ISC StormCast for Tuesday, October 21st 2014

By Johannes Ullrich #Apple iOS Security Updates; #MSFT pulls SHA-2 patch from October Updates; China intercepts iCloud; US Gov Pushes Chip&Pin; PHP Patch
Apple iOS 8.1 and Apple TV 7.0.1
Microsoft Pulls Windows 7 SHA-2 Update
iCloud SSL Traffic Intercepted in China using self signed certificates
US Government to Require Chip-and-Pin for Federal Payments
PHP Update Released More Here      

ISC StormCast for Friday, October 17th 2014

By Johannes Ullrich Mobbing up bad SSL Configs and Attacks with Logging; Ebola: Infecting More PCs then Humans? Oracle Forms 10g Remote Exec & Java Patches.
Logging SSL Parameters
US-Cert warns of Ebola Malware
Oracle Forms 10g Arbitrary Remote Code Execution More Here      

ISC StormCast for Thursday, October 16th 2014

By Johannes Ullrich POODLE Update (wrap up?) (webcast archive)
Weak Random Number Generators in Bitcoin Wallets Used to Steal Bitcoins
OS X Leaves Indexes With Private Data on USB Drives
Drupal Fixes SQL Injection Vulnerability More Here      

ISC StormCast for Wednesday, October 15th 2014

By Johannes Ullrich SSLv3 POODLE Vulnerability
Test your client:
Google Announcement:
MSFT Announcement:
Microsoft Patch Tuesday:
Today’s podcast is somewhat rushed due to the plethora of topics. We will have a special webcast tomorrow, likely around noon / early afternoon ET to discuss POODLE. More Here      

ISC StormCast for Tuesday, October 14th 2014

By Johannes Ullrich Some Beacons are False Beacons; Cyanogenmod open to MitM SSL Attack; Snapchat: Still not as ephemeral as you may think;
CSAM: Be Wary of False Beacons
Cyanogenmod vulnerable to SSL MitM Attack
Decrypting Snapchat Images
More Here      

ISC StormCast for Monday, October 13th 2014

By Johannes Ullrich Is it a phish or just a badly done breach notification? Dairy Queen/KMart: Next in line for PoS compromises; HP signs malware; Snapchat image archive leaked;
NCSAM: When Breach Notifications Look Worse then some Phishing Emails.
Dairy Queen Breached
(and KMart..)
HP Signs Malware with Valid Certificate
Snpchat Image Archive Surfces More Here      

ISC StormCast for Tuesday, October 7th 2014

By Johannes Ullrich What’s up with port 0 / WIN 6667? Patches: Not so far. More Control. Less Speed. SSL: Are 1024 Bit Keys officially dead now?
Odd “Window Size 6667″ traffic
CSAM: Patching leaves system more vulnerable
OpenSSL Bug Allow RSA 1024 key factorization in 20 minutes More Here      

ISC StormCast for Wednesday, October 8th 2014

By Johannes Ullrich RSA 1024bit keys: Still weak, but not all broken; Belkin routers shut down owners internet; Adobe reads your e-books with you; Patch Cookoo!
RSA 1024 Bit Key Update: Not quite broken yet, but still weak
Belkin Routers Block Internet Access after “Heartbeat” server goes offline
Adobe e-book privacy problems
Cookoo Sandbox Vulnerability More Here