Скачать презентацию S U IO V E R P S Скачать презентацию S U IO V E R P S

60301d074ceae4e1d698cebe4b12ca1c.ppt

  • Количество слайдов: 12

S U IO V E R P S W E N G S U IO V E R P S W E N G

Patch Tuesday • • 7 Patches – 3 Critical – 20 CVEs Affected – Patch Tuesday • • 7 Patches – 3 Critical – 20 CVEs Affected – IE, Kernel, Visio, Silverlight Sarepoint, …. . – – – – MS 13 -021 – Cumulative Security Update for Internet Explorer, Remote Code MS 13 -022 – Silverlight, Remote Code MS 13 -023 - Microsoft Visio Viewer 2010, Remote Code MS 13 -024 - Sharepoint, Privilege Escalation MS 13 -025 - Microsoft One. Note, Info Disclosure MS 13 -026 – Office Outlook for Mac, Info Disclosure MS 13 -027 – Kernel-Mode Drivers, Privilege Escalation Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches • Oracle, Due April 16 – Out of band Java Patch Holes / Patches • Oracle, Due April 16 – Out of band Java Patch • Adobe – – APSA 13 -02 – Adobe Reader and Acrobat 2 CVEs APSB 13 -07 – Adobe Reader and Acrobat 2 CVEs APSB 13 -08 – Adobe Flash Player 3 CVEs APSB 13 -09 – Adobe Flash Player 4 CVEs • Apple, – Java for OSX 10. 6. 8 Update 13 and 14 • Cisco – – – Root shell access, multiple products Video conferencing, ftp config MARS, info disclosure Wireless LAN Controllers, Do. S Unified Communications, multiple vulns

Holes / Hacking • VMWare – NFC memory corruption (network file copy) • Arc. Holes / Hacking • VMWare – NFC memory corruption (network file copy) • Arc. Sight Logger – Info disclosure, XSS, command inject • Postgress – Do. S • Wireshark – multiple dissector bugs (crash, loop) • Nvidia – root access • SSHD - rootkit

Holes / Hacking • FB Hacked • Mac games • mobile coldboot • HDMI Holes / Hacking • FB Hacked • Mac games • mobile coldboot • HDMI breakout • pwnpad • iphone passcode • html 5 full drive • cpanel root passwords • You are all commies – Pirate bay moves to N. Korea

Corp • Firefox OS • Tripwire to buy n. Circle • Raytheon data mining Corp • Firefox OS • Tripwire to buy n. Circle • Raytheon data mining • Bit 9 not practicing what they preach. . . ooops • HP to use andriod • Buffalo add Trend Micro to NAS • Android 4. 2. 2. kills nexus lte • • • Bit. Coins = pizza Bit. Coin ATM Bitcoin market up • PCI for cloud • Blackberry gives India PIN • FB target adverts and opt out

• IT Executive Order finally here • ITIF calls for govt. control of • IT Executive Order finally here • ITIF calls for govt. control of interwebs • Seattle ordered to dismantled drones • Ca to buy drones, EFF asks for good privacy policy • CAS comes to an ISP near you • Bill requires warrants for email Legal

Papers • • Shortcuts http: //resources. infosecinstitute. com/allow-me-to-save-you-some-time-some-useful-shortcuts/ • • Wireshark 101 http: //www. Papers • • Shortcuts http: //resources. infosecinstitute. com/allow-me-to-save-you-some-time-some-useful-shortcuts/ • • Wireshark 101 http: //www. wiresharkbook. com/ • • Drone use summary https: //www. eff. org/deeplinks/2013/02/just-how-many-drone-licenses-has-faa-really-issued

tools • Nunit 2. 6 -. net testing • • Nessus 5. 0. 3 tools • Nunit 2. 6 -. net testing • • Nessus 5. 0. 3 – vuln scanner Nessus now audits palo alto configs • Wafec – eval criteria • mobile ips • IE 10 for win 7 • abine maskme – anti-tracker • Belkasoft Facebook Profile Saver – (happy stalker)

WTF • Apple App Store turns on HTTPS WTF • Apple App Store turns on HTTPS

CON Events Shmoo RSA B-Sides San Francisco Can. Sec. West CON Events Shmoo RSA B-Sides San Francisco Can. Sec. West

All images scavenged without permission All images scavenged without permission