Home The News
The News
Microsoft plugs remote execution, spoofing holes in Windows PDF Print E-mail
Written by Geek Mad Scientist   
Tuesday, 10 March 2009 10:03

Microsoft on Tuesday issued patches for critical holes in all supported versions of Windows that could allow an attacker to take over a system by executing code remotely.

The patch for Windows 2000, XP, Vista, Server 2003, and Server 2008, plugs a vulnerability (MS09-006) that could allow a remote attacker to run code remotely if a user viewed specially crafted images created with the Enhanced MetaFile (EMF) or Windows MetaFile (WMF) display formats, according to Microsoft's advisory.

Also patched on Patch Tuesday were two holes rated "important" that affected the same systems and which could be used by an attacker to masquerade as someone else in a spoofing attack.

One of the important patches, which affects all supported versions of Windows, (MS09-007) resolves a vulnerability in the Secure Channel security package in Windows. It could allow an attacker to gain access to the certificate used by the end user for authentication. Customers are affected only when the public key component of the certificate used has been accessed by some other means, Microsoft said.

The second important patch, which affects Windows 2000, Server 2003, and Server 2008, resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows NDS server and Windows WINS (Windows Internet Name Server). The holes could allow an attacker to redirect network traffic intended for systems on the Internet to the attacker's own systems, according to the advisory.
 
New scareware sends you to fake Download.com reviews PDF Print E-mail
Written by Geek Mad Scientist   
Monday, 23 February 2009 16:31

This article appears on CNET originally by Seth Rosenblatt.

 

Last week, BleepingComputer.com reported on how to remove a new variant of an old scareware. This new nastie, known most commonly as Antivirus2010 or Anti-Virus-1, points you to spoofed versions of Download.com, ZDNet, PCMag.com and other software sites, demanding that you download their program to clean your computer. Of course, it does nothing of the sort, merely perpetuating the infection.

Antivirus2010, Anti-Virus-1, and other variants of the AntivirusXP infection have never been hosted on Download.com.

(Credit: Seth Rosenblatt/CNET Networks)

However, the manner and methods Anti-Virus-1 uses to get you there are extremely clever. The infection part of the malware does whatever it's been designed to do, so you can see that you've been infected with malware. What you don't realize at this point is that it's hacked your hosts file, too, so that when you go to a software site you don't ever make it to the site you're trying to get to.

You wind up on a skinned Web site that looks like the site you're expecting, but isn't. With the Download.com spoof, you can see that they're using our old design, which CNET abandoned last summer. Clicking on any link besides the download button will take you to the same page that the legitimate site would've taken you to. Hit the download button, though, and you get their fake malware remover, which in fact does the opposite, perpetuating the infection.

loadUniversalPlayer({playerType: 'small',lumiereQueryType: 'id',lumiereQueryValue: '50005299',useCurrentPageUrl: true,relatedVideo: false,preRollAd: true,hideLeftTab:true,wrapperFloat:'right'});

Removing the infection is tricky because of the differences between the variants. Some people have complained that they get locked out of their Task Manager, for example, but not all reports include that complaint. The fix that I cited for Antivirus XP 2008 may work, but users who have Windows XP Home Edition don't have a gpedit.msc. Home Edition users will have to edit their Registry directly.

Malwarebytes' Anti-Malware has proven to be one of the few malware killers that can effectively remove Antivirus XP 2008 and its variants, and it should work against the latest ones, too. The First Look video of Malwarebytes' Anti-Malware on the right will help you get started with the program.

Keep in mind that there is no substitute for cautious browsing. Don't install every Facebook app that comes your way, don't click on ads on unfamiliar sites or sites that are known vectors for attacks, and don't install software from anybody that's not a vouchsafed source.

I've pasted below the entire list from BleepingComputer of changes to your Hosts file for your edification. Be warned that it may change as variants are developed.

 

O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com

O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com

O1 - Hosts: 217.20.175.74 a1.review.zdnet.com

O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com

O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com

O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com

O1 - Hosts: 217.20.175.74 www.reviews.download.com

O1 - Hosts: 217.20.175.74 reviews.download.com

O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk

O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk

O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com

O1 - Hosts: 217.20.175.74 reviews.pcmag.com

O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk

O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk

O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com

O1 - Hosts: 217.20.175.74 reviews.reevoo.com

O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk

O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk

O1 - Hosts: 217.20.175.74 www.reviews.techradar.com

O1 - Hosts: 217.20.175.74 reviews.techradar.com

Sphere: Related Content
Last Updated on Monday, 23 February 2009 16:33
 
TV Broadcasters Get Ready to Cut Analog Signal PDF Print E-mail
Written by Geek Mad Scientist   
Tuesday, 17 February 2009 09:07

Associated Press

February 17, 2009 - NEW YORK - In theater superstition, a bad dress rehearsal is supposed to foretell a good opening night.

If so, the U.S. might be in good shape when it turns off the last analog TV broadcasts in June, because the lead-up to the smaller-scale turnoff Tuesday has been confusing to both viewers and TV stations.

For years, the government and industry has said Feb. 17 would be the day when analog TV signals go away, and viewers who lack cable or satellite would have to tune in to digital signals. But when funding ran out for coupons to subsidize TV converter boxes, Congress became concerned that viewers wouldn't be ready, and hurriedly passed a bill to delay the deadline to June 12.

At the same time, Congress left the door open to stations to keep the Feb. 17 date. When a third of U.S. full-power stations said they'd like to do so, the Federal Communications Commission put its foot down, placing extra conditions on some of them. Only late Friday did it become clear, or nearly so, which stations would shut down analog four days later, and which would wait for a few more months.

A patchwork of 641 stations across the country, mainly in thinly populated areas, are still turning off their analog broadcasts this week or have already done so. The most populous markets where many or all major-network stations are cutting analog include San Diego and Santa Barbara, Calif.; Providence, R.I.; La Crosse and Madison, Wis.; Rockford, Ill.; Sioux City, Iowa; Waco, Texas; Macon, Ga.; Scranton, Pa.; and Burlington, Vt.

"I think this whole delay is ridiculous," said Robert Prather, president of Gray Television Inc., an Atlanta-based company that owns 36 stations. "It's just going to cause confusion among consumers. There's no reason in the world for it that I can understand."

No one really knows how many viewers will be affected this week. Nielsen Co. said 5.8 million U.S. households, or 5.1 percent of all homes, were not ready for the analog shutdown, but it's unclear how many of them are in early-shutdown areas. Also, the National Association of Broadcasters has taken issue with Nielsen's numbers, saying they exaggerate the problem by counting households that have digital converters but haven't connected them.

"The ones who aren't going to be ready aren't going to be ready in June any more than they are now," Prather said.

Gray applied to keep the Feb. 17 date for most of its stations, but the push-back from the FCC left it with 14 that could. As a final twist, Gray over the weekend decided to turn those off on the 16th, some in the afternoon and the rest at midnight, because its lawyers interpreted the rules as saying analog should be "off the air by the 17th" rather "go off the air on the 17th."

Other stations differ in their interpretation, and plan to cut analog sometime on Tuesday.

Meanwhile, newspaper inserts from RadioShack Corp. proclaimed across the country this weekend that Feb. 17 is the day when viewers "must take action to continue receiving TV broadcasts," even though two-thirds of TV stations, and nearly all the ones in major cities, will remain on the air in analog for a few more months. A spokeswoman for the company was unavailable on Monday, a holiday.

Station owners contacted by The Associated Press are confident the large majority of viewers are prepared for the change, even if the message has been muddled on the timing.

KSFY, an ABC affiliate in Sioux Falls, S.D., also planned to shut down its analog transmitter at midnight Monday.

"If we really, deep down, thought that the market wasn't ready for it, we would have, with the others, said, `Yeah, let's wait till June,'" said Kelly Manning, the station's general manager.

Alan Miles, a former analyst at Barclays Capital who studied the analog shutdown, said the whole process has been "botched politically," starting with Congress' order that the entire country had to kill analog at once. Nearly every other country is shutting down or planning to shut down analog broadcasts area by area. Only small, cable-dominated countries like the Netherlands have eliminated analog TV all in one go, like the U.S. planned to do on Tuesday.

Then, Miles said, the coupon program was underfunded, leading to the delay, which has turned into a disorganized partial shutdown.

"There will be problems with the transition, inevitably," Miles said. "So I almost feel like it's better to just get it over with rather than postpone the pain."

One benefit of having some stations shut down analog early is that the FCC's DTV call center (1-888-CALL-FCC) will now have a better chance of handling calls from viewers wondering how to get their TV signals back. Together with industry partners has nearly 4,300 operators ready to help.

Also, the delay provides a chance for the converter box coupon program to catch up. The stimulus bill that President Barack Obama is expected to sign on Tuesday contains $650 million in additional funding. Once that's available to the National Telecommunications and Information Administration, it can clear the 4 million coupon backlog in a few weeks.

Sphere: Related Content
Last Updated on Tuesday, 17 February 2009 09:09
 
No customer data exposed in Kaspersky breach PDF Print E-mail
Written by Geek Mad Scientist   
Friday, 13 February 2009 10:58

An independent audit of a data breach at security firm Kaspersky's U.S. Web site has confirmed that no customer data was exposed, Kaspersky said on Friday.

A Romanian hacker site used a SQL injection and cross-site scripting attack to get access to a database on a Web site of the Moscow-based Kaspersky and publicized the attack on Saturday.

Kaspersky announced on Monday that it would hire database security expert David Litchfield to analyze the breach.

In the report, Litchfield concludes that an attacker based in Romania used Google to search for Web servers owned by Kaspersky running applications that may be vulnerable to a SQL injection attack, launched an attack, and attempted to gain access to customer data, but failed.

"This caused a number of other attackers from various locations to probe the site further," the report said. "None of these follow-up attackers accessed any customer data either."

The report was delivered to Kaspersky on Thursday.

The same HackersBlog site also launched subsequent SLQ injection attacks on Web sites of two other security firms, BitDefender and F-Secure.

Sphere: Related Content
Last Updated on Friday, 13 February 2009 11:00
 
User data stolen from Monster job site. PDF Print E-mail
Written by Geek Mad Scientist   
Monday, 26 January 2009 15:17

User information, including passwords, has been stolen from job site Monster, the company has announced.

 

(Credit: Monster)

Monster's database of user account information--which includes user IDs, passwords, e-mail addresses, names, phone numbers, and some demographic data--was illegally accessed and information was taken, the company said on Friday.

The information that was stolen did not include resumes or sensitive information like Social Security numbers and financial data. But someone could use the data that was breached to contact Monster users and use social engineering to trick them out of their information.

Monster is urging its users to visit the site and change their password. As a matter of policy, Monster does not send unsolicited e-mail asking users to confirm usernames and passwords or to download anything.

Job sites are a likely target during an economic downturn, security firm AppRiver said in a recent report on spam and other Internet security threats.

More information on security tips is available on the Monster security Web page.

Sphere: Related Content
Last Updated on Monday, 26 January 2009 15:19
 
More Articles...
«StartPrev123NextEnd»

Page 1 of 3
Copyright © 2010 Geek Sheet. All Rights Reserved.
  
Add to Technorati Favorites
feed image
feed image