Tageszusammenfassung - Dienstag 12-03-2013

End-of-Shift report

Timeframe: Montag 11-03-2013 18:00 − Dienstag 12-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner

Improving the security for Android embedded systems

"McAfee has delivered a whitelisting security solution for Android based embedded systems. McAfee Application Control for Android resides in the Android kernel, embedded in the operating system and provides protection from the installation or execution of a malicious application on an Android-based device. McAfee also provides protection at the application layer to Android devices...."

http://www.net-security.org/secworld.php?id=14574


Blacklist NJABL geht außer Betrieb

Die Anti-Spam-Blacklist NJABL hat ihre Datenbasis bereits ausgeblendet. Verantwortlichen von Mailservern, die sie dennoch weiterhin abfragen, droht Ungemach, sobald der Hoster auch die Namensdienst-Einträge abklemmt.

http://rss.feedsportal.com/c/32407/f/463925/s/2971dffa/l/0L0Sheise0Bde0Csecurity0Cmeldung0CBlacklist0ENJABL0Egeht0Eausser0EBetrieb0E1820A4240Bhtml0Cfrom0Crss0A9/story01.htm


Australien: Hackerangriffe auf die Zentralbank

Australische Medien berichten von Hackerangriffen auf die Zentralbank des Landes und sprechen dabei von Spuren nach China und kompromittierten Informationen. Die Zentralbank bestätigt, dass es Cyberattacken gab, sonst nichts.

http://rss.feedsportal.com/c/32407/f/463925/s/2971ee42/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAustralien0EHackerangriffe0Eauf0Edie0EZentralbank0E1820A3720Bhtml0Cfrom0Crss0A9/story01.htm


Google Docs CSRF & Clickjacking

Topic: Google Docs CSRF & Clickjacking Risk: Medium Text:CSRF & Clickjacking : Google Document, Drawing, Forms, Spreadsheet, Presentation Attacker can create Google Document, Dra...

http://feedproxy.google.com/~r/securityalert_database/~3/K1SfuqKrTTM/WLB-2013030090


Vuln: Piwik Unspecified Cross Site Scripting Vulnerability

Piwik Unspecified Cross Site Scripting Vulnerability

http://www.securityfocus.com/bid/58392


TinyMCE XSS Vulnerability

Topic: TinyMCE XSS Vulnerability Risk: Low Text:Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Descrip...

http://feedproxy.google.com/~r/securityalert_database/~3/vAEUomxc8S8/WLB-2013030083


Windows 8: Flash als Standard

Der Internet Explorer unter Windows 8 und RT soll wesentlich mehr Flash-Inhalte per default zulassen. Damit rückt der Software-Hersteller noch weiter von seiner bisherigen Linie bei der Flash-Unterstützung ab.

http://rss.feedsportal.com/c/32407/f/463925/s/2977bea5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CWindows0E80EFlash0Eals0EStandard0E1820A7980Bhtml0Cfrom0Crss0A9/story01.htm


Chess CAPTCHA - a serious defence against spammers?

"CAPTCHAs - the questions that a website asks you to answer to prove if youre a human being or not - come in many shapes and forms. Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages...."

http://nakedsecurity.sophos.com/2013/03/12/chess-captcha/


Phishing emails sent in pairs to lend authenticity, says training company

"Phishing emails are now being deployed in pairs to create the illusion of authenticity, says security awareness training firm PhishMe. Phishing emails try to trick the recipient into doing something risky by disguising malicious attachments or links in seemingly genuine content. In this new type of phishing email campaign, attackers typically send out a benign email that contains nothing harmful and does not ask for any information or response from the recipient...."

http://www.computerweekly.com/news/2240179364/Phishing-emails-sent-in-pairs-to-lend-authenticity-says-training-company


Google Play: Potentially Unwanted

Google Play has a problem and it isnt malware.Depending on location, Potentially Unwanted Applications (PUA) can be rather difficult to avoid.Heres a screenshot of User Reviews from a "weather widget" application:In English (both U.S. and U.K.), there are eight user reviews. Just eight. Even if you click on a link to "Read All User Reviews".But if you use the Danish UI this is one additional review youll see:And its good that Danes can see it, because the

http://www.f-secure.com/weblog/archives/00002521.html