Scans and bots are now looking for unpatched servers. The attackers are looking for scripts that are deployed by common used packages.
iOS 8 MAC randomization ususally disabled
The MAC randomization feature does not work if the location services is turned on (which is true in most cases). The feature only works on iPhone 5s. It also seems that you have to turn of the cellular data connection to get randomized MAC address.
With this presumption it looks like you can hava random MAC addresses, but not a useful phone, or a useful phone, but not MAC randomization.
Shellshock Bash code injection update
A lot of live checking after shellshock vulnerability. There is now a total of 6 vulnerabilities discovered in bash, so keep up the patching.
Apple releases Bash update
There is now an update available for Lion, MountainLion and Mavericks. The Mavericks update requires 10.9.5 or greater. The updates are not delivered via AppStore (at the time of writing), but as a separate download.
iOS 8 undocumented APIs leak phone call data
An evaluation of how third-part applications can affect the users privacy on iOS 8. The article creators investigated the sandboxing feature, looking for weaknesses.
WordPress Vulnerability Database
Many of WordPress vulnerability is in themes and plugins, making it hard for administrators to have overview. The "Wordpress Vulnerability Database" is an initiative to help with this issue. And probably a good source for the bad guys too :/
Securing the Human october newsletter is out
FBI open malware investigator portal for the public
For people who are analyzing a lot of malware it is now possible to upload it to FBI's analyzing tool and get an report back, indicating what it is, what it is targeting and the impact.
At the time of writing the portal is open for law enforcements only, but probablt it will be open for more people in a short time.
Cloudflare offers free SSL for everybody
Cloudflare is rolling out SSL certificates for all it users. They are stating that this will double the number of SSL enabled sites from 2 million to 4 million.
They are using what they call Universal SSL which encrypt data from outside to the Cloudflare network, but not inside their network. This is due to the fact that there are more customer's sites than IP-addresses.
This setup will provide security from attacks that are happening close to the browser (between browser and Cloudflare), but will not help against man-in-the-middle attack or eavesdropping between Cloudflare and the site's origin.
It seems that SIP is vulnerable to shellshock, and there is an exploit "SIP Shock" that attacks vulnerable modem.
It seems that OpenVPN is vulnerable to shellshock attack, but only if you are authenticating using username and passwords.
There is also published bulletins from VMWare, HP & Cisco.
There is a bug in Xen version 4.1 and onward that can be lead to dataleakage. One HVM guest can crash or read the memory of another HVM guest. Only x86 systems are vulnerable.
Apple starts require app-specific password
Starting on October 1, 2014, app-specific passwords will be required to sign in to iCloud using any third party apps.
This will mostly affect third-party calendars and mail clients.
Mac Adware (Free Internet Explorer on Mac)
If you search for Internet Explorer on Mac you might stumble upon an dmg from Trovi which offers this. If you read the EULA carefully you find that it behaves as Adware. It collect the following:
- IP Address and device identifiers like UDID
- web pages you visit and the content you see, access and utilize...
- interactions on social networks
- registration information you provide like name, address, e-mail, phone number, gender birthday
The application is signed by an Apple Developer (thus passing Gatekeeper) and provides you with a legitim version of IE5. But this is software that do more harm than good.
Bad USB malware is now public
2nd Same Origin Flaw in Android Browser
Another "same-origin-policy" flaw is found in the Android browser. I wrote about the first one a couple of weeks ago. It seems that its time to move away from the default Android browser. This "same-origin-policy" bypass is present in versions prior to Android 4.4.