Computer Tips -Tech Info

Category: Security

Symantec Antivirus Remotely Exploitable Vulnerability

This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1” and “Symantec Antivirus Corporate Edition 10.1”

They have released IDS updates to try to detect attempted exploits of this….

(more…)

May 26, 2006
Mozilla Firefox 1.0x series end of life….

The Mozilla Firefox 1.0.x series will no longer be supported with security updates. IF you use Firefox as your web browser, make sure you’re using the current version in the 1.5 series (currently 1.5.0.3). You can find what your current version is by going to Help, “About Mozilla Firefox”. The 1.5 series automatically downloads and installs updates and periodically checks for updates for the installed extensions.

(more…)

May 24, 2006
Computer security day….

A few days ago – while musing about the botnet take-down of Blue Security – I said something along the lines of “Make sure your pcâ€™s are clean from â€œbugsâ€ and help your friends do likewise. Spread the word, we need a â€œworldwide clean your computer with antivirus and antispyware dayâ€ or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)” Anyway, it looks as though Switzerland does something like this… According to incidents.org it’s called Swiss Security day.

(more…)

May 19, 2006
Zero-day ( 0-day) Microsoft Word exploit

There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, although it’s looking like f-secure now has detection and I would suspect other AV vendors.

Essentially, one organization reported in to incidents that they were receiving emails with MS Word attachments. One user noticed that a domain name in the email wasn’t exactly correct…

(more…)

May 19, 2006
I’ve NEVER liked UPNP…. now I have another reason….

I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like it cause it puts you out of business….” It looks like Upnp is a really “malicious hacker friendly” kind of thing, especially when it’s installed and running on a gateway router… let’s say you have a hardware firewall with Upnp. Normally, you plug in an IP camera and maybe the IP camera uses Upnp to open a port so it’s accessible from the outside world. Nice, simple right? Well… what if you download a “browsing experience enhancement toolbar” that opens up another port on the firewall so you can act as a mail relay?

(more…)

May 18, 2006
RealVNC 4.1.1 and prior exploits on the loose

As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.

(more…)

May 18, 2006
Nugache the latest in bot-net technology… and why you should care about botnets…

To show you where the threat with bot networks is going there’s a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and essentially have no “human readable strings” in any of it’s communications. The encryption of it’s connections makes it harder for IDS to catch it (as they rely on signatures of traffic.

(more…)

May 17, 2006
More discussion on the Firefox 1.5.0.3 “image bug”

There’s quite a bit more discussion on a DOS bug in Firefox 1.5.0.3, the link goes to a site where they’ve confirmed the issue and there is a link there to a POC, so be cautious. It turns out that using javascript, image tags can be made to have a mailto: link which can automatically launch tons of instances of whatever default mailhandler a system has (essentially one for each image tag.) Right now, this sounds more like a Denial of Service risk, as I don’t see at this point any evidence that anything WORSE could be done than really freezing up the system with too many copies of the mail program open.

(more…)

May 17, 2006
The spammers win a round

There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here was that they were coordinating the responses of all their users – herding a “white hat” network of sorts.) Anyway, it was a successful concept at getting several of the top 10 to clean their mailing lists.It looks as though 6 of the top 10 agreed to clean up their mailing lists. Unfortunately, they were the subject of a Massive DDOS. They managed to recover and come back, but the dDos took out other sites as well and there were threats of more it seems.

(more…)

May 17, 2006
RealVNC 4.1.2 update to patch security vulnerability

A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction of that.

(more…)

May 16, 2006