Tageszusammenfassung - Donnerstag 6-09-2012

End-of-Shift report

Timeframe: Mittwoch 05-09-2012 18:00 - Donnerstag 06-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Umfrage: Viele Sysadmins beschäftigen sich nicht mit IT-Sicherheitsmanagement

Rund 1500 Administratoren haben zum Tag des Systemadministrators unter Love Your Admin eine Umfrage der Firma Synetics ausgefüllt, die sich auf Software zur Dokumentation von Administrationsaufgaben spezialisiert hat.

http://www.heise.de/newsticker/meldung/Umfrage-Viele-Sysadmins-beschaeftigen-sich-nicht-mit-IT-Sicherheitsmanagement-1701202.html/from/atom10

---

Watch this - the funniest spam video youll ever see [VIDEO]

"We all want our friends and family to learn more about how better to secure their computers. But the eternal challenge is how can we make the advice interesting and engaging for a non-techie audience, and not make the mistake of endlessly droning on using buzzwords they are unlikely to understand. The video below about spam - made by the folks at "Glove and Boots" - manages to make what could be a tremendously dry topic, funny and informative instead...."

http://nakedsecurity.sophos.com/2012/09/05/funniest-spam-video/

---

Bugtraq: Cross-Site Scripting (XSS) in Kayako Fusion

Cross-Site Scripting (XSS) in Kayako Fusion

http://www.securityfocus.com/archive/1/524108

---

Vuln: CoDeSys Access Security Bypass Vulnerability

CoDeSys Access Security Bypass Vulnerability

http://www.securityfocus.com/bid/52942

---

Vuln: WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability

WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability

http://www.securityfocus.com/bid/52940

---

Bugtraq: APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10

APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10

http://www.securityfocus.com/archive/1/524112

---

Online bank punters tricked into approving theft of their OWN CASH

Man-in-browser Trojan attack discovered Security researchers have discovered a malware-based attack against the chipTAN system used by bank customers in Germany to authorise transactions online.

http://go.theregister.com/feed/www.theregister.co.uk/2012/09/06/german_chiptan_bank_attack/

---

Vuln: HP SiteScope UploadFilesHandler Directory Traversal Vulnerability

HP SiteScope UploadFilesHandler Directory Traversal Vulnerability

http://www.securityfocus.com/bid/55273

---

Vuln: HP SiteScope Multiple Security Bypass Vulnerabilities

HP SiteScope Multiple Security Bypass Vulnerabilities

http://www.securityfocus.com/bid/55269

---

Java 7 Attack Vectors, Oh My!

"While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, Id like to call attention to a couple other important points. First, theres the question of the defensive value of the Java 7u7 update (and patching in general)...."

http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html