End-of-Shift report
Timeframe: Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th)
(c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=14587&rss
Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime
"In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon
http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime/good-practice-guide-for-addressing-network-and-information-security-aspects-of-cybercrime
Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability
OpenDNSSEC cURL API Security Bypass Vulnerability
http://www.securityfocus.com/bid/56679
How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items
"Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to
http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-a-5310?rf=2012-11-29-eh
[webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
http://www.exploit-db.com/exploits/23004
Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
http://www.securityfocus.com/archive/1/524863
WhatsApp: Schwere Sicherheitslücke entdeckt
Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen.
http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entdeckt.php?rss=fuzo