|
|
Microsoft Windows | Unix | Mac OS X
Some versions of browsers other than IE may also be vulnerable
A newly discovered bug in Microsoft's Internet Explorer could allow malicious hackers to convincingly replicate ("spoof") commercial websites such as eBay, luring unsuspecting visitors to reveal sensitive personal information that could be used in identity-theft crimes. The bug was reported by Secunia, a Danish security company, on December 9.
Test your browser: Secunia has provided a web page at http://www.zapthedingbat.com/security/ex01/vun1.htm where users may test their browser to see if it is affected.
Until a patch is developed, Microsoft is recommending that users follow these basic security procedures:
http://zdnet.com/2100-1105_2-5119440.html
http://www.secunia.com/advisories/10395/
Another fast-spreading worm of "Blaster" magnitude could evade existing workarounds to exploit a buffer overflow flaw in the Windows Workstation Service, which is enabled by default in Windows 2000 and XP.
The suggested workaraounds (disabling Workstation Service and using a firewall to block specific UDP and TCP ports) are not sufficient protection, according to the latest reports by testers at Core Security Technologies. For full protection, Windows 2K/XP users need to install the patch Microsoft released in November (MS03-049: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-049.asp ).
See also the December 10 eWeek article , "Security Experts
Warn of New Way to Attack Windows," at
http://www.eweek.com/article2/0,4149,1408902,00.asp
Late last fall, Microsoft instituted a new policy of issuing monthly security updates and fixes. The first of these, issued in mid-October, cited seven security flaws in a variety of programs, five of which were deemed "critical."
Windows 2000/XP Users: Each of the critical updates for September
and October are available on the latest version of the Windows Security
CD, as well as on the public domain server security site at
http://public.uoregon.edu/software/Security/
The Security CD is available at the Microcomputer Services Help Desk (151 McKenzie Hall) and in the Documents Room (175 McKenzie Hall); this CD is free to all UO faculty, UO staff, and UO students.
The easiest way to get up-to-date is to follow these steps:
1. Check to make sure your machine is patched. You can test your computer for the MS 03-026 and MS 03-039 security flaws by using the automated checker at http://rpctest.uoregon.edu/
2. Make sure the computer is not on the network. If it has built-in wireless, try to be in a place where no wireless network exists (or turn off the wireless if the computer can do this).
3. Power-up the computer and enable the Windows built-in firewall on all interfaces.
(Start->Settings->Control Panel-> Network Connections-> Double-click on each icon, i.e., Local Area Connection -> Properties-> Advanced -> Enable ICF)
4. Restart and verify that the firewall is enabled. Allow Windows to fully boot, and log in.
5. Now attach the Ethernet cable while Windows is running, and run Windows Update from the Start Programs ->Windows Update menu.
6. You will almost certainly be forced to restart during the Windows Update process. Unplug the Ethernet cable and restart once Windows is running. Then plug the cable back in and continue with the updates.
(Note: The firewall in XP takes a few seconds to load. Simply rebooting may result in your computer becoming infected if the Ethernet cable is plugged in while starting up--even with the firewall enabled!)
Windows Messenger Test for NT/2000/XP: It's a good idea to disable Windows Messenger Service if it's not in use on your machine. Messenger is vulnerable to a buffer overflow exploit described in MS03-043_KB828035. To learn more, visit Steve Gibson's site at http://grc.com/stm/shootthemessenger.htm
Making Sense of All the Current Windows Updates: For a detailed explanation of Microsoft patches, see Microcomputer Services' information page, "Microsoft Windows Packages," at http://public.uoregon.edu/software/Security/ under "UO README.txt"
Microsoft is offering a half-million dollar reward for information leading to the capture of the authors of the two most destructive Windows exploits to date, "MSBlast" (aka Blaster, LovSan) and SoBig. For the full story, see http://www.cnn.com/2003/TECH/biztech/11/05/microsoft.bounty/index.html
In an effort to step up campus defenses against worm and virus attacks, the Computing Center Systems staff has adapted a product called the Procmail Email Sanitizer to Darkwing and Gladstone and extended existing "defanging" capabilities on Oregon. ("Defanging" refers to the practice of disarming malicious email attachments by renaming them.) The following have been added to the list of extensions that are considered suspicious: asd, asx, cil, eml, mda, mdw, nws, ocs, pl, pm, wma, wmd, wms, wmv, wmz, and wsz
For a full description of the new defanging mechanisms, see Bob Jones' deptcomp posting, "New worm-defanging mechanisms on Oregon and darkwing/gladstone" at http://darkwing.uoregon.edu/~consult/deptcomp/2003/msg01577.html More information on Procmail Email Sanitizer is available at http://www.impsec.org/email-tools/procmail-security.html
Affects all versions up to and including 0.9.6j and 0.9.7b, some platforms running 0.9.6k, and all versions of SSLeay
In late September, the National Infrastructure Security Coordination Centre (NISCC) issued an advisory concerning three specific vulnerabilities discovered in the OpenSSL Libraries. Two of these could lead to a denial-of-service attack, and the third may allow an attacker to execute malicious code.
The 0.9.6j, 0.9.7b, and SSLeay vulnerabilities are described in full in NISCC
Vulnerability Advisory 006489/OpenSSL, at
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
The 0.9.6k vulnerability is described at http://www.openssl.org/news/secadv_20031104.txt
Solution: Upgrade to OpenSSL 0.9.6l or 0.9.7c and recompile any OpenSSL applications that are statically linked to OpenSSL libraries. Version 9.7 is not affected. Download locations are available at the OpenSSL site: http://www.openssl.org/news/secadv_20031104.txt
Multiple vulnerabilities that exist in Portable OpenSSH 3.7p1 and 3.7.1p1 have been corrected in the latest release, OpenSSH 3.7.1p2. This release is available from the mirrors listed at http://www.openssh.com/portable.html All users are advised to upgrade.
Note: These bugs do not exist in OpenBSD's releases of OpenSSH.
Affects Mac OS X Server 10.3, Mac OS X 10.2, and Mac OS X Server 10.2 (all versions through at least 11/26/03). Earlier versions of Mac OS X and Mac OS X Server are also likely affected.
This vulnerability exposes affected systems to exploitation at the root access
level. For details, see
http://docs.info.apple.com/article.html?artnum=32478
and http://www.carrel.org/dhcp-vuln.html
Workarounds for System Administrators: Until the patch is released, you can work around this problem by taking the following steps:
If you do need the LDAPv3 and NetInfo options, you can disable DHCP for LDAP and NetInfo as follows:
Because of some incompatibility between Norton AntiVirus 9 and Mac OS X 10.3 (Panther), Panther users need to be aware that they must manually run LiveUpdate and any other scheduled events normally handled by Norton Scheduler. Symantec is currently working to make its latest version of Norton AntiVirus software compatible with OS X 10.3.
In mid-November, Ars Technica reported a bug in Mac OS X that could cause the unwary to lose data if they save filenames longer than 992 characters in any Cocoa application such as TextEdit.
Mac OS X does provide a warning ("A file with this name already exists. Do you wish to overwrite?"), but if users ignore it, the system overwrites the entire folder in which the file is being saved. For full details, see http://episteme.arstechnica.com/6/ubb.x?a=tpc&s=50009562&f=8300945231&m=940102
In addition to other enhancements, this release includes previous stand-alone
security updates. See
http://www.apple.com/downloads/macosx/apple/macosxupdate_10_3_2.html