Archive | Security

Security is not a feature; it’s a process. Notes on issues, patches and essays on security.

Here it comes again: a new Bagle trojan horse attack (Windows only)

By Ted Roche on September 20, 2005 in Microsoft, Security

Alex Feldstein blogs New Bagle worm is making rounds?. SANS Internet Storm Center reports that a new Bagle worm variant is making rounds. Make sure that your antivirus is up-to-date and enabled.

Preliminary information is:

The file arrives as a zipped attachment with a filename including
the word “price” (price.zip, price2.zip newprice.zip, 09_price.zip,
etc…).

Creates two files: C:\WINDOWS\system32\winshost.exe and C:\WINDOWS\system32\wiwshost.exe

Launches winshost.exe from the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key

This has been classified (by at least one AV vendor) as: TROJ/BAGLEDL-U

Be aware.

My Inbox (running on a Mac) is already filling up with these. One more time, let’s remember the rules: NEVER open an attachment from an untrusted source. There are no trusted sources. NEVER EVER open an unexpected attachment without verifying with the sender that they did intend to send you that attachment. If you have some confidence you know what you’re doing, save it to disk, scan it and test it. If you aren’t confident of your abilities to detect a problem, contact your IT support person. Don’t have any of those? Don’t open the attachment.

Lies, damned lies, statistics

By Ted Roche on September 18, 2005 in Microsoft, OpenSource, Security

OSNews posts Firefox vs. IE security: Is Two Greater Than Five?. “A recent blog post on ZDNet contends that Firefox is not as secure as promised by counting exploits. Joseph Huang contends that severity and the number of unpatched vulnerabilites matters, not just the number of exploits discovered.”

Lies, damned lies and statistics, indeed! Here’s Joseph’s portrayal:

	IE	FireFox
Extremely Critical	10	Zero
Highly Critical	20	3
Moderately Critical	14	4
Less / Not Critical	25	15

Patch Tuesday wasn’t patchless

By Ted Roche on September 14, 2005 in Microsoft, Security

Despite the fanfare that greeted Microsoft’s announcement that they had no patches ready to ship on their regular Tuesday, slipping due to a quality flaw again, Microsoft Watch from Mary Jo Foley reports Microsoft Reissues Windows 2000 Rollup. “Microsoft on Tuesday reissued the Windows 2000 Service Pack 4 Update Rollup that has been causing problems for myriad Windows 2000 customers for the past few months.”

UPDATE: More information. The “re-release,” named “Update Rollup 1 for Windows 2000 SP4 – v2” fixes four issues with the original Update Rollup One for Windows Two Thousand Service Pack Four:

Installation of the wrong MSXML3.DLL resulting in errors like “MSXML3.DLL File Not Found,” “Error 0x80244001,” and “Error 0x800700C1”
BSOD Stop 0x000001E on older non-PNP, ISA or MCA boards with SCSI controllers
Two system drives appear on systems with dynamic disks
MS Office programs can’t save to floppy disks (did you know MS Office uses its own fastfat.sys driver? Why?

Problems remain even with version 2 of the Update Rollup One for Windows Two Thousand Service Pack Four. Read this KnowledgeBase article before installing the patch/update/rollup/whatever if you have systems that:

connects to a Citrix server using ICA sessions
uses an Exchange 5.5 MTA and X.400
uses Sophos Anti-Virus
uses Internet Security Systems BlackICE products

If you have clients with any of these components and automatic updates turned on, you may need to act quickly. Good luck.

It’s the 38th week of 2005, and Microsoft has issued 43 security bulletins, not counting the multiple re-releases and “update rollup patches.” When should we be expecting Trustworthy Computing to kick in?

The Six Dumbest Ideas in Computer Security

By Ted Roche on September 12, 2005 in Security

The Security Thread – September 11, 2005 over at Doc Searls’ IT Garage –points out that “Marcus Ranum brings a strong analytical frame of mind in his brilliant analysis The Six Dumbest Ideas in Computer Security. You need to read it!”

I saw pointers to the article from at least four of my RSS subscriptions and Ed Leafe pointed it out on the ProFox list this morning. With all those recommendations, it must be good… just finished reading it. Good stuff!

Patching FireFox to avoid the international web link exploit

By Ted Roche on September 10, 2005 in Security

Slashdot post: Patch & Workaround for Firefox Flaw Available. mcc writes “Yesterday Slashdot reported on a Firefox vulnerability which could allow remote code execution. Today Firefox has a patch and a configuration workaround, both of which immunize against the bug. If you are using Firefox you should immediately go to the URL ‘about:config:’, type ‘network.enableIDN’ into the box, and verify that ‘network.enableIDN’ is set to ‘false’.”

FireFox flaw found; researcher releases details prematurely; temporary fix available

By Ted Roche on September 9, 2005 in Microsoft, OpenSource, Security

Computerworld News reports Firefox flaw found: Remote exploit possible. “Computers running the Firefox Web browser could be open to remote attack as a result of a buffer overflow vulnerability reported today by a security researcher.”

In what sounds like a pretty irresponsible act, MozillaZine reports According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public “after a run-in with Mozilla staff”.

A description of how to disable the flaw is described in the article (also in the comments) and a patch will be forthcoming soon. Note that the flaw the same researcher reported to Microsoft last month (and did not disclose publicly) has still not been patched.

MonadLUG: Tim Lind demos four Open Source Firewalls

By Ted Roche on September 8, 2005 in OpenSource, Security

Saw a great presentation by Tim Lind at the Peterborough/Monadnock LUG this evening comparing four Open Source firewalls: Smoothwall, IPCOP, Sentry and M0N0Wall.Each comes as a bootable CD-ROM, some install to a hard drive, m0n0wall runs off the CD-ROM with settings stored on a floppy (or, optionally, a Compact Flash or USB storage). Each supports a variety of tools, including DCHP, DNS, some varieties of VPN, intrusion detection, logging, NTP, ssh, and a couple of acronyms that flew right past me. Tim uses these to set up clients with internet access, re-using an old clunker PII-350 they clients have laying around, and getting a statefull firewall with some pretty impressive tools.

EFF publishes legal guide for bloggers

By Ted Roche on September 5, 2005 in Security

Read EFF’s Legal Guide for Bloggers

Five Reasons NOT to Use Linux

By Ted Roche on August 30, 2005 in LAMP, Microsoft, Security, Technology

OSNews points to Five Reasons NOT To Use Linux. “Linuxwatch.com is running a great story called “Five Reasons NOT To Use Linux.” It includes a nice list of reasons why one might want to steer clear of Linux, along with a nice comparison to how easily these reasons are addressed in Microsoft Windows.”

I always suspected that Steven J. Vaughan-Nichols was secretly a Linux-hater.

Creative Zen Neeon ships free Windows Worms!

By Ted Roche on August 30, 2005 in Microsoft, Security

Slashdot reports Creative Zens Ship with Worms. An anonymous reader writes “Engadget reports about 3700 Creative Zen “Neeons” shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices.” From the linked Babelfish-translated press release:

With the defectiveness of our company, we apologize the fact that very much annoyance was applied the customer and to the related everyone deeply.

I’m sure we all share those feelings.

Older posts Newer posts

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Navigation