Carsten Eilers: Security-Jahresrückblick Teil 2

advertisement
Seite 1, Druckdatum: 07.04.2017, 05:04 Uhr
Links & Literatur
[1] Is The Internet On Fire?
http://istheinternetonfire.com/
[2] Carsten Eilers: „Herzbluten, ein bissiger Poodle und Co.“; Entwickler Magazin 1.15
[3] CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
[4] Florian Weimer; oss-sec Mailing List: „Re: CVE-2014-6271: remote code execution through bash“
http://seclists.org/oss-sec/2014/q3/650
[5] Hanno Böck; oss-sec Mailing List: „Re: CVE-2014-6271: remote code execution through bash“
http://seclists.org/oss-sec/2014/q3/671
[6] CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
[7] Huzaifa Sidhpurwala; oss-sec Mailing List: „Fwd: Non-upstream patches for bash“
http://seclists.org/oss-sec/2014/q3/712
[8] CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
[9] CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
[10] Michal Zalewski; lcamtuf's blog: „Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE2014-6278)“
http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html
[11] CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
[12] CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
[13] Michal Zalewski; Full Disclosure Mailing List: „[FD] the other bash RCEs (CVE-2014-6277 and
CVE-2014-6278)“
http://article.gmane.org/gmane.comp.security.fulldisclosure/1038
[14] Michal Zalewski; lcamtuf's blog: „Bash bug: the other two RCEs, or how we chipped away at the
original fix (CVE-2014-6277 and '78)“
http://lcamtuf.blogspot.de/2014/10/bash-bug-how-we-finally-cracked.html
[15] Carsten Eilers: „ShellShock - Die Schwachstellen und Angriffsvektoren“
http://www.ceilers-news.de/serendipity/557-ShellShock-Die-Schwachstellen-undAngriffsvektoren.html
[16] Rob Fuller (mubix); GitHub: shellshocker-pocs
https://github.com/mubix/shellshocker-pocs
[17] Carsten Eilers: „ShellShock - Die Angriffe“
http://www.ceilers-news.de/serendipity/558-ShellShock-Die-Angriffe.html
[18] Yinette, @yinettesys auf Twitter: „gist.github.com/anonymous/929d622f3b36b00c0be1 … Shit is
real now. First in-wild attack to hit my sensors CVE-2014-6271...“
https://twitter.com/yinettesys/status/515012126268604416
[19] GitHub Gist: „Ok, shits real. Its in the wild... src:162.253.66.76“
https://gist.github.com/anonymous/929d622f3b36b00c0be1
[20] KernelMode.info Thread: „Linux/Bash0day alias Shellshock alias Bashdoor“
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505
[21] Michael Bulat (mbulat); GitHub: „jur“
https://gist.github.com/mbulat/a49d0933c48687bcf5d7
Seite 2, Druckdatum: 07.04.2017, 05:04 Uhr
[22] VirusTotal-Scan von „jur“
https://www.virustotal.com/en/file/c17f4dc4bd1f81ca7f9729fd2f88f6e3e9738c4cc8ec38426eaed9f919
eecf2d/analysis/1411663072/
[23] Daniel Cid; Sucuri Blog: „Bash – ShellShocker – Attacks Increase in the Wild – Day 1“
http://blog.sucuri.net/2014/09/bash-shellshocker-attacks-increase-in-the-wild-day-1.html
[24] Juha Saarinen; ITnews.com.au: „First Shellshock botnet attacks Akamai, US DoD networks“
http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx
[25] Trend Micro: „Shellshock Updates: BASHLITE C&Cs Seen, Shellshock Exploit Attempts in Brazil“
http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-updates-bashlite-ccs-seenshellshock-exploit-attempts-in-brazil/
[26] James T. Bennett, David Bianco, Michael Lin; FireEye Blog: „Shellshock in the Wild“
http://www.fireeye.com/blog/uncategorized/2014/09/shellshock-in-the-wild.html
[27] James T. Bennett, J. Gomez; FireEye Blog: „The Shellshock Aftershock for NAS Administrators“
http://www.fireeye.com/blog/technical/2014/10/the-shellshock-aftershock-for-nas-administrators.html
[28] Kevin Liston; InfoSec Handlers Diary Blog: „Shellshock via SMTP“
https://isc.sans.edu/diary/Shellshock+via+SMTP/18879
[29] David Kennedy; Binary Defense Systems: „Active Shellshock SMTP Botnet Campaign“
https://www.binarydefense.com/bds/active-shellshock-smtp-botnet-campaign/
[30] Johannes Ullrich; InfoSec Handlers Diary Blog: „Worm Backdoors and Secures QNAP Network
Storage Devices“
https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices
/19061
[31] QNAP: „QNAP Releases New QTS for Turbo NAS with Official GNU Bash Patch Update“
http://www.qnap.com/i/en/news/con_show.php?op=showone&cid=342
[32] Brian Smith; Mailinglist der TLS Working Group der IETF: „[TLS] POODLE applicability to TLS
1.0+ (was Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)“
https://www.ietf.org/mail-archive/web/tls/current/msg14058.html
[33] Brian Smith; Mailinglist der TLS Working Group der IETF: „Re: [TLS] POODLE applicability to
TLS 1.0+ (was Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)“
https://www.ietf.org/mail-archive/web/tls/current/msg14072.html
[34] Adam Langley; ImperialViolet: „The POODLE bites again (08 Dec 2014)“
https://www.imperialviolet.org/2014/12/08/poodleagain.html
[35] F5 Security Advisory: „SOL15882: TLS1.x padding vulnerability CVE-2014-8730“
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
[36] A10 Rapid Response: „SECURITY ADVISORY #CVE-2014-8730 published on December 8th,
2014“
https://www.a10networks.com/support/advisories/A10-RapidResponse_CVE-2014-8730.pdf
[37] IBM Security Bulletin: „TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)“
https://www-01.ibm.com/support/docview.wss?uid=swg21692502
[38] IBM Security Bulletin: „TLS padding vulnerability affects Tivoli Access Manager for e-business
and IBM Security Access Manager for Web (CVE-2014-8730)“
http://www-01.ibm.com/support/docview.wss?uid=swg21692802
[39] Cisco Security Notice: „SSL-TLS Implementations Cipher Block Chaining Padding Information
Disclosure Vulnerability“
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8730
[40] CVE-2014-8730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
[41] Ivan Ristic; Qualys Security Labs Blog: „Poodle Bites TLS“
Seite 3, Druckdatum: 07.04.2017, 05:04 Uhr
https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
[42] Qualys SSL Labs: SSL Server Test
https://www.ssllabs.com/ssltest/
[43] Drupal: SA-CORE-2014-005 - Drupal core - SQL injection
https://www.drupal.org/SA-CORE-2014-005
[44] CVE-2014-3704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704
[45] Sektion Eins: Advisory 01/2014: Drupal - pre Auth SQL Injection Vulnerability
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injectionvulnerability.html
[46] Stefan Horst; Sektion Eins Blog: „Drupal 7.31 pre Auth SQL Injection Vulnerability“
https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html
[47] Pastebin: [Python] Drupal 7.x SQL Injection SA-CORE-2014-005
http://pastebin.com/nDwLFV3v
[48] Reddit - netsec: SA-CORE-2014-005 - Drupal core - SQL injection
http://www.reddit.com/r/netsec/comments/2jbu8g/sacore2014005_drupal_core_sql_injection/clagqhd
[49] Tamer Zoubi: „Drupageddon - SA-CORE-2014-005 - Drupal 7 SQL injection exploit demo“
http://www.zoubi.me/blog/drupageddon-sa-core-2014-005-drupal-7-sql-injection-exploit-demo
[50] Steven Adair; Volexity Blog: „Drupal Vulnerability: Mass Scans & Targeted Exploitation“
http://www.volexity.com/blog/?p=83
[51] Rapid7: „CVE-2014-3704 Drupal HTTP Parameter Key/Value SQL Injection“
http://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon
[52] Drupal: Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003
https://www.drupal.org/PSA-2014-003
[53] Stefan Horst; Sektion Eins Blog: „Drupal 7.32 two weeks later - PoC“
https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
[54] Daniel Cid; Sucuri Blog: „Slider Revolution Plugin Critical Vulnerability Being Exploited“
http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
[55] Tony Perez; Sucuri Blog: „SoakSoak Malware Compromises 100,000+ WordPress Websites“
http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html
[56] Carsten Eilers: „BadBIOS - Ein neuer Superschädling?“
http://www.ceilers-news.de/serendipity/413-BadBIOS-Ein-neuer-Superschaedling.html
[57] Security Research Labs: „“BadUSB — On accessories that turn evil” at Black Hat, Las Vegas,
Aug 6-7 2014“
https://srlabs.de/badusb-at-black-hat/
[58] Karsten Nohl, Jakob Lell; Black Hat USA 2014: „BadUSB - On Accessories that Turn Evil“
https://www.blackhat.com/us-14/archives.html#badusb-on-accessories-that-turn-evil
[59] Security Research Labs: „Turning USB peripherals into BadUSB“
https://srlabs.de/badusb/
[60] PacSec 2014 Speakers and Slides
https://pacsec.jp/psj14archive.html
[61] Karsten Nohl, Sascha Krißler, Jakob Lell; PacSec 2014: „BadUSB — On accessories that turn
evil“
https://srlabs.de/blog/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf
[62] SRLabs Open Source Projects: Wiki BadUSB Exposure
https://opensource.srlabs.de/projects/badusb
[63] Adam Caudill: „Making BadUSB Work for You – DerbyCon“
https://adamcaudill.com/2014/10/02/making-badusb-work-for-you-derbycon/
Seite 4, Druckdatum: 07.04.2017, 05:04 Uhr
[64] Adam Caudill (adamcaudill); GutHub: Psychson
https://github.com/adamcaudill/Psychson
[65] Carsten Eilers: „Unsicherer Serial Bus“; Entwickler Magazin 3.2013 (auch online als
„Sicherheitsrisiko USB: Angriffe über den Serial Bus“
http://entwickler.de/artikel/sicherheitsrisiko-usb-angriffe-ueber-den-serial-bus-172870)
[66] Adam Caudill: „On the Ethics of BadUSB“
https://adamcaudill.com/2014/10/03/on-the-ethics-of-badusb/
[67] Jrockilla; Reddit: „The boss has malware, again... (self.talesfromtechsupport)“
https://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/
[68] Carsten Eilers: „Angriffe über Geräte, die angeblich nur etwas Strom über USB möchten“
http://www.ceilers-news.de/serendipity/586-Angriffe-ueber-Geraete,-die-angeblich-nur-etwas-Stromueber-USB-moechten.html
[69] Ralph Whitbeck; jQuery: „Was jquery.com Compromised?“
http://blog.jquery.com/2014/09/23/was-jquery-com-compromised/
[70] Ralph Whitbeck; jQuery: „Update on jQuery.com Compromises“
http://blog.jquery.com/2014/09/24/update-on-jquery-com-compromises/
[71] AToro; Websense Security Labs Blog: „Official Website of Popular Science Compromised“
http://community.websense.com/blogs/securitylabs/archive/2014/10/28/official-website-of-popularscience-is-compromised.aspx
[72] Lisa Vaas; Sophos Naked Security: „HealthCare.gov breached, injected with malware“
http://nakedsecurity.sophos.com/2014/09/08/healthcare-gov-breached-injected-with-malware/
[73] Lisa Vaas; Sophos Naked Security: „Dropbox passwords leaked, third-party services blamed“
http://nakedsecurity.sophos.com/2014/10/14/dropbox-passwords-leaked-third-party-services-blamed/
[74] Lee Munson; Sophos Naked Security: „97,000 Bugzilla email addresses and passwords exposed
in another Mozilla leak“
http://nakedsecurity.sophos.com/2014/08/29/97000-bugzilla-email-addresses-and-passwordsexposed-in-another-mozilla-leak/
[75] Lee Munson; Sophos Naked Security: „Mozilla database leaks 76,000 email addresses, 4,000
passwords“
http://nakedsecurity.sophos.com/2014/08/04/mozilla-database-leaks-76000-email-addresses-4000passwords/
[76] Jessica Silver-Greenberg, Matthew Goldstein, Nicole Perlroth; The New York Times: „JPMorgan
Chase Hacking Affects 76 Million Households“
http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/
[77] Carsten Eilers: „Millionenfacher Identitätsdiebstahl führt zu blinden Aktionismus“
http://www.ceilers-news.de/serendipity/482-Millionenfacher-Identitaetsdiebstahl-fuehrt-zu-blindenAktionismus.html
[78] Carsten Eilers: „Die 0-Day-Exploits 2014 im Überblick“
http://www.ceilers-news.de/serendipity/453-Die-0-Day-Exploits-2014-im-UEberblick.html
[79] Carsten Eilers: „Microsoft patcht außer der Reihe kritische 0-Day-Schwachstelle in Kerberos“
http://www.ceilers-news.de/serendipity/582-Microsoft-patcht-ausser-der-Reihe-kritische-0-DaySchwachstelle-in-Kerberos.html
[80] Sylvain Monné (bidord); GitHub: pykek (Python Kerberos Exploitation Kit)
https://github.com/bidord/pykek
[81] Carsten Eilers: „Die 0-Day-Exploits 2013 im Überblick“
http://www.ceilers-news.de/serendipity/345-Die-0-Day-Exploits-2013-im-UEberblick.html
[82] Carsten Eilers: „Nutzt die NSA den Heartbleed Bug seit 2 Jahren?“
http://www.ceilers-news.de/serendipity/485-Nutzt-die-NSA-den-Heartbleed-Bug-seit-2-Jahren.html
Seite 5, Druckdatum: 07.04.2017, 05:04 Uhr
[83] David A. Wheeler: „Shellshock“ / „3. Timeline“
http://www.dwheeler.com/essays/shellshock.html#timeline
Herunterladen