Advisory #235 - Norton Personal Firewall / Internet Security, Multiple News
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
Advisory #235 - Norton Personal Firewall / Internet Security, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #235
You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error, please contact info@... to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 Norton Personal Firewall / Internet Security - Remote Hacker Automatic Control - Time Since Discovery - 2 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 Entering the Pentagon 2.2 Microsoft Snares Top Vulnerability Talent 2.3 Scamming and Social Networks 2.4 Failure to Check Sources = Costly Market Loss 2.5 Nationalistic Fervour and Online Attacks 2.6 Microsoft Modifies Monthly Patch Advance Notification ===================================== 1. SECURITY 1.1 Norton Personal Firewall / Internet Security - Remote Hacker Automatic Control -- Products Affected -- Norton Personal Firewall 2004 Norton Internet Security 2004 -- Technical Description -- Buffer overflow in the ISLALERT.DLL ActiveX control associated with Personal Firewall / Internet Security 2004. The error occurs in the Get() and Set() functions used by ISAlertDataCOM. Arbitrary code execution can result, at the level of the current user. -- Description -- It has been discovered that there is a serious vulnerability affecting the 2004 versions of Norton Personal Firewall and Internet Security. This particular vulnerability could allow a remote attacker to take over a vulnerable system and run code of their choice, as if they were the local user. -- Recommended Action -- Select and run LiveUpdate from within Norton Personal Firewall 2004, or follow the link listed for Product Updates. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 8 8 (Very High) Corporate 8 8 (Very High) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 Entering the Pentagon Following the drawn-out court case against UK-based hacker, Gary McKinnon, most people would assume that the US military and other government agencies would have taken the opportunity to review the security of their outward-facing systems. Such an assumption doesn't account for the fact that there are many, many systems that might require securing and re-configuration. This has been highlighted by two recent examples where outward-facing systems at the Pentagon (domains under pentagon.mil) were found to be lacking in suitable authentication and protection. At least one server was compromised by website defacers, who left their calling card as proof of their ability to break in. This particular incident took place within the last week, whilst the other incident - where a server that could be accessed without any authentication was discovered, has now been addressed. 2.2 Microsoft Snares Top Vulnerability Talent News being reported over at ZDNet indicates that Microsoft has convinced the founder of Symantec's Vulnerability Research efforts to join the Microsoft Security Response Center. While her stay at Symantec was relatively short, Katie Moussouris is a noted penetration tester who was a part of @Stake when it was purchased by Symantec in 2004. Her new role at Microsoft is to be involved with security community efforts, including working with independent researchers who discover vulnerabilities with Microsoft products. One of the biggest complaints from third party researchers who have attempted to notify Microsoft of serious issues with their software is that Microsoft used to be very difficult to work with and very unresponsive to reports of vulnerabilities. Katie's new role at Microsoft will hopefully go a long way to help overcome this particular stumbling block that external researchers still sometimes encounter. This practice of hiring in the top talent at Microsoft is expected to continue, with noted historical security-related hirings including researchers from McAfee, and Mark Russinovich, formerly of SysInternals. 2.3 Scamming and Social Networks Increasing numbers of Information Security commentators and companies are starting to pick up on the increasing use of professional networking sites, social networking sites, and other related sites by scammers in order to get past the trust barrier that would prevent a successful scam. One such article (with plenty of excellent resources) was recently posted at the SANS ISC. All of these articles would be remiss without mentioning the case study provided by Sûnnet Beskerming researchers in early 2007, when an attempted 419-type scam was perpetrated on one of Sûnnet Beskerming's researchers - through a professional networking site. The findings from that case are fully supported by more recent articles, and it indicates that scammers are becoming more aware of the capabilities that these sites can give. 2.4 Failure to Check Sources = Costly Market Loss Apple Inc's market value recently lost $4 billion USD in a matter of minutes, following the posting of a fake email to a popular tech blog site. Claiming to originate from within Apple, the fake email indicated that Apple's iPhone and Leopard operating system will be significantly delayed in coming to market. A later, official, email from Apple negated the fake message, and indicated that both products would still be on track for their planned release dates. Poor information validation is a problem that is all-too common for companies and groups that depend on being the first to break news on important events (and for Information Security vendors as well). When there is a single source of material a judgement call needs to be made in order to determine whether appropriate trust can be placed in the report. Intelligence agencies and major news aggregators (most of them, at least) will generally place a lower level of trust in single-source reporting, even if the material is 100% accurate. Because there is no corroborating reporting from other sources, they will generally avoid staking a reliable claim on the information (hence some of the problems commonly associated with Intelligence bodies and reporting aggregators). This painful lesson is something that bloggers and other smaller groups need to be aware of, especially if they have not already been exposed to the practice of evaluating sources from a larger news organisation or Intelligence body. 2.5 Nationalistic Fervour and Online Attacks Nationalistic fervour has long been a motivating factor for electronic attacks against companies, governments and websites in general. A significant proportion of the defaced sites listed in the Zone-h defacement archives have been defaced with a nationalistic statement or ultimatum of some sort from the attacker (even if the targeted site has no relevant link to the nationalistic claims). Estonia's recent decision to relocate a Russian WWII war memorial from the centre of Tallinn to a war cemetery sparked outrage from Estonians and ethnic Russians in Estonia, and complaint from Russians in Russia. Mixed in with the street protests and political posturing were increasing numbers of attacks against Estonian government websites, as well as other significant Estonian company sites. Claims have been made that the attacks have originated from Russia and are being state-sponsored. Getting NATO involved with the online feud is a major escalation that is likely to have longer term political effects, irrespective of any actual or perceived official Russian involvement. While the scale of the attacks does suggest some form of official support, it could just as easily be a handful of very patriotic botnet controllers, who have turned their sights on Estonian sites. As with Air Power, their online attack effects are impermanent - which means that once the attacks are over, the sites will return to normal operation with no long-lasting effect. Although the Cold War is over, this and other recent events is certainly making the political atmosphere chilly between Russia and former satellite states, between Russia and the EU, between Russia and NATO, and between Russia and the major Western powers. This is not the first time that accusations of state-sponsored online attacks have been made. Various global Intelligence organisations have associated the 'Titan Rain' sequence of events with Chinese state-sponsored attacks, and other smaller claims have been made that countries such as North Korea maintain official state-sponsored hacking groups. Any event of international tension between two nations can lead to these sort of results (such as was seen when the US EP-3 collided with the Chinese J-8 off Hainan Island). 2.6 Microsoft Modifies Monthly Patch Advance Notification On the Thursday before the second Tuesday of each month, Microsoft provides a notification of the patches that they are expecting to release on the following Tuesday. Until now, the notification has broken down how many patches in total are expected, what platforms and product groups they are for, and the maximum severity of the patches within a given group. Starting with June's Security Patch release, Microsoft will be providing more detailed information about the patches due for release. This information will include maximum severity rating, impact of the vulnerability, detection information, and affected software - for each patch. In addition, Microsoft have changed the layout of each bulletin to reduce the amount of duplicated information, and to make it easier to find the critical information in the advisory. ======================================= Sincerely, Sûnnet Beskerming Team info@... Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** Sûnnet Beskerming Pty. Ltd. ** Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis. _______________________________________________ Alertmailinglist mailing list Alertmailinglist@... http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com |
| Free Forum Powered by Nabble | Forum Help |