UPDATE:
This thing seems to be spreading fast, so I hear on the full disclosure mailing list. McAfee has this listed here, http://vil.nai.com/vil/content/v_148955.htm. PCmag also talks about it as well. Basically this is a worm that spreads via friends list and by spreading messages/comments on friend’s accounts. These comments have video links and when clicked upon, they “say” it requires the use of a newer version of flash. Tricky. Then makes you download a file called, codesetup.exe, then your pwned.
This site was also linked, here as providing information, but I couldn’t find it. This is however a nice site, with plenty good info, so I thought I’d post it.
Once again in the news is this use of popular Social sites for spreading malicious links that spread malware.
They are called koobface and you can read more about it at Security Focus here.
Posted in News
|
Tagged malware
|
Finally.
If you have a Macbook, check you updates and install.
Read about it at the register, here.
Although there might be issues as to whether it really fixes the problem.
Check the news here
Securityfocus
This is mostly for Business Users, but for Home Users one thing to note is, to never allow RDP access into your systems. It should be blocked by default at your router/firewall, but if not and you don’t use it, then go to your services.msc and disable it.
For Business users, make sure you are at the latest RDP client, 5.2 and enable FIPS mode on all your servers.
Here is a good article on how to implement this and why!
Also be sure to verify this setting by running a Nessus Scan with the following plugin enabled:
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
Dan Kaminsky talked about the details yesterday on his findings with this exploit. Apparently he is able to compromise a DNS server in about 5 seconds and verified that details previously released are valid. He also confirmed the metasploit exploit as valid as well.
IBM/ISS has a IPS check for this exploit called DNS_Cache_Poison. So if you have Proventia you can put this in place but you will have to tune your parameters to a threshold of around 7 or 8, as the default is 30, and metasploit implements 10, I believe.
Securabit also was given a SNORT signature, from alexkirk in the #snort irc channel. See here.
Also to hear Dan’s announcement from yesterday, meatwallet from pauldotcom forums posted the link here.
Dan Kaminsky came up with a DNS vulnerability exploiting a vulnerability to perform DNS cache poisoning. This can result in redirecting your websites you access to malicious sites possibly and thus stealing your stuff.
Anyways, you must patch your system with the latest Microsoft patches MS08-037.
You must ensure your ISP patches their DNS server. You can go here and verify if your DNS is vulnerable, http://www.doxpara.com/.
Hopefully your ISP and work sites will patch ASAP.
If not, then at home you can change your DNS to openDNS.
So if you are wondering about if you have bad stuff on you PC or you
are being spied on, here might be some clues.
- My Task Manager is no longer accessible.
Task Manager can be used to stop processes that are currently running.
Viruses dont want that happening, because it will impede their ability
to pwn your system on an ongoing basis.
- My background image has changed and now says that I have spyware on my PC.
Little scripts do that so when a popup comes up you download whatever
Antivirus from wherever to get rid of this. Thing is, those popup
links arent for AV solutions, they are just more spyware, keyloggers,
etc. I have even seen the “Desktop” Tab in the video settings be
totally disabled.
Remember to keep patches up to date, run up to date AV, Adaware, Spybot and more.
Maltego is an application that I have been playing with a bit and it is very interesting. So this is a security tool, because it is used to do reconnaissance and find out any related information on the internet.
Some things that it does relate are domain names, IP addresses, full names, email addresses, etc.
I ran it on my name and found some interesting things, that I was not fully aware of. Its more than just google searching someone’s name or email.
Also I would not suggest it be used for evil!
Posted in Security
|
Tagged Maltego
|
Some monitoring capabilities. Basically, you can view when you last logged in and from what IP addresses. This way if you are not familiar with an IP that has logged into your account, you will know you have been owned.
It also tells if multiple locations are logged into your account at the same time.
Just some handy little features.
Read up on it here.
Talking about security here. Drive by downloads, malware, phishing, etc. We want to protect ourself. We don’t want to get any viruses or bad stuff from the interwebs.
Read the story here.
I use Firefox on PC instead of IE and also on Mac instead of Safari.
Posted in News
|
Tagged browser, firefox, News
|
