End-of-Shift report
Timeframe: Freitag 14-11-2014 18:00 − Montag 17-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Microsoft Updates MS14-066, (Sun, Nov 16th)
Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers added with the update [1]. It appears that clients who may not support these ciphers may fail to connect at all. The quick fix is to remove the ciphers by editing the respective registry entry (see the KB article link below for more details). One user reported to us performance issues when connecting from MSFT Access to SQL Server, which are related to these ciphers. Sadly, MS14-066hasnt been
https://isc.sans.edu/diary.html?storyid=18957&rss
EVERYTHING needs crypto says Internet Architecture Board
Calls for all new protocols to protect privacy, all the time, everywhere The Internet Architecture Board (IAB) has called for encryption to become the norm for all internet traffic.
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/16/net_gurus_face_off_against_spooks_encrypt_everything/
"Maskierte Apps": Apple veröffentlicht Sicherheitsrichtlinien für App-Installation
Mit Enterprise-Zertifikaten signierte Apps lassen sich am App Store vorbei auf iOS-Geräten installieren. Angreifer können das nutzen, um Apps durch manipulierte Versionen zu ersetzen. Mit Tipps will Apple Nutzer für Malware sensibilisieren.
http://www.heise.de/security/meldung/Maskierte-Apps-Apple-veroeffentlicht-Sicherheitsrichtlinien-fuer-App-Installation-2457628.html
91. Treffen der IETF: Das Kapern von BGP-Routen verhindern
Immer wieder wird Internet-Verkehr unbemerkt über seltsame Wege zum eigentlichen Ziel umgeleitet. Ob es sich um Abhör-Aktionen handelt oder nur um Pannen, ist oft unklar. Nun könnten Netzbetreiber ein Mittel dagegen in die Hand bekommen.
http://www.heise.de/newsticker/meldung/91-Treffen-der-IETF-Das-Kapern-von-BGP-Routen-verhindern-2455564.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers The Tor project has urged calm after new research found 81 percent of users could be identified using Ciscos NetFlow tool.
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/deanonymization_techniques_for_tor_and_bitcoin/
WinShock PoC clocked: But DONT PANIC... Its no Heartbleed
SChannel exploit opens an easily closed door Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week.
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/ms_schannel_crypto_poc/
Jetzt patchen: Details zur SChannel-Lücke in Windows im Umlauf
Administratoren sollten Patches für die kritische Sicherheitslücke in Windows, die Microsoft letzte Woche geschlossen hat, umgehend einspielen. Ansonsten riskieren sie, dass Angreifer über das Netz Schadcode einschleusen.
http://www.heise.de/security/meldung/Jetzt-patchen-Details-zur-SChannel-Luecke-in-Windows-im-Umlauf-2458701.html
Book review: Bulletproof SSL and TLS
Must-read for anyone working with one of the Internets most important protocols.I was reading Ivan Ristićs book Bulletproof SSL and TLS when rumours started to appear about an attack against SSL 3.0, which would soon become commonly known as the POODLE attack. Thanks to the book, I was quickly able to read up on the differences between SSL 3.0 and its successor, TLS 1.0, which wasnt vulnerable to the attack. Elsewhere in the book, a few pages are dedicated to protocol downgrade attacks,...
http://www.virusbtn.com/blog/2014/11_17.xml?rss
Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln
Monday, bloody Monday Fasthosts five-hour collapse today has been blamed on a Distributed Denial of Service attack and a security flaw spotted on its Windows 2003 shared web server kit.
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/fasthosts_outage_blamed_on_ddos_hack_attack_and_windows_2003_vuln/
Comedy spam blunder raises a smile to start the week
We all get lots of spam. Enough, even with junk folders and spam filters, to be more than merely annoying. So heres a spamming mistake to make you smile...
https://nakedsecurity.sophos.com/2014/11/17/comedy-spam-blunder-raises-a-smile-to-start-the-week/
Cisco Aironet DHCP Denial of Service Vulnerabilty
CVE-2014-7997
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997
Cisco Aironet EAP Debugging Denial of Service Vulnerability
CVE-2014-7998
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7998
SSA-860967 (Last Update 2014-11-14): GNU Bash Vulnerabilities in Siemens Industrial Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-860967.pdf
Hot fix to address POODLE SSLv3 vunerability on Designer 4.0.2 AU5 SVN HTTPS access
Abstract: Designer 4.0.2 uses SSLv3 to access SVN repositories over HTTPS, making it vulnerable to the poodle weakness in the SSL protocol (CVE-2014-3566). This hot fix addresses the issue by disabling SSLv3 and allowing usage of TLSv1 instead.Document ID: 5195492Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:Designer402AU5HF1.zip (2.09 MB)Products:Identity Manager 4.0.2Identity Manager Roles Based Provisioning Module 4.0.2Designer for Identity...
https://download.novell.com/Download?buildid=NjOScYlrw_E~
Hot Patch 2 for Novell Messenger 2.2 (security fixes to Messengers server and client components)
https://download.novell.com/Download?buildid=I2DgXp6pwVY~
https://download.novell.com/Download?buildid=sJ4Wcd1G7Bo~
https://download.novell.com/Download?buildid=66t5njTLVmk~
DSA-3073 libgcrypt11
security update
http://www.debian.org/security/2014/dsa-3073
Vuln: GnuTLS CVE-2014-8564 Multiple Heap Corruption Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/71003
HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information
A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04501908
Security Bulletin: IBM Systems Director (ISD) is affected by vulnerability in the Console Login Window (CVE-2013-5423)
IBM Systems Director is affected by a vulnerability in the Console Login Window (CVE-2013-5423). CVE(s): CVE-2013-5423 Affected product(s) and affected version(s): Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096563 X-Force Database:
http://xforce.iss.net/xforce/xfdb/87485
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_systems_director_isd_is_affected_by_vulnerability_in_the_console_login_window_cve_2013_5423?lang=en_us
IBM Security Bulletin: Vulnerabilities in OpenSSL affect GPFS V3.5 for Windows (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
OpenSSL vulnerabilities along with SSL 3 Fallback protection (TLS_FALLBACK_SCSV) were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs and included the SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) provided by OpenSSL. CVE(s): CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568 Affected product(s) and affected version(s): OpenSSH for GPFS V3.5 for Windows Refer to the following reference
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_openssl_affect_gpfs_v3_5_for_windows_cve_2014_3513_cve_2014_3567_cve_2014_3568?lang=en_us
IBM Security Bulletins: Vulnerability in SSLv3 affects multiple products
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_websphere_process_server_websphere_business_compass_and_websphere_business_modeler_publishing_server_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_rational_tau_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_cloud_manager_with_openstack_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_websphere_lombardi_edition_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sterling_connect_direct_for_openvms_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sterling_connect_direct_for_hp_nonstop_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vulnerabilities_in_sslv3_and_openssl_affects_virtual_server_protection_for_vmware_cve_2014_3566_cve_2014_3567_cve_2014_3568?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_api_management_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_sterling_control_center_cve_2014_3566?lang=en_us
[webapps] - MyBB Forums 1.8.2 - Stored XSS Vulnerability
http://www.exploit-db.com/exploits/35266