PREVIOUS GNEWS

• ? Patches – ? Critical – ? CVEs

• Affected – ?

Other updates, MSRT, Defender Definitions, Junk Mail Filter

– MS12-052+ - NEXT WEEK FOOL

Patch Tuesday

• Oracle, 87 fixes

• Adobe– none– Hmmmmmm ,2months no patches……

• Apple,– Safari 6.0– Xcode 4.4

• Cisco– Cisco Unified Web and E-mail Interaction Manager JBoss

Security Documentation Update

Holes / Patches

• skype im redirects

• a reason for 3d printing- handcuff keys

• oracle on exchange

• Bind 9

• ubisoft uplay

Holes

• New blackhole variant

• Skype code leaked

• DARPA power strip – jumbo size pwnie express

• Drone hacking

• Grum phish takedown

• Malware now impersonating googlebot

• new in-slot skimmers

• HP Scanners propagate malware

• osx malware – yep it still exists ‘crisis’

Hacking

• chip and pin devices

• dropbox breached

• MS blocks direct to desktop boot hack

• frrenxch leaving hadopi?

• Reuters via wordpress

Hacking

• Chrom / Safari broken anti-tracker

• google better flash sandbox• wtf google – sensoring youtube comments

• Facebook av service• FB more silent changes – displays when and who reads group posts

• Skype – will not disclose if it will disclose to law enforcement

• still more password leaks – gamigo, nvidia, and more

• click to play in chrome and FF – built-in no-script function

• Apple buys Authentec• Apple now with AV

Corp

• silent circle– Phil Zimmerman, anonymous comms mobile app

• e-flicker registers anonymous logos

• SAP owes Oracle 306m after lose in court

• RIM keys?– Reports given access to Indian govt, no official confirmation

• VMware Nabs Nicira– mobile security

• d

Corp

• evidence guides – tips on collecting court worthy evidence

• RIM owes 147mil in patent infringement

• megaupload no us address, immune– State of Virginia

• Bill Cybersecurity Act of 2012 (sopa redux)• Bill not passed by senete• Possible executive order to come

• patent troll bill

• Illinois makes it illegal to break the law– Employer can’t request social network passwds

• leaked copyright proposal

• warrantless wiretap is ok

Legal

passwords powered by moxie – cloud passed cracking

snort kills db output

meta paper – wifi blocking wall paper

http://hackertarget.com/ - on-line vuln scan collection

Mac CLI – fdesetup

MS Attack Surface Analyzer

DOE self evaluation tool

tools

Papers• NIST proposed update to mobile guide• http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf

• NIST guide for smart meters• http://www.dfinews.com/news/nist-releases-test-framework-upgrading-smart-electrical-meters

http://csrc.nist.gov/publications/drafts/nistir-7823/draft_nistir-7823.pdf

• Attributes of Malicious Files• https://www.sans.org/reading_room/whitepapers/malicious/attributes-malicious-files_33979

• Using and Configuring Security Onion to detect and prevent Web Application Attacks

• https://www.sans.org/reading_room/whitepapers/detection/configuring-security-onion-detect-prevent-web-application-attacks_33980

• Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment

• https://www.sans.org/reading_room/whitepapers/detection/logging-monitoring-detect-network-intrusions-compliance-violations-environment_33985

CON Eventsburning man Aug 27 - sep 3

www.burningman.com/

BH android bouncerBH Social EngineerDefcon tipsBH phishBH pickup linesbsides vegasBH Smart meter (shelved in Jan)BH lichtfield oracleBH timmayBH chrome sandboxBH Mobile AppsBH NFCBH cloud malware anlaysisBH WAF evasionDefcon NSA speakerBH  hotel doorsBH ios sec by  appleBH bluehat winnersBH SSLand more and more and more and more……

All images scavenged without permission

All images scavenged without permission