December 2011 - Posts
http://redmondmag.com/articles/2011/12/07/windows-8-beta-coming-february.aspx
QUOTE: Microsoft will release the beta of Windows 8 in late February, a company official announced yesterday. The announcement came as part of a talk on Microsoft's upcoming Windows Store, which will be the online selling presence for Windows 8 "Metro-style" applications, built on HTML 5, JavaScript, XAML and C languages. Antoine Leblond, vice president of Windows Web Services, disclosed the approximate release period for the Windows 8 beta. Prior to his talk, Microsoft officials had not publicly disclosed it.
These articles share some of the needs to strenghten security and privacy controls. Hopefully, attacks will be prevented
PC Magazine Security - Could Transportation sector be impacted in future?
http://securitywatch.pcmag.com/security/292240-where-will-hackers-strike-next-transportation
http://www.reuters.com/article/2011/12/28/us-trains-security-idUSTRE7BR0C520111228
http://www.mercurynews.com/drive/ci_19633869
QUOTE: Practically every industry these days needs to be prepared for some kind of cyber threat, but the nature of the attacks and how the hackers carry out their assaults is ever-changing. Two news stories that popped onto my radar this week point to the different kinds of potential hacks that might occur, and both have to do with the transportation industry.
http://isc.sans.org/diary/Bye+2011+Hello+2012+what+will+you+have+in+store+for+us+/12301
QUOTE: With the last day of the year well and truly on the way in most parts of the world and almost finished in my part of the world it is probably a nice time to reflect a little bit on the year that was. On the malware front I predict more of the same. The basic things are still working, so why change. Until the basic security controls are in place in most organisations as well as home computers most of the malware will continue to function without too much change in 2012. We might see more tailored attacks on oranisations and breaking in is as simple as one click in many cases.
Webmasters and administrators should look for any signs of infection from this new SQL injection attack. In many cases SQL attacks are mitigated through more secure programming conventions. Wild card character processing may allow more openess and convenience in user input, but may also allow SQL injection vulnerabilities).
Lilupophilupop SQL injection attacks infect over one million pages
http://isc.sans.org/diary/Lilupophilupop+tops+1million+infected+pages/12304
http://isc.sans.edu/diary.html?storyid=12127
QUOTE: Earlier in the month we published an article regarding the lilupophilupop SQL injection attack. I though it might be a good time to reflect on this attack and see how it is going. When I first came upon the attack there were about 80 pages infected according to Google searches. Today, well as the title suggests we top a million, about 1,070,000 in fact (there will be duplicate URLs that show up in the searches. Still working on a discrete domain list for this).
This article discusses the challenges associated with preventing malware attacks in the coming year.
PC Magazine - Let's Terminate Malware in 2012
http://securitywatch.pcmag.com/security/292164-let-s-terminate-malware-in-2012
QUOTE: Antivirus research is a cat and mouse problem. Each time the virus writers develop a new technique to spread malware or steal private data, antivirus experts rush to build countermeasures. To actually defeat the malware coders, we need to get out of strictly reactive mode. That requires looking at the motivations that drive malware creators, not just at their actions.
Malware earned about trillion dollars last year, according Melissa Hathaway, former cyber-security advisor to the president. Trend Micros's researchers report that one malefactor spreading the KoobFace worm earned $19,000 in a single day. A single attack can involve dozens of individuals or gangs, each taking a cut of the profit. Trend's experts put together a report showing the entire complex economy surrounding modern malware manufacture. Click on the image to see the full infographic.
Organized computer crime exists to make money. One way to put the brakes on malware creation is to make it unprofitable. Sure, countering their technology is one way to cut the profits. A brand-new threat is most profitable immediately after its release, breaks even after it has spread enough, and tapers off once antivirus tools start to counter it. Pushing antivirus detection so it occurs before break-even would definitely cramp their style.
It is always a good practice to avoid reposting information as instructed in this hoax circulating in Facebook. A security firm called Facecrooks shares this informative link
http://facecrooks.com/Internet-Safety-Privacy/hoax-alert-with-the-new-fb-timeline-on-its-way-hover-over-my-name-above-this-doesnt-work.html
HOAX TEXT: “With the new ‘FB timeline’ on its way this week for EVERYONE…please do both of us a favor: Hover over my name above. In a few seconds you’ll see a box that says “Subscribed.” Hover over that, then go to “Comments and Likes” and “Games” and un-click it. That will stop my posts and yours to me from showing up on the side bar(ticker) for everyone to see, but MOST IMPORTANTLY it LIMITS HACKERS from invading our profiles. If you re-post this I will do the same for you. You’ll know I’ve acknowledged you because if you tell me that you’ve done it I’ll ‘like’ it. Thanks”
QUOTE: Sadly, this won’t do anything to protect you from hackers or improve your privacy. A very similar message was circulated when the Facebook ticker was introduced back in September. It caused quite a stir at the time, and it took a day or so for bloggers and social media gurus to get it all sorted out. If you are interested in reading why the message doesn’t work, then we recommend you read this post from our friends at Sophos.
Sunbelt labs warns of a new malicious application that can be installed on Twitter to determine user visitation. Currently, no application can perform that analysis and this fake application is similar to the versions seen on Facebook and other sites.
Twitter - Avoid New Fake Tracker Application and dangerous URLs
http://sunbeltblog.blogspot.com/2011/12/curious-whos-stalking-you-yes-weve.html
QUOTE: This social media "stalking" thing, to the best of my knowledge, all began on MySpace. We've seen them emerge on Twitter, too: our friends at Sophos wrote a so-called "app" that Twitter purportedly released to track a user's stalker. Only this time, no such app is ever involved. We impore you, Dear Reader, to please exercise caution when clicking links on tweets. Even better: use your better judgment on whether you'd believe a supposedly interesting tweet or not before considering visiting the URL that goes with it. More often than not, scam tweets are designed to sound this way to actually make Internet users click them. Please don't be fooled.
A special out-of-band security release was performed yesterday to address ASP.net vulnerabilities recently discovered. Corporate users should especially test and install this security patch expediently.
MS11-100 - Special Microsoft ASP.net security release December 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-100
http://blogs.technet.com/b/msrc/archive/2011/12/29/microsoft-releases-ms11-100-for-security-advisory-2659883.aspx
http://blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx
http://isc.sans.edu/diary.html?storyid=12295
QUOTE: The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of hash collision attacks used to exploit this vulnerability is an industry-wide issue affecting various Web platforms, including ASP.NET.
While we have seen no attacks attempting to exploit this vulnerability, we encourage affected customers to test and deploy the update as soon as possible. Consumers are not vulnerable unless they are running a Web server from their computer. More technical details can be found at the Security Research & Defense Blog.
The ISC shares a new WPS vulnerability where brute force PIN attacks could potentially be used to gain unauthorized access
Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability
http://isc.sans.org/diary/Wi-Fi+Protected+Setup+WPS+PIN+Brute+Force+Vulnerability/12292
QUOTE: Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 - available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN. The vulnerability was reported by Stefan Viehböck and more details are available on the associated whitepaper. In reality, it acts as a "kind of backdoor" for Wi-Fi access points and routers. The quick and immediate mitigation is based on disabling WPS.
More on WPS Security - Pros & Cons
https://isc.sans.edu/diary.html?storyid=10675
Wi-Fi Best Practices and Protection Resources
http://www.wi-fi.org/knowledge_center_overview.php
http://www.wi-fi.org/files/kc_80_20070104_Introducing_Wi-Fi_Protected_Setup.pdf
An interesting "real world" account is shared by one of the ISC handlers regarding the cleaning of infected PCs. As noted a good security awareness program next year can help reduce infections
ISC - Malware cleaning experiences during 2011
http://isc.sans.edu/diary.html?storyid=12268
QUOTE As 2011 draws to a close I am reflecting on the "compromised" computers that I have dealt with in the last few months. In April I went to work for a company that is the IT Department for a number of small businesses in our area. Others have not been so easy. I have dealt with several that had been infected that had some or all of the files on the hard drive hidden. These are the difficult ones to deal with. Tools like Combo Fix are required to even identify these infected files. I have found several "tools" that have helped with the identification and removal. I have also had several machines that were unable to install Windows updates.
My goal for 2012 is to educate all of our small business customers on the importance of Windows Updates and having a good Anti-virus program. Having these two items go along way in minimizing the number of "compromised" computers the customer will have to deal with.
Please avoid any new Christmas, New Year, or other holiday themes or unusual links presented in the Facebook environment
Facebook - New Christmas theme leads to malware and spam
http://blog.trendmicro.com/christmas-theme-for-facebook-profile-leads-to-malspam/
QUOTE: Attacks that use the holidays as a social engineering lure are starting to pour in as the Christmas day draws near. We recently found a page on Facebook that offers a Christmas theme on one’s profile. The page leads to a malware that comes in the form of browser plugin. Once users click the Like button, the page redirects them to a URL which allows victims to download and install a malicious plugin named Free Cheesecake Factory Coupons. Note that the plugin only works for all browsers, which is detected as TROJ_REDIR.CU.
Users need to be extra vigilant this holiday season, since cybercriminals are surely to continue launching attacks that use the holiday season as a lure. For more information on how to keep themselves protected, we recommend users to check the following reports:
QUOTE: Running a static test on an antivirus product is extremely simple. You install the product, present it with many thousands of inert virus samples, and report how many it detected. However, that sort of test doesn't reflect a user's real-world experience. AV-Comparatives.org maintains an ongoing Whole Product Dynamic Test with the specific purpose of simulating a user's real-world protection experience. Results from the August through November tests have just been released, and they contain some surprises.
http://securitywatch.pcmag.com/security-software/292104-real-world-antivirus-test-results-released
PC Magazine speculates on some of the security risks possible for the coming year
PC Magazine - Top Five Security predictions for 2012
http://securitywatch.pcmag.com/none/291879-top-5-security-predictions-for-2012
QUOTE: Looking ahead, what headlines will Security Watch see in 2012? Dozens of security vendors weighed in with their predictions. There was very little overlap but below, we name the five most common ones:
1. First Android worm
2. Your personal data will get stolen from a social network.
3. Political Theater (using this theme for malware attacks)
4. SMBs Are No Longer Immune
5. Mac Malware Will Continue to Rise
A new proof-of-concept vulnerability has been discovered and users should be alert for security patches from Microsoft
New Vulnerability in Windows 7 64 bit
http://isc.sans.edu/diary.html?storyid=12238
https://secunia.com/advisories/47237/
QUOTE A person released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sy
While each month we should promptly install security updates, MS11-087 provides critical protection from one of the most advanced malware threats circulating in the wild.
Patch For the Zero-Day Vulnerability Used by Duqu
http://technet.microsoft.com/en-us/security/bulletin/ms11-087
http://www.f-secure.com/weblog/archives/00002281.html
QUOTE: It's patch Tuesday and Microsoft has just issued a patch for the zero-day vulnerability that was used by the Duqu malware discovered in October.
Santa has replaced our older family PC for Christmas, as we caught some great price reductions from Staples. It is an awesome experience to move to true 1080HD monitor technology along with a powerful system that should should meet our needs for years to come. I'm now like a kid in the candy store :-)
DELL 620 (8GB / 1TB / Wireless "N" WLAN)
http://www.staples.com/Dell-Inspiron-620-Desktop-PC/product_329408
HP 2311x 1080 HD Monitor
http://www.staples.com/HP-2311x-23-LED-Monitor/product_918249
MS11-087 True Type Font Kernel Drivers CVE-2011-3402 is rated as a PATCH NOW for the level of importance, as it actively being exploited in the wild
Microsoft Security updates - December 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-dec
ISC Analysis of Microsoft Security updates - December 2011
(always an excellent resource)
http://isc.sans.edu/diary.html?storyid=12193
This new scam is designed to gleam personal information for users. Please be careful of all free offers and especially in websites visited (as many are often misspelled).
New Free iPad Scam - Be careful of mispelled domains
http://isc.sans.org/diary/You+won+100+or+a+free+iPad+/12184
QUOTE: Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains. Clicking through leads to another page, where to claim the prize lots of personal information must be entered. They even have a "Privacy Policy" of sorts in the fine print, and it even seems to be unexpectedly honest:
PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site.
This informative PC Magazine article shares a list of actual findings posted by hackers based on compromises during the past year
Passwords - 25 of the weakest passwords for 2011
http://www.pcmag.com/article2/0,2817,2383890,00.asp
QUOTE: Bad passwords still abound. SplashData, a password management app maker, compiled a list of the 25 worst passwords of 2011, based on millions of stolen passwords that were dumped online. Typically after hackers compromise a server, like Sony's or CIA.gov's, they post all these personal details online. For tips on how to how to do passwords right, read PCMag's Password Protection: How to Create Strong Passwords. See Passwords: You're Doing it Wrong to avoid some common errors.
More Posts
Next page »