Donna's SecurityFlash

Sun released v6 Update 7 of Java

2008-07-09T08:57:27Z

Download locations:

http://www.java.com/en/download/index.jsp

http://java.sun.com/javase/downloads/index.jsp

Verify installation: http://www.java.com/en/download/installed.jsp?detect=jre&try=1

Release note at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html

Their blog got entries for security alerts again http://blogs.sun.com/security/ and solution is to update to this new version.

Adobe Security Bulletin: APSB08-16

2008-07-09T07:31:20Z

Patch available for RoboHelp Server Cross-Site Scripting issue
Release date: July 8, 2008
Vulnerability identifier: APSB08-16
CVE number: CVE-2008-2991
Platform: Windows
Affected software versions:
RoboHelp Server 6
RoboHelp Server 7

A specially crafted URL could be used to create a cross-site scripting attack against RoboHelp Server 6 and RoboHelp Server 7. An attacker would need to have access to the RoboHelp Help Errors log, or convince someone with access to the RoboHelp Help Errors log to click on a malicious URL, in order to execute the attack. RoboHelp 6 and RoboHelp 7 (non-Server releases) are not vulnerable to this issue.

Solution
Adobe strongly recommends users update their RoboHelp Server 6 and Robohelp Server 7 installations
http://www.adobe.com/support/security/bulletins/apsb08-16.html

Microsoft Security Advisory on Office software

2008-07-09T03:21:59Z

Microsoft Security Advisory (953635)
Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

More info and work-around at http://www.microsoft.com/technet/security/advisory/953635.mspx

Microsoft Security Bulletins for July 2008

2008-07-08T16:04:57Z

As part of Microsoft’s routine, monthly security update cycle, they released 4 new security bulletins:

MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

You can view this month's Security Bulletins Summary at their website. Visit also the MSCRC blog for further notes or details on the said security bulletins.

For information about non-security releases on Windows Update and Microsoft update, please see http://support.microsoft.com/kb/894199/en-us

Don't forget to scan the system using Microsoft Baseline Security Analyzer (MBSA) to check for missing and mis-configured patches.

Security Updates support is free of charge. Contact MS at 1-866-CSAFETY if you are in the US or Canada. International users, please go to http://go.microsoft.com/fwlink/?LinkId=21155

Adobe Product Improvement Program

2008-07-07T18:42:46Z

I've been reading PDF files this past few days and then today, I got this:

It's Adobe Product Improvement Program and it is explained in http://www.adobe.com/misc/apipfaq.html
It's like Microsoft Customer Experience Improvement Program that is in Vista, Live Messenger etc.

Microsoft Security Advisory (955179)

2008-07-07T18:33:55Z

Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution

Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

For work-around and more info, please go to http://www.microsoft.com/technet/security/advisory/955179.mspx

http://blogs.technet.com/msrc/archive/2008/07/07/snapshot-viewer-activex-control-vulnerability.aspx

Google's YouTube Team: Law and Your Privacy

2008-07-06T09:53:38Z

Of course, we have to follow legal process. But since IP addresses and usernames aren't necessary to determine general viewing practices, our lawyers have asked their lawyers to let us remove that information before we hand over the data they're seeking. (You should know, IP addresses identify a computer, not the person using it. It's not possible to determine your identity solely based on your IP address. Rather, an IP address can reveal what geographic area you're connecting from, or which Internet service provider you're using.)
Why do we keep this information in the first place? It helps us personalize the YouTube experience, getting you closer to the videos you most want to watch. We have many features on the site that help users discover and share compelling content, and we're improving the video experience through recommendations, related videos, and personalized directories that help you find meaningful videos.
We'll continue to fight for your right to share and broadcast your work. The court did impose some encouraging limits -- they agreed with us that Viacom should not have access to private videos or our search technology. Also, the information we provide will be designated highly confidential under court order and only Viacom's outside counsel and experts will have access to it.
Legal matters aside, our focus remains on providing you with the best possible YouTube experience and we continue to be committed to protecting your privacy.

http://www.youtube.com/blog?entry=Gh2N9xyKK8k

Web of Trust (WOT) is now using hpHOSTS database

2008-07-05T23:52:11Z

I blog last month about Web of Trust (WOT) and we have a long discussion about WOT over at Calendar of Updates forum where WOT team participated.

Today, I learned from Steven Burn (aka MysteryFCM of hpHOSTS and Ur I.T. Mate Group) that his hpHOSTS file's database is now in WOT.

Note: Firetrust SiteHound also using hpHOSTS database.

Does your modern processor SecurAble?

2008-07-04T12:52:05Z

Mine does!... a bit because I only have 32-bit.

Modern processors incorporate features beneficial to security. SecurAble displays the status of the three most significant security-related processor features:

64-bit instruction extensions,
Hardware support for detecting and preventing
the execution of code in program data areas, ... and
Hardware support for system resource “virtualization.”

Dell should locked it!

4th July - Storm Worm

2008-07-04T05:44:33Z

Happy Independence Day says Storm Worm.

16 malware scanners will reject that greetings (fireworks.exe) while others might not recognize it:
http://www.virustotal.com/analisis/55647539965950f1b3622ff8d95b9cd8

Screenshots at http://www.dozleng.com/updates/index.php?showtopic=18763

I hate pink!

Securing your computers using Windows Disk Protection, Try&Decide or ShadowMode

2008-07-04T03:14:18Z

This article will discuss applications that will save your day by protecting and securing your computer from unwanted changes, malware infections and unusable state without the need of using Virtual Machine or System Restore.

Malware infection and unwanted system changes are the biggest concerns by organizations and individuals. It’s easy to be infected nowadays if the anti-virus’ real-time protection failed to detect malicious behavior while a user is surfing or installing unknown programs. It’s also easy to have unusable system if an update or software installation contains bugs or incompatibility with existing applications.

The above problems will be solved by using ShadowMode, Try&Decide or Windows Disk Protection. For screenshots and article please go to http://www.brighthub.com/Computing/SMB-Security/articles/2323.aspx

Upcoming Update to Windows Update; Patch Tuesday Info

2008-07-04T02:22:18Z

Microsoft Update Team announced that there will be an update to Windows Update Agent (Client) which will begin end of this month.

How Windows Update Keeps Itself Up-to-Date
What does this mean for you?
Why does Windows Update need to self update?

http://blogs.technet.com/mu/archive/2008/07/03/upcoming-update-to-windows-update.aspx

Patch Tuesday:

Microsoft is planning to release 4 important updates that affects Windows operating system and Microsoft Server Software.

More info at http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx

http://blogs.technet.com/msrc/archive/2008/07/03/july-2008-monthly-release.aspx

Symantec July 2008 State of Spam Report

2008-07-02T15:53:52Z

Symantec blog today that their State of SPAM report for July(PDF) has been published:

The July State of Spam Report opens with optimistic words from 2004, from one Bill Gates: “Two years from now, spam will be solved.” While we wish that we could say the optimistic words came to fruition, the reality is that it has continued to increase and is now accounting for 80% of all email. Over the past month spammers have shown in a variety of ways how they are still trying to best antispam filters. Some of the spam attacks seen in June include:
- Hacked personal email account used to scam contacts
- Spammers simplify email harvesting technique
- China Earthquake tragedy used to spread viruses
- Olympics-related lottery scam emerges
- Bogus news events continue to be used by spammers to net innocent victims

https://forums.symantec.com/syment/blog/article?blog.id=spam&thread.id=108

Adobe Reader 9 & Acrobat.com

2008-07-02T02:41:38Z

Adobe released today a new version of their free PDF reader - Adobe Reader v9. They also announce their online service at Acrobat.com (beta)

"Adobe Reader 9 adds new capabilities, better performance and stronger security.

In addition, Adobe Reader 9 includes easy access to Acrobat.com (beta), an exciting new set of online services from Adobe. With Acrobat.com, you can create PDF files online; create and coauthor documents with others; host live web meetings; upload and share PDF files and other types of documents and control who has access to them; and even embed a rich, interactive preview of your document in a web page."

http://blogs.adobe.com/adobereader/2008/06/adobe_reader_9_is_here_1.html

Download Adobe Reader v9 at http://www.adobe.com/products/acrobat/readstep2.html

For Adobe Reader support, please go to their forums:

http://www.adobeforums.com/webx/.ee6b2e6/

Thanks to Pat for the update info via Calendar of Updates

Akonix Software Says IM Networks in Danger

2008-06-29T07:07:46Z

A local security software maker has issued a warning about malicious code attacks over instant messaging networks.

Akonix Systems Inc. said it tracked 10 new malicious code attacks over IM networks in May, raising the total count of malicious worms to 73 through May 31.

The research was conducted by Akonix and its industry colleagues in IM infrastructure and security schemes: Sophos and Secunia.

Although the number of identified worms is down from last year, the sophistication has increased, said Don Montgomery, vice president of marketing. He said just one rapidly propagating Trojan or worm could take down a business network.

http://www.sdbj.com/industry_article.asp?aID=47059596.6933817.1647204.678564.81710802.301&aID2=126699

8 in 10 businesses now using Macs

2008-06-29T06:58:57Z

Enterprises love the Mac's reliability, rely on virtualization, reports Yankee Group

Nearly 80% of businesses have Macs in-house, nearly double the percentage that said they had users running Mac OS X two years ago, a research firm said today.

"Then, we were talking about onesies and twosies," said Laura DiDio, a research fellow at Yankee Group Research Inc. who conducted a survey of more than 700 senior IT administrators and C-level executives. "Now the number of actual users is very significant. A number of the businesses said that they had 50 or 100 or even several thousand Macs deployed."

In early 2006, when DiDio last polled corporate IT professionals on Mac deployment, 47% said that they had Apple Inc. hardware in their environments.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=windows&articleId=9103958&taxonomyId=125&intsrc=kc_top

Is the Google Toolbar a Trojan Horse for Ad Targeting? Is Steve Ballmer right?

2008-06-29T06:36:03Z

Is Google getting ready to serve up display ads to people based on their Web surfing habits (as opposed to their Web searching habits)? Ever since the DoubleClick acquisition closed, industry watchers have been waiting to see how Google would dip its toes into behavioral ad targeting. One rumor going around is that Google is going to target ads to people who use the Google Toolbar, which is now bundled with Dell PCs.

The rumor could be an attempt to spread FUD, but it is not just startups that are playing the privacy card. In a discussion with Washington Post editors and reporters on June 4th, Microsoft CEO Steve Ballmer raised a similar privacy issue in relation to the Dell deal.

More and the video of Steve Ballmer on Privacy: http://www.techcrunch.com/2008/06/16/is-the-google-toolbar-a-trojan-horse-for-ad-targetting-ballmer-plays-the-privacy-card/

Ballmer's Right About Privacy, Wrong About Toolbars
http://www.informationweek.com/blog/main/archives/2008/06/ballmers_right.html

Free hosting spread rogue products and MediaTubeCodec

2008-06-28T17:38:28Z

A lot of webpage being hosted freely by hostinggratisargentina.com is spreading malware because the pages is using script, redirecting user to URLs with rogue/fake scanners and fake codecs.

Screenshot, details and prevention at http://www.dozleng.com/updates/index.php?showtopic=18720

Singapore forum 'scammer' faces caning and prison

2008-06-28T04:54:37Z

A British man faces caning and a prison sentence for allegedly conning members of an IT forum in Singapore.

Members of the VR-Zone forum used "mass ordering" to make savings when buying hardware - they teamed up to make large orders which earned them discounts. But Johnson Henry Plant, a 36-year-old British national, is accused of exploiting this to con $10,000 SGD (£3,700) out of over 50 forum members.

Plant is accused of winning forum members' trust by selling small items at cheap prices. He also set up other IDs in order to give himself favourable feedback.

http://www.theregister.co.uk/2008/06/27/singapore_scam_arrest/

Taming Internet Explorer Browser Plug-Ins

2008-06-28T04:52:14Z

Poorly designed ActiveX controls can be an extremely potent weapon for cyber crooks, since most ActiveX controls distributed with third party software are marked "safe for scripting." This means that they will run when invoked and without requiring the user's permission. As a result, any Web page can use the control and its methods, which in many cases includes the ability to download and execute potentially hostile code.

The 1.5 Beta version of the AxBan, developed by Errata Security, is available from this link here. When you start the program, it will warn you that using AxBan changes the system registry and to proceed at your own risk.

http://blog.washingtonpost.com/securityfix/2008/06/taming_internet_explorer_brows_1.html