October 2005 - Posts

Tuesday, October 18, 2005 1:35 PM

Dont they do that to everyone?

Rod posted about an old couple that was being taken advantage of by a service technician at an auto place. Every time I have been into one of these places, they always try to add on things that “according to the manufacture“, need to be replaced. That doesn’t bother so much as the data collection. Most oil change places today, write down the VIN number and license plate number on your car. The also write down any damage to the vehicle. They can then sell that information to places like car facts. In fact, it is very hard to find a place that will change your oil anonymously. I know its probably my paranoia showing up again, but I don’t want spyware installed at my auto repair shop.

On a flipside to your story Rod, I have a story that I share about a “little old lady”. I once decided to lay out in the sun at a public pool. I found a nice lounge chair by the pool. It was a sunny day, and the only other people that were at the pool, were several older ladies that were in the shallow end of the pool. They had full body bathing suits on, that reminded me of my loving grandma. I could hear their conversation, and one of the ladies asked the other, where she got the new sun glasses. The lady wearing the sun glasses giggled, and then replied “I stole them”. She then proceeded to tell a story of how she went to a gathering, and a young girl was wearing them, but then set them down. The old lady said that she put them on, and then pretended that they were hers and that she told the young girl that she must be mistaken when she inquired about the glasses.

I couldn’t believe this little old lady, whom reminded me of my grandma, would do such a thing and then brag to her friends. I had the same pit in my stomach, when I found out Santa Claus wasn’t real.

 

Posted by Anonymous | with no comments
Filed under:
Friday, October 14, 2005 10:47 PM

I remember the days...

Tonight I wanted to show my love a pretty funny email I received. I was booting my laptop, while complaining that it was slow. I didnt hear any sound while it was booting, so I hit the volume up button. This all happened in a matter of seconds and my chimpin was probably unjustified, but she promptly asked if I hit the “Turbo” button. I about rolled on to the floor, and yes laughing my ___ off. I cant say that I have even thought about the “Turbo” button in many years. Where did the “Turbo” button go? Why does my laptop not have one?

Posted by Anonymous | with no comments
Filed under:
Thursday, October 13, 2005 11:42 AM

New vulnerabilities for all antivirus vendors?

Can they just post one advisory for all vendors? In no particular order, here are the affected vendors so far:

Symantec

Kaspersky

AVG

Avast!

Ahnlab

McAfee

Posted by Anonymous | with no comments
Filed under:
Thursday, October 13, 2005 11:07 AM

I should have known

I wanted to create an app that would send a Wake on Lan Magic packet to an SMS collection. After a few attempts at writing a script to do this, I decided to check the myITforum Downloads section. Lo and behold, there were several already created. I should have known better to check there first. I want to thank everyone that contributes. If I ever come up with something that has not already been created, then I will contribute as well.

Posted by Anonymous | with no comments
Filed under:
Wednesday, October 12, 2005 1:09 PM

Dripping with sarcasm....

Begin sarcasm

 

I have a great idea. Let’s Start a Business! Let’s hire some world class expert programmers to discover vulnerabilities in Microsoft products. We will then create a product of our own to detect and fix the vulnerabilities. We could also sell the vulnerabilities to hackers so that Microsoft’s customers have to rely on our product to keep them safe. Actually, that may raise too many eyebrows. Oh, I got it now; let’s post information on our website stating that vulnerabilities exist and our product will fix it. Then we can wait for Microsoft to provide a fix and update our website with a description showing the exact vulnerability. That will allow the hackers to exploit it before administrators can apply the patches. Brilliant! That will show those administrators, if they used our product, they would have been protected. Man, I am good! We could also post information showing how long it takes Microsoft to fix the problem. This would let everyone know that we can provide protection much sooner than Microsoft. Man I haven’t seen an idea this good since that guy came up with the idea to film bums fighting. Who’s with me? We can make some mad cash.

End sarcasm

Posted by Anonymous | with no comments
Filed under:
Tuesday, October 11, 2005 3:49 PM

Potential threats that may follow the October updates

Just as many folks have been doing, I have been reading through the updates. I suspect that we may have a repeat of the August updates where we see an exploit very quickly for MS05-047 which replaces MS05-039. The August updates were released on 9AUG05 and I posted about Zotob.A utilizing this exploit on 14AUG05. I also see the potential for MS05-049 to be exploited by sending .lnk files via spamming or a mass mailer. I predicted this on the previously released bulletins, and as far as I know, I was wrong. A mass mailer using this exploit never happened. It would appear that MS05-051 may be cause for the most worry as it replaces some very well known security updates such as MS03-026 which was exploited by the infamous Blaster worm. SANS is reporting that MS05-052 only sets the kill bit for the affected Class Identifiers (CLSID) in these COM objects.

In brief it is going to be a long week for somefolks. As Harry Waldron would say, “test, test, test, patch, patch, patch”

Posted by Anonymous | with no comments
Filed under:
Tuesday, October 11, 2005 2:52 PM

Microsoft Security Updates 11OCT05

 

Oct 11, 2005 Cumulative Security Update for Internet Explorer (896688): MS05-052

Affected Software: Internet Explorer 5.5, Internet Explorer 5.01, Internet Explorer 6.0, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP Service Pack 2, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition 		Internet Explorer 5.5 SP2, Internet Explorer 5.01 SP4, Internet Explorer 6.0 SP1, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows XP Service Pack 2, Windows 2000 Service Pack 4, Windows XP Service Pack 1 Critical
Oct 11, 2005 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400): MS05-051

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 SP1 Critical
Oct 11, 2005 Vulnerability in DirectShow Could Allow Remote Code Execution (904706): MS05-050

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold Critical
Oct 11, 2005 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725): MS05-049

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 SP1 Important
Oct 11, 2005 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245): MS05-048

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Exchange 2000 Server, Exchange 2000 Enterprise Server 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 SP1, Exchange 2000 SP3 Important
Oct 11, 2005 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749): MS05-047

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2 Important
Oct 11, 2005 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589): MS05-046

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 SP1 Important
Oct 11, 2005 Vulnerability in Network Connection Manager Could Allow Denial of Service (905414): MS05-045

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 SP1 Moderate
Oct 11, 2005 Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495): MS05-044

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Internet Explorer 6.0 		Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows Server 2003 Gold, Internet Explorer 6.0 SP1
Posted by Anonymous | with no comments
Filed under:
Tuesday, October 11, 2005 8:54 AM

Vulnerabilities for CA, F-Secure, and Kaspersky

Computer Associates

 

Information regarding Computer Associates iGateway Debug Mode HTTP GET Request Buffer Overflow can be found here.

 

There is no fix at this time, and the vendor recommends that iGateway should not be run in debug mode.

 

F-Secure Anti-Virus for Linux

 

Information regarding the F-Secure Anti-Virus for Linux CHM File Parsing Buffer Overflow can be found here.

 

The vulnerability is caused due to a boundary error in the Kaspersky Anti-Virus (KAV) scan engine used by the product. The KAV scan engine has reportedly been fixed via a signature update after July 2005.

 

Kaspersky Anti-Virus

 

Information regarding the Kaspersky Anti-Virus Engine CHM File Parsing Buffer Overflow can be found here. The vulnerability has reportedly been fixed via a signature update after July 2005.

 

Posted by Anonymous | with no comments
Filed under:
Thursday, October 06, 2005 12:20 AM

It could be me....

It could be me that he was chimpin about Chris. I did post the CME info today without any comments. I did post some links to, what I thought were interesting Microsoft webcasts, a few days ago. Im not sure if it is an etiquette issue though. I would think that would be using foul words, or making false allegations about another blogger. It's too bad posting political or religious opinions isnt against blogging etiquette on an IT forum. lol, I know the salvo's are coming for that remark. My opinion is closer to yours Chris, that it is consolidation of sources of information. There are alot of busy admins out there, that get few chances to keep up with current events. I have had folks express welcome for the information that I provide or highlight. I dont have time to search the blogs tonight, but I remember when there were disscussions on community, and I may be mistaken, but someone spoke about sharing the day to day things that you do. They mentioned it was helpful because there are many admins out there wondering how to accomplish tasks that you may take for granted. A big part of antivirus admins days are spent determining the latest threats and virus related news. If I can shorten their search for information, even if it is cut and paste, then I have provided a service. There are days when I am short on time, and it is a big help to check out the lastest information provided by bloggers here at myITforum. Dont take my post as chimpin' Matt, but rather as an open discussion on blogging etiquette. Im not sure that there are a definitive set of rules on the subject, and frankly it is possible that what I view as helping member of the community could be breaking unspoken blogging rules.
Posted by Anonymous | with no comments
Filed under:
Wednesday, October 05, 2005 2:43 PM

Common Malware Enumeration Initiative Now Available

Common Malware Enumeration Initiative Now Available

http://www.mitre.org/news/releases/05/cme_10_05_2005.html

FOR IMMEDIATE RELEASE:

MITRE Contacts:
Francis McLoughlin
(781) 271-2810

Jennifer Shearman
(781) 271-3430

Bedford, Massachusetts, October 5, 2005 —The MITRE Corporation is pleased to announce the availability of the Common Malware Enumeration (CME) initiative and its supporting website (http://cme.mitre.org). CME, which is headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations provides a neutral, shared identification method for malware outbreaks.

The CME initiative assigns a numerical identifier to a particular threat, providing the public with a common method for cross-referencing disparate virus names. In so doing, the CME initiative seeks to:

  • Reduce the public's confusion in referencing threats during malware incidents
  • Enhance communication between anti-virus vendors
  • Improve communication and information sharing between anti-virus vendors and the rest of the information security community

During a virus outbreak, participants on the CME board request an identifier from an automated system by providing a sample of the virus and as much additional information as possible. An identifier in the format 'CME-N' where N is an integer between 1 and 999 is generated and distributed to the other participants. The participants then disseminate the CME identifier to their contacts in the industry and reference the CME identifier on their web pages, in their product, or when speaking to the press.

In addition to MITRE, participants on the CME editorial board include McAfee, Symantec, Trend Micro, Microsoft, Sophos, ICSA Labs, Norman, Kaspersky Lab, MessageLabs, F-Secure, and Computer Associates.

Use of the CME identifier is completely voluntary, but it is hoped that the public will encourage anti-virus vendors to adopt CME identifiers. CME is similar to the Common Vulnerabilities and Exposures (CVE) initiative, which is also operated by MITRE in support of US-CERT. Experience with CVE shows that by adopting a neutral, shared identification method, effective information sharing can happen faster and with more accuracy.

For answers to frequently asked questions, please visit the CME website at http://cme.mitre.org/news/press_qa.html.

Posted by Anonymous | with no comments
Filed under:
Wednesday, October 05, 2005 7:47 AM

Moderately critical Symantec scan engine buffer overflow

A vulnerability has been reported in Symantec AntiVirus Scan Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Information on this moderate vulnerability and patch information can be found in the following locations:

http://www.symantec.com/avcenter/security/Content/2005.10.04.html

http://secunia.com/advisories/17049/

http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities&flashstatus=true

 

Posted by Anonymous | with no comments
Filed under: