[CERT-daily] Tageszusammenfassung - Mittwoch 6-08-2014

Daily end-of-shift report team at cert.at
Wed Aug 6 18:03:19 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 05-08-2014 18:00 − Mittwoch 06-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Another Bypass Identified in PayPal 2FA ***
---------------------------------------------
A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and...
---------------------------------------------
http://threatpost.com/another-bypass-identified-in-paypal-2fa/107605




*** Mozilla zukünftig mit zentralen Sperrlisten ***
---------------------------------------------
Sichere Internet-Verbindungen erfordern Mechanismen, kompromittierte Zertifikate als ungültig zu erklären. Die aktuellen Verfahren dazu funktionieren jedoch nicht. Zukünftig soll das bei Firefox und Co die OneCRL richten.
---------------------------------------------
http://www.heise.de/security/meldung/Mozilla-zukuenftig-mit-zentralen-Sperrlisten-2283615.html




*** Researchers release CryptoLocker decryption tool ***
---------------------------------------------
Tool uses private keys found in database of victims.The CryptoLocker ransomware is one of the nastiest pieces of malware to have targeted Internet users in recent years. The malware uses strong file encryption (more particularly, AES encryption with a key that has been encrypted using an RSA-2048 private key) to deny the user access to their files unless they pay a ransom of around US$300. At a time when we often seem to be learning about accidental or intentional vulnerabilities in encryption,...
---------------------------------------------
http://www.virusbtn.com/blog/2014/08_06.xml?rss




*** CipherShed ***
---------------------------------------------
CipherShed is free (as in free-of-charge and free-speech) encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project.
---------------------------------------------
http://n0where.net/ciphershed/




*** Web-Fu - Chrome extension for pentesting web applications ***
---------------------------------------------
Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites.
---------------------------------------------
http://hack-tools.blackploit.com/2014/08/web-fu-chrome-extension-for-pentesting.html


More information about the Daily mailing list