End-of-Shift report
Timeframe: Donnerstag 22-08-2013 18:00 − Freitag 23-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Top Server OPC Improper Input Validation Vulnerability
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have tested the new version to validate that it resolves the vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS: The following Software Toolbox products are affected:...
http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02
Read of the Week: A Fuzzy Future in Malware Research, (Thu, Aug 22nd)
The August 2013 ISSA Journal includes an excellent read from Ken Dunham: A Fuzzy Future in Malware Research. Ken is a SANS veteran (GCFA Gold, GREM Gold, GCIH Gold, GSEC, GCIA) who spends a good bit of his time researching, writing and presenting on malware-related topics. From Kens abstract: "Traditional static analysis and identification measures for malware are changing, including the use of fuzzy hashes which offers a new way to find possible related malware samples on a computer or
http://isc.sans.edu/diary.html?storyid=16427
How Exploit Kits Dodge Security Vendors and Researchers
Websites with exploit kits are one thing that security vendors and researchers frequently try to look into, so it shouldn't be a surprise that attackers have gone to some length to specifically dodge the good guys. How do they do it? The most basic method used by attackers is an IP blacklist. Just like security...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/qf9ZXjwNgn0/
How Can Social Engineering Training Work Effectively?
One particular aspect of DEF CON that always gets some media coverage is the Social Engineering Capture the Flag (SECTF) contest, where participants use nothing more than a phone call to get victims at various Fortune 500 to give up bits of information. These are the sort of social engineering attacks that give security professionals...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/D-0-ZRv5fSY/
Angeblicher Adobe-Reader-Exploit vermutlich ein Fake
Es verdichten sich die Indizien dafür, dass es das kritische Sicherheitsloch, dass in der aktuellen Reader-Version klaffen soll, gar nicht gibt.
http://www.heise.de/newsticker/meldung/Angeblicher-Adobe-Reader-Exploit-vermutlich-ein-Fake-1941210.html
Pixel Perfect Timing Attacks with HTML5
"This paper describes a number of timing attack techniques that can be used by a malicious web page to steal sensitive data from a browser, breaking cross-origin restrictions. The new requestAnimationFrame API can be used to time browser rendering operations and infersensitive data based on timing data."
http://contextis.co.uk/files/Browser_Timing_Attacks.pdf
BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8
In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems.
http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-Warnung-vor-Windows-8-1940081.html
Setuid-Probleme auf Debian-Abkömmlingen
Ein schlampig programmiertes Setuid-Tool aus dem VMware-Paket beschert Root-Rechte; doch die Ursachen reichen tiefer.
http://www.heise.de/newsticker/meldung/Setuid-Probleme-auf-Debian-Abkoemmlingen-1941698.html
https://secunia.com/advisories/54580