November 2009 - Posts
A denial-of-service creates an endless loop where PCs or servers become unresponsive. The Windows 7 security system will prevent malware infections to the system itself for this specific attack. An infected system could lock up and require rebooting if an attack were successful.
These attacks may spike to 100% CPU utilitzation or be overwhelmed with intense network traffic. Windows 7 and Server 2008 R2 and users should keep autoupdates enabled and monitor developments for a forthcoming patch. Keeping your firewall enabled and AV protection in place also provides protection for current unpatched systems.
Windows 7 and Server 2008 R2 - SMB denial of service attack exploit
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://isc.sans.org/diary.html?storyid=7597
http://isc.sans.org/diary.html?storyid=7573
QUOTE: this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin MS09-050 which addressed a remote code execution vulnerability in the SMBv2 protocol. This vulnerability would not allow an attacker to take control or install malware on a user’s system, but could cause the affected system to stop responding until manually restarted.
MSRC - Excellent site to monitor further developments
http://blogs.technet.com/msrc/
Rogue security products are popular methods of attack as evident by AntiVirus 2009. These Fake AV scams are designed to steal money from users by tricking them into thinking they are installing legitimate software.
These Fake AV products will present users with constant pop-ups and request that they pay around $39 to register their product so the PC can be cleaned. These Fake AV products are actually malware and are to be avoided. Any user infected should search for a cleaning tool to remove Fake AV products. To avoid infections, users should be careful in the websites they visit and stay patched up on every product (esp. Windows and Adobe Flash). Moving to the latest version of Internet Explorer, Firefox, Opera, etc. are also good ways to help prevent infections.
Rogue Security Product Copies McAfee’s Look and Feel
http://www.avertlabs.com/research/blog/index.php/2009/11/10/rogue-security-product-copies-mcafees-look-and-feel/
QUOTE: Recently we have seen the rapid growth of rogue anti-virus/spyware programs. This one is especially interesting. Why? Because it mimics McAfee’s security product. This rogue software displays the same user interface as McAfee Security Center. It also offers a web page that looks similar to McAfee’s legitimate site.
The idea behind fake AV software is to trick unsuspecting users into thinking their machines are infected. The malware will display a window that shows many innocent files detected arbitrarily as compromised. These fake security alerts are baseless–they exist to trick victims into pressing the panic button. In this case agreeing to “Remove all threats now” will lead to purchasing the MaCatte Antivirus 2009 product. The rogue software offers several “features”:
• It displays fake warning messages and “Safety Center Alert” pop-ups
• It flashes icons that appear in the system tray
• It hijacks the browser’s homepage to a site that mimics McAfee’s site
Oracle highly recommends that DBAs and System Administrators apply these patches across a wide range of products promptly.
Oracle Critical Patch Update Advisory - October 2009
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
QUOTE: Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 38 new security fixes across all products.
Very important security updates are available for Windows and Office. These should be promptly applied to protect from exploits and malicious code that could be reversed engineered in the near future.
Microsoft Security Updates - November 2009
https://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx
ISC - Excellent Summary of this month's Patch Tuesday updates
http://isc.sans.org/diary.html?storyid=7564
Each year the Internet Storm Center picks a theme for improved security awareness and publishes an article per day during Cybersecurity awareness month (October). These are excellent resources for any professional in the IT Security profession:
SANS - Summary of 31 tips for better PORT security
http://isc.sans.org/diary.html?storyid=7504
QUOTE: This year we examined 31 different ports/services/protocols/applications and discussed some of the major security issues. Many readers submitted comments, tips, and tricks for securing them.
1 - Port 445 - SMB over tcp
2 - Port 0
3 - Port 5900 - VNC
4 - Port 20/21 - FTP-data/FTP
5 - Port 31337 - trojan horses
6 - Ports 67&68 udp - bootp and dhcp
7 - Port 6667/8/9/7000 - IRC
8 - Port 25 - SMTP
9 - Port 3389 -RDP
10 - The Questionable Ports
11 - Port 111 - RPCBind aka Portmapper
12 - Ports 161/162 - Simple Network Management Protocol (SNMP)
13 - Ports 3128, 8080 & .... - Proxies
14 - Port 514 - syslog
15 - Ports 995, 465, and 993 - Secure Email
16 - Port 1521 - Oracle TNS Listener
17 - Port 22 - SSH
18 - Port 23 - Telnet
19 - ICMP
20 - Ports 5060 & 5061 - SIP (VoIP)
21 - Port 135 - MS DCE locator
22 - Port 502 - Modbus
23 - Port 179 - Border Gateway Protocol
24 - Ports 1-20 and 37 - The Small Services
25 - Port 80 and 443 - Web services
26 - Ports 1433/1434 - MS SQL
27 - Ports 135, 137, 138, 139, ... - MS Active Directory Ports
28 - Port 123 - ntp
29 - Port 53 - dns
30 - Ports 47, 50, 500, 1723, 4500, ... - The "Common" IPSEC VPN Protocols
31 - Port 113 - ident
Below are links to prior years sharing best practices by the Internet Storm Center during Cybersecurity awareness month:
SANS - 2008 Security Incident Handling tips
http://isc.sans.org/diary.html?storyid=5279
SANS - 2007 Cybersecurity Awareness tips
http://isc.sans.org/diary.html?storyid=3597
In 1997, our company adopted McAfee as an AV standard for all PCs and servers. Even durng these early years for the Internet, they were one of the 1st AV Vendors to use public forums to leverage support costs. I've been a member of these forums for over a dozen years, primarily sharing security news and safe practices. In November 2009, McAfee implemented a state-of-the-art community forum environment, which includes home and corporate product support forums, security awareness forums, and other resources.
NOW LIVE! McAfee Online Support Community
http://www.avertlabs.com/research/blog/index.php/2009/11/04/now-live-mcafee-online-support-community/
QUOTE: The McAfee Online Support Community gives you a way to interact with other McAfee business users to ask questions and share best practices. Additionally, you’ll be able to talk with McAfee professionals about McAfee products, security awareness issues, and emerging trends — plus give us feedback on product and service enhancements.
McAfee - Home Page for New Community Forums
http://community.mcafee.com/
I've been a fan of Kim's talk radio show for years. On Saturday, I can listen on my walkman while working outdoors and catch on some of the latest developments. Computers are complex and she shares developments and best practices in an easy-to-understand approach for the public. Below is a great write-up on how security is improved in Windows 7.
Kim Komando - Windows 7 and Security
http://www.komando.com/tips/index.aspx?id=7584
QUOTE: QUESTION -- I’ve read a lot about the new features in Windows 7. But, I haven’t heard much about Windows 7 and security. What new security features are in Windows 7? Is it safer than Vista? — Mike in Boston, listening on WBZ 1030 AM (Higlights noted below)
First, Microsoft has taken steps to protect the Windows 7 kernel. Windows 7 does not allow unauthorized access to the kernel.
They include a firewall and anti-spyware. You can also download Windows Security Essentials, a free antivirus program.
Windows 7’s firewall has been improved. As with the firewall in earlier versions of Windows, it isn’t perfect. But, advanced firewall options can be accessed through the Action Center. That makes it easier to control what programs are allowed to communicate through the firewall.
In Windows 7, UAC has been tweaked and is much more user-friendly. You can select the UAC settings you prefer. If a page tries to install software or change settings, you’ll see the alerts. Obviously, UAC isn’t a new feature. But, it has finally become useful for most users.
You probably saw Vista machines with fingerprint scanners. These relied on third-party software. With, Windows 7, biometric security is baked in. You can use it to allow access to the machine. The Biometric Devices applet is available in Control Panel. This lets you configure your fingerprint reader.
You may have noticed that the Security Center is missing from Windows 7. In its place, you get the Action Center. This is where the computer’s security is configured. You’ll can also specify your Windows Update preferences.
There are also a bevy of new security features in Internet Explorer 8. This is the browser included with Windows 7. First, there’s domain highlighting. This helps you see the relevant part of the URL. ActiveX security has also been improved. IE 8 also features the XSS Filter. This is designed to protect you from cross-site scripting attacks.
Anti-phishing tools have also been beefed up. The SmartScreen Filter has a new look and improved performance. It can also add anti-malware support. It will block you from downloading known malware.
SANS has highlighted future dates that may impact computing. New standards would most likely address these design issues:
Milestone dates ahead - Affecting future computers
http://blogs.sans.org/appsecstreetfighter/2009/10/29/the-day-the-world-will-end/
QUOTE: With a new movie coming out about how the world will end with the (supposed) end of the Mayan calender, I figured it would be nice to get a list of software related “end of calender” issues:
Dec. 31st 1999, 23:59:59 GMT -- The famous Y2k issue. We made it… (so far)
Dec. 21, 2012 -- end of Mayan calendar. Just listed here because everybody is talking about it. Should not affect software (other then the fact that the world will end that day).
Jan. 19th 2038, 03:14:07 GMT -- The end of the Unix epoch. Unix uses a 32 it signed number to express time. The last date that can be expressed using unix time is Jan 19th 2038. After that… who knows? This can already be a problem. Imagine you are a bank and handing out 30 year mortgages?
Dec. 31st 9999, 23:59:59 GMT -- The end of 4 digit years. Well, we got a while until that will happen.