DP's Security Bits

Microsoft plans to file more than 50 lawsuits worldwide against online merchants who allegedly peddle counterfeit software on popular auction sites, the software giant said Monday.

The actions include 15 lawsuits in the U.S., 10 in Germany, 10 in the Netherlands, and five each in France and the United Kingdom, Microsoft said. Additional cases are being filed in Argentina, Australia, Belgium, Korea and Poland, the company said.

Continues at news.com.com 

Hard-drive maker Seagate Technology on Monday provided more details on encryption technology designed to make life tougher for computer thieves.

The Scotts Valley, Calif.-based company has developed full-disk encryption technology that can be built into hard-disk drives. The new Seagate DriveTrust Technology automatically encrypts all the data written to the disk, making it inaccessible to anyone who doesn't have the correct password when the computer first boots up.

Story at news.com.com 

Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim's username and password to a remote server hosted in France.

Netcraft 

Some of the world's top crypto minds shared the stage at the Thirty Years of Public-Key Cryptography anniversary event at the Computer History Museum last night. NYT reporter John Markoff, who has covered Silicon Valley for 30 years, was master of ceremonies, and started off by saying the no technology has had a more profound impact than cryptography, and that the role of public-key cryptography has been under appreciated for its role in the Internet. Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.

http://blogs.zdnet.com/BTL/?p=3847 

 A significant rise in the global volume of spam in the past two months has security analysts worried that bot nets are increasingly being used by spammers to stymie network defenses erected to curtail bulk e-mail.

Estimates of the magnitude of the increase in junk e-mail vary, but experts agree that an uncommon surge in spam is occurring. On the low side, Symantec, the owner of SecurityFocus, has found that average spam volume has increased almost 30 percent for its 35,000 clients in the last two months.

Story continues at securityfocus.com 

eWeek 

Alan Cox, one of the most respected figures in the U.K. open-source community, has warned about complacency over the security of open-source projects.

Speaking to delegates at London's LinuxWorld conference on Wednesday, he emphasized that considerable sums of money were being spent in attempting to hack into open-source systems.

And he cautioned that many open-source projects were far from secure.

Story at news.com.com 

Overview

Description:
A vulnerability has been reported in various Symantec products, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an improper validation of the output buffer address space of a "DeviceIOControl()" call in the SAVRT.SYS device driver. This can be exploited to overwrite kernel memory and execute arbitrary code with elevated privileges.

The vulnerability is reported in the following versions:
- Symantec AntiVirus Corporate Edition 8.1
- Symantec AntiVirus Corporate Edition 9.0.3 and earlier
- Symantec Client Security 1.1
- Symantec Client Security 2.0.3 and earlier

Solution:
Update to a fixed version (see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits Boon Seng Lim.

Original Advisory:
Symantec:
http://www.symantec.com/avcenter/security/Content/2006.10.23.html

http://secunia.com/advisories/22536/ 

Windows Defender detects and removes known spyware from your computer, which helps make your Internet browsing safer.

The software uses automatic definition updates provided by Microsoft analysts to help detect and remove new threats as the threats are identified.

Improvements in Windows Defender

Not to be outdone by Microsoft's recent release of Internet Explorer 7, Mozilla will release the second major version of its rival Firefox browser on Tuesday, October 24.

According to Mozilla Vice President of Products Christopher Beard, Firefox 2.0, which should be available on Tuesday if all goes according to schedule, includes key new usability features missing in the new IE 7.

For over a year, subscribers to the Full Disclosure security mailing list had to endure the taunts and rants of a self-styled vulnerability researcher known as "n3td3v."

The troll--as such taunting posters are dubbed--would frequently ignite massive angry e-mail responses, or flame wars, at times limiting the usefulness of the Full Disclosure list. Over time, n3td3v took on multiple online personalities, or gained members of the n3td3v group, and attempted to create an online security hub. 

Story at securityfocus.com 

Opera issued an advisory this week for its eponymous browser detailing a flaw in the way the software handles long links--a vulnerability that could be exploited to run programs on a victim's system.

The patch is a relative rarity for Opera, which consistently has the lowest vulnerability count every year, but also has the lowest market share among the major Internet browser for the Windows operating system. The Opera browser had 7 documented vulnerabilities in the first half of 2006, compared to 47 for Mozilla's Firefox and 38 for Microsoft's Internet Explorer, according to Symantec's Internet Security Threat Report.

Securityfocus 

From the Microsoft Security Response Center blog,

"We’ve gotten some questions here today about public reports claiming there’s a new vulnerability in Internet Explorer 7.  This is an issue that we have under investigation and so we have some technical information we can share about the issue.

These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express."

“We listened carefully to our customers and are delivering a safer browser that makes the tasks they do every day much easier,” said Dean Hachamovitch, general manager of the Internet Explorer team at Microsoft.

Press Release 

Description:
A vulnerability has been reported in Opera Web Browser, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing overly long URLs. This can be exploited to cause a heap-based buffer overflow by passing an overly long URL (more than 256 bytes) in a tag.

Successful exploitation allows execution of arbitrary code when a user visits a malicious website.

The vulnerability is reported in versions 9.0 and 9.01 on Windows and Linux. Version 8.x is reportedly not affected.

Solution:
Update to version 9.02.

http://secunia.com/advisories/22218/ 

We recently discovered that a small number - less than 1% - of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus. This known virus affects only Windows computers, and up to date anti-virus software which is included with most Windows computers should detect and remove it. So far we have seen less than 25 reports concerning this problem. The iPod nano, iPod shuffle and Mac OS X are not affected, and all Video iPods now shipping are virus free. As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

Apple Support 

A security flaw in the binary NVidia graphics drivers used by many Linux systems could allow an attacker to compromise, through a malicious Web page, any computer using the company's driver, security firm Rapid7 stated on Monday.

Securityfocus 

Netflix has fixed weaknesses in its Web site that could have let outsiders change a user's address, add movies to their rental queue, and potentially hijack their account.

The problems were repaired before they became publicly known, Steve Swasey, a Netflix spokesman, said on Monday. "It is an extremely remote possibility that it would have affected any of Netflix's 5.2 million members," he said.

Story at news.com.com