[CERT-daily] Tageszusammenfassung - Montag 16-09-2013

Mon Sep 16 21:33:18 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 13-09-2013 18:00 − Montag 16-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Microsoft reissues September patches after user complaints ***
---------------------------------------------
A fix to fix the fixes that didnt Problems with Microsofts last round of operating system and application patches have forced the company to reissue part of the update on Friday.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/13/microsoft_reissues_september_patches_after_user_complaints/


*** ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication ***
---------------------------------------------
Topic: ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Risk: High Text:ProFTPd installs with mod_sftp and mod_sftp_pam activated contain the vulnerability described in this post. The current stab...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090109


*** Lange Passwörter legen Djangos Webapps lahm ***
---------------------------------------------
Das freie Web-Framework Django überprüft eingegebene Passwörter nicht auf Länge, bevor es sie hasht. Das können Angreifer für DoS-Angriffe nutzen.
---------------------------------------------
http://www.heise.de/security/meldung/Lange-Passwoerter-legen-Djangos-Webapps-lahm-1957899.html


*** Tagungsband zur Fachkonferenz D.A.CH Security 2013 ***
---------------------------------------------
Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2013 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH-Security-2013-1958354.html


*** Masscan: the entire Internet in 3 minutes ***
---------------------------------------------
Masscan is the fastest port scanner, more than 10 times faster than any other port scanner. As the screenshot shows, it can transmit 25 million packets/second, which is fast enough to scan the entire Internet in just under 3 minutes. The system doing this is just a typical quad-core desktop processor. The only unusual part of the system is the dual-port 10-gbps Ethernet card (most computers have only 1-gbps Ethernet).
---------------------------------------------
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html


*** CSRF Vulnerability in eBay Allows Hackers to Hijack User Accounts ***
---------------------------------------------
IT consultant and tech enthusiast Paul Moore has identified a few security issues on eBay, including a cross-site request forgery (CSRF or XSRF) vulnerability that can be exploited by hackers to compromise user accounts. The expert has found that the eBay page which lets users update their profile is vulnerable to XSRF. That's because the field which links it to the user's active cookie is missing.
---------------------------------------------
http://news.softpedia.com/news/CSRF-Vulnerability-in-eBay-Allows-Hackers-to-Hijack-User-Accounts-Video-383316.shtml


*** Mac OS X Security Configuration Guides ***
---------------------------------------------
The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer.
---------------------------------------------
https://ssl.apple.com/support/security/guides/


*** Google knows nearly every Wi-Fi password in the world ***
---------------------------------------------
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this.
---------------------------------------------
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world