PREVIOUS GNEWS Patch Tuesday 6 Patches 1 Critical

Patch • • Tuesday 6 Patches – 1 Critical – 7 CVEs Affected –

Holes / Patches • Oracle due 16 Oct 2012 • Adobe – APSB 12

Holes / Hacking • Chrome gets DNT • VMWare v. Center Operations, Capacity. IQ,

Holes / Hacking • Malware written in google go • Iran vs Banks? ?

Corp • PCI rules for mobile released • Oct is Cyber Security Awareness Month

Legal • Twitter discloses protester tweets • TX Schools ad tracker to IDs •

Papers • PCI mobile payment guidelines https: //www. pcisecuritystandards. org/documents/Mobile%20 Payment%20 Security%20 Guideline s%20

tools • RTFScan (rich text file scanner) • Malwarehouse (malware collection) • 3 d

WTF • eurpopean facebook face recon suspended • ITIF rejects dnt settings • FB

CON Events bsides Dallas Nov 3 jailbreak con derby con HDMoore internet scan HITBKUL

Slides: 12

Download presentation

PREVIOUS GNEWS

Patch • • Tuesday 6 Patches – 1 Critical – 7 CVEs Affected – Kernel, SQL, Kerberos, Word, HTML, Share. Point – MS 12 -064 Microsoft Word, Remote Code Execution – MS 12 -066 HTML Sanitization Component, Elevation of Privilege – MS 12 -067 FAST Search Server 2010 for Share. Point Parsing, Remote Code Execution – MS 12 -068 Windows Kernel, Elevation of Privilege – MS 12 -069 Kerberos, Denial of Service – MS 12 -070 SQL Server, Elevation of Privilege Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches • Oracle due 16 Oct 2012 • Adobe – APSB 12 -16 Adobe Flash Player (25 cves) • Apple, – – – i. OS 6 OSX 10. 8. 2 and 10. 7. 5 Safar 6. 0. 1 OSX Server 2. 1. 1 Apple TV 5. 1 • Cisco – ASA – Web. EX – IOS

Holes / Hacking • Chrome gets DNT • VMWare v. Center Operations, Capacity. IQ, Movie Decoder • C&C Servers using TOR • Nitol Botnet preinstalled on windows • Ie 0 -day • SPDY at ekoparty (tls compression protocol) • Blackhole 2. 0 • Hacking Banking Phone Systems

Holes / Hacking • Malware written in google go • Iran vs Banks? ? ? • Apple does maps better • NFC and Transit systems at EU Sec West • More java foo • Another Symantec code leak (norton utilities 2006) • Adobe and code signing, oops • Infected phpmyadmin distro on sourceforge • Twitter hi-jaking

Corp • PCI rules for mobile released • Oct is Cyber Security Awareness Month • NIST grants to 5 security start-ups • Android SIM Wipers, its not just for Samsung anymore • White House Breached? • SHA-3 protocol selected

Legal • Twitter discloses protester tweets • TX Schools ad tracker to IDs • FIPS makes things less secure, yes? • • Phillipines bans cyber sex Phillipines cyber crime law on hold • New Zealand requests inquiry on mega upload wiretapping • License Plate Scanners • Social snooping needs no warrant • Warrants required for email / cell tracking

Papers • PCI mobile payment guidelines https: //www. pcisecuritystandards. org/documents/Mobile%20 Payment%20 Security%20 Guideline s%20 v 1%200. pdf • IBM report http: //public. dhe. ibm. com/common/ssi/ecm/en/wgl 03014 usen/WGL 03014 USEN. PDF • imperva ddos report http: //www. imperva. com/docs/HII_Denial_of_Service_Attacks. Trends_Techniques_and_Technologies. pdf and more http: //www. imperva. com/resources/overview. html • Infosecinsitute. com http: //resources. infosecinstitute. com/ • Security categories http: //resources. infosecinstitute. com/security-categories/ • place raider http: //arxiv. org/pdf/1209. 5982 v 1. pdf

tools • RTFScan (rich text file scanner) • Malwarehouse (malware collection) • 3 d printer • secure messages • Exploitshield (browser plugin) • security onion 12. 04 • cookie cadger • porting droid tp the hp touch pad

WTF • eurpopean facebook face recon suspended • ITIF rejects dnt settings • FB and datalogix • wow cities killed off

CON Events bsides Dallas Nov 3 jailbreak con derby con HDMoore internet scan HITBKUL e street at derby

All images scavenged without permission