- The Poodle bites again: PoodleTLS or CVE-2014-8730 is a new vulnerability that targets some TLS implementations. F5 and A10 networking equipment are affected.
- Internet of things: What makes securing the Internet of Things (IoT) so different from securing other computing platforms?
- OS X Yosemite likes to phone home. Here’s how you can work around it.
- Lollipop’s security: Kaspersky took a look at Android 5.0 Lollipop’s security, specifically its corporate-oriented security features, and found quite a few.
- No free lunch, just once more: A good blog-post about the dangers of public Wi-Fi.
- Sony Pictures Hack: A few words from Bruce Schneier.
- Magnitude exploit kit: SpiderLabs published an interesting blog article series about the Magnitude exploit kit.
- Cloud Atlas: Do you remember ‘Red October’, a complex cyber-espionage operation targeting diplomatic embassies worldwide 2 years ago? ‘Cloud Atlas’ might be the successor.
Tag: POODLE
IT-Security-Links #65
- Why privacy matters: In this TED talk, Glenn Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide”.
- Is your Network Attached Storage (NAS) secure? A proof-of-concept worm was written by security researcher Jacob Holcomb to illustrate how vulnerable such data stores are to malicious attacks.
- SSLv3: POODLE (Padding Oracle On Downgraded Legacy Encryption) is a new attack on the legacy SSLv3 protocol which is considered easier to exploit than similar previous attacks against SSL/TLS. A Security Advisory is available here (PDF). To test if your client is vulnerable SANS setup a Poodle test page. And Heise published a good background article (in german).
- Shellshock: Michael Smith (Akamai) explains why the Shellshock battle is only beginning: The “long tail” challenge of the recently discovered Bash vulnerability. A Shellshock exploit is aleady included in the Mayhem botnet malware kit.
- SandWorm is a zero-day vulnerability impacting all supported versions of Microsoft Windows including Windows Server 2008 and 2012.
- Awareness: The US-CERT reminds users to protect against email scams and cyber campaigns using Ebola as a theme.
- Beware of the air gap risks! Adi Shamir explains at the opening keynote for the Black Hat Europe conference why air-gapped networks are not as secure as usually anticipated. Have fun!