Archive: Security
Classic tech tips filed under Security.
-
Malwarebytes Anti-malware
I'm usually a bit leery of new antispyware products. I do a first look at the rogue antispyware lists and just try to be as cautious as possible when moving away from the tools that I've tried and te…
-
Virus Warning - Email Subjects - IRS Notice - Important Information from the IRS
I've seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls…
-
Varying Degrees of Password Security
Last week we talked about creating strong passwords, but should we use different passwords for every site? It's best practice to do just that. Do they all have to be really hard passwords? Again idea…
-
Creating Strong Passwords that are Also Easy to Remember
Making up passwords is something we have to do almost everyday it seems. Banking web sites, forums, email accounts, webhosting accounts, mail lists, etc. But it seems that making passwords is one of …
-
Windows updates for February could set record
There could be a record number of vulnerabilities addressed next week when Microsoft releases an expected dozen updates for its Windows and Office products. (According to Brian Krebs at the Security …
-
Sony rootkit settlement
Here's a followup to one of the first big stories that I posted on... the Sony rootkit - there has been a settlement with the FTC (Federal Trade Commision). It has yet to be approved but, affected cu…
-
Extended support for XP Home and Media center
I want to make a note of this here... Microsoft has announced that XP Home and Media center editions will get extended support on par with that of XP Pro. Essentially this means security updates for …
-
Thank you NC department of revenue...
I heard on the local news last night that the North Carolina Department of Revenue has lost a laptop that had ~30,000 state taxpayers information on it. Social Security numbers/etc... The report I sa…
-
Approaches to beating form spam submission
I've replaced bare email addresses on web page with either an encoded variation of the email or with a contact form to discourage spam scrapers and other automated tools from using it for a spam magn…
-
Good idea to help limit phishing attacks
I saw this a few weeks back and think it's a good idea. Essentially why don't we have a .bank domain registration and limit it to just financial institutions the way .gov is limited to government reg…
-
Major botnet building and the massive jump in spam
For a few months now (since the demise of bluefrog actually) I've noticed that the level of junk mail has gone up on my own mail server. Yes, I use spamassassin to filter and tag, but the volume of s…
-
Wireless exploits coming to Metasploit 3...
and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasp…
-
Watching out for MORE fake video codecs
sunbelt blog has yet MORE fake codec sites to watch out for. All are bad and should be AVOIDED... details after the jump.... IP: 85.255.118.195 vccodec(dot)com IP: 69.50.188.109 hqcodec(dot)com IP: 6…
-
Internet Explorer 7 final release - AND first vulnerability...
Looks as though IE 7 release is imminent and will be in automatic updates on November 1st. Here's one persons take on the user interface "improvements". Now, there are many improvements in core funct…
-
Massive Oracle quarterly patches
If Microsoft patched 101 flaws in one release it would make big headlines - so this deserves some headlines too.... more coverage at incidents.org
-
Would you like spyware with that? Apple too....
These stories come up from time to time. A free giveaway of some sort and it turns out that there's spyware or a virus embedded, company gives a big "whoops" and fixes things by replacing them.... Mc…
-
*Nix Nvidia binary root exploit
There appears to be a working root exploit against the binary NVidia driver for *nix based systems. It's reported at kerneltrap.org It was resolved a few weeks back by the release of version 1.0-9625…
-
Exploit Thursday - this months winner - Powerpoint
The SecurityFix reminds us of what usually comes close behind Patch Tuesday.... exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There's a new Powerpoin…
-
The problems with cache servers
Networkworld brings us this report that exploit code removed from websites can live on for quite a while in caching servers. Which, in a way is NOT news, but it's worth remembering. Many times when s…
-
What wasn't patched Tuesday...
Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround... Mitigation: The DirectAnimation Path control can be dis…
-
Microsoft October 2006 patch Tuesday
The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities thi…
-
By the way, the US commerce dept. computers are under attack....
Shouldn'tthis and this get more news coverage? US Commerce Department computers (specifically a bureau responsible for export licenses) is under cyber attack from hackers based in China. The Bureau i…
-
October Microsoft update advance notice....
11 patches will be released by Microsoft on the 10th of October. Bulletin is here, 6 for windows, 4 for Office (at least one in each of those two batches is critical) and 1 .NET (moderate) - yes the …
-
More rogue security software
Wolves in sheeps clothing.... from Sunbelt blog.... Watch out for pestcapture and "friends" (using dlls from spysheriff). Thanks to sunbelt for keeping their eyes open on the threat of wolves in shee…
-
Exploits in wild for recent Apple vulnerabilities
If you've been delaying on updating with the recent Apple Mac OS X updates.... don't, there are exploits in the wild now for at least one. It's speculated that this code may have been in the wild bef…
-
Watch what things you store in public places.... part 342
Not too long ago there was an article about how people reveal too much about their lives in Google (or other web) calendars AND MAKE PUBLIC.... well I think this takes it a step further. Gmail let's …
-
Multiple Apple updates as Mac goes to version 10.4.8
Apple is fixing 15 security flaws with the 10.4.8 version upgrade of Mac OS X. (There is a second update as well.... Security Update 2006-006). In typical fashion there are a bundle of issues in thes…
-
Microsoft Internet Explorer patches for unsupported OS versions (Windows 98 and ME)
For starters, if you're using Windows 98 or ME still in a production system, you REALLY need to be looking at migration options and you should realize that the architecture of those systems is NOT co…
-
Firefox zero-day vulnerability (or is it?)
I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the w…
-
Oh and ANOTHER Powerpoint vulnerability too....
Sometimes you feel like the little Dutch boy of myth/legend with his finger trying to plug the hole in a dam.... Incidents bring us this as well.... another powerpoint vulnerability seems to have bee…
-
Microsoft vulnerability whack-a-mole continues.....
Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, ther…
-
Microsoft releases official VML patch!!
The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that's been actively exploited in recent days for everything …
-
Update on the Internet Explorer VML vulnerability
Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the f…
-
Apple Macbook pro and other wireless fixes
Do you remember the big bruhaha a month or so back about the "apple wireless vulnerability" that everybody picked apart because in the video taped demonstration they used a third party card.... EVEN …
-
More fake codecs
Sunbelt is still finding fake codec sites.... This most recent site is mpcodec.com and the ip address of 69.50.160.58 (I had to do a doubletake as THIS site (averyjparker.com) is hosted at 69.36.180.…
-
How Microsoft could patch VML vulnerability before October's patch day
SO, there's the second big vulnerability exploit for Internet Explorer making the rounds in about a week and Microsoft's advisory says that the most recent flaw will likely be patched on October's pa…
-
Public CWSandbox (es)...
Around the time of this latest IE exploit hitting the web, there was also mention of some publicly available CWSandbox sites for the submission of malware. It's an analysis tool that can give you a r…
-
Internet Explorer 0-day (take 2 of the last few days...)
The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML... Incidents.org has good…
-
Internet Explorer zero-day
This time around, the zero day is related to Internet Explorer and activex... (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at …
-
Microsoft Update day for September.... AND Flash... AND Apple
Yesterday, of course, Microsoft released it's monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn't quite a huge update day by recent stand…
-
Beware with video codec downloads....
Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and "required" to view some content.... well, posing …
-
Beware visiting Samsung's site
Betanews is reporting that Samsung's site has been hacked and is currently serving up malware in some areas. user intervention is required for it to run on the users pc, but be cautious. Samsung has …
-
Being cautious with web links
Once upon a time the bad payload of a malicious email was it's attachment, that still happens, but in many cases the links are the real lure - like a worm dangled in the water in front of a hungry fi…
-
ICQ client and toolbar vulnerabilities
Sans brings this from AOL, advising of vulnerabilities in the ICQ client and the ICQ toolbar for IE. The latest version of ICQ client is 5.1 and is claimed to not be vulnerable. (Toolbar version 1.3 …
-
Firefox code under the microscope
So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. …
-
Microsoft's priorities...
I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protec…
-
The ways data is stolen..
Brian Krebs highlights a study on data theft/breaches. There are some interesting results (just 1/3 of data breaches were from criminal hacking, 29% from stolen laptops or storage media, 23% from imp…
-
System patching 0-days and ancient-day vulnerabilities
There's a good article at Michael Sutton's Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulner…
-
Privacy concerns abound...
Well, the weekend saw news stories of Google planning to eavesdrop over pc microphones to hear what you're watching on tv to target ads..... (I'm not holding my breath on that one, but... I do know h…
-
Another Internet Explorer Exploit (September 2006)
A new Internet Explorer bug was published on Monday. It's been given a CVE (2006-4446) and affects IE 6.0 SP1. It's worth considering alternative browsers. Details from bugtraq indicate that it's a b…
-
CA etrust antivirus false positive
We've got an antivirus false positive to pass along... apparently, a signature update for CA eTrust Antivirus has flagged lsass.exe on Windows 2003 as an undesirable program. There have been updates …
-
Sun java update process vulnerable
The Java Runtime Environment from Sun has a vulnerability that's due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are lik…
-
Run a botnet go to jail
It's really good to see one chalked up against a botnet operator. Friday, a former botnet operator was sentenced to 37 months in prison for breaking into 100's of thousands of computers. There NEED t…
-
DEP incompatibilities HP Deskjet 5550 printing blank pages
I had a frustrating morning last week. I had setup a new pc, transferred data and gotten everything in fairly nice shape. I had got the old printer attached and setup (HP Deskjet 5550). In fact I had…
-
Intel Proset Wireless update
A couple weeks back, there was a pretty important security update for the Intel Proset Wireless driver. The big problem is that the update was a memory hog and caused porblems. Sans has info on the u…
-
Wireshark, various vulnerabilities disclosed
There used to be a tool called ethereal and then it changed it's name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgra…
-
Good sarc monitoring tip
Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that "defend" your network. (Mail antivirus scanners/…
-
Hiding malware may evade antivirus
Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly…
-
But it's brand new, how could it have so many updates?
This morning I was doing a fresh install of Windows XP SP2 into a Virtual Machine. So far, things are fine I went through windowsupdate and found 3 updates the first time, then rebooted and hit windo…
-
Powerpoint vulnerability (August 2006)
I'm having to make sure I put the date in the title of these posts now.... over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using…
-
Mac Wireless driver Security vulnerability revisited
A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped pre…
-
Encrypting wireless traffic
Incidents.org has been running their security tip a day this month and I really liked this one. It's essentially a way to encrypt your wireless traffic using ssh. That's something I've covered here b…
-
Other MS patch news as well as a Yahoo vulnerability?
Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch da…
-
MS06-040 update
MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for "wormable" activity. There's a good deal of news from over the weekend with regards to this. Firs…
-
Being cautious on the web...
Incidents.org is reporting on the defacement of a security related web site (winsnort.com). They say they usually decline to comment on those because the attention is what the defacers thrive on. How…
-
Ruby on Rails urgent update
A new version of Ruby on Rails has been released in response to a critical security vulnerability. The link will take you to information at incidents.org. 1.1.5 is the new version and should be compa…
-
Exploit out for MS06-040
The big computer security news of the day is the release of exploit code publicly for MS06-040. The patch of course was released Tuesday and it is fairly critical to get the update installed. This is…
-
Blackberry vulnerability to be released soon
Between the Lines is warning that Blackberry Enterprise servers ought to be placed in the DMZ (if not already.) There is word that a critical vulnerability will be announced on August 14th. (And if w…
-
Clamav 0.88.4 and prior DoS
According to incidents.org a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disa…
-
Vista's fatal flaw?
Backwards compatibility. It's something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According t…
-
Another WMF exploit??
Security Focus has a brief that refers to a WMF zero-day vulnerability that affects Windows XP SP2. I suspect this may get a bit of coverage throughout the day. It appears as though there are actuall…
-
AVG antivirus false positive
Incidents.org has some reports of false positives reported by Grisoft's AVG antivirus running on Windows XP (SP1).... The false positive was with a file named C:\i386\REG.EXE which is a legit file fr…
-
Google trying to warn about dangerous pages
SunbeltBlog is talking about a new sign that Google is stepping up to try to protect users against potentially malicious sites. They have a screenshot, which I was able to verify, that gives a warnin…
-
Targetting the OS is old hat....
The Register sums up the Black Hat briefings pretty well. The Operating System level has received a lot of scrutiny in recent years for security flaws and as a result there has been a good deal of im…
-
Nasty Javascript attack possibilities
There were demonstrations of some nasty javascript attacks at Black Hat as well (as if the wireless driver issues wasn't a big enough problem...) Javascript is a powerful language and can be used for…
-
Windows update advance notice for August 2006
August's advance bulletin of Microsoft updates is already up. Tuesday of course is the monthly Microsoft patch day. It appears as though there will be 12 updates this time around. As usual, it could …
-
Possible Windows Scheduler local privilige escalation
Sans has a writeup on Windows local privilige escalation using the Windows scheduler and among other things it might be worth starting out by saying that typically, only Administrative group users in…
-
Wiping cd-r/rw and dvdr/rw media
It looks like those shredders that take on optical media nor the physical scraping of the reflective surface is enough for some.... Plextor will be marketing a drive designed to wipe optical media (c…
-
Phantastic site for Phishing research....
By way of Sunbelt blog... The Phishtank at Internet Defence has a realtime archive of phishing emails as well as real time information on the status of their host sites. On their phishing site monito…
-
Wireless Driver Vulnerabilities
There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that…
-
Time for Apple Mac OS X updates again
From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. M…
-
More reason to be cautious with Firefox plugins
Again.... this article referring to an exploit related to the cross platform plugin capability in firefox, is a GOOD reminder to be cautious when looking at potential plugins to install for mozilla f…
-
Banks and Web security
George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest …
-
Security Tip a day for August
SANS has an answer to last months browser vulnerability a day blog... for August they'll present a security tip a day. So, if you haven't visited the handlers diary, this may be a good time to "tune …
-
Fun way to mess with wireless freeloaders....
Some people spend a lot of time finding ways to block the freeloaders from their wireless internet. Others find fun ways to mess with them.... They start off by settup up dhcpd.conf to carve out two …
-
Firefox 1.5.0.5 out and be cautious with extensions...
Well, let's start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool - look for reviews …
-
Internet Explorer 7 as High Priority update and the ability to prevent it's auto-download
The news has come that Internet Explorer 7 will come out as a high priority security update when it's released later this year. This should mean good things for the folks that are still using IE6 as …
-
Microsoft Issues advisory on Powerpoint flaw
Here's the link to Microsoft's advisory. The main workaround seems to be.... Don't open or save powerpoint attachments that you receive from untrusted sources, OR that you receive unexpectedly from t…
-
Google search for malware accessible to all...
The metasploit project is now hosting a malware search that uses Google. It essentially uses a binary google search technique that was referenced last week to find malicious files hosted on the web. …
-
IPtables magic, or... Blocking Aggressive Outbound Traffic with IPtables
Blocking Aggressive Outbound Traffic with IPtables. For starters, I've tested this on a test system that started out with NO iptables rules, and then moved on to an IPCop install (the vmware download…
-
Linux Local kernel vulnerability
SANS has a story on another local kernel vulnerability for linux. I've got to say that I typically haven't looked as much at "local" vulnerabilities on this site as I have talked about remote vulnera…
-
Firewall musings...
Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan... i.e.…
-
Powerpoint zero day
This has been a rough quarter for Office vulnerabilities... there seems to be a pattern, Microsoft patch day, then.... zero-day exploit within a week for an Office component. First Word, then Excel a…
-
Debian development server compromise
Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people,…
-
Anonymized Botnet?
Sans has a story on botnet traffic spotted coming from the TOR network. Now, I had to refresh my memory on what TOR is, but it's an anonymizing network, essentially a computer running TOR, would coll…
-
Adobe Acrobat reader update
On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone…
-
Phisher's getting sneakier
The SecurityFix reports on this clever two-factor authentication phishing attempt. They were looking for Citibank Business customers and in addition to username password information they were looking…
-
Another Wolf in Sheeps Clothing to watch for "Spyheal"
Sunbeltblog has the heads up on this one. Spyheal is the name it goes by and it hangs out at spyheal (dot) com So, if you're in a position to block sites that looks like one to filter for your networ…
-
7 Updates coming from Microsoft in July
We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for…
-
Denyhosts as an added defence to ssh server
A couple days ago I had a brief article on the vandals banging away at the door of my ssh server. Like I said, I've, at times, been fairly smug abou the futility of their actions, but.... the persist…