previous gnews. 7 patches – 3 critical – 20 cves affected – ie, kernel, visio, silverlight...
TRANSCRIPT
PREV
IOUS
GNEWS
PREV
IOUS
GNEWS
• 7 Patches – 3 Critical – 20 CVEs
• Affected – IE, Kernel, Visio, Silverlight Sarepoint,…..
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS13-021 – Cumulative Security Update for Internet Explorer, Remote Code– MS13-022 – Silverlight, Remote Code– MS13-023 - Microsoft Visio Viewer 2010, Remote Code– MS13-024 - Sharepoint, Privilege Escalation– MS13-025 - Microsoft OneNote, Info Disclosure– MS13-026 – Office Outlook for Mac, Info Disclosure– MS13-027 – Kernel-Mode Drivers, Privilege Escalation
Patch Tuesday
• Oracle, Due April 16– Out of band Java Patch
• Adobe– APSA13-02 – Adobe Reader and Acrobat 2 CVEs– APSB13-07 – Adobe Reader and Acrobat 2 CVEs– APSB13-08 – Adobe Flash Player 3 CVEs– APSB13-09 – Adobe Flash Player 4 CVEs
• Apple,– Java for OSX 10.6.8 Update 13 and 14
• Cisco– Root shell access, multiple products– Video conferencing, ftp config– MARS, info disclosure– Wireless LAN Controllers, DoS– Unified Communications, multiple vulns
Holes / Patches
• VMWare – NFC memory corruption (network file copy)
• ArcSight Logger – Info disclosure, XSS, command inject
• Postgress – DoS
• Wireshark – multiple dissector bugs (crash, loop)
• Nvidia – root access
• SSHD - rootkit
Holes / Hacking
• FB Hacked
• Mac games
• mobile coldboot
• HDMI breakout
• pwnpad
• iphone passcode
• html5 full drive
• cpanel root passwords
• You are all commies – Pirate bay moves to N.Korea
Holes / Hacking
Corp• Firefox OS
• Tripwire to buy nCircle
• Raytheon data mining
• Bit9 not practicing what they preach ...ooops
• HP to use andriod
• Buffalo add Trend Micro to NAS
• Android 4.2.2. kills nexus lte
• BitCoins = pizza• BitCoin ATM• Bitcoin market up
• PCI for cloud
• Blackberry gives India PIN
• FB target adverts and opt out
• IT Executive Order finally here
• ITIF calls for govt. control of interwebs
• Seattle ordered to dismantled drones
• Ca to buy drones, EFF asks for good privacy policy
• CAS comes to an ISP near you
• Bill requires warrants for email
Legal
• Shortcuts
• http://resources.infosecinstitute.com/allow-me-to-save-you-some-time-some-useful-shortcuts/
• Wireshark 101
• http://www.wiresharkbook.com/
• Drone use summary
• https://www.eff.org/deeplinks/2013/02/just-how-many-drone-licenses-has-faa-really-issued
Papers
• Nunit 2.6 - .net testing
• Nessus 5.0.3 – vuln scanner
• Nessus now audits palo alto configs
• Wafec – eval criteria
• mobile ips
• IE 10 for win 7
• abine maskme – anti-tracker
• Belkasoft Facebook Profile Saver– (happy stalker)
tools
• Apple App Store turns on HTTPS
WTF
CON EventsShmoo
RSA
B-Sides San Francisco
CanSecWest
All images scavenged without permission
All images scavenged without permission