The DHS Daily Open SourceInfrastructure Report covers the publicly reported material for the precedingday(s) not previously covered. This weekly summary provides a selectionof those items of greatest significance to the InfoSec professional.
Week Ending: Friday, September 4, 2009
42.
August 27, IDG News Service - (International)
Newattack cracks common Wi-Fi encryption in a minute. Computer scientists inJapan say they have developed a way to break the WPA encryption system used inwireless routers in about one minute. The attack gives hackers a way to readencrypted traffic sent between computers and certain types of routers that usethe WPA (Wi-Fi Protected Access) encryption system. The attack was developed bytwo professors who plan to discuss further details at a technical conferenceset for September 25 in Hiroshima. In November 2008, security researchers firstshowed how WPA could be broken, but the Japanese researchers have taken theattack to a new level, according to the organizer of the PacSec securityconference where the first WPA hack was demonstrated. “They took this stuffwhich was fairly theoretical and they've made it much more practical,” he said.The Japanese researchers discuss their attack in a paper presented at the JointWorkshop on Information Security, held in Kaohsiung, Taiwan earlier in August.The earlier attack, developed by two researchers, worked on a smaller range ofWPA devices and took between 12 and 15 minutes to work. Both attacks work onlyon WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm.They do not work on newer WPA 2 devices or on WPA systems that use the strongerAdvanced Encryption Standard (AES) algorithm. Source:
http://www.computerworld.com/s/artic...?taxonomyId=17
Even Apple misses opportunities forimproved security.
42.
August 29, The Register - (International)
SnowLeopard security: The good, the bad and the missing. Apple Engineers misseda key opportunity to implement an industry-standard technology in their latestoperating system that would have made it more resistant to hacking attacks, threeresearchers have said. Known as ASLR, or address space layout randomization,the measure picks a different memory location to load system components eachtime the OS is started. While Microsoft has had it implemented since theroll-out of Windows Vista, the analogous protection in Snow Leopard, which wenton sale on August 28, suffers from a crucial deficiency: It fails to randomizecore parts of the OS, including the heap, stack and dynamic linker. That meansthat attackers who identify buffer overflows and similar bugs in OS Xcomponents have a much better chance of causing the vulnerability to executemalicious code that compromises the machine. The halfhearted attempt atimplementing ASLR has been a chief complaint of security researchers since SnowLeopard's predecessor. Many had hoped it would be made more robust in the newversion. “ASLR is really only useful if EVERYTHING is randomized,” theco-author of The Mac Hacker's Handbook, wrote in an email to The Register. “Ifthere is anything that is not randomized, it defeats the purpose mostly. Thisis a major shortcoming of Apple, and I'm disappointed they didn't take thisopportunity to implement full ASLR.” One possible weakness with the new DEPoffering: parts of the Safari browser remain both writable and executable, ashort coming that may make it easier for attackers to strike at one of the mosttargeted Apple applications. Source:
http://www.theregister.co.uk/2009/08...pard_security/
Isyour version of PowerPoint up-to-date? Ifnot, this could be a problem for you!
39.
September 1, eWeek - (International)
PowerPoint:New PowerPoint attacks hit old flaw. Researchers are tracking the emergenceof a new set of malware attacks loaded into Microsoft PowerPoint documents thattake aim at a long-patched vulnerability in the application. Highlighting thesuccess that many attackers still have in launching threats that prey onvulnerabilities that should have been fixed long ago, the new PowerPointattacks seek to exploit the issue identified by Microsoft as MS06-028, firstpatched in June 2006. Even those who remain unpatched could avoid the attack byavoiding unsolicited .PPT attachments, so clearly the threat is aimed at lesssavvy individuals, or those living in countries such as China where thepopularity of pirated Microsoft software allows for old flaws to remainavailable targets. Among the researchers logging new waves of the .PPTcampaigns was Sophos, which said it has seen a sharp increase in the attacksover the last several business days. For those who should be patched, the usabilityof the attacks shows how even a recent spate of .PPT-related zero day threatssometimes fails to motivate people to ensure their computers are completely upto date, experts with the company noted in a blog post. The attacks drops aTrojan, identified by the researchers as Troj/Protux-Gen, onto affectedmachines. A screen flicker is triggered by the involved shellcode, which alsodownloads and runs another executable, Troj/ReopnPPT-A, that shuts down anyopen PowerPoint processes, removes the shellcode from the malicious .PPT andre-opens PowerPoint with the newly disinfected presentation, Sophos reported.Source:
http://securitywatch.eweek.com/power..._old_flaw.html
So you like/useFirefox! I do. Are you aware of this exploit? Even more interestingissues are in “today's” report. Checkthem out at: http://dhs-daily-report.blogspot.com...3_archive.html
43.
September 1, The Register - (International)
Spywaread-on targets Firefox fans. Miscreants have created an item of spywaretargeted at Firefox users. The malware poses as an Adobe Flash Player updatebut in reality its designed to log a user's browsing history, in particulartheir Google search queries within Firefox. This information is uploaded to ahacker-controlled server. EBOD-A also has the capability to inject ads into theuser's Google search results pages, Trend Micro warns, which adds that themalware appears to be spreading via forum posts. The spyware creates a Firefoxadd-on called “Adobe Flash Player 0.2”, which has nothing to do with eitherAdobe or Mozilla. More on the threat can be found in a write-up by Trend, whichincludes screenshots. Malware targeting Firefox users is rare but notunprecedented. Strains of malware that latch onto Internet Explorer,Microsoft's Swiss-cheese browser, are much more commonplace. Common IE-relatedmalware trickery involves exploiting unpatched security vulns to downloadmalware onto vulnerable machines via drive-by download attacks. Source:
http://www.theregister.co.uk/2009/09...pyware_add_on/
How dependent is your business on HIGHbroadband speeds? Watch out. They soon may be slower!
40.
September 3, TG Daily - (National)
U.S.Telcos call for lower broadband speeds. U.S. telcos have hit on an idea toprovide universal broadband to every U.S. citizen; they are calling on thegovernment to define broadband as anything over 768 Kbps downstream and 200Kbps upstream. The submissions, from AT&T, Comcast, Verizon Communications,and Verizon Wireless, were filed with the Federal Communications Commissionfollowing a request for information. The FCC is under pressure from the U.S.Presidential Administration, which is seeking ways to extend broadband servicesto both unserved Americans living in rural areas and to make broadbandaffordable for those living in urban areas. In comparison to what the U.S.telcos want to provide, the top three countries are Japan with 92.8 Mbps, Koreawith 80.8 Mbps, and France with 51 Mbps. AT&T insisted that the broadbanddefinition must include ‘those services that Americans actually need, want andcan afford'. It claimed that most Americans did not want voice over InternetProtocol (VoIP) or streaming video, which require faster speeds. Source:
http://www.tgdaily.com/content/view/43859/103/
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
http://dhs-daily-report.blogspot.com/
More...
09-05-2009
