[CERT-daily] Tageszusammenfassung - Mittwoch 20-03-2013

Wed Mar 20 18:02:54 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Dienstag 19-03-2013 18:00 − Mittwoch 20-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Security firm publishes details about Java issue, asks for second opinion ***
---------------------------------------------
"Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has categorized as demonstrating "allowed behavior"."As of Mar 18, 2013 no information was received from Oracle that would indicate that Issue 54 is treated by the company as a security vulnerability," they wrote on Monday. ..."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14617


*** Google fully implements security feature on DNS lookups ***
---------------------------------------------
"Google has fully implemented a security feature that ensures a person looking up a website isnt inadvertently directed to a fake one. The Internet company has run its own free public Domain Name System (DNS) lookup service, called Public DNS, since 2009. DNS lookups are required to translate a domain name, such as www...."
---------------------------------------------
http://www.computerworld.com.au/article/456804/google_fully_implements_security_feature_dns_lookups/?fp=4&fpid=16


*** Samsung Android Remote Owning Devices *youtube ***
---------------------------------------------
Topic: Samsung Android Remote Owning Devices *youtube Risk: High Text:I was planning to open a blog since some months, but I decided to do it only now, to summarize some of the findings of a quick ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zRL6QVbdylE/WLB-2013030171


*** Strategie zu Cyberkriminalität beschlossen ***
---------------------------------------------
Regierung will sich künftig besser koordinieren
---------------------------------------------
http://futurezone.at/netzpolitik/14759-strategie-zu-cyberkriminalitaet-beschlossen.php?rss=fuzo


*** CVSS Security-Bug Rating System Gets A Makeover ***
---------------------------------------------
"In 2005, three companies--Cisco, Qualys and Symantec--announced the Common Vulnerability Scoring System (CVSS) as a way to rank the security impact of software flaws and the potential risks they posed to companies. In theory, the flaw scoring system aims to give security professionals, researchers and software vendors a repeatable way to rank the severity of a vulnerability by measuring the issues base exploitability, how that evolves over time, and the impact the security bug has on the
---------------------------------------------
http://www.darkreading.com/vulnerability-management/167901026/security/security-management/240151205/security-bug-rating-system-gets-a-makeover.html


*** MySQL yaSSL Two Buffer Overflow Vulnerabilities ***
---------------------------------------------
MySQL yaSSL Two Buffer Overflow Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52445


*** Linux Kernel ext3 Message Logging Format String Vulnerabilities ***
---------------------------------------------
Linux Kernel ext3 Message Logging Format String Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52661


*** IBM WebSphere Commerce password information disclosure ***
---------------------------------------------
IBM WebSphere Commerce password information disclosure
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/80206


*** Google Picasa BMP and TIFF Images Processing Vulnerabilities ***
---------------------------------------------
Google Picasa BMP and TIFF Images Processing Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/51652