Carsten Eilers: Security-Jahresrückblick Teil 2
Werbung
Seite 1, Druckdatum: 07.04.2017, 05:04 Uhr Links & Literatur [1] Is The Internet On Fire? http://istheinternetonfire.com/ [2] Carsten Eilers: „Herzbluten, ein bissiger Poodle und Co.“; Entwickler Magazin 1.15 [3] CVE-2014-6271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 [4] Florian Weimer; oss-sec Mailing List: „Re: CVE-2014-6271: remote code execution through bash“ http://seclists.org/oss-sec/2014/q3/650 [5] Hanno Böck; oss-sec Mailing List: „Re: CVE-2014-6271: remote code execution through bash“ http://seclists.org/oss-sec/2014/q3/671 [6] CVE-2014-7169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 [7] Huzaifa Sidhpurwala; oss-sec Mailing List: „Fwd: Non-upstream patches for bash“ http://seclists.org/oss-sec/2014/q3/712 [8] CVE-2014-7186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186 [9] CVE-2014-7187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187 [10] Michal Zalewski; lcamtuf's blog: „Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE2014-6278)“ http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html [11] CVE-2014-6277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 [12] CVE-2014-6278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278 [13] Michal Zalewski; Full Disclosure Mailing List: „[FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)“ http://article.gmane.org/gmane.comp.security.fulldisclosure/1038 [14] Michal Zalewski; lcamtuf's blog: „Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78)“ http://lcamtuf.blogspot.de/2014/10/bash-bug-how-we-finally-cracked.html [15] Carsten Eilers: „ShellShock - Die Schwachstellen und Angriffsvektoren“ http://www.ceilers-news.de/serendipity/557-ShellShock-Die-Schwachstellen-undAngriffsvektoren.html [16] Rob Fuller (mubix); GitHub: shellshocker-pocs https://github.com/mubix/shellshocker-pocs [17] Carsten Eilers: „ShellShock - Die Angriffe“ http://www.ceilers-news.de/serendipity/558-ShellShock-Die-Angriffe.html [18] Yinette, @yinettesys auf Twitter: „gist.github.com/anonymous/929d622f3b36b00c0be1 … Shit is real now. First in-wild attack to hit my sensors CVE-2014-6271...“ https://twitter.com/yinettesys/status/515012126268604416 [19] GitHub Gist: „Ok, shits real. Its in the wild... src:162.253.66.76“ https://gist.github.com/anonymous/929d622f3b36b00c0be1 [20] KernelMode.info Thread: „Linux/Bash0day alias Shellshock alias Bashdoor“ http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505 [21] Michael Bulat (mbulat); GitHub: „jur“ https://gist.github.com/mbulat/a49d0933c48687bcf5d7 Seite 2, Druckdatum: 07.04.2017, 05:04 Uhr [22] VirusTotal-Scan von „jur“ https://www.virustotal.com/en/file/c17f4dc4bd1f81ca7f9729fd2f88f6e3e9738c4cc8ec38426eaed9f919 eecf2d/analysis/1411663072/ [23] Daniel Cid; Sucuri Blog: „Bash – ShellShocker – Attacks Increase in the Wild – Day 1“ http://blog.sucuri.net/2014/09/bash-shellshocker-attacks-increase-in-the-wild-day-1.html [24] Juha Saarinen; ITnews.com.au: „First Shellshock botnet attacks Akamai, US DoD networks“ http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx [25] Trend Micro: „Shellshock Updates: BASHLITE C&Cs Seen, Shellshock Exploit Attempts in Brazil“ http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-updates-bashlite-ccs-seenshellshock-exploit-attempts-in-brazil/ [26] James T. Bennett, David Bianco, Michael Lin; FireEye Blog: „Shellshock in the Wild“ http://www.fireeye.com/blog/uncategorized/2014/09/shellshock-in-the-wild.html [27] James T. Bennett, J. Gomez; FireEye Blog: „The Shellshock Aftershock for NAS Administrators“ http://www.fireeye.com/blog/technical/2014/10/the-shellshock-aftershock-for-nas-administrators.html [28] Kevin Liston; InfoSec Handlers Diary Blog: „Shellshock via SMTP“ https://isc.sans.edu/diary/Shellshock+via+SMTP/18879 [29] David Kennedy; Binary Defense Systems: „Active Shellshock SMTP Botnet Campaign“ https://www.binarydefense.com/bds/active-shellshock-smtp-botnet-campaign/ [30] Johannes Ullrich; InfoSec Handlers Diary Blog: „Worm Backdoors and Secures QNAP Network Storage Devices“ https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices /19061 [31] QNAP: „QNAP Releases New QTS for Turbo NAS with Official GNU Bash Patch Update“ http://www.qnap.com/i/en/news/con_show.php?op=showone&cid=342 [32] Brian Smith; Mailinglist der TLS Working Group der IETF: „[TLS] POODLE applicability to TLS 1.0+ (was Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)“ https://www.ietf.org/mail-archive/web/tls/current/msg14058.html [33] Brian Smith; Mailinglist der TLS Working Group der IETF: „Re: [TLS] POODLE applicability to TLS 1.0+ (was Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)“ https://www.ietf.org/mail-archive/web/tls/current/msg14072.html [34] Adam Langley; ImperialViolet: „The POODLE bites again (08 Dec 2014)“ https://www.imperialviolet.org/2014/12/08/poodleagain.html [35] F5 Security Advisory: „SOL15882: TLS1.x padding vulnerability CVE-2014-8730“ https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html [36] A10 Rapid Response: „SECURITY ADVISORY #CVE-2014-8730 published on December 8th, 2014“ https://www.a10networks.com/support/advisories/A10-RapidResponse_CVE-2014-8730.pdf [37] IBM Security Bulletin: „TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)“ https://www-01.ibm.com/support/docview.wss?uid=swg21692502 [38] IBM Security Bulletin: „TLS padding vulnerability affects Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2014-8730)“ http://www-01.ibm.com/support/docview.wss?uid=swg21692802 [39] Cisco Security Notice: „SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability“ http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8730 [40] CVE-2014-8730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730 [41] Ivan Ristic; Qualys Security Labs Blog: „Poodle Bites TLS“ Seite 3, Druckdatum: 07.04.2017, 05:04 Uhr https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls [42] Qualys SSL Labs: SSL Server Test https://www.ssllabs.com/ssltest/ [43] Drupal: SA-CORE-2014-005 - Drupal core - SQL injection https://www.drupal.org/SA-CORE-2014-005 [44] CVE-2014-3704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704 [45] Sektion Eins: Advisory 01/2014: Drupal - pre Auth SQL Injection Vulnerability https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injectionvulnerability.html [46] Stefan Horst; Sektion Eins Blog: „Drupal 7.31 pre Auth SQL Injection Vulnerability“ https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html [47] Pastebin: [Python] Drupal 7.x SQL Injection SA-CORE-2014-005 http://pastebin.com/nDwLFV3v [48] Reddit - netsec: SA-CORE-2014-005 - Drupal core - SQL injection http://www.reddit.com/r/netsec/comments/2jbu8g/sacore2014005_drupal_core_sql_injection/clagqhd [49] Tamer Zoubi: „Drupageddon - SA-CORE-2014-005 - Drupal 7 SQL injection exploit demo“ http://www.zoubi.me/blog/drupageddon-sa-core-2014-005-drupal-7-sql-injection-exploit-demo [50] Steven Adair; Volexity Blog: „Drupal Vulnerability: Mass Scans & Targeted Exploitation“ http://www.volexity.com/blog/?p=83 [51] Rapid7: „CVE-2014-3704 Drupal HTTP Parameter Key/Value SQL Injection“ http://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon [52] Drupal: Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003 https://www.drupal.org/PSA-2014-003 [53] Stefan Horst; Sektion Eins Blog: „Drupal 7.32 two weeks later - PoC“ https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html [54] Daniel Cid; Sucuri Blog: „Slider Revolution Plugin Critical Vulnerability Being Exploited“ http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html [55] Tony Perez; Sucuri Blog: „SoakSoak Malware Compromises 100,000+ WordPress Websites“ http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html [56] Carsten Eilers: „BadBIOS - Ein neuer Superschädling?“ http://www.ceilers-news.de/serendipity/413-BadBIOS-Ein-neuer-Superschaedling.html [57] Security Research Labs: „“BadUSB — On accessories that turn evil” at Black Hat, Las Vegas, Aug 6-7 2014“ https://srlabs.de/badusb-at-black-hat/ [58] Karsten Nohl, Jakob Lell; Black Hat USA 2014: „BadUSB - On Accessories that Turn Evil“ https://www.blackhat.com/us-14/archives.html#badusb-on-accessories-that-turn-evil [59] Security Research Labs: „Turning USB peripherals into BadUSB“ https://srlabs.de/badusb/ [60] PacSec 2014 Speakers and Slides https://pacsec.jp/psj14archive.html [61] Karsten Nohl, Sascha Krißler, Jakob Lell; PacSec 2014: „BadUSB — On accessories that turn evil“ https://srlabs.de/blog/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf [62] SRLabs Open Source Projects: Wiki BadUSB Exposure https://opensource.srlabs.de/projects/badusb [63] Adam Caudill: „Making BadUSB Work for You – DerbyCon“ https://adamcaudill.com/2014/10/02/making-badusb-work-for-you-derbycon/ Seite 4, Druckdatum: 07.04.2017, 05:04 Uhr [64] Adam Caudill (adamcaudill); GutHub: Psychson https://github.com/adamcaudill/Psychson [65] Carsten Eilers: „Unsicherer Serial Bus“; Entwickler Magazin 3.2013 (auch online als „Sicherheitsrisiko USB: Angriffe über den Serial Bus“ http://entwickler.de/artikel/sicherheitsrisiko-usb-angriffe-ueber-den-serial-bus-172870) [66] Adam Caudill: „On the Ethics of BadUSB“ https://adamcaudill.com/2014/10/03/on-the-ethics-of-badusb/ [67] Jrockilla; Reddit: „The boss has malware, again... (self.talesfromtechsupport)“ https://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/ [68] Carsten Eilers: „Angriffe über Geräte, die angeblich nur etwas Strom über USB möchten“ http://www.ceilers-news.de/serendipity/586-Angriffe-ueber-Geraete,-die-angeblich-nur-etwas-Stromueber-USB-moechten.html [69] Ralph Whitbeck; jQuery: „Was jquery.com Compromised?“ http://blog.jquery.com/2014/09/23/was-jquery-com-compromised/ [70] Ralph Whitbeck; jQuery: „Update on jQuery.com Compromises“ http://blog.jquery.com/2014/09/24/update-on-jquery-com-compromises/ [71] AToro; Websense Security Labs Blog: „Official Website of Popular Science Compromised“ http://community.websense.com/blogs/securitylabs/archive/2014/10/28/official-website-of-popularscience-is-compromised.aspx [72] Lisa Vaas; Sophos Naked Security: „HealthCare.gov breached, injected with malware“ http://nakedsecurity.sophos.com/2014/09/08/healthcare-gov-breached-injected-with-malware/ [73] Lisa Vaas; Sophos Naked Security: „Dropbox passwords leaked, third-party services blamed“ http://nakedsecurity.sophos.com/2014/10/14/dropbox-passwords-leaked-third-party-services-blamed/ [74] Lee Munson; Sophos Naked Security: „97,000 Bugzilla email addresses and passwords exposed in another Mozilla leak“ http://nakedsecurity.sophos.com/2014/08/29/97000-bugzilla-email-addresses-and-passwordsexposed-in-another-mozilla-leak/ [75] Lee Munson; Sophos Naked Security: „Mozilla database leaks 76,000 email addresses, 4,000 passwords“ http://nakedsecurity.sophos.com/2014/08/04/mozilla-database-leaks-76000-email-addresses-4000passwords/ [76] Jessica Silver-Greenberg, Matthew Goldstein, Nicole Perlroth; The New York Times: „JPMorgan Chase Hacking Affects 76 Million Households“ http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/ [77] Carsten Eilers: „Millionenfacher Identitätsdiebstahl führt zu blinden Aktionismus“ http://www.ceilers-news.de/serendipity/482-Millionenfacher-Identitaetsdiebstahl-fuehrt-zu-blindenAktionismus.html [78] Carsten Eilers: „Die 0-Day-Exploits 2014 im Überblick“ http://www.ceilers-news.de/serendipity/453-Die-0-Day-Exploits-2014-im-UEberblick.html [79] Carsten Eilers: „Microsoft patcht außer der Reihe kritische 0-Day-Schwachstelle in Kerberos“ http://www.ceilers-news.de/serendipity/582-Microsoft-patcht-ausser-der-Reihe-kritische-0-DaySchwachstelle-in-Kerberos.html [80] Sylvain Monné (bidord); GitHub: pykek (Python Kerberos Exploitation Kit) https://github.com/bidord/pykek [81] Carsten Eilers: „Die 0-Day-Exploits 2013 im Überblick“ http://www.ceilers-news.de/serendipity/345-Die-0-Day-Exploits-2013-im-UEberblick.html [82] Carsten Eilers: „Nutzt die NSA den Heartbleed Bug seit 2 Jahren?“ http://www.ceilers-news.de/serendipity/485-Nutzt-die-NSA-den-Heartbleed-Bug-seit-2-Jahren.html Seite 5, Druckdatum: 07.04.2017, 05:04 Uhr [83] David A. Wheeler: „Shellshock“ / „3. Timeline“ http://www.dwheeler.com/essays/shellshock.html#timeline