View Full Version : 2006 Alerts - Q3

2006-07-10, 12:57

- http://secunia.com/advisories/20971/
Release Date: 2006-07-10
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Macromedia Flash Player 8.x
...The vulnerability has been reported in version 8.0.24. Prior versions may also be affected.
Upgrade to version 9.0* ..."
* http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Test version installed:
- http://www.macromedia.com/software/flash/about/

Get Flash Player 9
> http://www.adobe.com/products/flashplayer/

:fear: :spider:

2006-07-17, 21:44

- http://www.techweb.com/article/printableArticle.jhtml?articleID=190500163&site_section=700028
July 17, 2006
"A worm spreading through MySpace is embedding JavaScript code into users' profiles that redirects visitors to a site claiming the U.S. government was behind the 9/11 terrorist attacks, a security company warned Monday. The unnamed worm isn't malicious, said Symantec researchers, but the malformed Shockwave Flash (.swf) file containing the payload embeds JavaScript into the profile of any MySpace user who views the .swf file. "This script code would then be interpreted by any user who visited the site, allowing sensitive data to be stolen, such as a hash value required to carry out operations as a user," said Symantec. Currently, that access is being used only to spread the JavaScript code to other profiles on the popular social network site. An independent researcher has dissected the .swf file and commented on the code; his analysis is available here*..."

* http://kinematictheory.phpnet.us/

...Yet another "conspiracy theory" - this one has some "extra" added.


2006-07-18, 15:56

- http://www.benedelman.org/news/071806-1.html
July 18, 2006
"...Vonage spends huge amounts on advertising -- more than $20 million per month... Unfortunately, among this spending is widespread and substantial spyware-delivered advertising... manual and automated testing have documented Vonage ads appearing in all the major spyware programs..."

(More info at the URL above.)

Vonage Denies Spyware Charges
- http://www.networkingpipeline.com/showArticle.jhtml?articleID=190600032
July 19, 2006
"Vonage denies that it uses spyware to deliver its advertising, as charged yesterday by spyware researcher Ben Edelman. Brooke Schulz, Vonage Senior Vice President, Corporate Communications, told Networking Pipeline that Edelman's claims that Vonage uses spyware "are unfounded," and that the company polices relationships with advertising vendors, to ensure that no ads are delivered via spyware. "Vonage has investigated every case of spyware that has been brought to its attention and terminated the relationship immediately with the entities in question who we find are in fact using spyware," Schulz said. "We believe Mr. Edelman's claims that this is a significant problem with our advertising are unfounded. Vonage takes this issue seriously and is committed to having good policing policies in place to prevent our brand from being sullied by unscrupulous spyware operators"..."

"...who we find are in fact using spyware". Hmmm...


2006-07-26, 23:40

- http://www.pcworld.com/resource/printable/article/0,aid,126508,00.asp
July 25, 2006
"...Each of the sites... has been hacked by someone with the same modus operandi. The hacker has secretly inserted what is called an "iframe vulnerability" in the site's HTML code, without the site owner's knowledge. When you visit one of the hacked sites, a third party can try to install software onto your PC. Right now the hackers behind the iframe vulnerability are not distributing malicious code through any of the hacked sites. But at any time, they could flip the switch and start pumping out malware... It used to be that if you stayed away from the unsavory portions of the Web you could avoid getting hit with a drive-by download--where an attacker downloads malicious content to your PC without requiring any action from you. Today the Web bad guys have managed to penetrate nice Web neighborhoods. And some of the Web victims don't know what's hit them... A recently updated browser would most likely block malware from infecting a PC. But hackers hope that Web surfers who haven't installed the most recent Windows software patches or antivirus software will become their next victim... The trick these hackers use is to create a tiny, 1-by-1-pixel element on a Web page that links to a third-party Web site. The hacked site doesn't appear to be booby-trapped, enabling the hacker to keep a low profile. All the bad guy has to do to launch an attack is to load up the rigged site with malicious code; anyone who then visits the site is prey to a drive-by download. Cybercriminals are no longer mainly interested in defacing Web sites they break into, says Roger Thompson, chief researcher for Exploit Prevention Labs. Today they are more intent on quietly infecting PC users through vulnerabilities in Microsoft's Internet Explorer browser... One way to protect yourself from Web threats without obsessing about your PC's security deficiencies is to use programs that put extra locks on your Web browser. One excellent option comes from McAfee SiteAdvisor*... Another option comes from security firm Amust: Its 1-Defender** program attempts to lock down a browser so that when malicious code attempts to infect your PC, it hits a dead end. Other entrants include GreenBorder's GreenBorder Pro*** and Exploit Prevention Labs' SocketShield****..."

* http://www.siteadvisor.com/

** http://www.amustsoft.com/1%2Ddefender/download/

*** http://www.greenborder.com/consumer/

**** http://explabs.com/ss/trial.html


2006-07-27, 02:50

- http://isc.sans.org/diary.php?storyid=1515
Last Updated: 2006-07-26 23:37:47 UTC
"The Mozilla Foundation released new versions of Firefox, Thunderbird and SeaMonkey products. New versions fix numerous security vulnerabilities, of which some are rated critical..."

(Short overview of the vulnerabilities that have been fixed available at the URL above, or: http://www.mozilla.org/download.html )

- http://secunia.com/advisories/19873/
Release Date: 2006-07-27
Critical: Highly critical
Impact: Cross Site Scripting, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 0.x, Mozilla Firefox 1.x ...
Update to version
http://www.mozilla.com/firefox/ ..."

- http://secunia.com/advisories/21228/
Release Date: 2006-07-27
Critical: Highly critical
Impact: DoS, System access, Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Thunderbird 0.x, Mozilla Thunderbird 1.0.x, Mozilla Thunderbird 1.5.x ...
Update to version"
- http://isc.sans.org/diary.php?compare=1&storyid=1517
"Update: (2006-07-28 19:50 UTC) (Thunderbird v1.5.0.5) is now available at the main site*... and will be automatically downloaded if you choose the "check for updates" from the Help menu."
* http://www.mozilla.com/thunderbird/

- http://secunia.com/advisories/21229/
Release Date: 2006-07-27
Critical: Highly critical
Impact: Cross Site Scripting, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla SeaMonkey 1.x ...
Update to version 1.0.3.
http://www.mozilla.org/projects/seamonkey/ ..."


2006-08-03, 20:22

- http://www.mozilla.com/firefox/ for Windows, English (4.9MB)

What's New in Firefox
- http://www.mozilla.com/firefox/releases/
Firefox is a stability update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.
* Fixed an issue with playing Windows Media content
Release Date: August 2, 2006

- http://forums.mozillazine.org/viewtopic.php?t=444164
(Time stamp of post is skewed)
"...(v) has been released... Auto-upgrade should happen within the next few days..."


2006-08-03, 20:23

- http://blog.washingtonpost.com/securityfix/2006/08/intel_issues_patches_to_fix_wi.html
August 3, 2006
"...The Intel Web site with more information on these flaws includes a tool* that people can use to tell whether they need to download and install software updates to fix the problems. I would strongly advise anyone using a laptop with an embedded wireless card to pay a visit to the page and run the tool, as many, many computer manufacturers embed Intel's hardware and software into their machines..."

* http://support.intel.com/support/wireless/wlan/sb/cs-005905.htm
Intel® PRO/Wireless Network Connection ID Tool


2006-08-09, 17:38

- http://www.darkreading.com/document.asp?doc_id=100909&print=true
AUGUST 9, 2006
"ScanSafe... has released its latest Global Threat Report* on Web filtering, spyware and viruses. According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware... The majority of malware identified by ScanSafe was spyware and adware, and ranged from more benign programs that track usage to difficult-to-remove spyware that can affect a user's Web experience, for example, by redirecting the browser..."
* http://www.scansafe.net/scansafe/news/story?id=129831
"...The ScanSafe Global Threat Report is based on real-time analysis of more than five billion Web requests processed by the company in July..."

:spider: :(

2006-08-15, 02:11

- http://tinyurl.com/ec5pb
August 14, 2006
"Dell is recalling 4.1 million notebook computer batteries because they could erupt in flames, the company said today. This will be the largest safety recall in the history of the consumer electronics industry, the Consumer Product Safety Commission said. Dell, the world’s largest PC maker, said the lithium-ion batteries were made by Sony and were installed in notebooks sold between April 2004 and July 18 of this year. The recall raises broader questions about lithium-ion batteries, which are used in a host of devices like cellphones, portable power tools, camcorders, digital cameras and MP3 players. The potential for such batteries to catch fire has been acknowledged for years and has prompted more limited recalls in the past. But a number of recent fires involving notebook computers, some aboard planes, have brought renewed scrutiny. Dell has reported to the safety agency that it documented six instances since December in which notebooks overheated or caught on fire. None of the incidents caused injuries or death. Dell said the problems were a result of a manufacturing defect in batteries made by Sony... Federal regulations require that lithium-ion batteries be clearly marked with warnings when they are shipped in bulk on airplanes, and various agencies are considering more stringent regulations following a fire that was detected as a United Parcel Service cargo plane began its descent into Philadelphia in February. Though a cause of that fire, which consumed and destroyed the plane after it landed, has not been determined, lithium-ion batteries are suspected..."

> http://www.dellbatteryprogram.com/
(More info available at this site effective 01:00AM 8.15.2006)

:spider: :eek:

2006-08-21, 23:53

Update 8.27.2006 - Other Sun websites show the "latest" as 1.5.0_06 in error.
Use: >>> http://java.sun.com/javase/downloads/index.jsp
(Look for "Java Runtime Environment (JRE) 5.0 Update 8", amongst other downloads on that page)

Release notes
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_08

Test your installation:
- http://www.java.com/en/download/installed.jsp

:fear: :buried:

2006-08-24, 13:33

Problems with Intel wireless drivers
- http://isc.sans.org/diary.php?storyid=1633
Last Updated: 2006-08-24 07:10:38 UTC
"...Intel initially issued a big file (100MB) that you had to download, but at least it upgraded everything on your machine, if it needed upgrades. After rebooting in the next few days I noticed that my machine is a bit slower then it was. A look at Task manager output, or excellent Process Explorer from Sysinternals showed that a process called S24EvMON.exe is using quite a bit of CPU... Dell... released their own version of drivers... Dell's drivers have the same problem... It looks that everyone with (at least) 2915ABG/2200BG wireless cards is affected. F-secure posted this in their weblog as well* ...
The easiest way to start and stop these services (so you actually run them only when you really need them) is to create a batch file that will do this job for you (so you don't have to click manually on all 4 of them). You can use the sc start <service name> and sc stop <service name> commands to perform this for you...
..You can use the built-in Windows Wireless Zero Config service, in which case you only need to patch the driver for your wireless card, so you are not vulnerable. As the problem with CPU/memory leaks are in the management service, this is an effective workaround at least until the management service is fixed..."

Working with the Intel Wi-Fi Drivers Again
* http://www.f-secure.com/weblog/archives/archive-082006.html#00000954
August 21, 2006
"...We noticed that software (S24EvMON.exe) installed with the driver seems to be leaky. It's eating tons of file handles and tons of memory - and it continues to grow!... Intel's tech support has replied. They are aware of the issue and are currently at work on it. No official release date yet. We'll let you know."

(Screenshots available at -both- URL's above.)


- http://isc.sans.org/diary.php?storyid=1643
Last Updated: 2006-08-26 18:16:44 UTC
"Release Notes for the Intel(R) PRO/Wireless 3945ABG Network Connection update have been posted at Intel. The release notes* describe a number of bug fixes including Memory Utilization Increase issues... The download location for Intel® PROSet/Wireless Software version is here**..."

* http://downloadmirror.intel.com/df-support/11141/ENG/relnotes.htm
> "...Issues resolved in this release
o Potential Memory Utilization Increase
o Profiles Not Migrated When Upgrading from Previous Software Version
o Potential Auto-Suspend Failure when using Microsoft Windows* 2000
o Intermittent Authentication Failure with Cisco Access Point in Heavy Traffic Environment
o Intermittent Failure to Load or Save a Roaming Profile..."

** http://support.intel.com/support/wireless/wlan/sb/CS-010623.htm


2006-08-26, 13:42

- http://isc.sans.org/diary.php?storyid=1640
Last Updated: 2006-08-26 02:21:06 UTC
"...SUN says prior to version 5.0 Update 6, an application or an applet could specify the version of the JRE on which it would run. "This issue can occur in the following releases (for Solaris, Linux and Windows platforms):
Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later
Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2
Java Web Start 1.2, 1.0.2, 1.0.1, and 1.0".
* http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102557-1
Date Released: 21-Aug-2006
...versions of Java Web Start and the Java Plug-in... may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes...
...use the latest JRE releases available from Sun and remove all symbolic links of earlier versions of Java Plug-in from the browser "plugins" directory...
Note: Prior to 5.0 Update 6, an application could specify the version of the JRE on which it would run. With 5.0 Update 6 and later installed, unsigned Java Web Start applications that specify a version other than the latest installed will trigger a warning, requiring explicit user permission before the application will run. Signed Java Web Start applications are not affected..."
Download at the following link:
* http://java.sun.com/j2se/1.5.0/download.jsp

(Latest is JRE 1_5_0_08. It is "Highly Recommended" that older versions be uninstalled)


2006-08-29, 19:28
How long before SpyBot S&D is "blocked" ?

- http://www.spywareinfo.com/newsletter/archives/2006/aug29.php#mcafee
August 29, 2006

- http://forums.mcafeehelp.com/viewtopic.php?t=89522
Posted: Wed Aug 30, 2006 6:06 pm
"Here are the version numbers for the core components:
Security Center: 7.0.329
Firewall: 8.0.203
Privacy Service: 9.0.382
Spam Killer: 8.0.239
VirusScan: 11.0.213
The patch will be delivered to everyone who has the new software installed as an automatic update. You can trigger the update by right-clicking on the McAfee icon and selecting "Updates" (or by hitting the Update button in the Security Center)...

Issues addressed in the patch:
...- Several products that were previously marked as incompatible will no longer be flagged ..."

(Includes the "other" anti-spyware product in question)


2006-09-05, 13:17

- http://www.techworld.com/security/news/index.cfm?newsID=6781
04 September 2006
"Users looking for the latest and greatest video software may not just be in danger from media lawyers. Security firm Panda Software last week warned that zCodec, which claims to offer "up to 40 percent better (video) quality", is in fact an adware program that can install Trojans, rootkits and other malicious software... Panda's advisory* last week revealed that the 100KB file is in fact adware, which "downloads and runs files, changes the DNS configuration and monitors accesses to several adult websites". zCodec, formally known as Adware/ZCodec or Adware/EMediacodec, affects most versions of Windows and was first detected last week, Panda said. When run, the program alters the system's DNS configuration in order to divert traffic to DNS servers of its choice, a technique sometimes used as part of a phishing scam or to rack up clicks for advertising schemes..."

* http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=128208&sind=0


2006-09-13, 04:41

- http://isc.sans.org/diary.php?storyid=1694
Last Updated: 2006-09-13 00:00:39 UTC
"Apple released today Quicktime 7.1.3. It fixes 7 vulnerabilities, all leading to arbitrary code execution..."
- http://docs.info.apple.com/article.html?artnum=304357

QuickTime 7.1.3 for Windows 2000/XP
- http://www.apple.com/quicktime/download/win.html


2006-09-15, 02:44

Firefox download:
- http://www.mozilla.com/firefox/

Fixed in Firefox
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.7

Known issues:
- http://www.mozilla.com/firefox/releases/
"This list covers some of the known problems with Firefox Please read this before reporting any new bugs."


Thunderbird download:
- http://www.mozilla.com/thunderbird/

Fixed in Thunderbird
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird1.5.0.7

- http://secunia.com/advisories/21906/
Release Date: 2006-09-15
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 0.x, Mozilla Firefox 1.x...
Solution: Update to version
http://www.mozilla.com/firefox/ ..."

- http://secunia.com/advisories/21939/
Release Date: 2006-09-15
Critical: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Thunderbird 0.x, Mozilla Thunderbird 1.0.x, Mozilla Thunderbird 1.5.x...
Solution: Update to version
http://www.mozilla.com/thunderbird/ ..."

:spider: ;)

2006-09-26, 14:38

- http://www.symantec.com/about/news/release/article.jsp?prid=20060925_02
Sept. 25, 2006
"...Symantec’s Internet Security Threat Report notes that home users are the most targeted attack sector, accounting for 86 percent of all targeted attacks, followed by financial services businesses. Symantec has identified increased attacks aimed at client-side applications, increased use of evasive tactics to avoid detection, and that large, widespread Internet worms have given way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity... The tenth volume of the semiannual Symantec Internet Security Threat Report covers the six-month period from Jan. 1, 2006, through June 30, 2006..."


2006-10-12, 18:47

- http://www.theregister.com/2006/10/12/proxy_malware_risk/
12 October 2006
"...Finjan has published obfuscated examples* of malware found on storage and caching servers to support its claims... Finjan's point is that users visiting a cached copy of such (potentially mainstream) sites would be infected even if the main site pulled the malware. Search engines are not doing enough to flush their caches, it warns..."
- http://www.finjan.com/Pressrelease.aspx?id=1124&PressLan=293&lan=3
October 11, 2006
"...Finjan has provided the search engines and service providers with full technical details of the discovery, and is conducting a dialogue with these companies in order to assist them in resolving the issue. Some examples of malicious code found on storage and caching servers are presented here*... Another newly discovered web security threat centers on the use of Web 2.0 and AJAX ( Asynchronous JavaScript and XML) technologies for malicious activities. While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods..."
* http://www.finjan.com/Content.aspx?id=1117

:fear: :spider: