Around the time of this latest IE exploit hitting the web, there was also mention of some publicly available CWSandbox sites for the submission of malware. It’s an analysis tool that can give you a report of how the malware behaves and what it would do if run in a “non-sandboxed” environment. There are a couple up now it seems. One incidents.org reported is https://luigi.informatik.uni-mannheim.de/submit.php, Sunbelt has one at http://research.sunbelt-software.com/submit.aspx and they have alternate URLS….
Category: Computers
-
Internet Explorer 0-day (take 2 of the last few days…)
The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch day (earlier if needed…. ahem….) Sunbelt is blogging about the “epic loads of adware” being pushed into systems via this vulnerability. Now, some workarounds….
-
Internet Explorer zero-day
This time around, the zero day is related to Internet Explorer and activex… (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at the end of August, MS has an advisory on the issue. I think a safe bet would be alternative browsers until this is patched. It is possible though to enable a kill bit, or vary security settings to disable/always prompt before using activex.
-
Firefox and Thunderbird updates
As I’ve just posted to the security-update-notice category, Firefox and Thunderbird both have been released in 1.5.0.7 version…. the release fixes a number of known security issues and you should upgrade as soon as possible. Details on the issues at incidents.org Also, you can visit mozilla.com for downloads
-
Microsoft Update day for September…. AND Flash… AND Apple
Yesterday, of course, Microsoft released it’s monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn’t quite a huge update day by recent standards, but here’s the summary…. Incidents.org has a nice chart showing the two re-released patches (one is actually re-re-released…) They are MS06-040 (server service patch – critical) and MS06-042 (IE 6 patch). Both of those vulnerabilities addressed are well known and could be actively exploited. The “first release” updates from this month affect Microsoft Queue System MS06-052 which is the most important of the releases….
-
ANOTHER Microsoft patch problem
This is getting to be like clockwork, but it sounds like this may be one of the nastiest problems so far. It appears that there is a problem with one of the recent patches from Microsoft MS06-49. It looks as though the problem is data corruption for small files (under 4096 bytes.) There’s a google groups thread here. The key factor seems to be that IF the folder is compressed, the data within is subject to this possible corruption.
-
Chase throws data on 2.6 million customers in landfill
Chase Card services mistakenly threw out backup tapes that contained the card information of around 2.6 million customers (according to the article Circuit City card holders (former and current.)) 5 data tapes were mistakenly trashed in July. Fortunately, they think the tapes were destroyed at the landfill, and are 1)notifying the affect, 2)working with authorities. So, it may be that no data in this case was actually leaked… it does underscore one thing….
-
Beware with video codec downloads….
Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and “required” to view some content…. well, posing as a codec download is a good way to trick people into downloading it seems and there are more out there that use the same trick. Sunbeltblog brings not one, but two fake codec sites to watch for today.
-
Beware visiting Samsung’s site
Betanews is reporting that Samsung’s site has been hacked and is currently serving up malware in some areas. user intervention is required for it to run on the users pc, but be cautious. Samsung has been notified, but as of Friday morning (according to the report) the trojan horse is still there. I really wonder if it hasn’t occured to them to pull the whole thing offline to clean things up?
-
Sharing contacts between Outlook and Outlook Express
Not too long ago I was installing a fax machine for someone that supported Outlook Express’ addressbook, but not Outlook’s default addressbook. My first thought was to get Outlook (2002)/Outlook Express using the same contact format and then we’d be in business… But…, they had an exchange server so, Outlook was installed in Corporate/Workgroup mode, which means, officially “you can’t get there from here.” But…. there is still a way. Details from slipstick.com, it turns out there is a registry edit that can get you around the Corporate/Workgroup “limitation”. This may not work for all installs, and is not guaranteed or supported, but…