Java and .NET Security compared

The University of Virginia has published a report available here that compares Java and .NET security as per MSDN blogs.


Gerardo Dada of Microsoft, Developer Marketing blogged the summary on the findings of University of Virginia:


One of their key conclusions “Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design”

Symantec AntiVirus Corporate Edition 9.0 and Symantec Client Security 2.0 Help File Elevation of Privilege

The Symantec AntiVirus Corporate Edition HTML client help function uses HTML help, the Windows help interface, to provide support to the client user. A non-privileged client user can manipulate the help function to access files on the system with local SYSTEM privileges.


Symantec Response
Symantec engineers verified this issue and corrected it in Maintenance Release (MR) 3 and all subsequent MRs and upgrades for Symantec AntiVirus Corporate Edition and Symantec Client Security. Symantec strongly recommends users update to the latest MR available for Symantec AntiVirus Corporate Edition 9.0 and Symantec Client Security 2.0 or to the latest product version to protect against this issue. MR 4 is available to address this threat in the Japanese and Korean language versions of Symantec AntiVirus Corporate Edition 9.0 and Symantec Client Security 2.0.


 

Manage Internet Explorer’s Restricted Sites using ZonedOut

Funkytoad.com released ZonedOut - a utility that will allow you manage Internet Explorer’s restricted sites.  With ZonedOut, you can Add, Delete, Import, Export, Build a WhiteList and More!

 

The Menus:

 

Why ZonedOut is useful?  If you are using any program (e.g. SpywareBlaster, Spybot Search & Destroy) or file (e.g. IE-SPYAD) that add list of bad sites in Internet Explorer’s restricted zone, you will find ZonedOut useful!  There are times we want to whitelist a site but the Internet Explorer’s restricted sites’ manager do not have “search utility“.  You will find yourself scrolling or mess with Windows Registry Editor or use notepad to manually edit out what you don’t want to be in restricted sites.  With ZonedOut’s search function, you’ll just search for the URL and viola, you can delete it using ZonedOut or add it in whitelist.  The whitelist editor will keep the URL for you.  The next time a new definition or updated restricted sites is released, you don’t need to do it all over again.  It can be imported as a complete list or parsed against your whitelist. 

There are more useful functions in ZonedOut that I’m sure user’s of IE-SPYAD or other program that adds restricted sites will enjoy.  Get it.. it’s free from Funkytoad.com.

Funkytoad.com authored Hoster and IniBeastHoster is another utility to manage your HOST file while IniBeast is ini file tweaker.

Disclosure:   I admit, I’m involved in the making of ZonedOut.  No, I don’t know programming.  It’s only my idea.  I’ve been looking for such utility to manage restricted sites … easier and I gave up looking for it because there is nada (as per Google OK? ;) ).  I contacted Todd and beg :-D  to “please create a restricted site manager utility“.  Todd is one of administrator over in Gladiator Security Forums (visit us there!..).  Thanks Todd for granting my request.  Wait for my next request :-P



 

Linux/Unix e-mail flaw leaves system wide open

Two flaws, rated ‘highly critical’ by Secunia, have been discovered in Elm (Electronic Mail for Unix) and Mplayer, a popular movie player for Linux. Attacker could use a specially crafted e-mail with a malformed “Expires” head to exploit a buffer overflow in Elm and execute malicious code. The French Security Incident Response Team reports that exploit code is already available in the wild. Elm is used by highly skilled Unix administrators, often on critical networks. In Mplayer, an attacker could use a specially crafted media file with a malformed strf value in an audio header to exploit a buffer overflow and execute malicious code. Patches are available for Elm, but not for Mplayer; Mplayer will also be more difficult to fix since it is a client-side application rather than server-side.


TechWorld

Microsoft MSN offers scam-site detector

Microsoft’s MSN unit will release an add-in for the Internet Explorer browser that will alert users when they visit a spoof site used in a phishing scam. Such capabilities will be added to the upcoming IE 7, but MSN is releasing a version for IE 6 in the meantime. The Microsoft Phishing Filter is only in beta and requires Windows XP Service Pack 2. MSN uses a phishing site blacklist compiled by WholeSecurity.


Cnet

Antivirus can introduce dangerous network security holes into any OS

Independent security researcher Alex Wheeler has found flaws in antivirus products from Symantec, TrendMicro, Computer Associates, F-Secure and Sophos, which together claim 75% of the market. All of the flaws were buffer overflows, which would allow an attacker to execute arbitrary code. Wheeler found the flaws in the default configuration of these products, and exploit required no user interaction. Antivirus programs often run with high-level privileges, including root or kernel. Virus scanners are vulnerable because they must interact with every piece of data that enters a system. Further, they have to mimic the functionality of other programs to determine whether some code is malicious, but could do so imperfectly.


Tech Target

Three indicted in U.S. spam crackdown

An Arizona grand jury has indicted three people — Jennifer R. Clason, 32, James R. Schaffer, 39, and Jeffrey A. Kilbride, 39 — of violating the CAN-SPAM Act. The trio is accused of using spam to advertise pornographic websites to receive commission for bringing traffic to the sites. Spamhaus listed the operation among the 200 largest sources of spam; America Online received 600,000 complaints related to the group in the first half of 2004. The group would purchase large blocks of IP addresses from internet service providers and send spams from a small portion of the addresses. Once an ISP blocked that portion, they would switch to another. If convicted each member of the group faces twenty years in prison for money laundering, five years for obscenity, five years for spamming, and five years for conspiracy.


Computer World

Microsoft Commends Turkish and Moroccan Authorities and the FBI on the Arrest of the Alleged Authors of the Recent Zotob and Mytob Worms

Microsoft Corp. today commended Turkish and Moroccan law-enforcement authorities and the FBI for their prompt arrest of the individuals believed to be responsible for the creation and distribution of the recent Zotob and Mytob worms. Microsoft worked closely with law-enforcement agencies in the U.S. and overseas to provide investigative and technical support in the investigation.


 


On Thursday, Aug. 25, law-enforcement authorities in Morocco and Turkey arrested the individuals believed to be the authors and distributors of the worms, less than two weeks after the worms were unleashed.


 


Brad Smith, senior vice president and general counsel at Microsoft, said the company’s ongoing partnerships with global law-enforcement authorities help ensure that when malicious code such as Zotob and Mytob is released, that information is shared rapidly to help law enforcement identify and hold cybercriminals accountable for their actions and help protect customers.


 


http://www.microsoft.com/presspass/press/2005/aug05/08-26ZotobArrestPR.mspx