Exploit published for SMB2 vulnerability in Windows

A fully functional exploit for the security vulnerability in the SMB2 protocol implementation has been published. It can be used to discover and attack vulnerable Windows machines remotely. By integrating the exploit into the Metasploit exploit toolkit, attackers have access to a wide range of attack options, ranging from issuing a warning to setting up a convenient backdoor on a user’s system.

Windows Vista, Windows Server 2008 and the Windows 7 Release Candidate are all vulnerable, although the bug has been fixed in the final version of Windows 7. Microsoft has not yet released a patch for the security vulnerability, which was first disclosed nearly three weeks ago. The software giant has released one-click instructions for disabling the vulnerable SMB2 protocol, but there are sure to be many users who fail to follow them.

Until now, the SMB2 exploit had been mostly circulating privately. Public disclosure means that anyone can now access the source code for the functioning exploit. The potential consequences are illustrated by a small-ad on GetACoder, where an identified Singapore-based outsourcer has posted an advertisement looking for a developer who can put together an adaptable C/C++ program which uploads and executes a program from the web on vulnerable systems. It’s hard to imagine that this is going to be used for legitimate security testing.

Source:
http://www.h-online.com/security/Exploit-published-for-SMB2-vulnerability-in-Windows–/news/114343

Posted in Internet, Networking, Security, Windows | No Comments

Facebook Privacy & Security Guide

Created by Tom Eston. This is version 1.1 of the guide, last updated September 2009. It is updated when Facebook changes any privacy settings or configuration.

Source:
http://socialmediasecurity.com/security-guides/facebook/facebook_privacy_and_security_guide/

Posted in Internet, Privacy, Security | No Comments

Use ants to fight worms

To combat worms, Trojans and other malware, a team of security researchers wants to use ants.

Not the actual live insects, of course, but computer programs modelled to act like ants in the way they roam a network and search for anomalies. “Ants aren’t intelligent,” says Glenn Fink, a senior research scientist at the Pacific Northwest National Laboratory who came up with the idea for the project, “but as a colony ants exert some very intelligent behavior.”

According to Fink and one of his project partners, associate professor Errin Fulp of Wake Forest University, their in-the-works project uses distributed data-collecting sensors that are modelled after the six-legged natural creatures. But where ants may leave scent trails to guide other ants to a discovered threat or food source, Fink’s sensors pass along collected data to other sensors in an attempt to identify anomalous behavior that may signal a malware infection in a large-scale network.

Source:
http://features.techworld.com/security/3202855/use-ants-to-fight-worms/?olo=rss

Posted in Internet, Networking, Security | No Comments

Unauthentication

In computer security, a lot of effort is spent on the authentication problem. Whether it’s passwords, secure tokens, secret questions, image mnemonics, or something else, engineers are continually coming up with more complicated—and hopefully more secure—ways for you to prove you are who you say you are over the Internet.

This is important stuff, as anyone with an online bank account or remote corporate network knows. But a lot less thought and work have gone into the other end of the problem: how do you tell the system on the other end of the line that you’re no longer there? How do you unauthenticate yourself?

My home computer requires me to log out or turn my computer off when I want to unauthenticate. This works for me because I know enough to do it, but lots of people just leave their computers on and running when they walk away. As a result, many office computers are left logged in when people go to lunch, or when they go home for the night. This, obviously, is a security vulnerability.

Source and Full Story:
http://www.schneier.com/blog/archives/2009/09/unauthenticatio.html

Posted in Hardware, Internet, Linux, Security, Windows | No Comments

Metasploit Unleashed – Mastering the Framework

This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework.

http://www.offensive-security.com/metasploit-unleashed/

Posted in Coding, Internet, Linux, Privacy, Security, Software, Windows | No Comments