End-of-Shift report
Timeframe: Donnerstag 18-04-2013 18:00 − Freitag 19-04-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
Yes, “design flaw” in 1Password is a problem, just not for end users
It may very well be time for a new and improved hashing function.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/p6YJzwrXgpU/
SAP ConfigServlet command execution
SAP ConfigServlet command execution
http://xforce.iss.net/xforce/xfdb/83637
IBM Lotus Connections reflected cross-site scripting
IBM Lotus Connections reflected cross-site scripting
http://xforce.iss.net/xforce/xfdb/82265
-- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=15635&rss
ISC Handler Lenny Zeltsers REMnux v4 Reviewed on Hak5, (Thu, Apr 18th)
Earlier this money, Lenny released version 4 of REMnux, a lightweight Ubuntu Linux-based distro for analyzing malware. It was recently reviewed on Hak5. Take a look and if you havent already, download the image and send Lenny your feedback. -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=15638&rss
Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks
Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028454
Xen denial of service
Xen denial of service
http://xforce.iss.net/xforce/xfdb/83645
http://xforce.iss.net/xforce/xfdb/83646
SWFUpload v.ALL <= (Object Injection/CSRF) Vulnerabilities
Topic: SWFUpload v.ALL
http://feedproxy.google.com/~r/securityalert_database/~3/jQYLW7Im9Hg/WLB-2013040138
Vuln: Drupal MP3 Player Module Cross Site Scripting Vulnerability
Drupal MP3 Player Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/59276
Vuln: Drupal elFinder Module Cross Site Request Forgery Vulnerability
Drupal elFinder Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/59277
WordPress attack highlights 30 million targets
Summary: The recent botnet attack on websites running WordPress hasnt had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse.
http://www.zdnet.com/wordpress-attack-highlights-30-million-targets-7000014256/
Using Nessus to Discover Malware and Botnet Hosts
...Tenable has released several plugins to identify hosts in your environment that show signs of a compromise such as containing malware or participating in a botnet. The steps below outline which plugins to enable and how to create filters to easily find the relevant plugins...
http://www.tenable.com/blog/using-nessus-to-discover-malware-and-botnet-hosts
OpenPGP Best Practices
Some thoughts on best practices for OpenPGP keys
https://we.riseup.net/debian/openpgp-best-practices
Facebook closes cross-site scripting holes
Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Securitys CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components.
http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scripting-holes-1845850.html
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators cant analyze or identify it.
http://www.darkreading.com/vulnerability/microsoft-discovers-trojan-that-erases-e/240152960
Hitachi Vulnerabilities in Multiple Products
Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerability
https://secunia.com/advisories/52990
https://secunia.com/advisories/53136
https://secunia.com/advisories/53139
Bugtraq: TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation
TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation
http://www.securityfocus.com/archive/1/526403