End-of-Shift report
Timeframe: Montag 11-03-2013 18:00 − Dienstag 12-03-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
Improving the security for Android embedded systems
"McAfee has delivered a whitelisting security solution for Android based embedded systems. McAfee Application Control for Android resides in the Android kernel, embedded in the operating system and provides protection from the installation or execution of a malicious application on an Android-based device. McAfee also provides protection at the application layer to Android devices...."
http://www.net-security.org/secworld.php?id=14574
Blacklist NJABL geht außer Betrieb
Die Anti-Spam-Blacklist NJABL hat ihre Datenbasis bereits ausgeblendet. Verantwortlichen von Mailservern, die sie dennoch weiterhin abfragen, droht Ungemach, sobald der Hoster auch die Namensdienst-Einträge abklemmt.
http://rss.feedsportal.com/c/32407/f/463925/s/2971dffa/l/0L0Sheise0Bde0Csecurity0Cmeldung0CBlacklist0ENJABL0Egeht0Eausser0EBetrieb0E1820A4240Bhtml0Cfrom0Crss0A9/story01.htm
Australien: Hackerangriffe auf die Zentralbank
Australische Medien berichten von Hackerangriffen auf die Zentralbank des Landes und sprechen dabei von Spuren nach China und kompromittierten Informationen. Die Zentralbank bestätigt, dass es Cyberattacken gab, sonst nichts.
http://rss.feedsportal.com/c/32407/f/463925/s/2971ee42/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAustralien0EHackerangriffe0Eauf0Edie0EZentralbank0E1820A3720Bhtml0Cfrom0Crss0A9/story01.htm
Google Docs CSRF & Clickjacking
Topic: Google Docs CSRF & Clickjacking Risk: Medium Text:CSRF & Clickjacking : Google Document, Drawing, Forms, Spreadsheet, Presentation Attacker can create Google Document, Dra...
http://feedproxy.google.com/~r/securityalert_database/~3/K1SfuqKrTTM/WLB-2013030090
Vuln: Piwik Unspecified Cross Site Scripting Vulnerability
Piwik Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58392
TinyMCE XSS Vulnerability
Topic: TinyMCE XSS Vulnerability Risk: Low Text:Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Descrip...
http://feedproxy.google.com/~r/securityalert_database/~3/vAEUomxc8S8/WLB-2013030083
Windows 8: Flash als Standard
Der Internet Explorer unter Windows 8 und RT soll wesentlich mehr Flash-Inhalte per default zulassen. Damit rückt der Software-Hersteller noch weiter von seiner bisherigen Linie bei der Flash-Unterstützung ab.
http://rss.feedsportal.com/c/32407/f/463925/s/2977bea5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CWindows0E80EFlash0Eals0EStandard0E1820A7980Bhtml0Cfrom0Crss0A9/story01.htm
Chess CAPTCHA - a serious defence against spammers?
"CAPTCHAs - the questions that a website asks you to answer to prove if youre a human being or not - come in many shapes and forms. Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages...."
http://nakedsecurity.sophos.com/2013/03/12/chess-captcha/
Phishing emails sent in pairs to lend authenticity, says training company
"Phishing emails are now being deployed in pairs to create the illusion of authenticity, says security awareness training firm PhishMe. Phishing emails try to trick the recipient into doing something risky by disguising malicious attachments or links in seemingly genuine content. In this new type of phishing email campaign, attackers typically send out a benign email that contains nothing harmful and does not ask for any information or response from the recipient...."
http://www.computerweekly.com/news/2240179364/Phishing-emails-sent-in-pairs-to-lend-authenticity-says-training-company
Google Play: Potentially Unwanted
Google Play has a problem and it isnt malware.Depending on location, Potentially Unwanted Applications (PUA) can be rather difficult to avoid.Heres a screenshot of User Reviews from a "weather widget" application:In English (both U.S. and U.K.), there are eight user reviews. Just eight. Even if you click on a link to "Read All User Reviews".But if you use the Danish UI this is one additional review youll see:And its good that Danes can see it, because the
http://www.f-secure.com/weblog/archives/00002521.html