[CERT-daily] Tageszusammenfassung - Donnerstag 2-01-2014

Daily end-of-shift report team at cert.at
Thu Jan 2 18:44:51 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 30-12-2013 18:00 − Donnerstag 02-01-2014 18:00
Handler:     L. Aaron Kaplan
Co-Handler:  Stephan Richter




*** Joseph Stiglitz on Trust ***
---------------------------------------------
Joseph Stiglitz has an excellent essay on the value of trust, and the lack of it in todays society. Trust is what makes contracts, plans and everyday transactions possible; it facilitates the democratic process, from voting to law creation, and is necessary for social stability. It is essential for our lives. It is trust, more than money, that makes the...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/12/joseph_stiglitz.html




*** Sqlmap Tricks for Advanced SQL Injection ***
---------------------------------------------
Sqlmap is an awesome tool that automates SQL Injection discovery and exploitation processes. I normally use it for exploitation only because I prefer manual detection in order to avoid stressing the web server or being blocked by IPS/WAF devices. Below I provide a basic overview of sqlmap and some configuration tweaks for finding trickier injection points. Basics Using sqlmap for classic SQLi is very straightforward: ./sqlmap.py -u http://mywebsite.com/page.php?vulnparam=hello The target URL...
---------------------------------------------
http://blog.spiderlabs.com/2013/12/sqlmap-tricks-for-advanced-sql-injection.html




*** NSA Surveillance Has No Boundaries, Expert Says ***
---------------------------------------------
Expert Jacob Appelbaums keynote at CCC describes the deep catalog of hacks and backdoors at the NSAs disposal.
---------------------------------------------
http://threatpost.com/nsa-surveillance-has-no-boundaries-expert-says/103355




*** Protecting the data about data ***
---------------------------------------------
It has been said that encryption simply trades one secret (the data) for another (the key). In the same way, encrypting data naturally shifts attention to that which is not protected: the metadata.
---------------------------------------------
http://www.scmagazine.com//protecting-the-data-about-data/article/327122/




*** Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server ***
---------------------------------------------
Convenient file-store a convenient target for crook touting access A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/12/30/bbc_ftp_server/




*** Why NSA spied on inexplicably unencrypted Windows crash reports ***
---------------------------------------------
Windows reports what hardware you have and what software doesnt work.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/CCjtHJ8WSwY/




*** 30C3: Sicherheitsalbträume des Jahres 2014 ***
---------------------------------------------
Unmodulierte Basisbandsysteme stellen nach Ansicht von Sicherheitsexperten des CCC lohnende Angriffsziele dar. Im Biometrie-Segment habe Apple mit Touch ID "die Büchse der Pandora" geöffnet.
---------------------------------------------
http://www.heise.de/newsticker/meldung/30C3-Sicherheitsalbtraeume-des-Jahres-2014-2073101.html




*** Juniper SSL VPN and UAC Host Checker Issue, (Tue, Dec 31st) ***
---------------------------------------------
A few readers have written asking about odd denials when trying to use Juniper VPNs. Turns out they released a Product Support Notification (subscription required) about their host check feature which fails on endpoints that have a local date set 12/31/2013 or later. There are working on a fix but as a workaround, you can change the local date on the PC, disable host checker verification all together or create a manual host checker process that disables checking firewall, anti-virus and/or
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17321&rss




*** X11/X.Org Security In Bad Shape ***
---------------------------------------------
An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being worse than it looks. The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming."    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/W_cx3sKOALE/story01.htm




*** Administratoren! Machet Krypto, aber besser... ***
---------------------------------------------
Bettercrypto hilft Systemadmins, Verschlüsselung einzurichten und zu verbessern. Copy&Paste ist gewünscht, Verbesserungsvorschläge ebenso.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Administratoren-Machet-Krypto-aber-besser-2073166.html/from/rss09?wt_mc=rss.ho.beitrag.rdf




*** Dual_EC_DRBG Backdoor: a Proof of Concept ***
---------------------------------------------
New submitter Reliable Windmill sends this followup to the report that RSA took money from the NSA to use backdoored tech for random number generation in encryption software. From the article: "Dual_EC_DRBG is an pseudo-random number generator promoted by NIST in NIST SP 800-90A and created by NSA. This algorithm is problematic because it has been made mandatory by the FIPS norm (and should be implemented in every FIPS approved software) and some vendors even promoted this algorithm as...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_PXJ0M1qmQI/story01.htm




*** Hacker finden Hintertüren in Netgear- und Linksys-Routern ***
---------------------------------------------
Ein findiger Hacker hat in den vergagnenen Tagen einen seltsamen Hintergrunddienst auf seinem Router entdeckt. Darüber kann sich jeder Zugang zu seinem Netzwerk verschaffen.
---------------------------------------------
http://futurezone.at/netzpolitik/hacker-finden-hintertueren-in-netgear-und-linksys-routern/43.727.991




*** Österreichische Begeh: Kopierbarkeit von RFID-Schlüssel bekannt ***
---------------------------------------------
Unternehmen hat nach 30C3-Vortrag von Adrian Dabrowski Stellung bezogen
---------------------------------------------
http://derstandard.at/1388649760468




*** Manipulierte Speicherkarten als Malware-Versteck ***
---------------------------------------------
Hacker zeigen Angriff gegen eingebetteten Mikrokontroller - Daten können vor dem Betriebssystem versteckt werden
---------------------------------------------
http://derstandard.at/1388649791611




*** Snapchat schweigt nach Datenleck ***
---------------------------------------------
Der Anbieter der Foto-App Snapchat äußert sich bisher nicht zu dem Vorfall, bei dem Unbekannte die Daten von 4,6 Millionen Kunden erbeutet haben. Zuvor hatte das Unternehmen Warnungen von Sicherheitsexperten in den Wind geschlagen.
---------------------------------------------
http://www.heise.de/security/meldung/Snapchat-schweigt-nach-Datenleck-2074251.html




*** memcached mit löchriger Authentifizierung ***
---------------------------------------------
Die SASL-Authentifizierung des Cache-Servers ist zu gutmütig. Auch mit ungültigen Zugangsdaten kommt man beim zweiten Versuch rein.
---------------------------------------------
http://www.heise.de/security/meldung/memcached-mit-loechriger-Authentifizierung-2074285.html




*** OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor, (Thu, Jan 2nd) ***
---------------------------------------------
By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is that the attack was made possible by gaining access to the hypervisor that hosts the VM responsible for the website. Attacks of this sort are likely to be more common as time goes on as it provides easy ability to take over a host without having to go through the effort of actually rooting a box.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17333&rss




*** Der Spiegel Article on Networking Equipment Infiltration ***
---------------------------------------------
On December 29, 2013, the German news publication Der Spiegel published an article referencing leaked documents from the U.S. National Security Agency (NSA) that mentioned "software implants" for networking devices. Cisco is one of a number of technology companies mentioned in the article...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel




*** Security Notice-Statement About the Networking Equipment Infiltration Article in Der Spiegel ***
---------------------------------------------
On December 29, 2013, German news agency Der Spiegel published a report titled "Shopping for Spy Gear: Catalog Advertises NSA Toolbox" and described Huawei as one of the vendors that might be impacted.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-323430.htm




*** Security Advisory-A DoS Vulnerability in the SSH Module on Huawei AR Router ***
---------------------------------------------
On Some Huawei AR routers that receive a large number of SSH authentication attack packets with malformed data, legitimate users fail to log in through SSH. Attackers can construct massive attack packets to cause the AR routers to deny SSH login from legitimate users. (HWPSIRT-2013-1255).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-323609.htm




*** Vuln: mod_nss Module NSSVerifyClient CVE-2013-4566 Authentication Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/64114




*** Vuln: libgadu SSL Certificate Validation CVE-2013-4488 Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63473




*** Debian update for ruby-i18n ***
---------------------------------------------
https://secunia.com/advisories/56212




*** DSA-2833 openssl ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2014/dsa-2833




*** DSA-2832 memcached ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2014/dsa-2832




*** DSA-2831 puppet ***
---------------------------------------------
insecure temporary files
---------------------------------------------
http://www.debian.org/security/2013/dsa-2831




*** Debian update for typo3-src ***
---------------------------------------------
https://secunia.com/advisories/56266


More information about the Daily mailing list