Harry Waldron - My IT Forums Blog

Fake CNN News email alerts are circulating extensively

2008-08-08T16:35:00Z

As multiple copies have been received, these fake CNN email alerts are circulating extensively. These realistic HTML based email messages appear almost legitimate, although some of the headlines have been sensationalized. As an additional social engineering approach, the "get the latest flash" to view the videos may be something users have encountered in the past, with legitimate Flash upgrades. These realistic messages should be avoided and when in doubt go directly to the mail CNN website, rather than trusting the legitimacy of an email message.

Fake CNN News email alerts are circulating extensively
http://blog.trendmicro.com/new-trojan-bait-cnn-videos/
http://isc.sans.org/diary.html?storyid=4841
http://sunbeltblog.blogspot.com/2008/08/fake-cnn-headlines.html

QUOTE: This recent spam run looks fairly legit. It even comes with a tag line ”More videos, More news, More people saying: I just saw it in CNN.com” in the footer area -- perhaps to make it appear that the email is pushing a genuine CNN campaign. Both varieties though, appear to point to the download of the same file, get_flash_update.exe, in order to view the videos referred to in the spammed email.

McAfee AV Engine 5300 released - Improved Performance and Detection

2008-08-08T13:11:00Z

So far, this new engine is working well on my XP SP3 PCs at work. Performance seems to also be improved, as launching programs and invoking right-mouse seems slightly faster. It is available as a standalone update from McAfee for corporate users.

McAfee AV Engine 5300 released - Improved Performance and Detection
http://www.avertlabs.com/research/blog/index.php/2008/08/07/a-new-engine-to-drive-detection-fast-than-ever/

McAfee AV Engine 5300 - Download site
http://www.mcafee.com/apps/downloads/security_updates/engines.asp?region=us&segment=enterprise

QUOTE: McAfee Avert Labs proudly released a new version of it’s core technology late last week. The 5300 Scan Engine is the most recent major release, and boasts significant performance optimizations in terms of scan and initialization times - in addition to a 42% improvement in memory usage. As the number and types of malware continues to grow at an ever increasing rate, Avert has worked hard to include functionality in the engine to enable better detection.

Firefox 3.1 alpha version - Available for IT professionals

2008-08-06T14:27:00Z

As I've been using Firefox for years to test newly developed web pages for compatibility and as a complementary browser, I also installed the latest alpha version and it's functioning and performing well so far. Developers who install this test version, should use the "clean install" approach, where Firefox is completely removed including the settings found in user profiles managed in the Documents and Settings area.

Firefox 3.1 alpha version - Available for IT professionals
http://www.mozilla.org/projects/shiretoko/
http://www.mozilla.org/projects/firefox/3.1a1/releasenotes/
http://developer.mozilla.org/en/docs/Firefox_3.1_for_developers

Shiretoko Alpha 1 is an early developer milestone for the next version of Firefox that is being built on top of Mozilla's Gecko 1.9.1 layout engine, Shiretoko Alpha 1 is being made available for testing purposes only, and is intended for web application developers and our testing community. Current users of Mozilla Firefox should not use Shiretoko Alpha 1.

Shiretoko / Gecko 1.9.1 Alpha 1 introduces several new features:

Web standards improvements in the Gecko layout engine
Text API for the <canvas> element
Support for using border images
Support for JavaScript query selectors
Several improvements to the Smart Location Bar
A new tab switching behavior

Download site (for IT developers only)
http://www.mozilla.org/projects/firefox/3.1a1/releasenotes/#download

Avoid Email messages with fake or sensationalized headlines

2008-08-06T13:28:00Z

Yet another round of new attacks are occurring with CNN as the quoted source. Instead of selecting links in email, go to the main news site of your choice to check on any developing stories.

Avoid Email messages with fake or sensationalized headlines
http://sunbeltblog.blogspot.com/2008/08/fake-cnn-headlines.html

QUOTE: A new round of spam pushing fake codecs. Last week we had fake Reuters. Now, we have fake CNN. That “flash player” is a Trojan and will only make your day decidedly less pleasant.

Microsoft implements new Exploitability Index for Security Releases

2008-08-06T12:40:00Z

Starting with the October 2008 security bulletins, Microsoft will include valuable information related to how likely exploits might be developed for each individual security update. This new rating system can help administrators better identify higy priority updates. All security updates are of a critical nature and after testing they should be applied as quickly as possible.

Microsoft implements new Exploitability Index for Security Releases
http://blogs.technet.com/ecostrat/archive/2008/08/05/predicting-the-future-microsoft-launches-an-exploitability-index.aspx
http://blogs.zdnet.com/security/?p=1632
http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=209903295

QUOTE: The Microsoft Exploitability Index aims to help IT administrators prioritize patches by rating the likelihood that vulnerabilities will be exploited.

The Exploitability Index is Microsoft's attempt to deal with what has become an unfortunate, predictable pattern: Microsoft issues a Security Bulletin and cybercriminals answer with code designed to exploit the newly disclosed vulnerabilities.

Starting with its October patch cycle, Microsoft plans to rate the likelihood that vulnerabilities will be exploited. It will do so to help administrators prioritize patches.

Vulnerabilities will be rated with one of three designations: Consistent Exploit Code Likely, Inconsistent Exploit Code Likely, and Functioning Exploit Code Unlikely. The first designation describes a vulnerability that would produce consistent results if exploited; the second designation describes a vulnerability that is difficult to exploit or would produce inconsistent results; the third designation describes a vulnerability that would be very difficult to exploit and thus might not warrant an immediate patch.

Adobe Flash - Beware of fake downloads circulating

2008-08-05T14:03:00Z

Security sites are warning users to get Adobe to carefully update or obtain their Flash Player browser plug-in. Malware writers are using get_flash_update.exe at hostile websites as one approach to trick folks. The flash player or associated security updates must only be installed from Adobe's official website.

Adobe Flash - Beware of fake downloads circulating
http://blogs.zdnet.com/security/?p=1648
http://blogs.zdnet.com/security/?p=1615
http://blogs.zdnet.com/security/?p=1640
http://isc.sans.org/diary.html?storyid=4828
http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945

QUOTE: Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.

Adobe Bulletin - Importance of Verifying installers
http://blogs.adobe.com/psirt/2008/08/verifying_installers.html

QUOTE: We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.

Adobe Flash can be downloaded from the official site. One change I'd like to see there is to not bundle the Google Toolbar as a pre-checked option.

Abobe's official download site
WARNING: Be sure to uncheck the Google Toolbar option if this additional download is not desired
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Olympic 2008 Games - New Phishing sites emerge

2008-08-04T16:13:00Z

Users need to cautious of email and website visitation:

Olympic 2008 Games - New Phishing sites emerge
http://blog.trendmicro.com/phishers-play-the-olympics/

QUOTE: Olympic tickets anyone? They are available in the Internet of course, but users beware: the bad guys are still working hard to steal from online users as the 2008 Beijing Olympic approaches.

Trend Micro Senior Advance Threats Researcher Paul Ferguson discovered a fake Beijing Olympics Web site supposedly selling tickets. The Los Angeles Times reports that Olympics officials have already asked federal courts to shut down certain Web sites that pose as sellers of tickets but actually are stealing credit card numbers and other confidential information.

There are already hundreds of victims who lost large amounts of money to this site according to a report by the Los Angeles Times.

Securing A Network - Lessons Learned

2008-08-04T15:09:00Z

The Internet Storm Center continues to provide an excellent resource for the latest breaking news as well as security best practices and techniques. This latest post is worth highlighting as it shares 5 lessons learned in managing a network. While the post is more oriented towards an ISP setting, the same concerns are also present in a corporate environment.

Securing A Network - Lessons Learned
http://isc.sans.org/diary.html?storyid=4822

SUMMARY OF FINDINGS SHARED IN ISC BLOG

Lesson 1 – Your logs and Log reports can be your most valuable tool and can give you an advanced warning of mail server abuse. We have a lot of servers and many of them are email servers. I monitor the log files daily to look for any obvious problems.

Lesson 2 – Customer computer’s without anti-virus and/or firewall protection are a big target, not just for them but for their ISP as well. It absolutely amazed me how quickly a computer can go from compromised to abused and used.

Lesson 3 – A mail server, no matter how well protected is in danger of being blacklisted. And once blacklisted it is really hard to get it off the list.

Lesson 4 – Many of our customers whose IP addresses have been identified with spamming have had 2 components in common. They either had outdated anti-virus programs/or using free anti-virus programs and/or they were using programs to download music/movies from the Internet.

Lesson 5 – We have had a few instances where our small business customers had put up web servers or email servers. They either had bad advice given to them or they used out of box solutions and their web servers/mail servers had been compromised.

Storm Worm - The FBI does not have access to Facebook

2008-08-01T16:14:00Z

Storm Worm - The FBI does not have access to Facebook

The Storm Worm continues to try to infect folks by issuing sensational headlines news statements with dangerous links in the body of the email message. Any email URL link is always something to be cautious with, as malicious URLs are easier to get through email filtering controls than infected attachments. Individuals should continue to be on the look for more social engineering schemes like this.

Storm Worm - The FBI does not have access to Facebook
http://www.f-secure.com/weblog/archives/00001475.html

QUOTE: Over the last few weeks we've seen a bunch of different Storm themes and we don't blog about all of them because it would get pretty repetitive after a while but it's interesting for us to follow them as the group behind them are sometimes very innovative and sometimes fall back on tried and tested themes.

The latest round which started today talks about FBI getting instant access to Facebook accounts. The file itself is almost a non-event as it's detected by pretty much all vendors already but the theme is new. And we've seen them change themes a lot during the last month.

June 23 - Beijing earthquakes/disaster
July 3 - 4th of July
July 8 - US invasion of Iran
July 21 - New US currency, Amero
July 24 - Love and postcards
July 28 - FBI & Facebook

Oracle Web Logic Server - Serious Zero Day (exploitable w/o authentication)

2008-07-31T10:55:00Z

Companies using Oracle's Web Logic Server should apply protection quickly to address this serious security exposure.

Oracle Web Logic Server - Serious Zero Day (exploitable w/o authentication)
http://isc.sans.org/diary.html?storyid=4798
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html

QUOTE: Oracle has released an emergency workaround that corrects a 0-day flaw in WebLogic Server and WebLogic Express, specifically with the Apache Connector, which is remotely exploitable without authentication.

Supported Products and Components Affected

• Oracle WebLogic Server 10.0 released through MP1
• Oracle WebLogic Server 9.0, 9.1, 9.2 released through MP3
• Oracle WebLogic Server 8.1 released through SP6
• Oracle WebLogic Server 7.0 released through SP7
• Oracle WebLogic Server 6.1 released through SP7

Patch Availability: Fixes for this vulnerability will be made available as soon as testing is completed when an updated version of this document will be uploaded and email sent to affected customers. Until fixes are available, workarounds described at

https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html

Best Practices - Importance of Making a Good Business Case

2008-07-30T19:29:00Z

These articles and templates are excellent resources for making a good business case:

Best Practices - Importance of Making a Good Business Case
http://blogs.techrepublic.com.com/tech-manager/?p=564
http://blogs.techrepublic.com.com/tech-manager/?p=538

Quote:

The vast majority of unsuccessful projects fail not because of poor project management, but because of poor decisions with respect to the choice of projects. A good business case helps to make right decisions and avoid horrible waste.

There is a fallacy that a business case is a thick tedious manuscript, written by professional consultants in an incomprehensible language. It’s printed on high-quality paper stock and placed onto the top shelf of an executive’s office to be used as a breeding ground for dust bunnies. This is not a business case; this is a disaster.

The sole role of a business case is that of a communication tool, composed in a language that the target audience understands and with enough detail to facilitate decision making on his or her part. There’s no magic formula when it comes to the size of a business case. The size is irrelevant. What is relevant is that the business case provides all the necessary information to make the job of the decision maker possible. Brevity is always a virtue.

Business Case and PM Templates
http://www.bizvortex.com/index.php?option=com_content&task=section&id=7&Itemid=31

IT Security - The Essential guide to wireless security

2008-07-30T17:22:00Z

The IT Security web site provides EXCELLENT resources for corporate users. These articles provide comprehensive guidelines for implementing secure wireless networking.

http://www.itsecurity.com/features/essential-guide-wireless-security-071708/

As more businesses deploy wireless networks to connect employees, professional partners and the general public to company systems and the Internet, the need for enhanced wireless security grows increasingly important. Fortunately, as more companies become aware of the threats facing their wireless networks — and how to combat them — the gap between wired and wireless-network security is gradually narrowing.

Nail Down Mobile Security

Securing Your Enterprise Wireless Network

Network Scanning: Find Out What’s Really on Your Wireless Network

Wireless Security Checklist

Airline invoices and e-tickets - Fake malware versions circulating

2008-07-29T19:19:00Z

The recent fake UPS bills have been adapted to appear like legitimate invoices and e-tickets a customer might expect to receive by email. Folks who have recently purchased e-tickets recently, should be especially careful.

Airline invoices and e-tickets - Fake malware versions circulating
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9110883
http://www.spyware-techie.com/genericdownloaderab-trojan-found-in-fake-invoice-and-airline-e-ticket-emails/
http://www.avertlabs.com/research/blog/index.php/2008/07/25/invoice-spam-takes-flight/
http://www.avertlabs.com/research/blog/index.php/2008/07/24/fake-invoice-spam-carries-malware/

QUOTE: The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge.

However, the .zip file format attachment is a Trojan horse that steals information, including keystrokes, from the infected Windows PC and transmits that data to a server hosted in Russia, according to McAfee threat researcher Craig Schmugar.

EMAIL MESSAGES TO AVOID

These messages may appear in following general format:

From: [name] [airline_name] Airlines
Subject: Your order from {airlines} [number]
or
Online order for flight ticket [number]

Hello, Thank you for using our new service “Buy airplane ticket Online” on our website. Your account has been created:

Your login: [characters]
Your password: [characters]

Your credit card has been charged for $[number in the $400 range]
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the flight ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
[name]
[airline]

Attachment: E-ticket_[number].zip (containing an executable, which may have a Word document icon)

DNS Cache Poisoning Exploits - Now in-the-wild

2008-07-29T14:16:00Z

Below are the first confirmed reports that new DNS exploits are now being exploited in-the-wild. There are dangers associated with unpatched or misconfigured DNS servers.

DNS cache poisoning attacks exploited in the wild
http://blogs.zdnet.com/security/?p=1590

QUOTE: Numerous independent sources are starting to see evidence of DNS cache poisoning attempts on their local networks, in what appears to be an attempt to take advantage of the “recent” DNS cache poisoning vulnerability :

Surprised? I’m not, since this was pretty logical given that the three publicly available exploits have been downloaded over 15,000 times in the last couple of days. What I’m actually surprised of is that it took so long to produce a working exploit, and the despite the media outbreak raising awareness on the potential for abuse, major international and local ISPs remain vulnerable. Ironically, remain vulnerable just like they’ve always been even though patches for a particular vulnerability were available. Insecure and misconfigured DNS servers were, and continue to be a realistic threat even in a Web 2.0 world.

More on the risks associated with these new DNS exploits can be found here:

http://msmvps.com/blogs/harrywaldron/archive/2008/07/26/avert-labs-excellent-diagrams-on-new-dns-dangers.aspx

http://msmvps.com/blogs/harrywaldron/archive/2008/07/24/new-dsn-exploits-are-being-developed-patch-your-servers-now.aspx

AVERT Labs - Excellent Diagrams on new DNS dangers

2008-07-28T14:01:00Z

The diagrams in the link below are excellent in showing how DNS resolves canonical names to numerical IP addresses, and how the bad guys can potentially manipulate these with the new exploits. Most vendors now offer security updates for DNS and these should be applied as quickly as possible to better protect corporate Internet applications and customer information (e.g., especially from potential phishing attacks).

http://www.avertlabs.com/research/blog/index.php/2008/07/23/the-cat-is-out-of-the-bag-dns-bug/

Techniques to use in working with Difficult People

2008-07-25T19:11:00Z

This is a good article on tactics and communication techniques when working with co-workers who create issues in the workplace.

The Thing That Drives Me Nuts About My Co-Worker
http://msn.careerbuilder.com/custom/msn/careeradvice/viewarticle.aspx?articleid=1566

QUOTE: For many people, bad habits are unconscious. John might not realize that clipping his fingernails in the lunchroom is repulsive. Suzy is clueless that coffee was not made to be slurped and Ed doesn't know that showering only three times per week is unhygienic (and stinky!).

Let's be honest: Nobody's perfect; not even you. Results from a recent MSN Zogby data poll show that 20 percent of workers say their co-workers have at least one habit that drives them crazy. So while your co-worker might have a more obvious bothersome tendency (like always talking on speakerphone), maybe your constant complaining about everyone else's behaviors has the same effect.

"You really only have one option when it comes to being annoyed by a fellow employee," says Donna Flagg, president of The Krysalis Group, a business and management consulting firm in New York City. "Simply let your co-worker know how you feel and politely ask them if they would mind curtailing their annoying habit."

Techniques for addressing co-worker issues

1. Ask yourself if the behavior is better described as controlled or a recurring pattern
2. Check yourself
3. Be discreet
4. Be specific
5. Be positive

Microsoft confirms IE 8 will ship this year

2008-07-25T14:42:00Z

As IE 8 offers improved security and support of World Wide Web Consortium (W3C) web standards, webmasters and web developers should test their applications extensively in the coming months.

Article: Microsoft confirms IE 8 will ship this year
http://blogs.zdnet.com/microsoft/?p=1500&tag=nl.e539

QUOTE: Microsoft Senior Vice President of Online Services and Windows, Bill Veghte, just told attendees that Microsoft will release the final version of Internet Explorer (IE) 8 to the Web “later this year.”

Microsoft has tried its best not to provide a ship target for IE 8 — like most of its Windows client family of products. Company officials did acknowledge last month that a second public beta of IE 8 is due out in August.

Microsoft has been warning Web developers to prep for IE 8, which will be more standards-compliant, to prepare now for IE 8 by adding a new tag to their sites to keep them from breaking when viewed with IE 8.

IE Beta v2 will be available in August
http://blogs.msdn.com/ie/archive/2008/06/03/ie8-beta-2-coming-in-august.aspx

New DNS Exploits are being developed - Patch your servers now

2008-07-24T14:13:00Z

Below are resources for corporate users related to the developments associated with the new DNS vulnerabilities. The CERT advisory has an excellent list of vendors and their current status for this issue. It is important to apply applicable security patches for DNS servers as quickly as possible due to active exploit development.

So far, two versions of exploit code have been developed for this vulnerability. While the first exploit affects DNS caching, security researcher, H.D. Moore has developed a more potent second exploit that can replace nameserver entries with the potential to redirect traffice to malicious sites (e.g., malware downloading, phishing attacks, etc).

In some ways, this new security exposure is reminiscent of the Code Worm and Blaster attacks during the earlier part of this decade. While security patches were available, many companies did not have the time or insight to patch all of their potential exposures. While there's time, security administrators should PATCH NOW.

ARTICLES: Major DNS vulnerability now public
http://cwflyris.computerworld.com/t/3374560/1676699/127883/2/
http://isc.sans.org/diary.html?storyid=4765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://cwflyris.computerworld.com/t/3374560/1676699/127883/2/
http://blog.trendmicro.com/major-dns-cache-poisoning-vulnerability-patch-now/
http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=209401195
http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html

QUOTE: "Patch. Today. Now. Yes, stay late." - That's the word from security researcher Dan Kaminsky, who recently presided over an unprecedented effort to coordinate a fix for a DNS vulnerability across more than 80 software and hardware vendors

Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity Inc. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."

The attack can be used to redirect victims to malicious servers on the Internet by targeting the DNS servers that serve as signposts for all of the Internet's traffic. By tricking an ISP's servers into accepting bad information, attackers could redirect that company's customers to malicious Web sites without their knowledge.

Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network. "Most people have not patched yet," Vixie said. "That's a gigantic problem for the world."

EXPLOIT DEVELOPMENTS: Second more critical exploit in the wild
http://blog.wired.com/27bstroke6/2008/07/dns-exploit-in.html

QUOTE: We just added a second exploit which replaces the nameservers of the target domain. This is the bug people should actually care about, since it doesn't matter if anything is already cached. Regarding the cache situation (of the first exploit) -- it's not possible to do cache overwrites, but it is possibe to look up the cache timeout, wait for it, and then replace it. With the new exploit module, we just change the DNS server for the entire domain (regardless of what is cached), so it's much more effective for wide-scale hijacking.

Microsoft DNS Patch should be applied ASAP
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

CERT Advisory - Provides a detailed status report by vendor
http://www.kb.cert.org/vuls/id/800113

Vendor Status - Date Last Updated (see CERT advisory above for more recent updates)

3com, Inc. Unknown 10-Jul-2008
Alcatel-Lucent Unknown 23-Jul-2008
Apple Computer, Inc. Unknown 5-May-2008
AT&T Unknown 21-Apr-2008
Avaya, Inc. Vulnerable 16-Jul-2008
Avici Systems, Inc. Unknown 21-Apr-2008
Belkin, Inc. Unknown 13-Jul-2008
Blue Coat Systems Vulnerable 22-Jul-2008
BlueCat Networks, Inc. Vulnerable 22-Jul-2008
Check Point Software Technologies Not Vulnerable 23-Jul-2008
Cisco Systems, Inc. Vulnerable 10-Jul-2008
Conectiva Inc. Unknown 5-May-2008
Cray Inc. Unknown 5-May-2008
D-Link Systems, Inc. Unknown 2-May-2008
Data Connection, Ltd. Unknown 21-Apr-2008
Debian GNU/Linux Vulnerable 9-Jul-2008
djbdns Not Vulnerable 10-Jul-2008
dnsmasq Vulnerable 11-Jul-2008
DragonFly BSD Project Unknown 3-Jul-2008
EMC Corporation Unknown 21-Apr-2008
Engarde Secure Linux Unknown 5-May-2008
Ericsson Unknown 21-Apr-2008
Extreme Networks Unknown 21-Apr-2008
F5 Networks, Inc. Vulnerable 14-Jul-2008
Fedora Project Unknown 5-May-2008
Force10 Networks, Inc. Not Vulnerable 11-Jul-2008
Foundry Networks, Inc. Not Vulnerable 10-Jul-2008
FreeBSD, Inc. Vulnerable 14-Jul-2008
Fujitsu Vulnerable 18-Jul-2008
Gentoo Linux Vulnerable 12-Jul-2008
Gnu ADNS Unknown 5-May-2008
GNU glibc Unknown 5-May-2008
Hewlett-Packard Company Vulnerable 16-Jul-2008
Hitachi Unknown 21-Apr-2008
Honeywell Unknown 21-Apr-2008
IBM Corporation Vulnerable 12-Jul-2008
IBM Corporation (zseries) Unknown 5-May-2008
IBM eServer Unknown 21-Apr-2008
Infoblox Vulnerable 21-Jul-2008
Ingrian Networks, Inc. Unknown 5-May-2008
Intel Corporation Unknown 21-Apr-2008
Internet Systems Consortium Vulnerable 14-Jul-2008
JH Software Not Vulnerable 10-Jul-2008
Juniper Networks, Inc. Vulnerable 10-Jul-2008
Linux Kernel Archives Unknown 3-Jun-2008
Lucent Technologies Unknown 21-Apr-2008
Luminous Networks Unknown 21-Apr-2008
Mandriva, Inc. Vulnerable 22-Jul-2008
MaraDNS Not Vulnerable 10-Jul-2008
Men & Mice Unknown 5-May-2008
Metasolv Software, Inc. Unknown 5-May-2008
Microsoft Corporation Vulnerable 8-Jul-2008
MontaVista Software, Inc. Unknown 5-May-2008
Motorola, Inc. Unknown 21-Apr-2008
Multinet (owned Process Software Corporation) Unknown 21-Apr-2008
Multitech, Inc. Unknown 21-Apr-2008
NEC Corporation Not Vulnerable 18-Jul-2008
NetApp Unknown 3-Jul-2008
NetBSD Unknown 5-May-2008
Netgear, Inc. Unknown 21-Apr-2008
Network Appliance, Inc. Unknown 21-Apr-2008
Nixu Vulnerable 9-Jul-2008
NLnet Labs Not Vulnerable 10-Jul-2008
Nokia Unknown 21-Apr-2008
Nominum Vulnerable 10-Jul-2008
Nortel Networks, Inc. Unknown 21-Apr-2008
Novell, Inc. Vulnerable 14-Jul-2008
OpenBSD Vulnerable 24-Jul-2008
OpenDNS Not Vulnerable 10-Jul-2008
Openwall GNU/*/Linux Vulnerable 17-Jul-2008
PePLink Not Vulnerable 10-Jul-2008
Posadis project Unknown 14-Jul-2008
PowerDNS Not Vulnerable 10-Jul-2008
QNX, Software Systems, Inc. Unknown 5-May-2008
Red Hat, Inc. Vulnerable 10-Jul-2008
Redback Networks, Inc. Unknown 21-Apr-2008
Secure Computing Network Security Division Vulnerable 17-Jul-2008
Shadowsupport Unknown 5-May-2008
Siemens Unknown 8-Jul-2008
Silicon Graphics, Inc. Unknown 5-May-2008
Slackware Linux Inc. Vulnerable 12-Jul-2008
Sony Corporation Unknown 21-Apr-2008
Sun Microsystems, Inc. Vulnerable 10-Jul-2008
SUSE Linux Vulnerable 11-Jul-2008
The SCO Group Unknown 5-May-2008
Trustix Secure Linux Unknown 5-May-2008
Turbolinux Unknown 5-May-2008
Ubuntu Vulnerable 10-Jul-2008
Wind River Systems, Inc. Vulnerable 9-Jul-2008
ZyXEL Unknown 21-Apr-2008

Email threat - Avoid free Windows Malicious Software Removal Tool

2008-07-18T20:48:00Z

This new malware threat is well done from an HTML and social engineering perspective. Microsoft automatically includes MSRT with it's monthly Windows Update process, and never sends tools like this out using email. These messages should be deleted.

Windows Malicious Software Removal Tool Free Today
http://sunbeltblog.blogspot.com/2008/07/another-fake-ms-spam.html

QUOTE: As we all know, for quite some time now, spam has stopped just being a nuisance, and became a serious potential security threat. It used to be that one wouldn’t get too upset if the occasional Viagra email got through a spam filter. That’s no longer the case: Spam is a significant vector for malware infection through malicious links and social engineering, and if something gets through a spam filter — and then makes it past endpoint protection — one can have all kinds of nasty headaches.

EXAMPLE OF EMAIL MESSAGE CURRENTLY CIRCULATING

Subject: Windows Malicious Software Removal Tool Free Today.

The content in text format.

Click Here! *** Malicious link removed ***

About this mailing:

You are receiving this e-mail because you subscribed to MSN Featured Offers.
Microsoft respects your privacy. If you do not wish to receive this MSN
Featured Offers e-mail, please click the "Unsubscribe" link below. This will
not unsubscribe you from e-mail communications from third-party advertisers
that may appear in MSN Feature Offers. This shall not constitute an offer by
MSN. MSN shall not be responsible or liable for the advertisers' content nor
any of the goods or service advertised. Prices and item availability subject
to change without notice.

2008 Microsoft | Unsubscribe <http://www.msn.com> | More Newsletters
<http://www.msn.com> | Privacy <http://www.msn.com>

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

United Parcel Service - Fake email for package non-delivery

2008-07-16T15:03:00Z

McAfee and other AV vendors are highlighting this latest social engineering attack. A well disquised email message appears to come from UPS. It claims that a package cannot be delivered unless the fake waybill attachment is selected.

Users selecting these attachments will be infected with malicious code from a downloader that originates from a Russian website

United Parcel Service - Fake email for package non-delivery
http://vil.mcafeesecurity.com/vil/content/v_132901.htm
http://wcco.com/techcenter/ups.email.virus.2.771489.html
http://urbanlegends.about.com/b/2008/07/15/ups-virus-warning.htm
http://www.startribune.com/local/25464324.html
http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html

QUOTE: United Parcel Service is warning of a computer virus circulating under the guise of an e-mail from UPS. According to a release from UPS, the virus is attached to an e-mail that warns readers they have a shipment that couldn't be delivered unless they click on the attachment. The e-mail claims the attachment contains a waybill that will allow the undelivered package to be picked up.

COPY OF EMAIL MESSAGE: (spoofed to appear from UPS)

"Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.

Your UPS"

The attached file is an executable which downloads files from the following server:

hxxp: //fixaserver (dot) ru / ldr / [Removed]

Oracle Security Update for July 2008 - 45 updates for all products

2008-07-16T13:08:00Z

As applicable for their environment, corporate DBAs and system administrations should download, pilot test, and then install these critical security updates to better protect Oracle based applications.

QUOTE: The Critical Patch Update for July 2008 was released on July 15, 2008. Oracle strongly recommends applying the patches as soon as possible.

Oracle Security Update for July 2008
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

Music Files - New Codec injection attacks add danger for Multi-media files

2008-07-15T20:59:00Z

Sometimes one bad apple can spoil the entire bunch. A new injection based codec attack has surfaced which can infect all multi-media files on the hard drive. For example, a malicious MP3 file can be downloaded and if the special fake codec routine is accepted, it will inject malicious code into every multi-media file that is processed. Folks should continue to only use trusted sources for music or video.

Infectious Music, Malware-Style
http://www.trustedsource.org/blog/132/Trojan-infecting-multimedia-files
http://blog.trendmicro.com/infectious-music-malware-style/

QUOTE: A malware that infects multimedia files, modifying them to require the download of a fake codec when played had recently been discovered. It infects widely used multimedia file formats such as MP3, WMA and WMV video files by injecting a malicious code. The said malware is also capable of converting files such as MP2 and MP3 into Windows Media Audio (WMA) format. When a user tries to play an infected file, a pop-up message is displayed, asking the user to download a certain codec in order to play the file. The downloaded codec is of course, nothing else but malware.

But this malware takes it to a new, and more dangerous level; it manipulates a person’s multimedia files and uses it against them. People normally keep thousands of multimedia files on their systems, especially MP3s. If each file is infected by the malware then shared through a P2P network, then the user unknowingly turns into a malware host.

Storm Worm - Avoid Tabloid headlines in Spam messages

2008-07-15T18:03:00Z

The social engineering tactices used by the Storm worm continue to be well engineered. These deceptive messages attempt to trick folks into selecting malicious links that automatically download malware to vulnerable systems.

Storm Worm - Avoid Tabloid headlines in Spam messages
http://redtape.msnbc.com/2008/07/no-presidential.html

QUOTE: No, spammers haven’t hired a bunch of former supermarket tabloid writers. They’re just doing what they do best – exploiting human nature.

The Storm worm is the Internet's version of Broadway’s “Phantom of the Opera” -- the longest running hit show around. Storm first appeared in January 2007, teasing users with a headline about deadly storms that hit Europe -- "230 dead as storm batters Europe," it said, offering a link to a full story. Clickers found themselves infected with the Storm worm.

Storm was an immediate hit for the hackers, who managed to trick hundreds of thousands of recipients into clicking on the booby-trapped link. That enabled them to build an enormous network of hijacked computers, called a botnet, which they use to send out more spam or commit other Internet crimes.

There have been hundreds of Storm variants since the first one, sent by a loosely affiliated gang of computer criminals. Some estimates say that up to 10 million PCs have been infected with Storm at one time or another.

But in April, Microsoft updated its malicious software removal tool, much to the chagrin of the hackers. About four-fifths of the vast Storm network was cut off, said Paul Wood, a security researcher at MessageLabs.

Comprehensive list of dozens of headlines from Message Labs
http://www.msnbc.msn.com/id/25680334

Malicious PDF files - Death of the Internet in 2012

2008-07-15T14:30:00Z

There are dangerous PDF files being circulated by spammers. The new PDF based attacks typically use Javascript attacks within the document to infect vulnerable systems. Users should always avoid opening any unexpected document or link in email messages. Also, it is important to stay up-to-date on all security updates available from Adobe and other software vendors.

Malicious PDF files - Death of the Internet in 2012
http://blog.trendmicro.com/death-of-the-internet-foretold/

The malware involved in this spam run is detected by Trend Micro as TROJ_PIDIEF.JT, a Trojan that arrives as a PDF file named DOC.PDF. This file promises more information regarding the alleged Internet death.

PIDIEF Trojans are known malware droppers or downloaders, so once users click on the attached PDF file — and whether or not they believe the theory — another malware is already up and running on their systems and doing malicious routines. The death of the Internet is going to be the least of their problems after that …

Internet Storm Center - PDF Javascript based exploits
http://isc.sans.org/diary.html?storyid=4726

Apple Macintosh computers - Keeping them secure in the corporate environment

2008-07-14T14:06:00Z

In the Sarbanes-Oxley forums, a good question was asked related to keeping Mac systems protected. Security is more of a "process" rather than being specifically hardware or software related. In other words, you should take the same precautionary protective measure for Apple workstations, just like Windows client PCs.

For the most part, Apple Mac computers have enjoyed a fairly good track record when it comes to security. There are a fewer in-the-wild threats and the Apple OS X operating system has a Linux-kernel based design, that is fairly secure.

Still, security is only as strong as it's weakest link. Thus you want a strong chainlinked fence to keep the fox out of the chicken coop.

Recommendations:

1. Keep all operating system, browser, and software products as up-to-date as possible on security patches.

2. Anti-virus software (anti-spyware might be beneficial also)

3. Firewall protection is always a must

4. Authentication to networks (with strong password settings, rotations, and other best practices)

5. Security policies that include the Mac environment (e.g., discouraging too much personal use, installation of non-business software, etc)

6. Use of Firefox 3 might be beneficial to look at as a complementary browser to Safari (which has suffered some recent security issues)

7. Tracking of Apple security exposures and risks as they develop (e.g., monitor Secunia, Internet Storm Center, Apple's security bulletins, FRSIRT, etc)

As noted, this list is fairly similar to keeping Windows client PCs secure. These additional links might help:

http://www.google.com/search?hl=en&q=corporate+macintosh+security+best+practices
https://security.berkeley.edu/mac.html
http://www.networkworld.com/news/2007/022707-mac-os-going-corporate.html

Microsoft Security Updates - July 2008 includes SQL-Server update

2008-07-14T12:45:00Z

Microsoft have released this month's patches as part of their usual Patch Tuesday monthly cycle. This months patches are:

MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)

Affects: Windows 2000, XP (inc x64), Server 2003 (inc x64), Server 2008 (inc x64)
LInk: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)

Affects: Windows Vista and Windows 2008 Server
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx

MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Affects: Microsoft Exchance Server 2003 & 2007
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx

MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
Affects: SQL Server 7, 2000, 2005, MSDE 1.0, SQL 2000 Desktop Engine, SQL 2005 Express Edition, Windows 2000, Server 2003 & Server 2008
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Additional Links:

Microsoft: http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
MS Blog: http://blogs.technet.com/msrc/archive/2008/07/08/july-2008-bulletin-monthly-release.aspx
ISC: http://isc.sans.org/diary.html?storyid=4684

So far, the July updates are working well on my XP SP3 PCs at home and work ...

IMPORTANT NOTE -- Don't forget to patch SQL-Server as applicable (after pilot testing your web or client/server based applications)

IT Project management - Excellent collection of resources

2008-07-09T13:38:00Z

The 100th edition of the ALLPM Today Newsletter shares some excellent resources as the most popular articles for each year are highlighted below:

Most Popular allPM Article (for all years) - Communication in the Workplace
By Kate McLeod, PMP
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1910

Most popular ALLPM articles for each year:

Most Popular 2002 Article - Project Management Best Practice #3 -"Strategic Planning for Project Management"
By Dr. Harold Kerzner
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1909

Most Popular 2003 Article - Understanding the PRINCE2 Processes - Part One
By David Whelbourn
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1908

Most Popular 2004 Article - The True Meaning of Teamwork
By Sloan Campbell MBA, PMP
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1907

Most Popular 2005 Article - Acceptance Criteria - Part I & II,
By Eoin Callan (MBA, PMP)
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1906

Most Popular 2006 Article - Why Does a Project Need a Project Manager and a Business Analyst
By Barbara Carkenord
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1905

Most Popular 2007 Article - The Essence of OPM3®
By Ralf Friedrich
http://allpm.com/modules.php?op=modload&name=News&file=article&sid=1904

Storm Worm - Avoid July 4th topics offering Fireworks display

2008-07-06T12:50:00Z

As noted in Gary warner's excellent blog post, please avoid the following email messages in your in-box:

Storm Worm - Avoid July 4th topics offering Fireworks display
http://isc.sans.org/diary.html?storyid=4669
http://garwarner.blogspot.com/2008/07/storm-worm-salutes-our-nation-on-4th.html

QUOTE: The website, which seems to invite visitors to play a fireworks video, actually downloads the Storm malware in the form of an executable called "fireworks.exe".

Subjects
=================
Amazing firework 2008
America the Beautiful
American Independence Day
Bright and joyful Fourth of July
Celebrate Independence
Celebrating Fourth of July
Celebrating the Glory of our Nation
Celebrating the spirit of our Country
Celebrations have already begun
Fabulous Independence Day firework
God bless America
Happy Birthday, America!
Happy Independence Day
Happy Independence Day!!
Independence Day firework broke all records *
Spectacular fireworks show
Stars and Strips forever
The best of 4th of July Salute
Time for Fireworks
Wish your friends a happy Independence Day

Bodies
=================
Amazing Independence Day show
America the Beautiful
Celebrating the Glory of our Nation
God bless America
Sparkling Celebration of Independence Day
Stars and Strips forever
Super 4th!
The best firework you've ever seen

Internet Explorer 8 Beta 2 - Will focus on security improvements

2008-07-06T12:27:00Z

Two recent ZDNet blog posts highlight forthcoming security improvements for the next beta release of IE 8. The release to testers is planned for August. These improvements will make IE8 a worthwhile upgrade when it is released in the future.

Internet Explorer 8 Beta 2 - Will focus on security improvements
http://blogs.zdnet.com/security/?p=1396
http://blogs.zdnet.com/Bott/?p=484

QUOTE: When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks. The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking of known exploit sites. Also new in IE 8 Beta 2 is an XSS Filter to detect Type-1 (reflection) attacks that can lead to cookie theft, keystroke logging, Web site defacement and credentials theft:

The new beta refresh will also include support for safer Web 2.0-type mashups, DEP (data execution protection) turned on by default in Windows Vista SP 1, domain highlighting to help flag phishing attacks and changes to the way ActiveX controls are handled.

Below are also an overview of security improvements found in the current beta version:

Internet Explorer 8 - Two New Security Improvements
http://www.itsecurity.com/features/ie8-security-features-032408/

QUOTE: IE 8's security environment benefits from the addition of two major enhancements: the Safety Filter tool and the Domain Highlighting feature. Here's a closer look at both of these new enhancements.

1. Safety Filter -- IE 8 ups the ante with a new Safety Filter that analyzes the entire URL string to search for carefully hidden signs that a Web site may be something other than it claims to be. In Microsoft's words, the Safety Filter provides "a more granular detection" capability, allowing the browser to protect users from more targeted and sophisticated attacks.

2. Domain Highlighting -- IE 8's other major new security feature is a technology that highlights the top-level domain in the browser's address bar. This enhancement might not sound like much, but it is designed to provide a hard-to-miss visual clue that will function like a traffic light. The idea is to enable users to quickly confirm that the Web site they are visiting is the site that they intended to visit.

Identity Theft - Be careful where and how you use ATM cards

2008-07-02T15:14:00Z

In most cases, folks are safe to use ATMs for cash withdrawals, although this major security incident reported yesterday is alarming.

Citibank ATM breach reveals PIN security problems
http://news.yahoo.com/s/ap/20080701/ap_on_hi_te/tec_atm_breach

SAN JOSE, Calif. - Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record. The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs — the numeric passwords that theoretically are among the most closely guarded elements of banking transactions — by attacking the back-end computers responsible for approving the cash withdrawals.

It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March of this year and was first reported by technology news Web site Wired.com. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores throughout the U.S., but it doesn't own or operate any of them.

That responsibility falls on two companies: Houston-based Cardtronics Inc., which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc., which operates the others. A critical issue in the investigation is how the hackers infiltrated the system, a question that still hasn't been answered publicly. All that's known is they broke into the ATM network through a server at a third-party processor, which means they probably didn't have to touch the ATMs at all to pull off the heist.

They could have gained administrative access to the machines - which means they had carte blanche to grab information - through a flaw in the network or by figuring out those computers' passwords. Or it's possible they installed a piece of malicious software on a banking server to capture unencrypted PINs as they passed through.

Harry Waldron - My IT Forums Blog

Fake CNN News email alerts are circulating extensively

McAfee AV Engine 5300 released - Improved Performance and Detection

Firefox 3.1 alpha version - Available for IT professionals

Avoid Email messages with fake or sensationalized headlines

Microsoft implements new Exploitability Index for Security Releases

Adobe Flash - Beware of fake downloads circulating

Olympic 2008 Games - New Phishing sites emerge

Securing A Network - Lessons Learned

Storm Worm - The FBI does not have access to Facebook

Oracle Web Logic Server - Serious Zero Day (exploitable w/o authentication)

Best Practices - Importance of Making a Good Business Case

IT Security - The Essential guide to wireless security

Related Articles:

Airline invoices and e-tickets - Fake malware versions circulating

DNS Cache Poisoning Exploits - Now in-the-wild

AVERT Labs - Excellent Diagrams on new DNS dangers

Techniques to use in working with Difficult People

Microsoft confirms IE 8 will ship this year

New DNS Exploits are being developed - Patch your servers now

Email threat - Avoid free Windows Malicious Software Removal Tool

United Parcel Service - Fake email for package non-delivery

Oracle Security Update for July 2008 - 45 updates for all products

Music Files - New Codec injection attacks add danger for Multi-media files

Storm Worm - Avoid Tabloid headlines in Spam messages

Malicious PDF files - Death of the Internet in 2012

Apple Macintosh computers - Keeping them secure in the corporate environment

Microsoft Security Updates - July 2008 includes SQL-Server update

IT Project management - Excellent collection of resources

Storm Worm - Avoid July 4th topics offering Fireworks display

Internet Explorer 8 Beta 2 - Will focus on security improvements

Identity Theft - Be careful where and how you use ATM cards