[CERT-daily] Tageszusammenfassung - Dienstag 25-09-2012

Tue Sep 25 18:01:14 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 24-09-2012 18:00 − Dienstag 25-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Book Review: Digital Forensics For Handheld Devices ***
---------------------------------------------
benrothke writes "Todays handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Bens review.    Read more of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fpv3Or7g974/book-review-digital-forensics-for-handheld-devices


*** Schneier: We Dont Need SHA-3 ***
---------------------------------------------
Trailrunner7 writes with this excerpt from Threatpost: "For the last five years, NIST, the government body charged with developing new standards for computer security, among other things, has been searching for a new hash function to replace the aging SHA-2 function. Five years is a long time, but this is the federal government and things move at their own pace in Washington, but NIST soon will be announcing the winner from the five finalists that were chosen last year. Despite the
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fJ7xmIOdp-o/schneier-we-dont-need-sha-3


*** Java SE 5/6/7 critical security issue ***
---------------------------------------------
Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/VECe3FilPLE/WLB-2012090223


*** Samsung-Smartphones aus der Ferne löschbar ***
---------------------------------------------
Der Sicherheitsexperte Ravi Borgaonkar hat auf der Hackerkonferenz Ekoparty demonstriert, dass man Android-Smartphones von Samsung, bei denen der Hersteller die Android-Version mit eigener Software angepasst hat, aus der Ferne auf Werkseinstellungen zurücksetzen kann. Kern des Angriffs ist eine Schwachstelle im Samsung-eigenen Wählprogramm, durch die einzelne Smartphone-Varianten ohne Rückfrage sogenannte USSD-Codes (Unstructured Supplementary Service Data) ausführen, die über speziell präparierte Links übergeben werden. Der Code *2767*3855# sorgt dafür, dass das Handy sofort mit dem Zurücksetzen beginnt.
---------------------------------------------
http://www.heise.de/security/meldung/Samsung-Smartphones-aus-der-Ferne-loeschbar-1716849.html/from/atom10


*** Data Breach Reveals 100k IEEE.org Members Plaintext Passwords ***
---------------------------------------------
First time accepted submitter radudragusin writes "IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HCjl46a-6mM/data-breach-reveals-100k-ieeeorg-members-plaintext-passwords