Tageszusammenfassung - Dienstag 10-09-2013

End-of-Shift report

Timeframe: Montag 09-09-2013 18:00 − Dienstag 10-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

Book Review: The Practice of Network Security Monitoring

benrothke writes "It has been about 8 years since my friend Richard Bejtlichs (note, that was a full disclosure my friend) last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this highly informative and actionable book, you are already reviewing tcpdump output at page 16. In The Practice of

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GDJ5LDb-zAY/story01.htm

Researchers Call for Ban on PHP SuperGlobal Variables

Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses.

http://threatpost.com/researchers-call-for-ban-on-php-superglobal-variables/102224

Keeping Data Secret, Even From Apps That Use It

Nervals Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xYV9IJvP0OQ/story01.htm

Online security: it’s in your interest! 1st European Cyber Security Month coming up in October

In October 2013, the first fully-fledged European Cyber Security Month (ECSM) will take place all over Europe.

http://www.enisa.europa.eu/media/press-releases/online-security-it2019s-in-your-interest-1st-european-cyber-security-month-coming-up-in-october

MIPS-Router mit Entropieproblemen

Die MIPS-Ausgabe von Linux erzeugt Zufallszahlen mit Hilfe von fragwürdigen Entropiewerten, was die Angreifbarkeit von kryptografischen Schlüsseln erhöht. Dies betrifft eine ganze Reihe von Routern für den Endverbraucher-Markt.

http://www.heise.de

iPhone 5S Phishing Mail Arrives In Time for Launch

While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest. We saw samples of spammed messages that attempted to spoof an Apple Store email […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroiPhone 5S Phishing Mail Arrives In Time for Launch

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zf_EldxUPaU/

Windows Phone 7: a look at popular apps and their data storage practices

This paper looks at how popular Windows Phone 7 apps address data storage with a focus on the platforms initial lack of data protection APIs and how that influenced the type of and manner in which data was kept on a users device.

https://www.isecpartners.com/media/106503/wp7_app_survey_storage.pdf

NSA-Affäre: Generatoren für Zufallszahlen unter der Lupe

Nachdem bekannt wurde, dass die NSA eine Backdoor in einen von NIST veröffentlichten Zufallszahlengenerator einbaute, werden nun viele Entropie-Quellen mit gesundem Misstrauen geprüft. So auch Intels Chip-basierte RDRAND-Funktion unter Linux.

http://www.heise.de/security/meldung/NSA-Affaere-Generatoren-fuer-Zufallszahlen-unter-der-Lupe-1953716.html

iPhone 5S: Fingerabdruckscanner können ausgetrickst werden

Einfache Systeme mit Fotokopien täuschbar - Experten orten Probleme auch in zentralen Datenbanken

http://derstandard.at/1378248579562

HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

Potential security vulnerabilities have been identified with HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These vulnerabilities could be exploited remotely to allow SQL injection, remote code execution and session reuse.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03897409