[CERT-daily] Tageszusammenfassung - Freitag 17-10-2014

Daily end-of-shift report team at cert.at
Fri Oct 17 18:04:37 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 16-10-2014 18:00 − Freitag 17-10-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

*** Logging SSL, (Thu, Oct 16th) ***
---------------------------------------------
With POODLE behind us, it is time to get ready for the next SSL firedrill. One of the questions that keeps coming up is which ciphers and SSL/TLS versions are actually in use. If you decide to turn off SSLv3 or not depends a lot on who needs it, and it is an important answer to have ready should tomorrow some other cipher turn out to be too weak. But keep in mind that it is not just numbers that matter. You also need to figure out who the outliers are and how important (or dangerous?) they are.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18847&rss




*** Bad news, fandroids: He who controls the IPC tool, controls the DROID ***
---------------------------------------------
A security flaw in a core message-passing mechanism leaves every Android device potentially vulnerable to attack, security researchers warned on Thursday.
The flaw relates to Binder, Android's inter-process communication (IPC) tool. The message passing mechanism for Android devices acts as a communications hub on smartphones and tablets running the Google-developed mobile OS, making it a prime target for Android malware developers.
---------------------------------------------
http://www.theregister.co.uk/2014/10/16/android_messaging_mechanism_security_flawed/




*** SAP Netweaver Enqueue Server denial of service ***
---------------------------------------------
SAP Netweaver is vulnerable to a denial of service. By sending a specially-crafted SAP Enqueue Server packet to remote TCP port 32NN, a remote attacker could exploit this vulnerability to cause the system to become unresponsive.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/97610




*** Close means close: New adware detection criteria ***
---------------------------------------------
In April we introduced the rules that software developers should follow when creating advertisements to avoid being detected by Microsoft security products as adware. These rules are designed to keep our customers in control of their Internet browsing experience. Since then, we have had great success working with some companies through our developer contact process. At the same time we have started to see other advertising programs trying to bend and even circumvent our rules.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/10/16/close-means-close-new-adware-detection-criteria.aspx




*** Siemens RuggedCom ROX-based Devices Certificate Verification Vulnerability (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-14-135-03 Siemens RuggedCom ROX-Based Devices Certificate Verification Vulnerability that was published May 15, 2014, on the NCCIC/ICS-CERT web site. This advisory provides mitigation details for an incorrect certificate verification in Siemens RuggedCom ROX based devices.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-135-03A




*** Siemens OpenSSL Vulnerabilities (Update F) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03E Siemens OpenSSL Vulnerabilities that was published October 15, 2014, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-198-03F




*** IOServer Resource Exhaustion Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an out of bound read vulnerability in the IOServer application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-289-01




*** Fox DataDiode Proxy Server CSRF Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on September 26, 2014, and is being released to the ICS-CERT web site. This advisory provides mitigation details for a Cross-Site Request Forgery (CSRF) in the proxy server web administration interface for the Fox DataDiode Appliance Proxy Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-269-02




*** Black Hat Europe - day 1 ***
---------------------------------------------
Programme packed with interesting talks.Though the prestige of Black Hat Europe doesnt compare to that of its American parent conference, and the event certainly doesnt dominate the debate on Twitter in quite the same way, more than 800 security experts descended on Amsterdam this week where, in the RAI Convention Centre, the 14th edition of Black Hat Europe is taking place.The conference opened with a keynote from Adi Shamir (perhaps still best known as the S in the RSA protocol) on side
---------------------------------------------
http://www.virusbtn.com/blog/2014/10_17.xml?rss




*** Abusing TZ for fun (and little profit) ***
---------------------------------------------
Topic: Abusing TZ for fun (and little profit) Risk: Low Text: By default, sudo preserves the TZ variable[1] from users environment. This is a bad idea on glibc systems, where TZ can be abused to trick the program to read an arbitrary file.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014100107




*** Denial of Service vulnerability in extension Calendar Base (cal) ***
---------------------------------------------
It has been discovered that the extension "Calendar Base" (cal) is susceptible to Denial of Service.
---------------------------------------------
http://www.typo3.org/news/article/several-vulnerabilities-in-extension-calendar-base-cal/




*** Hacking Smart Electricity Meters To Cut Power Bills ***
---------------------------------------------
Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face some enormous number of challenges.
---------------------------------------------
http://thehackernews.com/2014/10/hacking-smart-electricity-meters-to-cut.html




*** Apple Updates (not just Yosemite), (Fri, Oct 17th) ***
---------------------------------------------
Apple yesterday released the latest version of its operating system, OS X 10.10 Yosemite. As usual, the new version of the operating system does include a number of security related bug fixes, and Apple released these fixes for older versions of OS X today. This update, Security Update 2014-005 is available for versions of OS X back to 10.8.5 (Mountain Lion). Among the long list of fixes, here a couple of highlights: Apple doesnt turn off SSLv3 in this release, but restricts it to non-CBC
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18851&rss






More information about the Daily mailing list