Einschränkung der Auswahl
Alle Artikel aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2008/2009
oder nur Artikel des
• Entwickler Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2008-2010
alle (lang!)
• Mobile Technology aus
2019
2016
2015
2014
2012/2013
alle (lang!)
• PHP Magazin / PHP User aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2009/2010
alle (lang!)
• windows.developer / dot.Net Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2008-2011
alle (lang!)
• oder der anderen Magazine
Entwickler Magazin 2.2015 - Kein Feuer, aber kräftig am Kokeln!
Im
Entwickler Magazin 2.15
ist ein Artikel über die "prominenten" Schwachstellen
und Angriffe des Jahres 2014 erschienen. Also die, die mit Namen versehen
wurden, was ja zuvor ziemlich selten passierte, 2014 aber fast üblich
wurde. Außerdem gab es so viele Schwachstellen und Angriffe, dass es
teilweise schien, als stünde das Internet in Flammen.
Links
- [1] Is The Internet On Fire?
- [2] Carsten Eilers: "Herzbluten, ein bissiger Poodle und Co."; Entwickler Magazin 1.15
- [3] CVE-2014-6271
- [4] Florian Weimer; oss-sec Mailing List: "Re: CVE-2014-6271: remote code execution through bash"
- [5] Hanno Böck; oss-sec Mailing List: "Re: CVE-2014-6271: remote code execution through bash"
- [6] CVE-2014-7169
- [7] Huzaifa Sidhpurwala; oss-sec Mailing List: "Fwd: Non-upstream patches for bash"
- [8] CVE-2014-7186
- [9] CVE-2014-7187
- [10] Michal Zalewski; lcamtuf's blog: "Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)"
- [11] CVE-2014-6277
- [12] CVE-2014-6278
- [13] Michal Zalewski; Full Disclosure Mailing List: "[FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)"
- [14] Michal Zalewski; lcamtuf's blog: "Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78)"
- [15] Carsten Eilers: "ShellShock - Die Schwachstellen und Angriffsvektoren"
- [16] Rob Fuller (mubix); GitHub: shellshocker-pocs
- [17] Carsten Eilers: "ShellShock - Die Angriffe"
- [18] Yinette, @yinettesys auf Twitter: "gist.github.com/anonymous/929d622f3b36b00c0be1 … Shit is real now. First in-wild attack to hit my sensors CVE-2014-6271..."
- [19] GitHub Gist: "Ok, shits real. Its in the wild... src:162.253.66.76"
- [20] KernelMode.info Thread: "Linux/Bash0day alias Shellshock alias Bashdoor"
- [21] Michael Bulat (mbulat); GitHub: "jur"
- [22] VirusTotal-Scan von "jur"
- [23] Daniel Cid; Sucuri Blog: "Bash – ShellShocker – Attacks Increase in the Wild – Day 1"
- [24] Juha Saarinen; ITnews.com.au: "First Shellshock botnet attacks Akamai, US DoD networks"
- [25] Trend Micro: "Shellshock Updates: BASHLITE C&Cs Seen, Shellshock Exploit Attempts in Brazil"
- [26] James T. Bennett, David Bianco, Michael Lin; FireEye Blog: "Shellshock in the Wild"
- [27] James T. Bennett, J. Gomez; FireEye Blog: "The Shellshock Aftershock for NAS Administrators"
- [28] Kevin Liston; InfoSec Handlers Diary Blog: "Shellshock via SMTP"
- [29] David Kennedy; Binary Defense Systems: "Active Shellshock SMTP Botnet Campaign"
- [30] Johannes Ullrich; InfoSec Handlers Diary Blog: "Worm Backdoors and Secures QNAP Network Storage Devices"
- [31] QNAP: "QNAP Releases New QTS for Turbo NAS with Official GNU Bash Patch Update"
- [32] Brian Smith; Mailinglist der TLS Working Group der IETF: "[TLS] POODLE applicability to TLS 1.0+ (was Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)"
- [33] Brian Smith; Mailinglist der TLS Working Group der IETF: "Re: [TLS] POODLE applicability to TLS 1.0+ (was Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)"
- [34] Adam Langley; ImperialViolet: "The POODLE bites again (08 Dec 2014)"
- [35] F5 Security Advisory: "SOL15882: TLS1.x padding vulnerability CVE-2014-8730"
- [36] A10 Rapid Response: "SECURITY ADVISORY #CVE-2014-8730 published on December 8th, 2014" (PDF)
- [37] IBM Security Bulletin: "TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)"
- [38] IBM Security Bulletin: "TLS padding vulnerability affects Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2014-8730)"
- [39] Cisco Security Notice: "SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability"
- [40] CVE-2014-8730
- [41] Ivan Ristic; Qualys Security Labs Blog: "Poodle Bites TLS"
- [42] Qualys SSL Labs: SSL Server Test
- [43] Drupal: SA-CORE-2014-005 - Drupal core - SQL injection
- [44] CVE-2014-3704
- [45] Sektion Eins: Advisory 01/2014: Drupal - pre Auth SQL Injection Vulnerability
- [46] Stefan Horst; Sektion Eins Blog: "Drupal 7.31 pre Auth SQL Injection Vulnerability"
- [47] Pastebin: [Python] Drupal 7.x SQL Injection SA-CORE-2014-005
- [48] Reddit - netsec: SA-CORE-2014-005 - Drupal core - SQL injection
- [49] Tamer Zoubi: "Drupageddon - SA-CORE-2014-005 - Drupal 7 SQL injection exploit demo"
- [50] Steven Adair; Volexity Blog: "Drupal Vulnerability: Mass Scans & Targeted Exploitation"
- [51] Rapid7: "CVE-2014-3704 Drupal HTTP Parameter Key/Value SQL Injection"
- [52] Drupal: Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003
- [53] Stefan Horst; Sektion Eins Blog: "Drupal 7.32 two weeks later - PoC"
- [54] Daniel Cid; Sucuri Blog: "Slider Revolution Plugin Critical Vulnerability Being Exploited"
- [55] Tony Perez; Sucuri Blog: "SoakSoak Malware Compromises 100,000+ WordPress Websites"
- [56] Carsten Eilers: "BadBIOS - Ein neuer Superschädling?"
- [57] Security Research Labs: "”BadUSB — On accessories that turn evil” at Black Hat, Las Vegas, Aug 6-7 2014"
- [58] Karsten Nohl, Jakob Lell; Black Hat USA 2014: "BadUSB - On Accessories that Turn Evil"
- [59] Security Research Labs: "Turning USB peripherals into BadUSB"
- [60] PacSec 2014: Speakers and Slides
- [61] Karsten Nohl, Sascha Krißler, Jakob Lell; PacSec 2014: "BadUSB — On accessories that turn evil" (PDF)
- [62] SRLabs Open Source Projects: Wiki BadUSB Exposure
- [63] Adam Caudill: "Making BadUSB Work for You – DerbyCon"
- [64] Adam Caudill (adamcaudill); GitHub: Psychson
- [65] Carsten Eilers: "Unsicherer Serial Bus"; Entwickler Magazin 3.2013 (auch online als "Sicherheitsrisiko USB: Angriffe über den Serial Bus")
- [66] Adam Caudill: "On the Ethics of BadUSB"
- [67] Jrockilla; Reddit: "The boss has malware, again... (self.talesfromtechsupport)"
- [68] Carsten Eilers: "Angriffe über Geräte, die angeblich nur etwas Strom über USB möchten"
- [69] Ralph Whitbeck; jQuery: "Was jquery.com Compromised?"
- [70] Ralph Whitbeck; jQuery: "Update on jQuery.com Compromises"
- [71] AToro; Websense Security Labs Blog: "Official Website of Popular Science Compromised"
- [72] Lisa Vaas; Sophos Naked Security: "HealthCare.gov breached, injected with malware"
- [73] Lisa Vaas; Sophos Naked Security: "Dropbox passwords leaked, third-party services blamed"
- [74] Lee Munson; Sophos Naked Security: "97,000 Bugzilla email addresses and passwords exposed in another Mozilla leak"
- [75] Lee Munson; Sophos Naked Security: "Mozilla database leaks 76,000 email addresses, 4,000 passwords"
- [76] Jessica Silver-Greenberg, Matthew Goldstein, Nicole Perlroth; The New York Times: "JPMorgan Chase Hacking Affects 76 Million Households"
- [77] Carsten Eilers: "Millionenfacher Identitätsdiebstahl führt zu blinden Aktionismus"
- [78] Carsten Eilers: "Die 0-Day-Exploits 2014 im Überblick"
- [79] Carsten Eilers: "Microsoft patcht außer der Reihe kritische 0-Day-Schwachstelle in Kerberos"
- [80] Sylvain Monné (bidord); GitHub: "pykek" (Python Kerberos Exploitation Kit)
- [81] Carsten Eilers: "Die 0-Day-Exploits 2013 im Überblick"
- [82] Carsten Eilers: "Nutzt die NSA den Heartbleed Bug seit 2 Jahren?"
- [83] David A. Wheeler: "Shellshock" / "3. Timeline"
