End-of-Shift report
Timeframe: Donnerstag 06-11-2014 18:00 − Freitag 07-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Crypto 101 - free book resource, (Thu, Nov 6th)
Regular reader and contributor Gebhard sent us a pointer to Crypto 101, an introductory course on cryptography, freely available for programmers of all ages and skill levels byLaurens Van Houtven (lvh) available for everyone, for free, forever. Its a pre-release PDF read of a project that will be released in more formats later. The Crypto 101 course allows you to learn by doing and includes everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash...
https://isc.sans.edu/diary.html?storyid=18925&rss
Metasploit Weekly Wrapup: Another Android Universal XSS
https://community.rapid7.com/community/metasploit/blog/2014/11/06/metasploit-weekly-wrapup
Navy gunners unphased by "integer overflow bug" concerns
Today, Naked Security received an out-of-the-ordinary email... ..from a vacationing coder with a penchant for fitting geekiness into regular life! We loved his story. We think you will too.
http://nakedsecurity.sophos.com/2014/11/06/navy-gunners-unphased-by-integer-overflow-bug-concerns/
Slides zum Thema DDoS
Slides zum Thema DDoS | 5. November 2014 | Das Abwehramt des österreichischen Bundesheeres veranstaltet jedes Jahr eine Konferenz zum Thema IKT-Sicherheit. Dieses Jahr wurde ich eingeladen, einen Vortrag zum Thema DDoS zu halten.In meiner Präsentaion verweise ich auf diverse externe Dokumente, daher wurde ich gebeten, die Slides zum zum Download anzubieten. Autor: Otmar Lendl
http://www.cert.at/services/blog/20141105124802-1293.html
Advance Notification Service for the November 2014 Security Bulletin Release
Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). As per our monthly process, weve
http://blogs.technet.com/b/msrc/archive/2014/11/06/advance-notification-service-for-the-november-2014-security-bulletin-release.aspx
Chinese Routing Errors Redirect Russian Traffic
In recent weeks, Russian President Vladimir Putin announced a plan to enact measures to protect the Internet of Russia. In a speech to the Russian National Security Council he said, "we need to greatly improve the security of domestic communications networks and information resources." Perhaps he should add Internet routing security to his list because,...
http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/
Frankfurt | 04.12.2014 - SAVE us from IP Spoofing and Prefix Hijacking
DDoS reflection attacks are promoted by IP spoofing and there have been several incidents in the last couple of years where huge networks or whole countries were disconnected from the internet after BGP hijacking. Nevertheless there are countermeasure like RPKI, BCP38 and S.A.V.E that not only protect your network but also help to create a more robust internet. Matthias Wählisch (FU Berlin) and Gert Döring (Space.Net) are going to present these approaches and open the discussion with...
http://de-cix.eco.de/2014/events/4-12-frankfurt-spoofing-and-hijacking.html
Security Holes in Corporate Networks: Network Vulnerabilities
In this blogpost, we will review in detail the possible vectors for an attack launched on a corporate network from an infected computer within it.
http://securelist.com/blog/research/67452/security-holes-in-corporate-networks-network-vulnerabilities/
Combat Blackhat SEO Infections with SEO Insights
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming more common every day: innocent websites are hacked, and their best pages begin linking to spam. These Blackhat SEO spam tactics are fighting for expensive, high-competition keywords...
http://blog.sucuri.net/2014/11/combat-blackhat-seo-infections-with-seo-insights.html
Macro malware on the rise again
Users taught that having to enable enhanced security features is no big deal.When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past, like porn diallers or viruses that did funny things to the characters on your screen: threats that were once a real problem, but that we didnt have to worry about any longer.A few years ago, I even heard a malware researcher bemoan the fact that "kids these days" didnt even know how to analyse macro viruses.
http://www.virusbtn.com/blog/2014/11_07.xml?rss
Yosemite Beta
When we first announced that future versions of GPGMail would be available for a small fee, we were pretty scared about the reactions. Despite our expectations, weve received mostly positive responses and we would really like to thank you for that. Today were happy to announce that the first beta of GPGMail for Yosemite is finally ready.
https://gpgtools.org/?yosemite
GnuPG unterstützt Krypto auf Elliptischen Kurven
Das soeben veröffentlichte Release GnuPG 2.1.0 bringt einige neue Funktionen, bessere Abläufe und es schneidet auch ein paar alte Zöpfe ab. Der 2.0er-Zweig wird als stabile Version weiter gepflegt.
http://www.heise.de/security/meldung/GnuPG-unterstuetzt-Krypto-auf-Elliptischen-Kurven-2444337.html
Belkin flings out patch after Metasploit module turns guests to admins
Open guest networks turned on by default Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool.
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/07/belkin_flings_patch_after_metasploit_module_turns_guests_to_admins/
VB2014 video: Attack points in health apps & wearable devices - how safe is your quantified self?
Health apps and wearable devices found to make many basic security mistakes."I know a lot of you have a Fitbit device."The geeks attending VB conferences tend to like their gadgets, and many of them have the latest ones, so the claim made by Candid Wüest at the beginning of his VB2014 last-minute presentation Attack points in health apps & wearable devices - how safe is your quantified self? was bound to be accurate. But the Symantec researcher really did know how many...
http://www.virusbtn.com/blog/2014/11_07a.xml?rss
Security: Tausende unsichere Webcams im Internet zu sehen
Über tausende Webcams sind derzeit Menschen zu Hause in ihrem Fernsehsessel oder bei der Arbeit am Rechner zu sehen - ohne dass sie davon wissen. Die unbekannten Betreiber einer Webseite haben dafür weltweit Überwachungskameras angezapft.
http://www.golem.de/news/security-tausende-unsichere-webcams-im-internet-zu-sehen-1411-110401-rss.html
Vuln: requests-kerberos requests_kerberos/kerberos_.py Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/70909
SOL15792: Path MTU discovery vulnerability CVE-2004-1060
Description: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Dont Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." (CVE-2004-1060) Impact: The BIG-IP system may be vulnerable to denial-of-service (DoS) attacks.
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15792.html
Bugtraq: Open-Xchange Security Advisory 2014-11-07
http://www.securityfocus.com/archive/1/533936
[R1] OpenSSL Vulnerabilities (20141015) Affect Tenable Products
November 7, 2014
http://www.tenable.com/security/tns-2014-11
RSA Web Threat Detection SQL Injection
Topic: RSA Web Threat Detection SQL Injection Risk: Medium Text:ESA-2014-135: RSA Web Threat Detection SQL Injection Vulnerability EMC Identifier: ESA-2014-135 CVE Identifier: C...
http://cxsecurity.com/issue/WLB-2014110032
PHP date_from_ISO8601() buffer overflow
http://xforce.iss.net/xforce/xfdb/98522
DSA-3067 qemu-kvm
security update
http://www.debian.org/security/2014/dsa-3067
DSA-3066 qemu
security update
http://www.debian.org/security/2014/dsa-3066
DSA-3065 libxml-security-java
security update
http://www.debian.org/security/2014/dsa-3065
IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_tivoli_workload_scheduler_is_affected_by_the_following_curl_libcurl_vulnerabilities_cve_2014_0139_cve_2014_0138?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerability_about_apache_tomcat_jsp_file_upload_in_websphere_application_server_community_edition_3_0_0_4?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_tivoli_endpoint_manager_for_remote_control_cve_2014_3511_cve_2014_5139?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_and_ibm_java_runtime_affect_tivoli_endpoint_manager_for_remote_control?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_one_vulnerability_in_ibm_filenet_content_manager_and_ibm_content_foundation_cve_2014_4263?lang=en_us