[CERT-daily] Tageszusammenfassung - Donnerstag 4-10-2012

Daily end-of-shift report team at cert.at
Thu Oct 4 18:04:06 CEST 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 03-10-2012 18:00 − Donnerstag 04-10-2012 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** IETF Starts Work On Next-Generation HTTP Standards ***
---------------------------------------------
alphadogg writes "With an eye towards updating the Web to better accommodate complex and bandwidth-hungry applications, the Internet Engineering Task Force has started work on the next generation of HTTP, the underlying protocol for the Web. The HTTP Strict Transport Security (HSTS), is a security protocol designed to protect Internet users from hijacking. The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JocJDH2CeQw/ietf-starts-work-on-next-generation-http-standards




*** Microsoft wins permanent settlement against Nitol botnet ***
---------------------------------------------
"Microsoft has won a battle to permanently disrupt a haven for the Nitol botnet that it discovered within an Internet domain controlled by a Chinese ISP. The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322. org domain controlled by Peng and Bei Te Kang Mu Software...."
---------------------------------------------
http://www.csoonline.com/article/717879/microsoft-wins-permanent-settlement-against-nitol-botnet




*** Google Glass, Augmented Reality Spells Data Headaches ***
---------------------------------------------
Nervals Lobster writes "Google seems determined to press forward with Google Glass technology, filing a patent for a Google Glass wristwatch. As pointed out by CNET, the timepiece includes a camera and a touch screen that, once flipped up, acts as a secondary display. In the patent, Google refers to the device as a smart-watch. Whether or not a Google Glass wristwatch ever appears on the marketplace � just because a tech titan patents a particular invention doesnt mean its bound for
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lVDzxD_8kXY/google-glass-augmented-reality-spells-data-headaches





*** How to Protect against Denial of Service Attacks: Refresher ***
---------------------------------------------
"With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?..."
---------------------------------------------
http://www.infosecisland.com/blogview/22518-How-to-Protect-against-Denial-of-Service-Attacks-Refresher.html





*** Europe joins forces in Cyber Europe 2012 ***
---------------------------------------------
"Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exercise, Cyber Europe 2012. The exercise builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 is a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/europe-joins-forces-in-cyber-europe-2012




*** Neue Oracle-Hacks ***
---------------------------------------------
Die Sicherheitsexperten Laszlo Toth und Ferenc Spala haben im Rahmen der Konferenz DerbyCon 2.0 eine Reihe von zum Teil neuartigen Angriffen auf Oracle-Datenbanken und SQL-Server vorgestellt und dabei auch gleich die entsprechenden Werkzeuge dazu ver�ffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-Oracle-Hacks-1722784.html/from/atom10




*** Middle East cyberattacks on Google users increasing ***
---------------------------------------------
"Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-google-users-increasing/




*** Gut choreografierte dDoS-Attacken gegen US-Gro�banken ***
---------------------------------------------
Mehrere US-Gro�banken, unter anderem Wells Fargo, PNC Financial Service Group, U.S. Bancorp, Citigroup, JPMorgan und Bank of America, sahen sich in den letzten Tagen einer Vielzahl von professionell gef�hrten DDoS-Attacken ausgesetzt.
---------------------------------------------
http://www.heise.de/security/meldung/Gut-choreografierte-dDoS-Attacken-gegen-US-Grossbanken-1722779.html/from/atom10




*** Bugtraq: [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524302


More information about the Daily mailing list