[CERT-daily] Tageszusammenfassung - Mittwoch 5-09-2012

Otmar Lendl lendl at cert.at
Mon Sep 17 15:18:51 CEST 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Dienstag 04-09-2012 18:00 - Mittwoch 05-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Otmar Lendl




*** Bugtraq: Secunia Research: Adobe Photoshop TIFF SGI24LogLum
Decompression Buffer Overflow ***
---------------------------------------------
Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer
Overflow
---------------------------------------------
http://www.securityfocus.com/archive/1/524090




*** Widely used fingerprint reader exposes Windows passwords in seconds ***
---------------------------------------------
"Fingerprint-reading software preinstalled on laptops sold by Dell, Sony,
and at least 14 other PC makers contains a serious weakness that makes it
trivial for hackers with physical control of the machine to quickly recover
account passwords, security researchers said. The UPEK Protector Suite,
which was acquired by Melbourne, Florida-based Authentec two years ago, is
marketed as a secure means for logging into Windows computers using an
owners unique fingerprint, rather than a
---------------------------------------------
http://news.hitb.org/content/widely-used-fingerprint-reader-exposes-windows-passwords-seconds




*** Anonymous Project Mayhem 2012 - December 21st 2012. ***
---------------------------------------------
"You are Anonymous. You are Project Mayhem 2012 . On the 10 days that go
from 12-12-2012 to 12-21-2012, the world will see an unprecedented amount
of Corporate, Financial, Military and State leaks that will have been
secretly gathered by millions of CONSCIENTIOUS citizens, vigilantes,
whistle blowers and initiates. THE GLOBAL ECONOMIC SYSTEM WILL START THE
FINAL FINANCIAL MELTDOWNFOR *TRUST* IN FEAR BASED MONEY WILL BE FINALLY
BROKENPEOPLE ALL OVER THE WORLD, OUT OF FEAR TO GO BANKRUPT,
---------------------------------------------
http://www.youtube.com/watch?v=bqo1hDrj8eY




*** FBI says Apple ID heist claim is TOTALLY FALSE ***
---------------------------------------------
'Not our data' Popcorn time Hot on the heels of AntiSec's claim that the
purloined Apple device IDs it dumped to Pastebin came from the FBI, the
G-men have flatly denied the story.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/04/feds_deny_antisec_claims/




*** Secret account in mission-critical router opens power plants to
tampering ***
---------------------------------------------
"The branch of the US Department of Homeland Security that oversees
critical infrastructure has warned power utilities, railroad operators, and
other large industrial players of a weakness in a widely used router that
leaves them open to tampering by untrusted employees. The line of
mission-critical routers manufactured by Fremont, California-based
GarrettCom contains an undocumented account with a default password that
gives unprivileged users access to advanced options and features,
---------------------------------------------
http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-router-opens-power-plants-to-tampering/




*** HP stellt sich erneut an den Security-Pranger ***
---------------------------------------------
Die Zero Day Initiative (ZDI) hat erneut Informationen über ungepatchte
Sicherheitslücken in HP-Produkten veröffentlicht
---------------------------------------------
http://www.heise.de/security/meldung/HP-stellt-sich-erneut-an-den-Security-Pranger-1699296.html/from/atom10




*** Is Java now too dangerous to use? ***
---------------------------------------------
"Java, the great enabler of useful applications or a waste of space that is
doing more harm than good? After the last few weeks this has become a
question worthy of a philosophy lecture. First in late August came news of
two serious zero day Java vulnerabilities (CVE-2012-4681), with plenty of
evidence that criminals were exploiting them in a big enough way to pose
serious questions over Javas continued use...."
---------------------------------------------
http://features.techworld.com/security/3379294/is-java-now-too-dangerous-use/?olo=rss



More information about the Daily mailing list