A Real Dumpster Dive: Bank Tosses Personal Data, Checks Data protection is not just an IT security issue. But security industry analyst Steve Hunt, who heads up Hunt Business Intelligence, believes too many people in IT security still have that false perception. Read more...
----------
IT contractor indicted for sabotaging offshore rig management system
March 18, 2009 (Computerworld) An IT contract employee who formerly worked at an oil and gas production company in Long Beach, Calif., was indicted yesterday on charges of sabotaging a computer system he helped set up because the company did not offer him a permanent job.
The case is the latest to highlight the challenge that businesses face in trying to protect corporate systems and networks from rogue insiders and those with privileged access to systems, such as contractors and business partners. Security analysts have warned about the heightened threats such users pose to corporations because of the broader disgruntlement resulting from layoffs and other belt-tightening steps companies have taken during the recession.
----------
Vivek Kundra reinstated as federal CIO
March 17, 2009 (Computerworld) Vivek Kundra, who took a leave of absence from his job as the federal government's first CIO last week, was reinstated today after the White House determined that he has no connection to an alleged bribery scheme in the District of Columbia's IT department, where he previously was chief technology officer.
"Mr. Kundra has been informed that he is neither a subject nor a target of the investigation and has been reinstated," White House spokesman Nick Shapiro said via e-mail late today, in response to a query seeking confirmation of reports posted online by the Personal Democracy Forum's techPresident blog and The New York Times.
Kundra had been on leave since last Thursday, following the arrests of the D.C. IT department's acting chief security officer and the CEO of an outsourcing contractor on bribery and other charges. The arrests and a related raid on the district's IT offices took place as Kundra was speaking at FOSE 2009, a government IT conference in Washington, in his first major public appearance since being named federal CIO.
...
----------
Blogger who streamed pre-release Guns N' Roses songs deserves prison time, say feds
----------
D.C. IT bribery suspect to remain in jail; judge says evidence 'overwhelming'
----------
Criminals sneak card-sniffing software on Diebold ATMs
March 17, 2009 (IDG News Service) Diebold Inc. has released a security fix for its Opteva automated teller machines after cybercriminals apparently broke into the systems at one or more businesses in Russia and installed malicious software.
Diebold learned of the incident in January and sent out a global security update to its ATM customers using the Windows operating system. It is not releasing full details of what happened, including which businesses were affected, but said criminals had gained physical access to the machines to install their malicious program.
"Criminals gained physical access to the inside of the affected ATMs," Diebold said in its security update. "This criminal activity resulted in the operation of unauthorized software and devices on the ATMs, which was used to intercept sensitive information."
----------
Consumer Groups Launch Badware-busting Community PC World - Tue Mar 17, 12:50 PM ET
The people behind StopBadware.org have launched a Web site where ordinary people can band together to fight computer viruses and adware.
----------
Social Networks' Risks for Business Security
Corporate social media has many positives, but security issues should not be overlooked.
----------
Adobe Security Bulletin Adobe Reader and Acrobat
Adobe has released security advisory APSB09-04 for Adobe Reader and Acrobat. The CVE entries related to the vulnerabilities being patched are CVE-2009-0658 and CVE-2009-0927. Current versions are now 9.1, 8.1.4, and 7.11. Updates for both Windows and Macintosh platforms are available.
----------
NSA Director: We Don't Want to Run Cybersecurity
CSO Publisher Bob Bragdon moderates the IT Security Entrepreneur's Forum at Stanford University and blogs about the keynote speech from NSA Director and Lt. Gen. Keith Alexander.
Read more
----------
GS cookie protection – effectiveness and limitations
Monday, March 16, 2009 4:15 PM
MSRC Engineering
The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail about how GS works, so it may be helpful to refer to these MSDN articles for an overview and loads of detail on how GS works and what a GS cookie is. It’s important to note that depending on the exact vulnerability, even if a function is protected by a GS cookie, a stack-based buffer overrun may still be exploitable – for example if the attacker can gain control prior to the cookie check. However even in these circumstances, GS can often be a significant obstacle to exploitation and/or reliability of exploitation. There have been some stack-based attacks recently that were not mitigated by GS – this post takes a couple of examples and looks at why that was.
...
----------
Posted at 10:00 AM ET, 03/17/2009
Newsflash: Local Man Launches Virus Epidemic
Malware authors are beginning to personalize virus attacks sent through e-mail, blasting out fake news alerts about shocking events that supposedly happened in or around the recipient's home town.
This latest innovation comes compliments of the Waledac worm, widely seen as the successor to the Storm worm, a wily virus that used a seemingly bottomless bag of new tricks to fool people into clicking on links that launch the worm into action.
On Monday, security firm Trend Micro began warning people to look out for bogus "Reuters breaking news" e-mails warning of explosion or other various calamities that have supposedly broken out in a city near you. The message content pulls data from so-called "geo-location" services that can use the recipient's Internet address to make a semi-accurate guess of their nearest town.
For example, a user who lives in Fairfax, Va., might see this subject line in a missive sent by Waledac: "Powerful explosion burst in Fairfax this morning." The message authors also append a Wikipedia link and a Google search link at the bottom to add to the fake alert's legitimacy.
Trend and other security firms first spotted this localization technique used by another Waledac variant last month, which used e-mails claiming to help recipients weather the financial crisis by linking to fake coupons for retail stores in the recipient's area.
Posted by Brian Krebs Permalink
----------
17 March 2009
More information on Microsoft's DNS and WINS patches
Last weeks patch for Microsoft's DNS and WINS servers immunises clean systems, but does not clean up already affected systems more…
Microsoft has responded to criticism that the fixes for DNS and WINS released last Patch Tuesday as MS09-008, were ineffective. One security researcher complained that already inserted WPAD (Web Proxy Auto Discovery) entries were not removed or blocked. In a blog entry, MSRC Program Manager Maarten Van Horenbeck, said that this was intentional, as Microsoft only creates security updates to protect a system against future attacks and does not aim to undo any attack "that has taken place in the past".
He then goes on to show how WPAD entries can be verified using the MMC DNS snap-in. Microsoft's expert also expands on the background to the other vulnerabilities that the patch fixes.
----------
Cisco's data center plans: Winners, losers
Larry Dignan: Cisco rolled out its long-awaited vision of data center architecture, including multiple partners, a wire-once approach to link computing, virtualization, storage and networking and a call to lower costs.
Cisco: 'We're going to compete with HP'
What Cisco learned from open source
Gallery: Cisco's blade servers
----------
Year-old Windows hole under attack
Ryan Naraine: Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows, the issue remains unpatched and now it's allegedly in the wild.
Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating.
The vulnerability, called token kidnapping (.pdf), was originally discussed last March by researcher Cesar Cerrudo and led to Microsoft issuing an advisory with workarounds. Five months later (October 2008), Cerrudo released a proof-of-concept in an apparent effort to nudge Microsoft into patching but the company has not yet released a fix.
...
----------
That article included these lines:
It should also be said that the list of outstanding Windows flaws collecting dust is very long and continues to grow everyday.
In the absence of a patch, end users should pay attention to the workarounds/mitigations in Microsoft’s advisory.
----------
Some items from that article:
The missing WMP patch is just one of a several known — and very serious — vulnerabilities that have not yet been patched by Microsoft. A few off the top of my head:
Internet Explorer – Remember the Safari-to-IE blended threat from April? This vulnerability was reported to Microsoft since 2006 and, despite issuing an advisory that embarrassed Apple into shipping a Safari fix, Microsoft has still not fixed the underlying code defect. Now, I’m hearing murmurings that this issue probably won’t be fixed until Windows 7. Boo!
Token Kidnapping — Four months after shipping a pre-patch advisory confirming the severity of Cesar Cerrudo’s token kidnapping (.pdf) bug, Microsoft’s fix is still not available. This issue affects Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.
Ghosts in Browsers — It’s been more than three months since Manuel Cabellero (now a Microsoft employee) went to Blue Hat and gave the scary ghosts-in-the-browser talk. Nate McFeters saw the carnage first hand and confirms that it affects “all browsers.” Since then, Sirdarckcat published details on IE browser flaws that entends to both IE 7 and IE 8 beta. Worse, they’re all still unpatched.
Web Proxy Auto-Discovery — This man-in-the-middle WPAD issue, publicly discussed at Kiwicon last December, is another bug on Microsoft’s late list. An advisory with mitigations (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista) is available but still no patch. This issue also relates to all versions of Internet Explorer, including IE 7 for Windows Vista so it’s not insignificant.
Print Table of Links (IE) - Aviv Raff’s discovery of a cross-zone issue affecting IE 7 and IE 8 beta is publicly known but, despite the availability of proof-of-concept code, there’s no fix yet from Microsoft.
If that list is not scary enough, take a peek at this upcoming advisories page maintained by TippingPoint’s Zero Day Initiative. It lists a whopping 20 unpatched vulnerabilities that have been reported to Microsoft, some more than 200 days ago.
----------
Patch Those Internet Printers
When I wrote a scanner plug-in this week for an old directory traversal vulnerability–CVE-2008-4419–I wondered whether there are vulnerable HP LaserJet printers online that can be controlled from the Internet. To find out, I used Google. The search listed almost 50 results, and I found that almost all of these printers are not patched, even though HP has provided firmware updates to resolve this vulnerability. An attacker could leverage this unicode-encoded directory traversal vulnerability to read configuration files or cached documents, and gain read access from the Internet to important internal information.
Usually administrators ignore the security of printer devices. They may think there is no harm even if the printer can be controlled remotely by an attacker.
The administration web interface of these LaserJets can be accessed without passwords. The attacker can use these LaserJets to print any documents from anywhere. Although attackers may not be able to reach the printouts, at least they can waste a lot of paper. Spammers can also post free advertising to companies if they connect to these printers.
So please harden your network gateway or firewall to restrict access to these devices. Don’t give everyone on the Internet a chance to use your printer, and patch the vulnerable LaserJets to prevent the potential information disclosure.
To download the HP firmware updates and upgrade instructions, click here.
----------
... The downsizing has been added to the Layoff Tracker, which has tracked over 300,000 layoffs since last year.
Total Layoffs Since August 27, 2008: 441
Total Employees: 310,718
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment