ISC StormCast for Tuesday, September 23rd 2014

By Johannes Ullrich Looking for False Positives: Help us out with #CSAM; iOS 7 Exploit released; Fake LogMeIn E-Mail; Making location data more private;
October: Cyber Security Awareness Month
https://isc.sans.edu/forums/diary/Cyber+Security+Awareness+Month+What+s+your+favorite+most+scary+false+positive/18691
iOS 7 Exploit released
https://isc.sans.edu/forums/diary/iOS+7+1+x+Exploit+Released+CVE-2014-4377+/18693
LogMeIn Fake Certificate Update E-Mails
https://isc.sans.edu/forums/diary/Fake+LogMeIn+Certificate+Update+with+Bad+AV+Detection+Rate/18695
Privacy of Location Data
http://ceur-ws.org/Vol-1225/pir2014_submission_11.pdf More Here    

ISC StormCast for Monday, September 22nd 2014

By Johannes Ullrich Odd ICMP Packets; Extracting #OSX Keychain Analysis; #IoT: HeatMiser Wifi Thermostat Vulnerabilities; Windows XP: Common to recent Payment Card Breaches
ICMP Packets: Got Samples?
https://isc.sans.edu/forums/diary/Strange+ICMP+traffic+seen+in+destination/18685
OS X Keychain Extraction Tool
http://forensic.n0fate.com/wp-content/uploads/2012/12/Keychain-Analysis-with-Mac-OS-X-Memory-Forensics.pdf
HeatMiser Thermostat Vulnerability
http://cybergibbons.com/security-2/heatmiser-wifi-thermostat-vulnerabilities/
Windows XP: Common link to recent large PoS/Credit Card Breaches
http://www.networkworld.com/article/2685295/microsoft-subnet/home-depot-target-breaches-exploited-windows-xp-flaw-report-says.html More Here    

ISC StormCast for Thursday, September 18th 2014

By Johannes Ullrich Background Search Spam; iOS 8: Not just new bling, but also more secure; New OWASP testing guide: For those who are too lazy for incident response.
Background Search Spam
https://isc.sans.edu/forums/diary/Your+online+background+check+is+now+public+/18661
iOS 8 Update
http://support.apple.com/kb/HT6441?viewlocale=en_US&locale=en_US
OWASP Releases new Web App Testing Guide (Version 4.0)
https://www.owasp.org/images/1/19/OTGv4.pdf
More Here    

ISC StormCast for Wednesday, September 17th 2014

By Johannes Ullrich New and improved TLDs lead to new and improved phish (with SSL); FreeBSD stray SYN DOS; Delayed Adobe Bulletin Released;
New TLD Used in Phishing
https://isc.sans.edu/forums/diary/https+yourfakebank+support+–+TLD+confusion+starts+/18651
FreeBSD Spoofed SYN DoS Vulnerability
https://isc.sans.edu/forums/diary/FreeBSD+Denial+of+Service+advisory+CVE-2004-0230+/18657
Adobe Releases Delayed Reader/Acrobat Bulletin
http://helpx.adobe.com/security/products/reader/apsb14-20.html
Python Script allows Download of iCloud Backups
https://github.com/hackappcom/iloot
I will be speaking at the Jacksonville FL Linux Users Group on Wednesday (Sept. 17).
Details: http://www.jaxlug.net/wiki/Main_Page
More Here    

ISC StormCast for Tuesday, September 16th 2014

By Johannes Ullrich SNMP Scans: Mercy Killings or Troll? Android Browser SOP Bypass. Play Doom on your Hacked Canon Printer!
————————-
Spoofed SNMP Scans: Mercy Killings or Troll?
https://isc.sans.edu/forums/diary/Google+DNS+Server+IP+Address+Spoofed+for+SNMP+reflective+Attacks/18647
Android Browser Same Origin Bypass
http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html
Unauthenticated Firmware Uploads for Canon Pixma Printers
http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/ More Here    

ISC StormCast for Monday, September 15th 2014

By Johannes Ullrich SSDEEP: Great tool, but update now! Got password dumps? What to do with them! WordPress: Watch your themes. Password Managers tested.
SSDEEP Update
http://jessekornblum.livejournal.com/295883.html
What to do with credential dumps
https://isc.sans.edu/forums/diary/Are+credential+dumps+are+worth+reviewing/18641
WordPress Themes: Vulnerable yet again
http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
Weeknesses in Password Managers
https://crypto.stanford.edu/~dabo/pubs/papers/pwdmgrBrowser.pdf
More Here    

ISC StormCast for Friday, September 12th 2014

By Johannes Ullrich Microsoft No Longer Allows Disabling “ViewStateMac”
http://blogs.msdn.com/b/webdev/archive/2014/09/09/farewell-enableviewstatemac.aspx
Mobile Applications Often Provide Faulty Privacy Statements (or none at all)
https://www.priv.gc.ca/media/nr-c/2014/bg_140910_e.asp
Google Finds Most of the “Leaked” Passwords Published This Week Were Fake
http://googleonlinesecurity.blogspot.ca/2014/09/cleaning-up-after-password-dumps.html More Here    

ISC StormCast for Thursday, September 11th 2014

By Johannes Ullrich Comcast injects Javascript Ads into Public Wifi Access Points
http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/
5 Million GMail Logins Leaked – Likely from sites other then Google
http://time.com/3318853/google-user-logins-bitcoin/
Most iOS “Backdoors” Closed in iOS 8 beta
http://www.zdziarski.com/blog/?p=3820
iCloud Phishing E-mails using nude-picture leaks as pretense
http://www.symantec.com/connect/blogs/apple-ids-targeted-kelihos-botnet-phishing-campaign More Here    

ISC StormCast for Wednesday, September 10th 2014

By Johannes Ullrich #MSFT delivers patches; #Adobe delivers some patches, and delays others; Enigmail: bcc recipients left in the clear;
Microsoft Patches
https://technet.microsoft.com/library/security/ms14-sep
Adobe Reader / Acrobat Patch Delayed
http://helpx.adobe.com/security/products/reader/apsb14-20.html
Adobe Published Flash Player Patch
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
Enigmail Bug May lead to e-mails not getting encrypted as expected
http://sourceforge.net/p/enigmail/bugs/294/ More Here