IronKey launches secure online banking USB stick

IronKey has launched its Trusted Access for Banking USB stick at InfoSec 2010 in London. The IronKey TAB uses an isolated virtual machine launched from the stick and a intermediate server accessed through a VPN like connection to create a secure channel from the user to IronKey’s servers, and from there to the bank’s web servers.

The solution is aimed at commercial banks and their customers who have found that malware using keyloggers on host PCs have made techniques such as two factor authentication vulnerable. IronKey say that already, in some cases, key-logging malware is monitored live for user access; the entry of security tokens can be listened in on and replicated while the token is still valid. The IronKey TAB runs a Linux based operating system which in turn runs a dedicated Firefox based browser. It takes a number of steps to prevent key-loggers from intercepting passwords and has an optional virtual keyboard for non-keyboard password entry. It also makes use of the IronKey’s integrated RSA SecurID to provide login tokens, but adds an extra, variable obfuscation to ensure that any malware spies will see an invalid token.

In some ways, the IronKey TAB is similar in intent to the process of booting a Live CD of Linux and performing banking from the read only Live CD environment, but without the need to reboot the host system and activated only when the stick is plugged in and the stick itself is not compromised. IronKey goes further than a dedicated machine or LiveCD solution by taking control of the connection to the banks servers, using a VPN like wrapper for network traffic and handling DNS requests through IronKey’s server, to avoid man in the middle or DNS manipulation based attacks. The bank can configure the device to only allow access to its own websites and those of trusted partners. The server can also block access based on IP addresses, time of day or location, a capability based on IronKey’s secure USB flash drive offerings. The system also offers remote kill or lock-out capabilities to disable lost or stolen sticks.

Source:
http://www.h-online.com/security/news/item/IronKey-launches-secure-online-banking-USB-stick-988577.html

Posted in Hardware, Internet, Privacy, Security | No Comments

Adobe issues official workaround for PDF vulnerability

For consumers, open up the Preferences panel and click on “Trust Manager” in the left pane. Clear the check box “Allow opening of non-PDF file attachments with external applications“.

For administrators who wish to accomplish this with a registry setting on Windows, add the following DWORD value to:
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\\Originals

Name: bAllowOpenFile
Type: REG_DWORD
Data: 0

Furthermore, an administrator can grey out the preference to keep end-users from turning this capability on, by adding the following DWORD value to:
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\\Originals

Name: bSecureOpenFile
Type: REG_DWORD
Data: 1

Source:
http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html

Posted in Internet, Security, Software | 1 Comment

Vulnerability in Internet Explorer could allow remote code execution

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/advisory/981374.mspx

Two Fix it solutions are available:

• Fix it solution for peer factory in iepeers.dll – We have created an application compatibility database that will disable peer factory in the iepeers.dll binary for supported versions of Internet Explorer on Windows XP and Windows Server 2003.
• Fix it solution for Data Execution Prevention – We have created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer that support DEP. You do not need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.

Fix It page:
http://support.microsoft.com/kb/981374

Posted in Internet, Security, Windows | No Comments

Energizer DUO USB battery charger software allows unauthorized remote system access

Energizer DUO is a USB battery charger. Included with the charger is a Windows application that allows the user to view the battery charging status. The installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.

Source:
http://www.kb.cert.org/vuls/id/154421

Posted in General BS, Hardware, Internet, Privacy, Security | 2 Comments

Vulnerability in VBScript Could Allow Remote Code Execution

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.

Source:
http://www.microsoft.com/technet/security/advisory/981169.mspx

Posted in Internet, Security, Windows | No Comments