www.fusspils.net

Hot fix Tuesday to include patch for ActiveX 0 Day

Thursday, 09 July 2009 19:18 Fusspils

July 2009 Advance Notification
Advance Notification for the July 2009 Security Bulletin Release

Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of:

· Three Critical updates affecting Windows.

· One Important update affecting Publisher.

· One Important update affecting Internet Security and Acceleration (ISA) Server.

· One Important update affecting Virtual PC and Virtual Server.

I want to provide some clarity on two of the pending Windows updates mentioned. First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890).

Continue

Slowloris - End of the intertubes

Monday, 06 July 2009 16:46 Fusspils

The theory for this attack method has been around for many years but this is the first time that we know of where its been packaged into a usable tool.

It works by sending partial HTTP requests to the server to open up communications then continues at regular intervals to send headers preventing the sockets from closing. These tie up the server processes causing the denial of service in a similar way to the old SYN flood attacks.

More detailed info can be found here http://ha.ckers.org/slowloris/

So far I have tested it on the following devices and intend to test it on anything that runs the http protocol...

Linksys WAG200G                  works - DOS and forced to reboot system to get online again
Xerox Phaser 6110 printer       works - DOS
Xerox Phaser 7400 printer       works - DOS
Dell Laser 5100cn printer         works - DOS
Canon IR2800 printer              works - DOS

Cacti server running ubuntu 8.04 apache 2.2 all updates as of 06/July/09 works - DOS
BSD 7.2 apache 2.2 all updates as of 06/July/09 works - DOS

Websense - This one looks interesting and something I need to look into. If you run Slowloris against the IP:port that the Websense server gives to you when blocking a site, you can cause the server to hang. It seems to take around 3 mins before timing out and I am wondering if there is some way you can bypass the filtering service.....

......more results to follow soon

KB910721

Tuesday, 23 June 2009 20:30 Fusspils

Had a flood of Emails both at home and clients at work regarding a message claiming to be from Microsoft and advising you to install an update for Outlook. What it will do if you click on the link and install the patch is to setup a nasty little trojan (Troj/Spy-CU)

The weird thing about this one is that its extremely convincing, looks like the real deal apart from the fact that Microsoft will never ask you to install updates via email. Here is a sample of what the mail looks like so you know what to look out for...

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express

Quick Details

* File Name: officexp-KB910721-FullFile-ENU.exe
* Version: 1.4
* Date Published: Wed, 17 Jun 2009 17:03:27 +0300
* Language: English
* File Size: 81 KB

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

Last Updated on Tuesday, 23 June 2009 20:37

AES Broken?

Wednesday, 01 July 2009 18:48 Fusspils

New Attack on AES
There's a new cryptanalytic attack on AES that is better than brute force:

Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle.
In an e-mail, the authors wrote:

We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2119 to about 2110.5 data and time.
We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES.

Agreed, while this attack is better than brute force -- and some cryptographers will describe the algorithm as "broken" because of it -- it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse. Others will continue to improve on these numbers. While there's no reason to panic, no reason to stop using AES, no reason to insist that NIST choose another encryption standard, this will certainly be a problem for some of the AES-based SHA-3 candidate hash functions.

Credit - http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html

Last Updated on Wednesday, 01 July 2009 18:49

Hackers Targeting Windows XP-Based ATM Machines

Friday, 05 June 2009 11:53 Fusspils

We're not going to start hiding our millions under our mattress (that's right, all bloggers roll in obscene amounts of money and own private jets), but the next time we withdraw a wad of cash, it might be a good idea to skip the ATM and flirt with a real live teller instead. That's because about 20 ATMs, mostly in Eastern Europe, have recently been hacked and are thought to be a testing ground before spreading to other ATMs, including those in the U.S.

"Trustwave's SpiderLabs performed the analysis of malware found installed on compromised ATMs in the Eastern European region," TrustWare said. "This malware captures magnetic stripe data and PIN codes from the private memory space of transaction-processing applications installed on a compromised ATM."

According to the report, the compromised ATMs all ran Microsoft's Windows XP operating system. The malware is installed and activated through a dropper file and once compromised, hackers then have full control over the machine via a customized user interface and accessible by inserting a special controller card into the ATM.

"This malware is unlike any we have ever had experiece with," TrustWare added.

Credit . http://www.maximumpc.com

More Articles...

«
Start
Prev
1
2
3
4
5
6
7
8
Next
End
»

Page 7 of 8