Jan/Feb News (PPT) - DC214

jellytrickInternet and Web Development

Nov 10, 2013 (3 years and 9 months ago)

100 views



13 Patches


6 Critical


57
-
ish CVEs


Affected


IE, .NET, Kernel, TCP/IP, Exchange,…..














Other updates, MSRT, Defender Definitions, Junk Mail Filter


MS13
-
008



IE out of band, Remote Code


MS13
-
009



Cumulative Update for Internet Explorer, Remote Code


MS13
-
010

-

Vector Markup Language, Remote Code


MS13
-
011

-

Media Decompression, Remote Code


MS13
-
012

-

Microsoft Exchange Server, Remote Code


MS13
-
013
-

FAST Search Server 2010 for SharePoint Parsing , Remote Code


MS13
-
014

-

NFS Server, DoS


MS13
-
015

-

.NET Framework, Privilege Escalation


MS13
-
016

-

Windows Kernel
-
Mode Driver, Privilege Escalation


MS13
-
017

-

Windows Kernel, Privilege Escalation


MS13
-
018

-

TCP/IP, DoS


MS13
-
019

-

Windows Client/Server Run
-
time Subsystem (CSRSS), Privilege
Escalation


MS13
-
020

-

OLE Automation, Remote Code Execution



Patch Tuesday


Oracle, 86 Fixes



Adobe


APSB13
-
03


ColdFusion


4 CVEs


APSB13
-
04


Adobe Flash Player


2 CVEs


APSB13
-
05


Adobe Flash Player


17 CVEs


APSB13
-
06


Adobe Shockwave Player


2 CVEs



Apple,


iOS 6.1 (27 patches)


Apple TV 5.2


Java for OSX 10.6 Update 12


OSX Server v2.2.1



Cisco


NAC Appliance, XSS


Cisco Nexus 7000 M!
-
Series, DoS


Unity Express, multiple vulns


Wireless LAN Controllers, multiple vulns

Holes / Patches


iOS

6 jailbreak, 7mil install in 4 days



Juniper JUNOS
DoS



Linksys default 0
-
day, WRT54GL



github

search =
passwd



Samsung devices (
exynos

4)



OpenSSL

timing attack (patch avail)


http://www.isg.rhul.ac.uk/tls/TLStiming.pdf



HP
JetDirect

again



UPNP plug and play, scan for port 1900 now



Fun with Facebook Graph Search



GIAC website XSS

Holes / Hacking


Anti
-
Facial? There are glasses for that.



new compression / new stego?!



White house = civic hacking



Change your twitter passwd



win8 for that aging mac mini



Car blackboxes



red october



Air Traffic Control hackable?



DVRs



Flickr privacy settings

Holes / Hacking

Corp


Belkin

buys
Linysys

from
Cisco



Cisco buys
Cognitive Security


Cisco to launce a new advisory format



MEGA launch party


MEGA cracked?


3
rd

party MEGA indexing



Nokia retires Symbian



Backdoors in Barracuda gear (
fw
,
vpn
, spam)



Poland CERT takes down malware servers


Github

unblocked in China



Google and Twitter drop Transparency Reports



DoD

offers Information Assurance Scholarship (apply by
feb

4
th
)


FBI cell phone tracking



Anonymous calls for
DoS

as speech.



TX teen appeals



FISA Amendments Act gets 5 years



megaupload

was not entrapped



canada

denies us access to
megaupload

servers



Aaron Swartz



signapore

introduces pre
-
crime cyber law



candian

student expelled



texxxan.com



no more phone
unlocky



google

/ yahoo requires probable cause



meanwhile
govt

strongarms

twitter



russia

leaves anti
-
crime pact


Legal


CA AG mobile privacy doc


http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf



researcher security advisory writing guidelines


http://blog.osvdb.org/2013/01/15/researcher
-
security
-
advisory
-
writing
-
guidelines



malicious http requests


https://www.sans.org/reading_room/whitepapers/detection/identify
-
malicious
-
http
-
requests_34067



phishing


https://www.sans.org/reading_room/whitepapers/email/phishing
-
detecton
-
remediation_34082



watermarks /
dlp


https://www.sans.org/reading_room/whitepapers/detection/watermarks
-
prevent
-
leaks_34087



host detect /
dlp


https://www.sans.org/reading_room/whitepapers/detection/host
-
based
-
detection
-
data
-
loss
-
prevention
-
open
-
source
-
tools_34055



article 51


http://resources.infosecinstitute.com/invoking
-
article
-
51
-
un
-
charter
-
cyber
-
attacks
-
i

http://resources.infosecinstitute.com/invoking
-
article
-
51
-
of
-
un
-
charter
-
response
-
cyber
-
attacks
-
ii



legalities of
byod



https://www.sans.org/reading_room/whitepapers/legal/legal
-
issues
-
corporate
-
bring
-
device
-
programs_34060


Papers


mod_rewrite


https://www.sans.org/reading_room/whitepapers/incident/web
-
log
-
analysis
-
defense
-
mod_rewrite_34107



IDS


https://www.sans.org/reading_room/whitepapers/detection/what
-
039
-
s
-
running
-
network_34102



android devices


https://www.sans.org/reading_room/whitepapers/networkdevs/monitoring
-
network
-
traffic
-
android
-
devices_34097



ios

forensics


https://www.sans.org/reading_room/whitepapers/forensics/forensic
-
analysis
-
ios
-
devices_34092



FTC guidance for mobile privacy


http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pdf



data privacy study


http://www.ponemon.org/local/upload/file/2012%20MTC%20Report%20FINAL.pdf



protection and breach guide


https://otalliance.org/resources/incident/2013DataBreachGuide
-
PreRelease.pdf



r
eversing / anti
-
reversing


http://resources.infosecinstitute.com/unpacking
-
reversing
-
patching/

http://resources.infosecinstitute.com/anti
-
debugging/


Papers


DMDE data recovery



malware
bytes chameleon



annval

siem



wifi

pineapple




tools


Europe wants royalties on links



work smarter not harder (or at all)


developer outsources his own job



asteroids anyone?


govt website does



FB turns facial recognition back on


WTF

CON Events

DefCon

Documentary


DefCon20 Slides

http://it.toolbox.com/blogs/securitymonkey/defcon
-
20
-
slides
-
are
-
up
-
52607


CanSecWest

Pwn2Own hits 5 mil in prizes


All images scavenged without permission

All images scavenged without permission