Well, Sony has responded to the accusations of rootkit part deux.
From ZDNet UK:
Sony Sweden representative Fredrik Fagerstedt told local press this week that sometimes even actions undertaken with “good will” can go wrong.
Fagerstedt’s comments come the same day that antivirus firm McAfee joined the growing chorus of companies criticising Sony for compromising its customers’ security.
McAfee reported that Taiwan’s FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending software.
McAfee’s Aditya Kapoor and Seth Purdy wrote in a blog: “The authors apparently did not keep the security implications in mind” when designing the installation method.
Kapoor and Purdy catalogued the incident as one of the worst examples of “nasty rootkits that use blended techniques to hide or protect themselves”.
Read on.
Tags: Rootkit, Sony Rootkit, Rootkit Fiasco
I can’t believe some of the crap that is still floating around the web.
A series of cable modems from Shaw Cable in Calgary have been wailing away on one of home networks with MSRPC popup messages to no avail. The attack is basically a request to show a popup message dialog on on the user’s display. Although these alerts are often used for legitimate purposes, they are increasingly used to deliver SPAM, or at least they were at one point. Um, if the responsible party HAPPENS to be reading this (fat chance)…give it up.
Then again it is little more than an annoyance to me. But, the folks at Shaw Cable Calgary might want to have a look at this spam-ish attack.
Sample message:
CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED…To FIX this problem:.Open Internet Explorer and type: www…..(URL removed)
Uh sure. Lemme get right on that.
Here is a sampling of the offending IP addresses.
24.64.16.108
24.64.176.121
24.64.253.157
24.64.101.183
24.64.123.17
24.64.118.131
…and so on. There are hundreds more.
Reference:
OrgName: Shaw Communications Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 – 3rd Ave. SW
City: Calgary
StateProv: AB
PostalCode: T2P-4L4
Country: CA
ReferralServer: rwhois://rs1so.cg.shawcable.net:4321
NetRange: 24.64.0.0 – 24.71.255.255
CIDR: 24.64.0.0/13
NetName: SHAW-COMM
NetHandle: NET-24-64-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS7.NO.CG.SHAWCABLE.NET
NameServer: NS8.SO.CG.SHAWCABLE.NET
Comment:
RegDate: 1996-06-03
Updated: 2006-02-08
Tags: Spam, Spammers, MSRPC Popup Messages, Shaw Cable Calgary
Good grief. It’s the end of the summer. It’s amazing that the older I get the faster time passes. It’s like I’m heading downhill…eep.
Welcome to all of our readers from Italy this morning. Thanks for stopping in.
And now, the news…
- Storm Worm descends on Blogger.com
- Internet firms refuse to block child porn
- Monster outlines anti-fraud measures
- Bank finds clue in luggage scanner scandal
- Patch service shuts after Microsoft request
- Thieves Steal Drug-Sniffing Dog
- Information Security: 7 Data Leaks You Can’t Ignore
- Sony USB Fingerprint Readers Caught in Rootkitlike Action
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Drug Sniffing Dog, Web Security, Embezzlement, Security Risk, Storm Worm
Well, I’m pleased to announce that I have been invited to speak on a panel at the Infosec World 2008 conference hosted by MISTI. The conference will take place in Orlando from March 8-14 (including workshops) and I will be speaking on the 13th. This is something entirely new for me and I have to admit I’m really looking forward to it. I have a good seven months to get myself truly wound up. Good times.
From the MISTI site:
Sneak Preview of Topics To Be Covered!
* Safety on the Road: Endpoint Security for Laptops, PDAs, Smartphones, and Storage
* Actionable and Valuable Metrics
* Auditor’s Guide to Information Security
* NAC: Cutting through the Hype and Confusion
* Hacking Ajax and other Web 2.0 components
* Express Lane Tactics: How Attackers Bypass Security Using Social Engineering
* Cost-Effective SOX testing for IT
* Keys to Implementing an Effective Threat & Vulnerability Management Program
* How to implement DNSSEC without losing your mind
* Selling Security (to those who don’t want it)
* Deploying Secure SOA: A Case Study
* And Many More
Tags: MISTI, Infosec, Security Conference
Here is an interesting post on how you as a consultant could discover sensitive information such as “TOP SECRET” docs using Nessus for discovery.
From Tenable Network Security:
There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. Another valuable service that can be performed by a consultant is to audit where sensitive data resides in an organization and what sort of access can be gained to it. This blog entry discusses what can be accomplished with the Nessus scanner and what additional types of data analysis can be performed with the sensitive content checks available with the Nessus Direct Feed.
What is “Sensitive Data”?
In the government and military, there are in-depth standards for classifying the sensitivity of data such as “SECRET”, “TOP SECRET” and so on. This classification details who can have access to the data and what level of security assurance should be invoked to protect inadvertent disclosure.
For the rest of the world, classifying data may not be as simple. An organization may draw data classification requirements from the compliance regulations it is under. A public and private company both governed by PCI will likely treat their customer credit card data the same way. However, the public company may consider emails about projected revenues, mergers and such, much more seriously than a private company due to SOX requirements. Other companies may have unique requirements to protect the secret beverage drink recipe, plans for the new stealth bomber or conceal the latest marketing campaign.
As a consultant, asking the customer what their data controls and concerns are is a very good place to start.
For the full article read on.
Article Link
Tags: Sensitive Information, Data Discovery, Electronic Discovery
For those Mac users out there Apple recently (Aug. 1) posted an updated version of the Remote Desktop Connection client. For those of you who might not be familiar with this tool, it allows you to remotely manage a windows system. The latest version from Microsoft has support for Vista. The previous version was a bit of a roaring pile of crap. The new one has smooth rendering and does not arbitrarily drop connections without warning as I found with the earlier version.
About Remote Desktop Connection Client
Allows you to connect to a Windows-based computer and work with programs and files on that computer from your Macintosh computer. To connect to a Windows-based computer, you need network access and permissions to connect to the computer, and the computer must be running Terminal Services or Remote Desktop Services. The following Windows products support Remote Desktop connections:- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Ultimate
- Windows XP Professional
- Windows Server 2003
Tags: Remote Desktop, RDP, Remote Desktop connection, RDP for Mac
From Stuff.co.nz:
Walk into any large office, and you will most likely hear the telltale computer bleeps of chat programmes and online games, accompanied by furious mouse-clicking. Employees may seem busy, but many are wasting time on the Internet, or “cyberslacking”.
Studies worldwide suggest employees spend about a fifth of their work shifts engaging in personal activities. Their favourite time waster? The Internet.
Patricia Wallace, author of the 2004 book “The Internet in the Workplace: How New Technology Is Transforming Work”, said employees have always found ways to avoid working too hard.
“The issue is now you have something that seems to be genuinely irresistible because it’s such a gateway to the whole planet that’s right there on your desk and easily concealed to people passing by,” said Wallace, a professor at Johns Hopkins University in Baltimore.
Employees who cyberslack have been shown to spend most of their time emailing, and almost a third of their messages were not related to work, said James Philips, a psychology professor at Australia’s Monash University.
Tags: Time Wasters, Slackers, Goofing Off
You can tell the long weekend is coming up here in North America (insert sarcasm). Secunia has released a raft of vulnerability advisories. Here are some of the highlights.
- Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow (Highly Critical)
- Cisco CallManager / CUCM Cross-Site Scripting and SQL Injection (Moderately Critical)
- Oracle JInitiator “beans.ocx” ActiveX Control Buffer Overflow Vulnerabilities (Highly Critical)
- BEA JRockit Multiple Vulnerabilities (Highly Critical)
- BEA WebLogic Multiple Vulnerabilities and Security Issues (Moderately Critical)
- Micro CMS “id” SQL Injection (Moderately Critical) (exploit)
Tags: Vulnerabilities, Exploits
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.
Good morning all. Judging by the first article (below) it will be a good year for those of us in the security profession. That increase is apparently to be as much as 20% for some. It will be interesting to see if this actually pans out.
And now, the news…
- Businesses Worldwide Plan to Increase Spending on Network Security Next Year
- An easier way to create payload modules in 3.0 (Metasploit that is)
- EU security organisation asks ‘How Safe is Social Networking?’
- Experts raise alarm on Sony software
- New attacks leave online transactions vulnerable even after sign-on authentication
- Security Risk Profiling
- Symantec CEO Sees Future in SAAS
- Call to regulate the net rejected
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, EU Security, Web Security, Symantec, Security Risk, Metasploit, Security Budgets
