PREVIOUS GNEWS Patch 7 Patches 11 bugs addressed

PREVIOUS GNEWS

Patch • • 7 Patches – 11 bugs addressed Affecting Windows, Windows Servers, Vista, Media Player, Direct. X, Macrovision (DRM) • 7 Security Patches - 3 Critical, 4 Important – – – – • Tuesday MS 07 -063 – SMBv 2 (Vista) - Remote Code Execution MS 07 -064 – Direct. X (Directx 7 – 10) - Remote Code Execution MS 07 -065 – Message Queuing Service (2 K, XP) – Remote Code Execution MS 07 -066 – Windows Kernel (Vista) - Privilege Escalation MS 07 -067 – Macrovision Driver (XP, 2003) – Local Privilege Escalation MS 07 -068 – Media File Format (Runtime 7 - 11) - Remote Code Execution MS 07 -069 – IE Cumulative Update Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches • Samba, Overflow in “reply_netbios_packet()” and GETDC (patch available) • FLAC file format, e. Eye reports 14 vulns • Lotus Notes 1 -2 -3 File Viewer, Overflow in 123 sr. dll (patch available) • Avaya Open. SSL, Overflow in “SSL_get_shared_ciphers()” (work around available) • Cygwin, Overflow in cygwin 1. dll (patch available) • Avast, Tar handling (patch available) • Skype, Overflow in sykpe 4 com. dll (patch available)

Hacking • FBI brags on Bot. Net hunting, “Operation Bot Roast II” – 8 controllers in 5 months • AT&T plans decommissioning of payphones over next year – RIP 1889 - 2008 • MS 27 Mhz Keyboards cracked, Expect Logitech to follow • Sun announces open-source rewards program – Code a thousand hours get a magazine subscription • Oak Rodge National Lab compromised via phishing – Possible link to China

Holes / Patches (more) • Apple Patch Release 2007 -008 – 41 patches • Apple Quick. Time, Overflow in “content-type” header – Multiple exploits posted to Milw 0 rm • Mozilla Firefox, Multiple vulns multiple updates • Open. Office, bypass security restrictions in HSQLDB engine (patch available) • Media Player, Overflow in 3 ivx MPEG-4 5. 0. 1 – Exploit posted to Milw 0 rm • Bit. Defender Active. X , Overflow in “Init. X()” (patch available) – Exploit posted to Milw 0 rm

Games • Blizzard and Activision announce merger • Sony game “ICO” for PS 2 violates GPL

Corp. Hell • OLPC “Give one, Get one” extended to Dec 31 2007 – 45, 000 ordered (24 Nov 2007) – MS and Intel turn up competitive heat • Nigerian Company claims patent infringement against OLPC’s XO laptop – Multilingual keyboard technology – Prior fraud record • Devorak says food more important than computers • Verizon Wireless to open network to 3 rd party devices – Google Android on the supported list • Germany deems network locked i. Phones legal • Nokia Claims ogg as proprietary format • PDF is no ISO 32000 • Facebook allows Beacon to be disabled in light of privacy concerns

Film / Music • Comcast targets fan-sub anime • Free Software Foundation launches “Expert Witness Defense Fund” • EMI to decrease funding of industry groups (RIAA, IFPI) • Blade Runner: The Final Cut

Papers • German Botnet Study, “Characterizing the IRC-based Botnet Phenomenon” • NIST, “Guide to Industrial Control Systems (ICS) Security” – SCADA, DCS, PLC

Updates • Vista SP 1 Preview • Nikto 2. 00 • Medusa 1. 4 (passwd cracker) • EFF ISP Forgery Detection Toolkit / pcapdiff • Iodine 0. 4. 1 (dns tunnel) • Swift Intruder (flash runtime analysis) • Snort 2. 8. 0. 1 • Fire. Fox 2. 0. 0. 12 (and 2. 0. 0. 10 and 2. 0. 011)

Legal • Hush. Mail follow-up, Warning users of required compliance with legal “back-doors” • FCC cable TV vote delayed – Measure would allow more FCC control of industry • All US border crosses to get terrorist risk profiles and kept for 40 years • Japan to fingerprint all foreigners • Canadian Passport website allowed access to personal data • ISC 2 claims Google and Yahoo indexing infringes on Trademarks

CON Results • Hack In The Box Malaysia 2007 (sept), videos no on-line • Undisclosed MS bugs demo’ed at Kiwi. Con – WPAD – Ethical hacker, Beau Butler – 160, 000 PCs in New Zealand reported vulnerable

CON Events • Completed Cons – – – LISA, 11 - 16 Nov 2007 - Dallas TX OWASP + WASC, 12 -15 Nov - San Jose CA Break. Point, 15 - 18 Nov - Mexico Sec. Tor, 20 – 21 Nov – Toronto Canada Pac. Sec 2007, 29 – 30 Nov - Tokyo • Future Cons – Chaos Communication Congress, 27 - 30 Dec 2007 - Berlin – l

All images scavenged without permission