May 2007 - Posts
Kim Komando highlighted this on her radio program this weekend. Apparently, TJX was using a WEP based wireless security implementation and crackers were sitting out in the parking lot gathering confidential information. Wireless LANs should use the latest equipment and best protective standards (e.g., WPA2 or WPA), as security is only as good as it's weakest link.
TJX’s failure to secure Wi-Fi could cost $1B
QUOTE: The news of the TJ Maxx data breach has rocked the retail and banking industry, and many estimate that it will cost hundreds of millions or even a billion-plus dollars in financial damage. It was already widely reported back in March that the TJ Maxx breach was probably due to an insecure wireless network, but the Wall Street Journal is now reporting that it happened outside of a St. Paul, MN, Marshalls discount store in July 2005 (Marshalls is owned by TJX Cos.) WSJ is reporting that investigators believe that the hacker used a laptop and a telescope-shaped antenna.
What's most alarming about this is that most of the major retailers during that time were running WEP and many are STILL running some form of WEP. There's no reason to believe the same attackers didn't try this sort of attack on many other retailers and are still actively attacking networks today. Many businesses and organizations, including hospitals, are STILL running WEP or some other useless form of security. Some are running a slightly better enterprise version of WEP, which uses per-session per-user dynamic keys that supposedly rotate every hour, but even that's worthless since the third-generation of WEP cracking tools can break WEP in under a minute.
Below are additional resources and the 69 page electronic book requires that you become a Tech Republic member (this is free and I've been a member for several years):
FREE Wireless Security e-book download
George Ou - More on Wireless LAN security
Simple Advice for Wireless Home Networking
This applies mainly to home product versions and autoupdating may have repaired this for users who have this enabled
McAfee Security Center Buffer Overflow Vulnerability
The fix has reportedly been available via automatic updates since March 22, 2007.
Update to Security Center version 7.2.147 and 6.0.25, or higher.
McAfee Internet Security Suite 6.x, 7.x, 8.x, 2007
McAfee Total Protection 2007
McAfee VirusScan Plus 2007
McAfee PC Protection Plus 2007
McAfee VirusScan 8.x, 9.x, 10.x
McAfee Personal Firewall Plus 5.x, 6.x, 7.x
McAfee Privacy Service 6.x, 7.x, 8.x
McAfee SpamKiller 5.x, 6.x, 7.x
McAfee QuickClean 4.x, 5.x, 6.x
McAfee AntiSpyware 1.x, 2.x
McAfee Wireless Home Network Security 1.x
Microsoft has released the following new security bulletins for May:
Microsoft Security Bulletins - May 2007
Brief Summary of Bulletins and Products Affected
MS07-023: Excel - all currently supported versions
MS07-024: Word 2000, 2002, 2003, 2004 (Mac)
MS07-025: Office (all currently supported versions)
MS07-026: Exchange (all current versions)
MS07-027: Internet Explorer - all current versions
MS07-028: CAPICOM, BizTalk Server
MS07-029: Windows 2000 Server, Windows Server 2003
ISC Detailed Analysis - Some are rated as "Patch Now"
Passwords are one of our primary security safeguards. This site allows you to key in a password and test it immediately. Recently, I've adopted the following practice to ensure all my passwords are rated as strong:
- Passwords of 8 characters (or more)
- Include both letters and numbers
- One upper case letter and the rest as lower numbers
Microsoft Security - Check the Strength of your Passwords
Microsoft Security - How to create strong Passwords
Users should avoid suspicious emails or other attempts that request activation of their Windows environment. Microsoft does not send emails for this process and does not ask for credit card details. Windows activiation is a one-time process only required during the initial install process. The screens and HTML used in this attack are realistic.
Kardphisher - Trojan Horse Spoofs Windows Activation
QUOTE: The Trojan pretends to be a legitimate Microsoft activation program and tricks the user into entering their credit card details to activate Windows. The Trojan shuts down the compromised computer if the user does not enter their credit card numbers.
HMTL by trojan emulates Windows Activation
Windows Activation process further asks for credit card info
This new IRC based attack may take advantage of an important security vulnerability patched by Microsoft during late 2006:
IRCBOT.AAS - Exploits MS06-040 if unpatched
QUOTE: This BOT takes advantage of MS06-040. The specially crafted packet is embedded in the body of this IRCBot and is XOR'ed by 99h. The BOT will then wait for a "Scan" command from a remote user. In this case, the BOT will send this specially crafted packet to all IP addresses that the remote user specified to the BOT.
When successfully logged in to the BOT, the remote user can do the following IRC commands:
Joins/Part an IRC channel
Send private/channel messages
Change the BOT's nick
Quits the IRC server.
Checks the BOT's ID and version.
Check the up-time of the BOT
Logout from the BOT.
Update the BOT.
Microsoft has issued the advance warning on patches coming out next week. Looks like security and system admins will have their work cut out for them. We have Two Critical for Windows, two critical for Office, one Critical for Exchange and one critical patch for CAPICOM and BizTalk. Two non-security patches are scheduled for Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Patches - May 2007
Summary of the patches:
• 2 for Windows
• 3 for Office
• 1 for Exchange
• 1 for CAPICOM
• 1 for BizTalk
• 6 NON-SECURITY High-Priority Updates
These "Month of" projects, where working exploits are publicly disclosed, often do more harm than good for the cause of security. Private disclosure is a safer method of sharing vulnerabilities with software vendors. The month of May might be more active after some quieter times in the past couple of weeks. Two new MS Office ActiveX weaknesses have been noted as follows:
MOAXB Project - Month of Active X Bugs
Day 1 - Powerpoint vulnerability
Day 2 - Excel vulernability
As AV vendors use different naming conventions, some of the names used will differ. This is an interesting categorization of malware, that we have to always defend our users from.
Kaspersky - Top 10 categorizations of malware
QUOTE: It’s that time of the month again – when a young man’s mind turns to browsing virus collections.
1. Greediest Trojan Targeting Banks - Trojan-PSW.Win32.Agent.km takes this title this month. Not only does this Trojan wage war against 42 banks at once, it also attempts to intercept TAN-codes, which once again proves that this kind of protective measure does not present much of an obstacle for cyber criminals. The Trojan’s victims include many leaders in the global banking sector.
2. Greediest Trojan Targeting E-payment Systems - this title goes to one of the modifications of Trojan-Spy.Win32.Banker.clu, which is programmed to gain access into three different electronic money systems.
3. Greediest Trojan Targeting Plastic Cards – the title goes to Trojan-Spy.Win32.Banker.ciy. Last month, the malicious program that took this title was programmed to access three plastic card systems at once. Banker.ciy wins because it targets 5 systems instead of 3.
4. Stealthiest Program - this month Backdoor.Win32.Hupigon.elw takes the title – it is packed seven times with different .exe file packers.
5. Smallest Malicious Program - is the 51 byte Hoax.Bat.AlotWindows.a, which plays a mean joke on Internet users. When this program is launched, it begins to open a series of windows on the user's computer with the text "DDoS DOS!" In reality, opening windows is all Windows.a is capable of.
6. Biggest Malicious Program - Trojan.Win32.Haradong.ao weighs in at a hefty 182 MB (!). This file is spread under the guise of a video file, with the extension “avi.scr.” It’s very large size is attributed solely to that fact.
7. Most Malicious Program - Backdoor.Win32.Rbot.aeu blocks security solutions using a variety of methods.
8. Most Common Malicious Program in Email Traffic - Email-Worm.Win32.NetSky.q, which has been around for years, but still managed to account for 14% of all malicious email traffic in March, which just goes to show that the older malware is still going strong.
9. Most Common Trojan Family - once again it is the Chinese Backdoor.Win32.Hupigon family, with a mere 326 modifications instead of the 368 we saw last month.
10. Most common virus\ worm family - goes to the well known Warezov worm again; with 44 new modifications detected this month.
A review related to the new version of Thunderbird 2.0, which is Mozilla's open source email client
Computer World - First Look at Mozilla Thunderbird 2.0
When it comes to choosing an e-mail client... well, there really aren't that many popular options. Corporate e-mail users tend to have their client dictated to them by IT, which usually means Microsoft Outlook or Lotus Notes. For personal use, many people just use the old standbys out of habit: Outlook Express/Windows Mail under Windows and Apple Mail under Mac OS X. The once-popular Eudora seems to be fading into a niche product (and is going open-source at some point this year).
The one e-mail client that seems to still be on the rise is the open-source Mozilla Thunderbird, which recently hit Version 2.0. While it hasn't changed radically, the new release includes several new features, most notably for organizing and finding messages. In this review, we'll assess which additions are useful and which are fluff.
More Posts « Previous page