9 patches – 2 critical – 12 cves affected – ie, kernel, sharepoint, remote desktop, ad….....
TRANSCRIPT
• 9 Patches – 2 Critical – 12 CVEs
• Affected – IE, Kernel, SharePoint, Remote Desktop, AD…..
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS13-028 – Cumulative Security Update for Internet Explorer, Remote Code– MS13-029 – Remote Desktop Client, Remote Code– MS13-030 – SharePoint, Info Disclosure– MS13-031 - Windows Kernel, Privilege Escalation– MS13-032 – Active Directory, DoS– MS13-033 – Windows Client/Server Run-time Subsystem (CSRSS), Privilege
Escalation– MS13-034 – Microsoft Antimalware Client, Privilege Escalation– MS13-035 – HTML Sanitation Component, Privilege Escalation– MS13-036 – Kernel-Mode Drivers, Privilege Escalation
Patch Tuesday
• Oracle, Due April 16
• Adobe– APSB13-10 – ColdFusiont 2 CVEs– APSB13-11 – Adobe Flash Player 4 CVEs– APSB13-12 – Adobe Shockwave Player 4 CVEs
• Apple,– Security Update 2013-001– Safari 6.0.3– iOS 6.1.3– Apple TV 5.2.1
• Cisco– Cisco Connected Grid Network Management System,
multiple vulns– IOS, multiple vulns– VPN Client, DoS
Holes / Patches
• Postgres
• Apple credits evaders for exploits
• FB Events exposes data
• sKype / dropbox to FB redirection hole
•
Holes
• carna botnet scans world with nmap
• Yahoo accounts used to spread andriod malware
• Evernote as command and control
• holy mossad? Anonymous claims hack on agency website
• apple id and password modification, fixed and hacked again
• spamhaus DDoS
• american express DDoS
• Amazon S3 has holes, data leak exposes sales data, game source code, personal photos, etc.
• kerbs and emergency center attacks
• ATM malware
• Scribd passwords
Holes / Hacking
Corp• FIDO Stanadard claims an end to passwords (paypal, lenovo, ….)
• Windows Blue leaked on-line• MS claims skype did not hand over data to law enforcement
• paypal / ebay 86 vmware, go openstack
• Energy companies reported to be attacked the most
• Bitcoin exchange ddos, elsewhare price tops $140 per bitcoin
• Genetic Alliance to Launch Reg4All, (do not call registry for medical data)
• Google to change patent policy, won’t pursue violations (10 patents with opensource software)
• cloud based scada really???
• wordpress now with 2fa
• hulu looking for buyers
• FF tracking cookie foo
• DoJ wants more access to data
• NSLs with gag-order ruled unconstitutional
• CA bill to require warrant for electronic communications• CA Law to allow users knowledge of and access to data
• Apple to reject apps that access UUID
• FISMA passed (Federal Information Security Amendments Act)• EFF calls for opposition of CFAA reform draft (Computer Fraud and Abuse Act )
• two factor auth for apple ids
• IBM materials developers may have new chip based on ionic currents
• 3d printing not on ATF radar
• Credit Card net take down 40 arrested
• FBI stingray
• s korea to repeal 3 strike copyright law
Legal
• Can't patent Math
• Georgia censorship order, blogger responsible to 3rd party comments
• Russia select blocking of internet
Legal 2
• malicious DNS• https://www.sans.org/reading_room/whitepapers/dns/detecting-malicious-dns-traffic_34152
• airNIDS• https://www.sans.org/reading_room/whitepapers/detection/airnids-intrusion-detection-wireless-ether_34147
• ips evasion• https://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137
• mod_rewrite• https://www.sans.org/reading_room/whitepapers/intrusion/web-log-analysis-defense-mod_rewrite_34127
• mem forensics• https://www.sans.org/reading_room/whitepapers/forensics/indicators-compromise-memory-forensics_34162
• IBM xforce threat report• http://www-03.ibm.com/security/xforce/downloads.html
• 2012 HP Risk Report• http://www.hpenterprisesecurity.com/collateral/whitepaper/HP2012CyberRiskReport_0313.pdf
• boot processes• http://resources.infosecinstitute.com/windows-booting-process/
• intro to x64 assembly• http://software.intel.com/sites/default/files/m/d/4/1/d/8/Introduction_to_x64_Assembly.pdf
• Hacking aircraft• http://commandercat.com/2013/04/hitb2013.html
Papers
Java Snoop
TAILS
(anonymous live cd)
RAM Capture
snort community ruleset
batman routing protocol
(mesh network)
tools
• Political correctness
• Two people lose jobs cause chic mis-interpreted a personal conversation, albeit in a public locale
• death to hackers
• NATO Cyber Warfare report
• British intelligence agency called out for plain text passwords
• Mesh ipv6 lightbulb, zigbee protocol
WTF
Symantec - Dallas Security and Compliance User Group
InfoSec SouthWest 2013 April 19 – 21http://2013.infosecsouthwest.com/speakers.html
CON Events
All images scavenged without permission
All images scavenged without permission