|
|
|
|
| |
CERTStation Week In Review Transcript: week 9, 2010 |
|
| |
|
|
| |
Microsoft on Sunday confirmed it's investigating an unpatched bug in VBScript that hackers could exploit to plant malware on Windows XP machines running
Internet Explorer (IE). The flaw could be used by attackers to inject malicious code onto victims' PCs; Users running IE7 or the newer IE8 are at risk
also.Microsoft has confirmed a security hole in Internet Explorer under Windows XP that allows attackers to compromise a system. The hole is reportedly
caused by the ability of VBScript's MsgBox function to retrieve arbitrary online help files (.hlp) and execute arbitrary commands via macros these files may
contain. However, this requires some user interaction: The user has to confirm by pressing F1. Whether or not this will in practice prevent users from
infecting their PCs is questionable the text in the small message window could very well mislead them into pressing the key.The hole can reportedly also be
exploited in version 6 and 7 of Internet Explorer under Windows XP. Windows 7 and Vista are not affected. Microsoft say they are investigating the problem
and will respond accordingly – whether this will involve a patch was not mentioned by the vendor. As a workaround, browser users can refrain from pressing
the F1 key or disable Active Scripting.
|
|
| |
|
|
| |
IBM Lotus Domino includes an ActiveX control called Domino Web Access, which provides Web-based access for Lotus Notes users. The control features
functionality that is used for uploading files and clearing the cache upon logout.The Lotus iNotes ActiveX control for reading email from within a browser contains a programming error which can result in a buffer overflow. This could be exploited by an attacker to infect an iNotes user with spyware on visiting a crafted web page.Lotus iNotes, previously known as Lotus Domino Web Access, provides Notes users with web access to their email accounts. To achieve this, it installs an ActiveX control which remains active once used and can then be called by any web site. It thus represents a potential target for attack. IBM
does not reveal precisely which versions are affected, but the bug is reported to be fixed in versions 7.0.4 and 8.5. As a work around, the vendor recommends
either setting the kill bit for the ActiveX control in question or disabling ActiveX completely.The problem has an interesting history. iDefense reports that
it alerted IBM to the problem in September 2008 more than 18 months ago. IBM's security alert offers no hint as to why it has taken so long to issue a
security warning.
|
|
| |
|
|
| |
In late 2008, a Pennsylvania teenager playing SOCOM U.S. Navy Seals got kicked out of a tournament for using a cheat mod. So he took revenge by crashing the
PlayStation web site for 11 days.A 17-year-old Westmoreland County honor student has admitted to crashing a Sony gaming Web site. The teen entered the equivalent of a guilty plea to four felony charges in juvenile court for using a computer virus to crash a Sony Entertainment Corp. gaming Web site. The charges grew out of a federal grand jury investigation in San Diego, but authorities agreed to let the charges be handled by Westmoreland County Juvenile Court because of the boy's age.State prosecutors agreed to withdraw 11 other related offenses, including those related to a similar computer attack in March 2009. Investigators said the teen used hacker tools to contact computers around the world that had been infected with a virus. Those computers were then
directed by the teen to clog three games on the PlayStation site and cause it to crash and go offline. Westmoreland County Judge John Driscoll allowed the
boy to return to his parents' home and attend school. He will be sentenced later this year.
|
|
| |
|
|
| |
UK users are being offered a 'hardened' version of Mozilla Firefox that can secure access to online bank accounts, maker Network Intercept has announced.
Although the security built into the browser is identical in its workings to the US version which has been available for some weeks, the Secure-Me browser
does feature some necessary localization.The main difference between Secure-Me and a conventional browser is that it accesses the Internet after setting up
an encrypted channel between itself and Network's Intercept's US-based cloud. All sites are visited through this layer, which also renders sessions
anonymous. Its makers say this accelerates browsing and blocks domain redirection attacks, and stops malware having access to personal data within a session.
In the background, a semi-independent keystroke interference program (which works with other programs on a PC) blocks both hardware and software key logging.
The program also incorporates Clam-AV antivirus scanning, integrates file encryption for files on local or attached drives, and allows encrypted file
transfer. The localization is necessary to allow access to UK-only services such as the BBC's popular iPlayer, which would otherwise be blocked because
access is always through the US cloud. Some aspects of the cloud security design will also work with Internet Explorer. Setting IE as the default browser
will allow it to connect through an encrypted channel to the Network Intercept Cloud. That gives these users an encrypted and anonymous channel.
|
|
| |
|
|
| |
The World of Warcraft authenticator is rather popular with anyone that takes their MMORPG (Massively Multiplayer Online Role Playing Game) action seriously.
Well, it seems a scam from November 2009 is back but with an alarming twist, World of Warcraft players are reporting that the new infection file is managing
to intercept login data (thus getting around the authenticator) and send it elsewhere, by means of a “Man in the middle attack” according to Blizzard
Technical Support. Crooks have developed a man-in-the-middle-attack designed to circumvent authentication kit used by dedicated World of Warcraft gamers.
The ruse relies on tricking gamers into installing Trojans disguised as gaming add-ons. Once applied the malware allows hackers to capture and relay
authentication commands next time a victim logs on to Blizzard's servers. The hackers divert and then relay authentication commands before looting gaming
accounts for virtual gold, presumably for resale. Meanwhile the results of a failed login are played back to victims, effectively locking them out of their
compromised accounts for at least the time needed to pull off the scam. The approach of the gaming fraudsters is broadly similar to man-in-the-middle attacks
against online banking accounts, where users are obliged to input a code generated by an authentication device as well as their password. Such an approach
does offer added security for online banking but is by no means bulletproof, as attacks that have been ongoing for at least four years serve to illustrate.
|
|
| |
|
|
| |
|
|
| |
If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week. |
|
|
|
| |
|
|
