Tageszusammenfassung - Montag 19-08-2013

End-of-Shift report

Timeframe: Freitag 16-08-2013 18:00 − Montag 19-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

Filtering Signal From Noise, (Fri, Aug 16th)

We have used the term "internet background radiation" more than once to describe things like SSH scans. Like cosmic background radiation, its easy to consider it noise, but one can find signals buried within it, with enough time and filtering. I wanted to take a look at our SSH scan data and see if we couldnt tease out anything useful or interesting. First Visualization I used the DShield API to pull this years port 22 data (https://isc.sans.edu/api/ for more details on our API.)

http://isc.sans.edu/diary.html?storyid=16385&rss

Schwachstelle im BIOS einiger Dell-Geräte

Dell hat für eine Reihe älterer Systeme der Latitude- und Precision-Reihe BIOS-Updates herausgegeben. Den Geräten lässt sich wegen eines potenziellen Buffer Overflows im BIOS eine unsignierte Firmware unterschieben.

http://www.heise.de/security/meldung/Schwachstelle-im-BIOS-einiger-Dell-Geraete-1937551.html

A Closer Look: Perkele Android Malware Kit

In March 2013 I wrote about Perkele, a crimeware kit designed to create malware for Android phones that can help defeat multi-factor authentication used by many banks. In this post, well take a closer look at this threat, examining the malware as it is presented to the would-be victim as well as several back-end networks set up by cybercrooks who have been using Perkele to fleece banks and their customers.

http://krebsonsecurity.com/2013/08/a-closer-look-perkele-android-malware-kit/

HP verabschiedet sich vom Java-Interface

Bei einer Routine-Überprüfung einer unserer HP-Procurve-Switches haben wir eine erfreuliche Entdeckung gemacht. HP hat schon vor einer Weile angefangen, seine Java-Konfigurationsoberflächen zu ersetzen und nutzt stattdessen HTML. Aber nicht alle Switches bekommen ein HTML-Update.

http://www.golem.de/news/procurve-hp-verabschiedet-sich-vom-java-interface-1308-101044.html

DIY automatic cybercrime-friendly 'redirectors generating' service spotted in the wild

By Dancho Danchev Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we've seen in virtually ever segment of the underground marketplace, demand always meets supply. A newly launched, DIY 'redirectors' generating service, aims to make it easier for cybercriminals to hide the true intentions...

http://blog.webroot.com/2013/08/19/diy-automatic-cybercrime-friendly-redirectors-generating-service-spotted-in-the-wild/

whistle.im: FaaS - Fuckup as a Service

Auf den ersten Blick mag das Projekt sinnvoll erscheinen: Ende-zu-Ende-Verschlüsselung "Unsere Kryptographie ist Open Source - Mitstreiter willkommen!" Verwendung von SSL, RSA, AES Doch schaut man etwas tiefer in das Projekt, so merkt man schnell, dass es sich mehr um hohle Phrasen handelt, als um Ansätze, die mit Sach- oder Fachverstand geprüft wurden.

http://hannover.ccc.de/~nexus/whistle.html

Analysis: Anti-decompiling techniques in malicious Java Applets

Step 1: How this startedWhile I was investigating the Trojan.JS.Iframe.aeq case (see blogpost ) one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability:document.write(<applet ...

http://www.securelist.com/en/analysis/204792300/Anti_decompiling_techniques_in_malicious_Java_Applets

The Cryptopocalypse

There was a presentation at Black Hat last month warning us of a "factoring cryptopocalypse": a moment when factoring numbers and solving the discrete log problem become easy, and both RSA and DH break. This presentation was provocative, and has generated a lot of commentary, but I dont see any reason to worry. Yes, breaking modern public-key cryptosystems has gotten...

http://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html

The Risk of Running Windows XP After Support Ends April 2014

Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.

http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx

Here's what you find when you scan the entire Internet in an hour

Until recently, scanning the entire Internet, with its billions of unique addresses, was a slow and labor-intensive process. For example, in 2010 the Electronic Frontier Foundation conducted a scan to gather data on the use of encryption online. The process took two to three months.

http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/18/heres-what-you-find-when-you-scan-the-entire-internet-in-an-hour/

2013-08 Security Bulletin: Network and Security Manager: DoS due to repeated SSL session renegotiations (CVE-2011-1473)

A vulnerability has been reported against virtually all versions of OpenSSL stating that client-initiated renegotiation is not properly restricted within the SSL and TLS protocols. This might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Some network services in Network and Security Manager (NSM) utilizing SSL/TLS were found vulnerable to this issue.

http://kb.juniper.net/InfoCenter/index/content&id=JSA10584

IBM Notes / Domino Java Multiple Vulnerabilities

https://secunia.com/advisories/54574

Django "is_safe_url()" Cross-Site Scripting and "URLField" Script Insertion Vulnerabilities

https://secunia.com/advisories/54476