Archive for November, 2007
2007.11.28 Daily Security Reading
by Rodney Campbell on Nov.28, 2007, under Security
Is security software becoming a security risk?
Due to bugs in antivirus software, the security suite becomes a risk by itself, and adding multiple pieces of security software makes the problem worse, not better.
Zero-Day Exploit for Apple QuickTime Vulnerability
Proof of concept exploit code for a newly discovered vulnerability in Apple’s QuickTime player has been made available to the public today. The vulnerability (Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability) was first reported on November 23rd by Polish security researcher Krystian Kloskowski.
Russian Business Network Study (pdf)
This document brings some enlightenment on RBN activities and tries to detail how it works. Indeed RBN has many constituents and it’s hard to have a precise idea on the goal of some of them and the way they’re linked with other constituents.
Windows XP outshines Vista in benchmarking test
New tests have revealed that XP with the beta Service Pack 3 has twice the performance of Vista, even with its long-awaited Service Pack 1.
2007.11.21 Daily Security Reading
by Rodney Campbell on Nov.21, 2007, under Security
Researchers study open-proxy attacks
Advertising and click-through fraud top the list of malicious activities funnelled through open proxy servers.
Adding Math to List of Security Threats
One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.
Hackers Use Banner Ads on Major Sites to Hijack Your PC
The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software.
90% of IT Professionals Don’t Want Vista
A survey by King Research has found that Ninety percent of IT professionals have concerns using Vista, with compatibility, stability and cost being their key reasons. Interestingly, forty four percent of companies surveyed are considering switching to non-Windows operating systems, and nine percent of those have already started moving to their selected alternative.
Know Your Enemy – Behind the Scenes of Malicious Web Servers (pdf)
In this paper we will give a brief functional overview of several web exploitation kits, then delve into answering the questions above through analysis of these kits and malicious web servers that use it. The web exploitation kits that we will examine are Webattacker, MPack and Icepack. We conclude with implications of our discoveries on client honeypot technology and future studies on malicious web servers.
Using Google To Crack MD5 Passwords
A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker’s encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think.
Fixing the SMB Symlink problem with Mac OS X 10.5 Leopard
by Rodney Campbell on Nov.19, 2007, under Technology
I have a number of samba shares on a Sun Solaris machine which we wish to access from a Mac running Mac OS X 10.5 Leopard. Within these shares I often have a number of symbolic links in the unix filesystem pointing to various files and directories. In Tiger everything worked just fine. But in Leopard it tries to translate these links (aliases) to the local filesystem, which of course results in the links being dead.
The problem is that Leopard’s SMB/CIFS supports the Unix Extensions, which include support for server-side symbolic links.
I havn’t yet found a solution which could fix this at the client end however adding:
unix extensions = no
to the servers smb.conf file disables these unix extensions and returns the overall functionality back to how it was with Tiger.
2007.11.16 Daily Security Reading
by Rodney Campbell on Nov.16, 2007, under Security
A Swedish hacker tells how he infiltrated a global communications network used by scores of embassies over the world, using tools freely available on the internet.
Malware Response and Analysis (PDF)
This paper examines the response needed when your computer is infected with malware, the effect of malware programs and how to determine the changes to an operating system.
Loophole in Windows Random Number Generator (pdf)
Apple Fixes ‘Misleading’ Leopard Firewall Settings
Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard. The acknowledgment comes less than a month after independent researchers threw cold water on Apple’s claim that Leopard’s firewall can block all incoming connections. The firewall patches come 24 hours after a Mac OS X update that provided cover for at least 41 security vulnerabilities.
Did NSA Put a Secret Backdoor in New Encryption Standard?
There are four different approved techniques, called DRBGs, or ‘Deterministic Random Bit Generators’ based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. A presentation at the CRYPTO 2007 conference showed that there are constants in the standard used to define the algorithm’s elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.
First Use of RIPA to Demand Encryption Keys
The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn’t comply.
2007.11.13 Daily Security Reading
by Rodney Campbell on Nov.13, 2007, under Security
Security Pro Admits to Hijacking PCs for Profit
A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware.
Russian hacker gang vanishes day after moving to China
They severed connections to six of the seven net blocks on November 8
Encrypted E-Mail Company Hushmail Spills to Feds
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer”. But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
What makes three of today’s largest botnets tick, what they’re after and a peek at the ‘next’ Storm.