New worm exploits critical Windows bug

November 3, 2008 – 1:08 PM

A worm that exploits the bug Microsoft Corp. patched in an emergency update 11 days ago is actively attacking systems, several security companies and researchers said today.

The worm, which Symantec Corp. called Wecorl but was dubbed MS08-067.g by Kaspersky Lab and Microsoft itself, likely originated in China, said Kevin Haley, director of Symantec’s security response team. It appears to target Chinese-language versions of Windows 2000, he noted.

Haley confirmed that the worm, which is different from the information-stealing Trojan horse that prompted Microsoft to issue the out-of-cycle patch on Oct. 23, is circulating in the wild.

Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9118885&source=rss_topic17

Gooscan – Automated Google Hacking Tool

November 3, 2008 – 8:55 AM

Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner” that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.

Source:
http://www.darknet.org.uk/2008/11/gooscan-automated-google-hacking-tool/

TrueCrypt 6.1 encryption software released

November 3, 2008 – 7:22 AM

TrueCrypt 6.1, the open source, cross platform disk encryption tool, now supports the encryption of non-system partitions under Windows Vista and Server 2008, without losing the existing data on that partition. However users need to choose “Create Volume/Encrypt a non-system partition/Standard volume/Select Device/Encrypt partition in place” to make use of the feature. The same functionality is not available under Windows XP, 2000 and Server 2003, as these operating systems don’t have an option for shrinking file systems, which TrueCrypt uses to allow it to make space for its own volume and backup headers.

Users can now set their own boot loader text, or turn it off completely, for a silent start up. Selecting the boot loader text off option makes it more difficult for inquisitive people to guess the type of boot loader used. Another new feature is the ability for an entered password to be cached in the driver’s memory and used to mount encrypted data partitions automatically, after the system has booted.

Source:
http://www.heise-online.co.uk/news/TrueCrypt-6-1-encryption-software-released–/111856

Microsoft to Issue Emergency Security Update Today

October 23, 2008 – 9:07 AM

Microsoft said late Wednesday that it plans to break out of its monthly patch cycle to issue a security update today for a critical vulnerability in all supported versions of Windows.

Redmond rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month. The software giant isn’t providing many details yet, but the few times it has departed from its Patch Tuesday cycle it has always done so to stop the bleeding on a serious security hole that criminals were using to break into Windows PCs on a large scale.

By Security Fix’s count, this would be the fourth time since January 2006 that Microsoft has deviated from its monthly patch cycle to plug security holes. As shown by the stories in the linked examples above, Microsoft has fixed problems, each time, that were being actively exploited by bad guys to break into PCs.

Microsoft’s advanced notification bulletin says the problem is critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Redmond’s labels the flaw “important” on Windows Vista and Windows Server 2008 machines.

Source:
http://voices.washingtonpost.com/securityfix/2008/10/microsoft_to_issue_emergency_s_1.html

Keyboards can be snooped remotely

October 21, 2008 – 12:55 PM

Computer keystrokes can be snooped from afar by detecting the slight electromagnetic radiation emitted when a key is pressed, according to new research.

Other security experts have theorised keyboards were vulnerable to such detection, wrote Sylvain Pasini and Martin Vuagnoux, both doctorate students with the Security and Cryptography Laboratory at the Ecole Polytechnique Fédérale de Lausanne in Switzerland.

But Vuagnoux and Pasini believe theirs is the first set of experiments showing such spying is feasible. They blamed cost pressures on keyboard manufacturers for not making keyboards more snoop proof.

Keyboards “are not safe to transmit sensitive information,” they wrote in an entry on the school’s website. “No doubt that our attacks can be significantly improved since we used relatively inexpensive equipment.”

The researchers tested 11 different wired keyboard models produced between 2001 and 2008, including some with USB connectors and keyboards embedded in laptops. All were vulnerable to one of four surveillance methods.

Two videos posted show two different experiments, both of which accurately picked up the typed text.

Source:
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=105943