Microsoft
As a reminder, Microsoft is planning to release two security bulletins today, March 9, 2010. Both bulletins carry a maximum severity rating of important and the issues addressed could lead to remote code execution. The first bulletin applies to various versions of Windows XP, Vista and Windows 7 and is rated as important for all affected versions. The second bulletin applies to various Office releases and components for Windows and Mac and is also rated as important for all affected versions.
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx
In: Education, Security · Tagged with: microsoft, Patches, Security, update, Vulnerabilities
Bridal Scam
We would also like to draw our readers’ attention to interesting media articles on a scam, with something of a twist. The scam involved a purported bridal convention in Boston, which would be held at a convention center, and even claimed part of the profits from the event would be donated to earthquake victims in Haiti. It appears there are many victims of this scam including a significant number of wedding industry vendors and an estimated 5,000 individuals who bought tickets to attend. The scam came to light when an executive from the company who owns the convention center found the Web site promoting the event, which he knew was not booked at the center, and notified authorities. It appears the scam used radio, social networking, tweets, facebook and the scammer’s Web site to promote the event.
http://blogs.findlaw.com/injured/2010/03/bridal-no-show-the-boston-bridal-show-scam.html
http://www.boston.com/news/local/massachusetts/articles/2010/03/02/advertised_bridal_show_a_scam_fbi_police_say/?page=1
In: Education · Tagged with: awareness
Apache HTTP server 2.2.15
Apache has released HTTP Server version 2.2.15, which addresses a number of security exposures in prior versions of the HTTP server. Of particular note is the updating of the OpenSSL library to 0.9.8m which addresses the renegotiation issues outlined in CVE-2009-3555. At the time of writing, the links to the complete changelog and downloads for 2.2.15 were not visible on the Apache Web site, however, we urge users to apply this latest vendor update as soon as possible.
http://mail-archives.apache.org/mod_mbox/www-announce/201003.mbox/%3C4B92BC77.8050401@apache.org%3E
http://httpd.apache.org/download.cgi
Proof of concept code exploiting a vulnerability (CVE-2010-0425) in the Apache HTTP server version 2.2.14, mod_isapi, was published to a well known Web site. Notes in the code state that the exploit may need to be run several times to achieve successful spawning of a shell however – a success rate of 70% is reported. Also mentioned in the code is that, if DEP is enabled (Windows platforms) for the Apache process, the result may be a denial of service condition. As CVE-2010-0425 is one of those noted as addressed in the above 2.2.15 release, we again suggest updating as soon as possible.
http://www.exploit-db.com/exploits/11650
http://securityreason.com/wlb_show/WLB-2010030028
In: Security · Tagged with: apache, http, openssl, Vulnerabilities
Blackhat SEO
Recent assessments have discussed many of the Search Engine Optimization (SEO) scams currently in circulation. In a blog post published on Friday, X-Force analysts note how scammers are not only exploiting real news events, but they are also creating their own news to gain profits through affiliate programs. Our researchers warn, “you can’t always trust the hosts that search engines point to.” We encourage our customers to ensure their anti-virus software is up-to-date and to enable blacklisting on browsers that support it, such as the ‘Block reported attack sites’ setting in Firefox.
http://blogs.iss.net/archive/CreatingNewsForBlack.html
In: Security · Tagged with: business, hackers, information security, infosec, seo
Happy Friday!
Adobe libtiff exploitation
On Monday, we reported that Secunia had discovered that one of the recent Adobe Reader vulnerabilities was actually related to an old vulnerability in libtiff. Secunia had developed an exploit but kept it private. Now, there are reports that others have succeeded in constructing exploits for this issue as well. We encourage clients to apply the recent Adobe patches as soon as possible.
http://rootkit.tw/blog/?p=34
http://www.adobe.com/support/security/bulletins/apsb10-07.html
Browser vulnerabilities
A proof of concept exploit has been posted for a vulnerability in the iPhone browser. The exploit sends a malformed CSS style tag which causes a denial of service. It’s possible that a remote attacker could execute arbitrary code if the victim is tricked into visiting a malicious website. The same vulnerability is reported to also affect Apple’s Safari browser and Google’s Chrome browser.
http://www.packetstormsecurity.nl/1002-exploits/iphone_crash.py.txt
http://www.packetstormsecurity.nl/1002-exploits/safarichrome-dos.txt
Olympic themed SEO
Last week we highlighted the use of Search Engine Optimization (SEO) techniques where an attacker modifies the optimized search results of search engines to direct users to malicious sites. Currently, many search results for Olympic-themed queries lead to malicious sites. Upcoming events like the St. Patrick’s Day holiday and Spring Break in March may be the next campaigns that are abused. We encourage our customers to be cautious when clicking on links from search results and to visit official Web sites when possible.
http://www.avertlabs.com/research/blog/index.php/2010/02/23/on-olympics-st-patricks-day-screensavers-and-wallpaper/
http://twitter.com/mikkohypponen/status/9628022758
In: Education, Security · Tagged with: adobe, browser, chrome, exploit, libtiff, secunia, seo, vulnerability
Joke
During a recent password audit at a company, it was found that a receptionist was using the following password:
“MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento”
When asked why she had such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital…
In: Education, Security · Tagged with: passwords
Top Tips for Twenty Ten
Rules of Social Networking
Pay attention to what you post and upload. Social networking is public.
- Consider images, videos, and information you publish
- You shouldn’t publish your address, date of birth, etc.
- Use a nick-name that only your friends know.
Choose your friends with care.
- Do not accept friend requests from people you do not know
- Verify all your contacts
Protect your work and environment and avoid reputation risk
- When joining a social networking site use your personal e-mail address
- Be careful how you portray your company online
- Do not mix your business contacts with your friend contacts
Protect your mobile phone and the information saved on it from any physical intrusion
- Do not let anyone see your profile or personal information without consent
- Do not leave your phone unattended
- Do not save your passwords on your mobile phone
- Use the security features available on your mobile phone
Turn off Location Aware Services
- Twitter, Google Buzz, Foursquare and new Smart-phones will publish your location when you post an announcement. Letting the entire world know you aren’t home. See the website http://pleaserobme.com/
- Instead of using a GPS to mark your home location, have your GPS set home to a familiar landmark near your home, such as a corner store. If a thief breaks into your car, not only do they know you aren’t home, but they will have access to your garage door opener and turn by turn directions to your front door.
When Planning Vacation
- Do not post dates and times you will be away, rather write posts as a journal of events that have happened so it’s a surprise that you were gone for a period of time.
In: Education, Security · Tagged with: awareness, Security, tips
Microsoft MS10-015 BSOD Issue
Microsoft has acknowledged that there is an issue when applying the update related to advisory MS10-015 on systems that are infected with certain malware strains including one called “Tidserv”. These infected systems have a high likelihood of becoming unbootable displaying a PAGE_FAULT “Blue Screen of Death” (BSOD) error. Microsoft has issued directions on how to resolve this issue and has temporarily removed this update from the Windows Update Service until a complete investigation can be done.
http://www.symantec.com/connect/blogs/tidserv-and-ms10-015
http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/73cea559-ebbd-4274-96bc-e292b69f2fd1
http://blogs.zdnet.com/microsoft/?p=5250
http://blogs.technet.com/msrc/archive/2010/02/12/update-restart-issues-after-installing-ms10-015.aspx
In: Education, Security · Tagged with: bsod, microsoft, Patches, Security, update, Vulnerabilities
Anti-Phishing Procedure for Email
I saw something like this on the Internet and I do want to give credit to where credit is due, but I cannot remember where I found this. We have recreated it for businesses.
Please see the following flowchart for procedures on anti-phishing for email.
In: Education, Security · Tagged with: anti-phishing, awareness, email, hackers, id theft, phishing, Security
IBM, Google Chrome, & Cisco
New IBM X-Force Blog Entry
A new blog posting has been published on the IBM X-Force site. It covers Tom Cross’s BlackHat presentation on security weaknesses in Lawful Intercept, including the audio and video from the conference.
http://blogs.iss.net/archive/bhdc2010.html
Google Chrome vulnerabilities
Google released a new version of its Chrome browser addressing 6 security related issues. These issues are related to DNS, authentication and a possible overflow condition. The version (4.0.249.89) is available for download from Google.
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
Cisco IronPort Issues
There have been multiple reports of vulnerabilities in Cisco’s IronPort product. These issues could lead to information disclosure and code injection. Cisco has released patches for these issues which can be downloaded from their support site.
http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml