Responding to allegations of security vulnerabilities in its Internet Information Services infrastructure, Microsoft yesterday released a blog post, detailing its investigation into the product and its conclusions that there was no inherent vulnerability.
The problem, Microsoft said, lies with the users and not with the program itself. IIS is vulnerable to exploitation by spyware and malware when configured to allow read and write access on the same directory, but this is not the way it is configured by default, and Microsoft says that it specifically warns users against setting up IIS in this way.
However, if the read and write access were insecurely configured, hackers could take advantage of a flaw in the way the program understands semicolons in URLs and execute code remotely on IIS machines. Researcher Soroush Dalili's paper publicized the supposed flaw, but did not say which active web applications were vulnerable to its exploitation, citing security concerns.
Microsoft has patched a number of serious vulnerabilities in its products of late, including Windows 7 and the Office productivity suite.
Monthly Archives: December 2009
Security expert: Security industry’s priorities are way off
Filed under Security News
Tagged as BankInfo, CSO, direction, industry, Marcus Ranum, security, Tenable Security, way off, wrong
Tagged as BankInfo, CSO, direction, industry, Marcus Ranum, security, Tenable Security, way off, wrong
Marcus Ranum, CSO at Tenable Security, recently gave an interview to BankInfo in which he said that the most serious threats to information security are the ones that are currently receiving the least attention from computer security professionals.
Ranum, speaking to BankInfo's editorial director, Tom Field, said that the increasing prevalence and severity of malware - coupled with the laissez-faire attitude with which it is treated by corporate IT departments - are serious threats to the security of information in enterprise environments.
Ranum also said that cyber terrorism is another threat that is frequently underappreciated by those in the security community. "I think that there is a potential that disgruntled individuals can go around unilaterally doing damage. And we saw the incident in Estonia last year was a single disgruntled individual who basically decided he was going to take on a government and for a while he was winning," he told Field.
Many security analysts have said that 2009 was a rough year for the industry, and one in which cyber criminals made a number of strong gains, via increasingly sophisticated phishing and Trojans.
Ranum, speaking to BankInfo's editorial director, Tom Field, said that the increasing prevalence and severity of malware - coupled with the laissez-faire attitude with which it is treated by corporate IT departments - are serious threats to the security of information in enterprise environments.
Ranum also said that cyber terrorism is another threat that is frequently underappreciated by those in the security community. "I think that there is a potential that disgruntled individuals can go around unilaterally doing damage. And we saw the incident in Estonia last year was a single disgruntled individual who basically decided he was going to take on a government and for a while he was winning," he told Field.
Many security analysts have said that 2009 was a rough year for the industry, and one in which cyber criminals made a number of strong gains, via increasingly sophisticated phishing and Trojans.
Federal agents investigating possible breach of Citibank network security
Filed under Security News
Tagged as breach, Citibank, Citigroup, Clampi, Core Security, FBI, network, security, Tomm Kellerman, URLZone
Tagged as breach, Citibank, Citigroup, Clampi, Core Security, FBI, network, security, Tomm Kellerman, URLZone
The FBI has launched an investigation into an alleged cyber attack on Citigroup, telling the Wall Street Journal that the hack may have resulted in "a theft of tens of millions of dollars."
The Journal says that the authorities are trying to discover when the attack might have taken place. While government investigators say that they discovered the theft this summer, they assert that the attack could have happened as long as one year ago.
Citigroup denies that any attack took place, telling the Journal that "we had no breach of the system and there were no losses, no customer losses, no bank losses. Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."
The prevalence of online banking malware rose sharply in 2009, as sophisticated new Trojans like Clampi and URLZone hijacked username and password information for use in the remote theft of millions of dollars. Tom Kellerman, a senior vice president at Core Security Technologies, told the Boston Globe that big banks were "consistently targeted" by hackers.
The Journal says that the authorities are trying to discover when the attack might have taken place. While government investigators say that they discovered the theft this summer, they assert that the attack could have happened as long as one year ago.
Citigroup denies that any attack took place, telling the Journal that "we had no breach of the system and there were no losses, no customer losses, no bank losses. Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."
The prevalence of online banking malware rose sharply in 2009, as sophisticated new Trojans like Clampi and URLZone hijacked username and password information for use in the remote theft of millions of dollars. Tom Kellerman, a senior vice president at Core Security Technologies, told the Boston Globe that big banks were "consistently targeted" by hackers.
German hacker says he has broken GSM encryption
Filed under Security News
Tagged as Claire Cranton, cracked, encryption, german, GSM, hacked, Karsten Nohl, ZDNet
Tagged as Claire Cranton, cracked, encryption, german, GSM, hacked, Karsten Nohl, ZDNet
The code that protects most of the mobile phone calls made around the world has reportedly been cracked by a German computer engineer. Karsten Nohl revealed the secret of GSM encryption at the second day of the Chaos Communication Congress, a hacker convention currently being held in Berlin.
The GSM cipher has been in use since 1988, and currently protects roughly four out of five cell phone calls made worldwide. ZDNet says that the 64-bit binary code is antiquated compared to more modern encryption technology. Nohl says that his aim was to demonstrate the weakness of current encryption and push for updated security measures.
Industry groups, however, were not happy with Nohl's breakthrough. GSM spokeswoman Claire Cranton told the New York Times that Nohl's activities were "illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me." ZDNet says that the GSM association has publicly expressed doubts over the veracity of Nohl's claims.
Nohl's codebook is not presently available via the web, but copies are circulating through BitTorrent.
The GSM cipher has been in use since 1988, and currently protects roughly four out of five cell phone calls made worldwide. ZDNet says that the 64-bit binary code is antiquated compared to more modern encryption technology. Nohl says that his aim was to demonstrate the weakness of current encryption and push for updated security measures.
Industry groups, however, were not happy with Nohl's breakthrough. GSM spokeswoman Claire Cranton told the New York Times that Nohl's activities were "illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me." ZDNet says that the GSM association has publicly expressed doubts over the veracity of Nohl's claims.
Nohl's codebook is not presently available via the web, but copies are circulating through BitTorrent.
Score one for the good guys: White hats take down Mega-D botnet
Filed under Security News
Tagged as Atif Mushtaq, botnet, criminals, hat, hats, Israel, McColo, Mega-D, Mushtaq, Rustock, Turkey, white
Tagged as Atif Mushtaq, botnet, criminals, hat, hats, Israel, McColo, Mega-D, Mushtaq, Rustock, Turkey, white
Although malicious software and programming rose dramatically in 2009, computer security experts recorded a rare win with the demolition of the Mega-D botnet, thought to be responsible for an untold volume of email spam.
Security researcher Atif Mushtaq had tracked Mega-D for several months, according to PC World, before suddenly shifting his efforts from reconnaissance to attack last month. PC World reports that Mushtaq targeted the botnet's command and control servers, which issued instructions to infected computers and allowed the cyber criminals behind Mega-D to launch their spam campaigns.
Isolating and deactivating the domains that hosted Mega-D's command infrastructure was easy in the U.S., according to PC World, but more difficult overseas. The malware was being hosted on servers in Turkey and Israel, in addition to domestically.
Info Security reports that the defeat of Mega-D caused a noticeable drop in global spam output, but warned that cyber criminals would rapidly reactivate their operations in a different form. The Rustock botnet, formerly hosted on the servers of rogue ISP McColo, remains at large, according to Info Security.
Security researcher Atif Mushtaq had tracked Mega-D for several months, according to PC World, before suddenly shifting his efforts from reconnaissance to attack last month. PC World reports that Mushtaq targeted the botnet's command and control servers, which issued instructions to infected computers and allowed the cyber criminals behind Mega-D to launch their spam campaigns.
Isolating and deactivating the domains that hosted Mega-D's command infrastructure was easy in the U.S., according to PC World, but more difficult overseas. The malware was being hosted on servers in Turkey and Israel, in addition to domestically.
Info Security reports that the defeat of Mega-D caused a noticeable drop in global spam output, but warned that cyber criminals would rapidly reactivate their operations in a different form. The Rustock botnet, formerly hosted on the servers of rogue ISP McColo, remains at large, according to Info Security.
Has Microsoft pointed hackers to a way around anti-virus software?
Filed under Security News
Tagged as anti-virus, David Sancho, folders, malware, Microsoft, Sancho, software, system, Trend Micro, whitelist
Tagged as anti-virus, David Sancho, folders, malware, Microsoft, Sancho, software, system, Trend Micro, whitelist
The recent release of a "whitelist," detailing system folders that Microsoft says do not need to be scanned by anti-virus software, has caused a minor controversy in the world of computer security, with some experts saying that the software giant has showed potential malware pushers an easy way to circumvent anti-virus protection.
Security researcher David Sancho, writing on Trend Micro's company blog, warns that publicizing these virus scanning tips may have offered a target to would-be cyber criminals. Sancho says that, although excluding the files and folders in question - related to Windows Update and Group Policy - makes sense for users looking to minimize the performance hit caused by anti-virus software, making the recommendations public knowledge was an unnecessary risk.
The point, according to Sancho and others, is that the public recommendation by a trusted source like Microsoft is likely to cause numerous users to follow the advice and remove the anti-virus protection for the files and folders. While malware writers have not yet targeted those files and folders specifically, Microsoft's recommendation amounts to an open invitation to do so, experts say.
Novice users should not attempt to alter the relevant anti-virus settings, according to experts.
Security researcher David Sancho, writing on Trend Micro's company blog, warns that publicizing these virus scanning tips may have offered a target to would-be cyber criminals. Sancho says that, although excluding the files and folders in question - related to Windows Update and Group Policy - makes sense for users looking to minimize the performance hit caused by anti-virus software, making the recommendations public knowledge was an unnecessary risk.
The point, according to Sancho and others, is that the public recommendation by a trusted source like Microsoft is likely to cause numerous users to follow the advice and remove the anti-virus protection for the files and folders. While malware writers have not yet targeted those files and folders specifically, Microsoft's recommendation amounts to an open invitation to do so, experts say.
Novice users should not attempt to alter the relevant anti-virus settings, according to experts.
Controversy flares over ReCaptcha’s effectiveness
Security researcher BitLand has said in a report that the ReCaptcha technology used by Google to secure itself against logins by bots is flawed, but Google says that it is BitLand's analysis that is defective.
In the report, BitLand researchers used optical character recognition (OCR) technology to break the Captchas from various sources, including those provided by ReCaptcha. The team demonstrated the general ineffectiveness of many of the techniques used to distort the characters in a Captcha, and showed that modern OCR software could easily recognize the letters and numbers in many Captchas previously thought to be safe from such tactics.
However, Google disputes the methodology used in the BitLand study, saying that it uses outdated Captcha's to make it seem as though the machine solvers were more effective than they actually were, and that there had been advances in technology since then.
Captchas have been in use for many years in the internet, keeping automatic processes out of message boards and webmail services. Their name is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart.
In the report, BitLand researchers used optical character recognition (OCR) technology to break the Captchas from various sources, including those provided by ReCaptcha. The team demonstrated the general ineffectiveness of many of the techniques used to distort the characters in a Captcha, and showed that modern OCR software could easily recognize the letters and numbers in many Captchas previously thought to be safe from such tactics.
However, Google disputes the methodology used in the BitLand study, saying that it uses outdated Captcha's to make it seem as though the machine solvers were more effective than they actually were, and that there had been advances in technology since then.
Captchas have been in use for many years in the internet, keeping automatic processes out of message boards and webmail services. Their name is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart.
Cisco releases software updates to fix malware vulnerability
Filed under Security News
Tagged as buffer overflow, Cisco, malware, Player, videoconference, vulnerability, WebEx
Tagged as buffer overflow, Cisco, malware, Player, videoconference, vulnerability, WebEx
Cisco Systems this week announced the availability of patches for its WebEx Player software, which is used to record and play back data from videoconferences and online meetings.
The vulnerability is a buffer overflow issue, which can allow maliciously created files to temporarily enable the execution of remote code, allowing all manner of illicit access to affected machines. Experts say that such computers could be added to botnets, or make their users vulnerable to identity theft. Even if the remote code execution was unsuccessful - due to, for example, limited user access - the malware could still crash affected computers.
The company said that installations of the WebEx Player software that were automatically downloaded would update themselves without the need for user action, but that manual installations would require users to download the updates from Cisco's website and install them on their own.
ZDNet's Ryan Naraine says that companies who rely on WebEx for their day-to-day business should consider this update a critical one. Naraine reports that the fix targets six specific vulnerabilities that could be exploited in the same manner.
The vulnerability is a buffer overflow issue, which can allow maliciously created files to temporarily enable the execution of remote code, allowing all manner of illicit access to affected machines. Experts say that such computers could be added to botnets, or make their users vulnerable to identity theft. Even if the remote code execution was unsuccessful - due to, for example, limited user access - the malware could still crash affected computers.
The company said that installations of the WebEx Player software that were automatically downloaded would update themselves without the need for user action, but that manual installations would require users to download the updates from Cisco's website and install them on their own.
ZDNet's Ryan Naraine says that companies who rely on WebEx for their day-to-day business should consider this update a critical one. Naraine reports that the fix targets six specific vulnerabilities that could be exploited in the same manner.
Black-hat SEO campaign targets Google Doodle of Esperanto flag
Filed under Security News
Tagged as Black Hat, BlackHat, Doogle, Esperanto, flag, Google, scareware, SEO
Tagged as Black Hat, BlackHat, Doogle, Esperanto, flag, Google, scareware, SEO
The use of popular internet trends to distribute malicious software is nothing new - in fact, experts say that it's more or less the standard modus operandi for some types of phishing and malware - but the creativity of criminal gangs continues to raise eyebrows.
One of the most recent malicious campaigns targeted Google results relating to the Esperanto flag displayed on the 150th anniversary of founder L.L. Zamenhoff's birth. The flag was displayed, like many date-appropriate curiosities, on Google's front page, in the same way as pictures of snowmen or Santa Claus at Christmas. Clicking on the "Doodle," as it's called, performs a Google search for the appropriate terms.
However, the cyber criminals had struck first in this case. Many of the top search results from clicking on the Doodle contained malware, pushed to the top of the rankings by illicit SEO techniques. Users unfortunate enough to click through to one of the sites were affected by scareware rogue anti-virus scams.
Scareware combined with black-hat SEO has exploded in popularity among cyber criminals in 2009.
One of the most recent malicious campaigns targeted Google results relating to the Esperanto flag displayed on the 150th anniversary of founder L.L. Zamenhoff's birth. The flag was displayed, like many date-appropriate curiosities, on Google's front page, in the same way as pictures of snowmen or Santa Claus at Christmas. Clicking on the "Doodle," as it's called, performs a Google search for the appropriate terms.
However, the cyber criminals had struck first in this case. Many of the top search results from clicking on the Doodle contained malware, pushed to the top of the rankings by illicit SEO techniques. Users unfortunate enough to click through to one of the sites were affected by scareware rogue anti-virus scams.
Scareware combined with black-hat SEO has exploded in popularity among cyber criminals in 2009.