JusticeDept.com

January 28, 2009

White House (.gov) Email Down Due to Microsoft

Filed under: Uncategorized — Tags: , , , , — @ 4:03 pm

The new White House team found out there email systems were down for most of the day on Monday. Press Secretary Robert Gibbs mad the announcement of the technical difficulties at his 1:30 p.m. briefing. He apologized for the e-mail silence and blamed it on a Mircrosoft Outlook server.

Both incoming and outgoing email were not working. They resorted to making photocopies of the executive orders that President Obama signed.

Mr. Gibbs said, “Our apologies if you’ve e-mailed any of us in the last two-and-a-half hours. Our e-mail system is not working so well. So our apologies on that, and we’ll endeavor to get you information from earlier in the day, hopefully in a little bit more of a timely manner, if we can get the e-mail to work.”

When questioned further he replied, “We don’t comment on security issues.”

January 26, 2009

Apple QuickTime Updates for Multiple Vulnerabilities

Filed under: Uncategorized — Tags: , , , — @ 5:36 pm

National Cyber Alert System
Technical Cyber Security Alert TA09-022A
Apple QuickTime Updates for Multiple Vulnerabilities
Original release date: January 22, 2009
Source: US-CERT

Systems Affected
Apple QuickTime 7.5 for Windows and Mac OS X

Overview
Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. Attackers may be able to exploit these vulnerabilities to execute arbitrary code or cause a denial of service.

I. Description
Apple QuickTime 7.6 addresses a number of vulnerabilities affecting QuickTime. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted media or movie file. This file could be hosted on a web page or sent via email.

II. Impact
The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution and denial of service.

III. Solution
Upgrade to QuickTime 7.6. This and other updates are available via Software Update or via Apple Downloads.

Microsoft Windows Does Not Disable AutoRun Properly

Filed under: Uncategorized — Tags: , , , — @ 5:34 pm

National Cyber Alert System
Technical Cyber Security Alert TA09-020A
Microsoft Windows Does Not Disable AutoRun Properly
Source: US-CERT

Systems Affected
Microsoft Windows

Overview
Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft’s guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability.

I. Description
Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. AutoRun (and the closely related AutoPlay) can unexpectedly cause arbitrary code execution in the following situations:
A removable device is connected to a computer. This includes, but is not limited to, inserting a CD or DVD, connecting a USB or FireWire device, or mapping a network drive. This connection can result in code execution without any additional user interaction.

A user clicks the drive icon for a removable device in Windows Explorer. Rather than exploring the drive’s contents, this action can cause code execution.

The user selects an option from the AutoPlay dialog that is displayed when a removable device is connected.

Malicious software, such as W32.Downadup, is using AutoRun to spread. Disabling AutoRun, as specified in the CERT/CC Vulnerability Analysis blog, is an effective way of helping to prevent the spread of malicious code.

The Autorun and NoDriveTypeAutorun registry values are both ineffective for fully disabling AutoRun capabilities on Microsoft Windows systems. Setting the Autorun registry value to 0 will not prevent newly connected devices from automatically running code specified in the Autorun.inf file. It will, however, disable Media Change Notification (MCN) messages, which may prevent Windows from detecting when a CD or DVD is changed. According to Microsoft, setting the NoDriveTypeAutorun registry value to 0xFF “disables Autoplay on all types of drives.” Even with this value set, Windows may execute arbitrary code when the user clicks the icon for the device in Windows Explorer.

II. Impact
By placing an Autorun.inf file on a device, an attacker may be able to automatically execute arbitrary code when the device is connected to a Windows system. Code execution may also take place when the user attempts to browse to the software location with Windows Explorer.

III. Solution
Disable AutoRun in Microsoft Windows

To effectively disable AutoRun in Microsoft Windows, import the following registry value:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”
To import this value, perform the following steps:

Copy the text
Paste the text into Windows Notepad
Save the file as autorun.reg
Navigate to the file location
Double-click the file to import it into the Windows registry
Microsoft Windows can also cache the AutoRun information from mounted devices in the MountPoints2 registry key. We recommend restarting Windows after making the registry change so that any cached mount points are reinitialized in a way that ignores the Autorun.inf file. Alternatively, the following registry key may be deleted:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
Once these changes have been made, all of the AutoRun code execution scenarios described above will be mitigated because Windows will no longer parse Autorun.inf files to determine which actions to take. Further details are available in the CERT/CC Vulnerability Analysis blog. Thanks to Nick Brown and Emin Atac for providing the workaround.

Update:

Microsoft has provided support document KB953252, which describes how to correct the problem of NoDriveTypeAutoRun registry value enforcement. After the update is installed, Windows will obey the NoDriveTypeAutorun registry value. Note that this fix has been released via Microsoft Update to Windows Vista and Server 2008 systems as part of the MS08-038 Security Bulletin. Windows 2000, XP, and Server 2003 users must install the update manually. Our testing has shown that installing this update and setting the NoDriveTypeAutoRun registry value to 0xFF will disable AutoRun as well as the workaround described above.

Oracle National Cyber Alert System

Filed under: Uncategorized — Tags: , , , — @ 5:20 pm

Oracle Updates for Multiple Vulnerabilities
Original release date: January 15, 2009
Source: US-CERT

Overview
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

I. Description
The Oracle Critical Patch Update – January 2009 addresses 41 vulnerabilities in different Oracle products and components. The document provides information about affected components, access and authorization required, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.

Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.

II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.

III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update – January 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.

Microsoft Technical Cyber Security Alerts Multiple SMB Protocol Vulnerabilities

Filed under: Uncategorized — Tags: , , , — @ 5:10 pm

Original release date: January 13, 2009
Source: US-CERT

Systems Affected
Microsoft Windows 2000, XP, and Vista
Microsoft Windows Server 2000, 2003, and 2008

Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server.

I. Description
In their bulletin for January 2009, Microsoft released updates to address vulnerabilities in the Server Message Block (SMB) Protocol that affects all supported versions Microsoft Windows.

II. Impact
A remote, unauthenticated attacker could gain elevated privileges, execute arbitrary code, or cause a denial of service.

III. Solution
Microsoft has provided updates for this vulnerability in the Microsoft Security Bulletin Summary for January 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should also consider using an automated update distribution system such as Windows Server Update Services (WSUS).

January 23, 2009

Microsoft Vista And Windows 7

Filed under: Uncategorized — Tags: , , , — @ 2:22 pm

Microsoft continues to have problems with their Vista opperating system. Consumers complain about the problems that plague the software. The next service package to help fix the problems continues to be delayed. No official release date has been set. Security and privacy issues should be of concern to anyone using a Microsoft based computer to connect to the Internet.

The next opperating system release from Microsoft is Windows 7 and is expected to be released in 2010.   The Beta version is available at Microsoft.com.  They claim:

Windows 7

Over the past few years, you’ve asked us to make some changes to Windows. We listened closely. Now it’s time to share an early look at how we’ve used your feedback. Windows 7 is faster, more reliable, and makes it easier to do what you want. Both the everyday things and the killer “is that really possible?” things. Dig into this site to see what’s coming.

 

Internet Explorer 8

Available now, Internet Explorer 8 Beta 2 helps you do what you want online, faster. With innovations to the address bar, search, tabs, and the Favorites bar, Internet Explorer 8 brings you more information, with less effort.

Instant Search

To start, as you type a search request you’ll immediately start seeing relevant suggestions from your chosen search provider, complete with images when available. The twist: search will also use your browsing history to narrow the suggestions. You’ll start seeing search results while you’re typing. If you see what you’re looking for, you can go right to the list without finishing the request.

<a href=”http://membrane.com/security/”>Back to the Internet Security & Privacy Site</a>

January 22, 2009

The Safest Web Browser

Filed under: Uncategorized — Tags: , , , , , — @ 5:24 pm

The Safest Web Browser

According to Mozilla, maker of web browsers, their Firefox is the safest web browser.

Here is their claim:

Firefox keeps your personal info personal and your online interests away from the bad guys.

So How Do We Do It?

What makes Firefox different? Most importantly, we’re open. That means anyone around the world (and we have thousands of experts watching our back) is able to look into our code and find any potential weak spots in our armor.

And when we hear about a problem, we roll up our sleeves and get to work fixing it right away. It’s in your best interest (and ours) to take care of the issue, even if it means admitting we’re a little less than perfect.  Simply put, your security is our top priority.

There’s a Method to Our Madness.

Nobody loves the Internet more than we do. But, scammers, spammers and trigger-happy viruses are true threats,  so you need to protect yourself while using the Web.  That’s Where Firefox Comes In.

Using it is the safest way to surf the web because:

* We don’t try to tackle the problem alone. An international community of security experts is working around the clock to make your web browsing safer (thanks to our open source way of doing things). It’s like having your neighborhood watch led by a group of highly trained ninjas.
* We consider your security every step of the way. Security experts work right from the start to identify and address potential problems before a single line of code is written.
* We stay on top of the issue. We’re constantly monitoring threats and releasing new Firefox updates to stay one step ahead. Operating in an open source world means anyone can help us find and fix our weak spots.

For more details on how Firefox keeps you safe online, visit our security blog.

January 19, 2009

Google’s New Web Browser Let’s You Go Incognito

Filed under: Uncategorized — Tags: , , , , , — @ 4:01 pm

Web browsing has become safer with Chrome, Google.com ’s browser. You can download it for free. It’s lightweight on your computer resources but heavy duty on surfing the web… pages load faster.

There is also an awesome feature that is the antithesis of Microsoft’s Internet Explorer (IE) web browser — secure browsing. Whereas Microsoft tries to track your movements and uses practices that are questionable for your privacy and security, Google has built in features to help protect you. In particular, you can click on the little wrench icon in the upper right hand corner and select, “New incognito window.”

A new browser window opens and tells you:

You’ve gone incognito. Pages you view in this window won’t appear in your browser history or search history, and they won’t leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.

Going incognito doesn’t affect the behavior of other people, servers, or software. Be wary of:
* Websites that collect or share information about you
* Internet service providers or employers that track the pages you visit
* Malicious software that tracks your keystrokes in exchange for free smileys
* Surveillance by secret agents
* People standing behind you

Recovering from a Trojan Horse or Virus

Filed under: Uncategorized — Tags: , , , , , — @ 3:51 pm

by the United States Computer Emergency Readiness Team
www.us-cert.gov

Michael D. Durkota and Will Dormann It can happen to anyone. Considering the vast number of viruses and Trojan horses traversing the Internet at any given moment, it’s amazing it doesn’t happen to everyone. Hindsight may dictate that you could have done a better job of protecting yourself, but that does little to helpyou out of your current predicament. Once you know that your machine is infected with a Trojan Horse or virus (or if your machine is exhibiting unexpected behavior and you suspectthat something is wrong), what can you do? If you know what specific malicious program has infected your computer, you can visit one ofseveral antivirus web sites and download a removal tool. Chances are, however, that you will not be able to identify the specific program. Unfortunately your other choices are limited, butthe following steps may help save your computer and your files. 1. Call IT supportIf you have an IT support department at your disposal, notify them immediately and followtheir instructions.2. Disconnect your computer from the Internet Depending on what type of Trojan horse or virus you have, intruders may have access to yourpersonal information and may even be using your computer to attack other computers. You canstop this activity by turning off your Internet connection. The best way to accomplish this is tophysically disconnect your cable or phone line, but you can also simply “disable” your networkconnection. 3. Back up your important files At this point it is a good idea to take the time to back up your files. If possible, compile all ofyour photos, documents, Internet favorites, etc., and burn them onto a CD or DVD or save themto some other external storage device. It is vital to note that these files cannot be trusted, sincethey are still potentially infected. (Actually, it’s good practice to back up your files on a regular basis so that if they do get infected, you might have an uninfected set you can restore.)4. Scan your machineSince your computer (including its operating system) may be infected with a malicious program, it is safest to scan the machine from a live CD (or “rescue” CD) rather than a previously installedantivirus program. Many antivirus products provide this functionality. Another alternative is touse a web-based virus removal service, which some antivirus software vendors offer (try searching on “online virus scan”). Or you could just try Microsoft’s web-based PC Protection Scan. The next best action is to install an antivirus program from an uncontaminated source such as aCD-ROM. If you don’t have one, there are many to choose from, but all of them should provide the tools you need.

After you install the software, complete a scan of your machine. The initial scan will hopefullyidentify the malicious program(s). Ideally, the antivirus program will even offer to remove the malicious files from your computer; follow the advice or instructions you are given. If the antivirus software successfully locates and removes the malicious files, be sure to followthe precautionary steps in Step 7 to prevent another infection. In the unfortunate event thatthe antivirus software cannot locate or remove the malicious program, you will have to followSteps 5 and 6. 5. Reinstall your operating systemIf the previous step failed to clean your computer, the most effective option is to wipe or format the hard drive and reinstall the operating system. Although this corrective action will also result in the loss of all your programs and files, it is the only way to ensure your computeris free from backdoors and intruder modifications.Many computer vendors also offer a rescue partition or disc(s) that will do a factory restore ofthe system. Check your computer’s user manual to find out whether one of these is providedand how to run it.Before conducting the reinstall, make a note of all your programs and settings so that you canreturn your computer to its original condition.It is vital that you also reinstall your antivirus software and apply any patches that may be available. Consult “Before You Connect a New Computer to the Internet” for further assistance.6. Restore your files If you made a backup in Step 3, you can now restore your files. Before placing the files back indirectories on your computer, you should scan them with your antivirus software to check themfor known viruses. 7. Protect your computerTo prevent future infections, you should take the following precautions: • Do not open unsolicited attachments in email messages.• Do not follow unsolicited links.• Maintain updated antivirus software. • Use an Internet firewall.• Secure your web browser.• Keep your system patched.To ensure that you are doing everything possible to protect your computer and your importantinformation, you may also want to read some of the articles in the Resources section below.

Is your company keeping information secure?

Filed under: Uncategorized — Tags: , , , , — @ 3:43 pm

Federal Trade Commission

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

* Take stock. Know what personal information you have in your files and on your computers.
* Scale down. Keep only what you need for your business.
* Lock it. Protect the information in your care.
* Pitch it. Properly dispose of what you no longer need.
* Plan ahead.
* Create a plan to respond to security incidents.

« Newer PostsOlder Posts »

Powered by WordPress