Week 29 in Review – 2009

It’s been a busy week with several new vulnerabilities, and patches from Oracle, Mozilla, and Microsoft. Black Hat USA and DEFCON is coming up, and the excitement is in the air. Just do a twitter search and see how many people are talking about it. Now onto the weekly review…

Events Related:

• National SCADA Test Bed (NSTB) Advanced Training – Apparently the DOE is offering free SCADA training at INL this month. Via digitalbond.com
• SOURCE Boston ‘09 Conference Videos Online
• SANS Forensics Summit
• Trusted Signal’s Day One and Day Two review
• SANS Forensic Summit: Thoughts and Slides – moyix.blogspot.com
• Black Hat / DEFCON parties list – hexesec.wordpress.com

Tools:

• Nmap 5.00
• Nmap 5.00 Release Notes – nmap.org
• Exclusive Review of Nmap 5.0 (by Tim O’Neill) – lovemytool.com
• nmap 5 released – blogs.securiteam.com
• LAMP Security Capture the Flag 6 Released – lampsecurity.org

Vulns:

• Microsoft Office Web Components
• Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution – isc.sans.org
• More information about the Office Web Components ActiveX vulnerability – technet.com
• Microsoft: Newly Discovered MS Office/IE Flaw – washingtonpost.com
• Metasploit OWC ActiveX Exploit – darkoperator.com
• Firefox 3.5 JavaScript
• Critical JavaScript vulnerability in Firefox 3.5 – blog.mozilla.com
• Firefox 3.5 escape() Return Value Memory Corruption Metasploit Exploit – darkoperator.com
• Mitigating That Critical Firefox 3.5 Vulnerability – threatpost.com
• Oracle July 2009 Critical Patch Update Released – oracle.com
• Microsoft Security Bulletin Summary for July 2009 – microsoft.com
• Linux Null Pointer Flaw
• New Linux Flaw Enables Null Pointer Exploits – threatpost.com
• Clever attack exploits fully-patched Linux kernel – theregister.co.uk
• Firefox 3.5.1 DoS
• milw0rm 9158 “stack overflow” crash not exploitable (CVE-2009-2479) – blog.mozilla.com

Other News:

• German Health Insurance Card CA Loses Secret Key – slashdot.org