DP's Security Bits

Microsoft Corp. is spending time and money—lots of it—courting people such as Tom Ferris, an independent security researcher who runs the Web site Security-Protocols.com. And for good reason.

Ferris, who uses the online name "badpack3t," has discovered a number of serious holes in the Redmond, Wash., company's products in recent months.

These holes include vulnerabilities in the Internet Explorer Web browser, Windows RDP (Remote Desktop Protocol) and the Windows XP kernel, as well as in a wide range of other companies' software programs, including the Firefox browser.

This one had the  name of new_pict.exe , maybe trying to fool the person to click on an attachment file.

If you run this file you will get this screen asking for a screen name and password.

BOSTON (Reuters)—Japanese security software maker Trend Micro Inc. has teamed with PC maker Dell Inc. to sell Internet security software to consumers, a Trend Micro executive said on Friday.

Financial terms were not disclosed.

Starting next week Dell will load free 90-day trial versions of PC-cillin on PCs shipped to North American consumers.

In February, the computer maker will designate Trend Micro's PC-cillin software as "Dell Recommended" on its Web site catalog, said Trend Micro's president of North American operations, Lane Bess. Dell currently recommends a rival product from McAfee Inc. It puts Symantec Corp.'s second.

The arrangement does not automatically funnel sales to Trend Micro, but could help the Japanese software company's efforts to boost its North American market share, which stands at 7 percent—far behind Symantec and McAfee.

Virus writers are using fears of the bird flu to distribute a Trojan horse.

Virus writers, forever in search of opportunities to distribute their malicious code, are exploiting interest in the avian flu by circulating an e-mail with an attachment that contains information about the bird flu epidemic -- and a Trojan horse tucked inside.

"Using the bird flu is a very clever way of drawing attention and enticing those PC users less knowledgeable or concerned about security to open the attachment," said Jeanine Rother, a virus researcher at the German subsidiary of Panda Software International SL. "Although users are constantly being told not to open attachments from unknown sources, some are likely to ignore these warnings because of their interest in the epidemic and potential threat to their own lives."

Rother was unable to say how many computers have been so far infected with the Trojan horse, which the company detected in its virus lab.

Panda Software has given the malware a low-risk rating in a message posted on its Web site.

CNET News Reporting AIM worm plays nasty new trick.

A worm found spreading via America Online's Instant Messenger is carrying a nastier punch than usual, a security company has warned.

The unnamed worm delivers a cocktail of unwanted software, including a so-called rootkit, security experts at FaceTime Communications said Friday. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack.

"A very nasty bundle is downloaded to your machine" when you click on the worm link, said Tyler Wells, senior director of engineering at FaceTime. "This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend."

Oracle's security practices have come under a fresh attack from two security researchers who claim the database maker's products have serious password-protection weaknesses.

Joshua Wright of the SANS Institute and Dr Carlos Cid of the Information Security Group at the Royal Holloway, University of London, have published a paper outlining problems with Oracle's password system that they say make it "straightforward" to recover users' passwords. Wright gave a presentation on the matter at the SANS Network Security conference in Los Angeles earlier this week, SANS said.

Microsoft is tightening up the way its Internet Explorer browser handles HTTPS for version 7, which is used to secure online transactions, in an attempt to give people more protection online.

In a posting on the Microsoft Internet Explorer blog, IE program manager Eric Lawrence said that IE7 would support the Transport Layer Security (TLS) protocol by default.

Existing versions of IE automatically use the SSL 2.0 protocol, which is weaker than TLS, to encrypt user data, although it is possible to manually switch to TLS.

The Anti-Spyware Coalition offered up standard guidelines on Thursday for detecting, rating and protecting against unwelcome programs that have plagued Internet users in recent years.

The group, composed of software companies and consumer advocates, also finalized its definition of spyware, veering little from the version it proposed in July.

The coalition defines spyware and other potentially unwanted technologies as programs deployed without sufficient user consent or impair user control over any of the following: privacy, system security and user experience; use of their system resources; or collection, use and distribution of personal information.

Urgent Virus Warning

Criminals are currently sending virus contaminated e-mails which appear to originate from Nero (e.g. register@nero.com  or sales@nero.com ).

Please delete such e-mails immediately and do not under any circumstances open the attachments.

Nero does not send any e-mails with attachments concerning registration.

The August attack of the Zotob bot worm was milder than other major events, but still cost victims an average of nearly $100,000 to clean up, a security company said Wednesday.

Virginia-based Cybertrust surveyed 700 enterprises on the impact of Zotob, a bot worm that exploited a vulnerability in Windows 2000 during August, 2005. Although Zotob wasn't as widespread as other notable malware, such as Sasser, MSBlast, or Slammer, it raised a ruckus in media companies and briefly slowed overall Internet traffic.

"Sasser had more impact," said Russ Cooper, Cybertrust's senior information security analyst. "Compared to earlier worm outbreaks, Zotob impacted significantly fewer organizations." Techweb Story

A major UK government campaign to help consumers and small businesses protect themselves from internet security threats launches in the UK on Thursday. The 'Get Safe Online' campaign aims to arrest the growth in computer security risks that threaten to slow down the rise of ecommerce. The scheme - backed by the launch of a www.getsafeonline.org website - aims to help the public to become more "cyber-savvy" and to consolidate net security information, which is currently fragmented.

Research from Get Safe Online has found that over three quarters of the UK’s population (83 per cent) don’t know enough about protecting themselves online. Nearly half (42 per cent) of the population rely on friends and family for online safety advice rather than finding expert information for themselves. This lack of education, which Get Safe Online aims to address, threatens to undermine confidence in an online retail economy is worth £10bn a year. An estimated 14m use online banking.

Networking Pipeline reports that Juniper Networks has announced a network security solution designed to defend voice over IP (VoIP) systems from session initiation protocol (SIP)-based attacks.

The Dynamic Threat Mitigation solution brings Juniper's routers and intrusion detection and prevention (IDP) systems with its service deployment system (SDX) to create a single unified security solution. The solution mitigates SIP-based denial of service (DoS) attacks and worms by allowing enterprises and providers to identify and respond to them individually.

Skype has put out a critical update to its telephony software following the discovery of a number of critical flaws.

If exploited, two of the flaws could allow attackers to take over a Skype user's system, the company said in an advisory. These flaws affect a number of Windows versions of the software ranging between version 1.1 to 1.4.

Microsoft plans to adopt a stronger cryptography protocol in the next version of its web browser software, Internet Explorer 7. IE7 will replace the SSLv2 (Secure Socket Layer) protocol with the sturdier TLSv1 (Transport Layer Security) protocol in default HTTPS protocol settings as a means to provide improved security for ecommerce transactions, according to a posting in Redmond's official IE development blog.

Users of IE6 can manually configure these stronger settings but the changes will mean that more users will be directed towards using the stronger SSLv3 or TLSv1 protocols rather than SSLv2. The change should be seamless for end users but adoption of the stronger encryption protocol by a wider percentage of surfers could create some work for sys admins.

The problem presents itself in the way various anti-virus software determines the type of file it is scanning.

An attacker can exploit this vulnerability to pass malicious files passed the anti-virus software. This results in a false sense of security, and ultimately could lead to the execution of arbitrary code on the victim user's machine.

Three weeks ago, Hoglund discovered that Blizzard's games also install a program, dubbed "The Warden," that checks a player's computer memory for running processes that match certain software tools that are considered cheats. The check is automatic, only reports violators, and explicitly allowed under the terms of service and end-user license agreement. Hoglund, the CEO of software analysis firm HBGary, argues that the anti-cheating tool is also spyware.Blizzard disagrees.

Now, Hoglund has created a tool that he calls "the Governor" to show players what the Warden program is actually doing. He hopes that the demonstration will expand consumer's definition of spyware.

Wibbly Wobbly Web
By John Leyden

Four in five authoritative domain name system (DNS) servers across the world are vulnerable to types of hacking attacks that might be used by hackers to misdirect surfers to potentially fraudulent domains. A survey by net performance firm the Measurement Factory commissioned by net infrastructure outfit Infoblox of 1.3m internet name servers found that 84 per cent might be vulnerable to pharming attacks. Others exhibit separate security and deployment-related vulnerabilities.

Pharming attacks use DNS poisoning or domain hijacks to redirect users to dodgy urls. For example widespread attacks launched in April attempt to fool consumers into visiting potentially malicious web sites by changing the records used to convert domain names to IP addresses. These particular pharming attacks exploited name servers that allow recursive queries from any IP address. Recurssive queries are a form of name resolution that may require a name server to relay requests to other name servers.

The Voice over IP Security Alliance (VoIPSA) today announced its much anticipated VoIP Security Threat Taxonomy, a classification and description of the types of security threats that affect IP telephony.

Identified as the alliance's first major task when VoIPSA was formed last February, alliance secretary and taxonomy project head Jonathan Zar, who is also SonicWALL Senior Director, say that the taxonomy is the first step in dealing with VoIP security. "When we were asked by the press and the regulatory community about threats, we weren't always talking about the same thing," he says. "Everyone was talking about their part of the elephant."

By defining the kinds and nature of threats, Zar says VoIPSA hopes to give the Internet voice industry a common reference point to deal systematically with VoIP security issues. "Many vendors said they could solve the problem themselves, but by going to the taxonomy, it became clear that there would still be gaps," he says. "For example, voice spam was perceived as a big deal at the beginning, but it became clear early on that deceptive practices would be a bigger threat,"