We’ll look back at 10 years of Patch Tuesday, then the shutdown of Lavabit and Silkroad.

Plus a big batch of your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

Microsoft Patch Tuesday turns 10

• On Oct. 9, 2003, Microsoft announced its new security patching process, it ended up changing the entire industry
• Microsoft promised:
• “Improved patch management processes, policies and technologies to help customers stay up to date and secure.”
• “Global education programs to provide better guidance and tools for securing systems.”
• “Our goal is simple: Get our customers secure and keep them secure. Our commitment is to protect our customers from the growing wave of criminal attacks.”
• Microsoft started blogging about security issues and also embarked on serious outbound communication campaigns to educate users
• Even Microsoft’s security bulletin text format and sections were delivered in a consistent format that security professionals have come to rely upon
• Today public disclosure of serious Microsoft security holes is now the exception

2 new vulnerabilities bypass Java ‘Click2Play’ security system

• A new variant of the \”Kore-ish\” Cool Exploit Kit appears to make use of two new zero-day exploits in Java7u21
• CVE-2013-2460
• CVE-2013-2472
• It appears this vulnerability may have originally been discovered by VUPEN and solid to governments and used for an indeterminate amount of time, until it was fixed by Oracle in Java7u25
• The current version of Java is Java7u40
• The latest version of Java includes a new ‘deployment rule set’ feature, that allows enterprise customers to create a whitelist of allowable applications, preventing drive-by attacks

Barclay’s hit by KVM attack, 1.3 million GBP stolen

• An person pretending to be an IT admin, walked in to the branch and installed an IP-KVM connected to a 3G Router, then later used it to take over the workstation it was connected to
• Barclays claims to have recovered “a significant amount” of the stolen money
• When police raided a number of properties to arrest the perpetrators, they found thousands of credit cards and other personal data, plus drugs, jewellery and cash
• This is not the first time Barclay’s has been hit. “We have been working closely with the Metropolitan Police following a security breach at our Swiss Cottage branch in April 2013. We identified the fraud and acted swiftly to recover funds on the same day,” said Alex Grant, managing director of fraud prevention at Barclays.

Feedback

[asa]B00457X7XQ[/asa]

• Zero Day: A Jeff Aiken Novel Audiobook | Mark Russinovich | Audible.com

• Co-located server connected to home server + 6 screens problem

• proXPN VPN | Checkout Code: JBLIVE for 20% off for Life

• Why use services like LastPass instead of directly generating passwords using e.g. PBKDF2?

• ZFS and Virtualization

• ZFS Distributed FS

• Follow up to the TechSNAP 128 Bank Job

• Ethernet over power!

• BSD Conference and vBSDcon 2013 – Verisign

Round Up:

• Edward Snowden\’s E-Mail Provider Defied FBI Demands to Turn Over Crypto Keys, Documents Show
• FIMail – Graphical Email client for DOS
• Silk Road Shutdown, Owner Arrested. FBI Says Simple Mistake Led to his Arrest
• Internet of Things Demands New Social Contract To Protect Privacy
• Rocket Researches bypass US GPS limits
• Lackluster broadband hurting adoption of ‘the cloud’
• Former NSA CTO Prescott Winter says enterprise IT security is appalling
• Signals from the Crowd: Uncovering Social Relationships through Smartphone Probes
• Security after the death of trust
• Yahoo does bugbounty wrong, researcher reports serious vulnerability, gets $12.50 coupon for Yahoo store