SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

News

IT-Security-Links #64

1 Comment


  • Shellshock I: Shellshock is a term dating from World War I and it refers to the effect of the trauma of battle on troops. But since last week it’s also the name of a serious GNU Bourne Again SHell (Bash) vulnerability, or to be more exact, a series of vulnerabilities (currently CVE-2014-6271,-7169, -7186,-7187,-6277,-6278). Comprehensive technical overviews are available from SANS (PDF) and TrendMicro (PDF).
  • Shellshock II: Web servers are indeed currently at the highest risk of being exploited, but the command shell exists all over the Internet. For example there’s also an attack vector in OpenVPN. And Shellshock could also be used to hack VOIP systems.
  • DMCA-Takedowns: Warner Bros. Entertainment must now release key information about its automated scheme to send copyright infringement notices to websites.
  • WordPress-Security: Security researcher Ryan Dewhurst released the WPScan Vulnerability Database, a one-stop shop for the latest WordPress, plug-in and theme vulnerabilities.
  • Google and Dropbox launched Simply Secure to improve online security. The newly created organization aims to make security technologies easier to use.
  • How to deal with old Java-based enterprise applications? Deutsche Bank London helped develop an “application self-defense tool” that sits below the application to detect and prevent attacks and apply virtual patches.

One thought on “IT-Security-Links #64

  1. And shellshock III: SIP is the latest shocked kid on the block https://github.com/zaf/sipshock