23:46 Q&A: Mainframe securityDavid Hodgson is a Senior Vice President of Development at CA within the Mainframe Business Unit, responsible for the companys security management and database management products. In this interview ... >>>
Weve just released Microsoft Security Advisory 971778 today. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while were working on a security update to address the issue.
Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.
The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isnt a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, weve verified that it is possible to direct calls to DirectShow specifically, even if Apples QuickTime (which is not vulnerable) is installed.
Our investigation has found three workarounds that you can implement to protect yourself and weve documented these in the security advisory. In addition, weve got more technical details on the workarounds and the issue over at the Security Research and Defense (SRD)blog.
Most importantly, we have found one workaround in particular that is simple and effective and protects against the vulnerability with limited impact. In fact, this particular workaround is simple enough that weve been able to give you a way to automatically implement the workaround with the click of a button. Our Customer Service and Support (CSS) group has a new capability called Fix it that can automatically apply simple solutions to your system. Weve gone ahead and built a Fix it that implements the Disable the parsing of QuickTime content in quartz.dll registry change workaround. We have also built a "Fix it" that will undo the workaround automatically.
To automatically implement the workaround, go to the KB article for the advisory. In the KB article, theres a section titled Fix it for me. Click on the Fix this problem button under "Enable Workaround" in that section. You will then be offered an installer package from the Microsoft website. After youve confirmed that you trust the source of this package, run it on your system. The package will automatically set the appropriate registry keys on your system to implement the workaround. When you want to undo the workaround, click on the "Fix this problem" button under "Disable Workaround" in the same section.
Research In Motion (RIM) has warned of a vulnerability in how BlackBerry servers handle malformed PDF files that potentially leaves the door open to hacking attacks.
17:22 Snort: 10 year anniversary and new betaSnort recently hit major milestones celebrating its tenth anniversary, reaching 3.7 million downloads and more than 244,000 registered users. 80 percent of Fortune 100 and 42 percent of Global 500 com... >>>
A lost laptop containing the personal data of 109,000 Pensions Trust's members has sparked the latest in a growing list of information security breach alerts.
16:09 iPhone spy software with stealth GPS trackingRetina-X Studios announced Mobile Spy 3.0 for iPhone. Using this iPhone spy technology, users can now track GPS locations, SMS messages and calls of children or employees inside an SSL secured online ... >>>
The Dutch "artist" who in 2004 turned her pussy into a handbag under the performance art title "My dearest cat Pinkeltje (2004)" has published personal details of those who emailed her expressing their disgust.
11:43 90% of all email is spamSymantecs May 2009 MessageLabs Intelligence Report has recorded a rise in spam levels of 5.1% over the previous month. This puts spam levels at 90.4% of all corporate email whats behind this spike... >>>
11:37 How the industry views Web 2.0A recent survey of 100 IT professionals at Infosecurity Europe revealed surprising trends in individual and corporate use of social media.
The Launchpad Europe IT Security Index 2009 was intended t... >>>
11:26 D-Link desktop widget for monitoring 802.11n routersD-Link announced a desktop widget that allows users to oversee any D-Link 802.11n Wi-Fi routers to monitor Internet and network send/receive rates, along with other settings of the home network includ... >>>
07:12 Compact color inspection and surveillance cameraThe Mirion Technologies Imaging Systems Division announces the release of the IST-Rees C983 pan-tilt-zoom (PTZ) camera. The new camera system is designed to provide improved viewing performance and re... >>>
04:48 Maybe hardware is cooler than software after allA while back, if you recall, I wrote about the Model 22 HDD Hard Drive Disintegrator (check the link for a pointer to a video of the machine in operation). People seem to love to create complicated hardware devices to solve problems that really arent that difficultIm convinced its for the sheer joy of building [...]>>>
Microsoft engineers have fortified the latest version of Windows with a feature designed to make it significantly harder for attackers to exploit bugs that may be lurking deep inside the operating system.
02:50 The Web's most dangerous keywords to search forWhich is the most dangerous keyword to search for using public search engines these days? It’s “screensavers” with a maximum risk of 59.1 percent, according to McAfee’s recently released report “The Web’s Most Dangerous Search Terms“.
Upon searching for 2,658 unique popular keywords and phrases across 413,368 unique URLs, McAfee’s research concludes that lyrics and anything [...]
What do you do if you have too many background checks to do, and not enough time to do them? You fake them, of course:
Eight current and former security clearance investigators say they have been pressured to work faster and take on crushing workloads in recent years, as the government tried to eliminate a backlog that once topped 531,000 cases.
Investigators have eliminated that backlog, but they now are trying to meet congressionally mandated deadlines to speed up the security clearance process. The 2004 Intelligence Reform and Terrorism Prevention Act requires agencies to issue at least 80 percent of initial security clearances within 120 days after receiving a completed application. This December, agencies must issue at least 90 percent of their initial security clearances within 60 days.
"This job is a shredder, and agents are grist for the mill," said K.C. Smith, an OPM investigator in Austin, Texas, with 23 years of experience. "There are people who are getting sick, under a lot of stress, their family life is suffering. They are just beat down."
Investigators say it is common practice to spend nights, weekends and holidays writing up reports, and some don't report the overtime they work for fear it will be held against them in their performance evaluations.
Some say their superiors have made it clear that the priority is to close cases, and they say they have felt pressure to turn in even incomplete cases that lack crucial interviews or records if it will help them keep their numbers up. A recent Government Accountability Office report found that the Defense Department's security clearance process is plagued by such incomplete cases: 87 percent of the 3,500 initial top-secret security clearance cases Defense approved last year were missing at least one interview or important record.
It's all a matter of incentives. The investigators were rewarded for completing investigations, not for doing them well.
Wojciech Mazurczyk, Milosz Smolarczyk, Krzysztof Szczypiorski
The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.
I don't think these sorts of things have any large-scale applications, but they are clever.
