Tageszusammenfassung - Freitag 3-01-2014

End-of-Shift report

Timeframe: Donnerstag 02-01-2014 18:00 − Freitag 03-01-2014 18:00 Handler: Alexander Riepl Co-Handler: L. Aaron Kaplan

Greyhats expose 4.5 million Snapchat phone numbers using 'theoretical' hack

Snapchat largely discounted weakness that partially exposed user numbers.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/8aPSkYeU_SA/


Target's Use of 3DES Encryption Invites Scrutiny, Worry

Targets admission that encrypted PIN data was stolen and secured with 3DES encryption has experts concerned because of the age of the algorithm and the availability of stronger options.

http://threatpost.com/targets-use-of-3des-encryption-invites-scrutiny-worry/103389


Mysterioese Backdoor in diversen Router-Modellen

Auf Routern von Linksys und Netgear lauscht ein undokumentierter Dienst, der auf Befehle wartet. Bislang gibt es lediglich ein Indiz dafuer, was es damit auf sich haben koennte.

http://www.heise.de/newsticker/meldung/Mysterioese-Backdoor-in-diversen-Router-Modellen-2074394.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


Scans Increase for New Linksys Backdoor (32764/TCP), (Thu, Jan 2nd)

We do see a lot of probes for port 32764/TCP . According to a post to github from 2 days ago, some Linksys devices may be listening on this port enabling full unauthenticated admin access. [1] At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network. Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs today. The by far

http://isc.sans.edu/diary.html?storyid=17336&rss


NSA Exploit of the Day: DEITYBOUNCE

Todays item from the NSAs Tailored Access Operations (TAO) group implant catalog is DEITYBOUNCE: DEITYBOUNCE (TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads. (TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and...

https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html


Advanced Dewplayer plugin for WordPress download-file.php directory traversal

Advanced Dewplayer plugin for WordPress download-file.php directory traversal

http://xforce.iss.net/xforce/xfdb/89978


"Penetrating Hard Targets": NSA arbeitet an Quantencomputern zur Kryptoanlayse

Dokumente des NSA-Whistleblowers Edward Snowden legen nahe, dass die NSA bei der Entwicklung von Quantencomputern keinen Vorsprung hat. Mit derartiger Technik koennte bestehende Public-Key-Kryptographie geknackt werden.

http://www.heise.de/security/meldung/Penetrating-Hard-Targets-NSA-arbeitet-an-Quantencomputern-zur-Kryptoanlayse-2074540.html


HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code

Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422-1


Bundesnetzagentur praesentiert Entwurf des IT-Sicherheitskatalogs

Eine Liste von Sicherheitsanforderungen soll die IT-Infrastruktur unserer Stromnetze absichern. Bis Februar kann man diesen Entwurf noch kommentieren.

http://www.heise.de/newsticker/meldung/Bundesnetzagentur-praesentiert-Entwurf-des-IT-Sicherheitskatalogs-2074724.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


Cost/Benefit Analysis of NSAs 215 Metadata Collection Program

It has amazed me that the NSA doesnt seem to do any cost/benefit analyses on any of its surveillance programs. This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs. In this paper, John Mueller and Mark G. Stewart have done the analysis on one of these programs. Worth reading....

https://www.schneier.com/blog/archives/2014/01/costbenefit_ana_1.html


UPDATED X1 : OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor, (Thu, Jan 2nd)

By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is that the attack was made possible by gaining access to the hypervisor that hosts the VM responsible for the website. Attacks of this sort are likely to be more common as time goes on as it provides easy ability to take over a host without having to go through the effort of actually rooting a box.

http://isc.sans.edu/diary.html?storyid=17333&rss


Bankautomaten per USB-Stick uebernommen

Sicherheitsforscher haben Schadcode entdeckt, der per USB-Stick auf Geldautomaten geladen wird und Ganoven dann beliebig Geld auszahlt. Die Malware enthaelt ausserdem raffinierte Funktionen, die den Hintermaennern Kontrolle ueber die Auszahlungen gibt

http://www.heise.de/security/meldung/Bankautomaten-per-USB-Stick-uebernommen-2074773.html


Ubuntu bessert TLSv1.2-Unterstuetzung nach

In aktuellen Ubuntu-Versionen kann die zentrale Crypto-Bibliothek OpenSSL kein TLSv1.2; das soll sich erst mit Ubuntu 14.04 LTS aendern.

http://www.heise.de/security/meldung/Ubuntu-bessert-TLSv1-2-Unterstuetzung-nach-2074817.html


Ueberwachung: BND fischt deutlich weniger Kommunikation ab

Der Bundesnachrichtendienst hat seine Filtermethoden offenbar verbessert. Im Jahr 2012 sind viel weniger verdaechtige Kommunikationsinhalte als in den Vorjahren in den Netzen haengengeblieben. (Datenschutz, DE-CIX)

http://www.golem.de/news/ueberwachung-bnd-fischt-deutlich-weniger-kommunikation-ab-1401-103691-rss.html


Slovenian jailed for creating code behind 12 MILLION strong Mariposa botnet army

A Slovenian virus writer who created an infamous strain of malware used to infect an estimated 12 million computers worldwide has been jailed for almost five years.

http://www.theregister.co.uk/2014/01/03/mariposa_botnet_mastermind_jailed/