June 2010 - Posts
I was prompted this morning to move to Microsoft Security Essentials Version 1.0.1963.0 and encourage all users to do so when prompted. I also pressed the UPDATE NOW button after updating to ensure the latest signatures were pulled in. The MSE icon in the SYSTRAY will turn orange and anytime the icon is not GREEN it indicates you should update or scan your system. MSE continues to be a great lightweight version for basic protection of all my home systems.
Microsoft Security Essentials - New version available
MSE Support Forums
F-Secure is warning of new targeted attack campaigns using Excel with versions from 2002-2007 potentially vulnerable. Please be careful in handling all unusual or unexpected attachments received by email.
Microsoft Excel - Be careful of new Targeted attacks
QUOTE: But here's a fresh set of attacks done with XLS files instead. This is some sort of personnel list. Like the other examples here, it drops and runs a backdoor when viewed. The exploit in these files targets Excel Pointer Offset Memory Corruption Vulnerability CVE-2009-3129. As you can see, such attack files can look like perfectly normal and credible document files.
QUOTE: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
This month a large number of important security updates were provided by Microsoft that should be promptly applied. It may not be widely known, but Microsoft will also use Windows Update to schedule highly important non-security updates on the fourth Tuesday of each month. These should also be updated to ensure critical functions work accurately for Windows.
June 8, 2010 - Large Patch Tuesday update
June 22, 2010 - Microsoft non-security updates
QUOTE: As a number of readers have reported, Microsoft released a few non-security updates on Tuesday via Windows Update/Automatic Updates. Most of our readers will recognize that the 4th Tuesday of the month is when Microsoft usually releases non-security updates. From the results of a couple of computers here in my office, the updates involve the .NET Framework versions 3.x and 2.x. As with all updates, please remember to test the update in your respective environment prior to wholesale deployment. More information on the .NET Framework update available at KB982524.
On May 6, 2010, the stock market was suddenly down 998 points with most of the sell off occuring within 10 minutes. Out of control selling by automated systems most likely led to this event that the SEC continues to investigate and look for ways to improve.
Stock Market Flash Crash of May 6th
Stock Market Flash Crash of May 6th - COMPLETE TEXT
SEC Preliminary Findings
QUOTE: On the afternoon of May 6, 2010 the Dow Jones Industrial Average (DJIA) dropped approximately 600 points (5.7%), and then quickly recovered. Other Major Market Indexes dropped by similar amounts. We have read numerous articles attempting to explain this event including the SEC report "Preliminary Findings Regarding the Market Events of May 6, 2010" dated May 18, 2010. Our report assumes the reader is familiar with the SEC report.
1. Quote and trade data must be time stamped by the exchanges at the time it is generated.
2. Quote-stuffing should be banned to avoid overloading system.
3. Add a simple 50 millisecond quote expiration rule
While I use a corporate Blackberry, the latest version of Apple's iPhone is indeed innovative. Hopefully, the new iOS4 will provide security improvements to ensure users stay safe while using this advanced technology.
Apple iPhone 4 Home
Apple iPhone 4 Features
* Video calling with FaceTime
* Retina display with 960 by 640 resolution
* HD video recording
* 5-megapixel camera with LED flash
* Dual-mic noise suppression
* Apple A4 processor
* Voice Control
Apple iOS4 - Apple's new Mobile Operating System
QUOTE: OS 4 is a desktop-class OS that’s been reinvented for mobile devices. Because it’s based on the world’s most advanced computer operating system — Mac OS X — performance in iOS 4 is fast and stability is rock-solid. iOS 4 introduces a whole new way of multitasking. Now you can run your favorite third-party apps — and switch between them instantly — without slowing down the performance of the foreground app or draining the battery unnecessarily. This smarter approach to multitasking is available only in iOS 4.
Symantec and Message Labs continue to warn of malicious email, scams and websites, using the 2010 Soccer World cup theme. Some of these continuing attacks are arriving in my own email, so please be careful:
FIFA World Cup Soccer - Malware based attacks continue
QUOTE: As reported in the June MessageLabs Intelligence Report, MessageLabs Intelligence is seeing a great variety of different threats relating to the upcoming FIFA World Cup. We’ve seen 419-style scams, including emails offering tickets to games; fake accommodation providers; offers of contracts to supply clothing and boots; offers of free mobile phones; scams looking for companies to provide additional electricity/power for the World Cup; and more. All designed to ultimately obtain the recipient’s personal details, and/or money by means of deception and fraud.
MessageLabs Intelligence has also seen fake World Cup tickets for sale on well known auction websites, or advertisements offering tickets, that in reality are unlikely to give the buyer access to any games. Moreover, we’ve seen a huge volume of spam that contains World Cup related content, but is actually not about the World Cup.
AVERT Labs shares an informative article related to privacy concerns in using social networks:
Social networks and privacy studies from Europe
QUOTE: This week I’ve seen several interesting articles and posts about the effect and consequences of social networking sites within Europe. Here are a few links:
McAfee recognizes the development of social networking as a fundamental business tool as well as a personal tool. What we find particularly interesting are the increased concerns that are being raised lately within Europe.
Recently, a security researcher and vendor could not reach agreement privately on a new security weakness. Unfortunately, Proof of Concept (POC) exploit code was later published by the researcher, which led to harmful zero day attacks being circulated in-the-wild within a few days.
Fortunately, the area of vulnerability is invoked rarely by users and exploits are not in wide circulation. Anti-virus protection and other workarounds are helpful in mitigating this risk, until the issue is patched.
In reflecting on this incident, it's difficult to see the value in forcing vendors to patch their products within a specific timeline. Individuals who care about security should never give vendors an ultimatum or else the POC code will be published to the underground.
Some Limited Benefits of Public Disclosure
* There are a few cases, where vendors have known about issues for years. However, they go unpatched because the issues are minor or very difficult to exploit. Some security researchers believe that public disclosure is the only leverage they have to accomplish improved security.
* Public disclosure will bring immediate pressures to vendor to patch a serious issue. Some security researchers are also tuned into the underground and may point out valuable emerging developments. When the vendor does not respond, they feel a need to illustrate the importance with POC code.
* I believe H. D. Moore and Aviv Raff's "Month of Bugs" projects were beneficial in improving security. For example, they picked a topic like browsers and demonstrated why almost all vendors had weaknesses. Most items were minor in nature. Their daily bug publications prompted all vendors to commit more money and focus to security. This type of "wakeup" call led to a better security focus by most vendors.
Disadvantages of Public Disclosure
Yet for the most part, the negatives outweigh positives for public disclosure, as follows:
* Zero Day attacks may be introduced resulting in emergency workarounds and patches by the vendor and anti-virus providers
* Malicious developers can take POCs and ramp them up a few notches. They may discover possibly something even more harmful.
* Some folks don't patch promptly or defend their systems well with up-to-date Anti-virus protection. Even after a vendor has patched, innocent users are still vulnerable for attacks that may have not been implemented in the wild, if the POCs were kept private.
* Vendors only have a certain number of qualified people in working on security patches. Public disclosure and the resulting exploits force them to patch or create workarounds immediately. It may delay them for the work in process in patching more mainstream attacks.
* Sixty or ninety days may not be enough time to work in changes, given work in process and the need for a quality release for the different permutations of hardware/software.
If the security researcher has shared privately and exploits emerge because of a slow response by the vendor, they have done their job. It's the vendor's fault if they fail to respond in a timely fashion. The researcher can even document they privately shared an issue in a generic way, to keep it private from malicious authors who may harm others with attacks.
Certainly, security researchers want to enhance their reputations, income, and careers. I believe many have an altruistic mission in wanting to protect the public. Many are highly talented professionals and provide valuable protective contributions for society. I encourage them to put their talents to work for the good of society through private responsible disclosure.
At work and home, I use Office 2010 extensively and it's the most well designed and capable version I've used so far. While many of the components I use extensively like Excel and Word are similar to their Office 2007 counterparts, the User Interface is much more intuitive in the latest version.
The capability to create Pivot table views is greatly improved in Excel 2010, as it's more naturally built into Excel. In building sophisticated spreadsheets, Microsoft also offers an Excel plug-in called PowerPivot 2010 that can work with huge data bases exceeding even the million line row limitations of Excel. While I prefer using Access for these types of queries, PowerPivot allows you to stay within tool to create summary views.
PowerPivot 2010 - Great writeup on value of processing large external data bases
QUOTE: Microsoft’s PowerPivot add-in for its forthcoming Excel 2010 spreadsheet enables users to work with much larger sets of data than is possible with Excel alone. Microsoft’s PowerPivot is an add-in for the company’s forthcoming Excel 2010 spreadsheet application, which first grabbed my attention by the way it enables users to work with much larger sets of data than is possible with Excel alone. For instance, I used PowerPivot to load and browse through a data set that ran 3.9 million rows—about four times Excel’s existing upper limit—and I had no more trouble scrolling around in the set than I would with a spreadsheet of only several hundred rows.
AVERT Labs shares this key threat to avoid:
Waka Waka FIFA 2010: Targeted PDF attack uses World Cup theme as bait
QUOTE: We have seen instances from recent times where WorldCup themes have been extensively used as bait to lure unsuspecting users into opening malicious attachments. With lots of recently discovered vulnerabilities and wide spread distribution, pdf files appear to be a perfect vector for these kind of attacks. These threats could be delivered as emails or poisoned search engine results leading to malicious pdf’s.
This particular pdf file is directed at certain high profile targets. Upon executing the malicious pdf file on a vulnerable version of Adobe reader/ Acrobat, it drops an innocent pdf file as shown in the figure below to spoof the unsuspecting user. This malicious pdf file drops and executes a malicious payload detected as BackDoor-ERZ, while the malicious pdf is detected as Exploit-pdf.b with 6022 DATS.
While most individuals aren't protecting mobile devices, there are a few emerging threats as documented below by Internet Storm Center
Thoughts on Malware for Mobile Devices
QUOTE: If you have some creative ways you're protecting your mobile devices, send them in and I'll post them. While 130 people is not a statistically large sample we do have some interesting preliminary results. Of 130 people, only 15 are scanning for malware. Of those 15, 3 (20%) have detected malware. If you extrapolate that percentage out to the entire sample, 23 people who responded who do not scan would be infected with malware
Apple recently released it's latest version of the Safari browser. I downloaded a copy to evaluate for the Windows XP environment. The new Reader mode is truly an outstanding feature which will transform lengthy text based articles into a nicely formatted large print presentation. The performance is excellent and hopefully security will continue to improve from prior releases as over 48 problem areas were fixed in the last release.
Apple Safari 5.0 release
QUOTE: Safari 5 is the latest version of the Apple web browser and among the new features in the browser is a Reader mode that makes it a pleasure to read long articles on the Web. Though Safari is the dominant web browser on the Macintosh (and on Apple mobile devices), it is still very much a minor player on Windows systems. Still, Safari 5 has a few capabilities that make it worth a look for both Mac and Windows users.
Chief among these is the Reader mode. Essentially what this feature does is make it possible to read a multi-page web article in a single scrollable view but it really is much more than that (and much better than simply opening the Print view of an article). And it appears to work with most articles on websites without the sites having to do anything to enable the feature.
When I browsed to a web article, a Reader button appeared on the right hand side of the address bar in Safari 5. By clicking this button I brought up a scrollable window in the middle of the browser screen that displayed the entire article, no matter how many pages the site had broken it up into. The Reader view was very attractive and easy to read, making an article on a webpage look more like something that had been configured for an ebook format. I enjoyed the Reader view so much that if I ran into a long article while using another browser, I fired up Safari and switched over so I could read the article in Reader mode.
Safari 5 also includes several other new features, including the ability to configure the search bar to use Bing, Google or Yahoo for the integrated search features. There are also several new developer tools included. Like Chrome, Safari has expanded its ability to be extended by developers and there are already a good number of extensions available for the browser, though no where near the number currently available for Firefox.
Also like Chrome and Firefox, Safari 5 continues the Apple browser’s move to support the forthcoming HTML 5 standard. This version of Safari includes new support for many HTML 5 capabilities, including video improvements such as full screen video and closed captioning.
Safari - RSS Reader Mode is highlight of new release
Apple launches Safari 5, patches record 48 bugs
Safari 5 Download site
Malware writers use popular news stories or sporting events to lure unsuspecting users. Please avoid potential harmful email messages or websites related to the World Soccer championship games. As noted in the warning by AVERT, just visiting some site may expose users to zero day attacks.
Scammers Go Phishing for World Cup Soccer Fans
QUOTE: If you do receive one of these lottery scams in your inbox, always be very careful. Don’t assume that you are smarter than the spammer. Don’t lull yourself into a false sense of security. Don’t believe that visiting the site just to see what it looks like–with no intention of giving away any information–won’t leave you open to attack. In some cases these phishing sites are just a facade for pages that are also looking to exploit new zero-day vulnerabilities. The best advice in these situations is to follow safe computing practices and delete these emails immediately.
Some of the subject lines that we have seen associated with this scam include:
•***south africa 2010 fifa world cup lottery promotions***
•,,,sa 2010 world cup lotto drew;;;;;;;
•claim your fifa world cup football award/ticket
•congratulation! you have won us$1,220,000.00 for soccer world cup 2010 promotional draw
•congratulation!!! for 2010 world cup promotion
•fifa 2010 world cup lottery department
•fifa-mtn world cup team official prize notification
•final notification for south africa fifa 2010 world cup lottery
•south africa 2010 world cup award notification!!!
•south african 2010 fifa world cup lottery award
•south african 2010 world cup bid lottery award
•south african world cup 2010 free lottery draw
•winner – fifa world cup online draw
•world cup bid lottery award
•you have won south africa 2010 world cup lottery
•you have won south africa 2010 world cup lottery computer promotional draw
•your email just won 2010 world cup in south africa & fifa promotion
Sunbelt documents an increase of users who have encountered this new malware agent that is difficult to remove. Many individuals may be encountering this at P2P and other potentially malicious sites.
Sunbelt Blogs - The Mysterious Tango Toolbar
QUOTE: Two common themes: nobody seems to know where they get it from, and nobody can uninstall it. Out of all the threads posted, there seems to be only one that potentially gives some specifics with regards a possible source. If you don’t want to read his long ramble, here is his post in a nutshell: “Went looking for Limewire, downloaded a version and now I have Tango Toolbar”.
So either he grabbed a cracked version which comes with the toolbar, or he downloaded something from P2P land which came with a few surprises. Regardless of infection route, it took a while to find the file in question because “It’s called Tango Toolbar and there’s a picture of a red hat on it” doesn’t really help much. This particular toolbar is a mess of broken uninstallers, disclaimers warding off associations with the product and endless people on support forums wondering how it ended up on their computers in the first place.
Excellent site containing practical advice and best practices for families with children. Some items pertinent to security include:
Tips for Parents
Internet Security Software Overview
Facebook is a wonderful resource that has linked me with past classmates and friends that I otherwise might not be in contact with today. As it's one of the most popular Internet sites worldwide, there are also bad people who want to take advantage of individuals in the open sharing that takes place.
A friend was recently surprised that I was able to easily find them and invite them to also become my Facebook friend. I shared below some practical safety tips and encourage everyone to think safety first while browsing, processing email, and interacting with others.
The last link below shares technical Best Practices for improving Facebook security on a step-by-step basis. Please take time to enhance your protection beyond just the default settings.
* * * * * * * *
>>> Was I hard to find on facebook -- I think my privacy settings are set to where I have to be a friend to find me. thanks
* * * * * * * *
Please remember that PRIVACY is very limited in Facebook and requires locking down the default settings. Facebook is designed as a highly collaborative social network to locate people and interact with them (i.e., it's the opposite setting for privacy). All you need to find someone on Facebook is to search by their name, even with the highest level of Privacy settings.
Some things that will help users stay safe:
-- Don't assume that if other friends are posting things in an open manner, they are using this resource safely. There are over 250 million users worldwide. Most of the attackers will leave you alone, unless you do things that attract attention. Still anyone can view the content you store there and learn more about you.
-- Never publish anything on your Facebook wall that you wouldn't want to read on the front page of your newspaper. In other words, it's a public setting and anyone with Internet access can read your page.
-- Be careful with photos and posts shared. Some of these may seem humorous to share among friends. However, they can also be copied from Facebook and posted to other Internet sites with links to your name. While you can eliminate these from Facebook, it will be very difficult to them removed from other sites later. As employers often search the Internet during the screening process, be careful with photos as well as words shared at all times in a public setting.
-- Never post sensitive information on your wall or anywhere else in Facebook. Your address, phone #, birthdate, or other information could be used for Identity Theft. While facebook requires a birthdate to ensure you are 18 or older, this can hidden as noted in the slide show link below (many also use January 1st and only share the year they were born)
-- Never post that you'll be on vacation or away from home for an extended period of time. Folks have actually been robbed this way in posting carelessly using Twitter or Facebook. Wait until you return to share with others.
-- Search on your name using Google, Bing, etc .. You may see Facebook posts or other details returned from the search. You may see opportunities to further adjust settings for improved privacy. Potential employers or lenders do these background checks often.
-- Don't be afraid to deny someone as a Facebook friend. You are not denying them as a friend, but letting them know you'd rather not interact with them using Facebook. I'm not a regular Facebook user and usually tell my friends that my preferred means of interaction is by email.
-- Never approve of any stranger to become your friend that you don't personally know.
-- Farmville, Mafia wars, and other games can attract strangers to your page. Also viruses or other malware agents can emulate these games and attack users also. You can still safely play the game, but avoid accepting strangers as friends just to gain points. Finally, avoid all unusual Internet links as malware might be resident at these sites.
-- Avoid clicking on suspicious links or objects as dangerous viruses like Koobface (Facebook spelled backwards) are present. While many things like the "beating hearts" are safe, I still never click on any of these.
-- Avoid accessing and posting to Facebook while at work, as all Internet access is usually monitored and especially heavy use will not look good to your employer
-- Log out of Facebook and then bring up your page without signing in. This will show how your Facebook pages appear to the general public.
-- The default settings favor the capability for someone to be easily found when searching Facebook. Facebook Privacy is difficult and time consuming to lock down totally. There are over 170 settings, as each of the 50 or more different pages has it's own individual privacy control settings. Read and then experiment with the privacy settings from the link at the bottom (also log out of Facebook and review how the adjusted settings appear to the general public)
MORE ON FACEBOOK SECURITY
EXCELLENT SLIDE SHOW -- HOW TO IMPROVE FACEBOOK PRIVACY SETTINGS
(click on RED ARROW on right side of each slide to advance to the next frame)
While Microsoft will continue to support WinXP until April 2014, large companies should start planning for this change. Windows 7 is certainly a superior replacement option on new PCs.
Windows XP - Gartner recommends corporate discontinuation by 2013
QUOTE: Well-known predictor of the future Gartner is advising enterprises to start installing and testing Windows 7 this year and try to finish replacement of Windows XP by the end of 2012. Microsoft will continue to support WinXP until April 2014, however, by the end of 2012 many newer applications written by independent vendors will not support XP, they said.
In various Gartner polls and surveys, 80 percent of respondents report skipping Windows Vista. With Windows XP getting older and Windows 8 nowhere in sight, organizations need to be planning their migrations to Windows 7. Windows 7 has been getting positive reviews, and many clients report that they have plans to start their production deployments ...
This update should be applied by applicable users for improved security and stability
OpenOffice 3.2.1 - Security Update
QUOTE: OpenOffice's latest version is available for Windows, Mac OS, Linux and Solaris systems. This release fixes 5 potential vulnerabilities, adds more stability and speed but no new features.
Please be careful with PDF processing and web pages that include Flash presentations (usually advertisements). Please keep anti-virus protection up-to-date also, as many AV products also include exploit detection for this new risk. Adobe should have releases soon and these updates should be updated expediently.
Adobe Security Advisory - Flash and PDF attacks in wild
QUOTE: Adobe has released an advisory that a critical vulnerability exists for Windows, Macintosh, Linux and Solaris in the Adobe Flash Player version 10.0.45.2 and earlier as well as in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. Adobe has received reports indicating this vulnerability is being actively exploited in the wild against Adobe Flash Player, Adobe Reader and Acrobat. The original security bulletin and suggested mitigations by Adobe is posted here.
* Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
* Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
Home users, system administrators and desktop support professionals should plan for a larger than normal update affecting Windows, Office, and Internet Explorer.
Microsoft Security Update - Large Patch Tuesday Release for June
QUOTE: Microsoft announced today they will be releasing a total of 10 bulletins addressing 34 vulnerabilities rated important (7) to critical (3) that could allow for remote code execution. Six bulletins affecting all Windows versions (2 critical and 4 important), two affecting Microsoft office XP, 2003 and 2007 (2 important), one affects Windows and Office (important) and one affects Internet Explorer (critical).
More Posts Next page »