computers « JusticeDept.com

October 21, 2009

IBM Says Web Is Insecure

Filed under: Uncategorized — Tags: computers, internet security, malicious, PDF, risk, threats, vulnerability exploitations, web — @ 2:20 pm

The IBM X-Force 2009 Mid-Year Trend and Risk Report revealed many security problems with the world wide web. The report’s findings show an unprecedented state of Web insecurity as Web client, server, and content threats converge posing a huge risk for web surfers. The report finds more than a 500 percent increase in malicious Web links and increased sophistication in vulnerability exploitation.

There has been a 508% increase in the number of new malicious Web links discovered in the first half of 2009. This problem is no longer limited to malicious domains or untrusted Web sites. The report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.

The report also finds that the level of veiled Web exploits, especially PDF files, are at an all time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content monitored by the IBM ISS Managed Security Services team nearly doubled.

Comments Off

August 2, 2009

Vulnerability: Microsoft ActiveX

Filed under: Uncategorized — Tags: alert, computers, Internet, Microsoft, security — @ 11:32 pm

US-Cert — ActiveX controls built with Microsoft ATL fail to properly handle initialization data
Overview
ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
Microsoft Active Template Library (ATL) is a set of C++ classes that are designed to simplify the creation of COM objects and ActiveX controls. An ActiveX control can be designated as “safe for scripting,” which means that it can be used by an untrusted caller such as JavaScript in a web page, and/or it may be designated as “safe for initialization,” which means that it can accept untrusted initialization data. ActiveX controls that are developed using the Microsoft ATL technology may fail to properly handle initialization data. The specific vulnerabilities include the use of uninitialized objects, unsafe usage of OleLoadFromStream, and the failure to check for a terminating NULL character. This may result in memory corruption that can be leveraged to execute code, or it may bypass Internet Explorer kill bit restrictions on unsafe controls.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.
III. Solution
Apply an update

This vulnerability has been addressed in the update for Internet Explorer provided in Microsoft Security Bulletin MS09-034. This update helps prevent ActiveX controls that were built with the vulnerable ATL versions from being initialized with unsafe data patterns in Internet Explorer. This also includes techniques that can be used to bypass the kill bit in Internet Explorer.

Update and recompile ActiveX controls

Developers who have created ActiveX controls using Microsoft ATL should install the update for Microsoft Security Bulletin MS09-035 and recompile the ActiveX controls. This will cause the controls to use an updated ATL version that addresses these vulnerabilities.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the “Securing Your Web Browser” document.

Comments (1)

May 8, 2009

Warning — Microsoft Powerpoint Alert

Filed under: Uncategorized — Tags: computers, internet security, Microsoft, Powerpoint — @ 7:40 pm

Microsoft Releases Advance Notification for May Security Bulletin
added May 7, 2009 at 02:58 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that the May release cycle will contain one bulletin with a maximum severity rating of Critical. The notification states that the Critical bulletin is for Microsoft PowerPoint. The release is scheduled for Tuesday, May 12.

US-CERT will provide additional information as it becomes available.

Comments Off

April 24, 2009

What’s So Great About Firefox?

Filed under: Uncategorized — Tags: computers, internet security, networks, scammers, spammers, viruses — @ 5:23 pm

Mozilla has released a new version of the Firefox web browser. “Firefox has security, speed and new features that will change the way you use the Web. Don’t settle for anything less.”

The Safest Web Browser

Mozilla says, “Simply put, your online security is our top priority. Firefox includes strict anti-phishing and anti-malware measures, plus easy ways to tell the good guys from the bad like our new one-click site ID info. And, thanks to our open source process we have thousands of security experts around the globe working around the clock to keep you (and your personal information) safe.”

Comments Off

April 19, 2009

Microsoft Windows, Office and Internet Explorer

Filed under: Uncategorized — Tags: computers, Internet Explorer, internet security, Microsoft, Office, Windows — @ 1:49 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Forefront Edge Security as part of the Microsoft Security Bulletin Summary for April 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Comments Off

April 15, 2009

U.S. Electrical Grid Attacked by Hackers

Filed under: Uncategorized — Tags: computers, hackers, internet security, malware, networks — @ 1:56 pm

Hackers planted malware onto the network of the U.S. electrical grid. It is likely their intent was to cripple the power infrastructure. According to security researcher Roger Thompson the hackers probably gained access like many others by exploiting holes in software, such as, Windows.

“Any computer connected to the Internet is potentially vulnerable. Getting to the actual infrastructure devices directly — that’s always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.”

There is debate over whether the owner of a compromised computer can be held criminally responsible for allowing their PC to be taken-over.

Comments (2)

April 11, 2009

Coordinating Virus and Spyware Defense

Filed under: Uncategorized — Tags: computers, internet security, networks, spyware defense, virus protection — @ 7:30 pm

by CERT

Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems.

Isn’t it better to have more protection?

Spyware and viruses can interfere with your computer’s ability to process information or can modify or destroy data. You may feel that the more anti-virus and anti-spyware programs you install on your computer, the safer you will be. It is true that not all programs are equally effective, and they will not all detect the same malicious code. However, by installing multiple programs in an attempt to catch everything, you may introduce problems.
How can anti-virus or anti-spyware software cause problems?

It is important to use anti-virus and anti-spyware software (see Understanding Anti-Virus Software and Recognizing and Avoiding Spyware for more information). But too much or the wrong kind can affect the performance of your computer and the effectiveness of the software itself.

Scanning your computer for viruses and spyware uses some of the available memory on your computer. If you have multiple programs trying to scan at the same time, you may limit the amount of resources left to perform your tasks. Essentially, you have created a denial of service against yourself (see Understanding Denial-of-Service Attacks for more information). It is also possible that in the process of scanning for viruses and spyware, anti-virus or anti-spyware software may misinterpret the virus definitions of other programs. Instead of recognizing them as definitions, the software may interpret the definitions as actual malicious code. Not only could this result in false positives for the presence of viruses or spyware, but the anti-virus or anti-spyware software may actually quarantine or delete the other software.
How can you avoid these problems?

* Investigate your options in advance – Research available anti-virus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes, and try to find out how frequently the virus definitions are updated. Also check for known compatibility issues with other software you may be running on your computer.

* Limit the number of programs you install – Many vendors are now releasing packages that incorporate both anti-virus and anti-spyware capabilities together. However, if you decide to choose separate programs, you really only need one anti-virus program and one anti-spyware program. If you install more, you increase your risk for problems.

* Install the software in phases – Install the anti-virus software first and test it for a few days before installing anti-spyware software. If problems develop, you have a better chance at isolating the source and then determining if it is an issue with the software itself or with compatibility.

* Watch for problems – If your computer starts processing requests more slowly, you are seeing error messages when updating your virus definitions, your software does not seem to be recognizing malicious code, or other issues develop that cannot be easily explained, check your anti-virus and anti-spyware software.

Comments (6)

April 7, 2009

CONFICKER WORM IMPORTANT ANNOUNCEMENT

Filed under: Uncategorized — Tags: computers, Conficker, hackers, internet security, networks, worm — @ 6:30 pm

US-CERT saw no evidence of nefarious behavior associated with Conficker on April 1, 2009. It is important to understand that it is still unclear what Conficker is intended for and capable of doing. Systems with infections must be cleaned now. An infected system could enable an attacker to remotely take control of that system and install additional malicious software. Even though April 1, 2009 has passed, the exact time and intended purpose of the Conficker/Downadup worm remains unknown. The possible malicious uses of this worm range from data theft, phishing/spam efforts, and, the scenario of most concern, distributed denial-of-service (DDoS) attacks. Users must remain vigilant in detecting the Conficker Worm and systematically cleaning systems of these infections to prevent potential, future cyber events. PLEASE READ THE CURRENT ACTIVITY UPDATE for more information about the Conficker worm.

Comments (1)

Microsoft Security Advisory: Power Point

Filed under: Uncategorized — Tags: advisory, computers, internet security, Microsoft, Power Point — @ 6:28 pm

Microsoft has released security advisory 969136 to address reports of a vulnerability in Microsoft Office PowerPoint. By convincing a user to open a specially crafted Office file, a remote attacker may be able to gain access to the affected system with the same rights as the user running PowerPoint.

US-CERT encourages users and administrators to review Microsoft Security Advisory 969136 and implement the suggested workarounds listed in the advisory to help mitigate the risks.

Comments (1)

April 3, 2009

Safer Net Surfing

Filed under: Uncategorized — Tags: computers, DNS, internet security, networks, spoofing — @ 1:49 pm

by NIST

When you type www.irs.gov—or the Web address of your bank or an e-commerce site—into your web browser, you want to be sure that no one is hijacking your request and sending you to a bogus look-alike page. You’re relying on the integrity of the Internet’s “phone book,” the Domain Name System (DNS). Computer scientists at the National Institute of Standards and Technology (NIST) are playing a major role in making sure that what you type is what you get by providing standards, guidance and testing necessary to bolster the trustworthiness of the global DNS. A draft update of NIST’s guidelines for DNS security is now available for public comment.

Most recently, NIST computer scientists provided technical assistance to the General Services Administration to meet the end-of-February deadline to secure the top-level .gov (“dot-gov”) domain, the first major step of a new government-wide DNS security upgrade. NIST researchers develop the standards, specifications and operational procedures used by federal civilian agencies to safeguard their information systems. The Internet relies on the DNS system that converts the user-friendly names (www.nist.gov) into a unique Internet Protocol address (129.6.13.45) necessary to route data to its destination.

The DNS as currently deployed lacks the ability to authenticate the source or integrity of responses returned from the system, and as a result it is easy to spoof responses and redirect users to fake or look-alike destinations. NIST and others are working to add “steel doors and locks” to enhance DNS security. NIST computer scientists led the development of new Internet Engineering Task Force (IETF) standards to add digital signatures and associated key management procedures to DNS protocols. These additions, called DNSSEC, allow users to validate the authenticity and integrity of the data and will provide the basis for a new trust infrastructure for the DNS and protocols and systems that rely on it.

“We hope that the dot-gov deployment of DNSSEC will encourage rapid deployment in other sectors, including government contractors, trading partners and general e-commerce sites,” said Scott Rose, one of the NIST computer researchers.

In addition to developing the standards and deployment protocol guidance for DNSSEC, NIST researchers have developed the Secure Naming Infrastructure Pilot (SNIP) distributed testbed (www.dnsops.gov) to assist agencies and vendors in experimenting with and evaluating specific DNSSEC solutions. NIST is a member of an industry-government DNSSEC-Deployment Initiative, coordinated by the Department of Homeland Security, to foster adoption and implementation of DNSSEC specifications across Internet domains.

The NIST team also has drafted updated recommendations for the “Secure Domain Name System (DNS) Deployment Guide” (NIST Special Publication 800-81 Rev 1), the key DNS security guidance document for civilian agencies, (Available on the Web at http://csrc.nist.gov/publications/drafts/800-81-rev1/NIST_SP-800-81-Rev1_draft.pdf.)

This first revision of the guidance proposes stronger cryptographic algorithms and keys to provide more resilience against attack. The revised publication incorporates comments from the Internet Engineering Task Force that are to update best practices and checklists in the document. The latest version of the deployment guide includes cookbook configuration instructions for two commonly deployed DNS server implementations.

The public is invited to review the draft NIST SP-800-81 revision 1 guidelines and submit comments to SecureDNS@nist.gov before March 31, 2009.

Comments (1)

Older Posts »