Week 28 in Review – 2009

Events Related:

• SANS Forensic Summit
  • Windows Incident Response blog review
• Black Hat USA
  • Black Hat USA 2009 Conference Schedule now on sched.org
  • Predicting Social Security Numbers
    • Reverse-engineering SSNs from publicly available data – boingboing.net
    • There’s Security, Then There’s Social Security – eset.com
    • Social Security Numbers Deduced From Public Data – wired.com
  • Jeremiah Grossman’s Picks
• DEFCON
  • secxy pillow fight – secpillowfight.com

Tools:

• Apple CrashWrangler – apple.com
• Sample DNS Rebinding Code – ha.ckers.org
• CANVAS 6.48 released
• MIR-ROR: Motile Incident Response – codeplex.com
• Meterpreter Sniffer Module – darkoperator.com

Vulns:

• Microsoft ActiveX 0day
  • New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll – technet.com
  • Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution – microsoft.com
  • 0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks – isc.sans.org
  • Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption exploit (meta) – rec-sec.com
  • Poking around MSVIDCTL.DLL – addxorrol.blogspot.com
  • Exploiting MSVidCtl ActiveX with Metasploit – darkoperator.com
• OpenSSH 0day FUD – isc.sans.org

Other News:

• Goldman Sachs Trading Source Code In the Wild? – slashdot
• Milw0rm closed and re-opened
  • milworm Shutting The Doors – liquidmatrix.org
  • Milw0rm offline – isc.sans.org
  • Milw0rm is Back Up and Running
• New vulnerability repository site Inj3ct0r
• Government DoS
  • Online Attack Hits US Government Web Sites – slashdot
  • Lazy Hacker and Little Worm Set Off Cyberwar Frenzy – wired
  • Was North Korea Behind the DDOS Attack? – pcworld