Friday, January 30, 2009
President Obama Gets to Keep BlackBerry…
It looks like President Obama has outlasted the Secret Service and will be allowed to keep his beloved BlackBerry 8830 for "personal use" with the use of Sectera Edge for official business.
Thursday, January 15, 2009
SecurityOrb.com - Vulnerability Advisory
Buffer Overflows in DNS Resolver Library
Affected System(s)
System | Operating System |
|
| Solaris 8 ** | |
|
|
Description:
Multiple buffer overflows exist in the BIND DNS resolver library (libbind) that allows an attacker to execute arbitrary code on vulnerable systems.
Recommendation:
To correct the vulnerability upgrade to the most recent release of BIND. The Internet Software Consortium (ISC) currently maintains three branches of the BIND package: 4.x, 8.x and 9.x. You may download the most recent release of each branch of BIND in source code form from ftp://ftp.isc.org. In addition, you may obtain further information on BIND at http://www.isc.org/products/BIND/ BIND 4.x is depreciated and will not be updated further by the ISC. BIND 8.x is still supported and will be for some time due to it's wide distribution. The latest BIND 8 series information is located at http://www.isc.org/products/BIND/bind8.html The BIND 9.x distribution which was a major rewrite of the BIND architecture is the suggested upgrade path for current 4.x or 8.x servers.
To build the BIND packages:
$tar -xvzf bind-x.x.x.tar.gz
$cd bind-x.x.x
$./configure
$make
$su
#make install
If the version of BIND you are replacing was included with the UNIX distribution and not installed separately you may need to change the install directories using the --prefix option when running configure.
BIND should normally be run in a chroot: meaning that the running daemon cannot access files outside of it's predetermined directory tree. This helps minimize the damage from a exploited service by restricting it's access to the file system once compromised. The following guides give examples of setting up chrooted BIND environments.
Chroot-BIND HOWTO (covers BIND 9)
http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html
Chroot-BIND8 HOWTO:
http://www.tldp.org/HOWTO/Chroot-BIND8-HOWTO.html
To determine which version of BIND you are using, you can run the following command at your console:
# name -v
named 8.2.2-P5 Tue Mar 5 17:19:57 PDT 2002
host@ns1.yourdomain.com:/usr/sbin/named
Observation:
The DNS resolver libraries contain remotely exploitable buffer overflow vulnerabilities in the code used to handle DNS responses.
For more information:
http://www.cert.org/advisories/CA-2002-19.html
Common Vulnerabilities & Exposures (CVE) Link:
IAVA Reference Number
2003-B-0001
Tuesday, January 6, 2009
Twitter has suffered a rash of security related issues in the past weeks
Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information (http://www.webopedia.com/TERM/P/phishing.html).
These attacks lead Twitter users to a drive-by malware site. A drive-by download or malware is a program that is automatically downloaded to your computer without your consent or even your knowledge.
Then hackers used Twitter’s own support tools to gain control of 33 member accounts -- including that of President-elect Barack Obama, CNN's Rick Sanchez, and pop star Britney Spears.
As a Twitter participant, I found this to be very interesting and as always I will increase my awareness while using Twitter or any online tool.
Source:
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212700635&subSection=Attacks/breaches
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212700834&subSection=Attacks/breaches
Monday, January 5, 2009
Digital Forensics - Definitons
Digital forensics is the science of discovering and retrieving digital information from digital devices about an event in such a way to make it admissible in court to either prove culpability or innocent.
SANS Institute Security Newsletter for Computer Users
Volume 6, Number 1 January 2009
******************************
In This Issue
1. Consumer Awareness: Spyware Q&A - 2. Ten Do-It-Yourself Computer
Security Tips - 3. Scams and Hoaxes - 4. Microsoft and Apple Security
Updates
******************************
A formatted version of the OUCH newsletter can be found at
https://www.sans.org/
the same site. Send your comments to OUCH@sans.org.
******************************
1. Consumer Awareness: Spyware Q & A
Q: What is spyware?
A: Spyware is malicious software installed on your computer without
your knowledge or consent that monitors or controls your computer
use. It may be used to send you pop-up ads, redirect your computer to
websites, monitor your Internet surfing, or record your keystrokes,
which could lead to the theft of your personal information.
Q: How can I tell if my computer is infected with spyware?
A: Your computer may be infected with spyware if:
- - It slows down, malfunctions, or displays repeated error messages
- - It won't shut down or restart
- - It serves up a lot of pop-up ads, or displays them when you're not
surfing the web
- - It displays web pages or programs you didn't intend to use, or
sends emails you didn't write.
Other signs include:
- - Your browser takes you to sites other than those you type into the address box
- - Your home page changes suddenly or repeatedly
- - New and unexpected toolbars
- - New and unexpected icons in the system tray (at the lower right
corner of your screen)
- - Keys don't work (for example, the "Tab" key that might not work
when you try to move to the next field in a webform)
- - Random error messages
Q: What should I do if I think my computer is infected?
A: Stop shopping, banking, and other online activities that involve
usernames, passwords, or other sensitive information. Spyware could
be sending your personal information to identity thieves. Write down
the model and serial number of your computer, the name of any software
you've installed, and a short description of the problem. Your notes
will help you give an accurate description to the technician. At the
office, report the problem to your IT help desk, network administrator,
or information security officer. At home, if your computer is covered
by a warranty that offers technical support, contact the manufacturer,
your Internet Service Provider (Comcast, AT&T, Time Warner, Verizon,
Qwest, Earthlink, etc.), or a trusted computer consultant.
More information: http://www.onguardonline.gov/
******************************
2. Ten Do-It-Yourself Computer Security Tips
a. Treat your computer like a machine. Computers need regular
maintenance. If you ignore problems or put off fixing them, you risk
more than the smooth functioning of your system. You may be inviting
Bad Guys to steal your information or take over your system and use
it to attack other computers.
More information: http://www.microsoft.com/
http://helpdesk.
b. Use email wisely. Email is not private. Never send personal or
sensitive information by email. Never view, open, or even click on
email attachments unless you know who sent it, why they sent it,
and what's in it. Even messages forwarded to you by friends might
contain infected attachments and links that will shuttle you off to
dangerous websites.
c. Don't assume your security software is working. Familiarize yourself
with the security software installed on your computers. Do you have
a complete suite of anti-virus, anti-spyware, and a two-way software
firewall? Identify onscreen icons and messages that indicate your
security software is enabled and working. If an icon is not there, if
its color or shape has changed, or if you see a message that says your
security software isn't working, is out of date, or needs attention,
take action to correct the problem immediately.
d. Keep your software up-to-date. Many software products, including
Windows and Mac OS X, have built-in automatic updaters. Make sure these
are turned on. Some software products require manual updating. Know
which are which on your computer. Not sure? Visit the website of the
software manufacturer for tips on updating your software. Consider
installing Secunia's free Personal Software Inspector, which provides
extensive details on the software installed on your computer, and gives
you direct links to update programs that are older and potentially
not secure
More information: http://www.microsoft.com/
http://support.apple.com/kb/
http://www.download.com/
e. Regard the Internet as a bad neighborhood at 2:00 AM. In 2008 about
1.5 billion people were using the Internet worldwide, and the number of
websites approached 200,000,000. With that many apples in the barrel,
it's anybody's guess how many are rotten. The steady growth of Web
commerce attracts not only ordinary scammers, pirates, and thieves, but
also national and multi-national organized crime syndicates. Criminal
activity for financial gain is the single largest driver of massive
increases in Internet threats, and bringing Internet criminals to
justice remains a challenging task. Practice online safety. Protect
your privacy, your identity, and your money.
More information: http://www.microsoft.com/
f. Ratchet up your browser's security. Malicious hackers and
virus writers can infect your computer by taking advantage of low
security settings in your browser software and enticing you to
visit a malicious website. You can help limit your chances of being
attacked by increasing your security settings and conducting business
or entering sensitive information only on secure websites. Look for
addresses that begin with https:// and check for the yellow security
lock icon at the bottom of your browser window.
More information: http://www.microsoft.com/
http://news.cnet.com/8301-
http://www.microsoft.com/
g. Back up your data. Here is a simple, basic backup plan. Plug a
good-sized, formatted, blank thumb drive (or "USB stick") into your
computer. Double click on it and open a directory. As you work on your
latest project and it comes time to take a break, save your work,
close those crucial files, and drag copy them into the directory of
the thumb drive. The more important your project is and the closer you
get to the deadline, the more often you should pause to make a copy
of your crucial files. The more often you backup, the less you stand
you lose. After you've made a backup by whatever means, check to make
sure that the copies are complete and that they work. At the office,
check with IT about using a thumb drive. Some organizations do not
allow them.
h. Protect sensitive information, especially when you use a public
computer. It's best to avoid typing your credit card number, or
other financial or sensitive information into any public computer, but
sometimes you can't avoid it. Don't save your logon information. Don't
leave a public computer unattended with sensitive information on the
screen. Web browsers keep a record of your passwords and every page
you visit, even after you've closed them and logged out. Learn how
to erase your tracks. Watch for over-the-shoulder snoops.
More information: http://www.microsoft.com/
http://support.mozilla.com/en-
http://www.usyd.edu.au/ict/
i. Be careful with wireless networks. Secure your own wireless network
by enabling and using wireless encryption that scrambles the data
transmitted between your PC and your wireless router. Check your
WAP (wireless access point) to find out what kinds of encryption it
can provide. Out of the box, the encryption on most WAP's will be
shut off. The most effective encryption is WPA2 (Wireless Protected
Access version 2). Use a strong password for your WPA2 encryption
key. Before you connect to someone else's wireless network, make
sure it's a legitimate hotspot: Nefarious types have been known to
set up pirate WAP's with familiar names like "wayport" or "t-mobile,"
and then use them to capture passwords and other private data. Verify
that your two-way software firewall is turned on, and that filesharing
is off. Always turn your Wi-Fi networking off when you're not at
a hotspot.
More information: http://www.pcworld.com/
http://arstechnica.com/guides/
j. Know your limits, and when you reach them, get expert advice.
Not sure what the error message means? Don't know why you got that
pop-up? Puzzled because a familiar website has asked you for a password
or other sensitive information unexpectedly? Not sure whether or
not you should allow that program to access the Internet? Ask before
you do the wrong thing. Contact your network administrator, IT Help
Desk, your computer manufacturer's technical support department,
your Internet Service Provider (ISP), or a trusted computer consultant.
******************************
3. Scams and Hoaxes
- - Nigerian "419" Scam Meets the FBI
Consumers continue to be inundated by emails purportedly from
the FBI. Many of the emails currently in circulation claim to be
an "official order" from the FBI's Anti-Terrorist and Monetary
Crimes Division, from an alleged FBI unit in Nigeria, confirming
an inheritance, or containing a lottery notification millions of
dollars. Recipients are instructed to furnish personally identifiable
information (PII) and are often threatened with some type of penalty,
such as prosecution, if they fail to do so. But these emails are scams,
are not from the FBI, nor does the FBI ever send unsolicited emails
of this nature.
More information: http://www.fbi.gov/
- - Airline Ticket Scam
This email scam targets holiday travelers. Recipients get a .zip file
attached to a message about an airline ticket and an ominous mention
of a credit card balance. It appears to come from legitimate major
airlines including Delta, JetBlue, Continental, American Airlines and
Virgin America. This .zip attachment appears to contain a purchase
invoice and flight ticket. But if you open the attachment, malicious
code may be installed on your system.
More information: http://blogs.zdnet.com/
- - IRS Phishing Scam Targets US Immigrants
The Internal Revenue Service is warning taxpayers not to respond to
a mass email phishing scam, which appears to target immigrants. The
emails, purporting to come from "noreply@irs.gov," include attached
fake forms that ask unwitting taxpayers to fax in personal bank
account numbers. The e-mail may have a cover letter from a person
identifying herself as IRS public relations employee Laura Stevens,
who instructs recipients to fill out the attached W-4100B2 form. The
attached form W-4100B2 does not exist but is similar to the IRS'
W8-BEN form. The form requests such information as the person's birth
date, Social Security number, mailing address, bank account number
and signature. The IRS never contacts taxpayers by email.
More information: http://www.zimbio.com/
******************************
4. Microsoft and Apple Security Updates
Microsoft and Apple provide free security updates for their software
products. Windows: Microsoft issues patches for all Microsoft
products on the second Tuesday of each month as well as out-of-cycle
patches on any day of the month. The next scheduled release date
is January 13th. Check manually too, once every two weeks, to make
sure all of the updates have been installed. More information:
http://www.microsoft.com/
are issued frequently, and their contents may differ depending on
which processor is in your Mac (PPC or Intel).
More information: http://www.apple.com/support/
iPhones: Must be updated manually: http://docs.info.apple.com/
******************************
Copyright 2009, SANS Institute (http://www.sans.org)
Editorial Board: Bill Wyman, John York, Barbara Rietveld, Alan Reichert, Alan Paller.
Permission is hereby granted for any person to redistribute this in
whole or in part to any other persons as long as the distribution
is not being made as part of any commercial service or as part
of a promotion or marketing effort for any commercial service or
product. We request that redistributions include attribution for the
source of the material. Readers are invited to subscribe for free
at https://www.sans.org/