[CERT-daily] Tageszusammenfassung - Montag 23-12-2013

Mon Dec 23 18:13:03 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 20-12-2013 18:00 − Montag 23-12-2013 18:00
Handler:     L. Aaron Kaplan
Co-Handler:  Stephan Richter


*** What to Expect in Surveillance Politics in 2014 (Hint: It's Not Reform) ***
---------------------------------------------
You would think that a federal district judge calling the NSA program almost Orwellian would be a good sign for surveillance and privacy in 2014. If you're holding out hope for an act of political courage to end bulk surveillance ...
---------------------------------------------
http://www.wired.com/opinion/2013/12/dont-get-too-excited-about-recent-rulings-yet-what-to-expect-for-surveillance-and-privacy-in-2014/


*** DHS Turns To Unpaid Interns For Nations Cyber Security ***
---------------------------------------------
theodp writes "A week after President Obama stressed the importance of computer science to America, the Department of Homeland Security put out a call for 100+ of the nations best-and-brightest college students to work for nothing on the nations cyber security. The unpaid internship program, DHS notes, is the realization of recommendations (PDF) from the Homeland Security Advisory Councils Task Force on CyberSkills, which included execs from Facebook, Lockheed Martin, and Sony, and was...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/leJ5tNqGbgU/story01.htm


*** Microsoft Security Essentials Misses 39% of Malware ***
---------------------------------------------
Barence writes "The latest tests from Dennis Publishings security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it. Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender. While the other eight packages all achieved protection scores of 87% or higher - with five scoring 98% or 99%..
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8Vg-UHP2dqo/story01.htm


*** Kritische Sicherheitslücken in Write-Blocker entdeckt ***
---------------------------------------------
Gleich mehrere Sicherheitslücken entdeckte ein IT-Forensik-Experte in dem neuen Write-Blocker Ditto. Die Folge: Statt seine eigentliche Arbeit zu verrichten, kann das Gerät selbst als Angriffswerkzeug missbraucht werden und Untersuchungen torpedieren.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-Sicherheitsluecken-in-Write-Blocker-entdeckt-2071582.html


*** Strange DNS Queries - Request for Packets, (Sat, Dec 21st) ***
---------------------------------------------
We have received a pcap sample of DNS queries that display a strange behavior. The queries are type ANY for domains ghmn.ru and fkfkfkfa.com. When doing a nslookup, both domains have 100 IPs listed under their domain names with each of them resolving exactly the same last octets (i.e. .1, .10, .100, etc). Queries with the same transaction ID are often repeated several times. The traffic samples we have received indicate the queries are sent by either a host or a server.  If anyone else is...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17264&rss


*** evasiOn7: Jailbreak für iOS 7 - mit umstrittenen Funktionen ***
---------------------------------------------
Ein erster Jailbreak für iOS 7, mit dem sich Apps jenseits von Apples App Store installieren lassen, ist verfügbar. Er geriet allerdings wegen Integration eines chinesischen App Stores mit Raubkopien und wegen Verschleierung des Codes gleich in Verruf.
---------------------------------------------
http://www.heise.de/security/meldung/evasiOn7-Jailbreak-fuer-iOS-7-mit-umstrittenen-Funktionen-2071778.html


*** Backdoor in Krypto-Software: RSA Security dementiert NSA-Zahlungen ***
---------------------------------------------
Man habe "niemals einen geheimen Vertrag mit der NSA geschlossen, um einen bekannt anfälligen Zufallszahlengenerator in die Verschlüsselungsbibliotheken von BSAFE zu integrieren", betont RSA Security - leugnet aber keineswegs Zusammenarbeit mit der NSA.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Backdoor-in-Krypto-Software-RSA-Security-dementiert-NSA-Zahlungen-2071891.html


*** Anti-Bruteforce-Tool DenyHosts sperrt Admins aus ***
---------------------------------------------
Admins, die ihre Server mit DenyHosts vor Brute-Force-Angriffen schützen, müssen handeln - andernfalls stehen sie möglicherweise bald vor verschlossenen Türen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Anti-Bruteforce-Tool-DenyHosts-sperrt-Admins-aus-2071933.html


*** How I hacked a journalist ***
---------------------------------------------
It started off as a follow-up to a story a journalist had written several years ago. The story was about data protection, and had showed that a simple subject access request could provide you with enough information to steal someone's identity. Now, Claudia Joseph wanted to see if anything had changed and to update the world on the new dangers. What would happen if somebody was able to infiltrate your online life? Claudia contacted us and started the conversation with "Can you hack...
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/12/how-i-hacked-a-journalist/


*** Practical malleability attack against CBC-Encrypted LUKS partitions ***
---------------------------------------------
Topic: Practical malleability attack against CBC-Encrypted LUKS partitions Risk: Medium Text:Article location: http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120153


*** Alert: Adobe License Key Email Scam ***
---------------------------------------------
Adobe is aware of reports that a phishing campaign is underway involving malicious email purporting to deliver license keys for a variety of Adobe offerings. Customers who receive one of these emails should delete it immediately without downloading attachments or...
---------------------------------------------
http://blogs.adobe.com/psirt/2013/12/20/alert-adobe-license-key-email-scam/


*** [webapps] - Jenkins 1.523 - Inject Persistent HTML Code ***
---------------------------------------------
http://www.exploit-db.com/exploits/30408


*** Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server Community 3.0.0.4 October 2013 CPU (CVE-2013-5802,CVE-2013-5825) ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Community 3.0.0.4.   CVE(s):  CVE-2013-5802, and CVE-2013-5825  Affected product(s) and affected version(s): WebSphere Application Server Community Edition 3.0.0.4  Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21660594 X-Force Database:...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_current_ibm_sdk_for_java_for_websphere_application_server_community_3_0_0_4_october_2013_cpu_cve_2013_5802_cve_2013_5825?lang=en_us


*** Security Bulletin: Fix available for Unauthorized Information Retrieval Security Vulnerability in IBM WebSphere Portal (CVE-2013-6735) ***
---------------------------------------------
A fix that blocks unauthorized information retrieval is available for a security vulnerability in IBM WebSphere Portal.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21660289


*** Wordpress information leakage and backdoor in writing settings ***
---------------------------------------------
Topic: Wordpress information leakage and backdoor in writing settings Risk: High Text:Hello list! As Ive announced earlier (http://seclists.org/fulldisclosure/2013/Nov/219), I conducted a Day of bugs in WordPr...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120152


*** Synology DiskStation Manager (DSM) multiple scripts directory traversal ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89892


*** Avant Browser Rendering Engines Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/56242


*** Nagios "process_cgivars()" Off-By-One Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55976


Next End-of-Shift Report on 2013-12-27