17 total posts
Update mechanisms in utility software
Internet Storm Center blogs:
"Default inbound firewalling has significantly limit the network attack surface posed by core services. Today issues with tools such as Quicktime, Acrobat Reader, Flash, Realplayer and others are causing users to get compromised. The good thing about these massively deployed applications is that they usually have strong update mechanisms. Shortly after a vulnerability is identified and fixed, the user is prompted to update.
This is not the case with all pieces of software, though. There?s plenty of software that is not installed on a whopping 80% of all machines, but is popular with a specific userbase. At the Internet Storm Center, we have recently for example seen the increased use of exploits targeting users of WinRAR, a popular archiver. While each of these vulnerabilities has been remedied years ago, they are still being used to compromise users."
ISC: Digital Photo Frame replies
For those who are curious whether their Digital Photo Frame is infected, ISC blog their reply:
"Several people wanted to know if their particular frame has been reported to be infected.
At this point the only 3 that have been identified by name are the Insignia 10.4?, the ADS 8? and Uniek brand.
Many people wanted to know how they can tell if their computer has been infected by their digital frame."
Read about it at http://isc.sans.org/diary.html?storyid=3995
'Hacker' launches iTunes copying
The release of software from a firm run by a notorious Norwegian hacker is likely to cause waves in the music and film download world.
Jon Lech Johansen became the "enfant terrible" of the DRM industry when he released software which cracked the encryption codes on DVDs, aged just 15.
His firm, DoubleTwist, has now released software allowing users to share digital media files across devices.
It would allow songs bought on Apple's iTunes to be shared on other devices.
Vista SP1 prerequisite updates send some PCs into endless re
Updates that Microsoft Corp. began feeding Windows Vista users last week to prep PCs for next month's release of Service Pack 1 (SP1) have crippled some machines, according to messages posted to the company's support site.
Microsoft said it is investigating the reports.
Last Tuesday, Microsoft started sending Vista users two final prerequisite updates that are required before SP1 can be installed in March. The updates to the operating system's install components were delivered via Windows Updates, which automatically downloaded and installed them on the majority of Vista machines.
Users quickly started squawking.
Laptop wipes self to beat thieves
A UK company has come up with a nifty laptop-protection system that can automatically wipe hard disk data on machines taken from authorised locations.
Sold as a hosted service, Virtuity?s BackStopp server monitors a protected laptop using any medium available, including the Internet, or locally using Wi-Fi or GSM. If a laptop is reported stolen ? or even just moved from a designated space - the system can reach out and execute a file deletion routine that clears the laptop of all important data.
For laptops stolen while switched off, the location system can use RFID tags to make a judgement about whether that movement is within allowed parameters. A full log of all deletions is sent back to the service centre once completed.
Windows 2008 to hit the right security buttons
Better security is the biggest draw of Windows Server 2008, Microsoft's recently-launched operating system. However, IT pros are also worried about first-version bugs bedevilling the system, which is due for official release next Wednesday.
That's according to a survey from US reseller CDW, which surveyed 800 tech decision makers. Of these, 49 percent cited security features as the benefit of most interest to their organisation. Other perceived benefits of Windows Server 2008, according to the survey, included faster setup and configuration (cited by 41 percent of the respondents), easier administration (40 percent) and the operating system's new integrated virtualisation (35 percent).
"Security ranked No. 1, both here and in the three surveys we did on Windows Vista," said David Cottingham, CDW's director of product and product management.
Privacy, civil rights advocates castigate Wikileaks ruling
Privacy and civil rights advocates are expressing their dismay over a pair of decisions made by a California District Court judge last week to shut down Wikileaks.org, a controversial Web site that allows whistleblowers to anonymously post corporate and government documents online.
Several called the decision unprecedented and a violation of Wikileaks' First Amendment rights. Others said the rulings were an unnecessarily provocative action that would do little to curtail the publishing activities of Wikileaks, which is mirrored on servers in several countries.
Symantec Endpoint Security throws out error bugs
But remains functional, company says
Symantec is working on a patch a bug that generates errors in corporate security protection updates. Workarounds enabling virus signature definition updates to Symantec Endpoint Protection are available, but a more comprehensive fix is still in testing.
The glitch in the Symantec's LiveUpdate package has left sysadmins managing Symantec Endpoint Protection coping with "broken" clients, according to Reg reader Richard who manages the network of a UK college. Updates to the Decomposer function of Symantec Endpoint Protection, a software component that decompresses or unpacks files, meant that clients are unable to download new signature definition files without generating errors.
Symantec has published an advisory detailed workarounds. Posts on Symantec forums indicate that the problem first reared its head on 11 February. Richard's experiences seem fairly typical.
Popular website falls foul of Firefox 3.0
The new anti-malware tool that debuted last week in Firefox 3.0 Beta 3 is blocking users from reaching the website for a popular add-on to the open-source browser.
Another add-on site that was blocked last week has since been cleared.
One of the sites, DownThemAll.net, acknowledged that it had served users malicious code, but it said that it had purged its pages of malware. The site supports the Firefox extension DownThemAll, one of several download manager add-ons for the browser. Firefox users can now reach the site.
Hackers step up website attacks
Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware.
The security firm's 2007 Threat Report and 2008 Forecast debunked the myth about "not visiting questionable sites". Just because a user visits a gambling or adult-content site does not necessarily mean that web threats are lurking in the shadows.
But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware.
Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users.
Russian hosting network runs a protection racket
It attacks shady sites, hits them up for anti-attack hosting services
The Russian Business Network, a notorious hacker and malware hosting network, runs a protection racket that extorts as much as US$2,000 a month in fees for "protective Web services" from borderline sites, a researcher alleged.
The RBNExploit blog -- which is authored by one or more anonymous researchers -- spelled out the racket run by the group, which is thought to be headquartered in St. Petersburg, Russia, and has been pegged by security professionals as a major source of malware and cyber criminal activity.
Got malware? Now you can bank online anyway
The CSIRO has developed a tool it says will prevent criminals snooping on online communications, but hacking experts say the system is not foolproof.
The tool, dubbed the Trust Extension Device (TED), developed by the government research body, is a set of software tools loaded on to a portable storage device, which the CSIRO claims will allow online banking customers to create a quarantined desktop environment on computers that have been compromised by trojans, viruses or other malware.
"The TED is a set software components currently because it's implemented on a USB stick. It essentially starts a virtualisation machine. It's built on top of QEMU virtualisation software," TED's developer, Dr John Zic, research director of the CSIRO's Networking Technologies Laboratory.