Promises patch to plug hole that's been exploited for weeks
March 22, 2008 (Computerworld) Microsoft Corp. yesterday warned of a critical vulnerability that affects users of Word running on Windows 2000, XP and Server 2003 SP1 -- several weeks after one security company first reported an exploit and a day after a second vendor confirmed ongoing attacks.
In an advisory posted Friday, Microsoft acknowledged "public reports of very limited, targeted attacks" that exploit a bug in the Microsoft Jet Database Engine, a Windows component that provides data access to applications including Microsoft Access and Visual Basic.
I wanted to let you know that we have just posted Microsoft Security Advisory (950627).
This advisory contains information about a very limited, targeted attack exploiting a vulnerability in Microsoft Jet Database Engine. Our initial investigation has shown that this vulnerability affects customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007 and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.
Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.
FBI looks at Chinese role in Darfur site hack
News
FBI Suspects Chinese Hackers Damaged Darfur Site
The FBI is looking into a China-based hack of servers at the Save Darfur Coalition. 22-Mar-2008
Passport records breach highlighted by targets' prominence
March 24, 2008 Computer forensics firms get boost from new evidence rules
http://www.crime-research.org/news/24.03.2008/3265/
It's not the Emmy Award-winning “CSI: Crime Scene Investigation,” but computer forensics holds a growing lure for law firms and human resource directors investigating workplace disputes.Driving some of the growth are new amendments to the Federal Rules of Civil Procedure, which took effect about a year ago. The new rules address standards of evidence for “e-discovery,” or electronic records that are admissible for civil cases in federal courts.
US Treasury Department Adopts Dual-Factor Authentication - 3/21/2008 1:23:00 PM Entrust IdentityGuard costs only 25 cents per card for each user
Toshiba Preps 128GB Solid-State Notebook Drive
Tibet protestors disrupt the lighting of the Olympic flame
http://en.wikipedia.org/wiki/Image:Internet_map_1024.jpg
Unencrypted Laptop With Patient Data Stolen From National Institutes of Health
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years' worth of clinical trial data, including names, medical diagnoses and details of the patients' heart scans. The information was not encrypted, in violation of the government's data-security policy. NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday -- almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.
Patients' Data on Stolen Laptop, Washington Post, March 24, 2008.
Posted by EPIC on March 24, 2008.Permanent link to this item. --> -->
Cell Phones Can Be Used to Track Individuals
Cell-phone companies can tell not only where your phone is, but as long as it's on, they can trace where it's been — whether the phone is in use or not. And that technology is becoming a staple of law enforcement investigations. The tracking technology is a common feature of cell phones, mandated since 1999 so 911 dispatchers could easily trace the location of emergency calls. Newer phones, such as the iPhone owned by Lewis, the BlackBerry and other models that access local wireless Internet networks (wi-fi), can be tracked even more precisely than conventional cell phones.
Cell phones become tools for helping detectives find crime suspects, Florida Sun-Sentinel, March 22, 2008.
Posted by EPIC on March 24, 2008.Permanent link to this item.
Safari Address Bar Spoofing and Memory Corruption VulnerabilitiesApple Safari for Windows - Highly critical - From remoteIssued 1 hour ago.Juan Pablo Lopez Yacubian has discovered two vulnerabilities in Safari, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a user's system.
Network Solutions Pre-Censors Anti-Islam Site
Web site name registrar Network Solutions is blocking access to a site owned by a controversial Dutch politician known for his confrontational views about Islam and Muslim immigrants. The move by one of the largest companies in the domain registration business is notable, experts say, because it may be the first documented case of Internet pre-censorship by a major U.S.-based Web registrar.
http://blogs.washingtonpost.com/securityfix/
Seattle Times columnist Danny Westneat's story from a community meeting with Northwest border control agents. Seems their monitoring for dirty bombs from the median of Interstate 5 caught a car transporting a radioactive cat. "It turns out the feds have been monitoring Interstate 5 for nuclear 'dirty bombs.' They do it with radiation detectors so sensitive it led to the following incident. 'Vehicle goes by at 70 miles per hour... Agent is in the median, a good 80 feet away from the traffic. Signal went off and identified an isotope [in the passing car]. The agent raced after the car, pulling it over not far from the monitoring spot.' Did he find a nuke? 'Turned out to be a cat with cancer that had undergone a radiological treatment three days earlier.'"
Rick Rolled to child porn = you're a pedophile, says FBI
Click-and-be-(seriously)-owned. The FBI is using a honeypot scheme to lure pedophiles, but all it takes is one click and you could be searched, arrested, and even convicted as a result. Can a single click land you in prison? Apparently, yes.
March 23, 2008 - 02:10PM CT - by Jacqui Cheng
That didn't take long. On Friday morning, PC World reported that that it would offer a "Fresh Start" option on certain of its laptops: for an extra $50, Sony would remove all the annoying "trial software" that apparently infests a lot of PC laptops these days (as a smug Mac user, I can't say I've experienced this firsthand). Not surprisingly, the announcement generated a firestorm of controversy, and within hours, Sony's PR reps rushed out to reassure people that it was all a big misunderstanding. Sony won't charge for "Fresh Start" after all, and will instead offer it as a free option. But only on certain laptops and only for customers who upgrade to the business version of Vista.
The fact that it thought of offering such a service at all -- for a fee or otherwise -- suggests that Sony has a rather short-sighted attitude toward its business.
Flying Security: Shackle All Passengers With Tazer-Like Bracelets
MalwarePro Is A Scam, Microsoft Says
SEATTLE (CN) - MalwarePro deceives consumers by offering to "scan" their computers for "hidden parasites" such as "spyware" for free, then charging $29.95 to "repair" the "problems detected," though there are no such problems, and the defendants uses the ruse to install its own software, which cannot be uninstalled, Microsoft claims in King County Court.
Exploring StealthMBR Defenses
Sunday March 23, 2008 at 4:53 pm CST
Posted by Aditya Kapoor, Rachit Mathur
Self protection measures and motives:
1. Hooks IRP dispatch table of \\driver\DiskMotive: This is one of the lowest level hooks in the kernel, created for IRP_MJ_READ and IRP_MJ_WRITE. These are created to deny read/write permission to any application that is trying to access the MBR.
2. Dummy hooks in IRP dispatch table of \\driver\Disk. Motive: Other dummy hooks are created, probably to keep all the hooks in the same range, which may dupe some of the anti-rootkit tools that check if all the valid hooks are in the same device object range.3. Hooks IRP dispatch table of \\driver\CDRomMotive: The IRP dispatch table pointers of both disk and cdrom point to same location, so this rootkit hooks the IRP table of CDRom and changes the pointers to the same location as that of the corresponding hooked dispatch routines of disk. If this table is not patched, some AV tools can compare the two pointers and raise a flag if a discrepancy is found. Also, it can be used to restore the original pointers in the IRP dispatch table of disk.
4. Patches classpnp.sys!ClassInitialize function Motive: The ClassInitialize function is an exported function of the ClassPNP.sys driver, which has references to various pointer locations of the original IRP dispatch table [Figure 1]. An AV tool having the knowledge of this can compare the two pointers and raise a flag if a discrepancy is found. Also, it can be used to restore the original pointers in the IRP dispatch table of disk.
http://blog.wired.com/27bstroke6/
Montana governor Brian Schweitzer declared victory Friday after the Department of Homeland Security sent his state an extension to the Real ID act, despite his insistence Montana will never comply with a mandate he describes as a "boondoggle."
China to probe online text message spamAP - Mon Mar 24, 6:42 AM ET
SHANGHAI, China - Chinese authorities said Monday they are investigating complaints that millions of cell phone users were spammed with unwanted text messages from advertisers.
The Lede: Lenin’s Birthplace to Embrace English
Getting Virtualization Security Right
Virtualization squeezes multiple operating systems onto a single physical machine. That saves space and overhead, but also creates the potential for problems that affect more of the company's business. More
Not scared about Cross-Site Request Forgery? You should be... you're scared of jail aren't you?
No comments:
Post a Comment