Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

May 28, 2009 – 4:21 PM

Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.

Mitigating Factors:

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• All versions of Windows Vista and Windows Server 2008 are not affected by this issue.

Source:
http://www.microsoft.com/technet/security/advisory/971778.mspx

Posted in Security, Windows | No Comments

L0phtCrack 6 Released

May 27, 2009 – 7:59 PM

L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.

Password Scoring
L0phtCrack 6 provides a scoring metric to quickly assess password quality. Passwords are measured against current industry best practices, and are rated as Strong, Medium, Weak, or Fail.

Pre-computed Dictionary Support
Pre-computed password files is a must have feature in password auditing. L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days.

Windows & Unix Password Support
L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface.

Remote password retrieval
L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.

Scheduled Scans
System administrators can schedule routine audits with L0phtCrack 6. Audits can be performed daily, weekly, monthly, or just once, depending on the organization’s auditing requirements.

Remediation
L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface. Remediation works for Windows user accounts only.

Updated Vista/Windows 7 Style UI
The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. Information on L0phtCrack 6’s current session is provided in an “immediate window” with a reporting tab providing up-to-the-minute status of the current auditing session.

Executive Level Reporting
L0phtCrack 6 has real-time reporting that is displayed in a separate, tabbed interface. Auditing results are displayed based on auditing method, risk severity, and password character sets.

Password Risk Status
Displays risk status in four different categories: Empty, High Risk, Medium Risk, and Low Risk.

Password Audit Method
Displays the completion of all four methods L0phtCrack 6 uses: Dictionary, Hybrid, Precomputed, and Brute Force.

Password Character Sets
Reports the completion of the various character sets being audited, including, Alpha, Alphanumeric, Alphanumeric/Symbol, Alphanumeric/Symbol/International.

Password Length Distribution
Reports the overall length of the discovered password by account.

Summary Report
Password Statistics as Locked, Disabled, Expired, or if the password is older than 180 days. Audit Summary
Number of Accounts cracked and the number of Domains audited.

Foreign Password Cracking
L0phtCrack 6 supports foreign character sets for Brute Force, as well as foreign dictionary files. Pull down menus change for language and character set. L0phtCrack 6 ships with several foreign dictionaries.

Homepage:
http://www.l0phtcrack.com

Download:
http://www.l0phtcrack.com/download.html

Posted in Internet, Linux, Privacy, Security, Software, Windows | No Comments

Malwarebytes’ Anti-Malware 1.37 Released

May 27, 2009 – 5:42 AM

Malwarebytes’ Anti-Malware is considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes’ Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.

Changes:

• (FIXED) Dramatically improved product updating
• (FIXED) /runupdate now completely silent, including errors
• (ADDED) Protection module now 64-bit compatible (XP SP2 and higher only)
• (ADDED) New 32-bit protection module for XP SP2 and higher
• (ADDED) New heuristics for Trojan.JSRedir and other infections
• (ADDED) Type of scan displayed on scanning page
• (ADDED) Support for Arabic and Estonian language

Download:
http://www.malwarebytes.org/mbam.php

Posted in Internet, Security, Software | No Comments

TwitterCut – Twitter’s Newest Phishing Scam

May 27, 2009 – 5:28 AM

If you see some tweets in your stream that say: “OMG I just got over 1000 followers today from http://twittercut.com” — don’t be fooled, it’s a scam.  The link takes you to a website that will prompt you for your Twitter login information.  Once it has stolen your credentials, it will post the same message to your account to try and get your followers to click the link as well.

The sad news is that it appears to have worked well.  Check out this Twitter search:

http://search.twitter.com/search?q=OMG+I+just+got+over+1000+followers+today+from+http://twittercut.com

The site has since been shutdown with the following note:

If you have been to this site and gave them your Twitter login information, change your Twitter password right away.

Posted in Internet, Privacy, Security | No Comments

Ten Firefox extensions that help keep you safe

May 26, 2009 – 8:22 PM

Being safe while you surf the Web is extremely important, yet safe surfing sometimes seems like an oxymoron. For users of the Firefox browser, downloading security extensions can help increase your level of protection from worms, hackers, phishers, and the like.

I should note that even with these extensions installed, you won’t be perfectly safe. Visit sites only of trusted sources, and don’t download unknown files.

Click for the list…

Posted in Internet, Privacy, Security | No Comments