[CERT-daily] Tageszusammenfassung - Dienstag 11-09-2012

Mon Sep 17 15:24:39 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 10-09-2012 18:00 - Dienstag 11-09-2012 18:05
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** How to Defeat Zeus - Technology, Education Are Keys to Threat ***
---------------------------------------------
"Zeus continues to strike online bank accounts and users, and technology
designed to thwart these Trojan attacks continually fails to keep up.
Malware expert Andreas Baumhof says to defeat Zeus, financial institutions
have to change their approach. Zeus, a financially aimed malware, comes in
many different forms and flavors...."
---------------------------------------------
http://www.bankinfosecurity.com/how-to-defeat-zeus-a-5097?rf=2012-09-10-eb


*** PostgreSQL 9.2 Out with Greatly Improved Scalability ***
---------------------------------------------
The PostgreSQL project announced the release of PostgreSQL 9.2 today. The
headliner: "With the addition of linear scalability to 64 cores, index-only
scans and reductions in CPU power consumption, PostgreSQL 9.2 has
significantly improved scalability and developer flexibility for the most
demanding workloads. ... Up to 350,000 read queries per second (more than
4X faster) ... Index-only scans for data warehousing queries (2â20X
faster) ... Up to 14,000 data writes per second (5X ...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFHKonln9h4/postgresql-92-out-with-greatly-improved-scalability


*** E-publisher fesses up: Apple UDIDs were ours ***
---------------------------------------------
BlueToad clears FBI of device data collection It seems both Apple and the
FBI were telling the truth: the Apple UDIDs published last week didnât
come from either organization, with an American e-publisher posting a
statement that the data was stolen from its systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/10/bluetoad_source_of_stolen_udids/


*** Java, Flash, and the Choice of Usability Over Security ***
---------------------------------------------
"So I happened to be switching to a new computer two weekends ago. Going
into it I was dead set on not installing Flash and Java. And I was all good
until @alexhutton posted a link to a video about the Beetles "happy
birthday" song and I just had to check it out...."
---------------------------------------------
http://www.infosecisland.com/blogview/22381-Java-Flash-and-the-Choice-of-Usability-Over-Security.html


*** Programm für deutsche OWASP-Konferenz steht ***
---------------------------------------------
Die fünfte Auflage des German OWASP Day 2012, einer Veranstaltung zur
Softwaresicherheit, findet am 7. November 2012 in München statt. Das
Programm wurde um einen Mobile Security Track erweitert.
---------------------------------------------
http://www.heise.de/security/meldung/Programm-fuer-deutsche-OWASP-Konferenz-steht-1704080.html/from/atom10


*** Apples soon-to-be-slurped securo firm shrugs off crypto warning ***
---------------------------------------------
Windows passwords exposure confusion AuthenTec, the security firm thats the
target of an $356m acquisition by Apple, has denied reports that possible
cryptographic weaknesses in its fingerprint scanner software pose a risk to
the security of laptops.â¦
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/11/fingerprint_scanner_crypto_warning/


*** Anomaly Detection Rules & The Success of Open-Source Rule Testing ***
---------------------------------------------
Last November, the VRT established an open-source rule testing group,
composed of a number of Snort users from around the planet in industries
as diverse as defense contracting and education. To date, we've tested
well over a hundred rules with this group, and have had a great deal of
useful feedback in the process - which has led to both killing rules
that didn't perform as well as expected in the field, and the release of
rules that we would have never previously dared to put in public after
seeing them function well with the test group.
---------------------------------------------
http://vrt-blog.snort.org/2012/09/anomaly-detection-rules-success-of-open.html


*** Initiative-S: Kostenloser Website-Check für kleine Unternehmen ***
---------------------------------------------
Der Verband der deutschen Internetwirtschaft eco hat auf den Internet
Security Days offiziell das Projekt Initiative-S gestartet. Mit dem Angebot
sollen sich besonders kleine und mittelständische Unternehmen dagegen
schützen, dass ihre Internetpräsenzen als Trojanerschleuder missbraucht werden.
---------------------------------------------
http://www.heise.de/security/meldung/Initiative-S-Kostenloser-Website-Check-fuer-kleine-Unternehmen-1704458.html/from/atom10


*** GoDaddy Outage: RFC for Dummies ***
---------------------------------------------
"Yesterday was a black day for GoDaddy. com. During a few hours all they
hosting services were interrupted...."
---------------------------------------------
http://blog.rootshell.be/2012/09/11/godaddy-outage-rfc-for-dummies/


*** Vuln: RocketTheme RokModule Joomla! Component module Parameter SQL
Injection Vulnerability ***
---------------------------------------------
RocketTheme RokModule Joomla! Component module Parameter SQL Injection
Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55477


*** Bugtraq: [SE-2012-01] Security vulnerabilities in IBM Java ***
---------------------------------------------
[SE-2012-01] Security vulnerabilities in IBM Java
---------------------------------------------
http://www.securityfocus.com/archive/1/524134


*** Bugtraq: [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP
Methods ***
---------------------------------------------
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
---------------------------------------------
http://www.securityfocus.com/archive/1/524137


*** Bugtraq: Wordpress Download Monitor - Download Page Cross-Site
Scripting ***
---------------------------------------------
Wordpress Download Monitor - Download Page Cross-Site Scripting
---------------------------------------------
http://www.securityfocus.com/archive/1/524138