Security Protection – Harry Waldron (WP) Rotating Header Image

July 31st, 2012:

Microsoft HOTMAIL to be replaced with special verison of OUTLOOK

Microsoft has announced a replacement of Hotmail as noted below, re-branding it to use the Outlook user interface.

Microsoft HOTMAIL email service to be replaced with special verison of OUTLOOK http://www.marketwatch.com/story/microsoft-replacing-hotmail-with-outlook-2012-07-31
http://www.computerworld.com/s/article/9229828/Microsoft_reboots_Hotmail_to_build_consumer_destination_says_analyst

QUOTE: SAN FRANCISCO (MarketWatch) — Microsoft Corp. is replacing Hotmail, its Web-based consumer e-mail system, with an expanded version of Outlook, the system widely used by businesses. Microsoft said it is making Outlook.com available for preview on Tuesday, touting an upgraded Web-based system compatible with mobile devices and social networking.  In addition to a desktop application and a service for businesses, we’re offering Outlook as a personal email service – Outlook.com,” a company blog post said. Hotmail was a pioneer in Web-based e-mail systems which allowed users to access e-mail accounts independent of their workplace or their Internet service providers.

NEW OUTLOOK PREVIEW site for existing HOTMAIL USERS http://www.outlook.com

MS-CHAPv2 Protocol used by PPTP VPNs compromised with 100% success

Corporate security teams should evaluate and address the risks associated with any current usage of this protocol.  The analysis of the protocol, proof-of-concept cracking approach, and special PICO supercomputer used, make this a fascinating read for security professionals.  It requires a sophisticated setup and some time to reconstruct the plain text versions of passwords from the NT Hash for the 3 DES keys.   
 
MS-CHAPv2 Protocol compromised with 100% success https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807 https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

QUOTE: Moxie Marlinspike and David Hulton gave a talk at Defcon 20 on a presentation on cracking MS-CHAPv2 with 100% success rate. This protocol is still very much in use with PPTP VPNs, and WPA2 Enterprise environments for authentication. Moxie’s recommendations:

1. All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.

2. Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.

Knowing that MS-CHAPv2 can now be cracked, what alternatives are you considering to secure your now insecure communications? The two alternatives suggested by Moxie are “OpenVPN configuration, or IPSEC in certificate rather than PSK mode.”

London Olympics 2012 – Scams and Malware attacks circulating

McAfee Labs, Trend, and other security firms share an awareness of scams and malware attacks using the London Olympics as bait for users to disclose sensitive information or infect their computers with malware.

London Olympics 2012 – Scams and Malware attacks circulating http://blogs.mcafee.com/mcafee-labs/scams-surround-london-olympics
http://blog.trendmicro.com/more-london-olympics-related-threats/
http://blog.trendmicro.com/relay-race-to-ruin-cybercrime-in-the-olympics/
http://blog.trendmicro.com/illegal-tv-cards-allowing-free-olympic-viewing-sold-online/
http://blog.trendmicro.com/bogus-london-olympics-2012-ticket-site-spotted/
http://blog.trendmicro.com/countdown-to-the-olympics-are-you-safe/
 
QUOTE: These mails inform the recipients that they have won a substantial amount of money. After contacting the lottery manager, the victims of these rip-offs will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. Do you imagine these lottery payments will ever be received? In some cases, the organizers ask for a copy of the winner’s passport, national ID, or driver’s license. With that personal information compromised, future identity theft activities are guaranteed.

NIST Computer Security Updates – July 2012

NIST standards provide helpful guidance in the corporate world for development of policies, standards, and procedures.

NIST Updates Computer Security Guides
http://www.informationweek.com/news/government/security/240004585

QUOTE: The National Institute of Standards and Technology has released updated guidance on how federal agencies and businesses can deal with network attacks and malware. The advice comes in the form of two publications that have been revised to reflect the latest in security best practices: NIST’s Guide to Intrusion Detection and Prevention Systems and Guide to Malware Incident Prevention and Handling for Desktop and Laptops. The agency is seeking public comments on the draft publications before releasing them in final form.

Windows 8 – McAfee Labs evaluates security

McAfee has a special series of articles related to security for Windows 8 and it’s new application environment.  While the operating system itself is very secure, user actions and application security controls present key risks as in other versions of Windows.  Below are the first three articles:

Windows 8 – McAfee Labs evaluates security http://blogs.mcafee.com/mcafee-labs/windows-8-metro-brings-new-security-risks
http://blogs.mcafee.com/mcafee-labs/metro-interface-improves-windows-8-while-increasing-some-risks
http://blogs.mcafee.com/mcafee-labs/stronger-windows-8-still-vulnerable-through-apps-users

QUOTE: As with every version of Windows, we see various kernel improvements. With these changes to the OS, Microsoft has made a safer environment for users. But this environment is still vulnerable to the following security risks:

* Socially engineered emails or websites with executable attachments
* Vulnerabilities and exploits targeting Windows applications
* Mass-distributed desktop malware

Most of the malware that we see today does not go after the BIOS. Some go after the boot sequence and most go after the post-boot injection points such as start-up folders, AutoRun registry keys, and autoload DLL/component injection points. The secure boot architecture handles the preboot sequence and makes a good stab at boot driver validation, but there is some distance to go to guard all the injection points used by most malware. Future posts will include more analysis of Windows 8 and the state of its security. We will also explore implications for users and discuss best security practices for operating systems and applications.