Tageszusammenfassung - Dienstag 22-04-2014

Heartbleed Report

a.k.a

End-of-Shift report

Timeframe: Freitag 18-04-2014 18:00 − Dienstag 22-04-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.

http://feedproxy.google.com/~r/SCMagazineHome/~3/GljZsrx9WMs/


Das Router-Desaster: Fritzbox-Update gerät ins Stocken

Aktuelle Scan-Ergebnisse belegen, dass die Verbreitung des kritischen Sicherheits-Updates kaum voranschreitet. In vielen Fällen werden verwundbare Fritzboxen sogar noch mit aktivem Fernzugriff betrieben - eine gefährliche Mischung.

http://www.heise.de/security/meldung/Das-Router-Desaster-Fritzbox-Update-geraet-ins-Stocken-2173043.html


Home entertainment implementations are pretty appaling

I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable...

http://mjg59.dreamwidth.org/31178.html


OpenSSL Rampage, (Mon, Apr 21st)

OpenSSL, in spite of its name, isnt really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase. If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL...

http://isc.sans.edu/diary.html?storyid=17997&rss


Mysterious iOS malware campaign has Chinese origins

The threat, dubbed "Unflod Baby Panda," was discovered by Reddit users and analyzed by researchers at the German-based security firm, SektionEins.

http://feedproxy.google.com/~r/SCMagazineHome/~3/_EB9Qixb5Vk/


Easter egg: DSL router patch merely hides backdoor instead of closing it

Researcher finds secret "knock" opens admin for some Linksys, Netgear routers.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/MBqOOgJa9Ng/


Feedly fixes Android JavaScript code injection flaw, deems it "harmless"

A researcher wrote about a bug in the Android app for news aggregator Feedly that could enable JavaScript code injection, but even though it was fixed, the company did not really consider it a vulnerability.

http://feedproxy.google.com/~r/SCMagazineHome/~3/lZyhHF8qR8o/


Report: Google looks to integrate PGP with Gmail

Pretty Good Privacy, or PGP, is an encryption method that was created in the early 90s.

http://feedproxy.google.com/~r/SCMagazineHome/~3/pxVEyRndi7A/


Weekly Metasploit Update: Heartbleed and Firefox Passwords

https://community.rapid7.com/community/metasploit/blog/2014/04/17/weekly-metasploit-update


Critical update makes P2P Zeus trojan even tougher to remove

An update to the P2P Zeus banking trojan results in the installation of a rootkit driver that makes deleting the malware even tougher.

http://feedproxy.google.com/~r/SCMagazineHome/~3/EIQ5YrV1__8/


Sicherheitslücke beim Netzwerkmonitor Nagios

Der "Nagios Remote Plugin Executor" führt unter Umständen eingeschleuste Befehle aus. Diese Umstände deuten allerdings schon auf eine generell unsichere Konfiguration hin.

http://www.heise.de/security/meldung/Sicherheitsluecke-beim-Netzwerkmonitor-Nagios-2174201.html


Ein Viertel der Internetnutzer wechselt nie die Passwörter

Trotz Heartbleed wechselt weiterhin rund ein Viertel aller deutschen Internetnutzer nie ihr Passwort. Ein Drittel der Befragten verwendet ein Passwort auf mehreren Plattformen.

http://futurezone.at/digital-life/ein-viertel-der-internetnutzer-wechselt-nie-die-passwoerter/61.910.512


Heartbleed und das Sperrproblem von SSL

Nach dem Beseitigen des Heartbleed-Problems sperrten viele Admins vorsorglich ihre SSL-Zertifikate und besorgten sich neue. Trotzdem bedeuten geklaute Server-Schlüssel auch weiterhin ein Problem - denn das Sperren funktioniert eigentlich nicht.

http://www.heise.de/security/meldung/Heartbleed-und-das-Sperrproblem-von-SSL-2174254.html


OpenSSL ssl3_read_bytes denial of service

http://xforce.iss.net/xforce/xfdb/92632


Alert for CVE-2014-0160

This Security Alert addresses CVE-2014-0160 ('Heartbleed'), a publicly disclosed vulnerability which affects multiple OpenSSL versions implemented by various vendors in their products. This vulnerability affects multiple Oracle products. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the confidentiality of systems that are running affected versions of OpenSSL. According to http://heartbleed.com, the compromised data may contain passwords, private keys, and other sensitive information. In some instances, this information could be used by a malicious attacker to log into systems using a stolen identity or decrypt private information that was sent months or years ago.

http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html


Winamp Buffer Overflow and Pointer Dereference Bugs Let Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1030107


VMSA-2014-0004.6

VMware product updates address OpenSSL security vulnerabilities

http://www.vmware.com/security/advisories/VMSA-2014-0004.html


F5 - Various Vulnerabilities in Multiple Products

https://secunia.com/advisories/58157 https://secunia.com/advisories/58159 https://secunia.com/advisories/58154 https://secunia.com/advisories/58160


Check Point Mobile VPN for iOS and for Android OpenSSL Heartbeat Two Information Disclosure Vulnerabilities

https://secunia.com/advisories/57947


VU#622950: Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed

Vulnerability Note VU#622950 Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed Original Release date: 21 Apr 2014 | Last revised: 21 Apr 2014 Overview Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328) Description Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that

http://www.kb.cert.org/vuls/id/622950


Bugzilla Input Validation Flaw Permits Cross-Site Request Forgery Attacks

http://www.securitytracker.com/id/1030128


SonicWALL Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities

https://secunia.com/advisories/58146


CA Multiple Products OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerabilities

https://secunia.com/advisories/58019


Tenable SecurityCenter OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities

https://secunia.com/advisories/58182


IBM OS/400 Weakness and Multiple Vulnerabilities

https://secunia.com/advisories/57826


ADTRAN Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities

https://secunia.com/advisories/58172


Vulnerabilities in multiple HP Products

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04201408 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04220407 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04219959 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04250814 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04255796 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236062 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239372 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260456 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260353


BlackBerry Enterprise Service OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities

https://secunia.com/advisories/58244


IBM Security Bulletins

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ds8870_release_7_2_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_endpoint_manager_9_1_1065_openssl_vulnerability_update_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_openssl_heartbleed_vulnerability_and_impact_to_algo_and_openpages_products?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_openssl_heartbleed_vulnerability_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/title_ibm_endpoint_manager_software_use_analysis_only_some_versions_are_affected_by_the_openssl_heartbleed_vulnerability_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_smartcloud_provisioning_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_team_concert_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sterling_connect_express_for_unix_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_00761?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_systems_and_openssl_heart_bleed_vulnerability?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_build_forge_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_smartcloud_orchestrator_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entryhttps://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_integrated_management_module_2_imm2_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_chassis_management_module_cmm_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_tivoli_storage_productivity_center_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_worklight_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sdn_for_virtual_environments_is_affected_by_a_vulnerabilityin_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_power_hardware_management_console_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_i_affected_by_openssl_vulnerability_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ts3000_tssc_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_systems_firmware_is_affected_by_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_smart_analytics_system_5600_v3_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_endpoint_manager_for_remote_control_is_affected_by_vulnerabilities_in_openssl_cve_2014_0076_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_san_volume_controller_and_storwize_family_systems_are_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us