Upload
claude-lambert
View
214
Download
2
Embed Size (px)
Citation preview
Previous Gnews
• 13 Patches – 8 Critical, Affects pretty much everything
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS09-050 - SMBv2 Remote Code Execution– MS09-051 - Windows Media Runtime Remote Code Execution– MS09-052 - Vulnerability in Windows Media Player Remote Code Execution– MS09-053 - FTP Service for Internet Information Services Remote Code Execution– MS09-054 - Cumulative Security Update for Internet Explorer– MS09-055 - Cumulative Security Update of ActiveX Kill Bits– MS09-056 - Windows CryptoAPI Spoofing– MS09-057 - Vulnerability in Indexing Service Remote Code Execution– MS09-058 - Windows Kernel Elevation of Privilege– MS09-059 - Vulnerability in Local Security Authority Subsystem Service Denial of Service– MS09-060 - Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office
Remote Code Execution– MS09-061 - the Microsoft .NET Common Language Runtime Remote Code Execution– MS09-062 - GDI+ Remote Code Execution
Patch Tuesday
• Oracle Patches are due Oct 20th.
• Apple iTunes 9.0.1• Apple Xsan 2.2• Apple Security Update 2009-005• Mac OS X 10.6
• Bug in 10.6 wipes user data
• VLC Plyer, multiple buffer overflows
• googleapps.exe mishandles ‘googleapps.url.mailto:’
• Adobe Reader
• Browsers - Chrome, Firefox
Holes / Patches
Hacking • Skulpt and Pyjamas – Python in a browser
• Twitter direct messaging “worm”– Phishing attempt
• variance-based radio tomographic imaging– X-Ray vision via wireless
• PayPal null prefix SSL certificate– Moxie Marlispike – SSLsniff and SSLstrip
• Office Starter 2010– Ad Based Office Lite
Corp. Hell• Facebook to shutdown Beacon
• Microsoft Essentials goes live, blocked on “unofficial” OSes
• Next version of Firefox will fix XSS– Content Security Policy (CSP)
• iPhone to allow VOIP
Books
Games
Wii upgrade attempts to block home-brew
PapersA Spotlight on Security and Privacy Risks with FutureHousehold Robots: Attacks and Lessons
University of Washington
[IN]SECURE Magazine 22
Updates
snort.2.8.5
Websecurify
flawfindersource code review
NST v2.11.0
Emerging threats changes rule sets, config update needed
John the ripper 1.7.3.4
samhain 2.5.9cfile integrity
All images scavenged without permission
All images scavenged without permission