Tageszusammenfassung - Montag 1-10-2012

End-of-Shift report

Timeframe: Freitag 28-09-2012 18:00 − Montag 01-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Vuln: openCryptoki Multiple Insecure File Creation Vulnerabilities

openCryptoki Multiple Insecure File Creation Vulnerabilities


Did NSA Put a Secret Backdoor in New Encryption Standard?

"Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency...."


Security Advisory: Adobe to Revoke Code Signing Certificate (APSA12-01)

A Security Advisory (APSA12-01) has been posted in regards to the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4, 2012 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates for all affected products using a new digital certificate. For [...]


Scary New Malware Uses Your Phone To Make A Map Of Your House For Robbers

"If you arent careful, much of the tech you hold near and dear can be used against you. An app called PlaceRaider, for instance, can use your phone to build a full 3D map of your house, all without you suspecting a thing. Developed by Robert Templeman at the Naval Surface Warfare centre and a few buddies from the University of Indiana, PlaceRader hijacks your phones camera and takes a series of secret photographs, recording the time, and the phones orientation and location with each


A Convenient Scapegoat - Why All Cyber Attacks Originate in China

"A fairy tale has crept its way into the collective western InfoSec mindset and poisoned the well of reason and rational thought. I am referring to what I like to term, Lazy Neo-McArthyism, i.e. blaming the Red Menace, a.k. a China. It seems that every other cyber-incident, security breach or strain of malware is attributed to the superpower of the east...."


In a Zero-Day World, It’s Active Attacks that Matter

The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws. This post examines hard data that shows why such reasoning is more


LG NAS Users and password hash disclosure

Topic: LG NAS Users and password hash disclosure Risk: High Text:# Exploit Title: LG NAS Users and password hash disclosure # Date: 2012-09-29 # Vendor Homepage: http://www.lg.com/ # Versio...


Internet scan finds thousands of device flaws, system weaknesses

"A scan of the Internet over 20 days has yielded terabytes of data and also some alarming weaknesses including misconfigured routers, vulnerability riddled databases and more than 1,000 exposed passwords. Its a project that HD Moore calls his hobby. The Internet-wide survey looked for open TCP ports, SNMP system descriptions, MDNS responders, UPNP endpoints and NetBIOS name queries...."