Friday, October 31, 2008

F-Secure Reports POC Binaries Targeting MS08-067 Vulnerability

F-Secure reported today:
"We are seeing the first Proof of Concept binaries that target the MS08-067 vulnerability on the following English localized systems:

Windows XP Service Pack 2
Windows XP Service Pack 3
Windows 2003 Service Pack 2

The payload is encrypted as normal. It's function is to add the guest account to the administrators group, thus allowing unlimited access to the machine. We detect the binaries as follows:

Backdoor:W32/Agent.DIN
Backdoor:W32/Agent.DIO
Backdoor:W32/Agent.DIP"
[bold added]

For further information on this vulnerability, see Out-of-Band Critical Update MS08-067 and, for goodness sakes, if you haven't updated yet, please do so now!

F-Secure: Proof of Concept binaries for MS08-067 targeting english Windows OS's








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day Roundup

As my contribution to Cyber Security Awareness Month, I have been providing a new "tip of the day". Friends at Freedomlist and LandzDown forums provided some excellent tips that I shared. This "roundup" post provides the opportunity to extend my grateful appreciation to them for their contributions.


October 31, Tip of the Day Roundup:

A lot of information has been included this month on how to "Protect Yourself Before You Connect Yourself" by taking simple and effective steps. The information has been provided not only by me and my forum friends but also by educational, security and private organizations.

As a finale to the question I posed in September: "How can I protect myself before I connect?", the tip today is a roundup of tips. Of course, if I had discovered the other lists before beginning this project, I could have simplified this project considerably. ;)

To review the collection of tips provided this month at Security Garden, just click this link: Cyber Security Awareness Tip of the Day.

In addition to the tips provided by SANS and US-CERT, I thought you might enjoy the tips from Who's Watching Charlottesville even though they didn't seem to catch on that October has 31 days.







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 30, 2008

Security Updates for Chrome and Opera

Google's Chrome Beta:

Beta release: 0.3.154.9

Included among various issues that were fixed in the Beta release, the following Security Update was included in the latest release:
"Security Update
  • This release fixes an issue with address spoofing in pop-ups. A site could convince a user to click a link to open a pop-up window. The window's address bar could be manipulated to show a different address than the actual origin of the content.
    Security rating: Medium. This flaw could be used to mislead people about the origin of a web site in order to get them to divulge sensitive information.
    Disclosed by: Liu Die Yu of the TopsecTianRongXin research lab."

Opera:

From Certified Bug, I see that Opera also has a security update, with Advisory 906, labeled "Extremely Severe" and Advisory 907 as "Highly Severe". If you use Opera, update to Version 9.62.










Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

EstDomains Termination Stayed by ICANN

Following up on the recent news that ICANN was removing EstDomains from the list of ICANN-accredited registrars, I learned that ICANN received a response from EstDomains regarding the notice of termination. As a result, ICANN has stayed the termination process while the claims submitted by EstDomains are reviewed.

See EstDomains Update: Notice of Termination Stayed









Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 30

Laptop usage is no longer restricted to the business person who travels frequently. Instead, laptops are rapidly replacing desktop computers not only in business and on college and university campuses but also for home use. With that in mind, the tip today is from Case Western Reserve University:

October 30 Tip of the Day:

"A few tips for protecting laptops and data include:

  • Never leave your laptop unattended in a public area
  • Buy a locking cable for your laptop. The cables are available for purchase at the bookstore, through Case Protective Services, or online.
  • Make sure you have a screensaver password
  • Don't keep sensitive data on a laptop. Instead, keep it on a central or department file server, and wipe your disk free space after you delete working copies from the hard drive.
  • Back up data on a regular cycle, and practice recovery from backup"

The complete article is available at "Case offers tips, programs during Cyber Security Awareness Month"







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, October 29, 2008

PDC2008 Finale

From Tom Warren of Neowin, posted a fun video demonstrating different applications on the surface units: Microsoft Surfaces at PDC. I thought the video was more interesting than a Microsoft professional presentation because it illustrated how easy the Microsoft Surfaces appears to be to use.

Long Zheng of I Started Something has been very busy both photographing and documenting at PDC2008. Just two examples are these recent articles:
Long Zheng has a lot more at I Started Something.

The best way to locate all of the material Paul Thurrott has provided at the SuperSite for Windows is to click on the Windows 7 tab. Paul has accumulated a wealth of material already.

From Microsoft PressPass:
PDC2008: Microsoft Research Reveals Future of Surface, Robotics, Platforms

Microsoft Research Senior Vice President Rick Rashid details new development tools and innovations, including tiny sensors used to regulate energy consumption, and SecondLight, a new rear-projection Surface technology.


I was excited because the Keynotes were scheduled during my lunch break here in the Eastern Time Zone. Unfortunately, live streaming is apparently blocked by the Corporate firewall. Fortunately, I was able to get a taste of what was going on thanks to the "All-Star Bloggers" (listed below). If you follow Microsoft products and development, I expect they are on your "must read" list.

Thank you, Guys and Mary-Jo!









Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

EstDomains Being Removed From List of ICANN-Accredited Registrars

To quote Alex Eckelberry:

"This is really good news. Mikko Hyppönen has a good writeup at the F-Secure blog."










Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 29

As parents and other adults in a position of influence with children, we teach our children to follow the "Golden Rule" -- treat others as you would like to be treated.

Due to a feeling of anonymity sitting at a keyboard, both adults and children alike often forget about the "Golden Rule". Cyber Ethics is treating others online as you would like to be treated.

October 29 Tip of the Day:

Teach your children proper Cyber Ethics. Everyone needs to remember that words typed on the computer and post online can be more damaging than spoken words. You can apoligize for spoken words and in time the hurt will be forgotten. Written words, even though an apology is rendered, remain as a record for all to see. They attract a much larger audience than a traditional person-to-person confrontation.








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 28, 2008

Windows 7 Home Page and Blogs

The Microsoft Windows 7 home page is now live: Windows 7.

In addition, the primary team blog site for information on Windows Vista and Windows Experience is now a three-pronged team site. The Windows Team Blog which includes the Windows Vista Team Blog, the Windows Experience Blog and the new Windows 7 Team Blog.

As Brandon LeBlanc explained:

All 3 of these blogs also have distinct purposes. As you can expect – the Windows Vista Team Blog will continue to talk about all-things Windows Vista and the Windows 7 Team Blog will talk about all-things Windows 7 as we move forward. The Windows Experience Blog, which is written by me, will continue to talk about anything related to the cool and interesting Windows experiences people can have with Windows. The focus of the 2 “Team” blogs is to deliver important news and announcements we think are important to you as a consumer and as a Windows enthusiast in a more personable way. Real people (like me and Mike Nash) write these blog posts.








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows 7 From PDC

Edit Note: Additional links added.

Hot off the press -- or rather released from embargo! Take a look at the new Microsoft Operating System -- Windows 7:

Ed Bott, ZDNet: A first look at Windows 7’s pre-beta PDC release (Image Gallery)
Ed Bott's Windows Expertise: Windows Media Center in Windows 7

Tom Warren, Neowin: Introducing the Windows 7 UI

Paul Thurrott: Windows 7 Preview

Windows 7 M3 Screens:

Mary-Jo Foley, ZDNet: Windows 7: What’s coming for business users

Microsoft PressPass: PDC2008: Developers Get First Look at Windows 7, Web Applications Based on Office
At Day 2 of Professional Developers Conference 2008 (PDC2008), Ray Ozzie and others preview the newest technologies designed to “bring the best of the Web to Windows, and the best of Windows to the Web."







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 28

When purchasing a cell phone, PDA or computer accessories like keyboards, mice and other peripherals, many people look for models that are Bluetooth enabled. Bluetooth is a method of wireless networking these devices without wires or cables.

October 28 Tip of the Day:

Protect yourself before you connect your Bluetooth devices.

"How can you protect yourself?

  • Disable Bluetooth when you are not using it - Unless you are actively transferring information from one device to another, disable the technology to prevent unauthorized people from accessing it.

  • Use Bluetooth in "hidden" mode - When you do have Bluetooth enabled, make sure it is "hidden," not "discoverable." The hidden mode prevents other Bluetooth devices from recognizing your device. This does not prevent you from using your Bluetooth devices together. You can "pair" devices so that they can find each other even if they are in hidden mode. Although the devices (for example, a mobile phone and a headset) will need to be in discoverable mode to initially locate each other, once they are "paired" they will always recognize each other without needing to rediscover the connection.

  • Be careful where you use Bluetooth - Be aware of your environment when pairing devices or operating in discoverable mode. For example, if you are in a public wireless "hotspot," there is a greater risk that someone else may be able to intercept the connection (see Securing Wireless Networks for more information) than if you are in your home or your car.

  • Evaluate your security settings - Most devices offer a variety of features that you can tailor to meet your needs and requirements. However, enabling certain features may leave you more vulnerable to being attacked, so disable any unnecessary features or Bluetooth connections. Examine your settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. Make sure that all of your Bluetooth connections are configured to require a secure connection.

  • Take advantage of security options - Learn what security options your Bluetooth device offers, and take advantage of features like authentication and encryption."
From Understanding Bluetooth Technology








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, October 27, 2008

Windows Azure and PDC Keynote

As I mentioned in an earlier post today, Microsoft introduced Windows Azure, described as "Window in the cloud", at PDC 2008. Azure was introduced by Microsoft CTO (Chief Technology Officer) Ray Ozzie in the keynote address, reproduced below from Microsoft Press Pass.

Silverlight Required for Viewing


Ray Ozzie PDC 2008 Keynote 27Oct2008
From PressPass


References:








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

PDC08 Bloggers Speculate

Bill Pytolovany reported in live from PDC but couldn't tell us anything he learned in a sneak preview about Windows 7 due to confidentiality. I have been following Bill's TweetGrid which includes Tweets tagged #PDC, #PDC08 and #PDC2008 as well as Bill's reports.

Mary-Jo Foley also isn't giving away any secrets but has provided a report on information that has trickled out from various sources in Windows 7 pre-beta build: What’s inside

Ed Bott, on the other hand, provided a report on the Seven questions Microsoft won’t answer about Windows 7.

Based on Long Zheng's Windows 7 (M3) pre-beta features detailed in privacy statement, however, it would appear the answer to Ed's first unanswered question, "How many versions of Windows 7 will be available?", it seems we can expect to see at least three if not four. The privacy statement references Windows 7 Enterprise Edition and Windows 7 Ultimate Edition. Adding at least one lower-cost personal version (i.e., Windows 7 Home Basic Edition), we can speculate there will be at least three versions. Will there also be a Windows 7 Home Professional?

Joe Wilcox "live-blogged" during the keynote: Microsoft Debuts Windows Azure








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

New Google Chrome (Beta) Browser Vulnerability

As reported in The Register, a "proof of concept" of new vulnerability has been reported for the Google Chrome (Beta) browser which allows attackers to impersonate websites of groups such as the Better Business Bureau, PayPal or even Google.

According to Google, the development version Dev Release: 0.3.154.6 addresses the vulnerability.

Reminder: Beta software should not be used in a production environment.

References:








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Hello Cloud!

Since I cannot get the live streaming to work (must be company firewall), I have been following the “All-star bloggers” group liveblogging at PDC 2008. A major release announced at PDC2008 is Windows Azure, a cloud-based service.
"The Azure Services Platform is an industry-leading move by Microsoft to help developers build the next generation of applications that will span from the cloud to the enterprise datacenter and deliver compelling new experiences across the PC, Web and phone."
From the "All-star bloggers", a link to this Azure application, created on the fly:
http://hellocloud.cloudapp.net/

Unfortunately, my lunch break is over so I will have to catch the re-run on Channel9.







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 27

It is Monday morning and the weekend is already a distant memory. You either managed to take some deserved R&R time, avoiding even the most mundane of tasks or your weekend was packed with family activities, leaving no time for those same mundane tasks -- like checking your computer for needed security updates.

Although keeping your computer software updated has been included in previous posts, in view of the seriousness of the recent Out-of-Band Critical Update MS08-067, please consider this additional information.

The following is what has been reported that TrojanSpy:Win32/Gimmiv.A gathers from infected computers:
  • User Name
  • Computer Name
  • Network Adapters / IP Addresses
  • Installed com objects
  • Installed programs and installed patches
  • Recently opened documents
  • Outlook Express and MSN Messenger credentials
  • Protected Storage credentials
There is NO patch for operating systems that have reached "end of life" support. That means that only Windows 2000, XP, Windows Server 2003, Vista and Windows 7 (Beta) can be patched. Note further that on Windows 2000, XP, and Windows Server 2003 systems, the code can be run without authentication. This is not the case on Vista (or Windows 7 Beta) where authentication is needed.

There are no visual effects informing about the infection. It has been confirmed that the exploits can download a malicious .exe automatically. The most likely methods being used are drive-by downloads and fake codec Web sites.


October 27 Tip of the Day

Get the patch at Microsoft Update: http://update.microsoft.com/



References:







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, October 26, 2008

PDC2008

If you cannot be at PDC2008 in person, you can still follow the events remotely. Below is the schedule and the links for the Keynotes, published at Liveside:

Edit Note: With Silverlight 2 installed, the streams are also scheduled to be shown from http://microsoftpdc.com

PDC2008 Keynote Schedule via Live Stream:

  • Monday, October 27, 2008, 8:30 - 10:30 AM (Pacific Time)
    Ray Ozzie, Amitabh Srivastava, Bob Muglia and David Thompson
    100 | 300 | 750 kbps
  • Tuesday, October 28, 2008, 8:30 - 10:30 AM (Pacific Time)
    Ray Ozzie, Steven Sinofsky, Scott Guthrie and David Treadwell
    100 | 300 | 750 kbps
If your schedule will not accommodate the live webcasts, the Keynotes will be on Channel 9 about 24 hours after the live presentations. In fact, Channel 9 already has a lot of material available. Just click on the PDC08 tag: Channel9/tags/PDC08.

See the full schedule at PDC2008 and follow the “All-star bloggers” group liveblogging at PDC 2008.






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 26

Do you "Google"? According to Security Garden blog analytics, over 90% of visitors who come here as a result of search results, arrived via Google search results. Such overwhelming results leads to the tip today being a two-for-one!

October 26 Tip(s) of the Day:

1) If you see a warning as illustrated below in Google search results, pay attention and, by all means, do not go there. Even if it is a site you have been too before and it was "perfectly safe" does not mean that it is now. It may be the site or the host server that has been infected.


Additional information is available in Malware? We don't need no stinking malware!

2) The second tip for today is to exercise caution with Google's "Sponsored Links" which can lead to malicious sites and infections. Microsoft MVP Mike Burgess demonstrates what he regularly finding in Is Security overwhelmed by Malware?


References
:








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, October 25, 2008

Windows 7 Resources

With PDC2008 ready to enthrall techies from around the world, particularly with the sessions on Windows 7, a new Microsoft blog has been rolled out, The Windows 7 Blog for Developers.

As the title indicates, the blog is devoted to developers. The intent is for it to be a
“one stop shop” on how developers can use Windows 7 features in their application. Expect code samples and demos showcasing some of Windows 7’s new features. The purpose is to highlight the Windows 7 development story.

For IT Professionals focused on Windows Client, you will want to keep tabs on another new blog, the Springboard Series - The Resource for Windows Desktop IT Professionals. Although not completely focused on Windows 7, I would expect to see it covered as well. The goal is to provide information and help on the latest guidance, tools, and resources available for the Windows Client.

The two new blogs will have their work cut out for them in order to captivate their respective audiences to the extent that Engineering Windows 7 has been doing.







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows Vista Service Pack 2 Beta

Mike Nash, Corporate VP, Windows Product Management, provided an update regarding Windows Vista Service Pack 2 (SP2) Beta in the Windows Vista Blog. Windows Vista SP2will be available for evaluation next Wednesday, October 29, by a small group of "Technology Adoption Program" customers.

Of interest to current and potential Windows Vista users is what is planned for inclusion in the service pack. The following information was provided:

"In addition to previously released updates since the launch of Windows Vista SP1, Windows Vista SP2 contains changes focused on supporting new types of hardware and adding support for several emerging standards:

  • Windows Vista SP2 adds Windows Search 4.0 for faster and improved relevancy in searches.
  • Windows Vista SP2 contains the Bluetooth 2.1 Feature Pack supporting the most recent specification for Bluetooth Technology.
  • Ability to record data on to Blu-Ray media natively in Windows Vista.
  • Adds Windows Connect Now (WCN) to simplify Wi-Fi Configuration.
  • Windows Vista SP2 enables the exFAT file system to support UTC timestamps, which allows correct file synchronization across time zones."
The complete report is available at Windows Vista Service Pack 2 Beta. Additional information is available for IT Professionals in the Springboard Blog at First Look: Windows Vista Service Pack 2.







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 25

At lunch the other day, I read an interesting story at SecureWorks, about an undercover FBI operation for tracing the identity and locations of cyber criminals involved in identity theft. (See DarkMarket: FBI Sting Closes E-Doors)

As frequently happens when reading one article, I followed a link from that article to the National Cyber Forensics Training Alliance where I eventually ended up at the Internet Crime Complaint Center (IC3), a partnership endeavor with the FBI.

I don't suppose that it surprises regular Security Garden readers that this path led to the . . .

October 25 Tip of the Day

As stated at IC3, "Internet crime schemes that steal millions of dollars each year from victims continue to plague the Internet through various methods." The IC3 resents a set of "preventative measures that will assist you in being informed prior to entering into transactions over the Internet."

See Internet Crime Prevention Tips








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, October 24, 2008

Security Update for Opera Browser

Via Heise Security:

“Opera has released security update 9.61 for its browser of the same name, resolving three vulnerabilities. Among them is the possibility of web sites extracting the browser history, as well as a cross site scripting hole when changing pages. In addition, the update fixes minor flaws in the user interface. The new version is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris.”

Changelog: Opera 9.61 for Windows Changelog









Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Tip of the Day: October 24

I received a link to another helpful document from my friend Eric the Red at LandzDown Forum. This is particularly timely for parents considering investing in a family gift for the approaching Holidays.

October 24 Tip of the Day

Follow the simple steps for configuring your Windows Vista computer accounts, updates and more in the SANS Reading Room document, Windows Vista: First Steps.

This illustrated guide is ideal for the home user.








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 23, 2008

Critical Update -- Did You Reboot?

It is not always a critical security update that requires a restart when installing Microsoft updates. The reason for the restart is that some updates require access to files currently in use. In order to avoid a conflict when installing the update, the a prompt is provided for a restart. The installation can then be made without conflicts.

Based on the above explanation, when the update fixes a security-related issue, your computer is not safe until you reboot and the update is installed.

The Microsoft Update Product Team provides a complete explanation of Automatic Rebooting, Update Deadlines, and Policies to Change Automatic Rebooting Behavior in Windows Update and Automatic Reboots.









Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Out-of-Band Critical Update MS08-067

If you have Automatic Updates turned off, please check for updates now! This is one security update you do not want to wait to install. As described, in part, by Christopher Budd in the MSRC Blog post MS08-067 Released:

"This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. To help you better understand the details around the vulnerability, my colleagues over at the Security Vulnerability Research & Defense blog have provided some more information here. Also, Michael Howard has provided some background on the vulnerability from the Security Development Lifecycle perspective here." [Bold added]

Update Note: Edited to add additional Microsoft References from the Windows Update Team, the MSRC Ecosystem Strategy Team Blog and the Malware Protection Center Blog.

From Microsoft Security Bulletin MS08-067 - Critical

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.
Also from the Security Bulletin:
Server Service Vulnerability - CVE-2008-4250

A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-4250.

Microsoft References:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...