[CERT-daily] Tageszusammenfassung - Montag 17-09-2012

Mon Sep 17 21:08:29 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 14-09-2012 18:00 − Montag 17-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Otmar Lendl


*** Oracle BTM FlashTunnelService Remote Code Execution ***
---------------------------------------------
Topic: Oracle BTM FlashTunnelService Remote Code Execution Risk: High
Text:## # This file is part of the Metasploit Framework and may be subject
to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/26umQooi1WY/WLB-2012090145


*** EFF Challenges Tracking-Services Patent Used to Threaten Cities Across
the U.S. ***
---------------------------------------------
"San Francisco - The Electronic Frontier Foundation (EFF) is challenging a
dangerous patent used to wrongfully demand payment from cities and other
municipalities that employ public tracking systems to tell transit
passengers if their bus or train is on time. Today, EFF with the help of
the Samuelson Law, Technology, and Public Policy Clinic at Berkeley Law,
filed a request with the United States Patent and Trademark Office (USPTO),
urging reexamination of the legitimacy of the ArrivalStar...
---------------------------------------------
https://www.eff.org/press/releases/eff-challenges-tracking-services-patent-used-threaten-cities-across-us


*** Information Commissioner criticises dreamed up EU cookie directive ***
---------------------------------------------
"The Information Commissioner Christopher Graham has questioned the
effectiveness of the EU cookie directive, suggesting that it was "dreamed
up by politicians in Brussels" without the appropriate market research to
back it up. Speaking at the launch of a new report called The Data Dialogue
by think tank Demos, Graham said that policies around the use of personal
data by companies and public sector organisations need to be
evidence-based...."
---------------------------------------------
http://computerworld.co.nz/news.nsf/news/information-commissioner-criticises-dreamed-up-eu-cookie-directive?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews


*** Anonymous didnt steal from the FBI after all - new conspiracy theories
needed! ***
---------------------------------------------
"A techie named David Schuetz at security consultancy Intrepidus Group has
done something so obvious, so simple, and so tellingly useful, that Im
going to go all out and call it a stroke of genius. A week ago, a person
called Anonymous published one-million-and-one stolen Apple device IDs.
(Theres always room for numerological whimsy in hacking circles.)This
Anonymous person then blamed the FBI - crimes are always someone elses
fault if youre a hacker - by claiming that the data was stolen...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/09/11/fbi-data-leak-of-apple-udids-came-from-somewhere-elsanonymous-didnt-steal-from-fbi-after-all/


*** Vuln: ISC DHCP IPv6 Lease Expiration Handling Denial of Service
Vulnerability ***
---------------------------------------------
ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55530


*** Vuln: Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer
Overflow Vulnerability ***
---------------------------------------------
Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow
Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55551