• 9 Patches – 2 Critical – 12 CVEs

• Affected – IE, Kernel, SharePoint, Remote Desktop, AD…..

Other updates, MSRT, Defender Definitions, Junk Mail Filter

– MS13-028 – Cumulative Security Update for Internet Explorer, Remote Code– MS13-029 – Remote Desktop Client, Remote Code– MS13-030 – SharePoint, Info Disclosure– MS13-031 - Windows Kernel, Privilege Escalation– MS13-032 – Active Directory, DoS– MS13-033 – Windows Client/Server Run-time Subsystem (CSRSS), Privilege

Escalation– MS13-034 – Microsoft Antimalware Client, Privilege Escalation– MS13-035 – HTML Sanitation Component, Privilege Escalation– MS13-036 – Kernel-Mode Drivers, Privilege Escalation

Patch Tuesday

• Oracle, Due April 16

• Adobe– APSB13-10 – ColdFusiont 2 CVEs– APSB13-11 – Adobe Flash Player 4 CVEs– APSB13-12 – Adobe Shockwave Player 4 CVEs

• Apple,– Security Update 2013-001– Safari 6.0.3– iOS 6.1.3– Apple TV 5.2.1

• Cisco– Cisco Connected Grid Network Management System,

multiple vulns– IOS, multiple vulns– VPN Client, DoS

Holes / Patches

• Postgres

• Apple credits evaders for exploits

• FB Events exposes data

• sKype / dropbox to FB redirection hole

•

Holes

• carna botnet scans world with nmap

• Yahoo accounts used to spread andriod malware

• Evernote as command and control

• holy mossad? Anonymous claims hack on agency website

• apple id and password modification, fixed and hacked again

• spamhaus DDoS

• american express DDoS

• Amazon S3 has holes, data leak exposes sales data, game source code, personal photos, etc.

• kerbs and emergency center attacks

• ATM malware

• Scribd passwords

Holes / Hacking

Corp• FIDO Stanadard claims an end to passwords (paypal, lenovo, ….)

• Windows Blue leaked on-line• MS claims skype did not hand over data to law enforcement

• paypal / ebay 86 vmware, go openstack

• Energy companies reported to be attacked the most

• Bitcoin exchange ddos, elsewhare price tops $140 per bitcoin

• Genetic Alliance to Launch Reg4All, (do not call registry for medical data)

• Google to change patent policy, won’t pursue violations (10 patents with opensource software)

• cloud based scada really???

• wordpress now with 2fa

• hulu looking for buyers

• FF tracking cookie foo

• DoJ wants more access to data

• NSLs with gag-order ruled unconstitutional

• CA bill to require warrant for electronic communications• CA Law to allow users knowledge of and access to data

• Apple to reject apps that access UUID

• FISMA passed (Federal Information Security Amendments Act)• EFF calls for opposition of CFAA reform draft (Computer Fraud and Abuse Act )

• two factor auth for apple ids

• IBM materials developers may have new chip based on ionic currents

• 3d printing not on ATF radar

• Credit Card net take down 40 arrested

• FBI stingray

• s korea to repeal 3 strike copyright law

Legal

• Can't patent Math

• Georgia censorship order, blogger responsible to 3rd party comments

• Russia select blocking of internet

Legal 2

• malicious DNS• https://www.sans.org/reading_room/whitepapers/dns/detecting-malicious-dns-traffic_34152

• airNIDS• https://www.sans.org/reading_room/whitepapers/detection/airnids-intrusion-detection-wireless-ether_34147

• ips evasion• https://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137

• mod_rewrite• https://www.sans.org/reading_room/whitepapers/intrusion/web-log-analysis-defense-mod_rewrite_34127

• mem forensics• https://www.sans.org/reading_room/whitepapers/forensics/indicators-compromise-memory-forensics_34162

• IBM xforce threat report• http://www-03.ibm.com/security/xforce/downloads.html

• 2012 HP Risk Report• http://www.hpenterprisesecurity.com/collateral/whitepaper/HP2012CyberRiskReport_0313.pdf

• boot processes• http://resources.infosecinstitute.com/windows-booting-process/

• intro to x64 assembly• http://software.intel.com/sites/default/files/m/d/4/1/d/8/Introduction_to_x64_Assembly.pdf

• Hacking aircraft• http://commandercat.com/2013/04/hitb2013.html

Papers

Java Snoop

TAILS

(anonymous live cd)

RAM Capture

snort community ruleset

batman routing protocol

(mesh network)

tools

• Political correctness

• Two people lose jobs cause chic mis-interpreted a personal conversation, albeit in a public locale

• death to hackers

• NATO Cyber Warfare report

• British intelligence agency called out for plain text passwords

• Mesh ipv6 lightbulb, zigbee protocol

WTF

Symantec - Dallas Security and Compliance User Group

InfoSec SouthWest 2013 April 19 – 21http://2013.infosecsouthwest.com/speakers.html

CON Events

All images scavenged without permission

All images scavenged without permission