Archive for the ‘Security’ Category

IE8 just launched and immediately hacked

Friday, April 10th, 2009

The final code for the Internet Explorer 8 by Microsoft was introduced recently. This was hacked by a researcher from Germany in the PWN2OWN contest eventually winning $5000 and a Sony VIAO laptop. Nils is a student of computer science from Germany. He ruined into Sony in just a few minutes by taking benefit of an undisclosed weakness in the new Internet Explorer 8. Tipping point was the sponsor of this hacking contest. The laptop used by the researcher was running on the Microsoft internal build for the Windows 7. IE8 is the final version of Microsoft which can be used for Windows Vista, XP, as well as Server 2003 and 2008. It has been tagged as the final edition to their Windows 7. The version has not yet been unconfined to the public.
Microsoft conducted the hacking contest to find out the bug and deal with it. This has helped them to build a more secure and safe Internet Explorer which is hacker free. There are situations when some vulnerability arises during the product development which will obstruct the release of the product. Microsoft wanted to evaluate any vulnerability which existed in the new Internet Explorer 8. Tipping point has bought these vulnerabilities and its rights and has awarded a cash prize to the hacker who cracked IE8. This helps in knowing about the low points of the browser and makes the necessary changes. Microsoft was brought down to ground zero by the hacker who hacked through the product even before its release. Microsoft just watched how a researcher from Germany hacked through their system and went away winning a cash prize and a laptop. Nils only took five minutes to hack through the all new IE8. Tipping Point has handed over all the codes and details to the operation manager Mike Reavey of Microsoft Security Research Center. Reavey was at CanSecWest where the security conference of PWN2OWN was being held.
The code was taken back to the company and it has been filed as a bug. It is said to be a real winner story for Tipping Point as well as Microsoft who had the chance to interact with Nils and know more about the problem. The bug has been reproduced in the labs of Microsoft and they are working to make IE8 more foolproof. The vulnerability has not yet been confirmed by Microsoft. After the vulnerability will be confirmed, Microsoft has claimed to take necessary action to protect all its customers. It is said that the build which was used in the contest is not original RTW build that was released. Nils after successfully hacking the IE8 has moved to the Safari browser by Apple Inc and the Mozilla Firefox. He has successfully attacked both these codes which he created earlier. Nils gathered total prize money of $15,000 by hacking some of the popular internet browsers. The contest opened up new avenues for Microsoft, Mozilla and Apple to make their internet browsers foolproof.

HyerSpace with ThinkFree Office

Friday, April 10th, 2009

Phoenix Technologies has already announced that their ThinkFree Office, which is a Microsoft Office-like productivity suit is made available through their fast-boot HyperSpace source. The HyperSpace is basically a ‘Lite’ operating system based on Linux which laptop users can easily boot within a few seconds, compared to the several minutes often required to load windows. Therefore by imitating the instant start experience in smartphones the HyperSpace has moved around one of the long awaiting complaints of Windows regarding its slow boot time which is also implicitly acknowledged by Microsoft.

According to Milpitas the Calif-based Phoenix, the HyperSpace would not just save user’s boot time but would also need less energy to operate compared to windows, thereby extending its battery life. Guarav Banga the CTO said that, with the HyperSpace the users will have the ability to access cut down versions of different applications including a video player with large variety of codec’s, Firefox web browser, a notepad, calculator and even some games. Banga claims that although Windows laptops can wake up from hibernate modes or from sleep quickly they are unreliable. He said, there are a lot of people in offices who go for meetings leaving their laptop lids open as in case it might take too long for the laptop to wake up and find the Wi-Fi.

Banga further said that apart from adding the new ThinkFree which is a latest update to HyperSpace it would also boast its resolution and color capabilities. Additionally the company is also working on to add instant messaging and email software. Phoenix also competes with another similar instant on Linux platform called the Splashtop. The Splashtop also fully competes with products like the $150 device offered by Lenovo Group and Research in Motion which automatically forwards mails from the Blackberries of users to even turned off ThinkPads.

Until now the footing for HyperSpace is still limited as only 2 major manufacturers the NCE Corp of Japan and Asustek Computers Inc in Taiwan have announced their plans to install the Hyperspace on their laptop and netbook PCs. Guarav Banga has promised that the company would announce some more details about the HyperSpace in a few weeks.

Apart from this Phoenix also offers HyperSpace directly to their customers in 2 different flavors which is a hybrid version through which the users can instantly flip front and back between Windows and HyperSpace which costs around $59.95 a year and the Dual Version which costs around $39.95 a year and it need the user to exit HyperSpace to move into Windows. The users can even take both the versions for 21 day trial. However although it is not disclosed about the number of HyperSpace customers, Banga says that there are plenty of trail downloads available. With regards to security concerns, the company controls the applications which can be installed to HyperSpace. Banga said that adding more applications is obviously their goal and so they are opening up the environment so that their users can eventually choose the software to install.

Apple post new round of updates

Friday, February 27th, 2009

Although maintaining Java and its updates is the work of the professionals at Sun Microsystems, Apple has decided to release their own sun for their Apple product’s platform. You might be well aware about the numerous vulnerabilities that are recently found in the Java Plug-in and Java Web Start application and so Apple has rolled our their two first and separate updates for all their Mac Leopard and OS X Tiger users. These two updates as recommended by the US Computer Emergency Response Team are free to be downloaded which can be installed right away.

The support team of Apple has revealed that the Update 3 for Java Mac OS X 10.5 would update Java Web Start and also all the Java Applet components in order to address compatibility and security issues. Additionally Apple has also added that these update releases would support all the PowerPC and Intel based Mac systems but it requires that the Java for Mac OS X 10.5 update 2 has already been installed. However Apple says that as for java Updates for Mac OS X 10.4 release 8 that this new software would offer several improvements to the compatibility and security of all the Java on Mac OS X 10.4 and the later ones.

Therefore as it does for all the security updates, the company has also linked them to a knowledge base document that reveals what exactly was going wrong or what might go wrong while also explaining why these updates are necessary. This means that the release 8, Java for Mac OS X 10.4 would be available for Release 7, Mac OS X Server v.10.4.11 system with Java for Mac OS X 10.4 and Release 7, Mac OS X system v10.4.11 with Java for Mac OS X 10.4. These updates would address all the numerous vulnerabilities in Java Plug-in and Java Web Start application.

According to Apple, these numerous vulnerabilities already exist in most Java Plug-ins and Java Web Start applications which is found to be the most serious issue which might allow untrusted java Applets and untrusted Java Web Start applications to obtain prominent privileges. The company also said that visiting web pages that contain a spitefully crafted Java applet might lead to uninformed code execution with all the privileges of the present user. Therefore this update would provide patches or solutions for all the Java Bud IDs 6767668, 6727081, 6707535 and 6694892 from Sun Microsystems.

The same thing also applies to Java for Mac OS X 10.4 update 3. The Mac Leopard and Mac Tiger system users can both download the new releases software which can be found on their official website. At the same time the Mac system users and also download and install the software update mechanism which is also offered at Apple’s official website. The users don’t have to do much as the updates would be automatically installed as you download them thereby not just keeping your Mac system away from all the vulnerabilities in the Java application but also improving your compatibility and security issues.

Apple issued massive security update for Max OS X

Monday, February 23rd, 2009

Apple Inc have recently issued several updates for Java and Mac OS X which patches nearly 55 bugs and also an update for their Safari web browser which prompted a security researcher to harm the company for a feeble approach to the security issues. They are the most updates to be released by Apple in almost a year.

The first update from Apple for the year patches around 48 security vulnerabilities in the operating system of the company and its components, while 4 in the implementation of Sun Microsystems’s Java in Apple, including 2 updates for non-security flaws they admitted which they had introduced with faulty codes in Mac OS X 10.5.6 and also one patch it said for the protective security measures. Being 32 altogether, the majority of bugs were found in software adopting open source components and not originally designed by Apple like in the case of foursome of Java flaws.

However Brian Mastenbrook, who is one of the 3 researchers Apple had qualified with the reporting of Safari bug, said that Apple Inc. actually had information about these flaws several months ago and as months passed away without a fix he decided to post a warning according to his judgment that this problem could be oppressed at any time until it is kept unfixed. He had said this in his blog entry that after Apple had delivered their updates. He had posted some information regarding this bug and also a workaround to provisionally disable the RSS feed service in the browser.

This RSS vulnerability feature that is present in both the browsers of Windows and Mac versions, they could be used to attach code from a malicious website. Mastenbrook said that the criminals just have to trick users to visit these sites. Attacks based on alluring users to unfavorable websites are commonplace on the net, although a huge majority of them are aimed to Windows uses. According to him these factors should have specified to Apple that these vulnerabilities carried high risk. It had taken several months for Apple to patch a latest vulnerability in Safari, although several opportunities for them to be addressed in updates which are already scheduled.

Therefore, Apple has addressed the Safari issue in both the security update for windows uses and security update 2009-001 for Mac OS X which knocks up the browser to 3.2.2 version. As the recent data places overall browser use share of Safari at 8.3 percent, the Windows addition accounted for around 0.3 percent with about a quarter of the share of Chrome of Google Inc. the company had last patched Safari in November 2008 by twice updating the browser in less than a week. Additionally some other parts which Apple patched of Mac OS X ranged from the Pixlet codec that includes a bug which would be activated by the malformed movie file and also the folder manager to the printing module with several updates for the Remote Apple Events application that could be subjugated to seal important information.

Pirated Adobe software speads new Mac Trojan

Wednesday, February 18th, 2009

All the Mac users are probably in trouble as Apple has again been the target to the Mac specific Trojan that is launched on Mac OS X through pirated editions of Adobe Photoshop CS4. Intego, the Mac security company had issued a security advisory, which warned Mac users of this Trojan variant as it is estimated to have already infected nearly 5,000 Mac users.This Trojan is a simple variant of iService Trojan malware which reached several Mac users through pirated editions of productivity suite iWorks of Apple. However similar to the previous edition of the malware this new Mac Trojan is also found to spread through file sharing websites like BitTorrent trackers and other website that include link to different pirated software.

Recently discovered Mac Trojan variant called OSX.Trojan.iServices.B was actually fond in the crack application package with different copies of Adobe Photoshop CS4 for the Mac users. Although the real Adobe Photoshop installer is a bug free software the Trojan, according to Intego, actually embeds itself into the crack application which includes the serial codes of the program. After the user has downloaded the pirated Photoshop, the crack application of the program removes an executable from the program’s data and then installs a backdoor in the file directory which does not get deleted even after rebooting the computer. If the crack application is run again then the Trojan can create another executable file but with a different name which makes the Malware more difficult to be traced and removed safely.

The crack application requests for an administrative password which it uses to launch the backdoor with its root privileges. The crack application would then open a disk image that is hidden in its resources folder called as .data and it then proceeds in cracking the Photoshop program letting it to be used as the means to spread the malware.

This malware then connects to some remote server through the web which alerts several attackers after the virus has been installed. After being downloaded this information stealing virus enables all the hackers to remotely have control over your machine where they can steal sensitive or even financial information or can have entire access over your computer. According to David Perry the directory of Global Education of Trend Micro the Security Company if this Trojan has been in your computer for a long time and is gathering your information fro long then it can even be a part of huge business plan. He further said that the Mac Trojan is not is not just a virus per se, which means it is not passed on from one user to another but is rather installed through illegal copies of the Photoshop application. As the Mac software is often more expensive compared to PC software it would be the reason for potential rise of this factor in the Mac applications. The Mac Security company Intego has warned that it is recommended that users should not download available cracking software from websites which distribute pirated software as it can cause malware problems.

New anti-virus technology from Sunbelt

Wednesday, February 18th, 2009

A new antivirus technology has been recently released in UK after the U.S by the Vipre Enterprise of Sunbelt Company. This anti malware client software is just another program that is showed off for attention through the admin friendly claims which can protect the computers from malware without any slaughtering process. The company has also made known the fact that the anti malware engine was written at the center of Vipre from scratch and have not purchase it from any larger AV vendor as most of the independent security rivals of Sunbelt do.

Alex Eckelberry the CEO has revealed that from mid February Vipre will be automatically updated to use the new heuristic program to spot malware as they simply run a suspect program in the virtual machine on the host computer. MX-Virtualization or MX-V, as it is called in company jargon, Vipre successfully creates an emulated Windows OS computer system in a surprising area of the memory where in it copies API functions like the Windows registry and the communication interfaces and file system to find out what the file is currently doing. This lines with the different conservative pattern based techniques that try to find out malware through their unique procedures.

Even though this technology is not new most of the people have got it to use without creating a different in performance. Emulating Window and running virtual machines has also been seen as the process for sluggish computers. The company Sunbelt however considers it has upped the slightly mixed that is possible with emulations by several times over what was before possible, which for the first time makes it practical possibility.

According to EcKelberry in his recent blog that, Dynamic Translation is the technology used by Vipre which basically recompiles large parts of the program, on the go, in order to boast performance to nearly 400 MIPS. He further added that it was the use of Dynamic Translations which makes the MX-V layer which is adjunct to it and the built in emulation of Vipre capable of quickly analyzing the system for the presence of any malware. The blog further mentions that the rapidly developing complexity of malware makes standard detection methods increasingly outdated and so there are new strains or malware use some highly complicated obfuscation methods designed hide from also the most complicated analysis system.

Eckelberry, in a separate interview said as much as he is aware of, the only other anti-malware system which has tried the file emulation process was BitDefender and Microsoft. However Vipre Enterprise boasts of their anti-rootkit protection which is a program that runs special module that is called as “advanced kernel monitoring and firstscan in advanced Windows loading.” Apart form this the company is also planning to further set improvements to Vipre Enterprise for later during this year which include endpoint protection, intrusion protection and an integrated firewall where most of them are specifically designed in order to appeal the enterprise users.

Microsoft plans critical patches for IE and Exchange

Wednesday, February 18th, 2009

Microsoft Corporation states that they would soon deliver 4 security updates wherein 2 of them are specifically critical and would finally subject a patch to the SQL Server on which they were working. These four updates are specified in the advance notice that will overturn bugs in Internet Explorer 7, Visio application which is part of Office Lineup, the exchange mail server software and the SQL Server. The Exchange vulnerabilities and IE are marked critical as the highest risk ranking of the company while the Visio bugs and SQL Server are labeled important, a step lower.The SQL Server updates would repair the vulnerability which was acknowledged by Microsoft during December 2008. The director of security operations in nCircle Network Security, Andrew Storms said that there is a lineup created between the optional with affected editions of SQL Server. Additionally this bug is also prominent for a number of reasons. After Microsoft had confirmed about the vulnerability, the advisory noted that the exploit code was published. However after several days the company also acknowledged that they had first received the report about bugs from Bernhard Mueller the SEC Consult Security in Vienna based security based company. Mueller had disclosed about this bug early in December 2008 after there was not word from Microsoft and he said that the company failed to reply several messages during the 2 months before when he had asked about the updates on patch’s progress.

Most of the security analysts were expecting Microsoft to act fast. Wolfgang Kandek the chief technology officer of Qualys Security Company, for instance, during late December foreseen that Microsoft would update a fix “out of band” (a term that were when patches issued outside normal monthly schedule of Microsoft). Storms said about the SQL Server and IE Exchange patches that three of them are evenly important at least by the information they have as it is all dependent on the infrastructure of an enterprise.

He continued that companies are always responsive when exchanging fixes and so the serious fix that is set for Exchange Server 2007, 2003 and 2000 would be analyzed carefully. He said that messaging is also very important to enterprises and so they will also spend time in making sure that the patches work fine. The plus point is that he said, the does not needs to be restarted a note in Microsoft’s bulletin. Storms said that it might mean it is not essentially a huge hold or that they would just get lucky as they will not need to restart the Exchange servers and the IT administrators will be able to organize the patch even quicker. The Internet Explorer vulnerability should be something exclusive to IE7 he said. However according to Microsoft this Critical vulnerability would affect only that particular version of browser and not IE5.01 or IE6 as the latter editions which are just for Windows 2000 and also the oldest browser which Microsoft even today supports with their security updates.

Hardware-based encryption to increase storage security

Monday, February 16th, 2009

Everyone would accept that it is crucial to store sensitive data encrypted whether it is housed in the data center or stored in notebooks or computers or if it is filled away on some removable storage disk. However as the recent headlines show, the problem is that very few organizations really bother. For instance, the previous week a person form New Zealand purchased a used MP3 player in Oklahoma and found nearly sixty files included with names and personal details of US military personnel. This is only the recent example of which demonstrates how lots of tapes, drivers and even notebooks are lost with sensitive data on them without encrypted.The industry standards groups along with several other bigger hard drive manufactures of the world hope to make it easier to protect sensitive data. Therefore the Trusted Computing Group unveiled this week three specifications for full disk encryption to be used in all types of storage devices and in encryption key management systems. As the technology in encryption management is largely based on the specification that is built into the hardware almost any storage device that uses this technology would require to use a password even before the system starts.

Therefore the devices that can use this specifying can range from standard computers, consumer gadgets to even notebooks and drivers used in data servers, centers and large storage arrays. Pete Lindstrom the research director at analyst form said that, this is an excellent effort to make encryption the standard features for all hard drives which builds security in an outstanding approach to such a difficult problem.

The three specifications include:

 Opal – The specification from Opal details al the requirement for fixed storage media notebooks and computers.

Storage Interface Interactions – The specification explain how all of the specifications of Trusted Computing Group interact with interface specifications and storage connections including ATAPI, ATA, Fiber Channel, SCSI and others.

 The Enterprise Security Subsystem Class – Their specification is mainly aimed at drives in high volume applications and data centers where generally there is a minimum security configuration during installations.

The backers for these TCG and other new specifications are Hitachi GST, Fujitsu, Western Digital, Wave System, Toshiba, Samsung, Seagate Technology, LSI Corp. and IBM. However according to Eric Orgen the analyst at the research firm in The Ogren Group, there are some state laws like in Massachusetts and Nevada for mandating full disk encryption on notebooks which contain consumer data. Therefore for this single reason corporations should understand the endpoint crypto abilities already available in simple tools like the Windows BitLocker. He further added that it is a 1.0 specification which means it is just the start. The storage vendors must familiarize wit the features of the standard also charge product management with determining the features reverberate with customers. Those features which are attractive to customers must be included in the product roadmap with a watchful eye to revising as the Trusted Computing Group specifications mature, Orgen further added.

Disk-drive Encryption gets boost from OPAL standards

Friday, February 13th, 2009

The efforts of the Opal Industry-Standards have been unveiled by their Trusted Computing Group this week which might prove a benefit to the professionals of information technology who explore desktop options in encryption. It is officially called as Opal Security Subsystem Class Specification 1.0 which includes a set of protocols and mechanisms for disk-drive encryption, configuration, authentication and policy management. Therefore when it is implemented into the disk drive or into the supporting security and client management software, Opal will offer IT managers the flexibility and ability to manage computers and use the Opal based encryption.

The IT director at CIB Heath Ken Waring said that it was exactly what they expected a software that has the ability to blend and match and they are also watching it go forward and improve in technology as they are currently using the embedded disk drive encryption in their Dell computers that include Wave system management software to safeguard their sensitive data. Although the CBI Heath have found this hardware based disk encryption to be a perfect way to protect their data, the only downside is that it restricts to be used on just one model. However Opal has made promises to design a new level of practical security so that the IT managers will be able to perfectly mix and match Opal based disk drivers of manufacturers including software management tools.

The Opal initiative backers of TCG who have made use of Advanced Encryption Standard also slot in disk-drive manufacturers Hitach, Fujitsu and Seagate and also software vendors like WinMagic, Wave, CryptoMill Technologies and several others. For instance, Fujitsu promises Opal to support in all of their Notebook drivers in both 7200 rpm and 5400 rpm in the second quarter. Lark Allen the vice president of the development at Wave said that the primary objective is how to entrench security into the drive in order to have authentication and encryption and also do it in a standardized way so that it works fine regardless of the drive used. He said this as he demonstrated the Opal based interoperability along with their Trusted Drive Manager working with Opal implementations of Fujitsu.

However Opal has proved to show recent efforts in satisfying the increasing corporate demands in disk encryption. There was full disk encryption cited as the highest client security technology to be adopted or piloted this year according to Forrester’s review of 942 security and IT managers in Europe and North America. Additionally, disk drive encryption is also increasingly becoming a necessity for both in transit and for stored data. In a few industry sectors or particularly in healthcare industries these encryptions are becoming a necessity to meet their regulatory requirements. Saeed Umar who is the IT project manager of Lancashire Teaching Hospitals NHS Foundation Trust of London said that the Health department needs that no patient data should be send without its encrypted. He has also said that the next encryption project should include deploying Endpoint Encryption of MaAfee on all their laptops for data protection.

New worm infecting computers at an alarming rate

Sunday, February 8th, 2009

The recent studies have found out that a new computer virus has infected nearly 20 million computers throughout the world and is also spreading really fast. This virus or worm is known by several names where down ad up, Downandup and conficker are some of the commonly known names and this worm is very deceiving. It has been found that a window would given a pop up warning that states that your computer has in infection and show up an anti virus software. However when you try to purchase the anti virus software in order to delete the virus it would actually steal all you credit card and other important information while even infect your computer.

Some of the experts find that is can be one of the worst infection to infect computers in the last six years and it is also easy to fall for it. Robert Nash the computer technician said that the virus looks legit and unless computer users are informed about this or know about the virus would easily make its way into the computers. However according to Joe Kadar the computer technician the virus attach has gone from around 2.4 million machines to nearly 8.9 million machines infected within one day which also makes it one of the fastest spreading virus in the world.

This virus mainly spreads by infiltrating in tot eh flash drives. So, when the virus has made its way into the flash driver and has infected the computer machine you are using, it can even infect all the computers in the network. The radio personality for instance would basically rely on their computer for song requests and to update their websites. Here if the computer develops the virus it would make the workday much more difficult, while your computer might also transmit the virus into other computers connected to the machine.

Therefore following the same patter of predictions that has let to the devastating worm attach, has actually let security analysts to start focusing on the new crop of Microsoft. The windows vulnerabilities along with the attack tools to that are created to take advantage of them can all together create a potential new family of computer virus. Just after a short period Microsoft had warned their users about the new vulnerabilities in remote procedure call protocol of windows, the same software which opened nearly a million machines to the virus attach is actually the code that is being circulated through the web. This means that it is important you stay safe as this virus can actually cause a lot of problems.

Most of the security intelligence companies and even computer security companies recommend that you update your anti virus program so that you eventually kill out the worm from your computer. Although purchasing new anti virus can prove to be beneficial it would rather be hard to trust its reliability to be free from malware. Therefore you can just keep updating your anti virus frequently from the official dealer in order to eventually remove the entire worm and stay way from it.