Tageszusammenfassung - Dienstag 11-09-2012

End-of-Shift report

Timeframe: Montag 10-09-2012 18:00 - Dienstag 11-09-2012 18:05 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan

How to Defeat Zeus - Technology, Education Are Keys to Threat

"Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Malware expert Andreas Baumhof says to defeat Zeus, financial institutions have to change their approach. Zeus, a financially aimed malware, comes in many different forms and flavors...."


PostgreSQL 9.2 Out with Greatly Improved Scalability

The PostgreSQL project announced the release of PostgreSQL 9.2 today. The headliner: "With the addition of linear scalability to 64 cores, index-only scans and reductions in CPU power consumption, PostgreSQL 9.2 has significantly improved scalability and developer flexibility for the most demanding workloads. ... Up to 350,000 read queries per second (more than 4X faster) ... Index-only scans for data warehousing queries (2–20X faster) ... Up to 14,000 data writes per second (5X ...


E-publisher fesses up: Apple UDIDs were ours

BlueToad clears FBI of device data collection It seems both Apple and the FBI were telling the truth: the Apple UDIDs published last week didn’t come from either organization, with an American e-publisher posting a statement that the data was stolen from its systems.


Java, Flash, and the Choice of Usability Over Security

"So I happened to be switching to a new computer two weekends ago. Going into it I was dead set on not installing Flash and Java. And I was all good until @alexhutton posted a link to a video about the Beetles "happy birthday" song and I just had to check it out...."


Programm für deutsche OWASP-Konferenz steht

Die fünfte Auflage des German OWASP Day 2012, einer Veranstaltung zur Softwaresicherheit, findet am 7. November 2012 in München statt. Das Programm wurde um einen Mobile Security Track erweitert.


Apples soon-to-be-slurped securo firm shrugs off crypto warning

Windows passwords exposure confusion AuthenTec, the security firm thats the target of an $356m acquisition by Apple, has denied reports that possible cryptographic weaknesses in its fingerprint scanner software pose a risk to the security of laptops.…


Anomaly Detection Rules & The Success of Open-Source Rule Testing

Last November, the VRT established an open-source rule testing group, composed of a number of Snort users from around the planet in industries as diverse as defense contracting and education. To date, we've tested well over a hundred rules with this group, and have had a great deal of useful feedback in the process - which has led to both killing rules that didn't perform as well as expected in the field, and the release of rules that we would have never previously dared to put in public after seeing them function well with the test group.


Initiative-S: Kostenloser Website-Check für kleine Unternehmen

Der Verband der deutschen Internetwirtschaft eco hat auf den Internet Security Days offiziell das Projekt Initiative-S gestartet. Mit dem Angebot sollen sich besonders kleine und mittelständische Unternehmen dagegen schützen, dass ihre Internetpräsenzen als Trojanerschleuder missbraucht werden.


GoDaddy Outage: RFC for Dummies

"Yesterday was a black day for GoDaddy. com. During a few hours all they hosting services were interrupted...."


Vuln: RocketTheme RokModule Joomla! Component module Parameter SQL Injection Vulnerability

RocketTheme RokModule Joomla! Component module Parameter SQL Injection Vulnerability


Bugtraq: [SE-2012-01] Security vulnerabilities in IBM Java

[SE-2012-01] Security vulnerabilities in IBM Java


Bugtraq: [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods

[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods


Bugtraq: Wordpress Download Monitor - Download Page Cross-Site Scripting

Wordpress Download Monitor - Download Page Cross-Site Scripting