End-of-Shift report
Timeframe: Donnerstag 02-01-2014 18:00 − Freitag 03-01-2014 18:00
Handler: Alexander Riepl
Co-Handler: L. Aaron Kaplan
Greyhats expose 4.5 million Snapchat phone numbers using 'theoretical' hack
Snapchat largely discounted weakness that partially exposed user numbers.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/8aPSkYeU_SA/
Target's Use of 3DES Encryption Invites Scrutiny, Worry
Targets admission that encrypted PIN data was stolen and secured with 3DES encryption has experts concerned because of the age of the algorithm and the availability of stronger options.
http://threatpost.com/targets-use-of-3des-encryption-invites-scrutiny-worry/103389
Mysterioese Backdoor in diversen Router-Modellen
Auf Routern von Linksys und Netgear lauscht ein undokumentierter Dienst, der auf Befehle wartet. Bislang gibt es lediglich ein Indiz dafuer, was es damit auf sich haben koennte.
http://www.heise.de/newsticker/meldung/Mysterioese-Backdoor-in-diversen-Router-Modellen-2074394.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Scans Increase for New Linksys Backdoor (32764/TCP), (Thu, Jan 2nd)
We do see a lot of probes for port 32764/TCP . According to a post to github from 2 days ago, some Linksys devices may be listening on this port enabling full unauthenticated admin access. [1] At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network. Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs today. The by far
http://isc.sans.edu/diary.html?storyid=17336&rss
NSA Exploit of the Day: DEITYBOUNCE
Todays item from the NSAs Tailored Access Operations (TAO) group implant catalog is DEITYBOUNCE: DEITYBOUNCE (TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads. (TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and...
https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
Advanced Dewplayer plugin for WordPress download-file.php directory traversal
Advanced Dewplayer plugin for WordPress download-file.php directory traversal
http://xforce.iss.net/xforce/xfdb/89978
"Penetrating Hard Targets": NSA arbeitet an Quantencomputern zur Kryptoanlayse
Dokumente des NSA-Whistleblowers Edward Snowden legen nahe, dass die NSA bei der Entwicklung von Quantencomputern keinen Vorsprung hat. Mit derartiger Technik koennte bestehende Public-Key-Kryptographie geknackt werden.
http://www.heise.de/security/meldung/Penetrating-Hard-Targets-NSA-arbeitet-an-Quantencomputern-zur-Kryptoanlayse-2074540.html
HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422-1
Bundesnetzagentur praesentiert Entwurf des IT-Sicherheitskatalogs
Eine Liste von Sicherheitsanforderungen soll die IT-Infrastruktur unserer Stromnetze absichern. Bis Februar kann man diesen Entwurf noch kommentieren.
http://www.heise.de/newsticker/meldung/Bundesnetzagentur-praesentiert-Entwurf-des-IT-Sicherheitskatalogs-2074724.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Cost/Benefit Analysis of NSAs 215 Metadata Collection Program
It has amazed me that the NSA doesnt seem to do any cost/benefit analyses on any of its surveillance programs. This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs. In this paper, John Mueller and Mark G. Stewart have done the analysis on one of these programs. Worth reading....
https://www.schneier.com/blog/archives/2014/01/costbenefit_ana_1.html
UPDATED X1 : OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor, (Thu, Jan 2nd)
By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is that the attack was made possible by gaining access to the hypervisor that hosts the VM responsible for the website. Attacks of this sort are likely to be more common as time goes on as it provides easy ability to take over a host without having to go through the effort of actually rooting a box.
http://isc.sans.edu/diary.html?storyid=17333&rss
Bankautomaten per USB-Stick uebernommen
Sicherheitsforscher haben Schadcode entdeckt, der per USB-Stick auf Geldautomaten geladen wird und Ganoven dann beliebig Geld auszahlt. Die Malware enthaelt ausserdem raffinierte Funktionen, die den Hintermaennern Kontrolle ueber die Auszahlungen gibt
http://www.heise.de/security/meldung/Bankautomaten-per-USB-Stick-uebernommen-2074773.html
Ubuntu bessert TLSv1.2-Unterstuetzung nach
In aktuellen Ubuntu-Versionen kann die zentrale Crypto-Bibliothek OpenSSL kein TLSv1.2; das soll sich erst mit Ubuntu 14.04 LTS aendern.
http://www.heise.de/security/meldung/Ubuntu-bessert-TLSv1-2-Unterstuetzung-nach-2074817.html
Ueberwachung: BND fischt deutlich weniger Kommunikation ab
Der Bundesnachrichtendienst hat seine Filtermethoden offenbar verbessert. Im Jahr 2012 sind viel weniger verdaechtige Kommunikationsinhalte als in den Vorjahren in den Netzen haengengeblieben. (Datenschutz, DE-CIX)
http://www.golem.de/news/ueberwachung-bnd-fischt-deutlich-weniger-kommunikation-ab-1401-103691-rss.html
Slovenian jailed for creating code behind 12 MILLION strong Mariposa botnet army
A Slovenian virus writer who created an infamous strain of malware used to infect an estimated 12 million computers worldwide has been jailed for almost five years.
http://www.theregister.co.uk/2014/01/03/mariposa_botnet_mastermind_jailed/