Скачать презентацию PREVIOUS GNEWS Patch Tuesday 7 Скачать презентацию PREVIOUS GNEWS Patch Tuesday 7

d3c8844d4cf09f67adba803078f870b5.ppt

  • Количество слайдов: 11

PREVIOUS GNEWS PREVIOUS GNEWS

Patch • • Tuesday 7 Patches – 2 Critical – 11 CVEs Affected – Patch • • Tuesday 7 Patches – 2 Critical – 11 CVEs Affected – SCOM, Print Spooler, XML, . NET, – – – – MS 13 -001 - Windows Print Spooler Components, Remote Code Execution MS 13 -002 - Microsoft XML Core Services, Remote Code Execution MS 13 -003 - System Center Operations Manager, Elevation of Privilege MS 13 -004 -. NET Framework, Elevation of Privilege MS 13 -005 - Windows Kernel-Mode Driver, Elevation of Privilege MS 13 -006 - Microsoft Windows, Security Feature Bypass MS 13 -007 - Open Data Protocol, Denial of Service Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches • Oracle, Due out 15 Jan • Adobe – APSA 13 Holes / Patches • Oracle, Due out 15 Jan • Adobe – APSA 13 -01 – Cold. Fusion 3 CVEs – APSB 13 -01 – Adobe Flash Player 1 CVEs – APSB 13 -02 – Adobe Reader and Acrobat 27 CVEs • Apple, – Nothing to see here • Cisco – Wireless LAN Controller XSS, Do. S – Unified IP Phones Local Kernel System Call Input Validation • Java – 7 -10 introduces new security controls

Holes / Hacking • Mysql – multiple zero day (remote root, BO, priv escalation) Holes / Hacking • Mysql – multiple zero day (remote root, BO, priv escalation) • CVE-2012 -5611, CVE-2012 -5612, CVE-2012 -5613, CVE-2012 -5614, and CVE-2012 -5615 • wii U network – secret debug menu in japenses (mod passwords, / view forum posts / etc) • MS congratulated hacker for Jail. Break • “Microsoft issued a statement saying that it does not consider the results of the jailbreak to be part of a security vulnerability, ”…. . ” Microsoft also said it applauded clockr for his “ingenuity” to document these security gaps. ” • Yahoo mail XSS • Yahoo finally adds “always use HTTPS” function to mail options • ruby on rails • CVE-2013 -0156 Auth bypass

Holes / Hacking • FB hacker cup registration open • GPS • $2500 in Holes / Hacking • FB hacker cup registration open • GPS • $2500 in gear could bring down 30% of CORS with 45 second message • 25 GPU cluster • pirate bay uk proxy shuts down • New proxies rush to fill gap • skype silence tunnel • Like Kaminsky DNS only quieter • • Hacker hides in Cat Collar Concealed malware storage ala MIB

Corp • freebsd servers breached – no evidence of modifications • google to scan Corp • freebsd servers breached – no evidence of modifications • google to scan and block silent chrome extensions, no auto-install • ubuntu for smartphones • Google to disband 3 LM? ? • Dell to buy credent. • bluecoat to buy crossbeam • apple stumbles in patent foo • Quantum Spin Liquid (QSL), new communications in the future? • Google removed 50 mil links • Stallman "apple is your enemy" • FB actually protects data for once

Legal • google fined for ignoring safari privacy • Singapore updates computer law • Legal • google fined for ignoring safari privacy • Singapore updates computer law • digital search and 4 th amendment • FTK KFF (known file filter) feature pulling data not related to the warrent • Mckinson not charged in britian • TX teen fights and loses battle against rfid enabled school badge

Papers • SANS Reading Room – – – anonymous browsing PDF obsfucation exploiting embeeded Papers • SANS Reading Room – – – anonymous browsing PDF obsfucation exploiting embeeded devices analyzing pcaps using bro ids • Dutch disclousre guide • http: //news. hitb. org/content/dutch-government-publishes-security-flaw-disclosure-guide • Forensics in win 8 • http: //resources. infosecinstitute. com/forensic-analysis-windows-8/ • Malware Analysis in Windows CLI • http: //resources. infosecinstitute. com/command-line-for-windows-malware-analysis-forensics-part-i/ • nmap NSE • http: //resources. infosecinstitute. com/nmap-scripting-engine-categories

Papers • Gggooglescan – autmated google scraper • PCI risk assessment guidance https: //www. Papers • Gggooglescan – autmated google scraper • PCI risk assessment guidance https: //www. pcisecuritystandards. org/documents/PCI_DSS_Risk_Assmt_Guidelines_v 1. pdf • • NIST final crpyto draft SP 800 -38 F NIST secure cloud for comments Draft IR 7904 • SNORT mirror traffic on home routers • https: //s 3. amazonaws. com/snort-org/www/assets/217/Mirror_Traffic_With_Home_Router. pdf • SNORT DAQs • https: //www. sans. org/reading_room/whitepapers/detection/analysis-snort-data-acquisition-modules_34027 • FCC smart phone security checklist • http: //news. hitb. org/content/fcc-unveils-smartphone-security-checklist

tools • Hashcat • elcomsoft pgp / trucrypt cracker • Yara – rule based tools • Hashcat • elcomsoft pgp / trucrypt cracker • Yara – rule based malware detection • Cuckoo update 0. 5 • • NIST software reference library http: //www. nsrl. nist. gov/ • http: //soldierx. com/ •

CON Events zero nights in russia http: //2012. zeronights. org/ CCC https: //isc. sans. CON Events zero nights in russia http: //2012. zeronights. org/ CCC https: //isc. sans. edu/diary. html? storyid=14803&rss ccc - dementia anti-forensics http: //events. ccc. de/congress/2012/Fahrplan/events/5301. en. html general CCC https: //www. securelist. com/en/blog/208194065/29 c 3_Hamburg_DE forensics challange https: //www. honeynet. org/challenges/2012_13_message_picture