Category: Microsoft

Everything about Microsoft

Electric Company fear Mongering gone wrong!!

Paul

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

[ad#cricket-right-ez]This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

One email stated that The power systems we have in place today are ran by Knobs and Switches. Mostly built int he 70’s and 80’s, these power stations are mostly ran by manual intervention. The power stations that _have_ been stood up since then, a couple of Nuclear Power stations, are federally regulated to not have any connections to anything, let alone the Internet.

Since this particular email comes from a very trusted source, I am inclinded to believe this person. Is it possible that there ARE computers in power stations that are connected to the Internet? Yes, I am quite sure there are. However, is it possible that the computer or computers (if there are any) that actually CONTROL the power are connected to the internet, I tend to not believe that.

[Via Sans Internet Storm]

I agree with what Sans is saying but I don’t think there is anything to worry about, for the fact that I think that the computers that control electricity are not hard wired to be online. This is meaning that if someone virus or worm gets on those computers there is no way these viruses or worms could talk back to command and control. This is my Theory and I don’t work from the electric but I do think this is the most plausible way they are preventing this type of attack. The First Tier, just like tech support, is for Corporate and technicians to talk to eat other over the intranet. The 2nd Tier, this is the important computers that would control Electric process. I don’t know this for sure but I think the 2nd tier would be used to isolate the computers from being accessed externally. Like I said before I don’t work for the electric company and this is all theory on how the electric has this set up!! So you can take it with a grain of salt or come up with your own ideas.

Hackers Jump onto Power Point Exploits : KB969136

Paul

In my Previous post, we talked about Microsoft [intlink id=”3280″ type=”post”]Advisory for KB969136[/intlink] and the exploit was in the wild.  It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.

[ad#cricket-right-ez]Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.

Although these are some common tactics for  attackers to use such as  nude pictures, Earth Hour, or Celebrities without Makeup,  users who don’t normally use PPT should check the files out before you load them.  You also should remember to save them to a file and [intlink id=”2205″ type=”page”]scan them with your Anti-virus software[/intlink], also it wouldn’t hurt to have a firewall software.  It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.

According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn’t become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.

This would be a good time to remind IT staff and anyone who might use Power Point that they should not open anything they aren’t expecting and even then they should verify with your IT staff that it is safe until Microsoft issues a patch for this. I expect that if this become widely used it will be released out of Cycle or even In May’s Patch Tuesday. According to Microsoft you could install Microsoft Office Isolated Conversion Environment (MOICE) but requires Office 2003 and Office 2007 systems. Find out how you can use this work around at Microsoft’s Advisory of KB969136 for further instructions.

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

Paul

Well, this had to happen sooner or later.  It looks like Powerpoint can be exploited with a Remote Code Execution.   So Microsoft today has issued an Advisory for KB969136.

In there post they say:
[ad#cricket-right-ez]

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a[intlink id=”2205″ type=”page”] free anti-virus[/intlink]. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

According to Micrsoft the Windows Live One care picks this up as Win32 Exploit so I am sure other [intlink id=”2205″ type=”page”]Anti-virus Software will do the same[/intlink].   Just for the time being you will want to scan any presentations that come your way.  I will update the blog as more information becomes available!!

Conficker Discussion Part 2 – Even more stuff to talk about

Paul

We’ve heard in the[intlink id=”3214″ type=”post”] coming days there will be an update for the Conficker.C Worm[/intlink] and Microsoft has Released even more information about it: For Instance:
[ad#cricket-right-ez]

Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)

Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)

As you can tell, this seems to be two different Variants starting to emerge.  Now let’s go a little bit more deeper shall we.  According to US-CERT(United States – Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.

My one questions is Why is the US getting ready for this Conlicker worm, are they worried that what happened to the Parliament will happen to some branch of the White House.  This seems to be an even more hype building over this worm.  Everyone will tell you the same thing, they are not sure what will happen on April 1, 2009.  I think it will be a normal day and all because with all news about the Conficker worm, the person who wrote this won’t want the light shined on them before they get there foot hold in systems.  So you will most likely not notice anything special on April Fools day due the awareness of the worm.

But don’t forget to update your [intlink id=”2205″ type=”page”]Anti-virus software[/intlink] and also might be time to add a good [intlink id=”2205″ type=”page”]free firewall to help protect yourself[/intlink] from this worm.

Windows 7 Beta Second RC to be released in May

Paul

According to Arstechnica, the Next version of Windows 7 Beta will be Released In May.

[ad#cricket-right-ez]It looks like someone flipped the switch a little early. The Windows 7 Release Candidate download page on TechNet has made a premature appearance, much like the beta download page did before the beta was released to the public. The public RC will apparently be coming in May 2009, and not in April as previously rumored. The RC testing program will be available at least through June 2009, and the actual build will expire June 1, 2010. Both 32-bit and 64-bit versions will be available in English, German, Japanese, French, and Spanish.
[Via Arstechnica]

It will be available soon to download. According to Ars this will be good until 2010, I am guessing around February or March but that is just speculation on my part.

Remember:

  • This is a Beta and when it is over you won’t be able to use the OS anymore

  • This isn’t the complete OS, Knowing Microsoft this will be limited in some way to encourage your to buy the full version down the road.  Also they want to have some features for only Commercial Release.

  • There will always be security holes when it comes to Windows 7 so don’t use it exclusively, since this is a beta.  Microsoft will not keep it up to date until it goes Commercial!

I did a podcast on this OS and if you want to hear the two discussion we talk:

  1. Mike Tech Show Listener Round Table Topic:  Symantec issue, Security, Web Hosting, Windows 7 Beta

  2. Mike Tech Show Listener Round Table Topic:  Windows 7 Beta

Both of the podcast we had a really good discussion on features and what we thought of the OS.  In the future when The next RC comes out we will want to get back together to talk about what they did different.  Please join use and let us know what questions you have.  This will better help us connect with the listeners.