December 30th, 2005
The headline probably says most all… 5198 vulnerabilities tracked by US-Cert in 2005. This comes from The SecurityFix. It’s probably not every vulernability that was out in 2005, just those that US-CERT issued advisories for. The breakdown is 812 in Windows 2,328 in various Unix/Linux/Mac/BSD systems and 2,058 affecting multiple operating systems. It would be interesting to see a breakdown of core operating system vulnerabilities versus, addon software. One problem with this kind of breakdown is most linux distributions ship the addon software with the core operating system. That’s likely why it doesn’t get tracked that way.
Read the rest of this entry »
Posted in Computers, Security | No Comments »
December 30th, 2005
There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to mitigate the problem.
Read the rest of this entry »
Posted in Computers, Security, Spyware, Viruses | No Comments »
December 30th, 2005
This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What makes this one noteworthy is that it is vulnerable EVEN WITH THE regsvr32 WORKAROUND. The only other solution that’s been reported thus far is DEP (Data Execution Protection) with supported DEP hardware.
Read the rest of this entry »
Posted in Computers, Security, Spyware, Tech Support, Viruses, Windows | No Comments »
December 30th, 2005
Windows has scheduled tasks which most people are only halfway aware of. Linux has very powerful scheduling capabilities coming from it’s unix heritage. cron is the daemon that deals with scheduled tasks under most linux distributions. There are a couple ways that you can schedule cron tasks. The first is from the command line.
Read the rest of this entry »
Posted in Computers, Linux, Tech Support | 1 Comment »
December 29th, 2005
I support a few linux systems outside my own group. Those systems are not as quick to get upgraded to the latest and greatest version of Mandrake – now Mandriva as my home systems. But, I occasionally need to build rpms for them. I don’t want to have a build environment on each one and have to make sure they each have all the devel libraries installed. So what to do?
Read the rest of this entry »
Posted in Computers, Linux, Tech Support | No Comments »
December 29th, 2005
A few days back I was at grc to run a “shields up” scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi… so I revisited and gave a read to the Security Now! transcript. And then visited the Hamachi site. I’ve got to say, I’m impressed on a couple of levels with Hamachi. 1st it sounds as though they’ve done a great approach to a secure free VPN implementation. (Steve Gibson is a pretty good reference….) It’s also easy to install and use and beyond that there are linux/Windows versions of the client currently, Mac will be released after the 1.0 for Linux and Windows.
Read the rest of this entry »
Posted in Computers, Networking, Security | No Comments »
December 29th, 2005
This may be one of the most important entries in this series. An important defence against those that would try to access your network is to constantly have the “security mindset”. Ask yourself “do I need this, how could it be exploited, what are the implications of this”… When it comes to people asking you to click on a link… “do I trust the person, am I sure it’s from the person that it claims to be… how sure? is it normal behavior for this person to ask me to click on a link?” I guess what it comes down to is developing some healthy critical thinking and skepticism…
Read the rest of this entry »
Posted in Computers, Networking, Security | No Comments »
December 29th, 2005
I notice that the Sunbelt Blog has some instructions up for blocking the zero-day Windows Meta File (WMF) exploit with their newly acquired kerio firewall. (Free or full version.) Either version can use an add-on rule from bleeding-edge snort (intrusion detection signatures…) Instructions in the link above on how to implement the rule addition.
Posted in Computers, Security, Spyware, Tech Support, Viruses, Windows | 1 Comment »
December 29th, 2005
You had to know we couldn’t make it to the end of the year without another story about the Sony DRM rootkit…. I noticed last night that the sunbelt blog had mention of a proposed settlement in their legal troubles in the wake of the XCP copy protection DRM rootkit MESS. *(Mediamax is not quite forgotten either.)
Read the rest of this entry »
Posted in General Web/Tech | No Comments »
December 29th, 2005
Sorry, but to get into the guts of what I found in the wake of the WMF exploit, I did leave out another important step in the cleanup process. IF you are trying to clean up an infested machine one of the first real goals has to be disabling system restore. (start, (settings,) control panel, system, system restore, and use the checkbox on that sheet, then ok to confirm.) This was one of the first things I did after infection to start the process of cleaning up. Windows uses system restore to keep copies of vital windows files. Unfortunately they can be viral/trojaned files as well.
Posted in Computers, Security, Spyware, Tech Support, Viruses, Windows | 1 Comment »
