Microsoft to fix 25 holes in Windows, Office, Exchange
Posted by dan on: 2010-04-09 16:19:29 in category: Security [ 0 Comment(s) ]
Microsoft will issue 11 security bulletins in next week's Patch Tuesday to fix 25 vulnerabilities in Windows,
Microsoft Office, and Exchange, including two holes for which exploit code is in the wild.
Five of the bulletins address critical vulnerabilities that could allow
an attacker to take control of the computer, five are rated important,
and one is rated moderate.
With the updates, Microsoft will be
closing two outstanding security advisories that have been worrisome
because code to exploit the vulnerabilities is available publicly.
One of the advisories is 981169,
which involves a vulnerability in VBScript that could allow the remote
execution of code and a complete takeover of the system. Disclosed on March 1, it affects older versions of Windows running Internet Explorer.
The other advisory to be closed is 977544,
which involves a hole in Server Message Block (SMB) protocol that could
allow a denial-of-service attack and that dates back to November.
Software affected by the updates: Windows 2000, XP, Vista,
Windows 7,
Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office
System and Exchange Server 2000, 2003, 2007, and 2010.
Also on Tuesday, Adobe Systems will release its latest security updates
for Reader and Acrobat via a new update system. Adobe has quarterly
security update releases that coincide with Patch Tuesdays.
Via c|net
Emergency Patch for IE 6, 7, 8 released
Posted by dan on: 2010-04-04 01:50:28 in category: Security [ 0 Comment(s) ]
Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374. I want to reiterate that Internet Explorer 8 is not affected by this issue so customers using this version are not affected by these attacks and we continue to encourage customers to upgrade to the newer version because it provides more security and protection.
MS10-018 is a typical cumulative update for Internet Explorer and was originally going to be released during the normal update cycle on the 13th of April. The Internet Explorer team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers. Releasing the update early provides Internet Explorer 6 and 7 customers protection against the active attacks and provides users of all versions of Internet Explorer protection against nine other vulnerabilities.
Posted by dan on: 2010-02-04 17:33:43 in category: Security [ 0 Comment(s) ]
Microsoft Security Advisory (980088)
Vulnerability in Internet Explorer Could Allow Information Disclosure
Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
At this time, we are unaware of any attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
The most common password: '123456'
Posted by dan on: 2010-01-27 16:53:11 in category: Security [ 0 Comment(s) ]
A recent analysis of 32 million passwords, obtained in the RockYou.com hack, has revealed that the most commonly used password on the site was ‘123456,' according to database and application security vendor Imperva.
After analyzing the data, researchers at Imperva Application Defense Center determined that 290,731 individuals used ‘123456' as their password. The second most common password, used by 79,078 individuals was ‘12345,' and the third most popular password, used by more than 76,790 individuals, was ‘123456789.'
Posted by dan on: 2010-01-15 16:56:54 in category: Security [ 0 Comment(s) ]
Based
upon our investigations, we have determined that Internet Explorer was
one of the vectors used in targeted and sophisticated attacks against
Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer.Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners.
Microsoft remains committed to taking the appropriate action to help protect our customers. We released Security Advisory 979352 to provide customers with actionable guidance and tools to help withprotections against exploit of this vulnerability. Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6 at this time.Our
teams are currently working to develop an update and we will take
appropriate action to protect customers when the update has met the
quality bar for broad distribution. That may include releasing the
update out of band.
It
is important to note that complex attacks targeting specific corporate
networks are becoming more prevalent in the threat landscape, therefore
organizations should follow defense-in-depth best practices, and deploy
multiple layers of protection to improve their security posture. In
addition, Protected Mode in IE 7 on Windows Vista and later
significantly reduces the ability of an attacker to impact data on a
user’s machine. Customers should also enable Data Execution Prevention
(DEP) which helps mitigate online attacks. DEP is enabled by default in
IE 8 but must be manually enabled in prior versions.
Posted by dan on: 2010-01-11 16:54:45 in category: Security [ 0 Comment(s) ]
An internal build of the upcoming Microsoft Office 2010 has leaked to the web according to wzor.net. The build comes in at a staggering 3.51GB which is significantly larger than the public beta build which was at 749mb; the leaked build is tagged with the build number 14.0.4730.1007 and can be downloaded from your local torrent site.
There is no information as to why the build is so much larger but one speculation is that it may include debugging software. Another possibility is that the code may not be packed for media release which would make the build much larger than the compressed format released to the general public.
Major flaws in USB stick software leads to secure drives being unlocked easily
Posted by dan on: 2010-01-08 16:41:29 in category: Security [ 0 Comment(s) ]
Reports claiming that hardware-encrypted USB flash drives were hacked earlier this week have revealed a major flaw in the products' design.
German security firm SySS published reports detailing the vulnerabilities in Kingston, SanDisk and Verbatim flash drives, and detailed how they can be hacked. It claimed that the vulnerability lies in a major flaw in the design of the affected products.
It said that there was an inherent design error in the software that runs on the host PC to verify the correctness of a user's password, and is not secure. SySS said it was equivalent to a single shared backdoor password for all of these devices, as security analysts were able to write a program that sent the ‘unlock' code regardless of the password entered, and gain immediate access to the flash drive's entire contents.
Encryption protecting most of our mobile phones cracked wide open !!
Posted by dan on: 2009-12-31 16:07:21 in category: Security [ 0 Comment(s) ]
Computer security researchers say they have cracked the encryption algorithm used to protect most cell phone communications, potentially allowing attackers to listen in on the calls of billions of individuals.
Phones running Global System for Mobile Communications (GSM), a standard communications technology used for transmitting mobile voice and data services, are affected, according to the researchers. There are approximately four billion GSM phones worldwide, representing approximately 80 percent of the world's mobile market. In North America, there are more than 299 million GSM phones in use, statistics show.
GSM networks use encryption to scramble communications and make it difficult for criminals to intercept and eavesdrop calls, a spokeswoman at the GSM Association, an industry association representing mobile phone makers and operators, told SCMagazineUS.com on Tuesday in an email. Most GSM networks use the A5/1 cryptographic algorithm, which was first developed in 1987, to protect communications.
Posted by dan on: 2009-12-23 16:35:03 in category: Security [ 0 Comment(s) ]
MBNA confirms data loss after laptop containing personal details of thousands of customers was stolen from vendor
A laptop containing personal details of thousands of MBNA credit card customers has been stolen.
According to report by the Lancashire Evening Post, the laptop was stolen from the offices of credit and finance firm NCO Europe and bosses at MBNA have confirmed customer information was ‘compromised'.
It is believed that the information includes some personal details, although MBNA said that there were no PIN numbers in the files. A spokesman said none of the details had yet been used fraudulently, but the company was monitoring every affected card.
Posted by dan on: 2009-12-21 22:56:53 in category: Security [ 0 Comment(s) ]
PayPal was the most phished brand of 2009 with more than 7,000 more unique threats registered than Chase Bank.
According to a blog by Avira, a total of 32,205 unique threats relating to PayPal were recognised with 25,901 seen for Chase Bank. Ebay was third with 18,738 unique URLs while American Express (5,202), Bank of America (4,540) and Abbey Bank (3,978) followed.
It claimed that Paypal's rise was most probably ‘to do with the fact that a lot of people are using PayPal to pay for Christmas presents'. It warned user to ‘be safe during the winter holidays and always write the address of PayPal and other online banks in the browser by yourself and never click on links in emails'.
Posted by dan on: 2009-12-16 18:58:50 in category: Security [ 0 Comment(s) ]
Australia said Tuesday it would push ahead with a mandatory China-style plan to filter the Internet, despite widespread criticism that it will strangle free speech and is doomed to fail.
Communications Minister Stephen Conroy said new laws would be introduced to ban access to "refused classification" (RC) sites featuring criminal content such as child sex abuse, bestiality, rape and detailed drug use.
Blacklisted sites would be determined by an independent classification body via a "public complaint" process, said Conroy, admitting there was "no silver bullet solution to cyber-safety".
But Conroy said a seven-month trial had concluded that blocking could be done with 100 percent accuracy and negligible impact to connection speeds.
News Source
Kaspersky Lab utilizes NVIDIA technologies to enhance protection
Posted by dan on: 2009-12-14 17:52:23 in category: Security [ 0 Comment(s) ]
Kaspersky Lab, a leading developer of secure content management solutions, announces the incorporation of new parallel computing technologies by NVIDIA into its infrastructure. In order to enhance client protection still further, the Company has started to use the highly efficient NVIDIA Tesla S1070 which is based on multi-core graphics processors.
NVIDIA Tesla GPUs are based on CUDA, NVIDIA's computing architecture that enables its GPUs to be programmed using industry standard programming languages and APIs. Kaspersky Lab uses the Tesla S1070 1U GPU system to accelerate the intellectual services that define the similarity of files. The similarity services enable the identification of new files and define which file, or file groups, most closely resemble the unknown program received by the Company's antivirus lab.
The use of Tesla S1070 by the similarity-defining services has significantly boosted the rate of identification of unknown files, thus making for a quicker response to new threats and providing users with even faster and more complete protection. During internal testing, the Tesla S1070 demonstrated a 360-fold increase in the speed of the similarity-defining algorithm when compared to the popular Intel Core 2 Duo central processor running at a clock speed of 2.6 GHz.
The similarity algorithms have been especially optimized to operate with the latest computer systems. They have been considerably redeveloped to simultaneously perform hundreds of thousands of instructions, each requiring processing by large data arrays. Kaspersky Lab specialists utilized the NVIDIA CUDA SDK development environment specifically for this purpose as it allows programs to be written for the latest generations of NVIDIA graphics processors in standard programming languages.
Posted by dan on: 2009-09-28 16:59:07 in category: Security [ 0 Comment(s) ]
A BUNCH of Russian hackers are offering 43 cents for each Mac that their partners in crime can infect with bogus video software.
The move has been cited by insecurity experts at Sophos as a sign that Mac users' security by obscurity days are coming to an end.
While 43 cents is not much, the idea is that it will encourage hackers to target Apple's PCs for recruitment into botnets. Any Ibotnet will probably want a lot of victims, so 43 cents for each smug scalp will work out to a lot of dosh.
Posted by dan on: 2009-08-27 17:21:18 in category: Security [ 0 Comment(s) ]
A Dutch court has ruled against BitTorrent archive site Mininova.org, and has ordered it to purge its directory of trackers linking to copyrighted files within 30 days or face fines.
The ruling (of which a Google Translate copy can be found here) concludes that the Dutch site tripped up by actively filtering malware from content that its users uploaded, which meant that it had the capability to filter copyrighted content as well.
As a result, the district court in Utrecht ruled that Mininova will have to remove all infringing tracker files or links to those files, or else pay 1,000 euro per infringing torrent with a maximum of 5 million euros. The BitTorrent protocol uses these torrent or tracker files as an index of the file itself, which is compiled from numerous independent members all sharing small portions of it simultaneously.
Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374. I want to reiterate that Internet Explorer 8 is not affected by this issue so customers using this version are not affected by these attacks and we continue to encourage customers to upgrade to the newer version because it provides more security and protection.
Microsoft Security Advisory (980088)
An internal build of the upcoming Microsoft Office 2010 has leaked to the web according to 
Reports claiming that hardware-encrypted USB flash drives were hacked earlier this week have revealed a major flaw in the products' design.
Computer security researchers say they have cracked the encryption algorithm used to protect most cell phone communications, potentially allowing attackers to listen in on the calls of billions of individuals.
MBNA confirms data loss after laptop containing personal details of thousands of customers was stolen from vendor
PayPal was the most phished brand of 2009 with more than 7,000 more unique threats registered than Chase Bank.
Kaspersky Lab, a leading developer of secure content management solutions, announces the incorporation of new parallel computing technologies by NVIDIA into its infrastructure. In order to enhance client protection still further, the Company has started to use the highly efficient NVIDIA Tesla S1070 which is based on multi-core graphics processors.
A BUNCH of Russian hackers are offering 43 cents for each Mac that their partners in crime can infect with bogus video software.
A Dutch court has ruled against BitTorrent archive site Mininova.org, and has ordered it to purge its directory of trackers linking to copyrighted files within 30 days or face fines.