Donna's SecurityFlash

MPSB 05-06 Breeze 5.0 Password Reset Encryption

Summary: Macromedia Breeze 5.1 includes a security update which addresses an issue related to user password encryption in the database when resetting passwords in Macromedia Breeze 5.0.

NOTE: This update only applies to licensed customers of Breeze running the software on their own servers. This problem does not occur on the Breeze hosted system.

Solution: Macromedia Breeze customers should upgrade their licensed software to Macromedia Breeze 5.1, which includes the product fix to this issue.

Severity Rating: Macromedia categorizes this issue as a moderate issue and recommends users patch their installations.

More details in Macromedia website

Symantec Corp. announced it has been awarded more than $1 million in restitution as a result of a criminal software piracy case in Houston, Texas. Li Chen pled guilty to one count of trademark infringement and agreed to the restitution as part of a plea bargain.

The case, prosecuted by the Harris County District Attorney's office, was the result of a year-long investigation by the Houston Police Department and the Federal Bureau of Investigation. The case was initiated based on information uncovered in an investigation conducted by Symantec and other software companies into Chen's activities.

After a search warrant was served by law enforcement authorities on November 17, 2004, more than 5,100 units of counterfeit Symantec software was seized from Chen's business, Microsource International, located in Houston. In addition, documents were seized revealing that between April 2002 and October 2004, Chen sold counterfeit Symantec software with a retail value of more than $9.9 million.

http://www.symantec.com/press/2005/n050928.html

“Lavasoft invites energetic and enthusiastic testers to be the first to try the alpha version of the Lavasoft System Analyzer. This is in line with the goals of Project ECO to steer computer users towards a safer computing environment.”

http://www.lavasoftresearch.com/blog/?p=81

WARNING: That is ALPHA version. DO NOT try in system that you cannot afford to lose.

Microsoft Phishing Filter helps identify fraudulent Web sites before you visit them and offers dynamic screening to help protect against online data theft. Learn how it works and how to download and install it.

57 million people in the United States alone claim to have been exposed to at least one online phishing scam. These scams typically attempt to lure you into visiting phony Web sites where your personal information or credit card information can be collected for criminal use.

Microsoft Phishing Filter helps provide dynamic protection against phishing scams as you visit Web sites in two ways. It scans and helps identify suspicious Web sites, and provides up-to-the-hour updates and reporting on known phishing sites. Microsoft Phishing Filter is available as an add-in for the MSN Search Toolbar at no cost, and will be also available in the upcoming Windows Internet Explorer 7.

Microsoft Phishing Filter info:
- Two key features
- Microsoft Phishing Filter in action
- How to get Microsoft Phishing Filter
- Step 1: Download and install the MSN Search Toolbar
- Step 2: Download and install the Microsoft Phishing Filter Add-in for the MSN Search Toolbar (Beta)

Security At Home

Avoid wireless attacks through your Bluetooth cell phone

Bluetooth wireless technology is included with many cell phones and PDAs. It was initially designed to let you swap documents between other Bluetooth devices without the use of annoying connecting cables, but has since expanded to provide services such as Web connectivity and online game playing. However, any time you transmit information online, you can be vulnerable to online attack; and as the popularity of Bluetooth increases, so does its interest to cybercriminals.

Get tips to help improve the security of your Bluetooth-enabled cell phone or PDA:

- The Bluetooth process and vulnerability
- Tips to improve your Bluetooth security
- More Bluetooth tidbits

Read the tips in Microsoft Security At Home

According to Dr. Klaus Brunnstein, president of the International Federation for Information Processing, software will always be vulnerable as long as designs are complex, because no one can fully understand what happens deep in the system. The design of the Open Systems Interconnection architectural model, on which the current IT model is based, is also flawed, he said. Speaking at the SEARCC 05 conference, he also advocated involving consumers more in development and making Bill Gates pay for the damage the Windows OS has caused.

TechWorld

Novell apparently allowed employees to use test servers outside the firewall for gaming, leaving them vulnerable to attack. One hacked server was used to scan potentially millions of computers. The scans used Port 22, the default port for Secure Shell (SSH) services, which allows programs to log into other computers or to execute remote commands and move files securely. Port 22 scans often indicate hackers are looking for vulnerable SSH to break into and control. The gaming site, neticus.com, was taken down after Novell was alerted about the breach.

TechWorld

Instant messaging attacks are on the rise. Akonix Systems Inc., a messaging security developer, said in their Q3 Threat Report that 25 viruses have been reported on IM networks so far in September, or about one a day. In the past, malware was repurposed from email viruses, but now IM-targeted viruses are just as likely. Hackers are using IM to take over PCs and carry out zombie-style attacks via the major consumer IM networks AOL, Yahoo, and MSN. Corporations using IM need to get off the consumer networks to avoid this threat.

eWeek

Research and advisory firm Gartner says that unattended PCs are "low-hanging fruit" for insider attacks and suggests that companies use time-outs to automatically log users out of application sessions or lock PCs. Threats from unattended computers include unauthorized access to personnel data, changing business information (to hide fraud, for instance), and sending email in someone's else's name. Users are resistant to time-outs, but Gartner believes objections can be overcome by holding users accountable for any misuse of their PCs.

The Register

F-Secure is now offering its Internet Security 2006. It will tackle spyware, rootkits and uncontrolled Internet usage.

The suite integrate the unique F-Secure Blacklight

View the press release here

Note: F-Secure Blacklight is also available as standalone but it is in BETA phase. BlackLight beta's expiration has been extended until 1st of January 2006. More info in http://www.europe.f-secure.com/blacklight/

I blogged before that we must NOT be conservative because malware don't.  Malware nowadays is using new tricks to infect users.  There are times malware will use old and new tricks.  If you are conservative** you are at risk. 

Alex Eckelberry blogged before a spyware keylogger that were uncovered by his team (Sunbelt’s Research Team). They have been finding Winldra variants and he said you are nuts if you do not want to upgrade your system to Windows Service Pack 2.  Why? Simple.  You're at risk without SP2. 

**whenever I'll write conservative here --  I mean you are the type of user who want to stick with old system, old version application, unsupported application, prefer not to upgrade

Your first defense is keeping your system uptodate - visit Calendar of Updates ;-)

ZoneAlarm Pro is prone to a weakness that permits the bypassing of the Advanced Program Control feature settings.  An attacker can exploit this weakness to bypass restrictive settings and transmit data to external sources through the use of permitted applications.

Solution:  Reports indicate that this issue has been addressed in the latest release of Zone Labs Security Suite; this has not been confirmed by Symantec.

http://www.securityfocus.com/bid/14966/discuss
PoC in http://hackingspirits.com/vuln-rnd/vuln-rnd.html

BitDefender Antivirus is a proprietary antivirus product for multiple platforms.  A format string vulnerability affects the logging functionality of BitDefender Antivirus. This issue is due to a failure of the application to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function.  A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution, and privilege escalation.

This issue was reported in BitDefender versions 7.2, 8, and 9 for Windows. Other versions and platforms may also be affected.

http://www.securityfocus.com/bid/14968/discuss

SecuBox Labs reported that several antivirus programs do not scan files that contain extended ASCII characters and characters that are lower than 0x20. An attacker can rename a malicious filename to such a filename which in turn will cause the AntiVirus programs to ignore the filename.

Vulnerable Systems:
* BitDefender Antivirus
* Trustix Antivirus
* Avast! Antivirus
* Cat Quick Heal Antivirus
* Abacre Antivirus
* VisNetic Antivirus (bypass only with manual scan)
* AntiVir Personnal Edition Antivirus
* Clamav for Windows Antivirus
* Lavasoft Adware SE Personal Edition
* Antiy Ghostbusters Professional Edition

Immune Systems:
* Kaspersky Antivirus
* AVG Free

PoC is available. Read more in Securiteam

AOL is confident that the recent phishing attack on its customers failed to cause any harm.  The phishing email was spammed out at the end of last week purporting to come from AOL's security department.

VNUNET

“The website for the WinMX file sharing service has been shut down, suggesting that the service, best known for enabling copyright infringements, has crumbled under legal pressure from the Recording Industry Association of America (RIAA).  Cease and desist letters were sent out last week by the RIAA to seven file sharing services, but the organisation declined to specify which services were targeted“

Trojan-based attacks will take over from email phishing in the U.S. and Europe as trojans become more sophisticated and harder to stop, according to a new report.

The research by the Information Security Forum (ISF) also warned over the increasing use of 'moles' placed in organizations to gain access to prize customers.

The survey of 260 ISF members that shows that over a third of members have been affected by phishing attacks. Over 30 percent of these have experienced more than 20 attacks.

Read more in SC Magazine

Reading EULAs Can Help Prevent Spyware Infiltration says Mark Joseph Edwards for Windows IT Pro.  He also discovered the EULAlyzer tool by Javacool Software and he mentioned Facetime's upcoming tool to analyze a EULA.  The tool is called The Project Truth Serum which is currently in closed beta-testing.

RealNetworks issued a security update Wednesday to its partners to address vulnerabilities in its RealPlayer and Helix Player. Both media players are at risk, as exploit code has been published that could take advantage of the vulnerabilities in its RealPlayer version 10.0.5.756 Gold and Helix Player 1.0.5.757 Gold running on Linux or Unix.

The company said it plans to issue a public release of its security update later this week. In the interim, Real Networks advises users to visit its resource Web site.

CNET