Tageszusammenfassung - Mittwoch 20-02-2013

End-of-Shift report

Timeframe: Dienstag 19-02-2013 18:00 − Mittwoch 20-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:01.bind

FreeBSD Security Advisory FreeBSD-SA-13:01.bind

http://www.securityfocus.com/archive/1/525732

---

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:02.libc

FreeBSD Security Advisory FreeBSD-SA-13:02.libc

http://www.securityfocus.com/archive/1/525735

---

Oracle stopft Sicherheitslecks: Updates für Java 1.4 bis 7

Oracle hat erneut ein Update für die Java-Laufzeitumgebung veröffentlicht. Es schliesst fünf Sicherheitslücken, drei davon mit der höchsten Gefährdungsstufe. Auch die Schwachstelle "Lucky 13" soll beseitigt sein. Weitere Patches sollen im April folgen.

http://rss.feedsportal.com/c/32407/f/463925/s/28c21278/l/0L0Sheise0Bde0Csecurity0Cmeldung0COracle0Estopft0ESicherheitslecks0EUpdates0Efuer0EJava0E10E40Ebis0E70E180A65220Bhtml0Cfrom0Crss0A9/story01.htm

---

Apple FINALLY fills gaping Java hole that pwned its own devs

Zero-day vuln also downed Facebook staff and other Mac users Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apples own developers, their counterparts at Facebook and scores of other Mac-using companies.

http://go.theregister.com/feed/www.theregister.co.uk/2013/02/20/apple_java_omnishambles/

---

CloudFlare vs Incapsula vs ModSecurity - A Comparative Penetration Testing Analysis Report

This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. Our goal was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.

http://zeroscience.mk/files/wafreport2013.pdf