PREVIOUS GNEWS

• 2 Patches – 0 Critical – 2 CVEs

• Affected –

Other updates, MSRT, Defender Definitions, Junk Mail Filter

– MS12-052 - 060 – 5 critical, 8 remote code execution, 26 CVEs, rdp, visio, exchange, kernal and more

– MS12-061 - Visual Studio Team Foundation Server, Elevation of Privilege– MS12-062 - System Center Configuration Manager, Elevation of Privilege

Patch Tuesday

• Oracle out of band patch

• Adobe– APSB12-16 Adobe Reader and Acrobat

• Apple,– Apple Remote Desktop 3.6.1– Java for OSX– iTunes 10.7

• Cisco– ASA CX / PRSM log DoS– Unified Presence / Jabber DoS– AnyConnect, code execution– IOS Authentication, DoS

Holes / Patches

• Java now with mac updates

• Norton online backup, allowed viewing other user data

• Apple remote desktop, now with encryption

• VMWare, opensource components update

Holes

• Kill Switch found in dirt jumper kill DDoS tool

• kaspersky call to assist in gauss crack

• Gauss the new stuxnet

• blue prize tool is already bypassed, ropguard

• Anti-Leaks DDoS on WikiLeaks

• Tilon malware, avoids detection

• Pwnium2, Google offers up 2mil in bounties

• Shamoon

• SANS summary of SCADA authentication issues

• Crisis now for windows :P

• More password foo

Hacking

• Bored hackerspace digs up 25yr old Mac Easter Egg

• Stripes CTF 2.0, online week long CTF

• Google Chrome for iOS incognito mode, stores passwords

• More SSL attacks from house of Beast

• FBI colludes with BlueToad and Anonymous to brute force 22 million andriod UUIDs for iphone

Hacking

• google buys virus total

• IE 10 to reject certs <1024 bit

• digia buys qt

• ios encrypt impossible to crack (by nsa standards)

• trap wire???

• Google weights search results based on DMCA notices

• Facebook app verification

• FTC jumps in

• IE defaults with do not track

• gapping flaw alows bypass

Corp

• New batteries reduce charge time to minutes

• AMD loses 30Kbs to hackers

• dell buys sonicwall

• NIST BIOS RFC

• cyber war defined? (air force thinks so)

• bitcoin ponzi totaling 56mil

Corp

• bitcoinia suit

• piratebay again

• expansion of child data protection – (operator / website definitions and advertising)

• location data is not private

• Fed backdoors??

• FB face recognition illegal in Germany

• Kim can see data

• TPP - Trans-Pacific Partnership Agreement Intellectual Property Chapter (SOPA/PIPA redux)

sniffing wifi not wiretapping

Legal

Backtrack 5r3

mac fde

java leak finder

solarwinds

nixle

mobilescope

outlook.com

dropbox two factor

urlshorteners

tools

Papers• byodtoolkit

http://www.cio.gov/byod-toolkit.pdf

Snort install guide for freebsdhttp://blog.snort.org/2012/08/snort-2931-installation-guide-for.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Snort+%28Snort%29

dhs critical infra attackshttp://www.simplysecurity.com/2012/08/28/dhs-report-confirms-spike-in-critical-infrastructure-cyberattacks/https://www.us-cert.gov/control_systems/pdf/ICS-CERT_Incident_Response_Summary_Report_09_11.pdf

UTD frankenstienhttp://www.dfinews.com/news/frankenstein-programmers-test-cybersecurity-monsterhttps://www.usenix.org/conference/woot12/frankenstein-stitching-malware-benign-binaries

NIST patching drafthttp://csrc.nist.gov/publications/drafts/800-40/draft-sp800-40rev3.pdf

WTF• Face deals app

• Defender in Win8 molests hosts files

• IAC buys about.com

• Warrants, what for

• secure boot flips, bans windows

CON Eventsburning man Aug 27 - sep 3

www.burningman.com/

defconvidshttp://it.toolbox.com/blogs/securitymonkey/chiefs-picks-videos-from-blackhat-briefings-usa-2012-52774?rss=1

hacker dojohttp://news.hitb.org/content/googles-backyard-hackers-face-eviction

All images scavenged without permission

All images scavenged without permission