Well, the weekend saw news stories of Google planning to eavesdrop over pc microphones to hear what you’re watching on tv to target ads….. (I’m not holding my breath on that one, but… I do know how to disconnect the microphone.) Also, there was the story of Browzar which was supposedly THE solution for private web browsing…. well, it turns out it set’s it’s own search engine as the default and uses your search information to give sponsored links. Sans also mentions that the last visited url may be saved to disk as well. Really, we have several places where information is kept on us anyway (ISP/etc.) But, if you’re really concerned about private browsing you might try out the vmware browser virtual machine (or a portable web browser on a usb-key.)
Category: Security
-
Another Internet Explorer Exploit (September 2006)
A new Internet Explorer bug was published on Monday. It’s been given a CVE (2006-4446) and affects IE 6.0 SP1. It’s worth considering alternative browsers. Details from bugtraq indicate that it’s a buffer overflow in the DirectAnimation.PathControl COM Object(daxctle.ocx)… could cause DoS and possibly remote code execution.
-
CA etrust antivirus false positive
We’ve got an antivirus false positive to pass along… apparently, a signature update for CA eTrust Antivirus has flagged lsass.exe on Windows 2003 as an undesirable program. There have been updates to address the problem, but if you’re running CA eTrust on Windows 2003 Server you’ve probably already seen the effects. Sans reports some 2003 servers as failing or being unable to reboot.
-
Sun java update process vulnerable
The Java Runtime Environment from Sun has a vulnerability that’s due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a specially designed website could specifiy the version of the JRE to use in dealing with java components on the page. Sun’s advisory here on the issue. The story is from the SecurityFix and I’m bothered by the same point that get’s Brian about this update….
-
Run a botnet go to jail
It’s really good to see one chalked up against a botnet operator. Friday, a former botnet operator was sentenced to 37 months in prison for breaking into 100’s of thousands of computers. There NEED to be more stories like this. Unfortunately though, with a possible benefit of making $6,000-10,000 per month being a botnet herder…. and only 2 high profile arrests and convictions, I don’t know if this will discourage ENOUGH people from this kind of activity.
-
DEP incompatibilities HP Deskjet 5550 printing blank pages
I had a frustrating morning last week. I had setup a new pc, transferred data and gotten everything in fairly nice shape. I had got the old printer attached and setup (HP Deskjet 5550). In fact I had done a test page through the printers software at the end of the install process (Some sort of deskjet toolbox software, not Windows test page pattern.) Then we were making sure everything worked and they went to print out a UPS label from Worldship. The printer had come unplugged in the last rearrange, so I plugged power back in and the printer loaded a page, ran the head back and forth twice and spit out a blank page. Oh, we were using a parallel cable – I’ve seen some parallel cable based printers get “flustered” when power is lost and back on (especially if it was in the midst of a job when the power was pulled) – so reboot…
-
Intel Proset Wireless update
A couple weeks back, there was a pretty important security update for the Intel Proset Wireless driver. The big problem is that the update was a memory hog and caused porblems. Sans has info on the update to the update, also George Ou is encouraging everyone to make sure they’ve got things updated. It’s possible to JUST download and install the driver without getting the full proset management software. So…. CENTRINO users – this means you… update your wireless driver.
-
Wireshark, various vulnerabilities disclosed
There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.
-
Good sarc monitoring tip
Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that “defend” your network. (Mail antivirus scanners/ proxy fitlers/scanners/etc.) The core of the advice is to not just ping – that only tells you if the system exists and is online – it doesn’t tell if things are working. They suggest scripting tests (antivirus scanner can be tested via the EICAR test signature for instance.) They note that doesn’t tell if the av scanner is updated (I prefer a crontab output of the days updates – looks like there were around 9 clamav signature updates yesterday.
-
Hiding malware may evade antivirus
Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.