End-of-Shift report
Timeframe: Montag 16-03-2015 18:00 − Dienstag 17-03-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
3046310 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 1.0
Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
https://technet.microsoft.com/en-us/library/security/3046310
Man who obtained Windows Live cert said his warnings went unanswered
"I tried, just for fun," said man who reported hole to Microsoft and authorities.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/GS2QPGGMdJ0/
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity.
https://mta.openssl.org/pipermail/openssl-users/2015-March/000778.html
From PEiD To YARA, (Tue, Mar 17th)
Some time ago, Jim Clausing had a diary entry about PeID (a packer identifier) and since then he has a PEiD signature database on his handler page. Now, wouldnt it be great if we could reuse these signatures? For example as YARA rules? Thats why I wrote a Python program that converts PEiD signatures to YARA rules: peid-userdb-to-yara-rules.py Here is an example: PEiD signature: [!EP (ExE Pack) V1.0 - Elite Coding Group] signature = 60 68 ?? ?? ?? ?? B8 ?? ?? ?? ?? FF 10 ep_only = true Generated...
https://isc.sans.edu/diary.html?storyid=19473&rss
Zweifaktor-Dienst Authy ließ jeden rein
Zwei-Faktor-Authentifizierung ist eine sichere Sache - wenn sie denn funktioniert. Authy, das von vielen prominenten Sites eingesetzt wird, ließ sich bis vor kurzem mit dem Generalschlüssel "../sms" umgehen.
http://heise.de/-2576764
D-Link patches critical flaws in wireless range extender, Wi-Fi cameras firmware
D-Link has released new firmware for its DAP-1320 wireless range extender and the DCS-93xL family of Wi-Fi cameras in order to patch two critical vulnerabilities that can lead to device hijacking. ...
www.net-security.org/secworld.php?id=18093
Search for vulnerable servers unearths weak, thousands-times repeated RSA keys
A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade (512-bit) RSA public key...
http://www.net-security.org/secworld.php?id=18094
Cisco Virtual TelePresence Server Serial Console Privileged Access Vulnerability
Cisco Virtual TelePresence Server Software contains a vulnerability that could allow an authenticated, local attacker to gain unauthorized access with elevated privileges. Updates are available.
http://tools.cisco.com/security/center/viewAlert.x?alertId=37869
DSA-3192 checkpw - security update
Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a passwordauthentication program, has a flaw in processing account names whichcontain double dashes. A remote attacker can use this flaw to cause adenial of service (infinite loop).
https://www.debian.org/security/2015/dsa-3192
Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability
Topic: Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Risk: High Text:/* Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage:
http://www.intel.co...
http://cxsecurity.com/issue/WLB-2015030110
TYPO3 CMS 6.2.11 released
The TYPO3 Community announces the version 6.2.11 LTS of the TYPO3 Enterprise Content Management System.
http://www.typo3.org/news/article/typo3-cms-6211-released/
HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information
Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including: The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04595951