Tageszusammenfassung - Montag 5-11-2012

End-of-Shift report

Timeframe: Freitag 02-11-2012 18:00 − Montag 05-11-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner

Studie: Informationen trotz SSL-Verschlüsselung nicht sicher

Mit einer seit Jahren bekannten Angriffstechnik kann man die SSL-Verschlüsselung im Browser austricksen. Wie eine Untersuchung zeigt, setzt kaum jemand den ebenfalls bekannten Schutzmechanismus ein. Auch unterstützen diesen nicht alle aktuellen Browser.

http://www.heise.de/security/meldung/Studie-Informationen-trotz-SSL-Verschluesselung-nicht-sicher-1742426.html/from/atom10


VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit

"Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsofts latest operating system. VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled...."

http://threatpost.com/en_us/blogs/vupen-researchers-say-they-have-zero-day-windows-8-exploit-110112?utm_source=Newsletter_110212&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=


Deep Inside a DNS Amplification DDoS Attack

"A few weeks ago I wrote about DNS Amplification Attacks. These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network. For the last three weeks, one persistent attacker has been sending at least 20Gbps twenty-four hours a day as an attack against one of our customers...."

http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack


How Georgia doxed a Russian hacker (and why it matters)

"On October 24, the country of Georgia took an unusual step: it posted to the Web a 27-page writeup (PDF), in English, on how it has been under assault from a hacker allegedly based in Russia. The paper included details of the malware used, how it spread, and how it was controlled. Even more unusually, the Georgians released pictures of the alleged hackertaken with his own webcam after the Georgians hacked the hacker with the help of the FBI and others...."

http://arstechnica.com/tech-policy/2012/11/how-georgia-doxed-a-russian-hacker-and-why-it-matters/


Firefox gets strict about enforcement of HTTPS protection

"Developers of Mozillas Firefox browser are experimenting with a new security feature that connects to a specified set of websites only when presented with a cryptographic certificate validating the connection is secure. A beta version of the open-source browser contains a list of sites known to deploy the HTTP Strict Transport Security mechanism that requires a browser to use the secure sockets layer or transport layer security protocols when communicating. HSTS is designed to provide an...

http://arstechnica.com/security/2012/11/firefox-gets-strict-about-enforcement-of-https-protection/


Android Modding for the Security Practitioner

"After getting involved in the Android rooting scene, I observed that there is a disconnect between the community interested in "modding" (modifying) their devices and those looking at Android from a security practitioners perspective. In this talk, I will provide technical details on many key concepts in the modding world, including rooting, locked/unlocked bootloaders, S-ON/S-OFF, fastboot, ROM flashing, and various other techniques. Well look at real examples of...

http://www.securitytube.net/video/6080


Anonymous ransomware - but who is hiding behind this malwares mask?

"Heres an interesting twist of the Reveton/FBI/police ransomware that has been plaguing internet users lately. In this example, the malware that locks you out of your data, and demands 100 be paid via Ukash to gain access back to your files, claims to be from the Anonymous hacktivist group. Of course, just as when ransomware victims see demands from cash on their computer seemingly coming from the police, they should be equally dubious about whether this particular attack originated from...

http://nakedsecurity.sophos.com/2012/11/02/anonymous-ransomware/


Shopping The Russian Cybercrime Underground

"If you werent already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report...."

http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240012590/shopping-the-russian-cybercrime-underground.html


In Pictures: 20 notorious worms, viruses and botnets

"The earliest worms and viruses were created for geeky fun and did little harm - oh, how times have changed. Here are 20 worms, viruses and botnets that show the evolution of malware, from Creeper to Flame. CreeperThe first real computer virus, Creeper was released "in lab" in 1971 by an employee of a company working on building ARPANET, the Internets ancestor, according to Guillaume Lovet, Senior Director, FortiGuard Labs...."

http://www.computerworld.com.au/slideshow/440948/pictures_20_notorious_worms_viruses_botnets/?utm_medium=newsletter&eid=-255&utm_source=computerworld-today


Searching for Silver Bullets In SCADA and ICS Environments

"With Halloween past us, theres an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps thats why when the topic of silver bullet security recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelistingthe industrial automation industrys rightful poster child for endpoint security...."

http://www.securityweek.com/searching-silver-bullets-scada-and-ics-environments


Vuln: Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability

Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability

http://www.securityfocus.com/bid/54395


ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset

Topic: ZPanel

http://feedproxy.google.com/~r/securityalert_database/~3/cET4kw8gtsc/WLB-2012110020


Anonymous am Werk? Symantec, ImageShack, Paypal und VMWare gehackt

Eine Hackergruppe will zum zweiten Mal den Bilder-Upload-Dienst ImageShack gehackt haben und auch das Sicherheits-Unternehmen Symantec soll ihnen zum Opfer gefallen sein. Der Schaden bei ImageShack soll sich auf die Preisgabe aller vorhandenen, auch als privat eingestuften, Bilder belaufen. Von Symantec sollen nun unter anderem alle Mitarbeiter-E-Mailadressen öffentlich sein. Außerdem haben die Hacker eine Lücke für die OpenSource-Software ZPanel veröffentlicht. Obendrein stellt Anonymous den Kernel von...

http://www.heise.de/security/meldung/Anonymous-am-Werk-Symantec-ImageShack-Paypal-und-VMWare-gehackt-1742980.html/from/atom10


Bugtraq: Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client

Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client

http://www.securityfocus.com/archive/1/524621


New Blackhole Targets Mobile Banking Services

"According to a report published by antivirus software developer AVG, there is a significant growth in malicious software and malicious ads with hidden malware behind images posed on social media. The report revealed details about the newly released 2. 0 version of Blackhole Exploit Toolkit that targets mobile banking services...."

http://www.technologybanker.com/security-risk-management/new-blackhole-targets-mobile-banking-services#.UJfX8G_A8gt