Tageszusammenfassung - Dienstag 22-04-2014
Heartbleed Report
a.k.a
End-of-Shift report
Timeframe: Freitag 18-04-2014 18:00 − Dienstag 22-04-2014 18:00 Handler: Stephan Richter Co-Handler: n/aAmplification, reflection DDoS attacks increase 35 percent in Q1 2014
The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.http://feedproxy.google.com/~r/SCMagazineHome/~3/GljZsrx9WMs/
Das Router-Desaster: Fritzbox-Update gerät ins Stocken
Aktuelle Scan-Ergebnisse belegen, dass die Verbreitung des kritischen Sicherheits-Updates kaum voranschreitet. In vielen Fällen werden verwundbare Fritzboxen sogar noch mit aktivem Fernzugriff betrieben - eine gefährliche Mischung.Home entertainment implementations are pretty appaling
I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable...http://mjg59.dreamwidth.org/31178.html
OpenSSL Rampage, (Mon, Apr 21st)
OpenSSL, in spite of its name, isnt really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase. If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL...http://isc.sans.edu/diary.html?storyid=17997&rss
Mysterious iOS malware campaign has Chinese origins
The threat, dubbed "Unflod Baby Panda," was discovered by Reddit users and analyzed by researchers at the German-based security firm, SektionEins.http://feedproxy.google.com/~r/SCMagazineHome/~3/_EB9Qixb5Vk/
Easter egg: DSL router patch merely hides backdoor instead of closing it
Researcher finds secret "knock" opens admin for some Linksys, Netgear routers.http://feeds.arstechnica.com/~r/arstechnica/security/~3/MBqOOgJa9Ng/
Feedly fixes Android JavaScript code injection flaw, deems it "harmless"
A researcher wrote about a bug in the Android app for news aggregator Feedly that could enable JavaScript code injection, but even though it was fixed, the company did not really consider it a vulnerability.http://feedproxy.google.com/~r/SCMagazineHome/~3/lZyhHF8qR8o/
Report: Google looks to integrate PGP with Gmail
Pretty Good Privacy, or PGP, is an encryption method that was created in the early 90s.http://feedproxy.google.com/~r/SCMagazineHome/~3/pxVEyRndi7A/
Weekly Metasploit Update: Heartbleed and Firefox Passwords
https://community.rapid7.com/community/metasploit/blog/2014/04/17/weekly-metasploit-update
Critical update makes P2P Zeus trojan even tougher to remove
An update to the P2P Zeus banking trojan results in the installation of a rootkit driver that makes deleting the malware even tougher.http://feedproxy.google.com/~r/SCMagazineHome/~3/EIQ5YrV1__8/
Sicherheitslücke beim Netzwerkmonitor Nagios
Der "Nagios Remote Plugin Executor" führt unter Umständen eingeschleuste Befehle aus. Diese Umstände deuten allerdings schon auf eine generell unsichere Konfiguration hin.http://www.heise.de/security/meldung/Sicherheitsluecke-beim-Netzwerkmonitor-Nagios-2174201.html
Ein Viertel der Internetnutzer wechselt nie die Passwörter
Trotz Heartbleed wechselt weiterhin rund ein Viertel aller deutschen Internetnutzer nie ihr Passwort. Ein Drittel der Befragten verwendet ein Passwort auf mehreren Plattformen.Heartbleed und das Sperrproblem von SSL
Nach dem Beseitigen des Heartbleed-Problems sperrten viele Admins vorsorglich ihre SSL-Zertifikate und besorgten sich neue. Trotzdem bedeuten geklaute Server-Schlüssel auch weiterhin ein Problem - denn das Sperren funktioniert eigentlich nicht.http://www.heise.de/security/meldung/Heartbleed-und-das-Sperrproblem-von-SSL-2174254.html
OpenSSL ssl3_read_bytes denial of service
http://xforce.iss.net/xforce/xfdb/92632
Alert for CVE-2014-0160
This Security Alert addresses CVE-2014-0160 ('Heartbleed'), a publicly disclosed vulnerability which affects multiple OpenSSL versions implemented by various vendors in their products. This vulnerability affects multiple Oracle products. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the confidentiality of systems that are running affected versions of OpenSSL. According to http://heartbleed.com, the compromised data may contain passwords, private keys, and other sensitive information. In some instances, this information could be used by a malicious attacker to log into systems using a stolen identity or decrypt private information that was sent months or years ago.http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html
Winamp Buffer Overflow and Pointer Dereference Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030107
VMSA-2014-0004.6
VMware product updates address OpenSSL security vulnerabilitieshttp://www.vmware.com/security/advisories/VMSA-2014-0004.html
F5 - Various Vulnerabilities in Multiple Products
https://secunia.com/advisories/58157 https://secunia.com/advisories/58159 https://secunia.com/advisories/58154 https://secunia.com/advisories/58160
Check Point Mobile VPN for iOS and for Android OpenSSL Heartbeat Two Information Disclosure Vulnerabilities
https://secunia.com/advisories/57947
VU#622950: Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed
Vulnerability Note VU#622950 Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed Original Release date: 21 Apr 2014 | Last revised: 21 Apr 2014 Overview Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328) Description Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm thathttp://www.kb.cert.org/vuls/id/622950
Bugzilla Input Validation Flaw Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1030128
SonicWALL Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
https://secunia.com/advisories/58146
CA Multiple Products OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerabilities
https://secunia.com/advisories/58019
Tenable SecurityCenter OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
https://secunia.com/advisories/58182
IBM OS/400 Weakness and Multiple Vulnerabilities
https://secunia.com/advisories/57826
ADTRAN Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
https://secunia.com/advisories/58172
Vulnerabilities in multiple HP Products
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04201408 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04220407 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04219959 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04250814 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04255796 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236062 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239372 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260456 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260353
BlackBerry Enterprise Service OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
https://secunia.com/advisories/58244
IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ds8870_release_7_2_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_endpoint_manager_9_1_1065_openssl_vulnerability_update_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_openssl_heartbleed_vulnerability_and_impact_to_algo_and_openpages_products?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_openssl_heartbleed_vulnerability_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/title_ibm_endpoint_manager_software_use_analysis_only_some_versions_are_affected_by_the_openssl_heartbleed_vulnerability_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_smartcloud_provisioning_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_team_concert_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sterling_connect_express_for_unix_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_00761?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_systems_and_openssl_heart_bleed_vulnerability?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_build_forge_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_smartcloud_orchestrator_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entryhttps://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_integrated_management_module_2_imm2_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_chassis_management_module_cmm_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_tivoli_storage_productivity_center_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_worklight_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sdn_for_virtual_environments_is_affected_by_a_vulnerabilityin_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_power_hardware_management_console_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_i_affected_by_openssl_vulnerability_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ts3000_tssc_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_systems_firmware_is_affected_by_vulnerability_in_openssl_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_smart_analytics_system_5600_v3_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_endpoint_manager_for_remote_control_is_affected_by_vulnerabilities_in_openssl_cve_2014_0076_cve_2014_0160?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_san_volume_controller_and_storwize_family_systems_are_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us