June 2007 - Posts
This article shares interesting technical information about how they physically store information.
Five things you never knew about flash drives
Microsoft Security Bulletins for June 2007
QUOTE: As part of Microsoft's routine, monthly security update cycle, we released the following security updates in June:
• MS07-030 - addresses a vulnerability in Microsoft Office and Visio (KB927051)
• MS07-031 - addresses a vulnerability in Microsoft Windows (KB935840)
• MS07-032 - addresses a vulnerability in Microsoft Windows (KB84693)
• MS07-033 - addresses a vulnerability in Microsoft Windows, Internet Explorer (KB933566)
• MS07-034 - addresses a vulnerability in Microsoft Windows (KB929123)
• MS07-035 - addresses a vulnerability in Microsoft Windows (KB935839)
This is an interesting chart reflecting major companies and how they handle privacy protection of their users and customers. Thankfully, Google is taking steps to address concerns by anonymizing server logs. All companies should address this concern to ensure they follow best practices in protecting the privacy of their user base. Thanking Rod Trent at My IT forums for sharing this article.
ARTICLE - Google named worst privacy offender in study
CHART - Matrix summary of major companies (6 Page PDF)
QUOTE: A new report puts Google in last place when it comes to privacy protection. Despite recent moves to anonymize server logs and other pro-privacy gestures, Privacy International called the company "an endemic threat to privacy." Only Google earned the dismal "black" color bar from the group, which has just issued a report on Internet privacy that took six months to assemble (see the rankings. The current report is preliminary; final results will be released in September.
The report rated top Internet companies on privacy issues and distilled the various results into a single color bar. Microsoft was two ranks up from Google, earning a curry-colored "serious lapses" rating. Amazon scored one level higher with its yellow "notable lapses" rank, and eBay did even better, earning a coveted blue bar. No company earned a top mark, however.
Users of Yahoo's Messenger Instant Messaging need to move to the latest version as quickly as possible. Two serious seriousy vulnerabilities have surfaced that are now being exploited in-the-wild Yahoo repaired these deficiencies within hours and the first link below provides the site for downloading the more secure version.
Solution -- Update to the latest version:
Yahoo Messenger exploits seen in the wild
Two Yahoo Messenger vulnerabilities (with PoCs)
Yahoo Messenger - Overview of Vulnerabilities
QUOTE: Two vulnerabilities in Yahoo Messenger can be exploited by malicious people to compromise a user's system.
1) A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the "Server" property and then calling the "Send()" method.
2) A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the "Server" property and then calling the "Receive()" method.
Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 188.8.131.52. Other versions may also be affected.
Microsoft's security bulletins use an improved format starting this month to better convey which products will be specifically patched. June appears to be a busy month for corporate ADMINS to patch Windows, IE, Office, and other products.
Microsoft June Security Update - New format for advance notices
June 12th is patch Tuesday for Microsoft products and they plan to release four critical patches that address remote code execution vulnerabilities found either in Windows, Office, IE, and other products. Microsoft also plans to release seven non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
As I've been developing web pages for over a decade, I use Firefox and Opera to test them in ensuring any browser will work. I've been using Firefox 3.0 nightly builds for a while as a complementary browser with IE 7 and give it good marks in security and functionality.
New Firefox 3.0 preview goes 'Places'
QUOTE: Mozilla Corp. late yesterday released the next-to-last planned alpha edition of Firefox 3.0, the first preview to include a major chunk of the browser's revamped bookmark and history tool. Alpha 5 of Firefox 3.0, which still carries the codename Gran Paradiso, includes the bookmarks portion of Places, the feature that at one time was slated to appear in Firefox 2.0. Last year, however, Mozilla yanked the searchable bookmark-browser history from 2.0 and said it would appear in 2007's Version 3.0.
On June 6, 1977 I joined Atlantic Mutual Companies as a Senior Programmer/Analyst. As I now celebrate my 30th anniversary in the insurance profession, I'm thankful for the company which gave me an excellent start. As they firmly believed in training and having the best workforce possible, they invested in improving my IT, Project Management, and insurance knowledge. This investment in my career led to 10 professional designations which appears as alphabet soup behind my name. More importantly, they taught me to invest in yourself through continuing education, as what better investment can one make in their career?
I remained with the company for over 26 years, until it went through extensive downsizing. I'm now an IT professional with Fairfax IT Services which purchased the data center. I still work at the same original building as shown above and have been coming here to work for almost 30 years (e.g., construction of the Data Center was finished a year later in 1978). I'm am thankful to be celebrating year 30 in the profession. I still don't feel old even in reaching this professional milestone.
The ISC is reporting spammed password protected zip files (with the password included in the email message), that pretend to be "breaking news articles" from official sites. The malware component will "phone home" and most likely download malware agents. AV protection will be very limited for a day or so. Users always avoid opening these types of attachments and get their news from official websites instead.
Spammed News Headlines with password protected zip file
Attachments include names such as "<news organization>-news<digits>.zip". The binary once executed appears to callhome via an HTTP POST to at least one of two websites
Microsoft's next version of VS has been announced at the Tech Ed conference in Orlando
Microsoft announces Visual Studio 2008
QUOTE: At its TechEd 2007 conference here, Microsoft announced June 4 that the next version of Visual Studio, which has been known by the code name "Orcas," has been dubbed Visual Studio 2008.
In addition, C. Joe Marini, group product manager of developer marketing at Microsoft, said beta 2 of Visual Studio 2008 will become available later this summer and will include a new feature known as the Visual Studio Shell. The Visual Studio Shell enables developers to create and distribute their own custom tools built on top of the Visual Studio IDE (integrated development environment).
The Visual Studio Shell will operate in two different modes. The first is the Integrated Mode, which is for developers creating programming language integration with Visual Studio, Marini said. The second is known as Isolated Mode and is for Microsoft partners and customers who want to take the base technology of Visual Studio and custom brand it.
Based on personally testing corporate AV products head-to-head, I've found McAfee provides a robust scanning engine. However, this advanced rootkit alters Windows services in such a manner than only the latest version of McAfee's corporate and retail products can detect it (although older versions can detect this using SAFE MODE, if the user discovers this new type of rootkid infection).
W32/Almanahe.c - New Variant of this Advanced Rootkit
Due to the nature in which this virus operates once a machine is successfully infected, read-access to the DLL and SYS components of the virus may be denied. VirusScan 11.x and VirusScan Enterprise 8.5 or newer can detect and remove these rootkit-protected components directly. Older products may be able to detect this using Safe Mode
More information can be found here:
A new exploit affecting version 5 only has surfaced. The working exploit discloses sensitive information but doesn't execute malware code so far.
IIS 5.0 authentication bypass exploit -- CVE-2007-2815
QUOTE: The exploit was discovered on December 15, 2006, and made public since the end of May 2007. The design of IIS 5.x allows to bypass basic authentication by using the hit highlight feature.
KB-328832: Hit-highlighting does not rely on IIS authentication
QUOTE: We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security.
While this proof-of-concept virus isn't a true threat yet, it does demonstrates that any code can be potentially vulnerable. If this was a true virus, it would clear the screen and always return an "89" as the answer (i.e., as the calculator is now broke and will only display "t89.GAARA"). This development will be interesting to follow and I'm thinking TI might be able to fix this hopefully.
TIGRAA -- TI-89 Calculator Virus Links
QUOTE: Essentially, this calculator is a small computer that runs programs. One can get a wide variety of games for it - from classic Tetris and Pacman to full-blown chess! There is little security built in so programs have full access to all other programs - just like in the time of DOS for IBM PCs.
Reliable detection of this proof-of-concept virus (we call it TIOS/Tigraa) is easy, even though it attempts to hide by obfuscating the call to the virus body within the infected file. The problem is that there is no AV software yet for calculators so protection can only be built on a PC. This would not block propagation between calculators should similar virus ever gets into the field. Fortunately, the chances of this happening are rather slim.
Virus.TI.Tigraa.a is a memory resident virus, and in the best tradition of DOS viruses, it's a mere 492 bytes in size. It works on Texas Instruments TI-89 graphing calculators (the TI-89, TI-89 Titanium, and the Voyage 200 which will run most programs for the TI-89) with the Motorola 68000 processor. The virus is designed to clear the screen and then display a message saying 't89.GAARA'.
More Posts « Previous page