Security News

Bereits kommende Woche beginnt Symantec mit dem Überführen der meisten Daten in das hauseigene Symantec Connect.(author unknown)

Mit seiner Warnung vor einer akuten Gefährdung des Domain Name Systems zieht sich ICANN-Chef Rod Beckstrom den Unmut der Domainbetreiber zu. Die fürchten, die Regierungen könnten die falsche Schlüsse ziehen.(author unknown)

Please join us for a special live recording tonight at 7:30 EST from the Collegiate Cyber Defense Competition in Maryland for Episode 190 of PaulDotCom Security Weekly.

Please join the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.

When active, the live stream(s) can be found at:

PaulDotCom Livestream - All new with Video and Chat! You can access the streaming videos at any time by visiting http://pauldotcom.com/live/

PaulDotCom Icecast Radio

Break out your adult beverage of choice and join us, enjoy the show live, and thanks for listening!

- Larry, Mick, Carlos, John, Darren & Paul

With the sharp increase of hacking attacks over the last couple of years, and the introduction of a number of regulatory compliance guidelines to follow, web application security has become a key concern for many online businesses, and also a common expense in a company’s budget.  Although many businesses are focusing on securing their web applications, unfortunately they are not looking at the whole picture.  A vital part of securing a business’s whole web infrastructure also includes having a secure web server configuration.  Securing a web server’s configuration is as important as securing the web application itself.

Click here to read the full article and learn more how you can secure your Microsoft IIS web server!

S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
Available Sites:
amazon.com
digg.com
ebuddy.com
facebook.com
gmail.com
hotmail.com
msn.com (hotmail)
myspace.com
onecard.com (AR,EN Langs)
paypal.com
travian.com (AR,EN Langs)
twitter.com
yahoo.com
youtube.com
Features:
Fakepages.
IP, malicious page gives you the ip address of victim.
Mailer.
You can send an anonymous message using PHP mail() (...) - Security Tools / Attack, Stupidity, S-E Ninja ToolsTracker02921839077878952869

Für die neue Lücke im Internet Explorer 6 und 7 ist jetzt ein öffentlich verfügbarer Exploit aufgetaucht. Damit dürfte Microsoft in Zugzwang geraten, einen außerplanmäßigen Patch zu veröffentlichen.(author unknown)02921839077878952869

<p>Who?s the hardest working researcher of all time?&nbsp; Of 2009?</p>(author unknown)0620244838774487248002921839077878952869

Attacks Happen

There are many reasons why attackers may target your organization: they could be after your intellectual property, they may have political reasons or there may be financial motivations (if you have credit card data stored on your network). I've often heard people say, "Why would someone want to attack us?" The question should really be phrased, "Why would someone need to attack us?" Often you are targeted not because of who you are, but what you have. Google hosts email accounts that are interesting to certain parties. You may be a university with plenty of bandwidth or a business partner with a company who makes electronics that the attacker is after. The point is that you can't limit the reasons why you are going to be attacked. You have to secure your network with the mindset that someone will eventually come after you.

This brings us to this month's "Patch Tuesday". Two bulletins have been released by Microsoft, and I've included some examples of how they can be used for targeted attacks:

• MS10-016 - Nessus Plugin ID 45020 (Credentialed Check) - This bulletin discloses vulnerabilities associated with Windows Movie Maker that occur when a user opens a Windows Movie Maker file. While this may be used in some targeted attacks, I suspect that not many organizations have this software widely deployed. However, the interesting thing about this vulnerability is that Movie Maker is built-in to certain versions of Windows Vista, which makes uninstallation very difficult. This means even if you are not using the software, you still need to apply the patches. While Movie Maker may not be the most popular client application available, as a penetration tester I would search for it anyway. For example, I found a web site that is hosting a forum for Windows Movie Maker users. A query for "running version" results in several pages of matches. You can even be more specific with your search and enter "2.1", which is the vulnerable version running on Windows XP. Most of the posts are made by people looking for help with a specific version of Movie Maker and they will reveal this information during troubleshooting. An attacker just needs to associate the forum userid or email with the target they are going after for a potentially successful attack to be well under way.

MS10-017 - Nessus Plugin ID 45021 (Credentialed Check) - This bulletin discloses seven different vulnerabilities in Microsoft Excel. I find it interesting to review the disclosure timeline on some of these vulnerabilities. For example, CVE-2010-0263 was disclosed to Microsoft on July 14, 2009, and was just recently fixed. Core Security also reported (CVE-2010-0243) on September 4, 2009.

Microsoft ranks this vulnerability as "Important". The vulnerability itself does not exploit a remotely accessible network service and execute remote code, but that doesn't mean an attacker cannot use this information to construct specifically targeted attacks. Consider the following Google query:

filetype:xls inurl:xls site:.gov

The above search (as of today) returns 3,560,000 results (coincidentally, this number was the largest out of ".com", ".edu" and ".mil" top level domains). While this may not seem relevant, what stops an attacker from downloading all of the spreadsheets posted by a particular organization and analyzing the document metadata? Metadata is information contained within a document that can reveal the software type, version and platform it is running on in addition to the user who created it. With this information you could easily launch a targeted email attack. In fact, the attackers could have enough information to launch automated attacks that read the document metadata from a target's web site and then send the appropriate malicious Microsoft Excel document. While malicious PDF documents are all the rage these days with attackers, there is no reason why they cannot easily make a shift or use Microsoft Office documents along with the more traditional PDF attacks. One could make the argument that the attackers could do the same with PDF documents (and they probably are), but since malicious PDFs are something that organizations are now expecting, attackers may choose to mix up their attack vectors.

Kampagne gegen Data-Retention-Wiedereinführung gestartet(author unknown)02921839077878952869

Wer sich bis zum 24. März anmeldet, erhält 10 Prozent Rabatt auf den Preis zur Teilnahme an der Konferenz "Sicherheit in einer verteilten Welt".(author unknown)02921839077878952869

Salzburger Konsumentenschützer: Plus zehn Prozent(author unknown)02921839077878952869

Verlinkungen in "direct messages" werden beim Mikroblogging-Dienst nun nach Phishing-Versuchen, Spam und Malware geprüft, bevor sie an den Adressaten weitergereicht werden.(author unknown)02921839077878952869

Vodafone Spanien hat ein Android-Smartphone HTC Magic verkauft, auf dessen Speicherkarte der Bot Mariposa installiert war.(author unknown)02921839077878952869

Vodafone Spanien hat ein Android-Smartphone HTC Magic verkauft, auf dessen Speicherkarte der Bot Mariposa installiert war.(author unknown)

http://www.heise.de/newsticker/meldung/Datenschutzbeauftragter-sieht-immer-groessere-Defizite-950553.html/from/atom10

Microsoft warnt vor einer weiteren, ungepatchten Sicherheitslücke im Internet Explorer 6 und 7, die bereits aktiv ausgenutzt wird, um Windows-PCs mit Trojanern zu infizieren.(author unknown)02921839077878952869

Microsoft hat zwei Sicherheits-Updates veröffentlicht, die eine Lücke im Windows Movie Maker und sieben Lücken in Excel schließen.(author unknown)

Microsoft hat zwei Sicherheits-Updates veröffentlicht, die eine Lücke im Windows Movie Maker und sieben Lücken in Excel schließen.(author unknown)

Die geringen Zugriffszeiten von schnellen, modernen Flash-Speichern ermöglichen das Auslagern größerer Rainbow-Tables auf den Massenspeicher.(author unknown)

Die geringen Zugriffszeiten von schnellen, modernen Flash-Speichern ermöglichen das Auslagern größerer Rainbow-Tables auf den Massenspeicher.(author unknown)05560498500334744143