ISC StormCast for Friday, February 27th 2015

By Johannes Ullrich HTTP/2 and Firefox 36
https://www.mozilla.org/en-US/firefox/36.0/releasenotes/
https://tools.ietf.org/html/draft-ietf-httpbis-http2-17
Comparing 2014 Vulnerability Statistics Between Operating Systems
http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
Jetty Web Server Request Leak
http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html More Here      

ISC StormCast for Thursday, February 26th 2015

By Johannes Ullrich Gemalto Claims SIM Keys Not Leaked
http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx
Lizard Squad Redirects Lenovo.com Domain
http://www.theregister.co.uk/2015/02/25/lenovo_hacked_lizard_squad/
Slimstat WordPress Plugin SQL Injection Vulnerability
http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html
Europol Takes Down Ramnit Botnet
https://www.europol.europa.eu/content/botnet-taken-down-through-international-law-enforcement-cooperation
Tracking Hacked Websites Using ShodanHQ
https://blog.shodan.io/tracking-hacked-websites/
More Here      

ISC StormCast for Wednesday, February 25th 2015

By Johannes Ullrich PrivDog bites SSL Security
http://www.kb.cert.org/vuls/id/366544
Samba Vulnerability
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
Visa to Use Tokenization in Australia
http://visa.com.au/aboutvisa/research/include/Tokenisation_Why_Australia_Why_Now_FINAL.pdf
Copy.com Used to Distribute Cryptolocker
https://isc.sans.edu/forums/diary/Copycom+Used+to+Distribute+Crypto+Ransomware/19371/
11 ways to track your moves
https://isc.sans.edu/forums/diary/11+Ways+To+Track+Your+Moves+When+Using+a+Web+Browser/19369/ More Here      

ISC StormCast for Tuesday, February 24th 2015

By Johannes Ullrich Battery usage to trace phones
http://arxiv.org/pdf/1502.03182v1.pdf
Fonts to trace users
http://fontfeed.com/archives/google-webfonts-the-spy-inside/
older article: http://www.itbusiness.ca/news/44120/44120
Debian Tracking Binaries Back to Source
https://twitter.com/micahflee/status/569606357239750656/photo/1
Cisco IPv6 DoS Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6
Applying DShield Top 20 Using Palo Alto Network Firewall
https://isc.sans.edu/forums/diary/Subscribing+to+the+DShield+Top+20+on+a+Palo+Alto+Networks+Firewall/19365/ More Here      

ISC StormCast for Monday, February 23rd 2015

By Johannes Ullrich Symantec AV + TrueCrypt = BSOD
http://community.norton.com/en/forums/long-story-norton-bsod-me-when-i-use-truecrypt
Symentec AV blocks IE 11
https://community.norton.com/en/forums/tonights-update-crashing-ie11
More Superfish news
https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339
Typo3 Vulnerability
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
RC4 Removed from TLS
https://tools.ietf.org/html/rfc7465
http://threatpost.com/yes-your-car-wash-is-on-facebook/111148
More Here