Friday, May 29, 2009

Around The Horn vol.1,111

Experts: Gumblar attack is alive, worse than Conficker

By Elinor Mills

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and ...

Microsoft to patch new DirectX hole

By Elinor Mills

Microsoft on Thursday said it is working on a security patch for a vulnerability in its DirectX streaming media technology in Windows that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.

Microsoft offers an easy way to enable a workaround for the...

Snort To Go Virtual

Open source IDS/IPS celebrates a decade with new release candidate and new features in Snort 2.8.4

Miscreants Already Gaming SCADA

In Vulnerability Research

Infrastructure security has been an issue with plenty of hype but too few real-world examples of the involved risks. A simple hack unearthed By researchers via YouTube paints the picture nicely, however.

Obama directs review of data classifications

President Barack Obama has directed a review of how the government classifies information and how it handles sensitive but unclassified data.

Q & A: High-tech cutter reaches milestone

Coast Guard Rear Adm. Gary Blore expects the first National Security Cutter to receive certification for classified communications in the near future.

Microsoft Warns Of 'Browse-And-Get-Owned' DirectX Flaw

The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.

Government Wrestles With Social Media Records Retention Policies

The National Archives is trying to navigate complex regulations that require capturing and storing all sorts of content in the age of social media, cloud computing, and seemingly endless storage.

White House Launching Transparency Blog

In a nod to openness and citizen participation in government, the Obama administration also will open White House blogs to public comments.

New travel rules kick in June 1 amid concerns over RFID-tagged passport cards

New travel requirements go into effect June 1 at U.S. land and sea borders amid security concerns over an RFID-enabled passport card that has been approved for U.S. travelers.

Must-have Fix for New, Under-attack Microsoft Flaw

A critical new zero-day flaw involving Microsoft DirectShow's processing of QuickTime content is under attack, Microsoft reported today.

Spammed Hong Kong

Hong Kong has become the most spammed country in the world, according to security vendor MessageLabs.

US gov't panel calls for new privacy rules

The U.S. government needs to rewrite the rules it has been using for 35 years to govern its use of personal data by focusing on new technologies for storing and retrieving data, a government advisory board recommended.

Defence trials sneaky cameras

The Defence Science Technology Organisation (DSTO) is running facial recognition trials which will underpin biometric initiatives across the Department of Defence, Immigration and new smartcard driver's licences.

Study: Operators should use DNSSEC to improve security

Various challenges are making many operators hesitate to adopt DNSSEC (Domain Name System Security Extensions) to prevent hackers from tampering with DNS information and redirecting Web traffic, according to a study from European Union's cybersecurity agency.

Close the Java security hole in many browsers

As we noted earlier, there's a rather large security hole with Java in Web browsers in all versions of OS X. Because of the way Java applets work, you can be attacked by simply visiting (not even clicking a link on, or downloading a file from) a Web site containing a malicious Java applet.

Massive ID fraud and cheque scam busted in NYC
Impersonation scheme sees 18 bank workers pinched

A corporate identity theft ring that exploited the identities of local corporations, religious institutions, hospitals and even schools to run a cheque fraud scam has been busted in New York.…

EU backs advanced network tech to boost resilience
IPv6 and DNSSec to bolster backbone

An EU security agency is calling for greater use of advanced networking technologies - specifically IPv6, DNSSec and MPLS - to improve the resilience of communication networks.…

Judge throws the book at phishing fraudster
100 months of solitude

A fraudster has been sentenced to eight and a half years in prison after copping to a series of phishing scams that affected 7,000 victims and netted an estimated $700,000 in illicit income.…

Critical Windows vulnerability under attack, Microsoft warns
Drive-by web exploits possible

Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.…

Hiding secret messages in internet traffic: a new how-to
Covert messages exploit TCP

Researchers have demonstrated a new way to hide secret messages in internet traffic that can elude even vigilant network operators.…

VMWare Patches Released, (Fri, May 29th)

Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution.&n ...(more)...

Blackberry Server Vulnerability, (Fri, May 29th)

For all of you running around with a Blackberry, be careful of opening .pdf files ...(more)...

Microsoft DirectShow vulnerability, (Thu, May 28th)

Microsoft have recently announced aMicrosoft DirectShow vulnerability via an advisory an ...(more)...

Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert

By Robert Westervelt

Kaspersky Lab researchers have tracked more than 25,000 malware samples spreading through social networks in 2009.

HP-UX Execution of Arbitrary Code and Other Vulnerabilities

. These vulnerabilities could allow unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).

Nortel Contact Center Manager Server Password Disclosure Vulnerability

SonicWALL Global Security Client Privilege Escalation Vulnerability

ATEN IP KVM Switch Multiple Vulnerabilities

ATEN produces several IP KVM Switches. These devices can be used like normal kvm switches with an attached keyboard, mouse and monitor. However, it is also possible to access the hosts connected to them via a network using an ordinary PC as a client. As this function can be used via an insecure network, it is very important that this connection is cryptographically protected against sniffing of confidential data (e.g. keystrokes, monitor signals) and man in the middle attacks. The affected products provide an SSL encrypted web interface. After authenticating to the web interface the user can download a client program (java or windows). The ATEN client program contains temporary authentication data so that it can connect to the kvm switch without asking the user for username/password again.

IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability

HP Printers and HP Digital Senders Unauthorized Access to Files

Android Improper Package Verification

Sun Communications Express Multiple XSS

Sun Solaris Integer Overflow Vulnerability

This can be exploited to cause a heap-based buffer overflow via a specially crafted RPC request. Successful exploitation may allow execution of arbitrary code.

Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities

Armorlogic Profense Web Application Firewall Multiple Vulnerabilities

DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability

DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitise user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Microsoft DirectX Vulnerability Under Attack

Microsoft says hackers are targeting a security flaw in the DirectX feature of Windows. According to Microsoft, attackers are using malicious QuickTime videos to exploit the bug.
- Microsoft is investigating reports of a vulnerability in Microsoft DirectX that is under attack by hackers using malicious QuickTime videos. According to a Microsoft advisory, the vulnerability can be exploited by hackers to remotely execute code with the rights of the logged-on user. Specific...

Whodunit? Finding Security Vulnerabilities in Application Code

Application security has to start during the development process. That means fixing vulnerable code before applications are ever pushed out to the public. Much has been written about the secure software development lifecycle now its time to test security pros and developers alike. Can you find the vulnerabilities in the code? Sorry there is no prize involved, just a minor brainteaser for those of you who design applications or are charged with assessing their security. The code on the slides was provided by Veracode and Qualys.

Department of Interior Computers Missing, Report Finds

According to a report, the U.S. Department of Interior can't locate nearly 20 percent of the computers that are supposed to be in its care. The report also finds that many PCs are not encrypted, and the disposal process for computers is not uniform.
- A report by the U.S. Department of Interiors inspector generals office does not paint a rosy picture of the departments IT. On the heels of a separate report alleging widespread failures around the tracking and managing of passports, the inspector general found that the department cannot locate ...

Microsoft Update Quietly Installs Firefox Extension

In New Patches

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser. Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows. The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or

Obama in new bid to thwart cyber spies, hackers (AFP)

In politics

AFP - US President Barack Obama Friday announced he will appoint a cyber czar to manage attempts to repel mounting criminal and espionage attacks on government and private virtual world computer networks.

Cyber security, FEMA meeting on Obama's agenda (AP)

In politics

AP - President Barack Obama is to address a 21st century defense threat — protecting the nation against a cyber attack.

Obama to create cyber czar in awareness effort (AP)

In politics

AP - The Obama administration is creating a "cyber czar" within the White House to coordinate the nation's computer security. Critics already say the post will not have enough authority to haul the government into the digital age.

Microsoft Security Advisory 971778 Vulnerability in Microsoft DirectShow Released

By MSRCTEAM

We’ve just released Microsoft Security Advisory 971778 today. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while we’re working on a security update to address the issue.

Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.

The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.

Our investigation has found three workarounds that you can implement to protect yourself and we’ve documented these in the security advisory. In addition, we’ve got more technical details on the workarounds and the issue over at the Security Research and Defense (SRD)blog.

Most importantly, we have found one workaround in particular that is simple and effective and protects against the vulnerability with limited impact. In fact, this particular workaround is simple enough that we’ve been able to give you a way to automatically implement the workaround with the click of a button. Our Customer Service and Support (CSS) group has a new capability called “Fix it” that can automatically apply simple solutions to your system. We’ve gone ahead and built a “Fix it” that implements the “Disable the parsing of QuickTime content in quartz.dll” registry change workaround. We have also built a "Fix it" that will undo the workaround automatically.

To automatically implement the workaround, go to the KB article for the advisory. In the KB article, there’s a section titled “Fix it for me”. Click on the “Fix this problem” button under "Enable Workaround" in that section. You will then be offered an installer package from the Microsoft website. After you’ve confirmed that you trust the source of this package, run it on your system. The package will automatically set the appropriate registry keys on your system to implement the workaround. When you want to undo the workaround, click on the "Fix this problem" button under "Disable Workaround" in the same section.

We’re also sharing information about this vulnerability and the limited attacks that we’ve seen with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.

As always, we’ll continue monitoring the situation and providing more information through the security advisory and the MSRC weblog.

Thanks

Christopher

Push For Electronic Medical Records Must Slow Down, For Security's Sake

The federal push for electronic medical records could be a security nightmare if rushed too fast.

Must-have Fix for New, Under-attack Microsoft Flaw

Crooks are currently attacking a new DirectShow vulnerability, Microsoft disclosed today. Be sure to apply the temporary fix.

Study: Operators Should Use DNSSEC to Improve Security

Operators should adopt DNSSEC to prevent hackers from tampering with DNS information and redirecting Web traffic to their sites.

HTML5 Could Be the OS Killer

While the browser isn't more important than operating system today, Google this week firmly suggested it is only a matter of time.

No comments:

Post a Comment

My Blog List