Tuesday, November 10, 2009

Around The Horn vol.1,159

Microsoft%20Security%20Content%3A%20Comprehensive%20Edition

Microsoft Security Content: Comprehensive Edition

Microsoft Security Content: Comprehensive Edition

Microsoft Security Bulletin Summary for November 2009

Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for November 2009.

MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) - Version:1.0

Severity Rating: Important - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) - Version:1.0

Severity Rating: Important - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309) - Version:1.0

Severity Rating: Important - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.

MS09-065 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) - Version:1.0

Severity Rating: Critical - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.

MS09-064 - Critical: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) - Version:1.0

Severity Rating: Critical - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.

MS09-063 - Critical: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) - Version:1.0

Severity Rating: Critical - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Microsoft Security Bulletin Advance Notification for November 2009

Revision Note: Advance Notification published.Summary: This advance notification lists security bulletins to be released for November 2009.

Ars Technica - Security

Pirates get a taste of Microsoft COFEE

By emil.protalinski@arstechnica.com (Emil Protalinski) on digital forensics

companion photo for Pirates get a taste of Microsoft COFEE

Microsoft's Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it quickly for everyone to get a taste. The COFEE application uses common digital forensics tools to help law enforcement officials at the scene of a crime gather volatile evidence of live computer activity that would otherwise be lost in a traditional offline forensic analysis. In other words, it lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people's computers.

Chances are you won't have any use for the tool, but pirates get a thrill from having something they shouldn't, and a forensics tool only distributed to police departments around the world is pretty high up on the list of things you shouldn't have on your computer. The forensics tool is approximately 15MB in size and works best with Windows XP. Microsoft is working on a new version of COFEE for next year that fully supports Windows Vista and Windows 7. Here's the official description of COFEE:

Read the rest of this article...

Data breach notifications one step closer to law... again

By jacqui@arstechnica.com (Jacqui Cheng) on security

companion photo for Data breach notifications one step closer to law... again

Every time there's a major data breach in retail or government, there's a chorus of frustrated customers trying to find out whether their information was exposed to would-be identity thieves. The problem is that it's near impossible to find out this information unless the organization in question takes the initiative to notify customers with exposed data. This, quite frankly, happens very slowly.

In response to this annoying trend, members of Congress have introduced legislation that would require organizations to notify customers when their information is no longer secure. None have passed as of yet—interest in such bills peaks when data breaches happen and wanes with the next news cycle—but there are currently two bills making their way through the system that show some promise.

Read the rest of this article...

iPhone worm attacks jailbroken iPhones with default password

By chris.foresman@arstechnica.com (Chris Foresman) on worm

companion photo for iPhone worm attacks jailbroken iPhones with default password

The first known malware worm for the iPhone is targeting jailbreakers running SSH and default root passwords, "rickrolling" vulnerable iPhones by replacing the wallpaper image with an image of '90s pop star Rick Astley. The image also includes a boast that hacker "ikee" is "never gonna give you up." While the hack is apparently harmless, it serves as another reminder of the potential security vulnerability that jailbreaking can cause.

Unlike the hack we reported last week, this malware can spread itself to other vulnerable devices that are accessible to an infected phone. The worm scans the network, looking for jailbroken phones with an open SSH port and attempts to use the default passwords. At least four variants exist in the wild, the latter of which makes an attempt to hide itself by burying the code in a filepath that looks like the path for Cydia, a jailbreak app installer.

Read the rest of this article...

HTTPS, SSL attack vector discovered; fix is on the way

By segphault@arstechnica.com (Ryan Paul) on security

companion photo for HTTPS, SSL attack vector discovered; fix is on the way

A security flaw that has been identified in the Transport Layer Security (TLS) protocol could open the door for man-in-the-middle (MITM) attacks against HTTPS communication. All implementations are said to be vulnerable because the flaw is in the protocol itself. Security researchers are taking steps to resolve the problem.

The flaw was originally found in August by researchers Marsh Ray and Steve Dispensa from security company PhoneFactor. They chose not to widely publicize the issue and began working in secret with other security experts and industry leaders to develop solutions. The flaw became known to the public this week when Martin Rex of SAP discovered it independently and posted a disclosure to the mailing list of the Internet Engineering Task Force.

Read the rest of this article...

Microsoft Patch Tuesday for November 2009: six bulletins

By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday

companion photo for Microsoft Patch Tuesday for November 2009: six bulletins

According to the Microsoft Security Response Center, Microsoft will issue six Security Bulletins on Tuesday, and it will host a webcast to address customer questions about the bulletins the following day (November 10 at 11:00am PST, if you're interested). Three of the vulnerabilities are rated "Critical," and the other three are marked as "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least four of the six patches will require a restart.

Read the rest of this article...

blacksn0w unlocks 3.1.2; Apple looks to curtail jailbreaking

By chris.foresman@arstechnica.com (Chris Foresman) on unlock

companion photo for blacksn0w unlocks 3.1.2; Apple looks to curtail jailbreaking

Jailbreakers rejoice! If you've been holding off on updating to iPhone OS 3.1.2 to keep your jailbreaks or carrier unlocks intact, blackra1n and blacksn0w are here to rescue you. However, don't expect the jailbreaking fun to last forever—Apple is looking to hire a manager to lead a team to boost the iPhone platform's security.

blackra1n is a new jailbreaking tool for Mac OS X and Windows from iPhone hacker George Hotz, aka "GeoHot," who also created purplera1n earlier this year. With the addition of blacksn0w, users with iPhone OS 3.1.2 and its updated 05.11.07 baseband—the software that runs the cell radio—can unlock the phone and use it on whatever GSM/UTMS carrier they prefer. (Note that in the US, your only other option is T-mobile, and it won't work on 3G, only EDGE.) "Jailbreaking and unlocking have never been easier," GeoHot wrote on his blog. The tool promises faster jailbreaking, one-click hacktivation, unlocking, and enabling tethering support all in one app. blacksn0w will be added as a separate iPhone app on Cydia for unlocking if you've already jailbroken using PwnageTool or some other method.

Read the rest of this article...

CGISecurity - Website and Application Security News

All things related to website, database, SDL, and application security since 2000.

TLS negotiation flaw published

By Robert A. on Vulns

Steve Dispensa and Marsh Ray have published a paper describing a weakness in the TLS negotiation process. This is the same attack discussed on the IETF TLS list. From the whitepaper "Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle...

CNET News - Security

Microsoft patches critical hole in Windows kernel

By Elinor Mills

November's Patch Tuesday features fixes for holes in Windows, Excel, and Word, and a critical one affecting the Windows kernel that could be used in drive-by download attacks on Web surfers.

Originally posted at InSecurity Complex

Panda's Cloud Antivirus leaves beta behind

By Seth Rosenblatt

First introduced in beta back in April, Panda Cloud Antivirus graduates to a stable, public release and signifies a major security vendor taking aim at the freeware competition--instead of the other way around.

Originally posted at The Download Blog

Apple plugs holes for domain spoofing, other attacks

By Elinor Mills

Security update for Mac OS X addresses 43 specific issues, including holes that could allow an attacker to take over the computer.

Originally posted at InSecurity Complex

Microsoft launches Forefront Protection 2010

By Elinor Mills

Software giant launches antimalware for new version of e-mail and communications server.

Originally posted at InSecurity Complex

'60 Minutes'--Cyberwar: Sabotaging the system

By CBS Interactive staff

Hackers can potentially enter crucial elements of the world's infrastructure, such as power grids, water works, and even a nation's military arsenal. What are we doing to stop them?

Microsoft to fix holes in Windows, Office

By Elinor Mills

November's Patch Tuesday promises to be lighter than last month's record.

Originally posted at InSecurity Complex

Google privacy controls: Most people won't care

By Matt Asay

Google Dashboard is putting personal data in the hands of users, but most of us won't care enough to exercise this control.

Originally posted at The Open Road

Zero-day flaw found in Web encryption

By Tom Espiner

Flaw is found in the Transport Layer Security and Secure Sockets Layer protocols, which have typically been used online retailers and banks to provide security for Web transactions.

CounterMeasures

Rik Ferguson blogs about security issues.

NoSpace for another banking Trojan

By Rik Ferguson on ZeuS

Today saw the beginning of a new spam run from the ZeuS or Zbot family of malware. Victims will receive an email similar to the one below prompting them to “update” their MySpace account, very similar to the Facebook spam run from last week. Spam email from Zeus bot       The link in the mail leads to a [...]

Cyber, War and Law™

The BLOG where Technology, Cyber Warfare, Law, and Policy intersect.

Preliminary Results of Largest Global Cash Smuggling Operation

By Dondi S. West

Homeland Security Secretary Napolitano and World Customs Organization (WCO) Secretary General Kunio Mikuriya announced the preliminary results of Operation ATLAS—the largest multilateral operation in history targeting cash smugglers which took place from Oct. 26-30.
See the Details Here.

 

RAND Study: Cyberdeterrence and Cyberwar

By Dondi S. West

Cyberdeterrence and Cyberwar

Cover: Cyberdeterrence and Cyberwar

By: Martin C. Libicki

The protection of cyberspace, the information medium, has become a vital national interest because of its importance both to the economy and to military power. An attacker may tamper with networks to steal information for the money or to disrupt operations. Future wars are likely to be carried out, in part or perhaps entirely, in cyberspace. It might therefore seem obvious that maneuvering in cyberspace is like maneuvering in other media, but nothing would be more misleading. Cyberspace has its own laws; for instance, it is easy to hide identities and difficult to predict or even understand battle damage, and attacks deplete themselves quickly. Cyberwar is nothing so much as the manipulation of ambiguity. The author explores these in detail and uses the results to address such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and other actions the United States and the U.S. Air Force can take to protect itself in the face of deliberate cyberattack.

The report is available here.

 

VADM Houck Establishes Information Operations and Intelligence Law Division

By Dondi S. West

Vice Admiral James Houck, the 41st judge advocate general (JAG) of the U.S. Navy, has established a new Division within the Office of the Judge Advocate General, the Information Operations and Intelligence Law Division (Code 18) (IOIL Division).
The new IOIL Division will focus on the laws and policies regarding cyberspace operations, other information operations, and intelligence operations.  Along with helping the JAG execute his or her responsibilities in these areas, the Division will provide support to the prospective DCNO (N2N6) organization, FLTCYBERCOM/10THFLT, and other relevant commands and staffs.  Additionally, the Division will assist in developing a cadre of judge advocates with specialized education, training, and career paths.

Internet Filtering in Sub-Saharan Africa

By Dondi S. West

From the ONI blog:

The OpenNet Initiative (ONI) has released updated reports on Ethiopia and Zimbabwe and new reports on Uganda and Nigeria, where ONI tested for the first time in 2008 and 2009. All four profiles can be accessed at: http://opennet.net/research/regions/ssafrica.
read more

 

Court order served over Twitter

By Dondi S. West

http://news.bbc.co.uk/2/hi/technology/8285954.stm
Court order served over Twitter
The High Court has given permission for an injunction to be served via social-networking site Twitter.
The order is to be served against an unknown Twitter user who anonymously posts to the site using the same name as a right-wing political blogger.
The order demands the anonymous twitter user reveal their identity and stop posing as Donal Blaney, who blogs at a site called Blaney's Blarney.

 

Eight Years after 9/11

By Dondi S. West

Secretary Napolitano's Testimony on "Eight Years after 9/11: Confronting the Terrorist Threat to the Homeland"

from DHS | National Cybersecurity Division

Testimony of Secretary Napolitano before the Senate Committee on Homeland Security and Governmental Affairs, "Eight Years after 9/11: Confronting the Terrorist Threat to the Homeland" (Written Testimony) given September 30, 2009 at the Dirksen Senate Office Building.

 

ICANN now internationally managed....

By Dondi S. West

  • ZDNet - ICANN declares independence, breaks ties with

    government

  • Computer Weekly - Politicians gain control of the internet
  • LA Times -

    getting out of the Internet management business -- sort of

  • Computerworld - ICANN freed from

    gov't oversight

NSTAC Cybersecurity Collaboration Report

By Dondi S. West

Cybersecurity Collaboration Report -

Important issues in Pakistan's Cyber Crime Bill

By Dondi S. West

Important issues in Pakistan's Cyber Crime Bill

View more presentations from drawab.

Powerpoint: Cyber Safety For Educators

By Dondi S. West

Cyber Safety For Educators

View more presentations from mpetrop.

Darknet%20-%20Hacking,%20Cracking%20%26%20Computer%20Security

Darknet - The Darkside

Ethical Hacking, Penetration Testing & Computer Security

Turbodiff v1.01 BETA Released – Detect Differences Between Binaries

By Darknet on turbodiff

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries. Requirements “Turbodiff 1.01 beta release 1? works with IDA starting from v5.0. Instructions For the binaries: Download the plugin and store it at the directory “..\IDA\plugins”. If...
Read the full post at darknet.org.uk

Facebook Used By Whitewell Trojan To Communicate

By Darknet on worm

Facebook has had it’s fair share of security woes and the latest is the discovery of a new Trojan that uses Facebook to communicate. Interesting that it’s using the Facebook notes feature to communicate depending on title/subject of the note. The actual malware itself is spread through doc/pdf exploits and not through any flaws in...
Read the full post at darknet.org.uk

Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)

By Darknet on web-applications

It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag. Binging is a simple tool to query Bing search engine. It will use your Bing API key [...]
Read the full post at darknet.org.uk

DarkReading - All Stories

DarkReading

Microsoft Forensics Tool For Law Enforcement Leaked Online

Security experts worry cybercriminals will figure out ways to circumvent the tool, which was discovered in a file-sharing forum

Microsoft Says Sophos Overhypes Windows 7 Malware Threat

Says Sophos' methodology was flawed, in part because the testers did not take advantage of Microsoft security tools

Product Watch: Verizon Launches Data Discovery, Identification, And Security Classification Service

New service reflects shift to 'data-centric' view of security, Verizon says

New Spamming Botnet On The Rise

'Festi' quickly jumps from sending about one percent of all spam to five- to six percent, MessageLabs researchers say

Major SSL Flaw Find Prompts Protocol Update

Vendors, IETF, have been working on a fix since last month for a newly discovered vulnerability in the SSL protocol that spans browsers, servers, smart cards, and other products

Former Employees Face Five-Year Sentence After Allegedly Hacking Company Database

Ex-employees hacked former company's computer systems for financial gain, FBI says

eWeek Security Watch

New Attack Abuses Web Browser Cookies

In Web 2.0

A new attack outlined at the ToorCon conference in October allows attackers to use vulnerabilities on Website subdomains to reach the parent domain.

Malware SEO: Gaming Google Trends and Big Bird

In Virus and Spyware

Attackers are now working to tailor new threats to online news trends on a daily basis using indicators including Google Trends.

Federal Computer Week: Security News

After Fort Hood shootings, no force-wide changes in Army base security

An Army official today confirmed that no force-wide alterations have been made to existing security measures across Army bases in the U.S. in wake of the Nov. 5 shooting at Fort Hood, Texas, that killed 13 people.

NARA admits violating internal policy on personal info

NARA's policy required it to destroy hard drives, but in some cases agency personnel returned them to vendors instead, official says.

Current 'Whac-A-Mole' cybersecurity approach not a winner, DHS official says

Bruce McConnell, counselor to DHS' top cybersecurity official, said more personnel, better user authentication, security metrics, and automated responses are needed to make systems more secure.

Info Security News

Carries news items (generally from mainstream sources) that relate to security.

Brazilian Blackout Traced to Sooty Insulators, Not Hackers

Posted by InfoSec News on Nov 09

http://www.wired.com/threatlevel/2009/11/brazil_blackout/
By Marcelo Soares
Threat Level
Wired.com
November 9, 2009
A massive 2007 electrical blackout in Brazil newly blamed on computer
hackers was actually the result of a utility company's negligent
maintenance of high voltage insulators on two transmission lines,
according to reports from government regulators and others who
investigated the incident for more than a year.
In a broadcast...

Bot herders hide master control channel in Google cloud

Posted by InfoSec News on Nov 09

http://www.theregister.co.uk/2009/11/09/bot_herders_coopt_google_appengine/
By Dan Goodin in San Francisco
The Register
9th November 2009
Cyber criminals' love affair with cloud computing just got steamier with
the discovery that Google's AppEngine was tapped to act as the master
control channel that feeds commands to large networks of infected
computers.
The custom application was used to relay download commands to PCs that
had already...

Microsoft Forensics Tool For Law Enforcement Leaked Online

Posted by InfoSec News on Nov 09

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600872
By Kelly Jackson Higgins
DarkReading
Nov 09, 2009
A forensics tool built by Microsoft exclusively for law enforcement
officials worldwide was posted to a file-sharing site, leaving the
USB-based tool at risk of falling into the wrong hands.
COFEE is a free, USB-based set of tools, which Microsoft offers only to
law enforcement, that plugs into a...

NARA admits violating internal policy on personal info

Posted by InfoSec News on Nov 09

http://fcw.com/articles/2009/11/06/web-nara-it-security-problems.aspx
By Ben Bain
FCW.com
Nov 06, 2009
The National Archives and Records Administration violated its
information security policies by returning failed hard drives from
systems containing personally identifiable information of current
government employees and military veterans back to vendors. By agency
policy, NARA is supposed to destroy the hard drives rather than return...

9 In 10 Web Apps Have Serious Flaws

Posted by InfoSec News on Nov 09

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=221600880
By Thomas Claburn
InformationWeek
November 9, 2009
The number of software vulnerabilities detected has risen to the point
that almost 9 out of 10 Web applications have flaws that could lead to
the exposure of sensitive information.
Cenzic's "Web Application Security Trends Report Q1-Q2, 2009" report,
released on Monday, says that...

Hackers blacked out Brazil: Report

Posted by InfoSec News on Nov 08

Forwarded from: Simon Taplin <simon.taplin (at) gmail.com>
http://www.timeslive.co.za/scitech/article184124.ece
Nov 7, 2009 11:02 AM | By AFP
Massive power outages in Brazil in 2005 and 2007 that impacted millions
were caused by cyber hackers attacking control systems, the US
television network CBS says.
The CBS news program 60 Minutes said it had learned that the 2007
blackout in Espirito Santo State, which affected over three...

Current 'Whac-A-Mole' cybersecurity approach not a winner, DHS official says

Posted by InfoSec News on Nov 08

http://fcw.com/articles/2009/11/06/web-dhs-mcconnell-cybersecurity.aspx
By Ben Bain
FCW.com
Nov 06, 2009
Current computer security efforts resemble the arcade game "Whac-A-Mole"
and demonstrate the overall need for a more secure cyber ecosystem,
according to senior DHS cybersecurity official Bruce McConnell.
"A threat pops up here, we whack it down, and another one comes up here
- this is the environment that many of your...

Securing The Cyber Supply Chain

Posted by InfoSec News on Nov 08

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221600499
By J. Nicholas Hoover
InformationWeek
November 7, 2009
(From the November 9, 2009 issue)
Security pros draw a line at the firewall--what happens "out there"
might be beyond their control, but a secure perimeter is intended to
protect the data and systems within. That view, however, fails to take
into account the role of developers,...

Hackers attack Al-Watan's website

Posted by InfoSec News on Nov 08

http://www.arabnews.com/?page=1&section=0&article=128185
By Fatima Sidiya
Arab News
8 November 2009
JEDDAH: Al-Watan newspaper was hacked on Saturday by a group calling
itself Moorish Team-Dz. The hackers said they supported Sheikh Saad bin
Nasser Al-Shithri who was recently removed from his job following
statements he made on Al-Majd TV channel against coeducation at King
Abullah University for Science and Technology (KAUST)....

First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo

Posted by InfoSec News on Nov 08

http://www.sophos.com/blogs/gc/g/2009/11/08/iphone-worm-discovered-wallpaper-rick-astley-photo/
By Graham Cluley
Sophos
November 8th, 2009
Apple iPhone owners in Australia have reported that their smartphones
have been infected by a worm that has changed their wallpaper to an
image of 1980s pop crooner Rick Astley.
The worm, which could have spread to other countries, is capable of
breaking into jailbroken iPhones if their owners have not...

Linux Security Week - November 6th 2009

Posted by InfoSec News on Nov 08

+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 6th, 2009 Volume 10, Number 45 |
| |
| Editorial Team: Dave Wreski <dwreski () linuxsecurity com> |
| Benjamin D. Thomas <bthomas () linuxsecurity...

Patch Tuesday: Expect 6 security fixes

Posted by InfoSec News on Nov 08

http://gcn.com/articles/2009/11/06/microsoft-patch-tuesday-security.aspx
By Jabulani Leffall
GCN.com
Nov 06, 2009
After a record-breaking Patch Tuesday in October, November's security
update promises to be a bit lighter with six scheduled fixes, three
deemed "critical" and three "important."
This month's patch rollout is expected to have five bulletins addressing
remote code execution vulnerabilities, while the remaining...

Guardian loses PCC phone-hacking case

Posted by InfoSec News on Nov 08

http://www.independent.co.uk/news/media/press/guardian-loses-pcc-phonehacking-case-1817261.html
By Ian Burrell
Media Editor
The Independent
9 November 2009
The Press Complaints Commission, the watchdog for the newspaper
industry, has rejected claims by The Guardian that a widespread and
ongoing culture of phone-hacking existed at the News of the World,
Britain's biggest-selling Sunday title. After investigation, the PCC
reported that it...

Data security measures for Bord Gais

Posted by InfoSec News on Nov 05

http://www.irishtimes.com/newspaper/breaking/2009/1105/breaking2.htm
By Elaine Edwards
irishtimes.com
November 5, 2009
Bord Gais is to introduce new security procedures after it accepted it
was in breach of Data Protection legislation in relation to the theft of
details of some 93,000 customers on a laptop.
A report on the investigation by the Office of the Data Protection
Commissioner (ODPC) into the theft of four laptops from Bord Gais's...

Experts gather for Cyber Operations Symposium

Posted by InfoSec News on Nov 05

http://www.ftleavenworthlamp.com/articles/2009/11/05/news/news6.txt
By Capability Development Integration Directorate
Fort Leavenworth Lamp
November 5, 2009
The Combined Arms Center Capability Development Integration Directorate
hosted a Cyberspace Operations Symposium Oct. 27-30 at Fort Leavenworth.
More than 100 attendees from more than 25 organizations across Training
and Doctrine Command and the greater community of interest actively...

Little-Known Hole Lets Attacker Hit Main Website Domain Via Its Subdomains

Posted by InfoSec News on Nov 05

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600496
By Kelly Jackson Higgins
DarkReading
Nov 05, 2009
Turns out an exploit on a Website's subdomain can be used to attack the
main domain: A researcher has released a proof-of-concept showing how
cookies can be abused to execute such an insidious attack.
Michael Bailey, senior researcher for Foreground Security, published a
paper this week that...

Cybercriminals down five British police forces in a year

Posted by InfoSec News on Nov 05

http://www.theregister.co.uk/2009/11/05/police_breaches/
By Chris Williams
The Register
5th November 2009
In the last year five British police forces have suffered major computer
failures lasting three days or more as a result of malicious internet
attacks.
The spate of intrusions by cybercriminals and the resulting outages was
revealed recently by a senior authoritative source, who can't be
identified because the disclosure was made...

Secunia Weekly Summary - Issue: 2009-45

Posted by InfoSec News on Nov 05

========================================================================
The Secunia Weekly Advisory Summary
2009-10-29 - 2009-11-05
This week: 63 advisories
========================================================================
Table of Contents:
1.....................................................Word From...

DOD approves new credentials for security professionals

Posted by InfoSec News on Nov 05

http://defensesystems.com/articles/2009/11/04/dod-approves-new-security-certification.aspx
By Kathleen Hickey
Defense Systems
Nov 05, 2009
The Defense Department has approved new credentials for information
security professionals. The directive is expected to result in more than
100,000 personnel obtaining professional credentials.
DOD approved the (ISC) 2 Certification and Accreditation Professional
(CAP), which requires that all DOD...

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

Microsoft patches critical hole in Windows kernel

By Elinor Mills

November's Patch Tuesday features fixes for holes in Windows, Excel, and Word, and a critical one affecting the Windows kernel that could be used in drive-by download attacks on Web surfers.

Apple plugs holes for domain spoofing, other attacks

By Elinor Mills

Security update for Mac OS X addresses 43 specific issues, including holes that could allow an attacker to take over the computer.

Microsoft launches Forefront Protection 2010

By Elinor Mills

Software giant launches antimalware for new version of e-mail and communications server.

Microsoft to fix holes in Windows, Office

By Elinor Mills

November's Patch Tuesday promises to be lighter than last month's record.

McAfee Avert Labs

Cutting edge security research as it happens.......

Rogue Security Product Copies McAfee’s Look and Feel

By Girish Pillai on Web and Internet Safety

How good are you at identifying a genuine security product from an imposter that claims to offer protection? If you think you are good at it, then have a look at the images below. [ Legitimate McAfee site] [Rogue Anti-Virus MaCatte site] Recently we have seen the rapid growth of rogue anti-virus/spyware programs. This one is especially interesting. [...]

Pacquiao vs. Cotto

By Mark Olea on Uncategorized

Warning to all Pacquaio and Cotto fans. Bad guys are taking advantage of their upcoming fight. Searching for “Pacquiao vs Cotto” could lead to fake anti-virus programs. Similar to the scam described at Arun Pradeep’s blog post. Once the search result is clicked, users are redirected to a website showing a fake online malware scanning and [...]

Rogue Anti-Spyware Targets Sesame Street’s Big Bird

By Arun Pradeep on Web and Internet Safety

The idea of malware distributors abusing Google Trends is not new. The bad guys have once again demonstrated that they, too, can take advantage of Google Trends. This time their target is Big Bird’s birthday. It’s not new that the Google logo includes Big Bird; it does so on special occasions. The Google logo clearly shows [...]

NOW LIVE! McAfee Online Support Community

By Brian Mann on General Chatter

The McAfee Online Support Community gives you a way to interact with other McAfee business users to ask questions and share best practices. Additionally, you’ll be able to talk with McAfee professionals about McAfee products, security awareness issues, and emerging trends — plus give us feedback on product and service enhancements. The new community will have [...]

Network World on Security

The latest security news, analysis, reviews and feature articles from NetworkWorld.com.

FireEye moves quickly to quash Mega-D botnet

A computer security company known for battling botnets moved last week to try to shut down a persistent spam player.

Eight indicted for $9 million hack

A U.S. grand jury in Atlanta has indicted eight people related to hacking into a computer network operated by credit-card processing vendor RBS WorldPlay and stealing US$9 million.

Microsoft stifles information on Bing cashback error

Microsoft has brought out its legal hammer against a businessman who publicized a problem with an incentive program run alongside the company's Bing search engine.

Gov't dumps plans to ban sex offenders from Facebook

Proposals to ban sex offenders from social networking sites such as Facebook have been dumped after it was revealed the plans breach human rights law.

Snow Leopard Update Zaps Bugs, Kills Hackintosh Netbooks

On Monday Apple released an update to its Snow Leopard operating system (10.6.2 ) that fixes flaws, including one that wipes out a users' personal data. But along with fixes, Apple's update also kills support for Intel Atom processors, in a bid to stop users from hacking their netbooks and creating "hackintosh" systems.

How a Botnet Gets Its Name

There is a new kid in town in the world of botnets - isn't there always? A heavyweight spamming botnet known as Festi has only been tracked by researchers with Message Labs Intelligence since August, but is already responsible for approximately 5 percent of all global spam (around 2.5 billion spam emails per day), according to Paul Wood, senior analyst with Messagelabs, which keeps tabs on spam and botnet activity.

Apple releases Mac OS X 10.6.2 Snow Leopard update

Apple has updated Mac OS X 10.6 Snow Leopard to 10.6.2 fixing a number of bugs including a serious issue that could result in data loss when using a guest account, potentially wiping files.

Apple releases Security Update 2009-006 for Leopard

Monday was a busy day for Apple updates. Along with the release of Snow Leopard 10.6.2 comes a security update for users of OS X 10.5.8 and OS X Server 10.5.8.

Apple delivers mammoth update, patches 58 bugs

Apple patched 58 vulnerabilities in its Mac operating systems today, the most since May 2009, including several in the QuickTime media player that it had fixed separately in early September.

Lawsuit claims iPhone games stole phone numbers

Browse the App Store for developer Storm8's many popular iPhone games, and you'll encounter the same message over and over again: "The item you've requested is not currently available in the US store."

Jailbreaking puts iPhone owners at risk, says researcher

Jailbroken iPhones are much easier to hijack, security researcher Charlie Miller said today, and the proof is in the ikee worm that has infected some Australian phones.

Cisco doubles down on collaboration with 61 new products

Cisco Systems Inc. massively expanded its portfolio of collaboration technologies today, announcing 61 products, including a corporate-grade hosted e-mail system and a social networking application.

Microsoft releases security guidelines for Agile

Microsoft will release on Tuesday guidelines for developers building online applications and for those utilizing the Agile code-development process.

Microsoft makes case for upgrade to Exchange 2010

Microsoft is emphasizing the potentially money-saving features of Exchange 2010, the latest revamp of its e-mail application officially released Monday at its TechEd European customer conference in Berlin.

66% of Brits claim Spotify stops them illegally downloading

Nearly two third of Brits that illegally download music online said Swedish music streaming service Spotify has encouraged them to reduce their illegal file-sharing activities, says Moneysupermarket.com.

Play.com leaks customer names and addresses

The names and addresses of Play.com customers have been leaked to other users of the online retailer.

iPhone 'Rickroll' Worm Is No Threat To Most Users

The first worm to infect the iPhone will not affect most users of Apple's smartphone, despite worrying reports. The ikee worm only affects jailbroken iPhones, representing a minority percentage of iPhones on the market.

UK to push for law to retain all communications data

The U.K. government said Monday it plans to push for a law requiring service providers such as ISPs to retain data about instant messages, e-mail and other electronic communications.

eEye scans for vulnerabilities, compliance problems

A new compliance and security management tool from eEye Digital Security can help ensure endpoint computers satisfy regulatory requirements.

First iPhone worm spreads Rick Astley wallpaper

The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia.

Mozilla fixes Firefox crash bug

Just a week after it last updated Firefox, Mozilla has rushed out a new version of its browser to fix a crash bug that programmers inadvertently introduced.

Switchers Guide: Understanding Mac security

When it comes to security, using Windows can feel like living in the heart of a big city--the kind of place where you can install all the locks and alarms you want, but you still worry. The vast number of computer users who run Microsoft operating systems form the biggest, juiciest target cybercriminals could dream of. Which is why there are more than twenty-two million unique examples of Windows malware out there.

Fake security tools still big threat, worms on rise

The No. 1 offender to Canadian's PCs in the first half of 2009 was Win32/ZangoSearchAssistant, adware that victims probably don't even know hit them, according to a recent security report from Microsoft Corp.

Gumblar malware's home domain is active again

ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

EU promises illegal downloaders a fair trial

The EU is introducing legislation that will ensure web users accused of illegally downloading are put through "fair and impartial procedure" before being disconnected.

You don't know tech: The InfoWorld news quiz

Intel earns New York's ire, Chinese iPhones don't inspire

Postini technology to spread across Google Apps

The Postini technology that lets Google Apps Premier administrators control their e-mail environments by establishing and enforcing usage policies, rules and parameters will be extended to the other applications of the suite.

Blue Coat slashes staff, buys S7 services company

Security-appliance vendor Blue Coat Systems is laying off of close to 20 percent of its staff and restructuring its business in a drive to increase profitability.

Six Steps to Pull App Security Back to the Future

OWASP will host its 2009 AppSec DC conference next week, hoping to arm IT security practitioners with knowledge to improve application security. For a taste of what to expect, organization member Matt Fisher discusses what's wrong with app security today and six ways to make it better.

Microsoft plans six patches next week, ties November record

Microsoft plans to will deliver six security updates on Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office.

Senate panel approves data-breach notification bills

The U.S. Senate Judiciary Committee has approved two bills that would require organizations with data breaches to report them to potential victims.

Federal data protection law inches forward

A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.

Dashboard shows what Google knows about you

Google's new Dashboard products provides its users with some transparency, but critics say more needs to be done to protect consumer privacy.

Kaspersky Lab releases antivirus app

If you want make a Mac user mad, just sidle up and whisper the words, "Mac security software." Then step back as the incensed sputtering ensues.

SSL Hole Cracks Open Secured Web Traffic

A critical new flaw in SSL, or the Secure Sockets Layer used to protect Web traffic for online banking, shopping, and any other https connection, allows an attacker to break into any theoretically secured connection and add malicious commands.

Spoof Apple Trojan upsets Symantec

Symantec has discovered a file-deleting 'Trojan' targeting Mac users. But is it really a piece of malware or a valid but hazardous example of online art?

Apple seeks new sheriff to lock up iPhones

Just as a new hack, blacksn0w, promises to unlock iPhones with the latest Apple software from AT&T's wireless network, Apple is looking for a sheriff to lock the smartphones back up again, permanently.

Vasco uses iPhone, iPod Touch for authenticating users

Vasco Data Security said Thursday it is bringing its Digipass product, which is used for two-factor authentication, to the iPhone and iPod Touch.

Developer finds major coding errors in Facebook, MySpace

Social-networking sites MySpace and Facebook have apparently fixed coding errors that could have allowed an attacker access to all of their users' data and photos.

Survey: Security Certifications Hot Among IT Pros

CompTIA finds IT pros value and seek new security-related certifications above all other areas.

PeerBlock Helps You Surf the Web in Secret

They're lurking out there--sleazy spyware companies, unscrupulous advertisers, and just people you don't want looking at what your computer is doing. PeerBlock (free), an open source program, offers part of a solution--low level blocking of packets coming from, or going to, a long list of hosts.

Vendors scrambling to fix bug in Net's security

Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.

Botnet authors crash WordPress sites with buggy code

Webmasters who find an annoying error message on their sites may have caught a big break, thanks to a slip-up by the authors of the Gumblar botnet.

Java Patch Closes Security Holes

A new Update 17 version for JRE and JDK closes some major risks, including "arbitrary code execution," according to US-CERT.

Eight charged in $9.5m payment processor hack
Gone in 12 hours

Eight men connected to an international crime ring have been charged with hacking into Atlanta-based bank card processor RBS WorldPay and stealing more than $9m in 12 hours.…

Apple pushes out Blue Monday patch batch
Tell me now how do I feel?

Apple pushed out a major update to its Mac OS X operating system on Monday.…

Pentagon chiefs buy net-security early warning system
'Arming the cyber warrior'

US weapons megacorp Raytheon is chuffed to announce that it and allied firms have landed a $28m deal from the Pentagon to provide an early-warning system for defence against cyber attacks on military networks.…

Firefox flaws make up 44% of all browser bugs?
But numbers game ignores the big picture

Firefox flaws accounted for nearly half (44 per cent) of all browser bugs in the first half of 2009 - according to a survey which fails to factor in the seriousness of browser flaws.…

MS forensics tool leaks onto the web
COFEE spill creates nasty mess

Microsoft's point-and-click "computer forensics for cops" tool has leaked onto the web.…

Google Reader Koobface spotlights security risk 2.0
Threat-resistant workers bypass Web 2.0 roadblocks

The rising use of social networking and collaboration apps on corporate networks has spawned increased security risks beyond potential productivity losses, firewall vendor Palo Alto warns. The warning coincides with the appearance of a variant of the Koobface worm linked to Google Reader accounts controlled by hackers.…

Next generation spammers rise up in Asia, India and Brazil
High-speed broadband allows worldwide miscreanting

A new generation of spammers is rising up in regions such as Asia Pacific, Japan, and South America, and beginning to outstrip their North American counterparts in junk mail output.…

Security firm chokes sprawling spam botnet
Mega-D no more

A botnet that was once responsible for an estimated third of the world's spam has been knocked out of commission thanks to researchers from security firm FireEye.…

Bot herders hide master control channel in Google cloud
Google AppEngine co-opted

Cyber criminals' love affair with cloud computing just got steamier with the discovery that Google's AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers.…

Watchdog clears NotW over renewed phone hack allegations
The Guardian takes pop at PCC 'whitewash'

The UK press self-regulation body has dismissed allegations that phone tapping of celebrities was endemic and ongoing at British tabloid the News of the World.…

How malware frames the innocent for child abuse
Traces of guilt

Innocent people have been branded as child abusers after malware infected their PCs, an AP investigation has discovered.…

Play.com emails customer details to other customers
No explanation yet from data-spraying vendor

Online DVD and CD seller Play.com has sent out dozens of emails containing customer account details to the wrong customers.…

World's first iPhone worm Rickrolls angry fanbois
Hey, jailbreakers: ikee never gonna give you up

iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that's not easily removed.…

Vint Cerf: 'Google doesn't know who you are'
Identifiers don't identify

Interwebs founding father and Google evangelist Vint Cerf has insisted that when you search Google, the company doesn't know who you are.…

Doctor sentenced for massive online Rx factory
Over 100,000 served

A Virginia doctor has been sentenced to serve a year in prison on charges he wrote as many as 100,000 internet prescriptions over a three-year span.…

Mossad hacked Syrian laptop to steal nuke plant secrets
Evil Maid attack led to air raid

Mossad reportedly used a Trojan to hack into a Syrian official's laptop while he stayed in a London hotel.…

Controversial email blocklist SORBS sold
GFI confirms purchase of reputation service

GFI Software has confirmed the purchase of sometimes controversial spam blocklist provider SORBS for a reported $451,000.…

Backdoor in top iPhone games stole user data, suit claims
Storm8's iSpy

A maker of some of the most popular games for the iPhone has been surreptitiously collecting users' cell numbers without their permission, according to a federal lawsuit filed Wednesday.…

Facebook, MySpace backdoor exposed user accounts
Bit drafty in here

Facebook and MySpace have closed gaping security holes in their sites that gave attackers full access to accounts that had automatic-login features enabled.…

A Multi-Perspective View of PHP Remote File Include Attacks

Categories: Intrusion Detection,Intrusion Prevention

Paper Added: November 10, 2009

Check Point Firewall Log Analysis In-Depth

Category: Logging Technology and Techniques

Paper Added: November 10, 2009

Efficiently Deducing IDS False Positives Using System Profiling

Categories: Intrusion Detection,Intrusion Prevention

Paper Added: November 9, 2009

SANS%20Internet%20Storm%20Center,%20InfoCON%3A%20green

SANS Internet Storm Center, InfoCON: green

Microsoft November Black Tuesday Overview, (Tue, Nov 10th)

Overview of the November 2009 Microsoft patches and their status. ...(more)...

Apple Security Update 2009-006 for Mac OS X v10.6.2, (Mon, Nov 9th)

Apple has released updates ranging from general operating systems security updates as well has fixes ...(more)...

80's Flashback on Jailbroken iPhones, (Mon, Nov 9th)

Those of us who spent our formative years in the 80's would know, but for those a bit younger, if yo ...(more)...

FireEye takes on Ozdok and Recovery Ideas, (Sun, Nov 8th)

The folks over at FireEye report (http://blog.fireeye ...(more)...

Even More Thoughts on Legacy Systems, (Sun, Nov 8th)

Legacy systems have been a popular topic here recently (see http://isc.sans ...(more)...

iPhone worm in the wild, (Sun, Nov 8th)

Couple of days ago there were a lot of discussions about an attack on iPhone users in the Netherland ...(more)...

More Thoughts on Legacy Systems, (Sat, Nov 7th)

Adding to Swa's diary he wrote on November 5th, one of our readers passed along a couple of addition ...(more)...

New version of OpenSSL released - OpenSSL 0.9.8l, (Fri, Nov 6th)

Due to the recent publishing of information regarding a TLS/SSL protocol vulnerability (previous ...(more)...

A new version of Firefox (3.5.5) just became available. According to the release notes they are stability improvements., (Fri, Nov 6th)

...(more)...

RIM fixes random code execution vulnerability, (Thu, Nov 5th)

Affected: BlackBerry Desktop Software version 5.0 and earlier (on all platforms) - IBM Lotus Notes I ...(more)...

First iPhone Worm Detected (November 9, 2009)

The first worm known to infect iPhones changes the devices' lock mode wallpaper.......

UK Home Office Says it Will Require ISPs to Retain User Communication Data (November 9 & 10, 2009)

The UK Home office has said it will move forward with plans to require telecommunications companies to retain information about customers' Internet use, including instant messaging, email and other variations of electronic communication, like social networking and chatting within online games.......

Attack on Alleged Syrian Nuclear Facility Aided by Compromised Laptop (November 2, 6 & 9, 2009)

News reports suggest that an Israeli airstrike against alleged Syrian nuclear facilities in 2007 was aided by information gathered from a compromised laptop computer.......

Canadian Govt. Pays Compensation to Avoid Class-Action Lawsuit in Data Breach Case (November 7, 2009)

The Canadian government has paid CAD 751,750 (US $712,000) to approximately 4,100 people whose personal information was compromised when six computers were stolen from a Canada Revenue Agency (CRA) office.......

RIM Issues Fix for BlackBerry Desktop Manager Code Execution Flaw (November 6, 2009)

Research in Motion (RIM) has released a fix to address a remote code execution flaw in its Blackberry desktop manager.......

Apple Issues Snow Leopard Update (November 9, 2009)

Apple has released an update for Mac OS X 10.......

Lawsuit Alleges iPhone Game Maker Harvests User Information Without Permission (November 6 & 9, 2009)

A lawsuit filed against Storm8, a maker of iPhone games, alleges that the games circumvent security protections on iPhones to harvest users' phone numbers.......

Norwegian ISP Does Not Have to Block Pirate Bay (November 6, 2009)

A Norwegian court has ruled that Internet service provider (ISP) Telenor does not have to block users' access to The Pirate Bay website.......

Bord Gais Agrees to Security Improvements After Breach (November 5 & 6, 2009)

In the wake of an investigation into a data breach at Bord Gais, the Irish gas and electricity company has agreed to implement improved security measures.......

Number of Filesharing Sites Burgeoned While Pirate Bay Access Was in Question (November 2, 2009)

In the three months since The Pirate Bay website was ordered to shut down, the number of new filesharing websites increased 300 percent, according to a report from McAfee.......

60 Minutes Report on US Cyber Security (November 7, 8 & 9, 2009)

A recent report on US television news program 60 Minutes looked at how effectively the US government is protecting its computer systems from attacks.......

Top 10 Reasons Government Downplays Cyber Intrusions

In light of the 60 Minutes story on cyber attacks on the power grid, here is Ed Giorgio offering his top ten "reasons why cyber intrusions are ignored, denied, or not reported by government.......

EU Legislators Reach Agreement on Internet Access Rights and Illegal Downloading (November 5, 2009)

European Union legislators have reached an agreement that strikes a balance between citizens' rights to Internet access and the need to protect copyright holders' interests.......

FBI Warns More Than US $100 Million Stolen Through Automated Clearing House System Fraud (November 3 & 4, 2009)

The FBI's Internet Crime Complaint Center has issued an Intelligence Note warning of increased fraudulent use of the Automated Clearing House (ACH) system to steal more than US $100 million from small and medium sized businesses, municipal governments and school districts.......

Senate Judiciary Committee Approves Two Breach Notification Bills (November 5 & 6, 2009)

On Thursday, the US Senate Judiciary Committee approved both the Personal Data Privacy and Security Act of 2009 and the Data Breach Notification Act.......

Judge Punishes Attorney for Disregarding Privacy Practices (November 5, 2009)

A US District Judge in Minnesota has reprimanded attorney Vincent J.......

Zero-Day Flaw in SSL and TLS Protocols (November 5, 2009)

A zero-day flaw in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols could be exploited to launch a man-in-the-middle attack.......

Cookie Issue Allows Attackers to target Main Domain From Subdomain (November 4 & 5, 2009)

A problem with the way browsers handle cookies could be exploited to attack a website's main domain through its subdomains.......

Microsoft to Issue Six Bulletins on November 10 (November 5, 2009)

According to Microsoft Security Bulletin Advance Notification, the company will issue six security bulletins on Tuesday, November 10.......

Two Indicted for Unauthorized Computer Access (November 4 & 5, 2009)

Two former employees of the Stens Corporation, one from Indiana and one from Kentucky, have been indicted on charges of computer intrusion for allegedly breaking into the company's computer systems.......

Adobe Issues Shockwave Security Update (November 3, 4 & 6, 2009)

Adobe has updated its Shockwave Player to fix five critical flaws.......

Corporate Data Compromise Leads to Increased Risk of Identity Fraud (November 4, 2009)

People who have received data breach notification letters from companies are four times more likely to be victims of identity fraud.......

Microsoft patches serious Windows kernel flaws

By Robert Westervelt

Vulnerabilities in several Windows kernel drivers could be remotely exploited to gain complete access to a system.

Botnet masters turn to Google, social networks to avoid detection

By Robert Westervelt

Cybercriminals turn to cloud computing to feed commands to the throngs of zombie computers under their control and avoid detection.

How to use Internet security threat reports

By Eric Ogren

Security threat reports help drive security vendor business, but they can also provide some useful information for IT security pros.

Health care security spending remains sluggish, report shows

By Neil Roiter

Billions for electronic healthcare records aren't driving security budgets up, according to the Healthcare Information and Management Systems Society.

Partner Engage 2009: Symantec unveils new programs, incentives for VARs

By Eric B. Parizo

At the Symantec Partner Engage 2009 channel conference this week, Symantec's new CEO unveiled a new, more channel-friendly vision for the security giant, which included new programs and incentives for Symantec partners.

Microsoft to address flaws in Windows, Office for Mac

By Robert Westervelt

Vulnerabilities affecting Windows and Microsoft Office will be updated next week, according to the software giant's advance notification.

Cloud computing data security starts with internal strategy, experts say

By Robert Westervelt

EMC's Eric Baize says companies should consider security early and establish trust with the cloud provider. But many factors hinge on an enterprise's specific security strategy.

Expert calls SSL protocol vulnerability a non issue

By Robert Westervelt

The researchers who discovered the SSL vulnerability warn that it could have far reaching affects and are working with a consortium of vendors to coordinate an industry-wide fix.

Two-factor authentication, vigilance foil password theft

By Eric Ogren

Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and develop new defenses.

Apple Issues Massive Mac Security Update

Apple released an update for Mac OS X computers to plug nearly 60 security holes. Many of the vulnerabilities impact the latest version of Mac OS X, AKA Snow Leopard.
- Apple pushed out a massive patch to address nearly 60 vulnerabilities affecting Mac OS X. The most serious of the flaws can be exploited by a remote attacker to take over a vulnerable system. Most of the vulnerabilities impact Snow Leopard, the latest version of Apples operating system. The batch o...

Microsoft Defends Windows 7 Security After Sophos Test

A Microsoft executive accuses security company Sophos of sensationalizing claims that Windows 7's User Account Control is ineffective at fighting malware. Sophos counters that its goal was merely to show that UAC may not provide the level of protection some might expect.
- Sophos Senior Security Adviser Chester Wisniewski caused a stir Nov. 3 when he repeated claims that Microsoft had rendered the Windows 7 User Account Control feature ineffective. To back this up, Wisniewski cited a test he had run in which numerous pieces of malware ran on Windows 7 without gene...

10 Things the iPhone Worm Teaches Us About Mobile Security

News Analysis: The iPhone is under attack by a relatively inconsequential worm that has found its way onto jailbroken iPhones in Australia. It might not affect too many users, but it does underscore the fact that the iPhone isn't as secure as people like to think.
- A new worm has affected some Australian iPhones. The worm gains root access to a user's jailbroken phone and installs an image of Rick Astley (of Rickrolling fame) as the default wallpaper. Security company Sophos said removing the Ikee worm is extremely difficult, but it doesn't appear to do muc...

First iPhone Worm Hits Australia with Pop Singer in Tow

The first known worm for Apple's iPhone is spreading on jail-broken iPhones in Australia. The worm takes advantage of the default password for SSH used by many jail-broken phones and places an image of 1980s pop singer Rick Astley on the device.
- The first known worm for the Apple iPhone is sweeping across Australia, and it is taking advantage of default SSH passwords on jail-broken phones. The attack vector is the same as the one exploited by a Dutch teenager last week in a brief extortion attempt. This time around, the mind behind th...

10 Essential Third-Party Security Apps for Windows 7

Now that users have their hands on Windows 7, it's time to secure it. They could always use solutions from Microsoft, like Security Essentials, but in many cases, third-party applications do a much better job of ensuring a system is kept secure. Third-party security apps for Windows 7 can be free or paid. In either case, users can find effective security applications to keep their data more secure. However, it's important to remember that some apps are more effective than others and that in no way can all of these applications keep the user's data totally secure. But the first step is to find the security app that works best for the users needs. This eWEEK slide show looks at 10 third-party applications that will make Windows 7 more secure.
- ...

Senate Committee Passes Data Breach Laws

The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.
- Two sweeping bills that would set new standards for data breach notifications made their way out of the Senate Judiciary Committee Nov. 5. The committee voted yes on the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the bill...

Critical Windows Security Bulletins on Tap for Patch Tuesday

Microsoft is releasing six security bulletins next week as part of Patch Tuesday. Three of the bulletins address Windows security issues Microsoft has rated critical.
- Microsoft will release six bulletins next week for Patch Tuesday, including three critical bulletins focused on Windows security. All totaled, 15 security vulnerabilities will be fixed in this release. Besides the critical Windows bulletins are three others rated quot;important. quot; Among t...

House Panel Approves Cyber-security Awareness Act

Legislation would mandate that National Institute of Standards and Technology develop a plan to ensure cyber-security coordination within the U.S. government.
- A U.S. House subcommittee approved Nov. 4 the Cybersecurity Coordination and Awareness Act, legislation that would require NIST (National Institute of Standards and Technology) to develop and implement a plan to ensure coordination within the U.S. government with regard to the development of i...

Security Fix

Brian Krebs on computer and Internet security

Apple ships 50+ security updates

In New Patches

Apple has shipped a large security update for computers running its Leopard and Snow Leopard operating systems for the Mac. The bundle contains security fixes for more than 50 vulnerabilities, including updates for components like Adaptive Firewall, FTP server, QuickTime and Spotlight. The update applies to Snow Leopard (10.6.x) and Mac OS X Leopard (10.5.8) systems, as well as OS X Server versions of these operating systems. Users can grab the patches directly from Apple Downloads or via the Mac's built-in Software Update feature. Some of the individual fixes in these bundles are interesting in their own right. For example, Apple said that a vulnerability in Snow Leopard's Login Window could let a user log in to any account without supplying a password. Another update, this one for a bug in Leopard' Dictionary program, is limited to users on the local network, but gives a whole new meaning to the

Nastygram: MySpace Phish Plants Spy Software

In Nastygram

A new spam campaign targeting MySpace.com users once again illustrates the blended threat from junk e-mail attacks, experts warn. This latest run tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software. Attackers began blasting out the junk e-mails early Monday, according to researchers at the University of Alabama, Birmingham, Researchers at the school so far have tracked more than 30 Web site names associated with this attack, each beginning with "accounts.myspace.com" and ending in a United Kingdom country code domain (.uk). The campaign is nearly identical to one launched late last month targeting Facebook.com users, said Gary Warner, director of research in computer forensics at UAB Birmingham: Recipients are directed to a fake Myspace.com page and asked for their login credentials. That attack cycled through at least 242 different look-alike Facebook scam sites before the last was

First iPhone worm targets modified handsets

In Latest Warnings

The first known computer worm written for Apple's iPhone currently is infecting iPhones in Australia, swapping out the device's background image with that of 80s singer Rick Astley. The contagion, dubbed "Ikee," spreads only among iPhones that have been "jailbroken," a process that removes the device's software protection mechanisms and allows iPhone users to install applications that are not available through Apple's official App Store. Ikee spreads not through any vulnerability exactly, but by exploiting a feature that many users of jailbroken iPhones likely never took the time to understand or read about. Most of the software packages that users install in order to jailbreak their iPhones come with a service known as Secure Shell (SSH). This service allows the devices to be accessed remotely over the Internet with a special password. The trouble is that the most common jailbreaking software installs SSH using a default password. As a result,

Poking at Google's new privacy Dashboard

In From the Bunker

Google this week unveiled a new feature called Dashboard, intended to give users a way to view -- and in modest ways limit -- the breadth of information the search giant collects about our online lives. To check out Dashboard, browse to this link, and sign in to your Google account. From there, you can manage which Google Documents you're sharing, edit your Gchat history, or clear out items from your Web search history, among other tasks. Google said it was launching the service "to provide users with greater transparency and control over their own data." The reaction from privacy experts has been mixed. Ari Schwartz, vice president and chief operating officer at the Center for Democracy & Technology, called the Dashboard offering a good first step, and one that is several steps ahead of what Google's peers in the search businesses currently offer their users. "Google has said that

Updates for Adobe's Shockwave, Sun's Java

In New Patches

Sun Microsystems has issued an update to its Java software that fixes at least one security vulnerability. Separately, Adobe is pushing out a patch to plug four security holes in its Shockwave Player. The Sun patch brings Java 6 to version 17. If you're not sure whether you have Java or what version you may be running, visit this page and click the "Do I have Java?" link. If you don't have Java, you probably don't need it. If you do have it, make sure you've got this latest version. To update from within Java, open the Windows control panel, click the Java icon, then at the tab marked Update hit the Update Now button (in Windows 7, to get to Java click start, type "Java" in the search box and pick the first result). To see whether your system has Adobe's Shockwave Player, follow this link: If you see

SecurityFocus

SecurityFocus News

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Brief: iPhone worm spreads via default password

iPhone worm spreads via default password

Brief: Point-and-click forensics tool leaks to Net

Point-and-click forensics tool leaks to Net

Notes from Talk by Michael Hayden

By Richard Bejtlich

I had the distinct privilege to attend a keynote by retired Air Force General Michael Hayden, most recently CIA director and previously NSA director. NetWitness brought Gen Hayden to its user conference this week, so I was really pleased to attend that event. I worked for Gen Hayden when he was commander of Air Intelligence Agency in the 1990s; I served in the information warfare planning division at that time.
Gen Hayden offered the audience four main points in his talk.

  1. "Cyber" is difficult to understand, so be charitable with those who don't understand it, as well as those who claim "expertise." Cyber is a domain like other warfighting domains (land, sea, air, space), but it also possesses unique characteristics. Cyber is man-made, and operators can alter its geography -- even potentially to destroy it. Also, cyber conflicts are more likely to affect other domains, whereas it is theoretically possible to fight an "all-air" battle, or an "all-sea" battle.
  2. The rate of change for technology far exceeds the rate of change for policy. Operator activities defy our ability to characterize them. "Computer network defense (CND), exploitation (CNE), and attack (CNA) are operationally indistinguishable."
    Gen Hayden compared the rush to develop and deploy technology to consumers and organizations to the land rushes of the late 1890s. When "ease of use," "security," and "privacy" are weighed against each other, ease of use has traditionally dominated.
    When making policy, what should apply? Title 10 (military), Title 18 (criminal), Title 50 (intelligence), or international law?
    Gen Hayden asked what private organizations in the US maintain their own ballistic missile defense systems. None of course -- meaning, why do we expect the private sector to defend itself against cyber threats, on a "point" basis?
  3. Cyber is difficult to discuss. No one wants to talk about it, especially at the national level. The agency with the most capability to defend the nation suffers because it is both secret and powerful, two characteristics it needs to be effective. The public and policymakers (rightfully) distrust secret and powerful organizations.
  4. Think like intelligence officers. I should have expected this, coming from the most distinguished intelligence officer of our age. Gen Hayden says the first question he asks when visiting private companies to consult on cyber issues is: who is your intelligence officer?
    Gen Hayden offered advice for those with an intelligence mindset who provide advice to policymakers. He said intel officers are traditional inductive thinkers, starting with indicators and developing facts, from which they derive general theories. Intel officers are often pessimistic and realistic because they deal with operational realities, "as the world is."
    Policymakers, on the other hand, are often deductive thinkers, starting with a "vison," with facts at the other end of their thinking. "No one elects a politician for their command of the facts. We elect politicians who have a vision of where we should be, not where we are." Policymakers are often optimistic and idealistic, looking at their end goal, "as the would should be."
    When these two world views meet, say when the intel officer briefs the policymaker, the result can be jarring. It's up to the intel officer to figure out how to present findings in a way that the policymaker can relate to the facts.

After the prepared remarks I asked Gen Hayden what he thought of threat-centric defenses. He said it is not outside the realm of possibility to support giving private organizations the right to more aggressively defend themselves. Private forces already perform guard duties; police forces don't carry the whole burden for preventing crime, for example.
Gen Hayden also discussed the developments which led from military use of air power to a separate Air Force in 1947. He said "no one in cyber has sunk the Ostfriesland yet," which was a great analogy. He also says there are no intellectual equivalents to Herman Kahn or Paul Nitze in the cyber thought landscape.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Bejtlich on Security Justice Podcast

By Richard Bejtlich

After I spoke at the Information Security Summit in Ohio last month, the guys at the Security Justice podcast interviewed me and Tyler Hudak.
You can listen to the archive here. It was fairly loud in the room but you'd never know it listening to the audio. Great work guys.
We discuss open source software, vulnerability research and disclosure, product security incident response teams (PSIRTs), input vs output metrics, insourcing vs outsourcing, and building an incident response team.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

DojoCon Videos Online

By Richard Bejtlich

Props to Marcus Carey for live streaming talks from DojoCon. I appeared in my keynote, plus panels on incident response and cloud security. I thought the conference was excellent and many people posted their thoughts to #dojocon on Twitter.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Yahoo!%20News

Yahoo! News: Security News

Security News

iPhone fear as 'Rick Astley' worm spreads (AFP)

In technology

AFP - An Australian student sparked fears of a new era of computer viruses on Tuesday after creating a worm which infects Apple's iconic iPhone with pictures of 1980s pop star Rick Astley.

NY, Texas settle with Tagged.com over e-mails (Reuters)

In technology

Reuters - The operator of Tagged.com will pay $750,000 and overhaul its practices to resolve charges that the social networking site tricked members into providing personal details to lure new members and send out tens of millions of spam emails.

iPhone Worm Rickrolls Jailbroken Phones (PC World)

In technology

PC World - A mischievous iPhone worm that targets Australian jailbroken phones is changing the phone's wallpaper to an image of Rick Astley.

Worm Infects Jailbroken iPhones with SSH in Australia (NewsFactor)

In business

NewsFactor - Apple iPhone owners Down Under are reporting their jailbroken iPhones have been hit with a worm that hijacks their wallpaper, changing it to an image of 1980s pop star Rick Astley, and eats up their bandwidth. Although the worm may have spread beyond Australia, there are no confirmed reports yet.

NY's Cuomo settles with Tagged.com over emails (Reuters)

In technology

Reuters - New York's attorney general said the operator of Tagged.com would pay $500,000 and overhaul its practices to resolve charges that the social networking site tricked members into providing personal details to lure new members and send out tens of millions of spam emails.

iPhone 'Rickroll' Worm Is No Threat To Most Users (PC World)

In technology

PC World - The first worm to infect the iPhone will not affect most users of Apple's smartphone, despite worrying reports. The ikee worm only affects jailbroken iPhones, representing a minority percentage of iPhones on the market.

AP IMPACT: Framed for child porn — by a PC virus (AP)

In technology

In this June 13, 2008 photo, Michael and Robin Fiola sit for a photo with the forensics report, at left, that exonerated Michael in their North Scituate, R.I.  home. The Fiolas said recently, they have health problems from the stress of the case. They say they've talked to dozens of lawyers but can't get one to sue the state, because of a cap on the amount they can recover.(AP Photo/The Boston Herald, Matthew Healey) BOSTON GLOBE OUT; METRO BOSTON OUT; MAGS OUTAP - Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.

First IPhone Worm Spreads Rick Astley Wallpaper (PC World)

In technology

PC World - The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia.

Gumblar Malware's Home Domain Is Active Again (PC World)

In technology

PC World - ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

Postini Technology to Spread Across Google Apps (PC World)

In technology

PC World - The Postini technology that lets Google Apps Premier administrators control their e-mail environments by establishing and enforcing usage policies, rules and parameters will be extended to the other applications of the suite.

Kaspersky Lab releases antivirus app (Macworld.com)

In technology

Macworld.com - If you want make a Mac user mad, just sidle up and whisper the words, "Mac security software." Then step back as the incensed sputtering ensues.

Zero Day

Tracking the hackers

Microsoft patches Windows worm holes, drive-by download flaws

By Ryan Naraine on Responsible disclosure

One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser.

Major online ad site hacked, serving up exploit cocktail

By Ryan Naraine on Spyware and Adware

A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users.

Source code for ikee iPhone worm in the wild

By Dancho Danchev on iPhone

A 21 years old Australian has launched the first iPhone worm to automatically exploit jailbroken devices. With the source code now in the wild, how long before copycats start modifying and improving it?

Why is Apple meddling with my Windows AutoRun?

By Ryan Naraine on iPhone

Costin Raiu says Apple's iTunes has started to meddle with the Windows AutoRun feature, making Microsoft's operating system less secure.

Mac OS X mega patch covers 58 security vulnerabilities

By Ryan Naraine on Patch Watch

The most serious of the flaws could allow a remote attacker to gain complete control of an unpatched system.

CBS 60 Minutes tackles cyber-terrorism

By Ryan Naraine on United States of America

Could hackers get into the computer systems that run crucial elements of the world's infrastructure, such as the power grids, water works or even a nation's military arsenal? CBS News 60 Minutes reports.

High-risk flaw dings Google Chrome

By Ryan Naraine on Responsible disclosure

A "high-risk" flaw in Google Chrome presents a threat of arbitrary code execution.

Code execution hole in BlackBerry Desktop Manager

By Ryan Naraine on iPhone

Research in Motion (RIM) has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software.

Windows 7's default UAC bypassed by 8 out of 10 malware samples

By Dancho Danchev on Viruses and Worms

8 out of 10 malware samples tested on Windows 7 with default UAC (user access control) settings don't trigger a warning.

Patch Tuesday heads-up: Critical MS Office patches coming

By Ryan Naraine on Responsible disclosure

Microsoft plans to release six security bulletins next week to fix at least 15 serious vulnerabilities that could expose Windows users to malicious hacker attacks.

Which antivirus is best at removing malware?

By Dancho Danchev on Viruses and Worms

According to a comparative review of sixteen antivirus solutions, only a few were successful at completely removing the malware they were tested against.

No comments:

Post a Comment

My Blog List