PREVIOUS GNEWS

1
PREVIOUS GNEWS
2
Patch Tuesday

• 6 Patches 27 bugs addressed
• Affecting Windows, Office, Visual Studio, IE
• Other updates, MSRT, Defender Definitions, Junk
  Mail Filter

• 8 Security Patches - 5 Critical, 1 Moderate
• MS08-070 Visual Basic Activex Remote
  Execution
• MS08-071 GDI Remote Execution
• MS08-072 MS Office Remote Execution
• MS08-073 IE Remote Execution
• MS08-074 Excel Remote Execution
• MS08-075 Windows Search Remote Execution
• MS08-076 SharePoint Privilege Escalation
• MS08-077 Media Components Remote Execution

3
Holes / Patches

• Apple iPhone 2.2
• Apple Safari 3. 2
• FireFox 3.0.4
• ClamAV, "get_unicode_name(), DoS
• Microsoft Wordpad, fixed in SP3
• Trillian, XML Handling, Remote Execution
• Java, Multiple Vulnerabilities
• Cain and Abel, Local Exploit

4
Hacking

• Intropy, Using PyMSRPC to Trigger MS08-067,
  DVLabs blog
• Ubuntu ported to ARM chips
• Windows Mobile gets first virus (for like the
  5th time)
• MILF gets defaced. (Moro Islamic Liberation
  Front)
• Integrity-178B most secure OS, gets NSAs highest
  rating
• MS SliverLight to be ported to Linux
• Creating Malicious Macros with Metasploit

5
Books

• Applied Security Visualization,
• Raffael Marty

6
Corp. Hell

• New SCADA Forum
• Lifelock claims click jacking protection
• MAST, Microsoft Security Assessment Tool 4.0
• Microsoft offers Live OneCare for free
• Checkfree bill pay system compromised via domain
  hijacking

7
Papers

• Web vulnerabilities to gain access to the system
• pepeluxatenye-secdotorg
• Guidelines on Cell Phone and PDA Security
• NIST
• Emerging Cyber Threats Report for 2009
• Georgia Tech Information Security Center
• The Durable Internet
• Timothy B Lee
• Security Vulnerabilities in SOHO Routers
• Craig Heffner, Derek Yap

8
Updates

• Metasploit 3.2
• Java FX
• A flash / silverlight competitor
• GitTorrent Protocol (GTP)
• In dev
• Python 3
• Tor 0.2.0.32
• Secunia PSI 1.0.0.1

9
All images scavenged without permission
All images scavenged without permission