Reminder: Update for Windows Update Agent beginning August 2009 and etc…

Just a reminder to everyone using Windows :-)

There will be update to Windows Update announced by WU Team few weeks ago. I alraedy blog this on the 10th of July and people who visits Calendar of Updates is reminded every week so they’ll get manually or automatic.

So….. July is finished at my end because it’s now August 1 here.  Sun Microsystem, Microsoft and Adobe gave us some patches that I hope everybody that is using the affected software/version has patched. Then there’s iPhone patch for Apple iPhone users.

There’s lots of new security issues that was revealed or demo’ed during Black Hat 2009.  It’s just amazing how these researchers are finding what vendors failed to find.  Hats off to you guys and to the vendors who acted soon and will act on the reported issues on their services or software. 

Any changes? Nothing….There is still no single weapon for malware and there’s still no 100% secure browser or system on earth. Be careful all the time, folks!

Hiding an infection in an unused SSL site

From StopBadware blog:

Today we saw an interesting case where no one could find badware in a website that Google reported as infected—until Google tipped us off to check the site using https (i.e., instead of testing http://example.com, we tested https://example.com). Sure enough, when we used https, an apparently unused default site loaded, along with a hidden iframe that connected to a Chinese server and downloaded a malicious payload. In addition to being difficult to track down, my colleague Oliver points out that intrusion detection systems, network firewalls, and other devices that scan traffic as it passes through a network would probably miss this malicious payload because of it being encrypted within an SSL stream.

http://blog.stopbadware.org/2009/07/31/hiding-an-infection-in-an-unused-ssl-site

Apple patches Black Hat SMS vuln

Yesterday, The Reg reported that researchers had discovered a vulnerability in the iPhone and other mobile devices that made them vulnerable to an SMS hack.

This morning, Apple fixed it.

http://www.theregister.co.uk/2009/07/31/iphone_sms_vulnerability_patch/

Good work but… they need to stop that pre-checked.  See Ban that Check and Installers Hall of Shame – Patchers Demand Security Updates Only

Details of the security update in iPhone in http://support.apple.com/kb/HT3754

Surveillance camera hack swaps live feed with spoof video

Defcon Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface.

At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated new additions to UCSniff, a package of tools for sniffing internet-based phone conversations. The updates offer tools that streamline the process of intercepting video feeds, even when they are embedded in voice-over-internet-protocol traffic.

Taking a page from movies like The Thomas Crown Affair, the researchers showed how a companion tool called VideoJak can be used to tamper with video surveillance feeds in museums and other high-security settings. As several hundred conference attendees looked on, they displayed a live feed of a water bottle that was supposed to be a stand in for precious diamond egg. When someone tried to touch the bottle, the video caught the action in real time.

http://www.theregister.co.uk/2009/08/01/video_feed_hacking/

Practicing safe surfing can derail attempts to cruise ‘Net anonymously

Google Safe service can reveal end users even if they hide behind proxies

A Google service that helps protect Internet surfers from malicious sites also gathers data about browsing activities that users are trying to keep secret, a researcher told Black Hat attendees.

Google Safe, a database service that warns Internet users when they are about to enter infected pages, marks browsers so the users can be identified even if they proxy all their traffic through another IP address, says Robert Hansen, CEO of Internet security firm SecTheory. “It’s a privacy-security tradeoff,” Hansen says.

Firefox and Chrome browsers are both susceptible to the problem, he says. Others may be as well, but Hansen hasn’t tested them.

More in http://www.networkworld.com/news/2009/073109-black-hat-googlesafe-privacy.html

Conficker talk sanitized at Black Hat to protect investigation

The international security team tracking down Conficker thought the masterminds behind it would have been apprehended by now, according to one of the leaders of the effort to stamp out the resilient worm.

But that’s not the way it has worked out, and a talk at Black Hat yesterday had to be scaled back because it contained information about Conficker that might tip investigators’ hand and send the perpetrators further underground, says Mikko Hypponen, chief research officer at F-Secure and a member of the Conficker Working Group. 

When Hypponen submitted the abstract for his Black Hat briefing more than six months ago, he thought he’d be presenting a forensic look at a dead worm and that the team who had written and managed it would be out of action. “I had hoped that by the end of July we would be in a totally different situation, the case would be closed and the group would be in jail,” Hypponen said in an interview after his talk.

http://www.networkworld.com/news/2009/073109-black-hat-conficker-talk.html

Installers Hall of Shame – Patchers Demand Security Updates Only

MVP and SBS Diva, Susan Bradley blog about Patchers Demand Security Updates Only at http://msmvps.com/blogs/bradley/archive/2009/07/31/patchers-demand-security-updates-only.aspx

And you can find what she’s talking about in MVP Steve Wechler’s blog over at MVP Lawrence Abrams (Grinler) website:

Hey, Software "Vendors", Stop installing **** with your security updates !!!

http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564

I added the above in CoU discussion about unwanted add-ons

See also the "demand" of many people has at Calendar of Updates forum:

You see vendors…. people don’t like add-ons on any products especially when you are releasing updates.  People do not like any toolbar or any software that is THIRD PARTY and has nothing to do with the software that the people has downloaded.  People needs a CLEAN installer.  Not another toolbar, add-on that you gain $$ for bundling it in. 

And note also to vendors who have third party service or software on their installer but do not have EULA about that third party….  Your product should not be supported if you are trying to hide or do not show proper disclosure via EULA of the one you bundled.  Example:  Comodo Internet Security do not have EULA of HopSurf during the installation, RegRun Reanimator by Greatis do not have EULA during the install of the product and the EULA of it is hidden in Help file which is not for RegRun Reanimator but for Regrun Security Suite.  Please……… present your installer as CLEAN with proper and clear disclosure.

New version of Ad-Aware on August 25

We’ve been updating you from time to time with bits of news about our upcoming new version of Ad-Aware. Now that the Ad-Aware launch is only weeks away, we would like to take a minute to make sure that you’re all aware of the upcoming launch – August 25, 2009 – and the added security it will bring.

http://www.lavasoft.com/mylavasoft/company/blog/mark-your-calendars-–-august-25-2009

What’s New?

  • The Neutralizer -Lavasoft’s new advanced removal tool combats malware that attempts to restore itself even after rebooting your system.
  • Genotype Detection Technology – Based on heuristics, the new Genotype technology allows Ad-Aware to stay one step ahead of today’s ever-evolving threats, as well as threats that have not yet been created.
  • Rootkit Removal System – Improved anti-rootkit technology to uncover and remove even the most complex monitoring tools, detecting both user-mode and kernel-mode attack techniques.
  • Simple Mode/Advanced Mode – We know that not all users have the same needs, so we give you the power to decide how you want to interact with Ad-Aware. Simple Mode is designed to make using the program as easy as possible, whereas Advanced Mode will let you customize all the settings as you choose.
  • Do Not Disturb Mode – Stay protected while enjoying games or movies online – without the irritating interruptions or strain on system resources that other security software programs cause.
  • Community-driven translations – The new XML-based language format of the user interface allows you to edit and upload translated text for others to use.
  • Community-driven, custom skins – Make Ad-Aware your own by choosing the look of the interface that best fits you – or by designing your own custom Ad-Aware skin. Stay tuned for news on the skin design contest (the winner will have his or her design packaged and distributed with the new release!)

http://www.lavasoft.com/company/newsletter/2009/08/article_first_look.php

Related article:  Ad-Aware vs Spybot Search and Destroy

Following the Money: Rogue Anti-virus Software

By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low.

Even if you manage to trace one link in the chain — such as a payment processor or Web host — the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer.

But every so often, subtle links between the various layers suggest a more visible role by various parties involved. This was what I found recently, when I began investigating a Web site name called innovagest2000.com.

This Innovagest2000 domain has for at least four years now been associated with spyware and so-called "scareware," surreptitiously installed software that bombards the victim with incessant and misleading warnings that their PC is infested with malicious software. The warnings usually mimic Microsoft software or the operating system itself, and persist until the victim figures out how to remove it or pays for a license to the software.

More in http://voices.washingtonpost.com/securityfix/2009/07/following_the_money_trail_of_r.html

Adobe released v9.1.3 of its PDF Reader with security fixes

Adobe Reader v9.13
Available via Updater of the program.

The Adobe Reader 9.1.3 Update addresses customer issues and security vulnerabilities. Adobe recommends that you always install the latest updates.

For offline installation:
Download the patch for Windows: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1.3/misc/AdbeRdrUpd913_all_incr.msp
Download the patch for Mac: ftp://ftp.adobe.com/pub/adobe/reader/mac/9.x/9.1.3/misc/

What it will fix is in mentioned in the advisory:  http://www.adobe.com/support/security/advisories/apsa09-03.html 

Wait for the bulletin if you want but the update is available in the program’s updater.

Edit to add:

Update on Vulnerability identifier: APSB09-10
July 31, 2009 – Bulletin updated with Adobe Reader and Acrobat updates, and correct Adobe Flash Player 9 download link

http://www.adobe.com/support/security/bulletins/apsb09-10.html