Thursday, December 31, 2009

Why I browse using Firefox with NoScript: Fox Sports Web Site, NY Times ads Infected

Just one more reason to do all your Internet surfing as a non-administrative user, with Firefox, and using both the NoScript add-on and the Adblock Plus add-on:

Fox Sports Web Site Infected, Injected Code Serves Exploits | CyberInsecure.com
Security researchers warn that the Fox Sports website has been compromised by unknown attackers, who injected malicious code into a custom error page. There are two separate offensive script tags, each of them created by a different infection.

The page was detected by the ThreatSeeker Network system developed and operated by Websense, a Web security vendor. Security researchers investigating the suspicious link determined that it was pointing to a custom “Page not Found” document, displayed in case of a 404 error.

Webmasters deploy such pages in order to help visitors who are looking for a Web resource that is no longer available. They include suggestions or search boxes that can be used to find the new location of the document.

The msn.foxsports.com website is operated by the Fox Sports division of the Fox Broadcasting Company and according to Alexa, it is in the top 330 websites in the world as far as traffic goes. This website is ranked at position 88 in the United States and is part of the MSN network.


New York Times Site Pop-Up Says Your Computer Is Infected as documented here at NYTimes.com:

Note to Readers
Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser. Questions and comments can be sent to webeditor@nytimes.com.


Seriously, if you're out there surfing, you really need to surf as a non-admin user to limit the damage malware can do to your computer. IE users should purchase and USE Sandboxie.

Monday, December 21, 2009

New free tool from Nirsoft to manage your Flash Cookies

New free tool from Nirsoft to manage your Flash Cookies. I use the BetterPrivacy add-on for Firefox to remove my Flash cookies and prevent cross-session tracking of what I do, and CCleaner is a good tool for manual clean-up of Flash Cookies. Adobe's tool to manage Flash Cookies is very poor compared to these tools

View the Flash cookies (Local Shared Object /.sol files) stored in your computer
FlashCookiesView is a small utility that displays the list of cookie files created by Flash component (Local Shared Object) in your Web browser. For each cookie file, the lower pane of FlashCookiesView displays the content of the file in readable format or as Hex dump.
You can also select one or more cookie files, and then copy them to the clipboard, save them to text/html/xml file or delete them.


More Flash Cookie links:

Sunday, December 20, 2009

Microsoft: How to install, reinstall, and uninstall Windows

Don't know how useful it will be to J. Random User, but Microsoft has a page out on the Third "R" of Windows, how to Reinstall Windows (The first two "R"s are "Retry" and "Reboot" -- if it doesn't work at that point, it's time to "Reinstall").  Can't tell you how many times I have installed Windows, but it's more times than I have fingers and toes ;-) [including at least once in the last 6 hours].

Install, reinstall, and uninstall Windows - Help & How-to - Microsoft Windows

Friday, December 18, 2009

Online Comics carry Adobe PDF infection ...

The final paragraph of this story has my preferred option: uninstall Adobe Reader and install Foxit Reader.  If you do that, please email me asking for my Foxit Reader Registry Hack which turns off the Foxit advertising panel and disables Javascript with two clicks.

Security Fix - Hackers exploit Adobe Reader flaw via comic strip syndicate
Hackers broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat, Security Fix has learned.

On Monday, Adobe Systems Inc. said it was investigating reports that criminals were attacking Internet users via a previously unknown security flaw in its Adobe Reader and Acrobat software. Experts warned that the flaw could be used to foist software on unsuspecting users who visit a hacked or booby-trapped Web site.

... Adobe said it does not plan to issue a software update to fix the flaw until Jan. 12, 2010.

Adobe says turning off Javascript in Adobe Reader and Acrobat should help mitigate the threat from this vulnerability (instructions on how to do that are available here).

Alternatively, Internet users may want to consider uninstalling Adobe Reader in favor of another free PDF reader program, such as Foxit Reader.

Wednesday, December 16, 2009

Adobe to leave Reader unpatched for FOUR MORE WEEKS

We have to wait for a month for this to be fixed???  I'm hoping that if enough "in-the-wild" attacks surface, we'll see a patch sooner.

Adobe PDF attack update: Patch coming Jan 12 | Zero Day | ZDNet.com
Here’s a quick update to the Adobe PDF Reader/Acrobat zero-day story that broke yesterday after the company confirmed that an unpatched vulnerabilities was being attacked in the wild.

First up, an exploit has been fitted into the Metasploit point-and-click penetration testing tool and there are predictions that exploit code will be widely available within a day or two.

More importantly, Adobe has finally provided official mitigation guidance and announced plans to ship a patch for this vulnerability on January 12th, 2010.

Update Firefox to 3.5.6

Zero Day | ZDNet.com: Mozilla patches critical, high-risk Firefox vulnerabilities
Mozilla has shipped Firefox 3.5.6 with patches for at least 11 documented security vulnerabilities.

The most serious issue could lead to remote code execution attacks, according to warning from the open-source browser software maker. In other scenarios, the bugs could cause denial-of-service or URL spoofing attacks.

Details at the Zero-Day link above, and at Mozilla's Security Advisories for Firefox 3.5 page.

Tuesday, December 15, 2009

Adobe Reader Security Advisory today - disable JavaScript NOW

Adobe today issued a security advisory for Acrobat Reader, and there are widespread reports in the trade press that this is actively being exploited today. If you haven't already disabled Javascript in Adobe Reader, do so.  Instructions are summarized below.

Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available.

.... Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK

Monday, December 14, 2009

The double-edged sword of DRM

++NG - Double-Plus-Not-Good.  Fortunately I don't know anybody who relies on Microsoft DRM to protect their documents.

Office 2003 Rights Management Bug Locks up Files | Technologizer
UPDATED: It’s a nightmare scenario: Imagine coming into the office and not being able to access any of your organization’s vital documents. That scenario became reality today for an untold number of Microsoft Office 2003 customers who use Microsoft’s Rights Management Service (RMS), a technology for controlling access to documents.

Office 2003 users receive the error, “Unexpected error occurred. Please try again later or contact your system administrator,” when they attempt to open or save protected documents. The bug affects Office 2003 products including Excel 2003, Outlook 2003, PowerPoint 2003, and Word 2003. It does not affect Office 2007 or Office 2010 Beta, according to Microsoft.

A spokesperson said that the bug was caused by a Information Rights Management (IRM) certificate expiring.

Microsoft has posted a bulletin to TechNet alerting customers to the problem, and says that it is working “as quickly as possible” to provide its customers with a solution. Further announcements will be posted to the blog.

Microsoft released a hotfix on Saturday. The Microsoft Office 2003 Service Pack 3 update is required for hotfixes to be installed.
Update Mon 14 Dec 2009 14:26:
Microsoft fixes Office 2003 document lockout bug - Network World
Microsoft has fixed a problem in Office 2003 that prevented the software from opening documents saved using its access control technology.

Thursday, December 10, 2009

In case of emergency, do nothing

Good article by security guru Bruce Schneier, who says for most users the best way to handle most disclosures of security vulnerabilities is ... do nothing.

Schneier on Security: Reacting to Security Vulnerabilities
The answer for this particular vulnerability, as for pretty much any other vulnerability you read about, is the same: do nothing. That's right, nothing. Don't panic. Don't change your behavior. Ignore the problem, and let the vendors figure it out.

...

It's much smarter to have a reasonable set of default security practices and continue doing them. This includes:



1. Install an antivirus program if you run Windows, and configure it
to update daily. It doesn't matter which one you use; they're all about
the same. ... Apple Mac and Linux users
can ignore this, as virus writers target the operating system with the
largest market share.



2. Configure your OS and network router properly. Microsoft's
operating systems come with a lot of security enabled by default; this
is good. But have someone who knows what they're doing check the
configuration of your router, too.



3. Turn on automatic software updates. This is the mechanism by
which your software patches itself in the background, without you
having to do anything. Make sure it's turned on for your computer, OS,
security software, and any applications that have the option. Yes, you
have to do it for everything, as they often have separate mechanisms.



4. Show common sense regarding the Internet. This might be the
hardest thing, and the most important. Know when an email is real, and
when you shouldn't click on the link. Know when a website is
suspicious. Know when something is amiss.



5. Perform regular backups. This is vital. If you're infected with
something, you may have to reinstall your operating system and
applications. Good backups ensure you don't lose your data – documents,
photographs, music – if that becomes necessary.



That's basically it. I could give a longer list of safe computing practices, but this short one is likely to keep you safe. After that, trust the vendors.

It's time to patch IE again

Microsoft's December Patch Tuesday was a big one, and many of the patches are rated "Critical" by Microsoft.  If you browse using Internet Explorer, PATCH NOW.   Read ISC/SANS's writeup here:
December 2009 Black Tuesday Overview: Overview of the December 2009 Microsoft patches and their status.

ZDNet has a more user-friendly write-up here:
Patch Tuesday: Microsoft plugs IE 'drive-by download' security holes | Zero Day | ZDNet.com
Microsoft
today shipped six bulletins with patches for a total of 12 documented
security vulnerabilities in a wide range of widely deployed software
products. Three of the six bulletins are rated “critical,” Microsoft’s
highest severity rating.

The most serious issues affect the
company’s Internet Explorer browser, including the newest IE 8 on
Windows 7.The Internet Explorer bulletin (MS09-072) covers five
documented vulnerabilities that affect all supported versions of the
browser (IE 5, 6, 7 and 8). As previously reported, there is public
exploit code available for one of the IE vulnerabilities.


Adobe Flash Browser Plug-ins Updated - PATCH NOW!

Lots of reports of the new Flash security patches.  Exploits are circulating, so you should patch your Flash players ASAP.

Adobe has shipped a critical Flash Player update to fix at least seven
documented security vulnerabilities that expose nearly every computer
user to dangerous hacker attacks. The Flash Player 10.0.42.34 update is available for all platforms (Windows, Linux and Mac OS X).


added December 9, 2009 at 09:03 am

Adobe
has released a security bulletin to address multiple vulnerabilities in
Adobe Flash Player 10.0.32.18 and earlier and Adobe AIR1.5.2 and
earlier. These vulnerabilities may allow an attacker to execute
arbitrary code, cause a denial-of-service condition, or obtain
sensitive information.

US-CERT encourages users and
administrators to review Adobe security bulletin APSB09-19 and update
to Adobe Flash Player 10.0.42.34 and Adobe AIR 1.5.3.