August 2004 - Posts
A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22:
F-Secure provided an interesting report from DEFCON's 12th annual conference as noted below:
DEFCON is the largest underground hacking event in the world with thousands of black, grey and white hat hackers gathering for a weekend in extreme heat (41 C today) in Las Vegas.
This year's program is especially interesting from antivirus point of view, as several conference speakers focus on the issue. Today we've heard two presentations on mobile phone and PDA security, with direct implications for future mobile viruses. It seems perfectly possible that we will see totally automated Bluetooth worms in the future. Such worms would spread airborne among the mobile phone population, and really would spread much like flu - to get infected, it's enough to be close enough.
There has also been lots of discussion on Windows XP Service Pack 2, which should be out in August. This service pack includes a firewall which monitors traffic in both directions and which will be on by default. SP2 will also have generic protection against overflows. Consensus is that once SP2 becomes commonplace, it will make it much harder to create automatic network worms like Blaster or Sasser.
DEFCON Home Page
DEFCON 12 Conference - Key Information
Two new vulnerabilities for Mozilla Firefox have been recently documented by Secunia as “Moderately Critical“ (3 on the scale of 5).
Please be careful of URL links in untrusted websites and email messages with any browser you use.
Mozilla User Interface Spoofing Vulnerability - 07/30/04
A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface, 2004. The problem is that Mozilla and Mozilla Firefox don't restrict websites from including arbitrary, remote XUL (XML User Interface Language) files. This can be exploited to "hijack" most of the user interface (including tool bars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees. The Mozilla user interface is built using XUL files. A PoC (Proof of Concept) exploit for Mozilla Firefox has been published. The PoC spoofs a SSL secured PayPal website.
Mozilla Firefox "onunload" SSL Certificate Spoofing - 07/26/04
It is possible to make the browser load a valid certificate from a trusted website by using a specially crafted "onunload" event. The problem is that Mozilla loads the certificate from a trusted website and shows the "secure padlock" while actually displaying the content of the malicious website. The URL shown in the address bar correctly reads that of the malicious website.
More Posts « Previous page