Privacy, Security Archive

In this video recorded at Black Hat USA 2010, Patrick Thomas, a vulnerability researcher at Qualys, discusses the open source web application fingerprinting engine BlindElephant he created. BlindElephant is a tool that helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded. It doesn't check for vulnerabilities or vulnerability to a particular exploit, but rather what version of applications are running on their site. For each application that the tool will support, BlindElephant consumes a number of version directories. All files and directories are processed, and a hash is computed for each file. This hash is stored in a temporary table, along with the path and version of the application it came from. Accuracy of the tool was demonstrated by a large-scale survey on Internet-visible hosts.

An emergency out-of-band update for patching the critical LNK vulnerability has been released by Microsoft. "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file," it says in the security bulletin.

Microsoft has released a free tool to bring newer security protections to older platforms and applications. The enhanced mitigation experience tookit (EMET) was announced at the BlackHat USA 2010 security conference in Las Vegas. EMET will be available from August and is designed to help block targeted attacks against unpatched vulnerabilities in platforms such as Windows XP and Windows Server 2003.

Personal details of 100m Facebook users have been harvested and published on the net by a security consultant. The list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user's profile, their name and unique ID. BBC News

Microsoft confirmed the existence of a critical vulnerability in all supported versions of Windows. The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI. An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.

The most vulnerable and exploitable operating system ever!

Microsoft has signed a deal to open its Windows 7 source code up to the Russian intelligence services. Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state. The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre 'Atlas', a government body controlled by the Ministry of Communications and Press, according to Vedomosti. . . The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti.

From BBC News: "A row has erupted after Blizzard - the publishers of the popular online game World of Warcraft - announced that users on its site forums would have to post under their real names. The firm say the move is to put an end to heated online arguments and topics started purely to cause trouble. But users reacted angrily, citing concerns about safety and privacy." The take away quote: "one Blizzard employee posted his real name on the forums, saying that there was no risk to users, and the experiment went drastically wrong. Within five minutes, users had got hold of his telephone number, home address, photographs of him and a ton of other information. The post and topic has since been removed from the Blizzard forum."

A Computerworld editorial takes note of some interesting changes Dell made to the Linux page we linked to last week. They watered down some of their pro-Linux claims, but not as far as you might think.

With Windows XP SP2 support ending in three weeks, a new report highlights the security risks that come with running an unsupported service pack.

An insecurity expert has has discovered a vulnerability in older versions of Windows which pesky attackers could exploit to take over control of your PC. Somewhat ironically, the vulnerability afflicts the Help and Support Center for Windows XP and Server 2003, which users may still - just about - be able to use to get online technical support.

The MacOSX sandbox functionality is not talked about, and there exists almost zero documentation on the subject. As Google Chrome uses it to contain it browser, so could any other app. The goal of the ironfox project is to provide the user with a secured Firefox, but still let the user browse the web without the sandbox interfering. It does this by white-listing all the actions that Firefox may do. Should the user's browser be compromised by a vulnerability in Flash or Java, the sandbox would prevent it from leaking any data or executing binaries, preventing system compromise. To break the sandbox the attacker would likely need to have a exploit for the browser and a kernel exploit that would work within the context of the sandbox. The policy is included in the package and should give the user great insights in the workings of the sandbox. It only works in 10.6 but could be backported to 10.5 without much trouble, as both have the seatbelt/sandbox kernel module.

For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.

It's that time of the year again; that time of the year where news outlets get to indulge in sensationalist headlines about how Mac OS X got hacked in twenty seconds. Yes, CanSecWest just held its Pwn2Own contest again, and they fell like drunk 16-year-olds this time (don't read too much into that one, please).