Tuesday, April 14, 2009

Around The Horn vol.1,83

MS09-016 - Important: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE).

MS09-015 – Moderate: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) - Version:1.0

Severity Rating: Moderate - Revision Note: Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

MS09-014 - Critical: Cumulative Security Update for Internet Explorer (963027) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-013 - Critical: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-012 - Important: Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.

MS09-011 – Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-010 - Critical: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.

MS09-009 - Critical: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft security updates for April 2009

Learn about and download the latest computer security updates for March 2009. Read tips on protecting your computer by using anti-spyware and anti-spam programs.

April 2009 Monthly Bulletin Release

By MSRCTEAM

April is here and is turning out to be a typical, busy month, if one can call it that. In general, when we have a large release, the number of updates ranges from 7-12. With this in mind, we released eight security updates this month: 5 rated as Critical, 2 rated as Important, and one rated as Moderate.

MS09-009

This bulletin addresses two remote code execution vulnerabilities in Microsoft Excel. An attacker could exploit the vulnerability by sending a user a malformed Microsoft Excel file. Upon opening the file code can run in the context of the logged on user. We are aware of public exploits of these vulnerabilities. There are effective mitigations noted in the bulletin that are temporary measures until you test and deploy the updates.

A rating of Critical has only been assigned to Microsoft Office Excel 2000. The other applicable versions are rated as Important. If the Office Document Open Confirmation Tool has been downloaded and installed on a system with Microsoft Office Excel 2000, the user will first be prompted with a dialog box. This functionality is already built in to newer versions of Microsoft Office.

MS09-010

This bulletin addresses four remote code execution vulnerabilities in Microsoft WordPad and Microsoft Office text converters. An attacker could exploit the vulnerability by sending a user a malformed file. Upon opening the file code can run in the context of the logged on user. We are aware of public exploits of these vulnerabilities. There are effective mitigations noted in the bulletin that are temporary measures until you test and deploy the updates.

A rating of Critical has only been assigned to Microsoft Office Word 2000 Service Pack 3. The other applicable versions are rated as Important. If the Office Document Open Confirmation Tool has been downloaded and installed on a system with Office Word 2000 Service Pack 3, the user will first be prompted with a dialog box. This functionality is built in to newer versions of Microsoft Office. There are effective mitigations noted in the bulletin that are temporary measures until you test and deploy the updates. One of the mitigations is blogged about in greater detail than the bulletin. You can find this information on the Security Defense & Research blog.

The last thing I will mention is the fact that the Microsoft Security Intelligence Report Volume 6 provides insights into document file formats vulnerabilities and common exploitation techniques.

MS09-011

This bulletin addresses privately reported remote code execution vulnerability in Microsoft DirectX and is rated as Critical. An attacker could exploit this vulnerability by sending a malformed MJPEG file to a user of a system. If a user opened the file, code execution of the attacker’s choice would run in the context of the logged in user. Unregistering the quartz.dll or disabling the decoding of MJPEG content in Quartz.dll is a temporary measure that can be used while testing and deploying the update. Please see the bulletin to understand impact of the workarounds as they affect functionality.

MS09-012

This bulletin addresses several elevation of privilege vulnerabilities in Microsoft Windows and is rated as Important. The elevation of privilege vulnerabilities are commonly known as Token Kidnapping and was first described in Microsoft Security Advisory 951306. A supplemental blog will be posted here as well as a technical deep dive on the Security and Research Defense blog. It can be found here: http://blogs.technet.com/srd/

MS09-013

Microsoft Windows HTTP Services (WinHTTP) contains three vulnerabilities, two of which could allow for remote code execution running in the context of the logged on user. The bulletin is rated as Critical. WinHTTP is a technology within itself. As such, Internet Explorer does not use WinHTTP services.

MS09-014

Internet Explorer contains several remote code execution vulnerabilities and is rated as Critical. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. This security update also addresses a vulnerability first described in Microsoft Security Advisory 953818. As you will see, MS09-015 also addresses this Advisory. Details as to why can be found in both bulletins.

MS09-015

This bulletin addresses a vulnerability in SearchPath which could allow for an elevation of privilege and is rated as Moderate. It’s worth mentioning here that this security update addresses the issue detailed in Advisory 953818: “Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform”. Among other information in the bulletin I want to note that we added a new api as a defense in depth measure. It is called SetSearchPathMode. This new API allows for a per-process mode when using the SearchPath function to locate files. This allows applications to force the current directory to be searched after the application and system locations. This defense in depth measure is not enabled by default. Please see the bulletin for additional information.

MS09-016

This bulletin address vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) and is rated as Important. These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

There are several mitigating factors noted in bulletin; one of which I will note here regarding the cross-site scripting (XSS) vulnerability. ISA Server 2006 and Forefront TMG MBE deployments that do not have any Web publishing rules are not vulnerable by default. If ISA Server 2006 or Forefront TMG MBE is installed in a traditional firewall role and is not publishing any internal Web sites to the Internet, the vulnerable Web Filter will not be exposed (the port will be blocked).

My colleague Jonathan, in the MSRC, is providing guidance as it relates to suggestions for prioritization of the security updates. This information can be found at the Security Research & Defense blog site.

As a postscript to this posting I want to share some thoughts with you regarding the advisories.

Of the eight updates, five address vulnerabilities that Microsoft has issued security advisories for:

· Excel vulnerability: Security Advisory 968272 was released Feb. 24, 2009,

· WordPad: Security Advisory 960906 was released Dec. 9 2008, more related information can be found at Security Research & Defense blog.

· CarpetBombing: Security Advisory 953818 was released May 30, 2008, more related information can be found at Security Research & Defense blog

· Token Kidnapping: Security Advisory 951306 was released April 17, 2008, more related information can be found at Security Research & Defense blog.

The question becomes, why does it take so long for Microsoft to release a security update?

When we here at Microsoft are asked this question: our answer is “we want to get this right.” Or to put it another way, we are constantly asking ourselves during any given release cycle “are we doing the right thing for our customers?” If as a result of any given investigation, we find a variant of a vulnerability we are fixing; do we dig deeper to make sure we cover all our bases, or do we just fix what we can see and ship the update because of external pressures? “Are we doing the right thing for our customers?”

If we find, at the 11th hour, an application compatibility issue that breaks third party software, do we ship anyway because we don’t want to get bad press? “Are we doing the right thing for our customers”?

Do we spread out the release of open advisories so no one notices, but not ship them when ready? “Are we doing the right thing for our customer?”

I will say that we will do the right thing for our customers; we will dig deeper; we will hold a low quality update; and we will release an update when it is ready for broad distribution; no sooner or no later.

*Postings are provided "AS IS" with no warranties, and confers no rights.*

April 14: Updated to include hyperlinks for bulletins

Token Kidnapping

By MSRCTEAM

Hello everyone,

As you can see from the April 2009 release summary, we addressed the Token Kidnapping issue with bulletin MS09-012. This issue allowed an attacker to gain full control of a server if the attacker can first run malicious code on the server as a lesser privileged user.

This issue was originally presented by Cesar Cerrudo in March of 2008 at Hack in the Box (Dubai) 2008. In April of 2008, we released an advisory to inform customers of actions they could take to protect themselves. We also updated the advisory in October of 2008, alerting customers to the availability of proof-of-concept code that demonstrates how to attack systems using token kidnapping techniques. Today we’ve released an update that protects from these issues without having to deploy workarounds. This release has been a long time in the making, so I wanted to take a moment and provide some insight into what it took to resolve this issue for customers.

First, what is Token Kidnapping? This is an elevation of privilege vulnerability that could allow an attacker to go from authenticated user to LocalSystem privileges. An attacker can escalate their privileges on a system if they can control the SeImpersonatePrivilege token. An attacker would need to be executing code in the context of a Windows service to use this exploit. For a more detailed look at the issue, refer to the SRD blog found here.

This case presented some interesting challenges in preparing the update to address the issue. First, there are two updates included in this bulletin. The first update addresses service isolation, while the second addresses processes running as service accounts. In order to secure these items, we took the work we did in Windows Vista to provide additional service hardening and implemented it in older operating systems like Windows XP, and Windows Server 2003. These changes are low-level and deeply engrained in the OS. When making these types of changes, many of the applications that have been written in the 5 to 10 years since the OS was released could be impacted as we are changing infrastructure. Typically, we only change code to this degree in a service pack release to ensure it receives the proper level of testing.

However, given the security risk, and even though we provided workarounds, we wanted to secure customers automatically. So we made the changes, and then did extensive testing to ensure this update is high-quality and did not impact existing implementations. For this bulletin, we ran over 600,000 different test scenarios, with over 6,000 variations tested in one configuration alone. We also needed to ensure we were not breaking 3rd-party applications by introducing this change. As a result, 2,500 application compatibility tests were also run. In addition to this testing, we selected over 1,000 systems within Microsoft to test the update before we released, and some key customers signed NDAs to do even more testing in their lab environments to make sure we didn’t break Line-of-Business application scenarios. One thing we did notice is that some 3rd-party applications may need to be updated to receive the same security benefits provides by this update. To facilitate this, the update also provides an infrastructure to 3rd-parties to isolate and secure their services. In Windows XP and Windows Server 2003, all processes running under the context of a single account will have full control over each other. This update provides 3rd-parties the ability to isolate and secure their services that hold SYSTEM token and run under the NetworkService or LocalService accounts. For more information on the usage of this registry key, see Microsoft Knowledge Base Article 956572.

While this update took some time to complete, our hope is that the majority of customers are protected either through the guidance we released a year ago or the update we released today. It is never an easy process to bring infrastructure from a newer OS to an older OS, but we considered this an important enough issue to do so. As you would expect, it wasn’t always an easy road, so I would like to thank all of the folks internally and externally that helped bring this update to the worldwide community. Specifically, I’d like to thank the following people who were key contributors in bringing this update to the world:

  • Cesar Cerrudo, Argeniss Information Security
  • Bruce Dang, MSRC Engineering
  • Nick Finco, MSRC Engineering
  • Anoop KV, Windows Serviceability
  • Vikas Mittal, Windows Serviceability

And special thanks go out to all of the many developers and testers who help made this release possible.

Thanks,

Dustin

MSRC

Links to related articles:

Service isolation explanation, SRD blog entry, Jonathan Ness, October, 2008

Token Kidnapping in Windows, Nazim’s IIS Security Blog, Nazim Lala, October, 2008

Security Bulletin Overview Video – April 2009

By MSRCTEAM on video

Hi Everyone,

Jerry Bryant again. Here is the overview video for the April 2009 bulletins. Please join us tomorrow at 11:00 am PDT (UTC –7) for our bulletin webcast where we will cover this months updates in more detail and try to answer all of your bulletin related questions.

More viewing options:

Thanks!

Jerry Bryant

Improving the Management of Information Security in Canadian Government Departments

Category: Management & Leadership

Paper Added: April 13, 2009

April Black Tuesday Overview, (Tue, Apr 14th)

Overview of the April 2009 Microsoft patches and their status. # ...(more)...

Oracle quarterly patches, (Tue, Apr 14th)

Oracle also released their quarterly load of patches today. In total 43 vulnerabilities were fixed ...(more)...

VMware exploits - just how bad is it ?, (Tue, Apr 14th)

When Tony reported on the release of new VMware patches on April 4th, we didn't immediately spot tha ...(more)...

Twitter worm copycats, (Mon, Apr 13th)

Yesterday Patrick wrote about a Twitter worm exploiting an XSS vulnerability in Twitter's profile pa ...(more)...

Micrsoft Patch Tuesday Plugs Security Holes as Hackers Circle (E-Week Security)

Report: China, Russia Top Sources of Power Grid Probes (SecurityFix Blog)

A few pennies for your thoughts and credit card (AP) (Yahoo Security)

Amazon.com Disputes Hacker's Confession (E-Week Security)

Tweenbots (Schneier blog)

US Power Grid Infiltrated (April 8 & 9, 2009)

US national security officials said that the computer networks of the country's electrical grid and other utilities have been infiltrated and seeded with tools that could potentially be used to disrupt communications, electricity, and other elements of the country's critical infrastructure.......

Pentagon Spent US $100 Million to Repair Damage From Cyber Incidents (April 7, 2009)

The Pentagon has spent more than US $100 million to mitigate cyber attacks and computer network issues in the last six months.......

Proposed Legislation Would Prohibit SMS Spam (April 6 & 8, 2009)

US Senators Olympia Snowe (R-Maine) and Bill Nelson (D-Florida) have introduced legislation that would expand the Can Spam Act to include unsolicited SMS (Short Message Service) messages.......

Eleven Face Charges in NZ Bank Online Theft (April 9, 2009)

Eleven people are facing charges in New Zealand for allegedly stealing money from online bank accounts.......

Microsoft to Release Eight Security Bulletins on April 14 (April 9, 2009)

According to Microsoft's Security Bulletin Advance Notification, the company will release eight security bulletins on Tuesday, April 14.......

Stolen Laptop Contains Commercial Driver's License Holder Data (April 7, 2009)

A laptop computer stolen from a state office building in Kapolei, Oahu, Hawaii contains personally identifiable information of nearly 1,900 state commercial driver's license holders.......

Conficker Update Spreads Through P2P Network (April 9, 2009)

The Conficker worm appears to be updating itself through a P2P network, placing an as-yet unknown payload on infected machines.......

Microsoft Security Intelligence Report (April 8, 2009)

Microsoft's Security Intelligence Report, which covers events in the second half of 2008, says that scareware, programs that lead users to believe their machines are infected with malware and urge them to buy phony anti-virus software, has emerged as a significant threat.......

FBI Seizes Texas Data Centers' Equipment in Investigation (April 7, 2009)

The FBI seized servers and other equipment from two Texas data centers.......

Penetration Testing Summit

Where else can you find the best speakers from other hacker conferences all at one program:
HD Moore on the future of Metasploit; Joshua Wright on evolving wireless attacks; Jeremiah Grossman on the Top Ten Web Hacking Techniques; Robert "rSnake" Hansen on web app vulnerabilities; Paul Asadoorian on late-breaking pen test techniques; Larry Pesce on using document metadata in pen tests; Jason Ostrum on VoIP pen testing; Ed Skoudis on secrets of pen testing?

IE 7 and 8 Default Security Leaves Intranets At Risk

Researcher shows how default security settings in Internet Explorer can backfire on intranets

Twitter Battered By Powerful Worm Attacks - Mikeyy

By Darknet on XSS

We’ve written about Twitter quite a few times now, with it’s click-jacking vulnerability, twitter phishing attacks and various other issues. It’s no surprise it’s being targeted though as it’s now the 3rd biggest social network after Facebook and Myspace. Within a relatively short time period it’s overtaken...

Watcher - Passive Analysis Tool For HTTP Web Applications

By Darknet on web-application-security

Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer...

AUDIT: Small Minn. agencies need better computer security

Posted by InfoSec News on Apr 14

http://kstp.com/news/stories/S873629.shtml?cat=206

By Becky Nahm
KSTP.com
04/09/2009

Small Minnesota government agencies do not have adequate security
controls over their computer systems according to a report [1] from the
state auditor.

The report, released Thursday, identifies a...

Making a PBX botnet out of Skype or Google Voice?

Posted by InfoSec News on Apr 14

http://www.macworld.com/article/139971/2009/04/pbxbotnet.html

By Robert McMillan
IDG News Service
April 13, 2009

Flaws in popular Internet-based telephony systems could be exploited to
create a network of hacked phone accounts, somewhat like the botnets
that have been wreaking havoc with...

Cabinet data on stolen BlackBerry

Posted by InfoSec News on Apr 14

http://news.bbc.co.uk/2/hi/uk_news/7994850.stm

BBC News
11 April 2009

A BlackBerry sold by a homeless man to a student has been found to
contain the personal details of cabinet ministers, top civil servants
and police officers.

Journalism student Darryl Curtis said it held hundreds of...

Linux Security Week - April 10th 2009

Posted by InfoSec News on Apr 14

+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 10th, 2009 Volume 10, Number 15 |
| |
|...

Reminder: CFP RAID 2009

Posted by InfoSec News on Apr 14

Forwarded from: Corrado Leita <corrado_leita (at) symantec.com>

(We apologize if you receive multiple copies of this message)

================================================================

...

Fourth anti-virus firm buys into behavioural blocking
Veni, Vedi, Avinti

Web and email security firm Marshal8e6 has bought behaviour-based malware detection specialist Avinti. The terms of the deal, announced Tuesday, were undisclosed.…

One in ten PCs still vulnerable to Conficker exploit
Scared yet? Eh? Eh?

Many systems are still unprotected against the Conficker superworm, weeks after the malware began spreading across the internet creating a huge botnet of compromised machines thought to number in the millions.…

Spam spurt fuelled by booming underground economy
Junk mail trebles as crooks barter for IDs

The expanding underground economy is fuelling an identity price war, with unskilled crooks now able to buy full personal identities for pennies, according to the latest edition of Symantec's Internet Threat Report.…

Trend Micro to eyeball malware from cloud
Gets suite with BigFix

Trend Micro has unveiled a major update to its flagship scanning tools that puts your virus signature database online, plus a modular security and system management suite with partner BigFix.…

Twitter overrun by weekend of powerful worm attacks
No user action required

Twitter was hit over the weekend by powerful, self-replicating attacks that caused people to flood the micro-blogging site with tens of thousands of messages simply by viewing booby trapped user profiles.…

Twitter Vulnerability Exposed

The XSS security issue allows attackers to inject malicious code into Web pages, including HTML and client-side scripts.

Twitter response to xss worm attack

By Robert A. on XSS

Twitter has posted an entry on it's xss worm issues this weekend. "On a weekend normally reserved for bunnies, a worm took center stage. A computer worm is a self-replicating computer program sometimes introduced by folks with malicious intent to do some harm to a network. Please note that no passwords,...

Conficker on the prowl after the 1st…

By Kevin Beets on Vulnerability Research

So April 1st came and went, and it seemed that all might be right in the post-Conficker world… Of course, nothing is that easy. With the latest activity, there is also a continual flood of information out there. Below, I have attempted to aggregate the new functionality. Around April 7th/8th Conficker started to move again. [...]

Brief: Twitter targeted by XSS worms

Twitter targeted by XSS worms

Microsoft patches serious Excel zero-day, Windows flaws

By Robert Westervelt

Microsoft is patching flaws in Excel and WordPad that are reportedly being actively exploited in the wild and could allow an attacker to gain access to sensitive data.

RSA panel to discuss surveillance, privacy concerns

By Erin Kelly

Security expert Gary McGraw will moderate a panel discussion on the privacy issues raised when the government conducts surveillance of known terrorist groups.

Protecting data in a merger and acquisition

By Marcia Savage

Upheaval in the financial-services industry has put the spotlight on financial information security. Experts share ways to keep sensitive information secure during an M&A.

Enrique Salem takes charge at Symantec

By Neil Roiter

Enrique Salem, who took over as Symantec CEO for the retiring John Thompson on April 4, talks about the Symantec he worked for in the 1990s and the Symantec he inherits today.

Entrust to be acquired by investment firm

By SearchSecurity Staff

Entrust Inc. agreed to be acquired by private investment firm Thoma Bravo LLC in a deal valued at $114 million.

xine-lib Quicktime STTS Atom Integer Overflow

Xine-lib contains an integer overflow vulnerability while parsing malformed STTS atoms of Quicktime movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of an application using the xine library.

Sun Java System Identiy Manager Users Enumeration

The following exploit is a proof of concept for the enumerations of users vulnerability of Sun Java System Access Manager and Identity manager.

Apache Tomcat mod_jk Information Disclosure Vulnerability

Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly may permit one user to view the Apache Tomcat mod_jk response associated with a different user's request.

EMC RepliStor Buffer Overflow Vulnerability (ctrlservice.exe, rep_srv.exe)

Fortinet's FortiGuard Global Security Research Team has discovered a buffer overflow vulnerability in EMC RepliStor.

IBM BladeCenter Advanced Management Module Multiple vulnerabilities

"In today s high-demand enterprise environment, organizations need a reliable infrastructure to run compute-intensive applications with minimal maintenance and downtime. IBM BladeCenter H is a powerful platform built with the enterprise customer in mind, providing industry-leading performance, innovative architecture and a solid foundation for virtualization."

Ghostscript jbig2dec JBIG2 Processing Buffer Overflow

"Ghostscript is an interpreter for the PostScript (TM) language, with the ability to convert PostScript language files to many raster formats, view them on displays, and print them on printers that don't have PostScript language capability built in; An interpreter for Portable Document Format (PDF) files, with the same abilities; ..." Secunia Research has discovered a vulnerability in Ghostscript, which can be exploited by malicious people to potentially compromise a user's system.

Security vendor Marshal8e6 buys Avinti

Security vendor Marshal8e6 will buy Avinti, a company which specializes in behavioral technology that scans e-mail and tests malicious content in a virtual machine.

EU sues UK government over treatment of Phorm

The European Commission began legal action against the U.K. Tuesday over its failure to protect Internet users from Phorm -- a covert behavioral advertising technology tested by the U.K.'s biggest fixed line operator, BT, in 2006 and 2007.

Twitter Worm: A Closer Look at What Happened

It looks like Twitter's website has been scrubbed clean after several bouts of the "Mikeyy" or "StalkDaily" worm plagued the service. Even though the threat seems to have passed, questions remain about just how serious this attack was and if there will be any repercussions for the worm's creator.

Malicious code spikes in '08, Symantec reports

Malicious code threats more than doubled, and the United States retained the dubious distinction of being the top cyber sore spot, according to Symantec's 2008 Internet Security Threat Report.

HK panel probes lost flash drive in hospital

An independent panel is investigating after a United Christian Hospital Obstetrics & Gynaecology Department doctor lost a personal USB flash drive containing eight patient data records.

United Christian Hospital loses another USB drive

United Christian Hospital lost its second USB thumb drive in less than a month's time.

The state of spam 2009, Part 2

Cloudmark CTO Jamie de Guerre: I think there have been several changes and a couple of events that happened in the past year that are interesting and will have an effect on how spam is sent in the coming year.

Cloud security guarantees?

Cloud computing providers no doubt put forth a best effort to secure their infrastructure in order to protect their customers' data, but what kind of guarantees are there?

Password Stealers Sit on Popular Download Sites

You might already know that it's easy for the bad guys to buy malware kits and ready-made digital nasties on black market Web sites. But some tools are even easier to pick up, such as a blatant IM password stealer available on a major download site.

Twitter wrestles with fourth worm attack

Another worm attack early Monday on Twitter kept the micro-blogging Web service chasing down infected accounts and deleting rogue tweets.

Identity management is key to the proper operation of cloud computing

One of the hot buttons, or buzz phrases, these days is "cloud computing." Boiled down, it's just like client-server computing except: a) you don't own the server; b) you don't know where the server really is; and c) you may not even know where your data resides. All that aside, there remains the issues of authentication and authorization; provisioning; entitlement management; governance; compliance; risk management; single sign-on; and all of the other facets of identity management. Is anybody even thinking about those?

Weekend worms strike Twitter, teen admits responsibility

Twitter was hit with at least three different worm attacks that started Saturday and continued into Sunday, the micro-blogging service acknowledged as it promised users it would review its coding practices.

Google disables uploads, comments on YouTube Korea

Google has disabled user uploads and comments on the Korean version of its YouTube video portal in reaction to a new law that requires the real name of a contributor be listed along each contribution they make.

Twitter Worm Attack Continues: Here’s How to Keep Safe

The malicious worm affecting Twitter over the weekend has now mutated and continues to invade the popular micro-blogging network. Although Twitter is taking action against the problem, security analysts fear that further mutations of the worm will continue to wreak havoc on the network over the week.

PCI security rules may require reinforcements

The PCI standard, long touted as one of the private sector's strongest attempts to regulate itself on IT security, is increasingly being slammed by critics who claim that the rules aren't doing enough to protect credit and debit card data.

Can the status quo threaten your LAN?

In times of economic crisis people tend to seek the safety and security of the status quo. "Doing what you've always done, and what everyone else is doing, is the most prudent course," goes the thinking.

User education key to IT security: Microsoft

With the release of its latest Security Intelligence Report, Microsoft is encouraging its partners and customers to become more security aware and educated, as new attack tactics are on the rise.

Trend Micro dishes out security smorgasbord

Trend Micro Monday dished out a smorgasbord of endpoint security products that put the focus on Trend's cloud-based architecture and its partnership with systems-management vendor BigFix.

Stanford's Cinder OS Tightens Mobile Power Control

Researchers are using advanced power and security features to build the ideal mobile OS

April Shower of Critical Microsoft Fixes

Redmond today released a major batch of April patches to fix a slew of serious security holes.

1 in 5 Windows PCs Still Hackable by Conficker

And about five percent of business machines are infected with the worm, says Qualys.

What Are All Those ITunes Files?

You've probably peeked into your iTunes folder (It's located in your user folder: Music: iTunes) and may have been perplexed...

Trend Micro Dishes out Security Smorgasbord

Trend Micro launched a smorgasbord of endpoint security products.

Teen Claims Responsibility for Twitter Worms

Twitter cross-site scripting bugs exploited; 17-year-old owns up to attacks

Twitter Wrestles With Fourth Worm Attack

Site hints that it will take legal action against hackers.

Security Vendor Marshal8e6 Buys Avinti

Avinti's e-mail security product doesn't use signatures, instead relying on observing the behavior of links and malware

Amazon Says Listing Problem Was an Error, Not a Hack

57,000 books, including gay and lesbian titles, were delisted from Amazon's search rankings.

Hacker Claims Credit For Amazon's Gay-Themed Book 'Glitch'

Hacker posts his confession on LiveJournal about the "glitch" that caused hundreds of LGBT-themed books to lose their sales ranks over the weekend.

Password Stealers Sit on Popular Download Sites

You don't have to find underground sites to pick up hacking tools and password stealers; a researcher finds one sitting right out in the open.

Twitter Worm Attack Continues: Here’s How to Keep Safe

Twitter worm "Mikeyy" or "StalkDaily" continues to raise concern among security experts.

Amazon 'Glitch' De-Ranks Gay Books, Interwebs Cry Foul

By Chris Snyder

Hundreds of gay-themed books lose their sales rankings and other metrics on Amazon.com over the weekend, creating a fast and furious backlash in the social media. Amazon says the problem is a technical glitch but, so far, few are buying the explanation.

SB09-103: Vulnerability Summary for the Week of April 6, 2009

Vulnerability Summary for the Week of April 6, 2009

TA09-104A: Microsoft Updates for Multiple Vulnerabilities

Microsoft Updates for Multiple Vulnerabilities

No comments:

Post a Comment

My Blog List