[CERT-daily] Tageszusammenfassung - Donnerstag 11-10-2012

Daily end-of-shift report team at cert.at
Thu Oct 11 18:15:05 CEST 2012 

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-10-2012 18:00 − Donnerstag 11-10-2012 18:00
Handler:     Matthias Fraidl
Co-Handler:  Stephan Richter




*** Expenditure Report Reveals Germany Monitors Skype, Google Mail, Facebook Chat ***
---------------------------------------------
hypnosec writes "The German Government has gone a bit too far trying to be transparent, inadvertently revealing that German police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail, and Facebook chat when necessary. The revelations, spotted by the annalist blog, come from a report of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. The report contains lots of tables and as many would find those boring, some highlights: On page 34 and page 37 of...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/J2HxG9I5vdo/expenditure-report-reveals-germany-monitors-skype-google-mail-facebook-chat




*** Microsoft addresses critical Word flaws, new RSA key length ***
---------------------------------------------
"Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update. The new requirement, which Microsoft has been preparing customers for since August, was part of the software companys October 2012 Patch Tuesday security updates. Microsoft also addressed an issue with signature timestamps on valid files and released seven bulletins covering 20 vulnerabilities in Microsoft...
---------------------------------------------
http://searchsecurity.techtarget.com/news/2240164725/Microsoft-addresses-critical-Word-flaws-new-RSA-key-length?asrc=EM_NLN_19090307&track=NL-102&ad=882246&




*** US and EU Clash Over Whois Data ***
---------------------------------------------
itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually - moves that are applauded by David Vladeck, director of the FTCs Bureau of Consumer Protection. The E.U.s Article 29 Working Group is markedly less enthusiastic, saying ICANNs plans trample on...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/6xJedYC9pQU/us-and-eu-clash-over-whois-data




*** Sicherheitslücke in Firefox 16 ***
---------------------------------------------
Eine Sicherheitslücke in Firefox 16 hat Mozilla in Alarmbereitschaft versetzt. Als Reaktion wurde Firefox 16 von der Mozilla Homepage entfernt und steht nicht mehr zur Installation zur Verfügung.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Firefox-16-1727390.html/from/atom10




*** PGP founders mobile privacy app goes live ***
---------------------------------------------
Zimmerman & Navy SEAL pals unveil safe comms, at $20 a month Updated Silent Circle, the secure mobile communications app backed by Phil Zimmerman, has gone live - offering protection from all but the most determined of government departments.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/secure_circle/




*** Neue IPv6-Tools von "The Hackers Choice" ***
---------------------------------------------
Die Hackergruppe "The Hackers Choice" hat das THC IPv6 Attack Toolkit für die Version 2.0 deutlich erweitert. Im Mittelpunkt der Tools steht nicht nur das Sammeln von Informationen über andere IPv6-Hosts, sondern auch über gezielte Angriffe, etwa um Pakete über sich umzuleiten und in eine Position als Man-in-the-Middle zu gelangen.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-IPv6-Tools-von-The-Hackers-Choice-1727676.html/from/atom10




*** Facebook Confirms Data Breach ***
---------------------------------------------
another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. Its not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebooks 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited the Prakashs
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-ZGiVNpxow8/facebook-confirms-data-breach




*** Bugtraq: Multiple vulnerabilities in OpenX ***
---------------------------------------------
Multiple vulnerabilities in OpenX
---------------------------------------------
http://www.securityfocus.com/archive/1/524372

More information about the Daily mailing list