End-of-Shift report
Timeframe: Mittwoch 28-10-2015 18:00 − Donnerstag 29-10-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Why Is the NSA Moving Away from Elliptic Curve Cryptography?
In August, I wrote about the NSAs plans to move to quantum-resistant algorithms for its own cryptographic needs. Cryptographers Neal Koblitz and Alfred Menezes just published a long paper speculating as to the governments real motives for doing this. They range from some new cryptanalysis of ECC to a political need after the DUAL_EC_PRNG disaster -- to the stated reason...
https://www.schneier.com/blog/archives/2015/10/why_is_the_nsa_.html
New DDoS attacks misuse NetBIOS name server, RPC portmap, and Sentinel licensing servers
Akamai has observed three new reflection DDoS attacks in recent months: NetBIOS name server reflection, RPC portmap reflection, and Sentinel reflection. In a reflection DDoS attack, also called a D...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/g4MR874bgXg/secworld.php
TLS-Zertifikate: Google greift gegen Symantec durch
Symantec hatte im September mehrere Tausend unberechtigte TLS-Zertifikate ausgestellt, verschweigt aber zunächst das Ausmaß des Vorfalls. Google zeigt dafür wenig Verständnis und stellt einige Bedingungen für den Verbleib der Symantec-Rootzertifikate im Chrome-Browser. (Symantec, Google)
http://www.golem.de/news/tls-zertifikate-google-greift-gegen-symantec-durch-1510-117188-rss.html
Jackpotting: Geldautomaten in Deutschland mit USB-Stick ausgeräumt
Seit 2010 ist das Plündern von Geldautomaten per USB-Stick bekannt. In Deutschland wurde nun erstmals ein Täter dabei gefilmt, wie er zwei Automaten an einem Tag ausräumte. (Security, Black Hat)
http://www.golem.de/news/jackpotting-geldautomaten-in-deutschland-mit-usb-stick-ausgeraeumt-1510-117190-rss.html
Security: Forscher stellen LTE-Angriffe mit 1.250-Euro-Hardware vor
LTE-Netzwerke galten bislang als deutlich sicherer als GSM- und 3G-Netzwerke. Anfang der Woche hat ein Team von Forschern jetzt verschiedene praktische Angriffe vorgestellt, die mit geringen Kosten und kommerzieller Hardware funktionieren sollen. (Security, Smartphone)
http://www.golem.de/news/security-forscher-stellen-lte-angriffe-mit-1-250-euro-hardware-vor-1510-117193-rss.html
USB cleaning device for the masses, (Thu, Oct 29th)
For so long, USB keys have been a nice out-of-bandinfection vector. People like goodies and people like to plug those small pieces of plastic into their computers. Even if good solutions exists (like BitLocker- the standard solution provided by Microsoft), a lot of infrastructureare not protected against the use ofrogue USB keys for many good or obscure reasons. There are also multiple reasons to receive USB keys: from partners, customers, contractors, vendors, etc. The best practice should be...
https://isc.sans.edu/diary.html?storyid=20315&rss
XEN Security Advisories
Advisory | Public release | Updated | Version | CVE(s) | Title
XSA-153 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7972 | x86: populate-on-demand balloon size inaccuracy can crash guests
XSA-152 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7971 | x86: some pmu and profiling hypercalls log without rate limiting
XSA-151 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7969 | x86: leak of per-domain profiling-related vcpu pointer array
XSA-150 | 2015-10-29 11:59 | 2015-10-29...
http://xenbits.xen.org/xsa/
Cisco ASR 5500 SAE Gateway Lets Remote Users Cause the Target BGP Process to Restart
http://www.securitytracker.com/id/1034024
IBM DB2 TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections
http://www.securitytracker.com/id/1033991
JBoss Operations Network Cassandra JMX/RMI Interface Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1034002
DSA-3382 phpmyadmin - security update
https://www.debian.org/security/2015/dsa-3382
Security Notice - Statement About WormHole Vulnerability in Baidu Apps Preset in Huawei Phones
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-459836.htm
Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-459832.htm
Security Advisory: OpenSSH vulnerability CVE-2015-5352
(SOL17461)
https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17461.html?ref=rss
VU#573848: Qolsys IQ Panel contains multiple vulnerabilities
Vulnerability Note VU#573848 Qolsys IQ Panel contains multiple vulnerabilities Original Release date: 29 Oct 2015 | Last revised: 29 Oct 2015 Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and functions. All firmware versions contain the following
http://www.kb.cert.org/vuls/id/573848
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005435
IBM Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 )
http://www.ibm.com/support/docview.wss?uid=ssg1S1005434
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005314
IBM Security Bulletin: Weak file permissions vulnerability affects IBM Tivoli Monitoring for Tivoli Storage Manager (CVE-2015-4927)
http://www.ibm.com/support/docview.wss?uid=swg21969340
IBM Security Bulletin: A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web version 7.0 software installations and IBM Tivoli Access Manager for e-business (CVE-2015-1946)
http://www.ibm.com/support/docview.wss?uid=swg21969077
IBM Security Bulletin: Vulnerability in RC4 stream cipher affects N-series Data ONTAP (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005273
IBM Security Bulletin: Multiple vulnerabilities in Firefox, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-4497, CVE-2015-4498)
http://www.ibm.com/support/docview.wss?uid=swg21968836
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager for Mobile (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21963711