End-of-Shift report
Timeframe: Freitag 20-12-2013 18:00 − Montag 23-12-2013 18:00
Handler: L. Aaron Kaplan
Co-Handler: Stephan Richter
What to Expect in Surveillance Politics in 2014 (Hint: It's Not Reform)
You would think that a federal district judge calling the NSA program almost Orwellian would be a good sign for surveillance and privacy in 2014. If you're holding out hope for an act of political courage to end bulk surveillance ...
http://www.wired.com/opinion/2013/12/dont-get-too-excited-about-recent-rulings-yet-what-to-expect-for-surveillance-and-privacy-in-2014/
DHS Turns To Unpaid Interns For Nations Cyber Security
theodp writes "A week after President Obama stressed the importance of computer science to America, the Department of Homeland Security put out a call for 100+ of the nations best-and-brightest college students to work for nothing on the nations cyber security. The unpaid internship program, DHS notes, is the realization of recommendations (PDF) from the Homeland Security Advisory Councils Task Force on CyberSkills, which included execs from Facebook, Lockheed Martin, and Sony, and was...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/leJ5tNqGbgU/story01.htm
Microsoft Security Essentials Misses 39% of Malware
Barence writes "The latest tests from Dennis Publishings security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it. Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender. While the other eight packages all achieved protection scores of 87% or higher - with five scoring 98% or 99%..
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8Vg-UHP2dqo/story01.htm
Kritische Sicherheitslücken in Write-Blocker entdeckt
Gleich mehrere Sicherheitslücken entdeckte ein IT-Forensik-Experte in dem neuen Write-Blocker Ditto. Die Folge: Statt seine eigentliche Arbeit zu verrichten, kann das Gerät selbst als Angriffswerkzeug missbraucht werden und Untersuchungen torpedieren.
http://www.heise.de/security/meldung/Kritische-Sicherheitsluecken-in-Write-Blocker-entdeckt-2071582.html
Strange DNS Queries - Request for Packets, (Sat, Dec 21st)
We have received a pcap sample of DNS queries that display a strange behavior. The queries are type ANY for domains ghmn.ru and fkfkfkfa.com. When doing a nslookup, both domains have 100 IPs listed under their domain names with each of them resolving exactly the same last octets (i.e. .1, .10, .100, etc). Queries with the same transaction ID are often repeated several times. The traffic samples we have received indicate the queries are sent by either a host or a server. If anyone else is...
http://isc.sans.edu/diary.html?storyid=17264&rss
evasiOn7: Jailbreak für iOS 7 - mit umstrittenen Funktionen
Ein erster Jailbreak für iOS 7, mit dem sich Apps jenseits von Apples App Store installieren lassen, ist verfügbar. Er geriet allerdings wegen Integration eines chinesischen App Stores mit Raubkopien und wegen Verschleierung des Codes gleich in Verruf.
http://www.heise.de/security/meldung/evasiOn7-Jailbreak-fuer-iOS-7-mit-umstrittenen-Funktionen-2071778.html
Backdoor in Krypto-Software: RSA Security dementiert NSA-Zahlungen
Man habe "niemals einen geheimen Vertrag mit der NSA geschlossen, um einen bekannt anfälligen Zufallszahlengenerator in die Verschlüsselungsbibliotheken von BSAFE zu integrieren", betont RSA Security - leugnet aber keineswegs Zusammenarbeit mit der NSA.
http://www.heise.de/newsticker/meldung/Backdoor-in-Krypto-Software-RSA-Security-dementiert-NSA-Zahlungen-2071891.html
Anti-Bruteforce-Tool DenyHosts sperrt Admins aus
Admins, die ihre Server mit DenyHosts vor Brute-Force-Angriffen schützen, müssen handeln - andernfalls stehen sie möglicherweise bald vor verschlossenen Türen.
http://www.heise.de/newsticker/meldung/Anti-Bruteforce-Tool-DenyHosts-sperrt-Admins-aus-2071933.html
How I hacked a journalist
It started off as a follow-up to a story a journalist had written several years ago. The story was about data protection, and had showed that a simple subject access request could provide you with enough information to steal someone's identity. Now, Claudia Joseph wanted to see if anything had changed and to update the world on the new dangers. What would happen if somebody was able to infiltrate your online life? Claudia contacted us and started the conversation with "Can you hack...
http://www.nccgroup.com/en/blog/2013/12/how-i-hacked-a-journalist/
Practical malleability attack against CBC-Encrypted LUKS partitions
Topic: Practical malleability attack against CBC-Encrypted LUKS partitions Risk: Medium Text:Article location:
http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions...
http://cxsecurity.com/issue/WLB-2013120153
Alert: Adobe License Key Email Scam
Adobe is aware of reports that a phishing campaign is underway involving malicious email purporting to deliver license keys for a variety of Adobe offerings. Customers who receive one of these emails should delete it immediately without downloading attachments or...
http://blogs.adobe.com/psirt/2013/12/20/alert-adobe-license-key-email-scam/
[webapps] - Jenkins 1.523 - Inject Persistent HTML Code
http://www.exploit-db.com/exploits/30408
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server Community 3.0.0.4 October 2013 CPU (CVE-2013-5802,CVE-2013-5825)
Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Community 3.0.0.4. CVE(s): CVE-2013-5802, and CVE-2013-5825 Affected product(s) and affected version(s): WebSphere Application Server Community Edition 3.0.0.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21660594 X-Force Database:...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_current_ibm_sdk_for_java_for_websphere_application_server_community_3_0_0_4_october_2013_cpu_cve_2013_5802_cve_2013_5825?lang=en_us
Security Bulletin: Fix available for Unauthorized Information Retrieval Security Vulnerability in IBM WebSphere Portal (CVE-2013-6735)
A fix that blocks unauthorized information retrieval is available for a security vulnerability in IBM WebSphere Portal.
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
Wordpress information leakage and backdoor in writing settings
Topic: Wordpress information leakage and backdoor in writing settings Risk: High Text:Hello list! As Ive announced earlier (
http://seclists.org/fulldisclosure/2013/Nov/219), I conducted a Day of bugs in WordPr...
http://cxsecurity.com/issue/WLB-2013120152
Synology DiskStation Manager (DSM) multiple scripts directory traversal
http://xforce.iss.net/xforce/xfdb/89892
Avant Browser Rendering Engines Multiple Vulnerabilities
https://secunia.com/advisories/56242
Nagios "process_cgivars()" Off-By-One Vulnerability
https://secunia.com/advisories/55976
Next End-of-Shift Report on 2013-12-27