Archive

Archive for the ‘Emerging Threats’ Category

OS X users, please patch!

If you haven’t patch yet, then please do.

update

How do I know if I’m patched?

Click “About This Mac” and it should display Mac OS X version 10.5.7. You can do the same if you are using Safari by clicking “About Safari”,  this should display Safari 4 (beta).

Why it is important to patch?

There are critical vulnerabilities that could allow malicious user (hacker, malware)  to snoop and steal your information in background.  Let me sight examples from vulnerabilities that has captured media attention (so, it means many attackers are aware of this).

Safari RSS

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6

Solution: The critical issue has been addressed in Security Update 2009-001 for Mac users and Safari 3.2.2 for Windows.

Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution.

Attacker can easily craft URL and execute javascript – and this could expose your personal and sensitive information.

feeds

Disk Images

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6

Solution: The critical issue has been addressed in Security Update 2009-002

Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution.

This is very critical the fact that browser like Safari has enabled “Open safe files after downloading” by default. You can turn off  this option in Safari by following the instructions below:

1. Open Safari

2. Open “Preferences” under the “Safari” menu

3. Click on the “General” tab

4. Un-check the “Open ‘safe’ files after downloading” box

5. Close Safari’s preferences

safari_unsafe

Glorifying Bad Behavior

From today’s news “Twitter worm author gets a job at exqSoft Solutions

We often heard this kind of news from celebrities (hollywood stars, sports and social networks like youtube) but not for people commiting cyber crime. This is an alarming trend.

I’ve immediately searched if there’s a psychology research on this area, and here’s interesting info I’ve got:

“adolescents engage in bad behaviour because they find benefits — such as the immediate gratification of peer acceptance — are worth the risks.”  as published in journal Psychological Science.

No doubt, the 17 yrs old Twitter worm/spreader author landed a job. 

In Information Security this is absolutely not acceptable. Imagine an additional attack vector coming from this stream?

another misused format

clever

Collab.getIcon()

geticon

Another in-the-wild exploited PDF so better patch!

Further Read:

Adobe Security Bulletin APSB09-04

Recommendation To Avoid this threat

PPT Zero Day

It’s not surprising if we have another zero day in MS office. Evidently, there is a continuous attack on these (Doc, Excel, PPT) file formats .

Just to keep diary, here are references as published days ago:

http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx

http://blogs.zdnet.com/security/?p=3088

http://blog.trendmicro.com/new-exploit-takes-on-ms-powerpoint/

Conficker Around The World

picture-11

[ http://www.worldtimezone.com/ ]

It’s now April 01 in New Zealand and in few minutes here in Australia then followed by Asia, Africa, Europe and America. This high profile internet worm will start triggering its payload which is the generation of 50,000 domain names. However, it will only choose 500 randomly to call home. 

Everyone is eyeing for what’s next.

Linux Worm “Psyb0t”

More information has surfaced about the botnet “psyb0t,” the first known to be capable of directly infecting home routers and cable/DSL modems.

It was first observed infecting a Netcomm NB5 modem/router in Australia.

Further read @ http://blogs.zdnet.com/BTL/?p=15197

Further read @ http://www.dronebl.org/blog/8

Analysis @  http://www.adam.com.au/bogaurd/PSYB0T.pdf