Security Tightened for .org Domain

The Public Interest Registry will announce today that it has begun cryptographically signing the .org top-level domain using DNS security extensions known as DNSSEC.

DNSSEC is an emerging standard that prevents spoofing attacks by letting Web sites verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.

DNSSEC is viewed as the best way to bolster the DNS against vulnerabilities including the Kaminsky Bug, a DNS flaw discovered last summer that allows a hacker to redirect traffic from a legitimate Web site to a fake one without the user knowing.

“DNSSEC is a needed infrastructure upgrade,” says Alexa Raad, CEO of the Public Interest Registry (PIR). “It has passed the threshold of being a theoretical opportunity to being a practical necessity. The question then becomes: How do we make it work?”

With 7.5 million registered names, .org is the largest domain to deploy DNSSEC.

Current DNSSEC users include country code domains run by Sweden, Puerto Rico, Bulgaria, Brazil and the Czech Republic.

“Us signing the zone is a very important step, but it’s also a symbolic step,” Raad says. “A large [generic top-level domain] has now signed their zone. It will signal to all the other players in the chain that it is time to work very seriously on the software and applications to make DNSSEC viable in the near future.”

Source:
http://www.pcworld.com/businesscenter/article/165916/security_tightened_for_org_domain.html

Posted in Internet, Security | No Comments

Mass Injection Attack Affects 40,000 Websites

Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site.

According to a weekend report by researchers at Websense, thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site.

“The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites,” the report says. “This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.”

The report indicates the exploit had infected some 20,000 sites, but researchers this afternoon told reporters the figure is now closer to 40,000.

Like Gumblar, the attack redirects users who conduct searches on popular Websites and search terms. The browsers are routed through a statistical server and then onto the Beladen.net site, a well-known carrier of malware.

Source:
http://darkreading.com/security/attacks/showArticle.jhtml?articleID=217701136

Posted in Internet, Privacy, Security | No Comments

New Releases of iTunes and QuickTime Fix 11 Vulnerabilities

Apple has released versions 8.2 of iTunes and 7.6.2 of QuickTime to address a series of vulnerabilities, mostly in QuickTime.

The one iTunes vulnerability is a stack overflow in parsing “itms:” URLs which can lead to a DOS or arbitrary code execution. 10 vulnerabilities in QuickTime are all of a type that viewing certain malicious content could crash the program or lead to arbitrary code execution. Most of these vulnerabilities affect both Windows and Mac versions.

Such attacks do happen in the real world, and it’s a good idea to apply the updates quickly.

The vulnerability information went out on an Apple mailing list but is not yet available on their web site. You can download the new Windows versions from the QuickTime download page or run Apple Software Update.

Source:
http://blogs.pcmag.com/securitywatch/2009/06/new_releases_of_itunes_and_qui.php

Posted in Coding, Internet, Security, Software | No Comments

VirtualBox 2.2.4 Released

VirtualBox is a powerful x86 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL).

This is a maintenance release. The following items were fixed and/or added:

• Windows Installer: fixed a potential hang during installation
• Windows Installer: fixed several problems
• Solaris hosts: make it work with Solaris build 114 or later
• Solaris hosts: fixed a bug serial port character handling found during loopback
• Linux hosts: adapted vboxdrv.sh to the latest changes in VBoxManage list runningvms
• Windows hosts: fixed a crash caused by host-only/bridged networking
• Mac OS X hosts: fixed access to host DVD with passthrough disabled
• Guest Additions: fixed problems with KDE 4 not recognizing mouse clicks
• Windows Additions: fixed incorrect 8-bit guest color depth in Windows 7 guests
• GUI: warn if VT-x/AMD-V could not be enabled for guests that require this setting
• VMM: fixed occassional crash due to insuffient memory
• VMM: fixed hanging 64 bits Solaris guests
• VMM: restore from a saved state occassionally failed
• Clipboard: fixed a deadlock while shutting down the shared clipboard on X11 hosts
• OVF: fixed potential hang during import
• OVF: fixed potential crashes during import/export on Win64 hosts
• VBoxManage modifyhd –compact: fixed bug which could lead to crashes and image corruption
• VBoxManage metrics collect: now flushes the output stream.
• VHD: made VBoxManage internalcommands sethduuid work for .vhd files
• VHD: some .vhd files could not be cloned
• VMDK: fixed creating snapshots
• NAT: improvement of TCP connection establisment
• NAT: fixed order of DNS servers in DHCP lease
• NAT: fixed DHCP lease for multiple name servers
• NAT: fixed a potential segfault if the host lost its connectivity
• Shared Folders: deny access to parent directories on Windows hosts
• Shared Folders: make rm/rmdir work with Solaris guests on Windows hosts
• Networking: fixed the problem with blocked receiving thread when a broadcast packet arrives too early to be handled by uninitialized e1000 adapter.
• Networking: fixed the problem that caused host freezes/crashes when using bridged mode with host’s interface having RX checksum offloading on. Fixes problems with TX offloading as well
• PXE boot: Added support for PRO/1000 MT Server adapter.
• Python bindings: fixed keyword conflict
• SCSI: fixed occasional crashes on Win64
• Serial: allow to redirect the serial port to a raw file
• VRDP: fixed a rare incorrect screen update

Download:
http://www.virtualbox.org/wiki/Downloads

Posted in Internet, Networking, Privacy, Security, Software | No Comments

Steganography with TCP retransmissions

Polish researchers have described a way of hiding information in retransmissions of IP-based data traffic. Transmission errors are simulated in a TCP connection to provoke retransmissions and, before packets are retransmitted, their content is replaced with data intended to be concealed.

With the steganographic protocol known to both sender and receiver, a more or less hidden channel can be established. The researchers Wojciech Mazurczyk, Miłosz Smolarczyk and Krzysztof Szczypiorski call their method “Retransmission Steganography” (RSTEG). In principle, the approach will also work with other network protocols.

No further measures are taken to conceal the message, but since retransmissions are not a rarity when data are sent over the internet, the approach assumes they will not be conspicuous among the other traffic. According to the authors, anyone watching the traffic between sender and receiver will have difficulty spotting the hidden channel. Normal retransmissions are one of the problems though; the recipient must be prepared to separate the steganographic packets from the naturally occurring retransmission packets which are generated by the recipients connections.

Source:
http://www.h-online.com/security/Steganography-with-TCP-retransmissions–/news/113413

Posted in Internet, Networking, Privacy, Security | No Comments