector for IE, maybe more)
Books
• March• Zen and the Art of Information Security
– by Ira Winkler
• Cross Site Scripting Attacks: XSS Exploits and Defense– by Seth Fogie, Robert Hansen, Jeremiah Grossman, Anton Rager
• April• Mastering Windows Network Forensics and Investigation
– by Steven Anson, Steven James Anson
• May• How to Cheat at Configuring Open Source Security Tools
– by Michael Gregg, Eric Seagren, Angela Orebaugh, Matt Jonkman, Raffael Marty
• Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
– by Chris Sanders
Holes• “Month of…” ActiveX Wrap-up
– 35 bugs – LeadTools got beat up, Barcode Apps, Office Viewers
• June is Month of Search Engine Bugs– Hotbot, msn, yahoo, rambler, ask.com, others
• IE and Firefox bugs– cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing
• Opera Right-Click Overflow (patched in 9.21)– Transfer Item Pop-up Menu Stack Overflow Vulnerability – Malicious torrents in the wild
• Cisco 3rd party cypto library, ANS.1 DoS
• Veritas Storage Foundation DoS, input validation
• Packeteer Web Interface DoS, URL request via read-only user
DATA LOSS
• 40+ Reported Cases– TX Law Enforcement, stolen laptops
– Waco ISD, system compromise
– IBM, missing tapes
– JP Morgan Chase, missing tape
– TSA, lost hard drive
Holes 2
• Botnet Mgt GUI, ‘Zunker’ reported by Panda Software
• Gozi variant now has keylogger and improved signature evasion
• PoC BadBunny virus for OpenOffice, (Win – Mirc / xchat, Mac – Ruby, Linux Perl / Python)
• 3 variants of Trojan-SMS.SymbOS.Viver, Smart Phone virus generates text messages to premium rate numbers
• Norton Personal Firewall and Internet Security 2004– Buffer Overflow in ActiveX (ISLALERT.DLL, SET(), GET())
• Unicode Encoding Flaw (rather decoding)– Improper handling of Full-width and Half-width encoding can allow the
bypass of some security devices, IIS, Cisco IPS, 3Com, McAffee
Games
• Xbox Live bans hacked Xbox 360 consoles
• Miami attorney Jack Thompson declares he will sue Microsoft if they perform any sale of ‘Halo 3’ to any persons under 17
• DCEmu announce Wii and GameCube coding contest
Holes 3
• Windows Updater Hi-Jack– Background Intelligent Transfer Service (BITS)
• Vista Team re-launches Vista Security Blog– Apparently their job wasn’t done ; )
• 4 out of cycle MS patches, 2 related to security– Windows installer (above)– Microsoft Office Isolated Conversion Environment (MOICE)
• iDefense announce bounty for 0-days in Apache httpd, BIND, Sendmail, Open SSH, MS IIS, or MS Exchange Server
• Activex buffer Overflow in Ksign SWAT (pki and id mgt)
Corp. Hell
• PacketFocus to provide RFID audits• eEye enters service market• Google buys FeedBurner (rss content vendor)• Verizon buys Cybertrust (managed service provider)
• Symantec enters mobile 5 market• intel encroaches on one laptop per child• Time Warner implements packet shaping
• MS claims patent infringement on 235 patents• FCC approves Apple iPhone (will use arm processors)
• Apple sues over Ann Summers ‘iGasm’ iPod accessory ads
Holes 4
• Apple Releases Patch Set addressing 17 vulns– BIND, crontabs, fetchmail, ichat, ruby, vpn, and more
• Apple Releases 2 Quick Time patches– Both for malicious java applets delivered via website
• Safari for Windows hits the street an immediately vulnerable• David Maynor releases 4 DoS and 2 remote execution• Thor Larholm finds URL protocol handler command injection
• Yahoo Messenger 0-day, buffer overflow in Activex for WebCam
• Latest fix in AACS saga, hacked before it was officially launched• Yet another follow-up fix hacked a day after launch
• NXP Semiconductors (philips) is developing an RFID activated DVD
• Ritek Corp. is developing re-writable BD-RE and HD DVD-RE with sales this year
• 6 Months after submissions close ReasearchChannel.org announces winners of the ’06 Educause Cyber Security Awareness Month Video Contest
• Terminator “franchise” sold, Halcyon Co. shooting for 2009 release of ‘The Terminator 4’
Papers• HP performance evaluation of Xen and OpenVZ
• David Litchfield 4 part Oarcle Forensics on milw0rm
• Mark Russinovich TechNet article on Windows UAC
• Rob Paveza 2 stage UAC bypass Proof-of-Concept
• DHS Cyber Security Paper (BotNets) BAA07-09
WTF!?
• DRM = Digital Consumer Enablement– HBO’s Bob Zitter calls for a re-definition of DRM to show just how
positive it really is
• PirateBay hacked and DB copied, blog server blamed for the vuln
• National Payment Card links Drivers License and Debit Card via MagStripe in select locations, 24 states including TX
• Cell Phones wipe Nissan smart keys, Altima and G35
• Apple DRM free tunes contain user info, name and email– Music purchased on itunes has always contained identifiable info
however previously those tunes were “non-transferable”
Updates• (April) WhiteDust launches hackspace.net• The a5 cracking project (gsm a5/1 algorithm)• Domain keys Identified Mail Signaures DKIM• Spyware Process Detector v2.02• Samba 3.0.25• aircrack ng 0.9• nipper 0.9.5• rfidiot 0.1m and rfidiot 0.1n• Sysinternals - SigCheck v1.4, PsExec v1.83, DiskExt v1.1• honey trap 0.7.0• FireGPG (encrypt web based mail) • tor-0.1.2.14.tar.gz• Parallel (intel mac)• Symantec 11• clamav-0.90.3.tar.gz• fwknop 1.8.1
Legal• MySpace Refuses to share data of known sex offenders
• Myspace recants and gives data to authorities
• MySpace data pops it’s first false positive
• US Military networks block MySpace, YouTube, and other social networks
• San Francisco court rules Google’s “thumbnail-porn” is protected by fair-use
• US Anti-Spyware bill passed Congress, waiting on Senate vote
• TX bill, HB 2714, requires computer companies to provide free recycling services
• Robert Soloway (reported ‘spam king’) was arrested in Seattle
• Fourth and Final Draft of GPLv3 released
• Mods to German law makes “hacker tools” illegal
• Belgium urged to withdrawal gen1 RFID enabled passports
CON Results
• Microsoft BlueHat Security Briefings– Felix Domke, demonstrated his hypervisor hack of the Xbox 360
• Interop– NAC Panel– NAC TCG and Microsoft compatibility
• Interop– 7 Habits of Hackers (or exploit methodology)
CON Events
• Completed Cons– BlueHat, 10 May 2007 - Redmond, WA – AusCERT2007, 20 – 25 May - Australia– Interop, 20 – 25 May - Las Vegas, NV
• Future Cons– REcon Party, 13 - 16 June 2007 - Montreal– BlackHat, 28 July thru 2 Aug 2007 – Las Vegas, NV– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Chaos Communications Camp, 8 - 12 August - Berlin– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– DefCon, 3 – 5 August 2007 – Las Vegas, NV– Hack In The Box, 3 – 6 Sept. – Kuala Lumpur– WhiteDust Black and White Ball, 18 - 23 Sept – London– ToorCon, 29 Sept - 1 Oct 2007 - San Diego CA– Phreaknic, 20 - 22 Oct 2007 - Nashville TN
All images scavenged without permission
All images scavenged without permission