Tageszusammenfassung - Montag 5-08-2013

End-of-Shift report

Timeframe: Freitag 02-08-2013 18:00 − Montag 05-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

DMARC: another step forward in the fight against phishing?, (Mon, Aug 5th)

I’m always searching to find facts and figures on the effectiveness of security measures on phishing attacks, which is harder that it would first seem. This is all is in aid of framing a picture to the boss on why to spend money, energy and resources on this most insidious and highly successful type of attack. That makes it very important to understand what happens towards your company, then you’re industry sector and, finally, how other non-related sectors are doing to create an

http://isc.sans.edu/diary.html?storyid=16297&rss


Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps

chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the televisions surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC

http://entertainment.slashdot.org/story/13/08/03/2250247/samsung-smart-tv-basically-a-linux-box-running-vulnerable-web-apps


Firefox Zero-Day Used in Child Porn Hunt?

A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser -- an online anonymity

https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hunt/


Bad timing: New HTML5 trickery lets hackers silently spy on browsers

Sub-millisecond precision in your rendering engine. What could possibly go wrong? New time-measuring features in HTML5 can be exploited by malicious websites to illicitly peek at pages open on a victims browser, it is claimed.…

http://www.theregister.co.uk/2013/08/05/html5_timing_attacks/


Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure - Version: 1.0

Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device.

http://technet.microsoft.com/en-us/security/advisory/2876146


[2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness

The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130805-0_Vodafone_EasyBox_Default_WPS_PIN_Vulnerability_v10.txt


rgpg gem for Ruby command execution

rgpg gem for Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by GpgHelper module (lib/rgpg/gpg_helper.rb). An attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.

http://xforce.iss.net/xforce/xfdb/86148


HP LaserJet Pro Printer Bug Lets Remote Users Access Data

A vulnerability was reported in HP Printer. A remote user can obtain potentially sensitive information.

http://www.securitytracker.com/id/1028869


Bugtraq: FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities

The Vulnerability Laboratory Research Team discovered a command/path inject vulnerability in the FTP OnConnect v1.4.11 application (Apple iOS - iPad & iPhone).

http://www.securityfocus.com/archive/1/527760


Bugtraq: PuTTY SSH handshake heap overflow

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication,...

http://www.securityfocus.com/archive/1/527763


Bugtraq: Joomla core <= 3.1.5 reflected XSS vulnerability

Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other...

http://www.securityfocus.com/archive/1/527765


IBM InfoSphere BigInsights Multiple Vulnerabilities

Multiple vulnerabilities have been reported in IBM InfoSphere BigInsights, which can be exploited by malicious people to conduct spoofing, cross-site scripting, and request forgery attacks.

https://secunia.com/advisories/54447


HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)

Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS).

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03883001


TYPO3: Several vulnerabilities in extensions

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-011/ https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-012/ https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013/


phpMyAdmin Clickjacking Vulnerabilies

https://secunia.com/advisories/54381 https://secunia.com/advisories/54409