I did this as updates to an earlier post, but it probably deserves it’s own post now. The morning brought us the news of SERIOUS flaws in the Uninstaller ActiveX control for Sony’s DRM, then came news of ANOTHER flaw, this one a privilige escalation “attacker can take control of PC” vulnerability in the DRM rootkit (XCP) itself. The other bit of news to come has been the extent of the install base of XCP.
Category: Security
-
Lynx web browser vulnerability
Incidents.org is reporting on an advisory for users of lynx. For those of you that don’t know lynx, it is a text based web browser used in text only terminal environments. I’ve used lynx from time to time to see what websites look like to a text only reader to help design towards better accessibility. Anyway, the three of you using it to browse the web with need to upgrade… (please, it’s a joke…)
The vulnerability is described at idefense.com. It appears that a new development version of lynx has been released which fixes the problem. (Development version 2.8.6dev.15)
-
Sony discs to be recalled
It looks as though the uninstaller as claimed last night, does have more serious implications than the original rootkit, in Sony’s continuing DRM nightmare. Basically, the uninstaller will allow any web page to run arbitrary code and or remotely control your pc. Which is sort of the holy grail of remote exploits. The ActiveX control called CodeSupport that is required to get the uninstaller is the culprit here. It remains on system after uninstall and is marked safe for scripting.
-
FTC’s message to Enternet Media has not quite sunk in…
In spite of the FTC’s raid of Enternet Media and charges against them for various details such as deceptive install practices, unfair installation of code, failure to disclose nature of bundled software and furnishing code to others that interferes with the use of the computer… well, Enternet Media seems to be proliferating their wares just fine… in spite of a temporary restraining order. According to Spyware Confidential there are still downloads of searchmiracle/elitebar as written up here.
-
SONY DRM rootkit – the gift that keeps on giving
Well… I said, more legs than a centipede for this one…. It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use an (InstallUpdate) download which could be exploitable AND if that’s not enough, a n ExecuteCode function which could crash the browser. It should be noted that the ActiveX uninstaller REMAINS ON THE SYSTEM after the SONY DRM ROOTKIT is removed, meaning that these functions would be available for remote exploit even after the XCP software is uninstalled.
-
New Sober virus variant coming
This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well as sunbeltblog.
-
CJB sites spawning spyware downloads?
You might be cautious visiting the free sites at cjb.net according to the sunbelt blog many of them are unwittingly providing spyware downloads to users. The download is for a 180solutions pest. If you have a free cjb site, you would be well served to test your page to see for yourself what your visitors may be greeted with.
-
Some companies unable to secure your data
It’s sad, but true. Some companies are just plain irresponsible with your data. Whether it be credit card information, or address and phone number there are those that aren’t good about keeping their databases private. The securityfix is reporting that a recent survey found 12% of people had been notified by companies that they did business with over a breach of security resulting in data loss. Apparently 20% of those, closed accounts subsequently.
-
The wolf in sheeps clothing, software that claims to be anti-spyware, but installs more spyware on your pc
The bad news is that the spyware situation for home pc users can be murkier every day. I remember a particular user who once installed an antivirus program because a popup appeared claiming to have found viruses on his drive, next thing he knew he was having all sorts of spyware problems, viruses found all the time (to “prove” the antivirus component was running.), etc. etc.
Spyware Confidential has the story on the latest wolf in sheeps clothing, something called spyaxe. This link shows a screenshot of one fake warning. One problem is how to describe to people how to identify legitimate versus illegit popups and warnings.
-
Getting rid of an old PC – wipe the hard drive!!
I’ve said it before and mentioned DBAN (Darik’s Boot and Nuke) as my favorite tool for this, but Sunbeltblog is mentioning this and it’s worth reminding you. When you replace a PC, you might keep the hard drive around for a short period to make sure you have all your data, but PLEASE plan on finding some way to delete or wipe or nuke or destroy ALL the data on the drive.