Security Protection – Harry Waldron MVP Rotating Header Image

July, 2012:

Microsoft HOTMAIL to be replaced with special verison of OUTLOOK

Microsoft has announced a replacement of Hotmail as noted below, re-branding it to use the Outlook user interface.

Microsoft HOTMAIL email service to be replaced with special verison of OUTLOOK http://www.marketwatch.com/story/microsoft-replacing-hotmail-with-outlook-2012-07-31
http://www.computerworld.com/s/article/9229828/Microsoft_reboots_Hotmail_to_build_consumer_destination_says_analyst

QUOTE: SAN FRANCISCO (MarketWatch) — Microsoft Corp. is replacing Hotmail, its Web-based consumer e-mail system, with an expanded version of Outlook, the system widely used by businesses. Microsoft said it is making Outlook.com available for preview on Tuesday, touting an upgraded Web-based system compatible with mobile devices and social networking.  In addition to a desktop application and a service for businesses, we’re offering Outlook as a personal email service – Outlook.com,” a company blog post said. Hotmail was a pioneer in Web-based e-mail systems which allowed users to access e-mail accounts independent of their workplace or their Internet service providers.

NEW OUTLOOK PREVIEW site for existing HOTMAIL USERS http://www.outlook.com

MS-CHAPv2 Protocol used by PPTP VPNs compromised with 100% success

Corporate security teams should evaluate and address the risks associated with any current usage of this protocol.  The analysis of the protocol, proof-of-concept cracking approach, and special PICO supercomputer used, make this a fascinating read for security professionals.  It requires a sophisticated setup and some time to reconstruct the plain text versions of passwords from the NT Hash for the 3 DES keys.   
 
MS-CHAPv2 Protocol compromised with 100% success https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807 https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

QUOTE: Moxie Marlinspike and David Hulton gave a talk at Defcon 20 on a presentation on cracking MS-CHAPv2 with 100% success rate. This protocol is still very much in use with PPTP VPNs, and WPA2 Enterprise environments for authentication. Moxie’s recommendations:

1. All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.

2. Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.

Knowing that MS-CHAPv2 can now be cracked, what alternatives are you considering to secure your now insecure communications? The two alternatives suggested by Moxie are “OpenVPN configuration, or IPSEC in certificate rather than PSK mode.”

London Olympics 2012 – Scams and Malware attacks circulating

McAfee Labs, Trend, and other security firms share an awareness of scams and malware attacks using the London Olympics as bait for users to disclose sensitive information or infect their computers with malware.

London Olympics 2012 – Scams and Malware attacks circulating http://blogs.mcafee.com/mcafee-labs/scams-surround-london-olympics
http://blog.trendmicro.com/more-london-olympics-related-threats/
http://blog.trendmicro.com/relay-race-to-ruin-cybercrime-in-the-olympics/
http://blog.trendmicro.com/illegal-tv-cards-allowing-free-olympic-viewing-sold-online/
http://blog.trendmicro.com/bogus-london-olympics-2012-ticket-site-spotted/
http://blog.trendmicro.com/countdown-to-the-olympics-are-you-safe/
 
QUOTE: These mails inform the recipients that they have won a substantial amount of money. After contacting the lottery manager, the victims of these rip-offs will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. Do you imagine these lottery payments will ever be received? In some cases, the organizers ask for a copy of the winner’s passport, national ID, or driver’s license. With that personal information compromised, future identity theft activities are guaranteed.

NIST Computer Security Updates – July 2012

NIST standards provide helpful guidance in the corporate world for development of policies, standards, and procedures.

NIST Updates Computer Security Guides
http://www.informationweek.com/news/government/security/240004585

QUOTE: The National Institute of Standards and Technology has released updated guidance on how federal agencies and businesses can deal with network attacks and malware. The advice comes in the form of two publications that have been revised to reflect the latest in security best practices: NIST’s Guide to Intrusion Detection and Prevention Systems and Guide to Malware Incident Prevention and Handling for Desktop and Laptops. The agency is seeking public comments on the draft publications before releasing them in final form.

Windows 8 – McAfee Labs evaluates security

McAfee has a special series of articles related to security for Windows 8 and it’s new application environment.  While the operating system itself is very secure, user actions and application security controls present key risks as in other versions of Windows.  Below are the first three articles:

Windows 8 – McAfee Labs evaluates security http://blogs.mcafee.com/mcafee-labs/windows-8-metro-brings-new-security-risks
http://blogs.mcafee.com/mcafee-labs/metro-interface-improves-windows-8-while-increasing-some-risks
http://blogs.mcafee.com/mcafee-labs/stronger-windows-8-still-vulnerable-through-apps-users

QUOTE: As with every version of Windows, we see various kernel improvements. With these changes to the OS, Microsoft has made a safer environment for users. But this environment is still vulnerable to the following security risks:

* Socially engineered emails or websites with executable attachments
* Vulnerabilities and exploits targeting Windows applications
* Mass-distributed desktop malware

Most of the malware that we see today does not go after the BIOS. Some go after the boot sequence and most go after the post-boot injection points such as start-up folders, AutoRun registry keys, and autoload DLL/component injection points. The secure boot architecture handles the preboot sequence and makes a good stab at boot driver validation, but there is some distance to go to guard all the injection points used by most malware. Future posts will include more analysis of Windows 8 and the state of its security. We will also explore implications for users and discuss best security practices for operating systems and applications.

Microsoft Windows 8 – Offers Improved Security

Security researchers at the Black Hat security conference report low-level security improvements seen with Windows 8 that will enhance protection 

Windows 8 Much More Secure than Windows 7 http://securitywatch.pcmag.com/none/300781-windows-8-much-more-secure-than-windows-7

QUOTE: Researchers Chris Valasek (Senior Security Researcher at Coverity) and Tarjei Mandt (senior vulnerability researcher at Azimuth Security) spend their days seeking ways to compromise security in Windows. They’re good guys; if they find a problem they report it, rather than exploiting it for illicit gain. At the Black Hat conference they reported on their analysis of new low-level security features in Windows 8.

The precise details of what they discovered were barely within the realm of my comprehension. Apparently many doubly-linked lists within Windows 8 are now protected by “pool cookies.” To avoid exploits that involve forcing arbitrary code or data into places it doesn’t belong, Windows 8 randomizes locations for memory allocation and adds “guard pages” as needed. That sort of thing.   In between slides filled with code and intense details, Valasek and Mandt displayed a couple that anybody could understand. The column for Windows Vista was all red, meaning not secure. Windows 7 was close, with just a few green checkmarks. And of course Windows 8 displayed a column of solid green checkmarks. Expert or not, we know that green is good.
 

 

 

Microsoft Windows 7 – Disable third party Gadgets

Black Hat security researchers warn of dangers associated with non-Microsoft based gadget controls in Windows 7 that could be used maliciously.

Microsoft Windows 7 – Disable third party Gadgets http://securitywatch.pcmag.com/none/300819-kill-your-gadgets

QUOTE: Do you have any gadgets on your Windows 7 desktop, other than the ones that came with Windows? Kill them now! That’s the message I took away from a Black Hat talk by researchers Mickey Shkatov and Toby Kohlenberg. The two took great pains to clarify that the talk represents their own opinions only, wholly unconnected with any employer past or present. Kohlenberg reported that he was initially skeptical. Gadgets are going away, so where’s the value in studying them. “I told Mickey, if I write this code, you owe me.” However, he changed his opinion after some study. Sure, Windows gadgets are going away, but the programming style and frameworks used to make gadgets exist in other areas too, most notably smartphone apps.

Why kill your gadgets? Simply put, they are an egregious security risk. A gadget can do anything a normal application can do, but without many of the protections and limitations applied to programs. “People don’t perceive gadgets as applications, but they are,” said Kohlenberg. “They can do anything any other app can do, and you can do things from a gadget that would immediately be flagged if you did it from a binary.”  He went on to demonstrate a simple gadget that brings up gmail and sends a message to all of your contacts, with the gadget itself as an attachment. Yes, a self-replicating gadget! Sure, this won’t work if you correctly log out of gmail every time you use it. Do you?

Safari 6 – New browser version emerges

New version of Safari has been released as noted below

Safari 6 – New browser version emerges http://www.apple.com/safari/
http://support.apple.com/kb/HT5364

QUOTE: The new advanced features in Safari make it an even better place to explore the web. Safari searches even smarter so you’ll find web pages faster. It shows you all your open tabs in a great new way. Right from Safari, you can tweet web pages, post them to Facebook, or share them via Mail or Messages

The Internet Association – formed to protect key interests

A new major trade group has been formed to provide a voice for key Internet economic interests to legislators

The Internet Association – PR accouncement http://internetassociation.org/PR-InternetAssociation-120725.pdf

QUOTE: WASHINGTON – The Internet Association, the nation’s first trade association representing the interests of the Internet economy and America’s leading Internet companies, today named Michael Beckerman as its first President and Chief Executive Officer. The newly-formed Internet Association is comprised of some of the world’s most visible Internet companies and will be headquartered in Washington D.C. Beckerman will lead the Internet Association’s efforts to advance public policy solutions that strengthen and protect an open, innovative and free Internet.

Facebook and Other Tech Giants Form Trade Association to be the ‘Voice’ of the Internet http://facecrooks.com/Internet-Safety-Privacy/facebook-and-other-tech-giants-form-trade-association-to-be-the-voice-of-the-internet.html

Facebook Scam – Received reports that your account has violated a policy

Scammers use a number of tactics to capture sensitive information, including free offers.  Facecrooks security warns users with a tactic of “fear” to take action or they might lose privileges if they do not respond.  As one must login to respond to this new phishing scheme, it can result in security compromise of one’s Facebook account.  It is important to remain cautious and only respond to legitimate requests.

Warning: We received from other users that your account has violated a policy that is considered to disturb or offend other users. http://facecrooks.com/Scam-Watch/warning-we-received-reports-from-other-users-that-your-account-has-violated-a-policy-facebook-scam.html

Scam Type: Phishing
Trending: July 2012
Why it’s a Scam:  Clicking on the link in the scam post will direct you to the following URL. This is not a legitimate Facebook domain, but a casual user could be easily fooled by it. If you click continue you will no doubt be presented with an attempt to obtain your Facebook login credentials.

Network-wide options by YD - Freelance Wordpress Developer