Tageszusammenfassung - Dienstag 3-12-2013

End-of-Shift report

Timeframe: Montag 02-12-2013 18:00 − Dienstag 03-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

A Pentester's Introduction to SAP & ABAP

If you’re conducting security assessments on enterprise networks, chances are that you’ve run into SAP systems. In this blog post, I’d like to give you an introduction to SAP and ABAP to help you with your security audit.

https://community.rapid7.com/community/metasploit/blog/2013/12/02/a-pentester-s-introduction-to-sap-abap

---

Analysis: Kaspersky Security Bulletin 2013. Malware Evolution

Once again, it’s time for us to deliver our customary retrospective of the key events that have defined the threat landscape in 2013. Let’s start by looking back at the things we thought would shape the year ahead, based on the trends we observed in the previous year.

http://www.securelist.com/en/analysis/204792316/Kaspersky_Security_Bulletin_2013_Malware_Evolution

---

How does the NSA break SSL?

A few weeks ago I wrote a long post about the NSAs BULLRUN project to subvert modern encryption standards. I had intended to come back to this at some point, since I didnt have time to discuss the issues in detail.

http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html

---

On Covert Acoustical Mesh Networks in Air

Fraunhofer FKIE, Wachtberg, Germany Abstract: Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a...

http://www.jocm.us/index.php?m=content&c=index&a=show&catid=124&id=600

---

Cisco ASA Malformed DNS Reply Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6696

---

phpThumb 1.7.12 Server Side Request Forgery

Topic: phpThumb 1.7.12 Server Side Request Forgery Risk: Low Text:#phpThumb phpThumbDebug Server Side Request Forgery #Google Dork: inurl:phpThumb.php #Author: Rafay Baloch And Deepanker Ar...

http://cxsecurity.com/issue/WLB-2013120020

---

Folo theme for WordPress jplayer.swf cross-site scripting

http://xforce.iss.net/xforce/xfdb/89318

---

Orange Themes for WordPress upload-handler.php file upload

http://xforce.iss.net/xforce/xfdb/89325

---

Zend Framework application.ini information disclosure

http://xforce.iss.net/xforce/xfdb/89328

---

TP-Link TD-8840t change administrator password cross-site request forgery

http://xforce.iss.net/xforce/xfdb/89329

---

JMultimedia component for Joomla! phpThumb.php file upload

http://xforce.iss.net/xforce/xfdb/89333

---

Bugtraq: Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).

http://www.securityfocus.com/archive/1/530120

---

Bugtraq: D-Link DIR-XXX remote root access exploit.

http://www.securityfocus.com/archive/1/530119