Category: Windows 7

Ms Patch Tuesday For June 2009

Paul

Photo by Andrew Magill Photo by Andrew Magill

Microsoft has released the upcoming patch information for this Tuesday, and boy does it look like a big one. It looks like there will be 10 bulletins this time around:

  • Bulletin 1: Critical (Remote Code Execution):   Windows

  • Bulletin 2: Critical (Remote Code Execution):   Windows

  • Bulletin 3: Critical (Remote Code Execution):   Windows, Internet Explorer

  • Bulletin 4: Critical (Remote Code Execution):   Office

  • Bulletin 5: Critical (Remote Code Execution):   Office

  • Bulletin 6: Critical (Remote Code Execution):   Office

  • Bulletin 7: Important (Elevation of Privilege):        Windows

  • Bulletin 8: Important (Elevation of Privilege):        Windows

  • Bulletin 9: Important (Elevation of Privilege):        Windows

  • Bulletin 10: Moderate (Information Disclosure):    Windows

It will also include one or more updates on WSUS and Windows update, and Microsoft Windows Malicious Software Removal Tool.   This looks to be quite a big set of updates.   Each one is very serious and will probably be a big download.   If your in corporate IT you may want to get ready the [intlink id=”2883″ type=”post”]Autopatcher program [/intlink]this will help update all the important files on each system without having to have a internet Connection.

[ad]We don’t know what they will be until they have dropped from Microsoft, but we can guess that the Latest Directx vulnerability isn’t going to be one of them.  I wouldn’t be surprised if this was going to be pushed out of cycle but that is going to have to wait a see.

The Affected systems are Windows 2000 Through Windows Vista and Server 2008.   Which means if you have windows it most likely will need to be updated.   Although on a side not the Office suite from 2000 to 2008 also will be patched and that includes the Macintosh systems.

It also looks like 7 out of the 10 will require restarts, so the autopatcher will save you time.  I wouldn’t expect this to notbe exploited on Wensday because most of them are Remote Code Execution which means it is easy for a hacker to take control of your system.   These should be installed ASAP and you also should have a [intlink id=”2205″ type=”page”]Firewall and Antivirus installed[/intlink] to better protect your system.

Microsoft makes Firefox more insecure with the .NET 3.5 Framework (KB951847)!

Paul

Photo by Daniel F. Pigatto

In February, Microsoft quietly installed .NET Framework Assistant (ClickOnce) Firefox Extension. This extension is a bad idea because of what this could do.

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

[Via Annoyances.org]

As you see, this is a way to make Firefox less secure and almost like Internet Explorer.   We’ve seen the problems with all the [intlink id=”2946″ type=”post”]Malware exploits[/intlink] that people have used in the past.   If you want to uninstall it, well you can’t.   Microsoft as went out if its way to prevent users from uninstalling.    Here is what Brad Abrams talked about on his blog:

[ad]We added this support at the machine level in order to enable the feature for all users on the machine.Seems reasonable right? Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the “Uninstall” button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components.

If you went to your Addons Menu and then to your extensions tab you would see that the uninstall button is grey out. You can disable it but you can’t uninstall it. It looks like Microsoft has sent out a patch to let regular users uninstall this addon(KB963707).

I am really surprised that Microsoft did this little stunt. I would of expected more from Microsoft, but to their credit they did this for a reason to allow users who don’t use IE8 but Firefox , to be able to use the .net Framework but this plugin makes browsing just unsafe. Don’t forgot about the [intlink id=”1010″ type=”post”]MobileMe apple installed on Vista[/intlink] without your knowledge. Microsoft and Apple have both had problems but this is very disturbing.  This patch they are letting people download to fix the problem doesn’t mean much because it hasn’t been sent out to the Auto updates and requires people go download it manually.  So Microsoft believes if you don’t know, it won’t your.

Spyware : Michelle Obama’s Ta’s Ta’s Video

Paul1 Reply

I love this one, I was reading the Sans Report about Michelle Obama Ta’s Ta’s on Video.  I wanted to investigate this a little further so I went searching around.  I found some comment spam links to a site I will not talk about the links directly.  The site however had a fake video on it :

michelleobamatoplessfake

It looks like if you hit Cancel or Details it keeps trying to tell you need to install an ActiveX Object.   It also makes the user think that there is only one option to use right now.   As you can tell  it makes you think you can’t cancel or get details but I did.  I tried to cancel and it kept on popping up trying to get you to install this active X installer.   AVG detects it as:

michelleobamatoplessfake1

[ad]This proves the fact that any Anti-virus software is better than nothing at all.   I also  have talked in the past about [intlink id=”2991″ type=”post”]fake codecs and how they are used maliciously[/intlink] to spread malware to people who aren’t up to the job.   I didn’t take long to find Phrases such as “Michelle Obama Topless” or “Michelle Obama Topless Video” to find spam comments linking to sites that are hosting these types of malware.  It seemed that in order to get out of the cycle with the Malware site, I had to do a CLT-ALT-DELETE and End the process of Internet Explorer process from Task manager.  It was an infinite loop and could not be closed any other way.  upon trying to go the link again it seems to be a random redirection every time you visit that site the next time I went there, I had a scare message pop up telling me:

michelleobamatoplessfake2

As you can tell this [intlink id=”3397″ type=”post”]pops up with scareware[/intlink] instead of the video and tries to tell you have a virus and you should run a free scan from the site of their choice.   This is an old tactic and still being used but funny if you look at that message one you know it is from a “Webpage” and two there are at least one grammar error?  Can you see it?

You’re best bet is not to go clicking on links that people have left in comments.   I am so glad I have moderation turned on and I have to approve each and every post someone comments on.   This is the only way I know how to prevent from being used in the spam campaign.  Remember it is time to update your [intlink id=”2205″ type=”page”]Anti-virus and Firewall [/intlink]if you don’t already have it.  Don’t forget to visit the Forums and help discuss this problem in detail.

Free Anonymous Browsing with Opera-Tor

Paul

2588641284_603490d6d1_m Photo by Philip Chapman-Bell

Anonymous browsing is something of huge interest to the Internet users, who are very particular about their online privacy and security. There may be many reasons and situations, when you might be interested in using internet anonymously; for instance, you may be working on a public place and do not want to leave the traces or you may not like your family members or office colleagues to know what you have been doing online. Whatever be the reason, but still, it is an area, where a lot research is to be done.

 

How Anonymous Browsers Operate?

At present there are two dominant techniques used by various anonymous browsing tools. One is the use of JAP Networks, which was used hugely used earlier but later it ran into controversies after a backdoor had to be put into the product to allow interception of child pornographers on insistence of German Police.

 

The second technique is the use of Tor (The Onion Ring), which only allows anonymous browsing but also facilitates other applications like anonymous P2P, email, IM, and IRC chat. This technique is dominantly used in present day anonymous browsing tools.

 

Operator – A useful anonymous browser

 

OperaTor is small and relatively fast anonymous web browser, which combines the browsing platform of Opera, with privacy provided by Tor engines and the speed of browsing provided by Polipo.

 

You can download this 7MB application in your USB drive and carry it whenever you need to use a public computer for anonymous surfing.

 

In my testing, I was pleasantly surprised with the speed of browsing, which I was getting with this little tool. I had earlier used XBBrowser for anonymous browsing, but it was too slow, as compared to Operator. In fact, there was hardly any noticeable difference in the browsing speed as compared to my normal Opera browser. This is because of Polipo, the small caching web proxy, that comes bundled with Opera-Tor.

 

Since Operator allows only http and https protocols in anonymous mode, you should avoid Javascripts and Opera’s IRC functions running through it.

 

Some people complain that it has not yet released the source code of itself. But my view is that unless you are hard-core programmer and really need to tweak the source code, why should you worry about that. After all, trusted networks like CNet says OperaTor has been tested spyware free and Softpedia gave OperaTor its 100% Clean award. Major antivirus vendors, like GData, Kaspersky, McAfee and Microsoft, confirm that OperaTor contains no malicious software.

 

Overall, one of the best applications for anonymous browsing available today.

[This is a guest post by Silki Garg. She advises on how to eliminate spyware, online threats and malware detection, on her Internet Security Blog. A visit to her Blog is highly recommended. You’re sure to find something of interest.]

 

 

JSRedir-R/Gumblar The underlying problem!!

Paul

Some people have made comments about there website being hosted to Malware injection into there site.  I’ve been seing a Lot of talk about JSRedir-R/Gumblar found to be the biggest malware threat on the Web.  They estimate that it is 42% of infected websites to be carrying this malware threat, last week.  I have heard some think it is weak login creditals.

[ad]See the Graph from Sophos about the percentage.  I also wanted to tell people how to identify if you have the infection or not.  This is very important to check because people are letting this Malware spread and all.  

I on the other hand think the way this is spreading is a Cross Site Scripting vulnerability for these websites but there are a few websites that do keep your login cache on your system.   I would recommend if your a web site owner to have your cache deleted everytime you exit your web browser.   This should in theory help prevent Cross Site scripting and Website owners should also either buy [intlink id=”2205″ type=”page”]Anti-virus and Firewall software or install the Free version[/intlink] to better protect your website.

Just like the[intlink id=”3308″ type=”post”]Twitter Cross Site Scripting tom foolery [/intlink]this is my theory on how websites are being injected with this malware.   It is however just a theory.  I was never logged into my account on twitter through my web browser when this happened and that is what kept me from spreading it to my Twitter users.   You should also consider always logging off your web site when your done doing what you do!   Just my thoughts on the matter,  Remember only you can prevent from getting a Virus.