We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published bySarai Lattimore
Modified about 1 year ago
Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Advanced Persistent Threat(APT)
Or Mass Malware Attacks
Attack Example #1
ExploitKits CVE (MDAC)… CVE (Rhino)
Website ExploitKit Server C&C Server
Website ExploitKit Server C&C Server Has Traffic Was exploited to plant links
Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links
Controls malware Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links
CVE Java Rhino CVE Flash 10 CVE Adobe Reader CVE Flash 10 CVE IE8 …
Patching Apps and Browser
Patching Apps and Browser and OS
Attack Example #2
Live Demo planned- Similar to slides that follow
Flash 0-day running
The Embedded Attachment
Poison Ivy mincesur.com
DEP Data Execution Prevention XP SP2 forward
Attack Example #3
Java Applet Attack Pentest Special
1C00 to 0 In Zone 3
Mac OS X
Made it now simpler
Mac OS X Made it now simpler Java 1.6U31 will autodisable if Not used in 35 days
Restrict Java IE – trusted sites
Attack Example #4
Adobe Reader 0-day
Flash 0-day Adobe Reader 0-day
Microsoft Office 2010 Protected View Sandbox
NoDriveTypeAutoRun -> FF
MSFT SIR: Malware propagation
Win 7 > XP
Office 2010 > 2007
Adobe Reader X > 9
IE9 > 8,7,6
How to apply what you have seen Run latest software Office 2010 Adobe Reader X Be fully patched Applications OS
1C00 -> 0 in Zone 3
Intro What Else?RecapEnter Flash Hybrid FilesEnter Java Will it Blend?Background.
June 2008 Surf Safely with a Clean Computer Roger Thornburn.
Viruses & Spyware A Module of the CYC Course – Computer Security
Computer Security: Best Practices for Home Computing Presented by Student Help Desk Merced Community College.
WordPress Installation for Beginners Sheila Bergman
Getting the Most From Internet Advancement National Advancement Committee Webinars and Education Task Force Expiration Date This presentation is not to.
Secure and Web Browsing Sébastien Dellabella – Computer Security Team.
IBM X-Force ® 2012 Cyber Security Threat Landscape Michael Montecillo – IBM Security Services Threat Research and Intelligence Principal August 2012.
THE INTERNET Y. C. Lemard October 20, 2009 The internet is now an acceptable part of many of our lives. Most of us use it everyday; Some of us use it.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Escaping from Protected Mode Internet Explorer Tom Keetch Application Security Specialist Threat &
Computer Security What to Know and What to Do Presented to CUGG Jamie Leben IT-Works Computer Services
Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD.
Classes-To-Go! 4A Feeds for Speed Pat Donnelly Director, BIVA Board.
1 HARDENING WINDOWS XP: YOUR DEFINITIVE LOCKDOWN GUIDE.
In the year 2525 If man is still alive If woman can survive They may find…… Zager & Evans 1969.
Hidetake Jo. A security policy for the web Access from Meant to prevent cross-site issues Evil.com can’t.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
Texas Christian UniversityTechnology Resources COMPUTER HOME.
Cross-Site Scripting CSCD 498/539 Secure Coding Principles Amazing Legion of Fuzzy Backdoor Intruder Worms Bryan Smith Allen Greaves Zach Moore Rebecca.
Computer Security What to Know and What to Do Presented to CUGG 10/2005 2/2012 Jamie Leben IT-Works Computer Services
How to Access Health and Safety Publications using OHSIS.
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
Ethical Hacking Module XII Web Application Vulnerabilities.
EWU On-line Application Tutorial. Online Employment System Training for Eastern Washington University Applicants This presentation will take approximately.
Student Getting Started Guide *Updated December 2011 to include information on Integrated Digital Book/MindTap Reader.
Minnesota Registration and Certification (MR & C) History of Electronic systems January 1, 2010.
Open Source and Free Software in Education Rich Fielding IT Director Regional School District 13.
© 2016 SlidePlayer.com Inc. All rights reserved.