|
|
08-22-2009
Registered User
26,240,
27
Weekly Summary of the "DHS Daily Open Source Infrastructure Report"
The DHS Daily Open SourceInfrastructure Report covers the publicly reported material for the precedingday(s) not previously covered. This weekly summary provides a selectionof those items of greatest significance to the InfoSec professional.
Abug fix takes two years to release! Should this be where you place your trust?
48. August 14, The Register - (International) MSZero-day security bug was two years in the making. A flaw in Office WebComponents which Microsoft fixed on August 11 was first reported to thesoftware giant over two years ago, it has emerged. The time taken to release apatch has security vendors speculating that security only got around to fixingthe software flaw at all because hackers have begun exploiting it over recentweeks. The arrival of the MS09-043 patch addressed a zero-day flaw that hadbecome the fodder of drive-by download attacks from malicious web pages. The patchaddressed four vulnerabilities in Office ActiveX control in total, includingthe zer0-day flaw. Users previously had to rely on workarounds published byMicrosoft in a July advisory. The 0day security bug was discovered by aresearcher and first reported to Microsoft in March 2007 via the Tipping PointZero Day initiative scheme, which pays researchers for security exploits.Tipping Point uses this information to add signature detection against exploitsbased on the bug to its intrusion protection products. It also passes along theinformation to the relevant software developers, in this case Microsoft.Responding to question on the long delay, a ZDI manager told heise Security,“they [Microsoft] kept finding the need for more time to ensure the issue wascompletely addressed.” Source: http://www.theregister.co.uk/2009/08...ong_gestation/
Has Microsoft restored your faith? Mine remains with FireFox?
42. August 14, SCMagazine - (International) Microsoftleads browsers in malware, phishing defense. It appears that thecomprehensive security features built into Internet Explorer 8 (IE 8) arepaying off for Microsoft. The browser, released in March with a number ofenhanced phishing and anti-malware components, blocked an average of 81 percentof socially engineered malware and stopped 83 percent of suspected phishingsites - topping four other major browsers, according to new tests conducted byNSS Labs. NSS based its findings on two weeks of analyzing 593 phishing sitesand 608 unique URLS that contained malicious software, the company's presidenttold SCMagazineUS.com on August 13. “Everyone thinks Microsoft stinks atsecurity,” he said. “They need to get some credit for some of the good stuffthey've done. Microsoft has been a big target for attacks for a long time, andthat's actually a benefit to them. They've learned how they can turn thataround and protect themselves better.” In catching and stopping sociallyengineered malware, a significant drop-off occurred after the Microsoftbrowser. Firefox 3 was next in line, blocking 27 percent. Apple's Safari 4thwarted 21 percent, followed by Google Chrome (seven percent) and Opera 10(one percent). The browsers, as a group, performed relatively better inoffering phishing protection. Firefox deterred 80 percent of suspected fraudsites, Opera caught 54 percent, followed by Chrome (26 percent) and Safari (twopercent). Source: http://www.scmagazineus.com/Microsof...rticle/146505/
IsCharter a participant in your extended network? Could you be impacted next?
40. August 17, Redding Record-Searchlight -(California) Charter Internet suffers rolling outages. Local CharterMedia Internet subscribers on August 17 have been subjected to disconnectionsand slow speeds due to an outage that has been “rolling from area to area.” ACharter spokeswoman in Redding said company troubleshooters were notified ofthe problem around 10:30 a.m. She said the problem has spread through Northernand Southern California and a few other states. She did not know how manycustomers were affected. “We don't know the cause, other than it's with ourthird-party vendor,” she said. “Call centers have all been alerted to this, andhopefully information is getting back to customers on a timely basis.” Source: http://www.redding.com/news/2009/aug...lling-outages/
SQL issues again. Will it ever end?
35. August 18, SearchSecurity.com - (International)SQL Injection continues to trouble firms, lead to breaches. SQL Injection,one of the most basic and common attacks against websites and their underlyingdatabases, offer an easy entry point for cybercriminals, according to securityexperts. The hackers responsible for the largest data security breach in U.S.history allegedly used a SQL Injection attack. The coding error was cited asthe starting point in the indictment handed down against a Miami man and twoRussian hackers, enabling them to allegedly bilk Heartland Payment Systems Inc.and Hannaford Brothers Co. of more than 130 million credit and debit cardnumbers. But security experts say that while SQL Injection errors arerelatively easy to find, as simple as finding a poorly coded input field in aWeb form, they are often difficult and costly to fix. A vulnerability scan islikely to turn up thousands of errors that lend themselves to SQL Injection,said the chief technology officer of Citigal Inc., a software security andquality consulting firm. New defenses for automated SQL injection attacks: Byautomating SQL injection attacks, hackers have found a way to expedite theprocess of finding and exploiting vulnerable websites. “Sometimes there's oneproblem that results in a thousand possible cross-site scripting issues and ifyou fix that problem they'll all be fixed, but that's not always the case,” thechief technology officer said. “There been a lot of bugs that built up behindthe dam and now we're seeing the dam starting to rumble.” Source: http://searchsecurity.techtarget.com...365263,00.html
Hmmmm. Is it possible that your web developmentactivity is so infected?
41. August 19, Internet Evolution - (International)Nasty malware attack targets web developers. There is a nasty bug goingaround the Web that targets developers. When a developer visits an infectedsite, the page installs a virus on their machine that silently copies thepasswords stored in FileZilla, CuteFTP, and possibly other File TransferProtocol (FTP) client software, and sends them to a central server. The serverthen runs a bot to access all sites for which credentials have been stolen andinstalls an iframe injection attack on many pages, further spreading theinfection. Infected sites occasionally break if they use the Web scriptinglanguage PHP, but frequently they continue to operate, and thus infect moreusers with the virus. When a search engine such as Google detects the infectionin a site, they may remove the site from their index, resulting in a financialloss to the site owner. Some browsers may flag the site as infected and show awarning that scares away users. This attack is interesting because of the wayit spreads, and the risk to developers. No one would want to be the freelanceWeb professional who has to explain to a few dozen clients why their sites allgot hacked. Presumably, this attack vector will eventually be used to install apayload, such as software for sending spam or executing denial-of-serviceattacks. After all, today's best malware is all about making money. Source: http://www.internetevolution.com/aut...&doc_id=180663
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...
Abug fix takes two years to release! Should this be where you place your trust?
48. August 14, The Register - (International) MSZero-day security bug was two years in the making. A flaw in Office WebComponents which Microsoft fixed on August 11 was first reported to thesoftware giant over two years ago, it has emerged. The time taken to release apatch has security vendors speculating that security only got around to fixingthe software flaw at all because hackers have begun exploiting it over recentweeks. The arrival of the MS09-043 patch addressed a zero-day flaw that hadbecome the fodder of drive-by download attacks from malicious web pages. The patchaddressed four vulnerabilities in Office ActiveX control in total, includingthe zer0-day flaw. Users previously had to rely on workarounds published byMicrosoft in a July advisory. The 0day security bug was discovered by aresearcher and first reported to Microsoft in March 2007 via the Tipping PointZero Day initiative scheme, which pays researchers for security exploits.Tipping Point uses this information to add signature detection against exploitsbased on the bug to its intrusion protection products. It also passes along theinformation to the relevant software developers, in this case Microsoft.Responding to question on the long delay, a ZDI manager told heise Security,“they [Microsoft] kept finding the need for more time to ensure the issue wascompletely addressed.” Source: http://www.theregister.co.uk/2009/08...ong_gestation/
Has Microsoft restored your faith? Mine remains with FireFox?
42. August 14, SCMagazine - (International) Microsoftleads browsers in malware, phishing defense. It appears that thecomprehensive security features built into Internet Explorer 8 (IE 8) arepaying off for Microsoft. The browser, released in March with a number ofenhanced phishing and anti-malware components, blocked an average of 81 percentof socially engineered malware and stopped 83 percent of suspected phishingsites - topping four other major browsers, according to new tests conducted byNSS Labs. NSS based its findings on two weeks of analyzing 593 phishing sitesand 608 unique URLS that contained malicious software, the company's presidenttold SCMagazineUS.com on August 13. “Everyone thinks Microsoft stinks atsecurity,” he said. “They need to get some credit for some of the good stuffthey've done. Microsoft has been a big target for attacks for a long time, andthat's actually a benefit to them. They've learned how they can turn thataround and protect themselves better.” In catching and stopping sociallyengineered malware, a significant drop-off occurred after the Microsoftbrowser. Firefox 3 was next in line, blocking 27 percent. Apple's Safari 4thwarted 21 percent, followed by Google Chrome (seven percent) and Opera 10(one percent). The browsers, as a group, performed relatively better inoffering phishing protection. Firefox deterred 80 percent of suspected fraudsites, Opera caught 54 percent, followed by Chrome (26 percent) and Safari (twopercent). Source: http://www.scmagazineus.com/Microsof...rticle/146505/
IsCharter a participant in your extended network? Could you be impacted next?
40. August 17, Redding Record-Searchlight -(California) Charter Internet suffers rolling outages. Local CharterMedia Internet subscribers on August 17 have been subjected to disconnectionsand slow speeds due to an outage that has been “rolling from area to area.” ACharter spokeswoman in Redding said company troubleshooters were notified ofthe problem around 10:30 a.m. She said the problem has spread through Northernand Southern California and a few other states. She did not know how manycustomers were affected. “We don't know the cause, other than it's with ourthird-party vendor,” she said. “Call centers have all been alerted to this, andhopefully information is getting back to customers on a timely basis.” Source: http://www.redding.com/news/2009/aug...lling-outages/
SQL issues again. Will it ever end?
35. August 18, SearchSecurity.com - (International)SQL Injection continues to trouble firms, lead to breaches. SQL Injection,one of the most basic and common attacks against websites and their underlyingdatabases, offer an easy entry point for cybercriminals, according to securityexperts. The hackers responsible for the largest data security breach in U.S.history allegedly used a SQL Injection attack. The coding error was cited asthe starting point in the indictment handed down against a Miami man and twoRussian hackers, enabling them to allegedly bilk Heartland Payment Systems Inc.and Hannaford Brothers Co. of more than 130 million credit and debit cardnumbers. But security experts say that while SQL Injection errors arerelatively easy to find, as simple as finding a poorly coded input field in aWeb form, they are often difficult and costly to fix. A vulnerability scan islikely to turn up thousands of errors that lend themselves to SQL Injection,said the chief technology officer of Citigal Inc., a software security andquality consulting firm. New defenses for automated SQL injection attacks: Byautomating SQL injection attacks, hackers have found a way to expedite theprocess of finding and exploiting vulnerable websites. “Sometimes there's oneproblem that results in a thousand possible cross-site scripting issues and ifyou fix that problem they'll all be fixed, but that's not always the case,” thechief technology officer said. “There been a lot of bugs that built up behindthe dam and now we're seeing the dam starting to rumble.” Source: http://searchsecurity.techtarget.com...365263,00.html
Hmmmm. Is it possible that your web developmentactivity is so infected?
41. August 19, Internet Evolution - (International)Nasty malware attack targets web developers. There is a nasty bug goingaround the Web that targets developers. When a developer visits an infectedsite, the page installs a virus on their machine that silently copies thepasswords stored in FileZilla, CuteFTP, and possibly other File TransferProtocol (FTP) client software, and sends them to a central server. The serverthen runs a bot to access all sites for which credentials have been stolen andinstalls an iframe injection attack on many pages, further spreading theinfection. Infected sites occasionally break if they use the Web scriptinglanguage PHP, but frequently they continue to operate, and thus infect moreusers with the virus. When a search engine such as Google detects the infectionin a site, they may remove the site from their index, resulting in a financialloss to the site owner. Some browsers may flag the site as infected and show awarning that scares away users. This attack is interesting because of the wayit spreads, and the risk to developers. No one would want to be the freelanceWeb professional who has to explain to a few dozen clients why their sites allgot hacked. Presumably, this attack vector will eventually be used to install apayload, such as software for sending spam or executing denial-of-serviceattacks. After all, today's best malware is all about making money. Source: http://www.internetevolution.com/aut...&doc_id=180663
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...