September 2008 - Posts
The new Chrome browser had a security and functional update on September 5th and most users should autoupdate in a transparent fashion. The "carpet bombing" and a few other issues were resolved in this first update. Please remember that this is a beta product and it must be used carefully until it's security controls are well established.
Google Chrome - First Security Autoupdate
QUOTE: Google Chrome version 0.2.149.29 was released on 5 September 2008, and all users are being automatically updated. Automatic updates are a key security feature in helping to ensure the safety of Google Chrome users.
1. Fix a buffer overflow vulnerability in handling long filenames that display in the Save As... dialog.
2. Fix a buffer overflow vulnerability in handling link targets displayed in the status area when the user hovers over a link.
3. Fix an out-of-bounds memory read when parsing URLs ending with :%. This is a low risk that can be used to crash the entire browser, possibly causing loss of data in the current session.
4. Change the default Downloads directory if it is set to Desktop, and ensure that Desktop cannot be the default.
5. Fix a couple of data transfer issues with the Safe Browsing service causing unnecessary traffic.
7. Fix search suggestions not working properly on several non-United States sites.
Major spam runs have occurred with files pointing to Imageshack, a major image hosting site. Folks need to be careful of any URL or file received in email that ends with an SWF extention.
More Spammed ImageShack SWF URLs
QUOTE: The technique used in the spam has two things going for it: (1) the use of SWF instead of EXE and (2) the use of an ImageShack-hosted file, both of which may suggest to normal users that the file is possibly harmless. So it seems the siege of rogue AV is not only not dying down, its proponents are becoming more creative in their “advertising” schemes.
More importantly, everyone should ensure they are on the latest version of Adobe's Flash, as this will help prevent malware infections from these attacks. It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124.
Adobe test site which will show latest version (should be 9.0.124)
How to manually update if needed (be sure to uncheck Google Toolbar)
On September 7th, Google will celebrate it's 10th anniversary as noted in the article below.
Google is world's most powerful 10-year-old
QUOTE: When Larry Page and Sergey Brin founded Google Inc. on Sept. 7, 1998, they had little more than their ingenuity, four computers and an investor's $100,000 bet on their belief that an Internet search engine could change the world. It sounded preposterous 10 years ago, but look now: Google draws upon a gargantuan computer network, nearly 20,000 employees and a $150 billion market value to redefine media, marketing and technology.
A visitor to my blog, shared some interesting findings related to Vista. While my personal experience has been limited with Vista, I agree that this issue could potentially bypass Vista's UAC controls. For example, it would bypass warning that a rouge application is manipulating the Chrome environment itself and altering it for malicious purposes.
It is recommend to use this beta release cautiously and for test purposes until it is deemed to be more secure, e.g., some issues have already been documented within a few days of it's release.
Google Chrome plays outside of Vista Security Zones
QUOTE: Google Chrome installs under your local user settings. In my case its the folder C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\Application. This means we now have an app running outside of Vistas regular security zones.
You need elevated rights in Vista to modify files that lie under C:\Program Files but not to modify files under C:\Users\<your user>\. This means that any app that might run on your machine can do what ever changes to the Chrome application that it wishes!
This software should be avoided if it is offered via a pop-up. As it simulates a message users might see from their Anti-Virus, it may trick in-experienced users.
New rogue security product: Smart Antivirus 2009
QUOTE: Smart Antivirus 2009 is a new rogue security product and a near clone of AntiSpyware 2008
For the best level of safety, please use this technique if you encounter ANY pop-up related malware
Malware Close Encounters - Close Pop-ups using Task Manager to safely exit
More information can be found here:
These links highlight some of the security features for this new browser. The sandboxing design and privacy mode are indeed good features. As these related articles describe, I also found that the download default location needs to be reset to help prevent carpet bombing attacks.
Google Chrome - Security overview
QUOTE: Google's new browser, Chrome, has quite a few security-related features:
-- Site blacklists to protect against malware and phishing
-- A privacy mode (Incognito) to erase tracks of user activity.
-- A thorough Clear Browsing Data dialog box.
-- But the really innovative feature is the way Google has built the browser's rendering engine to run in a sandbox. Each browser tab is an isolated process running with limited capabilities. This means that if a malicious application were to run, it could not crash, interfere with or impede the others running in other tabs. It also means that the app cannot do things, like write to the file system, that could make the malicious app persistent.
Google Chrome vulnerable to carpet-bombing flaw
QUOTE: Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.
DoS vulnerability hits Chrome
QUOTE: Security researchers release proof-of-concept for a denial of service vulnerability that is successfully crashing the Chrome browser with all tabs.
As an IT professional, I enjoy testing new products. As a beta software product, it should be used for TEST purposes only. Below is a preliminary evaluation.
- Reliable (no crashes)
- Compatible with most sites
- Fast performance under XP SP3
- Easy-to-use User Interface
- Automated Installation process
- Tabular browsing
- Lacks advanced features found in other browsers
- EULA is lengthy and should be carefully evaluated
- Security must be established
- Beta versions are for experienced IT users only
Google Chrome Browser - New Beta version
Comprehensive EULA - Please read
As individuals desire to help those in need later after major events, numerous sites have emerged. While many of these newly registered sites are for sale, some are most likely set up for fraudulent purposes. It is always advisable to contribute to mainstream charity organizations, including the Red Cross and Salvation Army. As other official sites emerge, always carefully key in and verify the URL for accuracy to avoid fraudulent phishing attacks or malware infections.
2008-09-01 Marcus Sachs Gustav Part III
2008-08-31 Marcus Sachs More Hurricane Domains
2008-08-30 Marcus Sachs Here we go again - Hurricane Relief Sites
QUOTE: Remember three years ago when hurricanes Katrina and Rita hit the US Gulf coast? On the day Katrina hit New Orleans hundreds of donation sites appeared online, many if not most were scam sites. Well this time around it looks like the people who like to register domain names in anticipation of a storm's arrival have already started registering them for Gustav and Hanna.
I'm not suggeting that they are up to no good, but simply pointing out that the rush has started and we need to make sure our users are aware of the potential for scam sites appearing online in the next few days. I checked several of them and the sites i viewed are just parked with a "for sale" sign on them. Nothing wrong with that, but it's only a matter of time before the "donate here" buttons start showing up.
Fake Western Union malware attacks have emerged in addition to those recently documented for UPS and FedEx. Users should avoid and delete these spammed messages. If there are any questionable items, it is safer to call the local offices of these shippers directly.
Fake Western Union Invoice Attacks
QUOTE: Here we go again — another invoice spam run! Apparently, invoice spam has recently gained popularity among spammers. We’ve seen invoice spam runs related to UPS, FedEx, and of course, German-language Rechnung spam receipts. Now, this new invoice spam claims to come from Western Union, informing recipients that their credit card-issuing bank has halted the transaction by the demand of the “Federal Criminal Investigation Service”.
More Posts « Previous page