PREVIOUS GNEWS. Patches – ? Critical – ? CVEs Affected – ? Other updates, MSRT, Defender...
-
Upload
shreya-phillip -
Category
Documents
-
view
221 -
download
3
Transcript of PREVIOUS GNEWS. Patches – ? Critical – ? CVEs Affected – ? Other updates, MSRT, Defender...
• ? Patches – ? Critical – ? CVEs
• Affected – ?
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS12-052+ - NEXT WEEK FOOL
Patch Tuesday
• Oracle, 87 fixes
• Adobe– none– Hmmmmmm ,2months no patches……
• Apple,– Safari 6.0– Xcode 4.4
• Cisco– Cisco Unified Web and E-mail Interaction Manager JBoss
Security Documentation Update
Holes / Patches
• skype im redirects
• a reason for 3d printing- handcuff keys
• oracle on exchange
• Bind 9
• ubisoft uplay
Holes
• New blackhole variant
• Skype code leaked
• DARPA power strip – jumbo size pwnie express
• Drone hacking
• Grum phish takedown
• Malware now impersonating googlebot
• new in-slot skimmers
• HP Scanners propagate malware
• osx malware – yep it still exists ‘crisis’
Hacking
• chip and pin devices
• dropbox breached
• MS blocks direct to desktop boot hack
• frrenxch leaving hadopi?
• Reuters via wordpress
Hacking
• Chrom / Safari broken anti-tracker
• google better flash sandbox• wtf google – sensoring youtube comments
• Facebook av service• FB more silent changes – displays when and who reads group posts
• Skype – will not disclose if it will disclose to law enforcement
• still more password leaks – gamigo, nvidia, and more
• click to play in chrome and FF – built-in no-script function
• Apple buys Authentec• Apple now with AV
Corp
• silent circle– Phil Zimmerman, anonymous comms mobile app
• e-flicker registers anonymous logos
• SAP owes Oracle 306m after lose in court
• RIM keys?– Reports given access to Indian govt, no official confirmation
• VMware Nabs Nicira– mobile security
• d
Corp
• evidence guides – tips on collecting court worthy evidence
• RIM owes 147mil in patent infringement
• megaupload no us address, immune– State of Virginia
• Bill Cybersecurity Act of 2012 (sopa redux)• Bill not passed by senete• Possible executive order to come
• patent troll bill
• Illinois makes it illegal to break the law– Employer can’t request social network passwds
• leaked copyright proposal
• warrantless wiretap is ok
Legal
passwords powered by moxie – cloud passed cracking
snort kills db output
meta paper – wifi blocking wall paper
http://hackertarget.com/ - on-line vuln scan collection
Mac CLI – fdesetup
MS Attack Surface Analyzer
DOE self evaluation tool
tools
Papers• NIST proposed update to mobile guide• http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
• NIST guide for smart meters• http://www.dfinews.com/news/nist-releases-test-framework-upgrading-smart-electrical-meters
http://csrc.nist.gov/publications/drafts/nistir-7823/draft_nistir-7823.pdf
• Attributes of Malicious Files• https://www.sans.org/reading_room/whitepapers/malicious/attributes-malicious-files_33979
• Using and Configuring Security Onion to detect and prevent Web Application Attacks
• https://www.sans.org/reading_room/whitepapers/detection/configuring-security-onion-detect-prevent-web-application-attacks_33980
• Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment
• https://www.sans.org/reading_room/whitepapers/detection/logging-monitoring-detect-network-intrusions-compliance-violations-environment_33985
CON Eventsburning man Aug 27 - sep 3
www.burningman.com/
BH android bouncerBH Social EngineerDefcon tipsBH phishBH pickup linesbsides vegasBH Smart meter (shelved in Jan)BH lichtfield oracleBH timmayBH chrome sandboxBH Mobile AppsBH NFCBH cloud malware anlaysisBH WAF evasionDefcon NSA speakerBH hotel doorsBH ios sec by appleBH bluehat winnersBH SSLand more and more and more and more……