Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Cognitive Psychology

MS13-013

advertisement 
Patch
•
•
Tuesday
13 Patches – 6 Critical – 57-ish CVEs
Affected – IE, .NET, Kernel, TCP/IP, Exchange,…..
–
–
–
–
–
–
–
–
–
–
–
–
MS13-008 – IE out of band, Remote Code
MS13-009 – Cumulative Update for Internet Explorer, Remote Code
MS13-010 - Vector Markup Language, Remote Code
MS13-011 - Media Decompression, Remote Code
MS13-012 - Microsoft Exchange Server, Remote Code
MS13-013 - FAST Search Server 2010 for SharePoint Parsing , Remote Code
MS13-014 - NFS Server, DoS
MS13-015 - .NET Framework, Privilege Escalation
MS13-016 - Windows Kernel-Mode Driver, Privilege Escalation
MS13-017 - Windows Kernel, Privilege Escalation
MS13-018 - TCP/IP, DoS
MS13-019 - Windows Client/Server Run-time Subsystem (CSRSS), Privilege
Escalation
– MS13-020 - OLE Automation, Remote Code Execution
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches
• Oracle, 86 Fixes
• Adobe
–
–
–
–
APSB13-03 – ColdFusion  4 CVEs
APSB13-04 – Adobe Flash Player  2 CVEs
APSB13-05 – Adobe Flash Player  17 CVEs
APSB13-06 – Adobe Shockwave Player  2 CVEs
• Apple,
–
–
–
–
iOS 6.1 (27 patches)
Apple TV 5.2
Java for OSX 10.6 Update 12
OSX Server v2.2.1
• Cisco
–
–
–
–
NAC Appliance, XSS
Cisco Nexus 7000 M!-Series, DoS
Unity Express, multiple vulns
Wireless LAN Controllers, multiple vulns
Holes / Hacking
•
iOS 6 jailbreak, 7mil install in 4 days
•
Juniper JUNOS DoS
•
Linksys default 0-day, WRT54GL
•
github search = passwd
•
Samsung devices (exynos 4)
•
OpenSSL timing attack (patch avail)
•
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
•
HP JetDirect again
•
UPNP plug and play, scan for port 1900 now
•
Fun with Facebook Graph Search
•
GIAC website XSS
Holes / Hacking
•
Anti-Facial? There are glasses for that.
•
new compression / new stego?!
•
White house = civic hacking
•
Change your twitter passwd
•
win8 for that aging mac mini
•
Car blackboxes
•
red october
•
Air Traffic Control hackable?
•
DVRs
•
Flickr privacy settings
Corp
•
Belkin buys Linysys from Cisco
•
•
Cisco buys Cognitive Security
Cisco to launce a new advisory format
•
•
•
MEGA launch party
MEGA cracked?
3rd party MEGA indexing
•
Nokia retires Symbian
•
Backdoors in Barracuda gear (fw, vpn, spam)
•
•
Poland CERT takes down malware servers
Github unblocked in China
•
Google and Twitter drop Transparency Reports
•
DoD offers Information Assurance Scholarship (apply by feb 4th)
•
FBI cell phone tracking
•
Anonymous calls for DoS as speech.
•
TX teen appeals
•
FISA Amendments Act gets 5 years
•
megaupload was not entrapped
•
canada denies us access to megaupload servers
•
Aaron Swartz
•
signapore introduces pre-crime cyber law
•
candian student expelled
•
texxxan.com
•
no more phone unlocky
•
google / yahoo requires probable cause
•
meanwhile govt strongarms twitter
•
russia leaves anti-crime pact
Legal
Papers
•
•
CA AG mobile privacy doc
http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf
•
•
researcher security advisory writing guidelines
http://blog.osvdb.org/2013/01/15/researcher-security-advisory-writing-guidelines
•
•
malicious http requests
https://www.sans.org/reading_room/whitepapers/detection/identify-malicious-http-requests_34067
•
•
phishing
https://www.sans.org/reading_room/whitepapers/email/phishing-detecton-remediation_34082
•
•
watermarks / dlp
https://www.sans.org/reading_room/whitepapers/detection/watermarks-prevent-leaks_34087
•
•
host detect / dlp
https://www.sans.org/reading_room/whitepapers/detection/host-based-detection-data-loss-preventionopen-source-tools_34055
•
•
article 51
http://resources.infosecinstitute.com/invoking-article-51-un-charter-cyber-attacks-i
http://resources.infosecinstitute.com/invoking-article-51-of-un-charter-response-cyber-attacks-ii
•
•
legalities of byod
https://www.sans.org/reading_room/whitepapers/legal/legal-issues-corporate-bring-deviceprograms_34060
Papers
•
•
mod_rewrite
https://www.sans.org/reading_room/whitepapers/incident/web-log-analysis-defense-mod_rewrite_34107
•
•
IDS
https://www.sans.org/reading_room/whitepapers/detection/what-039-s-running-network_34102
•
•
android devices
https://www.sans.org/reading_room/whitepapers/networkdevs/monitoring-network-traffic-androiddevices_34097
•
•
ios forensics
https://www.sans.org/reading_room/whitepapers/forensics/forensic-analysis-ios-devices_34092
•
•
FTC guidance for mobile privacy
http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pdf
•
•
data privacy study
http://www.ponemon.org/local/upload/file/2012%20MTC%20Report%20FINAL.pdf
•
•
protection and breach guide
https://otalliance.org/resources/incident/2013DataBreachGuide-PreRelease.pdf
•
•
reversing / anti-reversing
http://resources.infosecinstitute.com/unpacking-reversing-patching/
http://resources.infosecinstitute.com/anti-debugging/
tools
•
DMDE data recovery
•
malware bytes chameleon
•
annval siem
•
wifi pineapple
WTF
•
Europe wants royalties on links
•
work smarter not harder (or at all)
–
•
asteroids anyone?
–
•
developer outsources his own job
govt website does
FB turns facial recognition back on
CON Events
DefCon Documentary
DefCon20 Slides
http://it.toolbox.com/blogs/securitymonkey/defcon-20-slides-are-up-52607
CanSecWest Pwn2Own hits 5 mil in prizes
All images scavenged without permission
All images scavenged without permission
Related documents
Why is this class required?
Why is this class required?
Jan/Feb News
Jan/Feb News
AP World History
AP World History
Ageing poems
Ageing poems
PREVIOUS GNEWS ? Patches – ? Critical – ? CVEs Affected
PREVIOUS GNEWS ? Patches – ? Critical – ? CVEs Affected
Copies of "The Road not Taken"
Copies of "The Road not Taken"
As You Like It - Presdales School
As You Like It - Presdales School
Download
advertisement