[SecurityRatty] tag: upgrade

One in four DNS servers still vulnerable to Kaminsky flaw, survey says

Sun, 09 Nov 2008 21:00:00 +0000

he Measurement Factory's 4th annual study of 80 million addresses in the IPv4 space proves several in the Internet community didn't heed the industry's warning to upgrade their DNS servers with patches for the Kaminsky flaw and other known vulnerabilities.

Microsoft touts virtualization, Windows 7 integration with Windows Server upgrade

Thu, 06 Nov 2008 21:00:00 +0000

Microsoft next week will distribute a pre-beta of Windows Server 2008 R2 to a select group of testers and highlighted the software’s virtualization capabilities, integration with Windows 7 and other features.

Happy (Belated) First Birthday!

Fri, 31 Oct 2008 04:27:00 +0000

.... to my ADSL application.

Last year in October a salesperson at Telkom phoned to let me know that my phone exchange supports ADSL and do I want to upgrade my line to have ADSL?

I did the maths and worked out that it would be cheaper for me to have ADSL and have the benefit of all-time-on access to the Internet.

So, I applied and a few days later my application was processed and I had an application number. It all got to the point where I had the modem connected and ready when a technical person at the exchange noticed that "no, the exchange is potentially ready for ADSL but was not, in fact, ready."

"But, good news, there is a project to upgrade the exchange to be ADSL capable. It should be done by latest end of December 2007."

That became end of January, end of February, end of April... then it jumped to end of June.

Now it is scheduled to be completed by the end of April 2009.

The way things are looking - I'll probably be celebrating the second birthday of my ADSL application this time next year... many happy returns.

Microsoft warns of another update to Windows Update

Fri, 31 Oct 2008 01:00:00 +0000

Microsoft is again warning users it plans to upgrade Windows Update, the service most people rely on to download patches and other fixes.

Links List 10.24.08

Fri, 24 Oct 2008 14:55:16 +0000

Ah a mystery. In “The strange case of the slow server”, Jack Hughes at The Tech Teapot had problems with internet presence – slow website loading, problems logging in and slow emails. Sound familiar? In Jack’s case, the culprit was his main download site but the real issue was lack of visibility across multiple tools that provided much info but not in a way that was really usable. “The main lesson I take away from this is to make sure you’re creating meaningful stats for everything you’ve got because you never know what may be causing you a problem.”

Information Week’s new blog, Plug Into the Cloud, is already in the thick of the controversy on the emerging cloud computing trend. A recent post lists a bunch of highly opinionated comments on the topic by site visitors, running the gamut from “Cloud computing is kind of like the Emperor’s New Clothes” to “cloud software can actually be more expensive than the software I load onto my hard drive.”

Jeff Doyle writes an interesting post about resistance to IPv6 adoption (what, you think we forgot?). Instead of the usual focus on IPv6 as an application issue, he points out that it’s actually an infrastructure thing. Would you wait to upgrade routers, switches, software, or servers until you can find a way to make the newer systems profitable? Would you wait to increase bandwidth only after you have customers waiting to use it? If you’ve answered these questions “no”, then why are you waiting to upgrade to IPv6?

We posted about whether or not there were recession proof products in IT yesterday. Network World Management Maven Denise Dubie also writes about readers weighing in on IT and the economy – from having to do even more with less to seeing the economic downtown as an opportunity to highlight IT’s true value to the business.

And finally, on the lighter side: What would we do without crazy billionaires and their crazy purchases? According to a New York Times article, a company controlled by Google’s top execs just added a fighter jet to their roster. “Presumably no attacks on Microsoft are planned at this time.” (image from Wikipedia)

Massive SQL Injection Attacks - the Chinese Way

Tue, 21 Oct 2008 12:18:48 +0000

From copycats and "localizers" of Russian web malware exploitation kits, to suppliers of original hacking tools, the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale, and so is either filling the niches left open by other international communities, or coming up with tools setting new benchmarks for massive SQL injection attacks, like the case with this one :

"A professional web site vulnerability scanning, use of tools, SQL injection is a new generation of tools to help Web developers and site of the station quickly find vulnerabilities in order to be able to effectively prepare Security work. At the same time, the tool to Web developers to demonstrate the ways in which hackers are using these vulnerabilities, hackers, as well as through the loopholes to do things, can effectively raise the safety awareness of relevant personnel."

Nothing's wrong with the marketing pitch at the first place, but going through the features, the "massive SQL injections through search engine reconnaissance" and automatic page rank verification which you can see in the attached screenshots, ruin the "security auditing" marketing pitch. The tool not only allows easy integration of potentially vulnerable sites obtained through search engines reconnaissance, but also, is prioritizing the results based on the probability for successful injection, next to the page rank of the domains in question. A simple demonstration offered by the company is also, directly enticing its users to "localize" the search engine reconnaissance, by filtering the search results for a particupar country, in this case they used French sites for one of the demos. Here are some excerpts from its CHANGE log speaking for themselves :

"2008.7.15 release version 1.3

- New powerful "automatic machine cycle" feature
- Automatic machine cycle is to provide assistance to the advanced user manual into the use of a very
- powerful and flexible module, the main sites used for some special filtering into the hand, is almost a
- universal tool, you can achieve the following:

1. In support of GET / POST / COOKIES in a variety of ways, such as the injection.
2. Scan the key to the page (background, upload, WebShell, databases, backup files, etc.).
3. According to the dictionary to violence landing back-guess solution WebShell password and password (required to verify that the code can not guess solution).
4. Page language does not limit the types and databases (to provide specific statements into the database).
5. At the same time, support for the circulation of the two variables and two dictionaries, fast running and violent content of the database solution to guess a password."

It gets even more interesting in terms of the massive SQL injection attacks mentality which is pretty evident on all fronts :

"- The use of the three search engine sites scans to invade the side to complete
- in scanning probe into the Web site ranking points
- added, "VBS upload to download", "upload directory Web site viewer," "FTP upload to download configuration file" function to make it more convenient for the sa rights to use the site.
- New "sequence document scanners"
- What is the sequence document scanners role? Upload to find loopholes, some of the procedures to upload the file after the upload will be renamed, rename the way the system is usually based on time or incremental increase in the number prefix code for the upload process, if not to return after the file name, Upload files to know the url is usually very difficult to sequence the use of paper scanner can be scanned out

- The best reverse domain name query engine, and quasi-wide
- in scanning the database of basic information, an increase of the database of information related to the process, the link has information on the database server user login (sa need permission)
- control of the interface had a big adjustment, the interface process easier to understand and operate.
- based on a significant site of the wrong mode of access to a comprehensive code optimization and more accurate access to the content, accuracy and access to show progress.
- added, "VBS upload to download", "upload directory Web site viewer," "FTP upload to download configuration file" function to make it more convenient for the sa rights to use the site.

- point into the types of improved detection order to improve the efficiency of detection.
- improved automatic keyword detection, automatic keyword detection more accurate.
- probe into the points the way to improve and increase the use of automatic detection of the keyword detection.
- type of database to improve the detection, the use of the contents of the length of the failure to detect the type of database automatically switch to the probe through the keyword.
- automatically save and load solution has been to guess the tree structure of the database, guess Solutions has been the content and structure of the database will automatically save and open the next time the injection point will be automatically made available, the solutions do not have to guess again, the continuity of work Greatly increased.

- solved from the database to read large amounts of data (on hundreds of thousands or millions of records), the half-way card program will die.
- increased significantly on the wrong model of ASP.NET and SQL Server2005 significant mode of dealing with mistakes, error messages can be extracted from a Web directory!
- significant amendments to the wrong mode, some of the injected one by one point in the field or access to the contents of the issue can not be successful (error code in hand); for increased access to specific points table and into the field.

- amendments to the text of a significant error patterns to detect and correct use of loopholes in the system can be used more to expand. (Text significantly in the wrong mode in version 1.1 already supported, but in the version 1.2 upgrade in the process of scanning to improve the performance of the Gaodiao careless. -_-#)
- on a variety of encoded text can be significantly wrong in the right-compatible, able to correctly handle the ASP.NET page of the text marked wrong. Through custom error keyword, truly compatible with any language, any coding error message.
- crack anti-improvement and enhancement.
- An increase of auto-detection feature keywords.

- Mssql database specifically for significant points into the wrong mode of detection and the use of up and down the hard work, and many other software can not detect the point of injection can also be used.
- Automatic save and load access to the database, to allow manual known to add tables and fields for solutions to guess.
- Can be used to amend the degree of accuracy; optimize the code to reduce memory footprint; enhance the stability of multi-threading.
- Significant amendments to the wrong mode solution guess the contents of the database must be checked first field defects."

The public version of the tool has been in the while for over an year, with a VIP version available to customers only.

Frustration with PGP-9.6 and networking

Mon, 20 Oct 2008 13:44:00 +0000

So, I recently upgraded from PGp-8.1 to PGp-9.6 and I thought I'd share a bit of the frustration.

I was running what I believe to be a fairly standard configuration.

Corporate desktop image
Outlook 2003
Symantec AV
PGP-8.1

I decided to upgrade my Outlook to 2007. Turns out that PGP-8.1 isn't compatible with Outlook 2003, so I needed upgrade.

Install PGP-9.6
reboot twice per instructions
Find that my networking completely doesn't work.

Turns out that in order to get PGP-9.6 working with things like Symantec's AV that hook the network stack you need to back out PGP's POP/IMAP network stack hooking.

regsvr32 /u PGPfsshl.dll
Run a Registry merge on c:\WINDOWS\system32\PGPlspRollback.reg
Reboot

Then of course, if you should happen to upgrade PGP to 9.9 because the update is out, you get to repeat all of those last few steps again.

This process of course is made a lot easier if you happen to have another machine with network connectivity, otherwise you're kind of SOL.

Just my bit of unfun for the afternoon.

It is of course working now and reasonably well. Kind of sucks that the install isn't a lot easier.

Flash 10 Fixes Clickjacking Flaw

Thu, 16 Oct 2008 10:07:56 +0000

Not long after "clickjacking" attacks appeared several weeks ago it became clear that the culprit was Adobe's Flash. And the problem, as we say in the software biz, wasn't a bug, it was a feature. This feature has been modified in the new Flash 10 player to address the problem. The problem is clipboard access. By default, Flash 9 allowed a Flash program to read and write to the clipboard. "Clickjacking" attacks took advantage of this to persistently stuff a value. usually a malicious URL, into the clipboard, in the hope the user would visit it. The attack is as cross-platform as Flash, working on Macs as well as Windows. In Flash 10 the clipboard methods will only work when called through ActionScript which originates with a user action, like pressing a button. No longer will a silent Flash app be able to hijack the clipboard completely without the user noticing. This change was just one of many security changes in the Flash 10 player. Changes in how Flash handles policy files means that developers will have to address their use of them. Errors on socket connect() calls will be handled differently. And much in the same philosophy as with clipboards, file uploads and downloads may only occur in script that begins with a user action. There are other changes as well. The flip side of this fix is that it is not implemented in Flash 9. This means that the only way to escape clickjacking attacks is to upgrade to Flash 10.

Infoblox upgrade thwarts DNS attacks

Sun, 28 Sep 2008 20:00:00 +0000

IP address management vendor Infoblox has upgraded its core network services appliances with security capabilities that guard against DNS attacks.

A Diverse Portfolio of Fake Security Software - Part Six

Wed, 24 Sep 2008 14:29:31 +0000

Thanks to misconfigured traffic management kits, not taking advantage of all the built-in features that could have made a research a little bit more time consuming, here are the latest fake security software domains popping up at the end of fake adult content sites :

anti-spyware8 .com
anti-spyware4 .com
anti-spyware11 .com
anti-spyware10 .com
antivirus-cs1 .com
antivirus-cs14 .com
antivirus-cs4 .com
antivirus-cs15 .com
antivirus-cs5 .com
antivirus-cs7 .com
antivirus-cs8 .com
antivirus-cs9 .com
trustedpaymenssite .com
altawebgl-500 .com
masterspitetds09 .com
protectionaudit .com
prt3ctionactiv3scan .com
prtectionactivescan .com
smartantivirusv2 .com
smartantivirus2009v2 .com
smartantivirus2009v2-buy .com
smartantivirus-2009v2buy .com
smart-antivirus2009v2buy .com
anti-virus-xp .com
anti-virus-xp .net
e-antiviruspro .com
ultimate-anti-virus .com
antimalwarewarrior2009 .com
spyware-buy .com
superantivirus2009 .com
total-secure2009 .com
pcprivacycleanerpro .com
bestguardownload .com
trustedantivirus .com
antivirus-buy1 .com
spyware-quickscan-2008 .com
securealertbar .com
secureclick1 .com
megantivirus2009 .com
micro-antivirus2008 .com
superantivirus2009 .com
advanced-anti-virus .com
antivirusmaster2009 .com
scanner-online1 .com
internet-scanner2009 .com
filescheck-list303 .com
virus-webscanner .com
virus9-webscanner .com
spamnuker .com
detect-file101 .com
googlescanners-360 .com
onlinescannersite9 .com
bestantivirusscan .com
hottystars .com
internet-defenses .com
globals-advers .com
quickupdates29 .com
myscanners101 .com
myfreescan500 .com
scanthnet .com
scanners-pro .com
megatradetds0 .com
xp-licensingpages .com
bestantivirusscan .com

power-avc .com
pvrantivirus .com
online-xp-antivirus-checker .com
antivir-online-scan .com
online-win-xpantivirus .com
tube-911 .com
favoredmovie .com
getqtysoftware .com
softwareportal2008 .com
megazcodec .com
soft-upgrade-network .com
download-base .com
fastsoftdownloads .com
software-downloadz .com
download-soft-basez .com
plupdate .com
0scan .com
virus-online-scan .com
0scanner .com
porno-tds .com
jirolu .com
virus-online-scanz .com
red-tubbe .info
win-xp-antivir-hqscanne .com
xp-protections .com
xp-registration .com
xp2008-protect .com
getdefender2009 .com
gettotalsec2008 .com
msantivirus-xp .com
xp-licensingpages .com
protectionpurchase .com
winxp-antivir-on-line-scan .com
antispychecker .com
errorofbrowser .com
fresh-video-news .com
newschannel2008 .com
internet--daily-news .com
secure.signupsecurity .com
xpacodec .com
xpbcodec .com
gmkvideo .com
hqsextube08 .com
antivirusworld9 .com
viacodecright1 .com
viacodecright2 .com
quickupdates29 .com
antivirusworld9 .com
scanthnet .com
city-codec .com
citycodec .net
codecdownload.anothersoftportal09 .com
viacodecright2 .com
sextubecodec023dfs41 .com
hot-sextubedriver2 .com
viacodecright2 .com

The Diverse Portfolio of Fake Security Software series are prone to continue taking a bite out of cybercrime, and the people who distribute them on a affiliation based revenue sharing model.

Related posts:
Fake Porn Sites Serving Malware - Part Three
Fake Porn Sites Serving Malware - Part Two
Fake Porn Sites Serving Malware
EstDomains and Intercage VS Cybercrime
Fake Security Software Domains Serving Exploits
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Localized Fake Security Software
Diverse Portfolio of Fake Security Software
Got Your XPShield Up and Running?
Fake PestPatrol Security Software
RBN's Fake Security Software
Lazy Summer Days at UkrTeleGroup Ltd
Geolocating Malicious ISPs
The Malicious ISPs You Rarely See in Any Report