ISC StormCast for Tuesday, October 21st 2014

By Johannes Ullrich #Apple iOS Security Updates; #MSFT pulls SHA-2 patch from October Updates; China intercepts iCloud; US Gov Pushes Chip&Pin; PHP Patch
Apple iOS 8.1 and Apple TV 7.0.1
https://support.apple.com/kb/HT1222
Microsoft Pulls Windows 7 SHA-2 Update
https://technet.microsoft.com/en-us/library/security/2949927
iCloud SSL Traffic Intercepted in China using self signed certificates
https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
US Government to Require Chip-and-Pin for Federal Payments
http://www.whitehouse.gov/the-press-office/2014/10/17/fact-sheet-safeguarding-consumers-financial-security
PHP Update Released
http://php.net/ChangeLog-5.php More Here      

ISC StormCast for Friday, October 17th 2014

By Johannes Ullrich Mobbing up bad SSL Configs and Attacks with Logging; Ebola: Infecting More PCs then Humans? Oracle Forms 10g Remote Exec & Java Patches.
Logging SSL Parameters
https://isc.sans.edu/forums/diary/Logging+SSL/18847
US-Cert warns of Ebola Malware
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns
Oracle Forms 10g Arbitrary Remote Code Execution
https://www.netspi.com/blog/entryid/243/advisory-oracle-forms-10g-unauthenticated-remote-code-execution-cve-2014-4278 More Here      

ISC StormCast for Thursday, October 16th 2014

By Johannes Ullrich POODLE Update (wrap up?)
https://isc.sans.edu/forums/diary/POODLE+Turning+off+SSLv3+for+various+servers+and+client+/18837
https://www.sans.org/webcasts/about-poodle-99032 (webcast archive)
Weak Random Number Generators in Bitcoin Wallets Used to Steal Bitcoins
http://conference.hitb.org/hitbsecconf2014kul/materials/D1T1%20-%20Filippo%20Valsorda%20-%20Exploiting%20ECDSA%20Failures%20in%20the%20Bitcoin%20Blockchain.pdf
OS X Leaves Indexes With Private Data on USB Drives
http://www.f-secure.com/weblog/archives/00002752.html
Drupal Fixes SQL Injection Vulnerability
http://threatpost.com/drupal-fixes-highly-critical-sql-injection-flaw/108861 More Here      

ISC StormCast for Wednesday, October 15th 2014

By Johannes Ullrich SSLv3 POODLE Vulnerability
https://isc.sans.edu/forums/diary/OpenSSL+SSLv3+POODLE+Vulnerability+Official+Release/18827
Test your client: https://sslv3.dshield.org
Google Announcement:
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
MSFT Announcement:
https://technet.microsoft.com/en-us/library/security/3009008.aspx
Microsoft Patch Tuesday:
http://technet.microsoft.com/en-us/security/bulletin/ms14-oct
Today’s podcast is somewhat rushed due to the plethora of topics. We will have a special webcast tomorrow, likely around noon / early afternoon ET to discuss POODLE. More Here      

ISC StormCast for Tuesday, October 14th 2014

By Johannes Ullrich Some Beacons are False Beacons; Cyanogenmod open to MitM SSL Attack; Snapchat: Still not as ephemeral as you may think;
CSAM: Be Wary of False Beacons
https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813
Cyanogenmod vulnerable to SSL MitM Attack
http://www.theregister.co.uk/2014/10/13/androids_cyanogenmod_open_to_mitm_attacks/
https://docs.google.com/document/pub?id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew
Decrypting Snapchat Images
https://github.com/programa-stic/snapchat-decrypt
More Here      

ISC StormCast for Monday, October 13th 2014

By Johannes Ullrich Is it a phish or just a badly done breach notification? Dairy Queen/KMart: Next in line for PoS compromises; HP signs malware; Snapchat image archive leaked;
NCSAM: When Breach Notifications Look Worse then some Phishing Emails.
https://isc.sans.edu/forums/diary/CSAM+Month+of+False+Positives+-+Breach+Emails+/18805
Dairy Queen Breached
http://www.dairyqueen.com/us-en/datasecurityincident/?localechange=1&
(and KMart..)
HP Signs Malware with Valid Certificate
http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/
Snpchat Image Archive Surfces
https://gigaom.com/2014/10/10/thousands-of-snapchat-images-may-have-been-hacked-via-a-third-party-image-saving-service/ More Here      

ISC StormCast for Tuesday, October 7th 2014

By Johannes Ullrich What’s up with port 0 / WIN 6667? Patches: Not so far. More Control. Less Speed. SSL: Are 1024 Bit Keys officially dead now?
Odd “Window Size 6667″ traffic
https://isc.sans.edu/forums/diary/Shellshock+More+details+released+about+CVE-2014-6277+and+CVE-2014-6278+Also+Does+Windows+have+a+shellshock+problem+/18769
CSAM: Patching leaves system more vulnerable
https://isc.sans.edu/forums/diary/CSAM+Patch+and+get+pw0ned+not+OR+/18771
OpenSSL Bug Allow RSA 1024 key factorization in 20 minutes
https://www.reddit.com/r/crypto/comments/2i9qke/openssl_bug_allows_rsa_1024_key_factorization_in/ More Here      

ISC StormCast for Wednesday, October 8th 2014

By Johannes Ullrich RSA 1024bit keys: Still weak, but not all broken; Belkin routers shut down owners internet; Adobe reads your e-books with you; Patch Cookoo!
RSA 1024 Bit Key Update: Not quite broken yet, but still weak
https://isc.sans.edu/forums/diary/Confusion+over+SSL+and+1024+bit+keys/18775
Belkin Routers Block Internet Access after “Heartbeat” server goes offline
https://isc.sans.edu/forums/diary/Belkin+Router+Apocalypse+heartbeat+belkin+com+outage+taking+routers+down/18779
Adobe e-book privacy problems
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/#.VDSA0r4XkzD
Cookoo Sandbox Vulnerability
http://cuckoosandbox.org/2014-10-07-cuckoo-sandbox-111.html More Here