Thursday, January 28, 2010
SecurityOrb.com: House of Representative's Websites get Hacked: Disses President Obama
By Kellep A. Charles, CISA, CISSP
SecurityOrb.com
SILVER SPRING, MD - Shortly after President Obama finished his State of the Union address to the American people on Wednesday January 27, 2010, hackers when into action to express their views and feelings about the President.
SecurityOrb.com stated, “The House of Representatives is investigating the hacking incident of as many as 49 websites of both Republican and Democratic representatives”. Some of the known effective sites were that of Reps. Joe Wilson (R-S.C.), Duncan Hunter (R-Calif.), Harry Mitchell (D-Ariz.), Jesse Jackson Jr. (D-Ill.), Spencer Bachus (R-Ala.), Mike Honda (D-Calif.) and Brian Baird (D-Wash.).
GovTrends the company in charge of hosting these sites have not given an official statement as of yet, and as recent as August of 2009 were involved in another incident were 18 House of Representatives had their sites hacked into.
Many of the effected websites currently have temporary pages up until the matter is resolved.
SecurityOrb.com is following this story and will update as more information is gathered.
Monday, January 25, 2010
GFi adds support for MS10-002
* GFI LANguard 9.0
* GFI LANguard Network Security Scanner 8
Article ID: KBID003753
Query keywords: Patch Detection update, Security Updates
Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.
New Security Updates Supported:
* MS10-002 - Cumulative Security Update for Internet Explorer (978207)
More Information:
MS10-002
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (978207)
Description:
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003, this update is rated Moderate.
Included Updates:
* Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB978207)
* Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows XP (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB978207)
* Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB978207)
* Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB978207)
* Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 6 for Windows XP (KB978207)
* Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista for x64-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB978207)
* Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB978207)
* Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB978207)
Link:
http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx
Note
* The above patches may not be supported on all Operating System or product languages. A list of languages supported by GFI LANguard is found at: http://kbase.gfi.com/showarticle.asp?id=KBID002517
* A list of bulletins supported by GFI LANguard can be found in the following page:
http://www.gfi.com/lannetscan/msfullreport.htm
Thursday, January 21, 2010
Microsoft fixes browser flaw used in Google breach
By JESSICA MINTZ, AP Technology Writer Jessica Mintz, Ap Technology Writer
SEATTLE – Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave China.
The updates are for all supported versions of Internet Explorer, from IE 5.01 up through the newest IE 8.
People who have their computers set to install security updates automatically will get the fix. PC users who don't automatically get updates should go to http://www.microsoft.com/security to download the patch.
Microsoft said it learned of the problems last fall and was already planning to release the fixes in February. Last week, it confirmed that the attacks described by Google Inc. took advantage of the same flaw.
Hackers can lure people to Web pages containing malicious code, then exploit the browser flaw to take over their computers. Attackers in China may have used the flaw to break into e-mail accounts of human rights activists who oppose the Chinese government's policies.
Microsoft seldom releases security patches outside its regular, once-a-month update cycle, but has been known to rush out patches for so-called "zero-day" exploits in which hackers attack a software hole before the company has a chance to find a fix. The last time Microsoft broke from its security update schedule was in July 2009.
___
On the Net:
http://www.microsoft.com/security
Security Hole in Internet Explorer Causing Major Issues
Security Hole in Internet Explorer Causing Major Issues
By
Kellep A. Charles
A security hole in Internet Explore has been exploited and led to a massive attack to Google Gmail users and dozens of companies around the world.
SecurityOrb.com is recommending against using Internet Explorer until the problem as been resolved. Using alternative web browsers such as Firefox, Opera, Apple's Safari, and/or Google's Chrome would appear to be a better choice at this time until the problem has been resolved.
Unfortunately, some Internet users may not have a choice since many organizations use custom applications that require the use of Internet Explorer to work properly. Furthermore, Microsoft Windows itself relies on Internet Explorer to receive updates.
The problem has been so wide spread that Information security regulatory authorities in Germany and France have urged users to switch to an alternative browser. SecurityOrb.com fears the security hole could allow criminals to take control of user’s computers and steal their passwords.
BBC reported on January 18, 2009 that due to a loophole in Internet Explorer a PC could become infected with a "Trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.
Friday, January 15, 2010
Gmail offers secure email with HTTPS
Changing the HTTPS setting
We've recently made the 'Always use https' setting the default behavior in Gmail (the default used to be http). Here's some background: If you sign in to Gmail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. Accordingly, we enable the 'Always use https' option in Gmail by default. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.
To disable or re-enable this feature in Gmail:
- Sign in to Gmail.
- Click Settings at the top of any Gmail page.
- Set 'Browser Connection' to 'Don't use https' or 'Always use https.'
- Click Save Changes.
- Manually change the URL to http://mail.google.com to start accessing Gmail via http.
Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). If you trust the security of your network, you can turn this feature off at any time.
If you use a public computer to check your email, it's also important to end each of your Gmail sessions by clicking Sign out at the top of any Gmail page and to close all Gmail browser windows.
Thursday, January 14, 2010
Haiti Earthquake brings More Opportunity for Hackers
Haiti Earthquake brings More Opportunity for Hackers
By Kellep A. Charles, CISA, CISSP
SecurityOrb.com
Soon after the devastating earthquake that hit Haiti, SecurityOrb.com has been monitoring the Internet channels for malicious activities and here is what we have been able to find…
There has been an increase in the purchase of Internet domain names related to the Haiti earthquake event in the form of new charities and organizations. This information has been confirm by Internet security watchdog at the SANS Internet Storm Center stating, "We are already seeing a bunch of domains being parked in relation to the Haiti disaster.”
SecurityOrb.com feels that not all the new domain names maybe be for malicious purposes since there has been a sympathetic movement to help out the Haitian people, but since Hurricane Katrina in 2005 there have been an increase in the registration of fraudulent domains with the purpose of attempting to scam and exploit the generosity of people. So we are following these events closely to see if the trend continues.
Furthermore, we have seen a rise in malicious Twitter activity in recent days in the form of tag-poisoning and tinyURL links that send users to malicious sites. We urge users to be very mindful and since avoiding tinyURLs is nearly impossible when using twitter, we suggest users install the LongURL plug-in on Firefox. It will expand the URLs giving a better insight on the suggested URL.
Hackers will be sure to also attempt to trick users into downloading malware by planting false video footage in a file or telling them they need to download a compatible plug-in supposedly needed to view new video reports of the Haitian tragedy, if previous trends hold. By doing so, the user may introduce a Trojan to their system that can be used to send Spam from the infected systems.
Lastly, hackers have continued the routine of using current event and high profile news stories to continue Search Engine Optimization (SEO) to spread malware. SEO is the process of selecting targeted keyword phrases related to a site, and ensuring that the site places well when those keyword phrases are part of a Web search. Like in the past, topics and events such as the Michael Jackson death, Tiger Woods Incident and Patrick Swayze’s dead have yielded high rewards for hackers by luring users to malware infected sites. We feel the Haiti earthquake event will not be different. SecurityOrb.com suggest you have an antivirus program installed and it has been updated to the latest protect signatures.
Below are some additional helpful hints we located on the Internet; they seem to be very helpful,
Consumers should adhere to the following guidelines:
--Do not respond to any unsolicited (spam) incoming emails, which also include requests to click links embedded within those email messages.
--Be wary of individuals presenting themselves as surviving victims or as officials asking for donations via email or social networking sites.
--Make sure to verify the legitimacy of nonprofit organizations asking for donations before following a link to a site contained in one of their emails.
--Do not click on any files or pictures claiming to be from the disaster area that are contained in these emails, as they may contain viruses or some other kind of malware.
--Do not give out your personal or financial information to anyone soliciting contributions.
--If you are going to contribute, make sure it goes to a known organization. Do not rely on others to make the donation on your behalf.
Anyone who has received an email similar to what has been described above or has been a victim of this should notify the IC3 at www.ic3.gov.
Conclusion
FBI warns of Haitian quake relief scams
Beware of Internet scams seeking donations for Haitian earthquake relief, FBI officials warn.
The agency's advice:
- Do not reply to any unsolicited emails, including clicking links contained in those messages.
- Be skeptical of anyone claiming via email or social networking sites to be surviving victims or officials asking for donations.
- Verify the legitimacy of non-profit groups by independently checking the group's existence, rather than relying on a purported link to the group's site.
- Be cautious of emails claiming to show photos of the disaster area in attached files. The files may contain computer viruses. Only open attachments sent by people or groups you know.
- Make contributions directly to known organizations, rather than relying on others to relay your donation.
- Never give your personal or financial information to anyone who solicits contributions. Providing that information opens the door to identity theft.
Monday, January 11, 2010
GFI Security Software
GFI Software provides the single best source of Web & Mail Security, Archiving & Fax, Networking & Security and Remote Monitoring & Management solutions software for small to medium sized businesses. With award-winning technology, an aggressive pricing strategy, and a strong focus on the unique requirements of small to medium sized businesses, GFI Software satisfies the needs of SMB organizations on a global scale. Founded in 1992, we have offices in US, Canada, England, Scotland, Australia, Austria, Malta, Hong Kong and Romania which support more than 200,000 installations worldwide. GFI Software is a channel-focused company with over 10,000 partners throughout the world. GFI is also a Microsoft Gold Certified Partner. For further information about GFI and its products visit the links below:
[GFI.com] [Latest News] [Products] [Download Trials] [Pricing]
MANAGED SERVICES | |
The easy, affordable solution for IT Support & Managed Services Providers | |
GFI MAX™ takes a more rounded approach to IT Support. With our system, you’ll be able to monitor your clients’ RAID arrays, remote offices, ISP connection, bandwidth usage, their website - and their server. In short, we help you monitor the key parts of their ‘whole system’ that cause the most grief – and alert you proactively so you can take better care of clients at less cost. Overview | Features | Screenshots | 30-Day FREE Trial | Pricing | |
WEB & MAIL SECURITY | |
Anti-spam Solution for Exchange/SMTP/Lotus | |
GFI MailEssentials is a server based anti-spam and anti-phishing solution for Exchange/SMTP/Lotus, which is used by over 80,000 customers worldwide. This solution uses multiple anti-spam filtering techniques to capture 99% of spam, whilst minimizing false positives. Spam is caught before reaching the mail server, eliminating the need for client software! Choose GFI MailEssentials for top performance at an unbeatable price. Overview | Features | Screenshots | Download trial | Pricing | |
Leading Email Security for Exchange/SMTP/Lotus | |
GFI MailSecurity for Exchange/SMTP is an email security solution protecting against email viruses, exploits and trojans. The 2006 FBI Computer Crime Survey shows that 65% of businesses surveyed claimed to have been affected by a virus, despite having anti-virus software installed. One virus scanning engine is not enough for email security; GFI MailSecurity addresses this fact incorporating five virus scanners in it’s arsenal of email security features. Overview | Features | Screenshots | Download trial | Pricing | |
Comprehensive Anti-virus, Anti-spam and Anti-phishing Protection | |
GFI MaiDefense Suite is an anti-virus, anti-spam and anti-phishing suite for Exchange server. It uses multiple technologies, such as Bayesian filtering to remove spam and up to five anti-virus engines to clean inbound email from viruses and malware. GFI MailDefense Suite offers the highest spam detection rate and a low rate of false positives. It is easy to deploy and ships at an unbeatable price. Looking for a holistic way to handle spam and viruses? Then GFI MailDefense Suite is the right tool for you. Overview | Features | Screenshots | Download trial | Pricing | |
Web Security, Monitoring & Access Control | |
Control your Internet users’ browsing habits and monitor downloads in real-time with GFI WebMonitor. Used by thousands of customers and available at an unbeatable price, GFI WebMonitor uses WebGrade, a web categorization database which provides URL coverage of over 205,000,000 URLs. Real-time download monitoring features protect your network from viruses, spyware, malware and phishing attacks. Overview | Features | Screenshots | Download trial | Pricing | |
ARCHIVING & FAX | |
Exchange Server Email Archiving, Management and Compliance | |
GFI MailArchiver is the No. 1 email archiving and management solution for SMBs, that is easy to install and requires minimal administrative effort. With GFI MailArchiver net admins can maintain an archive of all corporate email, reducing demands on Exchange server and dependency on PST files. All email is stored in a central location, easily accessible through Outlook, a web browser and also offline. Overview | Features | Screenshots | Download trial | Pricing | |
Network fax server for Exchange/SMTP/Lotus | |
GFI FAXmaker makes sending and receiving of faxes an efficient, simple and cheaper process and allows users to receive and send faxes directly from their email client. With tens of thousands of customers and dozens of awards, it is the leading fax server for Exchange Server, Lotus and SMTP/POP3 servers. With GFI FAXmaker less time is spent on sending, collecting and distributing faxes, saving your company noticeable costs. Faxes sent/received are also saved in digital format as an email. Overview | Features | Screenshots | Download trial | Pricing | |
Easy-to-use software for back-up and recovery | |
GFI Backup 2009 is free software that allows you to back up all your important documents, photos, music, emails and program settings using a simple but smart wizard-driven interface to nearly every storage device (including local and external disk drives, LAN, CD/DVD, removable devices, remote FTP servers, etc.). Overview | Features | Screenshots | Download trial | |
NETWORKING & SECURITY | |
Event Monitoring, Management and Archiving | |
GFI EventsManager is an event monitoring, event management and archiving solution available at an unbeatable price used by thousands of customers. It provides network-wide control and management of Windows event logs, W3C logs, Syslog events and SNMP traps generated by network resources and hardware such as firewalls, routers and sensors. GFI EventsManager monitors, reports and collects data on an extended range of hardware products. Overview | Features | Screenshots | Download trial | Pricing | |
Network Security Scanner and Vulnerability Management Tool | |
GFI LANguard is a complete vulnerability management solution, which allows you to scan, detect, assess and rectify security vulnerabilities on your network. It also provides the tools to remediate vulnerabilities and install missing patches on the network. GFI LANguard gives you a complete picture of your network set-up and helps you to maintain a secure network state faster and more effectively. A freeware version is available, for up to 5 IPs! Overview | Features | Screenshots | Download trial | Pricing | |
Network Server Monitoring Software | |
GFI Network Server Monitor checks your network and servers for failures and fixes them automatically. Alerts can be sent by email, pager or SMS, for instant problem notification. You can reboot a machine, restart a service or run a script, batch job or executable. Built-in monitoring rules include: Exchange Server, SQL server, CPU usage, etc. Available at an unbeatable price, GFI Network Server Monitor is used by thousands of customers. Overview | Features | Screenshots | Download trial | Pricing | |
Control of iPods, USB sticks and Other Endpoint Devices | |
GFI EndPointSecurity lets you control network access and use of portable storage devices such as USB drives, iPods and PDAs. It prevents users from taking confidential data or introducing viruses and trojans to your network. Available at an unbeatable price, GFI EndPointSecurity allows you to actively manage user access to media players (including iPod and Creative Zen), USB sticks, and other storage devices. Overview | Features | Screenshots | Download trial | Pricing |