GNEWS PREVIOUSLY Patch Tuesday Nov 12 Patches 4

Patch Tuesday • Nov - 12 Patches – 4 Critical - 53 CVEs •

Holes / Patches • Oracle – 154 Fixes • Adobe – APSB 15 -26

• Java Un. Serialize by Foxglove • Siri GVoice attacks • GVoice History

• Like Button Becomes a Tracker • First. Data IPO • Square IPO

• first real cyberterrorism charge • Bad automotive security discussions in congress •

NSA 1024 Diffie-Hellman cracking https: //weakdh. org/imperfect-forward-secrecy-ccs 15. pdf https: //freedom-to-tinker. com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ CHIP and

mjolnir Spray. WMI selfie pay unicorns do exist (cpu emulator) WTF / Tools

DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 ( 1

Slides: 12

Download presentation

GNEWS PREVIOUSLY

Patch Tuesday • Nov - 12 Patches – 4 Critical - 53 CVEs • • • MS 15 -112 - Cumulative Security Update for Internet Explorer, Remote Code MS 15 -113 - Cumulative Security Update for Microsoft Edge, Remote Code MS 15 -114 - Windows Journal, Remote Code MS 15 -115 - Microsoft Windows, Remote Code MS 15 -116 - Microsoft Office, Remote Code MS 15 -117 - NDIS, Privilege Escalation MS 15 -118 -. NET Framework, Privilege Escalation MS 15 -119 - Winsock, Privilege Escalation MS 15 -120 - IPSec, Do. S MS 15 -121 - SChannel, Address Spoofing MS 15 -122 - Kerberos, Feature Bypass MS 15 -123 - Skype for Business and Microsoft Lync, Info Disclosure

Holes / Patches • Oracle – 154 Fixes • Adobe – APSB 15 -26 Shockwave ( 1 CVE) – APSB 15 -27 Flash Player ( 3 CVE) – APSB 15 -28 Flash Player ( 17 CVE) • Apple – – – – Mac EFI Sec Update 2015 -002 x. Code 7. 1 i. Tunes 12. 3. 1 OSX Server 5. 0. 15 Watch. OS 2. 0. 1 i. OS 9. 1 Safari 9. 0. 1 OS X El Captain 10. 11. 1 • Cisco – ? ? ? • VMWare – none

• Java Un. Serialize by Foxglove • Siri GVoice attacks • GVoice History • fitbit hack, pc infect on sync Hacking

• Like Button Becomes a Tracker • First. Data IPO • Square IPO • AMerica's Thirft Stores Breach • MS Transparency Hub • FB nation state notices • Visa Fireeye threat intel service • HP sells Tipping. Point to Trend. Micro • Cisco buys lancope • IBM buys weather channel • MS depricates Sha-1 early Corp

• first real cyberterrorism charge • Bad automotive security discussions in congress • Phone snarfing deadline Govt

NSA 1024 Diffie-Hellman cracking https: //weakdh. org/imperfect-forward-secrecy-ccs 15. pdf https: //freedom-to-tinker. com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ CHIP and PIN hack http: //www. wired. com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pin-card-hack/ https: //eprint. iacr. org/2015/963. pdf Papers

mjolnir Spray. WMI selfie pay unicorns do exist (cpu emulator) WTF / Tools

Co ns P as t • BSides DFW • Toor Con

DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, dallas ) (1 st Fri / 1418 Coffeehouse, plano) The Lab. MS ( 2 nd Monday + random events / The. Lab. ms, plano ) Crypto Party ( 3 rd Thursday / Improving Enterprises, addison ) NAISG replacement is coming ( ? ? ? ) Dallas Maker. Space Local ( Random events / carrollton ) Lock. Pick DFW ( we want to think it exists )

All images scavenged without permission