« Black Hat talk to reveal analysis of hacker fingerprints: Cyber Highlights July 21, 2010 | Main | Dell warns of malware on server motherboards: Cyber Security Highlights July 23, 2010 »
DNSSEC now fully deployed on the Internet root: Cyber Highlights July 7 22, 2010
By Kelli Tarala | July 25, 2010
Operators of the Internet’s authoritative root zone the week of July 12 completed deployment of enhanced security protocols at the top level of the Domain Name System. The Internet’s 13 root zone DNS servers have been digitally signed using the DNS Security Extensions (DNSSEC) since May. On July 15, the signed root zone was made available and a trust anchor was published with cryptographic keys that will allow users to verify the authenticity of DNS address requests. To be fully effective, DNSSEC must be deployed throughout the Internet’s domains, but the publication of the trust anchor for the Internet root means it now is possible to begin linking together the “islands of trust” that have been created by the deployment of DNSSEC in isolated domains, such as .gov and .org. The DNS root zone, which contains the records needed to resolve the domain names used by people to IP addresses used by routers and servers, is overseen by the Commerce Department’s National Telecommunications and Information Administration and the files are managed by VeriSign Inc.
Full Story:
http://gcn.com/articles/2010/07/19/dnssec-fully-deployed-at-internet-root.aspx
Siemens confirms German customer hit by Stuxnet espionage worm
Siemens confirmed July 21 that one of its customers has been hit by a new worm designed to steal secrets from industrial control systems. To date, the company has been notified of one attack, on a German manufacturer that Siemens declined to identify. The company is trying to determine whether the attack caused damage. The worm, called Stuxnet, was first spotted in June, when it infected systems at an unidentified Iranian organization, according to the head of the antivirus kernel department at VirusBlokAda, in Minsk, Belarus. The unidentified victim, which does not own the type of SCADA (supervisory control and data acquisition) systems targeted by the worm, “told us their workstations serially rebooted without any reason,” the head of the department said in an e-mail message July 20. VirusBlokAda soon received reports of the malware from “all over the Middle East,” he added. Microsoft said that it had logged infection attempts in the U.S., Indonesia, India, and Iran. Security vendor Symantec is now logging about 9,000 infection attempts per day.
Full Story:
http://www.infoworld.com/d/security-central/siemens-confirms-german-customer-hit-stuxnet-espionage-worm-055
Google updates its anti-spam engine to block recent JavaScript attacks
Google has updated its Postini anti-spam engine following the recent surge in e-mails containing obfuscated JavaScript attacks. These e-mails are a hybrid between virus and spam messages, and are designed to look like legitimate, Non Delivery Report messages. “In some cases, the message may have forwarded the user’s browser to a pharma site or tried to download something unexpected, which is more virus-like. Since the messages contained classic JavaScript which generates code, the messages could change themselves and take multiple forms, making them challenging to identify,” reads a post on the official Google blog. “Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning which allowed us to write manual filters and escalate to our anti-virus partners quickly.” The Postini engine processes more than 3 billion e-mail messages per day, and it has registered an upsurge in the volume of spam (16 percent more compared to Q1 2010), and a lesser increase (3 percent) in virus traffic. But when compared to Q2 2009, virus traffic has increased 260 percent. Among other relevant threats, Google mentions the false social networking messages, those tied to major news stories, false shipping e-mails, and the “friend in need” phishing messages.
Full Story:
http://www.net-security.org/secworld.php?id=9617
Tool blunts threat from Windows shortcut flaw
Microsoft released July 21 a stopgap fix to help Windows users protect themselves against threats that may target a newly discovered, critical security hole that is present in every supported version of Windows. Recently, KrebsOnSecurity.com reported security researchers in Belarus had found a sophisticated strain of malware that was exploiting a flaw in the way Windows handles shortcut files. Experts determined the malware was used to attack computers that interact with networks responsible for controlling operations of large, distributed and sensitive systems, such as manufacturing and power plants. Microsoft’s first advisory acknowledging the security hole said customers could disable the vulnerable component by editing the Windows registry. However, such editing can be dicey for people less experienced with Windows because one errant change can cause system-wide problems. In an updated
advisory posted July 20, Microsoft added instructions for using a much simpler, point-and-click “FixIt” tool to disable the flawed Windows features. The tool allows Windows users to nix the vulnerable component by clicking the “FixIt” icon, following the prompts, and then rebooting the system. However, making this change could make it significantly more difficult for regular users to navigate their computer and desktop, as it removes the graphical representation of icons on the Task bar and Start menu bar and replaces them with plain, white icons.
Full Story:
http://krebsonsecurity.com/2010/07/tool-blunts-threat-from-windows-shortcut-flaw/
Firefox update guards hen house
Mozilla has pushed out a new version of Firefox that fixes numerous security holes, some critical. Firefox version 3.6.7 addresses 14 vulnerabilities, 8 of which are described as critical. The most serious flaws involve the handling of malformed PNG images, memory bugs and other code execution risks. The cross-platform update, published July 20, also aims to tackle a variety of stability glitches, as explained in Mozilla’s release notes. In other client-side patching news, Apple released a new version of iTunes for Windows machines. The 9.2.1 updates deals with a buffer overflow vulnerability involving the handling of itpc: URLs. Left unfixed, the flaw creates a possible route for hackers to inject hostile code onto vulnerable Windows boxes, providing they first trick users into opening dodgy links on contaminated Web sites. Source: http://www.theregister.co.uk/2010/07/21/firefox_security_update/ 55. July 21, Sophos – (International) Dell warns of malware on motherboards. Dell has published a warning on its support forum that some of its server motherboards are infected with Windows malware. The admission, posted in response to a customer who wished to confirm that a telephone call he had received from a Dell representative was genuine, confirmed that “a small number of PowerEdge server motherboards” may contain spyware in its embedded server management firmware. Dell said it has created a list of affected customers, and that they are formally notifying them of the security problem via letter. No specifics have been offered as to which malware has infected the motherboards, or what it does.
Full Story:
http://www.sophos.com/blogs/gc/g/2010/07/21/dell-warns-malware-motherboards/
DHS, vendors unveil open source intrusion detection engine
The Open Information Security Foundation (OISF), a group funded by the U.S Department of Homeland Security (DHS) and several security vendors, this week released an open-source engine built to detect and prevent network intrusions. The Suricata 1.0 engine is touted as a replacement for the 12-year-old Snort open source technology that over the years has emerged as a sort of de facto standard for detecting and preventing intrusions. Snort currently claims close to 300,000 registered users and over 4 million downloads. Nearly 100 vendors currently have added Snort to network security devices. Earlier this month, Amazon announced it selected Snort to deliver IPS protection for its Web services customers. The OISF president said Suricata is designed to address limitations in the older Snort tool. For example, Suricata’s multi-threaded architecture can support high performance multi-core and multiprocesser systems. Snort is designed for the single-processor systems that dominated the tech world when it was created. The new engine also offers native IP reputation-filtering capabilities that allow Suricata-based intrusion-detection and intrusion-prevention devices to flag traffic from known bad sources. In addition, Suricata supports an automated protocol detection capability that enables protocol-specific security rules to be applied to a network stream, regardless of the port from which the traffic originated from.
Full Story:
http://www.computerworld.com/s/article/9179436/
IE and Safari lets attackers steal user names and addresses
The Internet Explorer, Firefox, Chrome, and Safari browsers are susceptible to attacks that allow Webmasters to glean highly sensitive information about the people visiting their sites, including their full names, e-mail addresses, location, and even stored passwords, a security researcher said. In a talk scheduled for the Black Hat security conference in Las Vegas, the CTO of White Hat Security plans to detail critical weaknesses that are enabled by default in the browsers, which are the four biggest by market share. The vulnerabilities have yet to be purged by the respective browser makers despite months, and in some cases, years of notice. Among the most serious is a vulnerability in Apple’s Safari and earlier versions of Microsoft’s IE that exposes names, e-mail addresses, and other sensitive information when a user visits a booby-trapped Web site. The attack exploits the browsers’ autocomplete feature used to automatically enter commonly typed text into Web sites. It works by creating a Web page with fields carrying titles such as “First Name,” “Last Name,” “Email Address,” and “Credit Card Number” and then adding javascript that simulates the user entering various letters, numbers or keystrokes into each one.
Full Story:
http://www.theregister.co.uk/2010/07/20/browser_info_disclosure_weaknesses/
Researcher pinpoints widespread common flaw among VxWorks devices
A researcher will reveal how a misconfiguration by developers using the VxWorks operating system found in many embedded systems has left a trail of vulnerable products across various vendors’ products. The researcher, who is also the chief security officer and Metasploit chief architect at Rapid7, so far has found some 200 to 300 different products connected to the Internet that contain a diagnostics service or feature from VxWorks that leaves them susceptible to getting hacked. These devices include VoIP equipment and switches, DSL concentrators, industrial automation systems for SCADA environments, and Fibre Channel switches. The diagnostics service for developers can be abused by an attacker if left either purposely or inadvertently active in the software. “The service allows access to read memory, write memory, and even power cycle the device. Combined, that is enough to steal data, backdoor the running firmware image, and otherwise take control over the device,” he said. “This feature shouldn’t be enabled” in production mode, but instead deactivated,
In-store Fuji photo kiosks spread malware
It appears FujiFilm is installing anti-virus protection onto its devices since reports began to come in from Australia earlier in July that some Windows-based Fuji photo kios were infected by malware, and spreading worms to unsuspecting shoppers when the inserted their SD cards and memory sticks to print out their digital snaps. But this is the only solution. Another way to prevent infection is to ensure data can only be real from the customers’ SD card or USB stick, not written to it. At least that way the device could become infected — but would not spread the malware further.
Full Story:
http://www.sophos.com/blogs/gc/g/2010/07/20/instore-fuji-photo-kiosks-spread-malware/
Read Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_072210.pdf
Topics: DHS Infrastructure Reports |
Comments are closed.