scip AG

Labs: Blog Digest Juni 2012

am Donnerstag, 28. Juni 2012
von Marc Ruef | G+

Der scip Blog Digest ist eine jeweils Ende des Monats erscheinende Zusammenfassung der wichtigsten, spannendsten und verrücktesten Beiträge aus der internationalen Blogosphäre. Mit der Durchsicht dieser Postings wird es einfach und unkompliziert möglich, in Bezug auf Entwicklungen im Bereich IT-Security auf dem Laufenden zu bleiben. Folgen Sie unserem Team auf Twitter, um jeweils die aktuellsten News zu erhalten.

• 10 Movie Scenes Of Authentication Worth Rewatching (darkreading.com)
• A bad couple of years for the cryptographic token industry (blog.cryptographyengineering.com)
• Algorithms: When is Random Really Random? (infosecisland.com)
• Android app steals contactless credit card data (scmagazine.com.au)
• Backup Security Best Practices (blogs.mcafee.com)
• Crypto breakthrough shows Flame was designed by world-class scientists (arstechnica.com)
• CVSS for Penetration Test Results (Part I) (blog.spiderlabs.com)
• Data Classification: Why it is Important for Information Security (infosecisland.com)
• Decoding Common XOR Obfuscation in Malicious Code (isc.sans.edu)
• Defeating Flame String Obfuscation with IDAPython (blog.spiderlabs.com)
• eHarmony Password Dump Analysis (blog.spiderlabs.com)
• Evolving Endpoint Malware Detection: Controls, Trade-offs and Compromises (securosis.com)
• Evolving Endpoint Malware Detection: Providing Context (securosis.com)
• Falsehoods programmers believe about networks (erratasec.blogspot.com)
• HashDos: 42% of IIS sites are still Vulnerable (devcentral.f5.com)
• How Advanced Malware Bypasses Process Monitoring (blog.fireeye.com)
• How Malicious Code Can Run in Microsoft Office Documents (blog.zeltser.com)
• How old is Flame? (labs.alienvault.com)
• JSLR (thespanner.co.uk)
• Kaspersky’s Problematic Flame Analysis (jeffreycarr.blogspot.ch)
• Meet Flame, The Massive Spy Malware Infiltrating Iranian Computers (wired.com)
• Microsoft certification authority signing certificates added to the Untrusted Certificate Store (blogs.technet.com)
• Most Consumers Don’t Understand Breach Notification (darkreading.com)
• Obama Order Sped Up Wave of Cyberattacks Against Iran (nytimes.com)
• Our password hashing has no clothes (troyhunt.com)
• Playing by the Rules: Performing Firewall Audits (resources.infosecinstitute.com)
• Protect answers to password reset questions with pen-and-paper (blog.eset.com)
• Rumor: LinkedIn Hacked – Password Hashes Dumped on Russian Forum (securityweek.com)
• Safe Browsing – Protecting Web Users for 5 Years and Counting (googleonlinesecurity.blogspot.com)
• Scientists crack RSA SecurID 800 tokens, steal cryptographic keys (arstechnica.com)
• Security warnings for suspected state-sponsored attacks (googleonlinesecurity.blogspot.com)
• The Central Limit Theorem Makes Random Testing Hard (blog.regehr.org)
• Thoughts on Active Defense, Intrusion Deception, and Counterstrikes (securosis.com)
• Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet (wired.com)
• XSS: Gaining access to HttpOnly Cookie in 2012 (seckb.yehg.net)

(564 Wörter)

Tags: RSA, Android, Backup, Firewall, Google, IIS, Malware, Microsoft, Office, Penetration Test, RSS, SecurID, Word

Labs Übersicht

• Letzte Beiträge
  • Kurzanalyse des Windows Privilege Escalation Exploit
  • Are we even moving?
  • Interview zu Wardriving in der Schweiz
  • Blog Digest Mai 2013
  • Sicherheitsverantwortlichkeiten und Risikosteuerung
  • Computer Forensik – Ein Überblick
  • Vortrag zu Security Testing an SGRP Veranstaltung
  • Staatstrojaner – Kritik am neuen Bundesgesetz
  • Overview of Microsoft’s security toolkit EMET
  • Blog Digest April 2013
• Archiv
  • 2013 | 2012 | 2011 | 2010 | 2009 |

• Autoren

• Blog Digest

• Blogroll
  • abuse.ch
  • c22.cc
  • computec.ch
  • darkreading.com
  • infosecisland.com
  • krebsonsecurity
  • metasploit.com
  • schneier.com
  • securiteam.com
  • stfn.ch
  • zeltser.com
  • 5e4n.ch
• Syndication
  • RSS
  • Twitter