gnews previous. feb - 14 patches – 5 critical - 45 cves ms15-018 - cumulative security update for...
TRANSCRIPT
GNEWS
PREVIOUS
• Feb - 14 Patches – 5 Critical - 45 CVEs•
• MS15-018 - Cumulative Security Update for IE
• MS15-019 - VBScript Scripting, Remote Code
• MS15-020 - Microsoft Windows, Remote Code
• MS15-021 - Adobe Font Driver, Remote Code
• MS15-022 - Microsoft Office, Remote Code
• MS15-023 - Kernel-Mode Driver, Privilege Escalation
• MS15-024 - PNG Processing, InfoDisclosure
• MS15-025 - Windows Kernel, Privilege Escalation
• MS15-026 - Microsoft Exchange Server, Privilege Escalation
• MS15-027 - NETLOGON, Spoofing
• MS15-028 - Windows Task Scheduler, Security Bypass
• MS15-029 - Windows Photo Decoder Component, Info Disclosure
• MS15-030 - Remote Desktop Protocol, DoS
• MS15-031 - Schannel, Security Bypass (FREAK)
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Patch Tuesday
• Oracle– Due in Apr
• Adobe– 0 – All Secure Here
• Apple, – iOS 8.2– Apple TV 7.1– Security Update 2015-002
(FREAK)– Xcode 6.2
• Cisco– IOS AAA Auth Bypass– IPV6 DoS (NCS600 / CRS-X)– ASA challenge/response bypass– TelePresence Multi-Vuln– Web Security Appliance Multi-Vuln
• VMWare– 0 – All Secure Here
• SAMBA– CVE-2015-0240, Remote Code
• GnuPG– Multi-Vuln, DoS / Remote Code
Holes / Patches
• TrueCrypt Audit
• TLS Audit
• Netgear router, no auth needed
• soho routers share common key
• seagate nas
• Google Play Store
• Mongo DB
• Encryption to styme reversing via Translation Lookaside Buffer
• RAMNIT takedown
• 'The Equation Group' HD firmware hack
• partial leak of rig exploit kit
• spying via power
• All your FB Photo are belong to dev null
• samsung voice data still unencrypted
Hacking
• Blu-Ray PowerDVD Java badness
• iPay, hindered by lax banking authentication
• Freak
• RowHammer
Hacking
• Uber lost and found loses data• Uber driver data breach
• Mozilla to force add-on signing
• Apple brings two-step verification to facetime
• Lenovo pre-installed MITM adware, Superfish– Lenovo says NAH, later back peddle like a champ– Mozilla pulls Cert
• BUT WAIT THERE IS MORE!!!• PrivDog / Comodo
• FB Threat Exchange
• FB Real Name Policy (sister inlaw can't use her name)
• MC Security Enhancements– facial and fingerprint (where is this data stored / give what to get what?)
• Google Caves to pressure, relaxing 90 day rule
• MS Win10 and FIDO
• Google Wallet looking for revival with SoftCard
• Samsung Acquires Loopay
CORP
• Taiga Systems Super – secure phone from russia
• Kaymera 360 (blackphone competitor)
• Nvidia to remove overclocking block
• Fedex and UPS self regulating tool delivery
• Twitter reporting update
• Paypal acquires Paydiant
• HP acquires Aruba
• EA ditches SIMS
• Google drops the lollipop
• TextSecure is no longer secure text
Corp
• GCHQ/NSA Gemalto hack– Gemalto gives no fuks– Gemalto drops findings statement
– "Very impressive, Gemalto had no idea of any attacks in 2010, one week ago. Now they know exactly what happened..." --Matt Suiche
• FAA Drone rules revamp
• NetNeutratily Win
• Ecuador Coin
• StingRays can disrupt normal services– http://www.wired.com/wp-content/uploads/2015/02/Stingray-pen-register-order-and-application.pdf
• List of National CIRTs– http://www.secur
• DHS 7 day bailout
• NZ requesting mandatory passwd disclosure
• NSLs cause they are "different" now. (3 yr expire)
• we all have jobs, Yay!– Pentagon hiring hackers
• Kenya Rocks
Govt
win phone forensicshttps://www.sans.org/reading-room/whitepapers/forensics/windows-phone-8-forensic-artifacts-35787
warchalk reduxhttp://www.wired.com/2015/02/field-guide-internet-infrastructure-hides-plain-sight/
Recon with no permission (not recommended)http://resources.infosecinstitute.com/owasp-zap-reconnaissance-without-permission/
FB policieshttps://www.eff.org/deeplinks/2015/02/new-report-shows-european-data-protection-authorities-are-
taking-facebooks
http://www.law.kuleuven.be/icri/en/news/item/icri-cir-advises-belgian-privacy-commission-in-facebook-investigation
http://www.law.kuleuven.be/icri/en/news/item/facebooks-revised-policies-and-terms-v1-1.pdf
Schneier "Surreptitiously Weakening Cryptographic Systems"https://www.schneier.com/blog/archives/2015/02/surreptitiously_1.html
Air Traffic Control Reporthttp://www.gao.gov/assets/670/668169.pdf
PowerCat (netcat for PowerShell)https://www.sans.org/reading-room/whitepapers/testing/powercat-proof-of-concept-powershell-
netcat-35807
Papers
BurningMan Tickets HackedW
TF
!?
HTTP/2 approved
SET 6.2
Android Emulation
Tools
• Kaspersky Security Analyst Summit
• Google drops Pwnium contest at con, makes it all year event.
• Source Boston CFPCons Past
• B-Sides Austin 12 – 13 Mar
• CanSecWest 18 - 20 Mar
• InfoSec Southwest 10 – 12 Apr
• B-Sides Nashville 11 Apr
• B-Sides San Antonio ? May
• ThotCon 0x6 14 – 15 May
• PenTest Austin (SANS) 18 – 23 May
• DefCon 23 6 – 9 Aug
Cons Future
DHA( 1st Wednesday / Tavern on Main, richardson )
TX2600( 1st Fri / Wild Turkey 35&WalnutHill, dallas )
(1st Fri / 1418 Coffeehouse, plano)
The Lab.MS( 2nd Monday / varies, plano )
Crypto Party( 3rd Thursday / Improving Enterprises, addison )
NAISG( 4th Thursday / CrossPointe Theatre, carrollton )
LockPick DFW( Last Monday / looking for new spot, dallas )
Dallas MakerSpaceRandom / carrollton
Local
All images scavenged without permission
All images scavenged without permission