Spyware, Viruses, & Security forum

General discussion

NEWS - December 29, 2009

by Carol~ Moderator / December 28, 2009 10:07 PM PST
Microsoft confirms IIS hole

29 December 2009

Microsoft has confirmed the security hole in its IIS web server, but hasn't disclosed which versions of the product are affected. According to the finder of the "semi-colon bug", versions up to and including version 6 are vulnerable. The hole allows attackers, for instance, to camouflage executable ASP files as harmless JPEG files and upload malicious code to a server.

Microsoft's Security Response Center (MSRC) says it is investigating the vulnerability and has so far not found evidence of any attackers actively exploiting the hole to compromise a server. According to the vendor, the required conditions present an obstacle for successful attacks: Attackers must have authenticated themselves on a server and possess read as well as upload privileges to a directory which, in turn, must allow the execution of code.

Continued here: http://www.h-online.com/security/news/item/Microsoft-confirms-IIS-hole-893413.html

~~~~~~~~~~~~~~~

From Jerry Bryant at The Microsoft Security Response Center (MSRC):

New Reports of a Vulnerability in IIS

Hi everyone,

On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable. An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration. Customers using out of the box configurations and who follow security best practices are at reduced risk of being impacted by issues like this.

Once we?re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

This vulnerability was not responsibly disclosed to Microsoft and may put customers at risk. We continue to encourage responsible disclosure of vulnerabilities as we believe reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Continued here: http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx
Discussion is locked
You are posting a reply to: NEWS - December 29, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 29, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Web sites in their thousands selling on customer data
by Carol~ Moderator / December 28, 2009 10:08 PM PST
SentryBay warns that legitimate sites are conning subscribers to their services with smallprint conditions

Phil Muncaster
29 Dec 2009

Over 4,000 so-called legitimate sites worldwide could be selling on subscriber or user data without the knowledge of their users, according to identity theft prevention firm SentryBay.

In an exclusive conversation with V3.co.uk, chief operating officer at the vendor, Marcus Whittington, explained that the figures come from a comprehensive database run by partner organisation, Lucid Intelligence.

The Lucid database offers a unique snapshot into the activity of identity fraudsters by comprising a list of user data which is being bought and sold on the black market.

The firm states on its web site that it contains the details of over forty million people worldwide "who have had their personal information compromised by criminals in this way".

Whittington argued that on numerous occasions data which has ended up in the Lucid database can be traced exclusively back to a legitimate site, for example, it may have been entered by a user into a big name subscription news site.

Continued here: http://www.v3.co.uk/v3/news/2255476/web-sites-thousands-selling
Collapse -
Twitter banned passwords
by Carol~ Moderator / December 28, 2009 10:10 PM PST

From SophosLabs Blog:

As you may have heard in the last few days, Twitter has banned 370 passwords (actually only 369, ?password? appears twice in the list) as ?too obvious? to be safe for their users. A good move in theory but why are so few words banned? And what are they? The list is available in various places online, or even just by viewing the source of the Twitter sign up page. Sadly the sports fans in this Sophos office may be out of luck with both ?boston? and ?redsox? making the banned list. [...]

Fans of football, basketball or hockey are luckier though, no mention of ?patriots?, ?celtics? or ?bruins?, all of which are allowed but, quite correctly, flagged as weak. [...]

It?s not clear yet where the folks at Twitter got their list of banned passwords from but it occurred to me that it might be interesting to compare it to another list of common passwords, this time a list that the bad guys are using, the 246 passwords used by Conficker. The lists have only 29 passwords in common with another 100 of the conficker list shorter than Twitter?s 6 character limit. That leaves 117 passwords that malware authors think are common but apparently Twitter does not.

Continued here: http://www.sophos.com/blogs/sophoslabs/v/post/8089

Collapse -
Adobe will be top target for hackers in 2010, report says
by Carol~ Moderator / December 29, 2009 1:11 AM PST
McAfee also predicts more sophisticated social networking attacks and targeting of HTML 5

By James Niccolai,
December 29, 2009

Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week.

"Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot," security vendor McAfee said in its "2010 Threat Predictions" report (PDF).

Hackers usually target the most widely used products in order to achieve the maximum impact. For a long time that has made Microsoft their primary target. But the software giant has tightened security in its recent OS releases, leading hackers to look for additional targets.

Adobe's CTO acknowledged recently that his company's software is being attacked more frequently, and said the company has stepped up its efforts to respond.

Continued here: http://www.networkworld.com/news/2009/122909-adobe-will-be-top-target.html?hpg1=bn

~~~~~~~~~~~~~~~~~

2010 Predictions: The Year of a Major Social Networking Security Breach?

From the McAfee Labs Blog:

With the New Year just days away, it?s time for McAfee Labs 2010 Threat Predictions. What should you be wary of in the coming year? Social networks.

Sites such as Twitter and Facebook have changed the way we communicate, interact, and share on the web. As user bases for the top online social destinations reach record highs, cybercriminals are building out their criminal toolkits, taking advantage of new technologies, third-party applications, and hotspots of activity to exploit users.

What does this mean for the average surfer? Next time you receive an invite from one of your ?Facebook friends? to play a game that looks like it?s shaping up to be the next Farmville, think twice before you click. In 2010, users are going to be more vulnerable to attacks that blindly distribute fake apps across their networks. The same goes for bit.ly?s and TinyURLs. As abbreviated URLs become more ubiquitous, it will be even easier for cybercriminals to mask and direct users to malicious sites.

Continued here: http://www.avertlabs.com/research/blog/index.php/2009/12/28/2010-predictions-the-year-of-a-major-social-networking-security-breach/
Collapse -
Kaspersky Lab predicts file-sharing threats to rise in 2010
by Carol~ Moderator / December 29, 2009 1:11 AM PST

29 December 2009

In its year-end forecast of security threats for the coming year, Kaspersky Lab is predicting a shift of emphasis from attacks via websites and applications software attacks over towards file-sharing networks in 2010.

This time last year, the Russian headquartered veteran IT security software vendor's analysts forecasted a rise in the number of global malware epidemics.

Unfortunately, Kaspersky said, that forecast proved to be accurate: 2009 was dominated by sophisticated malicious programmes with rootkit functionality, the Kido worm (also known as Conficker), web attacks and botnets, SMS fraud and attacks on social networks.

According to Kaspersky's research experts, in the coming year there will be a shift in the types of attacks on users: from malware attacks via websites and applications towards security attacks originating from file-sharing networks.

Continued here: http://www.infosecurity-magazine.com/view/6129/kaspersky-lab-predicts-filesharing-threats-to-rise-in-2010/

Collapse -
What do you see?
by Carol~ Moderator / December 29, 2009 2:46 AM PST

From the SophosLabs Blog:

Here in the labs, we recently had an interesting message arrive in our systems; after viewing the message, 100% of those polled agreed on what it was. What do you think?

[...]

What do YOU see?

If you answered spam, you?re on your way to having the mentality of a spam analyst.

This message has many hallmarks of classic unsolicited commercial email:

1. the middle of the message says ?Click Here? in big prominent text
2. there?s an ?opt-out? banner, announcing that this is an ad
3. the ad contains a ?unique ID?
4. despite the (intentionally obscured) address, the message does not say who it is actually from
5. the ?call to action? link is http :/fefcbdacggbfg.[redacted].info/alphaville/4754-1b416/ ? random sub-domain, published in the .info top level domain, with a directory name comprised of two random words, and a sub-directory that looks like yet another unique identifier.
6. everything in this message except for the ?unique ID? under the opt-out banner is actually an image.

Continued here: http://www.sophos.com/blogs/sophoslabs/v/post/8100

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?