Smokey's Security Weblog

veritas odium parit

Smokey’s Security Forums Seasonal Competition 2008 now “Live”

As follow up on this post I can betray that Smokey’s Security Forums Seasonal Competition 2008 is now “Live”.

Like I told before, only registered board members can join the competition. If you are not a member of my board you are invited to register for free and obtain the opportunity to win one of the free security software licenses.

Several top-notch security vendors have participated in the Competiton and provided my board wih  free licenses: AVG, Avira, Comodo, Jetico, Kaspersky, MBAM – MalwareBytes AntiMalware, Tall Emu – Online Armor, Prevx, Sunbelt Vipre and SUPERantispyware. My gratitude to all these vendors!

Good luck to you all with the Competition!

On behalf of Smokey’s Team,

Smokey

November 30, 2008 Posted by | Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , , , , , , , , , , , | Leave a comment

Matousec and his Firewall Challenges Hall of Shame 2008/2011 Awardee

To me it is a great pleasure to announce that Matousec and his so called Firewall Challenges is Smokey’s Security Weblog 2008/2011 Hall of Shame Awardee. He realy did all he could to become awarded, there was no reason to deny him anymore this prestigious Award. Congratulations Matousec, well deserved!

Let’s take a look at my motivation to grant Matousec the honor to become member of The Hall. In my “almighty” wisdom I even decided that his stay in The Hall will be definitive.

In April 2008 I already blogged about wrinkles in Matousec’s Firewall Challenges. Instead of taking serious notice of my critism, he decided to ignore entirely my prewarnings. That was a bad sign, however I decided to provide him with the advantage of doubt.

Mentioned ignorant attitude in the past and his recent Firewall Challenge were sufficient to provide him with the honorable Smokey’s Security Weblog 2008/2011 Hall of Shame Award.

Recapitulation to Award Matousec:

– Labeling Firewalls, Behavior Blockers and HIPS with the generic label “Firewalls” and testing these programs subsequent with equal (firewall related) test procedures. This is just one of the reasons that his tests are completely unacceptable.
– Matousec demonstrated again and again to produce unreliable tests and being an untrustworthy person. Concerning the latter, I am thinking at his commercial activities related to his tests.

Conclusion: Matousec’s tests are misleading the reader, disadvantaging several vendors in a unacceptable way and his commercial activities in relation to his tests can be labeled as dubious. My advice: stay far away from his so called “tests”. They are not worth the paper they are written on.

Smokey

November 30, 2008 Posted by | Advisories, Friends, News, Recommended External Security Related Links | , , , , , , , , , , , | 4 Comments

About Smokey’s Security Weblog Hall of Shame Awards

The attentive reader of this blog will have noticed the existence of Smokey’s Security Weblog Hall of Shame Awards. Sole purpose of these Awards is, to improve users experiences and interests concerning all security related issues. Experiences that are many times not satisfying and even really disappointing: users are treated in a way that isn’t acceptable, e.g. by (government) instances and institutions, security vendors, aso aso. The list is long.

The intention of our “Hall of Shame” is to achieve a change of mind in positive way and approvements in behavior and procedures by the Awardees. This all in such way that users interests are served well with it. Therefore the “stay” in the Hall of Shame isn’t by definition for always, all Awardees will have a fair opportunity to make approvements concerning points of critism and to show their good intentions to learn from mistakes made in the past. At the moment this all is accomplished in a satisfying way, the Awardee will be removed from The Hall. The removal will be announced in public, with motivation for the why. A fresh, clean “restart” and opportuntiy for the former Awardees so to speak. OTOH, Awardees that are not willing to learn or refuse cooperation will be marked with the label “bad” and stay forever in The Hall.

All readers of this blog are welcome to provide me with nominations for The Hall. Nominations will only be accepted if they go along with well motivated and/or controlable reasons/sources to nominate. All nominations will be treated strict confidential. Nominations must send to me via email to the address hallofshame {at} smokey-services.eu It is solely up to me and my staff to decide about nominations. Via same email address you are also welcome to provide me with a motivation for removal of a Hall Awardee.

Happy and safe computing!

*** Current Hall of Shame Awardees ***

* HP – Hewlett Packard Company *

* Matousec’s Firewall Challenges *

* Trend Micro Incorporated *

November 29, 2008 Posted by | Advisories, Friends, News, Recommended External Security Related Links | , | Leave a comment

Smokey’s Security Forums Seasonal Competition 2008

Smokey’s Security Forums is pleased to announce Smokey’s Seasonal Competiton 2008.

This competition will give you a chance to upgrade to the full paid for versions of security software, all licenses will be valid for a minimum of 12 months.

It’s our way of trying to help a few members by making sure they have adequate security cover for the coming year, obviously by having a license they would receive better protection than the ‘free’ versions offer. Several of the top security companies have donated licenses for this competition.

The competition will start on Monday 1st December 2008 and will run until Sunday 21st December 2008, A list of all winners will be published on Tuesday 24th December. All times are in GMT.

All registered forum members have a chance to win ‘free’ licenses for a lot of top notch security programs, e.g.:

– Internet Security Suites
– Firewalls
– Anti Virus programs
– Anti Malware programs

If you want to join this competition you are invited to register for free on Smokey’s Security Forums. Keep in mind that only valid email addresses will be accepted, so no temporary and/or so called 10-minutes accounts.

Please login on Sunday 30th November to Smokey’s Security Forums for full details on how to get your hands on these free security software licenses and participating security software companies.

On behalf of Smokey’s Team,

Smokey
Site Owner Smokey’s Security Forums

Smokey’s is Site Member ASAP – Alliance of Security Analysis Professionals™

November 28, 2008 Posted by | Alerts, Downloads, Friends, Malware, News, Recommended External Security Related Links | , , , , , , , , , , , , , , | 1 Comment

Apple iPhone / iPod touch Multiple Highly Critical Vulnerabilities Reported

Secunia have reported some weaknesses, security issues, and highly critical vulnerabilities in Apple’s iPhone and iPod touch, which can be exploited by malicious people to bypass certain security restrictions, disclose potential sensitive information, conduct spoofing attacks, to cause a DoS (Denial of Service), or potentially compromise a user’s system.

The alert regard all iPhone and iPhone for iPod touch OS’s.

Description of the vulnerabilities

1) A vulnerability in CoreGraphics can potentially be exploited to compromise a vulnerable system.
2) Several vulnerabilities in the processing of TIFF images can potentially be exploited to execute arbitrary code.
3) An error in the processing of TIFF images can cause a device reset.
4) An unspecified error can result in the encryption level for PPTP VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially be exploited to execute arbitrary code via a specially crafted Microsoft Excel file.
6) A weakness exists in the handling of emergency calls, which can be exploited to bypass the Passcode lock and call arbitrary numbers when physical access to the device is provided.
7) A weakness causes the Passcode lock not to be restored properly.
8 ) A security issue can result in the content of an SMS message being displayed when the message arrives while the emergency call screen is shown.
9) An error in Safari when handling HTML table elements can be exploited to cause a memory corruption and potentially execute arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be exploited to spoof the user interface via content being displayed outside its boundaries.
11) An error exists in Safari when launching an application while a call approval dialog is shown. This can be exploited to call an arbitrary number without user interaction. It is also possible to block the user’s ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially sensitive data from form fields, although the “Autocomplete” feature is disabled.

Solution

Update to iPhone OS 2.2 or iPhone OS for iPod touch 2.2 (downloadable and installable via iTunes).

Source/full alert: Secunia Advisories

November 21, 2008 Posted by | Advisories, Alerts, Downloads, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , | Leave a comment

Symantec: Increase in USB-Based Malware Attacks

Symantec is currently observing an increase in malicious applications that use USB flash drive devices as a propagation method.

At the moment, there are two popular methods that malicious applications use to infect USB flash drives:

Simple file copy method

With this method, a malicious application that is installed on an infected computer simply makes copies of itself to all storage devices that are attached to the infected computer. A copy of the malicious code will be placed on network shares, local drives, and removable media (such as USB flash drives) that are connected to the computer. Usually the malicious application will also attempt to copy itself to peer-to-peer (P2P) file-sharing shared folders as well.

AutoRun.inf modification method

With this infection method, the malicious application modifies or creates an autorun.inf file on all of the network shares, local drives, and removable media (including USB flash drives) that are connected to the computer. When an infected USB flash drive is inserted into another computer, the copy of the malicious application is automatically executed. Under a default configuration of Windows, this infection method does not require any interaction from the victim other than physically attaching the media to the computer.

How to mitigate this threat

There are many policy- and configuration-based mitigations that can be used to adequately limit the propagation of these threats. Network administrators are advised to:

• Ensure that antivirus software is configured to scan all removable media when it is connected to a computer.
Disable AutoRun functionality for removable media, which should be possible using endpoint security systems. For personal computers, there are many detailed tutorials on how to disable AutoRun. Also, holding down the SHIFT key while inserting a USB flash drive can temporarily disable AutoRun.
• If removable drives are not required, endpoint security systems can distribute policies to prevent removable media from being recognized.
• User education should be a priority to educate network users about these threats.

Source/full report: Symantec Security Intel Analysis Team

This alert is a summary of the Symantec alert, I advice you to read the full report.
Smokey

November 20, 2008 Posted by | Advisories, Alerts, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , | Leave a comment

An excellent openSUSE 11 Review & Tutorial by Dedoimedo aka Mrkvonic

Like usual, Dedoimedo aka Mrkvonic have written an excellent review and tutorial, this time it concern openSUSE 11.

Mrkvonic:

“This review/tutorial including the use and installation on a laptop, so you can expect to see the following:

Wireless support, multimedia support (MP3, Java, Flash, VLC, K3B, DVD), NTFS support, Samba sharing, virtualization – VMware Server, including running Windows and Linux guests from remote Windows and Linux machines, all using wireless, games, an extensive guide on partitioning and installation and the use of the Updater (updating system, adding repositories, zypper), and more.”

To the openSUSE adherents this review is an absolute must!

Full review: Dedoimedo

November 15, 2008 Posted by | Advisories, Friends, News, Uncategorized | , , | Leave a comment

Sun StarOffice/StarSuite 7.x/8.x Multiple Highly Vulnerabilities reported

After the Apple Safari 3.x alert, another alert today.

It concern highly critical vulnerabilities in Sun StarOffice/StarSuite 7.x/8.x for SPARC, x86, Linux, and Windows platform and StarSuite 8 Impress Standalone for the Windows platform.

Impact

– A security vulnerability with the way StarOffice/StarSuite 7 and 8 process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.
– A security vulnerability with the way StarOffice/StarSuite 7 and 8 process Windows Metafile (.wmf) files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

Original advisories: Sun Documents 242627 and 243226.

According to Secunia there are partial fixes available. Extended info and download locations: Secunia.

November 15, 2008 Posted by | Advisories, Alerts, Downloads, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , | Leave a comment

Multiple Highly Critical Vulnerabilities in Apple Safari 3.x for Windows and Mac OS X

Multiple highly critical vulnerabilities are reported in Apple Safari 3.x for Mac OS’s and Safari 3.x for Windows XP and Vista, it concern all versions prior to 3.2

Impact of the vulnerabilities

– Multiple vulnerabilities exist in zlib 1.2.2, the most serious of which may lead to a denial of service.
– Processing an XML document may lead to an unexpected application termination or arbitrary code execution.
– Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
– Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
– Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution.
– Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution.
– Sensitive information may be disclosed to a local console user.
– Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
– Visiting a maliciously crafted website may lead to the disclosure of sensitive information.

Original Advisory: Apple

Vendor patches to close these vulnerabilities are available, please update to version 3.2 asap.

Downloads

Safari 3.2 for Windows: here
Safari 3.2 for Tiger: here
Safari 3.2 for Leopard: here

November 15, 2008 Posted by | Advisories, Alerts, Downloads, Friends, Malware, Recommended External Security Related Links, Uncategorized, Vulnerabilities | , , , , , , , , , | 1 Comment

Severe problems with WinXP after AVG Antivirus marked “user32.dll” as “Trojan Horse PSW banker4”

Today reached me reports of Windows XP/AVG Antivirus users hitted by an AVG false positive. That FP marked the Windows XP system file user32.dll as Trojan Horse PSW banker4 and subsequent cleaned/removed the system file. After that AVG “cleaning” action they rebooted their PC with result that Windows couldn’t start anymore.

Fix

When AVG have performed the same action on your PC, cleaning/removing user32.dll, reboot your PC with the Windows XP CD, hit in the upcoming menu the “R” on your keyboard, hit “1”, hit “enter”, answer password question with “enter” on your keyboard, after that you get the command prompt c:\windows>
Type behind that prompt copy c:\windows\$NTuninstallKB925902$\user32.dll c:\windows\system32 and hit “enter” on your keyboard.

Remove the Windows XP CD, reboot, and Windows should function normal again.

According to AVG Technologies Support, the problem of the FP is solved with today’s update VDB 270.9.0/1778

November 9, 2008 Posted by | Advisories, Alerts, Friends, Malware, News, Recommended External Security Related Links | , , , , , , , | 32 Comments

Free Online Virus, Spyware, other Malware, Suspicious File, Security Check and System Health Scanners

Like most people know, my board Smokey’s Security Forums is providing Information, Support, Help and Advice concerning all security related issues. As extra service we have also a general Hardware/Software section.

Malware removal/cleaning is just of the many services we offer. E.g. we have a HijackThis & OTListIt2 Log Analysis/Malware Removal & Cleaning Forum (English language) and Hilfe bei Problemen mit Viren, Trojanern, Würmern, Spyware, Adware, Ransomware, Popups und sonstigen Schädlingen (German – Deutsch language), full qualified malware experts will help you to clean your infected PC.

We have also an Online Virus, Spyware, other Malware, Suspicious File, Security Check and System Health Scanners Forum. You will find here 24 free (partial multi-engine) online services for scanning suspicious files and/or free system scanners. Several of these online services will remove malware and clean your PC also. Feel free to use these services, however, in case of an PC contaminated by malware we advice you strongly to ask for personal help in our HijackThis & OTListIt2 Log Analysiis Forum, only qualified malware experts will be able to clean your PC in a satisfying and secure way.

Current online scan services we offer are:

– a-squared Anti-malware Free Online Scan
– Arcabit Free Online Scan
– Bitdefender Free Online Scan
– Eset NOD32 Antivirus Free Online Scan
– Ewido/AVG Malware Free Online Scan
– F-Secure Antivirus Free Online Scan
– F-Secure Free Online security updates indentifier
– Jotti Virus/Malware Multi-engine Free Online Scan
– Kasperky Antivirus Free Online Scan
– McAfee FreeScan Online Scan
– Norton Security Scan Total redirects: 1
– Panda Antivirus TruePrevent Free Online Scan
– PrevX CSI Online Adware scanner
– Secunia Free Software Inspector
– SpywareInfo Spyware/AdWare Free Online Scan
– Symantec Security Check Free Online Scan
– Tenebril Spyware Free Online Scan
– TrendMicro Antispyware Free Online Scan
– WindowSecurity.com TrojanScan Free Online Scan
– Virus Chaser Free Online Scan
– VirusChief Multi-engine Free Online Scan
– VirSCAN Virus/Malware Multi-engine Free Online Scan
– VirusTotal Virus/Malware Multi-engine Free Online Scan
– Virus.org Rogue File Multi-engine Free Online Scan

All services we offer are for free, but please keep in mind that only registered board members will be able to take advantages of these services.

November 8, 2008 Posted by | Advisories, Alerts, Bundleware, Friends, Malware, News, Norton Internet Security, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , , , | 1 Comment

Microsoft Security Bulletin Advance Notification for November 2008

Published: November 6, 2008

Microsoft Security Bulletin Advance Notification issued: November 6, 2008
Microsoft Security Bulletins to be issued: November 11, 2008

This is an advance notification of security bulletins that Microsoft is intending to release on November 11, 2008.

This bulletin advance notification will be replaced with the November bulletin summary on November 11, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

Executive Summaries

This advance notification provides the software subject as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical (1) –

Bulletin Identifier: Windows Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Microsoft Windows, Microsoft Office. For more information, see the Affected Software section.

Important (1) –

Bulletin Identifier: Windows Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
Affected Software: Microsoft Windows. For more information, see the Affected Software section.

Full bulletin: Microsoft TechNet

November 8, 2008 Posted by | Advisories, Alerts, Downloads, Friends, Recommended External Security Related Links, Uncategorized, Vulnerabilities | , | Leave a comment

Review Norton Internet Security 2009

First I have to warn the “Almighty Clan of Norton Bashers and Haters”: don’t read this post. It will deliver you a bad headache… Beacuse: past week I have tested Norton Internet Security 2009, and it confirmed the enthusiastic conclusion of other tests: a top-notch security suite, best of the best. IMHO The Absolute #1 among security suites. Period.

Apparently Symantec/Norton have learned from the mistakes made in the past, have listen serious to their customers, subsequent revamped their 2009 suite and the result is sensational: to other vendors of security suites it will be a stiff task to beat NIS 2009.

To me, the only disappointing part of NIS 2009 is the Antispam module, but please keep in mind the pros of the suite are in the majority: Antivirus, Firewall, Antispyware and minimal performance impact. And also keep in mind that most security suites have a weak, unsatisfying Antispam module.

Without any hesitation i highly recommend Norton Internet Security 2009 to all people looking for a top-notch, reliable, easy to use all-in-one security suite.

Below I provide you with an comprehensive test/review, performed by PCMag. That review, same is valid for other NIS 2009 reviews, confirm my own positive experiences and impressions.

PCMag Review Norton Internet Security 2009

Editors’ Choice

Bottom Line

This is definitely the slimmest, most unobtrusive Norton ever. Its protection is top-notch where it counts, though antispam and parental controls are still weak. As the best all-around security suite yet, it’s our new Editors’ Choice.

Pros

Minimal performance impact*. Extremely effective spyware and virus protection. High-powered, comprehensive firewall. Free, proactive support. Phishing protection. Automated log-in, form-fill. Network map with remote configuration.

Cons

Antispam misses too much, blocks too many valid messages. Rudimentary parental controls. Network map allows no remote correction of reported problems.

Full review: PCMag
30 Day Uncrippled Trial NIS 2009: Norton Store

*Confirmed by AV-Comparatives Performance Test Report: “Impact of Anti-Virus software on System Performance”, dated 2008-11-18. You can find the report at the bottom of the COMPARATIVES section of av-comparatives.org.

Norton Internet Security 2009 System Requirements**

Microsoft Windows Vista Home Basic/Home Premium/Business/Ultimate***

Microsoft Windows XP with Service Pack 2 Home/XP Pro/XP Media Center Edition300 MHz or faster processor

– 256 MB of RAM (*512 MB RAM required for the Recovery Tool)
– 200 MB of available hard disk space
– Standard Web browser

Email scanning supported for POP3- and SMTP-compatible email clients.

Support for AntiSpam feature

– Microsoft Outlook 97 or later
– Microsoft Outlook Express 6.0 or later

Supported instant messaging clients

– AOL
– Yahoo!
– Microsoft
– Trillian

Browser support for Browser Defense and Phishing Protection features

– Microsoft Internet Explorer 6.0 (32-bit only) and later
– Mozilla Firefox 2.0 and later

**Must meet minimum Windows Vista operating system requirements.

***Source: Symantec.com

November 2, 2008 Posted by | Advisories, Downloads, Friends, Malware, Norton Internet Security, Recommended External Security Related Links | , , , , , , , , , , , , | 2 Comments