# SANS ISC

# Reddit netsec

# Krebs On Security

  • Google Accounts Now Support Security Keys Wed, 22 Oct 2014 12:13:45 +0000
    People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.
  • Banks: Credit Card Breach at Staples Stores Mon, 20 Oct 2014 23:28:19 +0000
    Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a breach involving in-store customer transactions. Staples says it is investigating "a potential issue" and has contacted law enforcement.
  • Spike in Malware Attacks on Aging ATMs Mon, 20 Oct 2014 04:01:06 +0000
    This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

# Bruce Schneier's blog

  • Friday Squid Blogging: 1,057 Squid T-Shirts Fri, 17 Oct 2014 17:17:51 -0500
    That's a lot. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Commenting has been broken for the past few days. We hope to get it fixed on Monday....
  • Hacking a Video Poker Machine Fri, 17 Oct 2014 06:35:45 -0500
    Kevin Poulsen has written an interesting story about two people who successfully exploited a bug in a popular video poker machine....
  • NSA Classification ECI = Exceptionally Controlled Information Thu, 16 Oct 2014 06:22:09 -0500
    ECI is a classification above Top Secret. It's for things that are so sensitive they're basically not written down, like the names of companies whose cryptography has been deliberately weakened by the NSA, or the names of agents who have infiltrated foreign IT companies. As part of the Intercept story on the NSA's using agents to infiltrate foreign companies and...
  • DEA Sets Up Fake Facebook Page in Woman's Name Wed, 15 Oct 2014 07:06:52 -0500
    This is a creepy story. A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were "racy") and use it to set up a fake Facebook page in her name. The woman sued the...
  • FOXACID Operations Manual Wed, 15 Oct 2014 06:29:19 -0500
    A few days ago, I saw this tweet: "Just a reminder that it is now *a full year* since Schneier cited it, and the FOXACID ops manual remains unpublished." It's true. The citation is this: According to a top-secret operational procedures manual provided by Edward Snowden, an exploit named Validator might be the default, but the NSA has a variety...
  • Surveillance in Schools Tue, 14 Oct 2014 05:59:32 -0500
    This essay, "Grooming students for a lifetime of surveillance," talks about the general trends in student surveillance. Related: essay on the need for student privacy in online learning....
  • How James Bamford Came to Write The Puzzle Palace Mon, 13 Oct 2014 06:55:37 -0500
    Interesting essay about James Bamford and his efforts to publish The Puzzle Palace over the NSA's objections. Required reading for those who think the NSA's excesses are somehow new....
  • NSA Has Undercover Operatives in Foreign Companies Sat, 11 Oct 2014 14:54:11 -0500
    The latest Intercept article on the Snowden documents talks about the NSA's undercover operatives working in foreign companies. There are no specifics, although the countries China, Germany, and South Korea are mentioned. It's also hard to tell if the NSA has undercover operatives working in companies in those countries, or has undercover contractors visiting those companies. The document is dated...
  • Friday Squid Blogging: Flash-Fried Squid Recipe Fri, 10 Oct 2014 16:13:32 -0500
    Recipe from Tom Douglas. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Online Activism and the Computer Fraud and Abuse Act Fri, 10 Oct 2014 12:31:14 -0500
    Good essay by Molly Sauter: basically, there is no legal avenue for activism and protest on the Internet. Also note Sauter's new book, The Coming Swarm....

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • IBM WebSphere Service Registry And Repository Cross-Site Scripting Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  • Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Microsoft Debug Interface Access SDK is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
  • Oracle Supply Chain Products Suite 9.3.3.0 Information Disclosure Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
  • Python Commandline Symlink Attack Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
  • Apache CloudStack Authentication Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Apache CloudStack is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions, which may aid in further attacks.
  • Apple Safari Restriction Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
  • ASUS RT Routers ShellCode Injection Vulnerability Wed, 30 Jul 2014 00:00 GMT
    The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
  • Cisco IOS XE Software PPPoE Packet Handling Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Cisco IOS XE Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users.
  • Cisco Wide Area Application Services Buffer Overflow Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in Cisco Wide Area Application Services (WAAS). A remote user can execute arbitrary code on the target system. On systems configured with the SharePoint acceleration feature, a remote user can return specially crafted SharePoint responses to trigger a buffer overflow and execute arbitrary code on the target WAAS system. The code will run with elevated privileges on the target WAAS system.
  • Django Cross Site Request Forgery Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Django is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. Django versions prior to 1.4.11, prior to 1.5.6 and prior to 1.6.3 are vulnerable.
  • FreeIPA Cross-Realm Trust key Information Disclosure Vulnerability Wed, 30 Jul 2014 00:00 GMT
    FreeIPA is prone to an information-disclosure vulnerability. Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks.
  • HP IceWall MCRP And HP IceWall SSO Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in HP IceWall MCRP and HP IceWall SSO. A remote user can cause denial of service conditions.
  • IBM Rational Rhapsody Design Manager 4.0.6 Remote Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
  • Juniper NSM XDB Service Arbitrary Code Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
  • Microsoft Internet Explorer Remote Code Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
  • Apache CloudStack Information Disclosure Vulnerability Thu, 14 Aug 2014 00:00 GMT
    Apache CloudStack could allow a remote attacker to obtain sensitive information, caused by the use of a predictable hash sequence when generating virtual machine console URLs. An attacker could exploit this vulnerability to gain unauthorized access to console proxy URLs and obtain sensitive information.
  • Asterisk 11.8.1 Stack Overflow Vulnerability Thu, 14 Aug 2014 00:00 GMT
    main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
  • Cisco Identity Services Engine RADIUS Denial Of Service Vulnerability Thu, 14 Aug 2014 00:00 GMT
    A vulnerability was reported in Cisco Identity Services Engine. A remote authenticated user can cause denial of service conditions. A remote authenticated user can send specially crafted Remote Authentication Dial-In User Service (RADIUS) packets to trigger a deadlock and cause the target RADIUS service to become unresponsive.
  • Cisco NX-OS Software Arbitrary File Read Vulnerability Thu, 14 Aug 2014 00:00 GMT
    Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input.
  • Cogent Real-Time Systems DataHub 'GetPermissions.asp' Remote Code Execution Vulnerability Thu, 14 Aug 2014 00:00 GMT
    GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.