Security Protection – Harry Waldron (WP) Rotating Header Image

March 29th, 2011:

Facebook – New XSS Worm Allows Automatic Wall Posts

Please be careful with links that might be presented to you in Facebook. Another new XSS worm is circulating that can automatically post messages with malicious links on Facebook walls of your friends and contacts. 

Facebook – New XSS Worm Allows Automatic Wall Posts http://www.symantec.com/connect/blogs/new-xss-facebook-worm-allows-automatic-wall-posts

QUOTE: Currently a new and unpatched cross-site scripting (XSS) vulnerability in Facebook is being widely used to automatically post messages to other user’s walls. The vulnerability was used for some time in some smaller cases; however, it is now widely being used for the first time by many different groups—especially in Indonesia, where we are seeing thousands of infected messages being posted by unknowing users.

Any user who is logged into Facebook and visits a site that contains such an element will automatically post an arbitrary message to his or her wall. There is no other user interaction required, and there are no tricks involved, like clickjacking. Just visiting an infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook.

Mouse Training Company – Free MS Office Training Manuals

Mouse Training Company – Free MS Office Training Manuals http://www.mousetraining.co.uk/ms-office-training-manuals.html

QUOTE: We have made all our MS Office training manuals available to download for free. The files are in PDF format that will allow you Save, Print or Email to yourself.  If you are not a Mouse Training client and would like to make use of the manuals, we kindly ask that you provide a HTML link back to our site from your company website. Please use the following information for the link. The manuals are copyright protected under Wiki Commons License. This agreement will allow you to download, edit, distribute and store the manuals without limit.

Internet Private Browsing – IE, Firefox, and Chrome

Internet Private Browsing – IE, Firefox, and Chrome http://blog.trendmicro.com/private-browsing/

QUOTE: Chrome, Firefox, and Internet Explorer released major updates this week. The timing may be a coincidence or not but there is a very interesting feature that all three browsers are developing almost at the same time—private browsing.

Each of the three approaches to private browsing has its merits:

Mozilla Firefox advocates the use of a new HTTP header that, with time, all websites should honor

Google Chrome instead uses a blacklist of websites published by Google

Microsoft Internet Explorer is similar, except that it allows for a more granular control over lists

Finally, private browsing! But how does this change my life? Well, for starters, you can now minimize the amount of targeted advertising you’re exposed to. That’s if you want to, of course. The key element is choice. The three main browsers have chosen three very different ways to implement privacy.

Firefox 4 Security Features

Some of the key security enhancements found in the new version of Firefox are listed below:

Firefox 4 Security Features
http://isc.sans.edu/diary.html?storyid=10594
https://developer.mozilla.org/en/Firefox_4_for_developers#Security

Firefox 4 – All Features (Technical writeup)
https://developer.mozilla.org/en/Firefox_4_for_developers

QUOTE: Like no other release before it, Firefox 4 includes a number of significant security features. These features are addressing attacks that are in particularly hard to avoid by developers and in which the browser is more so the victim then the server.

These attacks, Cross Site Scripting (XSS), redirects to HTTP pages from HTTPS and Clickjacking use vulnerable web applications more as a mirror to bounce attacks into the browser. The browser can provide meaningful protection against these attacks, unlike for more server centric attacks like sql injection, for which the attacker is in full control of the client.

Apple Mac OS X – Security Update 2011-001

All Apple Mac OS X users should update their systems as prompted.  There were 53 issues addressed in several components including third party software

Apple Mac OS X – Security Update 2011-001 http://blogs.pcmag.com/securitywatch/2011/03/mac_os_x_update_fixes_dozens_o.php

Mac OS X v10.6.7 and Security Update 2011-001 http://support.apple.com/kb/HT4581

QUOTE: This document describes the security content of Mac OS X v10.6.7 and Security Update 2011-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

Social Network users are too friendly in sharing information publicly

We should be careful when sharing information on Facebook and other social networks. Sometimes, I see friends sharing advanced plans of a trip, vacation, or other outing. As these posts are often available to the general public, there have indeed been accounts of folks burglarized while away and criminals confusing that they discovered it via a Facebook post.

Social Network Users too friendly in sharing information publicly http://blogs.pcmag.com/securitywatch/2011/03/survey_says_users_too_friendly.php

QUOTE: It’s old news that people are way too trusting on social media sites with their personal information, but it’s no less disturbing for being banal. Would you walk around on the street holding a sign displaying your birthday, home town, and other data people commonly put in their Facebook public profiles?

ID Analytics’s message is that you shouldn’t be one of the low-hanging fruit. They have 3 rules of thumb for protecting your identity:

1. Be careful what you share 2. Protect what you have 3. Monitor, monitor, monitor

ID Analytics – In-depth study of Privacy http://www.idanalytics.com/news-and-events/news-releases/2011/3-22-2011.php

SQL Slammer – sudden decrease in activity

Below is an interesting post from the ISC reflecting an unexplained sharp decrease in port 1434 attacks by the decade old SQL Slammer worm

Port 1434: Sudden Slammer Decline? http://isc.sans.edu/diary.html?storyid=10576

QUOTE: We’re interested to know what’s happening out there.  It has been observed through DShield data that Slammer traffic has had a sudden decline.  I played with the data for a while.  I could make it look like many things, such as slow and steady decline over time.  However, the most compelling story is the one where the data drops on March 9 and 10.

Below is the DShield data and graph on port 1434 for March 2011.  It’s speculative at this point as to the cause of the sudden drop.  Japan’s earthquake or Patch Tuesday have been kicked around.  I would be remiss if I did not mention Kevin Liston’s series on Slammer Cleanup during October. We are loving the thought his great effort was a catalyst for the eradication of it. So go back and take a look at your data for us and share what you’re seeing.

Mozilla Firefox 4.0 released

New 4.0 release has just debuted and it is working well in testing as a complementary browser

Firefox 4.0 – Home Page http://www.mozilla.com/en-US/products/download.html?product=firefox-4.0

Firefox 4.0 – Whats New http://www.mozilla.com/en-US/firefox/features/

Firefox 4.0 – Tips and techniques http://www.mozilla.com/en-US/firefox/tips/

Firefox 4.0 – Security http://www.mozilla.com/en-US/firefox/features/#advancedsecurity

Adobe Flash Update – March 21, 2011

Please update the Adobe Flash component for your browsers as automatically prompted

Adobe Flash Player update addresses a critical security issue (CVE-2011-0609) http://www.adobe.com/support/security/bulletins/apsb11-05.html
http://isc.sans.edu/diary/Adobe+Flash+Player+update+RSA+further+notification+and+Play+com+breach/10585

QUOTE:  A critical vulnerability has been identified in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. This vulnerability (CVE-2011-0609), as referenced in Security Advisory APSA11-01, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild against Flash Player in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.

Microsoft’s DCU unit disrupts Rustock botnet

Microsoft and other security firms continue to fight spam, botnets, and other sophisticated attacks.  Recently a major complex botnet known as Rustock was taken offline reducing spam attacks and helping to improve Internet safety

Microsoft’s DCU unit disrupts Rustock botnet http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/18/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
http://www.zdnet.com/blog/security/rustock-botnets-operations-disrupted/8456

QUOTE: Just over a year ago, we announced that the Microsoft Digital Crimes Unit  (DCU), in cooperation with industry and academic experts, had successfully taken down the botnet Waledac in an operation known as “Operation b49”. Today, I’m happy to announce that based on the knowledge gained in that effort, we have successfully taken down a larger, more notorious and complex botnet known as Rustock. This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake – and potentially dangerous – prescription drugs.