PREVIOUS GNEWS
Patch
•
•
Tuesday
? Patches – ? Critical – ? CVEs
Affected – ?
– MS12-052+ - NEXT WEEK FOOL
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches
• Oracle, 87 fixes
• Adobe
– none
– Hmmmmmm ,2months no patches……
• Apple,
– Safari 6.0
– Xcode 4.4
• Cisco
– Cisco Unified Web and E-mail Interaction Manager JBoss
Security Documentation Update
Holes
• skype im redirects
• a reason for 3d printing
- handcuff keys
• oracle on exchange
• Bind 9
• ubisoft uplay
Hacking
• New blackhole variant
• Skype code leaked
• DARPA power strip – jumbo size pwnie express
• Drone hacking
• Grum phish takedown
• Malware now impersonating googlebot
• new in-slot skimmers
• HP Scanners propagate malware
• osx malware – yep it still exists ‘crisis’
Hacking
• chip and pin devices
• dropbox breached
• MS blocks direct to desktop boot hack
• frrenxch leaving hadopi?
• Reuters via wordpress
Corp
• Chrom / Safari broken anti-tracker
• google better flash sandbox
• wtf google – sensoring youtube comments
• Facebook av service
• FB more silent changes – displays when and who reads group
posts
• Skype – will not disclose if it will disclose to law enforcement
• still more password leaks – gamigo, nvidia, and more
• click to play in chrome and FF – built-in no-script function
• Apple buys Authentec
• Apple now with AV
Corp
• silent circle
– Phil Zimmerman, anonymous comms mobile app
• e-flicker registers anonymous logos
• SAP owes Oracle 306m after lose in court
• RIM keys?
– Reports given access to Indian govt, no official confirmation
• VMware Nabs Nicira
– mobile security
• d
Legal
• evidence guides – tips on collecting court worthy evidence
• RIM owes 147mil in patent infringement
• megaupload no us address, immune
– State of Virginia
• Bill Cybersecurity Act of 2012 (sopa redux)
• Bill not passed by senete
• Possible executive order to come
• patent troll bill
• Illinois makes it illegal to break the law
– Employer can’t request social network passwds
• leaked copyright proposal
• warrantless wiretap is ok
tools
passwords powered by moxie – cloud passed cracking
snort kills db output
meta paper – wifi blocking wall paper
http://hackertarget.com/ - on-line vuln scan collection
Mac CLI – fdesetup
MS Attack Surface Analyzer
DOE self evaluation tool
Papers
•
NIST proposed update to mobile guide
•
http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
•
NIST guide for smart meters
•
http://www.dfinews.com/news/nist-releases-test-framework-upgrading-smart-electrical-meters
http://csrc.nist.gov/publications/drafts/nistir-7823/draft_nistir-7823.pdf
•
Attributes of Malicious Files
•
https://www.sans.org/reading_room/whitepapers/malicious/attributes-malicious-files_33979
•
Using and Configuring Security Onion to detect and prevent Web Application
Attacks
•
https://www.sans.org/reading_room/whitepapers/detection/configuring-security-onion-detectprevent-web-application-attacks_33980
•
Logging and Monitoring to Detect Network Intrusions and Compliance Violations in
the Environment
•
https://www.sans.org/reading_room/whitepapers/detection/logging-monitoring-detect-networkintrusions-compliance-violations-environment_33985
CON Events
BH android bouncer
BH Social Engineer
Defcon tips
BH phish
BH pickup lines
bsides vegas
BH Smart meter (shelved in Jan)
BH lichtfield oracle
BH timmay
BH chrome sandbox
BH Mobile Apps
BH NFC
BH cloud malware anlaysis
BH WAF evasion
Defcon NSA speaker
BH hotel doors
BH ios sec by apple
BH bluehat winners
BH SSL
and more and more and more and more……
burning man Aug 27 - sep 3
www.burningman.com/
All images scavenged without permission
All images scavenged without permission