INFO IT SECURITY

Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, reverse-engineered the algorithm used by Windows 2000’s PRNG, then used that knowledge to pick apart the operating system’s encryption. Attackers could exploit a weakness in the PRNG, said Pinkas and his colleagues, to predict encryption keys that would be created in the future as well as reveal the keys that had been generated in the past.

Microsoft now acknowledged that Windows XP is also vulnerable to the complex attack that the researchers laid out in their paper, which was published earlier this month. Windows Vista, Windows Server 2003 and the not-yet-released Windows Server 2008, however, are immune to the attack strategy, the company said.

In addition, Microsoft said Windows XP Service Pack 3 (SP3), expected sometime in the first half of 2008, includes fixes that address the random number generator problem.

The messages, detected by Commtouch, claim to be from a private detective who was hired to monitor the email recipient. In order to prove their surveillance capabilities, the malware distributors have attached a “recording” of the recipient’s phone call, which is actually a malware file.

Subject lines can be, for example:
i’m monitoring you
you’re being watched
your phone is monitored
the tape of your conversation

The attachment is a password-protected, compressed (.rar) file. The password is provided in the body of the email. Attachment names are numerical variations on “call1105-10.rar.” The compressed file appears to be an mp3 sound file. However if you look closely at it, you will see that the file has many empty spaces after the mp3 “ending”, and the real file-ending appears after these spaces, and it is .scr, an executable favored by malware writers.

Researchers first discovered that existing bots controlled by Storm were seeded with new spam templates that included links to sites on GeoCities, the free web hosting service owned by Yahoo. Then Storm kicked off the new attacks.

The GeoCities sites are infected with malicious JavaScript code that redirects the user’s browser to secondary URLs hosted in Turkey. The Turkish URLs try to persuade the user to download a new codec that’s supposedly necessary to view images on the GeoCities sites. However, the bogus codec is actually an identity- and information-stealing piece of malware.

According to experts, longtime clients of the Russian Business Network (RBN), a notorious hacker- and malware-hosting network are involved in the attack.

The US-China Economic and Security Review Commission (USCC), created in 2000 by Act of Congress, says the People’s Republic is brewing cyber network attacks which could cause “disruption and chaos” with the “magnitude of a weapon of mass destruction”.

“Chinese defense planners are… undermining the US military’s technological edge through a variety of disruptive means. Among these is cyber warfare… a cyber attack could, in fact, be in the magnitude of a weapon of mass destruction… referring to the psychological effects that would be generated by the sense of disruption and chaos caused by a cyber attack…”, according the commission’s report.

The Register is rather skeptical about these statements. Its article commenting the USCC’s findings says: “China surely is trying to lift any technical information it can find in America, but it probably isn’t trying any harder than Russia (or, pound for pound, Israel and France). Or the UK, for that matter, although we Brits work more openly in the States”.

Beside Security Update 2007-008, the company also rolled out the long-anticipated (and likely last) update for Tiger, quashed 10 bugs in the Windows version of Safari and upgraded a slew of other applications.

Only an update to iPhoto, one of the Apple-branded applications bundled with Macs, is relevant to users running Leopard, the new operating system introduced three weeks ago.

Both Security Update 2007-008 and the update to Mac OS X 10.4.11 include the 41 fixes, 15 of which could be considered critical by virtue of Apple’s designating them capable of “arbitrary code execution”. The more than two dozen remaining patches fixed flaws that, among others, could crash the system or applications, or let hackers steal information or look at files on the hard drive. Many of the vulnerabilities were in the third-party components included with Apple’s operating system.

Apple has patched more than 150 vulnerabilities in the eight security updates it has issued so far during 2007.

(Source: Computerworld)

According to security researcher David Litchfield, there are nearly half a million database servers on the internet without firewall protection.

Litchfield took a look at just over one million randomly generated IP addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle’s database. The results? He found 157 SQL servers and 53 Oracle servers. The expert then relied on known estimates of the number of systems on the internet to arrive at his conclusion: “There are approximately 368,000 Microsoft SQL Servers… and about 124,000 Oracle database servers directly accessible on the internet,” he wrote in his report, due to be made public next week on Databasesecurity.com.

This is not the first time that Litchfield has conducted this type of research. Two years ago, he released his first Database Exposure Survey, estimating that there were about 350,000 Microsoft and Oracle databases exposed.

(Source: Computerworld)

The bulletins issued on November 13 in the framework of Microsoft’s monthly security update cycle were in line with the company’s advance notification. The patches are listed below. The maximum severity ratings for the vulnerabilities fixed are indicated as follows:
* - Critical,
** - Important.

*MS07-061: Vulnerability in Windows URI handling, which could allow remote code execution.
**MS07-062: Vulnerability in DNS, which could allow spoofing.

Additionally the software giant has re-released bulletin MS07-049. This update addresses a vulnerability in Virtual PC and Virtual Server and could allow elevation of privilege. This is a change to the installer code only. There is no change to the update binaries, so if a user has already successfully installed this update, there is no need to reinstall it.

The posting about the November updates in Microsoft’s security (MSRC) blog also contains information on the Macrovision patch issued earlier, and on recently reported problems related to Microsoft Windows Server Update Services (WSUS).

(Source: Microsoft)

Speaking at a European think tank debate, European Data Protection Supervisor Peter Hustinx sparred with Google head of privacy Peter Fleischer, but agreed with him that European privacy laws overall will need re-examining in five years’ time.

“I would expect that some five years down the road, we need to see some changes in the existing framework,” said Hustinx. “Where? Not in the principles, although some parts perhaps need to be revisited, my emphasis would be we need more flexible arrangements to make it work better, to make it more effective.”

Hustinx went on to say he would consider recommending the adoption of some principles from the framework published by the Asia Pacific Economic Co-operation body into European rules.

Hustinx and Fleischer agreed that the rules governing the transfer of data out of the EU needed work. They say data can only be transferred to countries with as thorough privacy protections as the EU.

(Source: The Register)

Visiting the page exposes the visitor to an exploit that installs malware unless the user is fully patched against the most recent security vulnerabilities.

Even those with patched systems can be vulnerable. The hackers have found a way to associate their malicious URL with what would normally be a non-clickable background area on the web page. The result is that clicks outside specific clickable controls get captured and interpreted as a click on the malicious URL.

(Source: InformationWeek)

As usual, the software giant published an advance notification for next week’s security update release, which will occur on Tuesday, November 13.

According to the posting, Microsoft is planning to release two security bulletins affecting Windows, both rated “critical”. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

As each month, the Microsoft Windows Malicious Software Removal Tool will also be updated.

(Source: Microsoft)