Update Google Chrome
July 26, 2010 – 9:13 PMGoogle Chrome 5.0.375.125 has been released to the Stable channel on Linux, Mac, Windows, and Chrome Frame.
Download:
http://www.google.com/chrome?hl=en
Block the Windows Shortcut Exploit
July 26, 2010 – 7:58 PMThe Windows Shortcut Exploit is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link to run a malicious DLL file. Sophos now has a free, easy-to-use tool blocks this exploit from running on your computer.
Please note: Existing Sophos Endpoint customers are already protected from the Windows Shortcut Exploit and do not need to install this tool.
Source:
http://www.sophos.com/products/free-tools/sophos-windows-shortcut-exploit-protection-tool.html
WPA2 security hole discovered
July 26, 2010 – 5:39 AMSecurity experts at AirTight Networks have discovered a hole in the WPA2 Wi-Fi security protocol. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document:. Right at the bottom of this page, the IEEE introduces the keys used by WPA2: the PTK (Pairwise Transient Key), which is unique for every Wi-Fi client and used for unicast traffic, and the GTK (Group Temporal Key) used for broadcasts. While data forgeries and spoofed mac addresses can be detected with the PTK, the GTK does not offer this functionality.
The AirTight experts say that this is the crux of the matter, because it allows a client to generate arbitrary broadcast packets other clients respond to with information about their secret PTKs which can be decrypted by attackers. AirTight reportedly only needed to add 10 extra lines of code to the Madwifi driver to make a PC with an ordinary Wi-Fi card act like an access point. Attackers could reportedly exploit this to cause damage on the network, for instance via denial-of-service (DoS) attacks. The experts say that the only factor mitigating the attack potential is that attackers need to be internal, authorised Wi-Fi users. They do not anticipate that a patch will become available because “Hole 196” is written into the standard.
Source:
http://www.h-online.com/security/news/item/WPA2-security-hole-discovered-1044970.html
Update Adobe Flash Now!
June 6, 2010 – 3:44 PMA critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.
Update: Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
KHOBE – 8.0 earthquake for Windows desktop security software
May 9, 2010 – 4:34 PMIn September 2007, we have published an article about a great disease that affected tens of Windows security products. The article called Plague in (security) software drivers revealed awful quality of kernel mode drivers installed by all the major desktop security products for Windows. The revealed problems could cause random system crashes, freezes and in some cases more severe security issues.
Today, we reveal even more serious problem of the Windows desktop security products that can be exploited to bypass a big portion of security features implemented by the affected products. The protection implemented by kernel mode drivers of today’s security products can be bypassed effectively by a code running on an unprivileged user account. If you ever heard of SSDT hooks or similar techniques to implement various security features such as products’ self-defense, we will show you how to bypass the protection easily.
Source:
http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
