Information Security Philippines

Two zero-day exploits for remote code execution flaws in Yahoo! Messenger’s Webcam application have been released.

One of the flaws is a boundary error in the Yahoo! Webcam Upload ActiveX control; the other is in the Yahoo! Webcam Viewer ActiveX control.

Yahoo! expects to have a fix for the flaws available soon.  The flaws have been confirmed in Yahoo! Messenger version 8.1.0.249 and may exist in other versions as well.

{Update: As of Friday, June 8, 2007, Yahoo! has already prompted yahoo messenger users to download and install a security upgrade to patch the security issue}

More info here on the Yahoo! ActiveX Flaw.

Hackers are developing increasingly stealthy techniques to evade detection.  The attacks place malicious code on web sites, then keep track of the IP addresses that have visited infected sites; if the same IP address attempts to view the malicious site again, benign content is offered in its stead.

The attacks are also capable of identifying “the IP addresses of web crawlers used by URL filtering, reputation services and search engines,” and serve legitimate content to avoid being identified as malicious.

Recent findings reveal that hackers have created a new class of highly evasive attacks which represent a quantum leap in terms of technological sophistication, going far beyond drive-by downloads and code obfuscation.

The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.

A follow-up study conducted by Finjan’s Malicious Code Research Centre warns of the growing presence of malicious code in online advertising.

More info at: VNUNet

This just in from Wordpress awhile ago…

We have a security update release now available for both the 2.1 and 2.0 branches of WordPress now available for immediate download. This update is highly recommend for all users of both branches.

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.

It isn’t April 1 anymore so this probably is the real thing. Make sure you guys update to this new version since it provides some important security fixes which if left unpatched will surely be easy to exploit.

Don’t forget to backup and test your backups first Good luck!

National Cyber Alert System
Technical Cyber Security Alert TA07-089A
Microsoft Windows ANI header stack buffer overflow

Original release date: March 30, 2007
Last revised: –
Source: US-CERT

Systems Affected

Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Applications that provide attack vectors include:

* Microsoft Internet Explorer
* Microsoft Outlook
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Explorer (more…)

********************************************************************

Title: Microsoft Security Bulletin Summary for March 2007

Issued: March 13, 2007 Version Number: 1.0 Bulletin Summary: http://go.microsoft.com/fwlink/?LinkId=85543 ********************************************************************

Summary:

========

Microsoft has not released any security bulletins on March 13, 2007.

Secunia reports that an anonymous person discovered that it’s possible to partially spoof the Microsoft Internet Explorer (IE) 7.0 Address bar in a pop-up window, which might lead to phishing attacks. When showing an address with special characters, the Address bar might display incorrect or incomplete information to the user that tricks the user into unintended actions. Microsoft is aware of the problem, however no patch is available at this time. A workaround suggested by the United States Computer Emergency Readiness Team (US-CERT) is to disable Active Scripting in the Internet Zone.

An alert from Cisco Systems Inc. describes an unintentional password modification vulnerability in multiple firewall products that could be exploited to change passwords without user interaction and allow “unauthorized users to gain access to a device that has been reloaded after passwords in its startup configuration have been changed. Authorized users can be locked out and lose the ability to manage the affected device.”  

The flaw affects Cisco PIX 500 Series Security Appliances, Cisco ASA 5500 Series Adaptive Security Appliances and Firewall Service Module (FWSM) for Cisco Catalyst 6500 switches and Cisco 7600 Series Routers running affected versions of the software.

Cisco has issued software to address this vulnerability.  A second alert from Cisco describes a pair of flaws in Cisco VPN 3000 series concentrators with FTP file management enabled that could be exploited to execute some FTP commands and delete files.  Cisco has issued free software to address these two flaws and also made workarounds available.
http://www.cisco.com/en/US/products/products_security_advisory09186a00807183b0.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080718330.shtml

Global Security Week 2006, the week leading up to September 11th each year, is an opportunity to join forces with other security professionals worldwide and promote security to the masses. The theme for Global Security Week 2006 is identity theft. Find out about the truth behind the headlines. Is “phishing” a genuine threat? What are the banks doing about it? What can ordinary members of the public do about it? Participate in Global Security Week to help spread the word about identity theft and encourage ordinary law-abiding citizens to be on their guard.

http://www.globalsecurityweek.com/index.html

Security Solutions Virtual Tradeshow
Balancing the Need for Heightened Security and Increased Access

Wednesday, September 13 & Thursday September 14, 2006 Today’s CIOs and IT managers face a daunting task: protect their network from viruses, spyware and the latest threat du jour—phishing and keyloggers to ransomware and cyberextortion. They must also ensure that their IT spending helps their company comply with legislation, maintain internal and perimeter security, and protect information assets and personal data. But, it doesn’t end there–IT executives must contend with an increased reliance on wireless networks, smart phones, instant messenger, P2P and VoIP.  That is the mandate and there is no way getting around it.

New tools and technologies provide widespread access to enterprise users, but they also demand improved security strategies and policies. As IT managers develop more sophisticated security strategies, more complex and damaging threats will be unleashed that drain time and resources. It’s an uphill battle and it’s all in a day’s work for an already overtaxed IT department.

(more…)