|
|
Microsoft | Mac OS X | Bogus Email Notices | Java, Winamp |
As soon as they connect to the Internet, unprotected PCs are toast. They can be hijacked immediately and grouped with other "zombie" PCs to perpetrate cybercrimes such as spamming, denial-of-service attacks, or identity theft.
This is the conclusion of independent security consultants Kevin Mitnick and Ryan Russell after two weeks of monitoring six "honeypot" computers set up to lure attackers. Operating systems tested included four varieties of Windows, Mac OSX, and Linspire.
The results of their study underscore the importance of using a firewall and keeping security patches up-to-date. See "Unprotected PCs can be hijacked in minutes" at http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
In mid-December, a dangerous flaw was uncovered in Internet Explorer (IE) that makes even the latest and most secure version of the browser (XP S2) vulnerable to forging both the URL and SSL signature padlock at the bottom of the browser screen. This allows scammers to create very realistic malicious websites that pose as legitimate sites (a practice known as "spoofing") in order to trick users into divulging sensitive personal information that can be used in ID theft. For details, see http://news.zdnet.co.uk/internet/security/0,39020375,39181466,00.htm
Extremely critical flaws in IE 6.0 reported by the Danish security watchdog Secunia remain only partially patched. Some of these vulnerabilities bypass the security in XP Service Pack 2. Details and recommended solutions are available at http://secunia.com/advisories/12889/
The Greyhats Security Group recently uncovered a flaw in IE that could allow attackers to steal cookie-based authentication credentials. See http://www.internetnews.com/security/article.php/3450131
Five months after announcing a critical hole in its built-in XP S2 firewall, Microsoft issued a fix. The patch is was released as part of Windows Update for September.See http://support.microsoft.com/kb/886185 and http://www.securityfocus.com/news/10152
This critical vulnerability could allow attackers to run malicious code on a victim's machine when an embedded image file is opened in an email or downloaded from the web. The best protection is to be absolutely sure your Microsoft systems are fully patched with respect to Microsoft Security Bulletin MS04-028 ( http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx ) It's also advisable to run the free SANS GDI system checker available at http://isc.sans.org/gdiscan.php
Researchers recently discovered a simple coding bug in ASP.NET that could have caused serious problems in verifying authentication. For details, see Mark Burnett's December 20 article, "Security Holes that Run Deep" at http://www.securityfocus.com/columnists/285
The W32/Bofra-A worm, which spreads via email, web downloads, and chat rooms, has been circulating on campus recently. The infected vector typically contains a link to a site running on port 1639 or 1650, often with subject lines reading "Hi!", "Hey! (or HEY!)", "Confirmation", or [blank subject] and message texts such as "My name is Jane, I am from Miami, FL" or "PayPal has successfully charged $175 to your credit card." For more details, see http://www.sophos.com/virusinfo/analyses/w32bofraa.html
Downloading seemingly innocuous Windows Media files over peer-to-peer (P2P) networks such as Kazaa can invite a plague of pop-ups and adware, thanks to a loophole in licensing terms for Windows Media. Some of these files are merely annoying and can slow computer performace, but some are malicious and can allow attackers to hijack your PC. To learn more, go to http://www.pcworld.com/news/article/0,aid,119016,00.asp
To search for patches for Microsoft products, go to the Microsoft Download page at http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=7
On December 2, Apple released a security update for OS X that fixes multiple
vulnerabilities. These flaws are rated "highly critical" by
security researchers at Secunia. For more details, see Secunia Advisory
SA13362
( http://secunia.com/advisories/13362/ ) and The Register's article, "Security
bugs take a bite out of Apple"
( http://www.theregister.co.uk/2004/12/07/apple_vuln/ )
To get the update, go to Apple's Service and Support Site at http://www.apple.com/support/
It's a good idea to take advantage of Mac OS X's automatic Software Update feature, which allows you to schedule regular checks for software updates. To activate this feature, go to the Apple menu and select "System Preferences." Then select "Software Update" click on "Update Software." Check the box labeled "Check for updates" and select the frequency ("Daily," "Weekly," or "Monthly") from the drop-down menu.
This vulnerability, which was publicized in late November, could allow execution of malicious code when a victim simply visits a booby-trapped web page. Users are advised to upgrade to the latest version of the Java plugin, which is available at http://java.com/en/download/ If you don't know what version (if any) of Java is installed on your system, go to http://www.java.com/en/download/help/testvm.jsp If Java is already installed, you'll see a little Java "dancing Duke" character. If you don't have Java installed on your system, you need do nothing for this vulnerability.
Exploit code for America Online's WinAmp media player is circulating on the Internet and users are still vulnerable to attack, despite the vendor's assurances that its 5.05 and 5.06 updates fixed the problem. In the absence of a viable patch, users are advised to disassociate the playlist filename extensions .cda and .m3u from WinAmp. For details on this extremely critical vulnerability, see Secunia Advisory SA 13269 at http://secunia.com/advisories/13269 and PC World's article "WinAmp Security Hole Deepens" at http://www.pcworld.idg.com.au/index.php/id;1625490509;fp;2;fpid;1
A well-known Lycos Europe screensaver that was originally designed as an anti-spam tool has been appropriated by a malicious Trojan program. The Trojan is embedded in emails that purport to be from Lycos Europe, offering the screensaver for download. The Trojan has an embedded keystroke logger which can be used to steal personal information used in identity theft schemes. For details, see http://www.ecommercetimes.com/story/security/trojan-lycos-anti-spam-38810.html and http://news.com.com/Trojan+poses+as+Lycos+Europe+screensaver/2100-7349_3-5481674.html
If you receive an email notice from "RedHat Security Team" urging you to download "patches" from a specified website, don't take the bait. These are not genuine RedHat websites and the patches are bogus. In actual fact, the patches are designed to compromise the security of your system, not improve it. Never click on or visit any website "spamvertised" by email.
We've had a number of inquiries from campus users regarding the "0fficial N0tification" they've received from "Antispam Corporation" that includes a link to various websites. This is yet another spammer, and you should not treat the message as credible. Don't click on the link or provide any information about your account.