Join the God Side, Jesus is Coming…….

Archive for July, 2009

Social networking sites must improve security

Source: Net-Security

Sophos has called upon social networking websites such as Twitter and Facebook to do more to protect their millions of users, as new research is published examining the first six months of cybercrime in 2009.

The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are doubly exploiting social networks, using them first to identify potential victims and then to attack them, both at home and at work. In Sophos’s opinion, Web 2.0 companies are concentrating on growing their user base at the expense of properly defending their existing customers from Internet threats.

The report reveals that IT teams are worried that employees share too much personal information via social networking sites, putting their corporate infrastructure – and the sensitive data stored on it – at risk. The findings also indicate that a quarter of organizations have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.

“What’s needed is a period of introspection – for the big Web 2.0 companies to examine their systems and determine how, now that they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers,” said Graham Cluley, senior technology consultant at Sophos. “The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against.”

Stats and findings at a glance

  • 22.5 million different samples of malware – almost double the level of June 2008
  • Two thirds of businesses fear that social networking endangers corporate security
  • New web infections – one new infected webpage discovered by Sophos every 3.6 seconds (four times faster than in first half of 2008)
  • 40,000 new suspicious files examined by SophosLabs every day
  • United States hosts the most malware on the web (39.6 percent)
  • U.S. computers relay the most spam (15.7 percent)
  • 89.7 percent of all business email is spam.

The complete report is available here.


Nmap 5.00 released

Source: Net-Security

Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing.

Version 5.00 is the first major release since 4.50 in 2007, and includes about 600 changes.

Top 5 improvements in Nmap 5:

  • The new Ncat tool aims to be a Swiss Army Knife for data transfer, redirection, and debugging
  • Ndiff makes it easy to automatically scan your network daily and report on any changes (systems coming up or going down or changes to the software services they are running). The other two tools now packaged with Nmap itself are Ncat and the improved Zenmap GUI and results viewer
  • Improved Nmap performance allows Nmap to scan fewer ports by default while finding more open ports. Also added is a fixed-rate scan engine so you can bypass Nmap’s congestion control algorithms and scan at exactly the rate (packets per second) you specify
  • Nmap Network Scanning, the official Nmap guide to network discovery and security scanning, has been released. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks
  • The Nmap Scripting Engine allows users to write (and share) simple scripts to automate a wide variety of networking tasks. All existing scripts have been improved, and 32 new ones added. New scripts include a lot of MSRPC/NetBIOS attacks, queries, and vulnerability probes; open proxy detection; whois and AS number lookup queries; brute force attack scripts against the SNMP and POP3 protocols; and many more.

The future of mobile malware – digitally signed by Symbian?

Source: blogs.zdnet

Earlier this month, a mobile malware known as Transmitter.C, Sexy View, Sexy Space or SYMBOS_YXES.B, slipped through Symbian’s mobile code signing procedure, allowing it to act as a legitimate application with access to device critical functions such as access to the mobile network, and numerous other functions of the handset.

Upon notification, the Symbian Foundation quickly revoked the certificate used by the bogus Chinese company XinZhongLi TianJin Co. Ltd, however, due to the fact the revocation check is turned off by default, the effect of the revocation remains questionable.

What are the chances that future malware authors could bypass the code signing procedure again?

Researcher raids browser history for webmail login tokens

Source: TheRegister & SecureThoughts

In a disclosure that has implications for the security of e-commerce and Web 2.0 sites everywhere, a researcher has perfected a technique for stealing unique identifiers used to prevent unauthorized access to email accounts and other private resources.

Websites typically append a random sequence of characters to URLs after a user has entered a correct password. The token is designed to prevent CSRF (cross-site request forgery) attacks, which trick websites into executing unauthorized commands by exploiting the trust they have for a given user’s browser. The token is generally unique for each user, preventing an attacker from using CSRF attacks to rifle through a victim’s account simply by sending a generic URL to a website.

Now, a researcher who goes by the name Inferno has come up with a way to guess CRSF tokens using brute forcing techniques by combining it with a much older attack. As researchers have pointed out for years, it’s trivial for website owners to steal a complete copy of most people’s recent browsing history using what’s known as CSS history hacking. By checking each visitor for a long list of possible tokens belonging to highly desirable websites (think Gmail, eBay, and the like), an unscrupulous webmaster can determine a CSRF token with minimal fuss.

Some tips to protect your session from CSRF vulnerability are:

  • Client-Side Solution (for your customers/users):
  1. Use a browser plugin such as SafeHistory, which defends against visited-link-based tracking techniques.
  2. Use the private browsing mode in your browser.
  • Server-Side Solution (for developers):
  1. Make your CSRF tokens long enough (8 or more chars) to be unfeasible for a CLIENT SIDE attack. The ever-increasing processing power will make this attack feasible for longer tokens as well.
  2. Store your CSRF token as part of hidden form field, rather than putting in url.
  3. Use a different random token for every form submission and not accept any obsolete token, even for the same session.

Critical JavaScript vulnerability in Firefox 3.5

Source: MozillaSecurityBlog

A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.

The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. To do so:

  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to false.

Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure.  Once users have been received the security update containing the fix for this issue, they should restore the JIT setting to true by:

  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to true.

Alternatively, users can disable the JIT by running Firefox in Safe Mode.  Windows users can do so by selecting Mozilla Firefox (Safe Mode) from the Mozilla Firefox folder.

My recommendation is to upgrade to Firefox 3.5.1 to address this vulnerability.

Understanding Patches or Software Upgrades

Source: US-CERT

What are patches?

Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software programs. Patches are updates that fix a particular problem or vulnerability within a program. Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch.

How do you find out what patches you need to install?

When patches are available, vendors usually put them on their websites for users to download. It is important to install a patch as soon as possible to protect your computer from attackers who would take advantage of the vulnerability. Attackers may target vulnerabilities for months or even years after patches are available. Some software will automatically check for updates, and many vendors offer users the option to receive automatic notification of updates through a mailing list. If these automatic options are available, we recommend that you take advantage of them. If they are not available, check your vendors’ websites periodically for updates.

Make sure that you only download software or patches from websites that you trust. Do not trust a link in an email message—attackers have used email messages to direct users to malicious websites where users install viruses disguised as patches. Also, beware of email messages that claim that they have attached the patch to the message—these attachments are often viruses (see Using Caution with Email Attachments for more information).

Cuba Evangelical Pastor Sentenced To Six Years Imprisonment

Source: worthynews
HAVANA, CUBA (Worthy News)– There was international concern Tuesday, July 14, over the detention of a Cuban Evangelical pastor, after news emerged he has been sentenced to six years in prison on charges that include “counter-revolutionary conduct and attitudes” as part of what rights investigators called “mounting state hostility towards religious groups.”

The family home of detained Pastor Omar Gude Pérez will also  confiscated as part of the sentence, trial observers said.

State prosecutors initially attempted to charge Gude Pérez with “human trafficking”, although these accusations were dropped in March 2009 after a court in the central town of Camaguey reportedly ruled there was no evidence.

However Pastor Gude Pérez remained detained and in mid-April new charges of ‘falsification of documents and illicit economic activities” were reportedly filed. The prosecution’s petition also accused the pastor of “counter-revolutionary conduct and attitudes.”

Britain-based advocacy group Christian Solidarity Worldwide (CSW), which has been in close contact with the family, suggested that the charges are linked to the government’s concerns over his leadership role in the ‘Apostolic Reformation’, a fast growing Christian organisation;

Read full post..

Tag Cloud