DoS vulnerability in Sophos antivirus products

July 11, 2008 – 5:53 AM

Antivirus software vendor Sophos has reported the discovery of a DoS vulnerability in some of its products. According to the security advisory, specially crafted attachments to emails can bring down Sophos E-mail Appliance, Pure Message for UNIX and Sophos Anti-Virus Interface (SAVI). For the attack to succeed, the MIME attachment has to have a length of zero. Sophos says that only Linux/UNIX installations are affected.

Apparently, the flaw only turned up after the recent July update – signature version 4.31 and engine 2.75. The flaw has already been updated in SAVI with new virus signatures. Sophos has reactivated the old updates – 4.30 and 2.7 – for Appliance and Pure Message, respectively, and is now working to fix the underlying flaw in the engine. The vendor will then release a new update.

Source:
http://www.heise-online.co.uk/news/DoS-vulnerability-in-Sophos-antivirus-products–/111086

Remembering Longer Passwords Easily

July 10, 2008 – 12:46 PM

One of the members of the Master Mind Security Panel during the ITEC show in Charlotte, Dan Colby, made a great point. Basically, he said “quit using passwords.”

Colby is president and CEO of Pinstripe, an application development and consulting company in Charlotte. They provide all the IT services for many area SMBs, including security.

What will replace passwords? Passphrases. Let me quote Colby from an e-mail he sent me about this security idea.

“Passphrases have become the preferred method for password-protecting end user devices. The concept is simple. It is much easier to remember, ‘Let the force be with you’ than it is to remember “!PS12Na#” and the passphrase is often more secure. The longer the passphrase, the more secure it is.”

While Colby said “end user devices” I think passphrases work with devices with good keyboards, like desktop and laptop computers. Smartphones may have keyboards, but few companies can really enforce the use of a decent password on handheld devices, much less a passphrase.

Source:
http://www.pcworld.com/businesscenter/article/148186/remembering_longer_passwords_easily.html

ZoneAlarm updated after Microsoft’s DNS patch

July 10, 2008 – 11:32 AM

On Thursday, Check Point Software Technologies released updated versions of all its ZoneAlarm products, addressing an incompatibility with a patch Microsoft released earlier this week.

The fix requires ZoneAlarm users to download the latest version, 7.0.438.000, from its site. A reboot is required to complete installation.

Since Tuesday, ZoneAlarm customers have complained that access to the Internet was denied after installing MS08-037, a patch designed by Microsoft to correct a vulnerability in both the client and server Domain Name System packages within Windows. Earlier on Tuesday, a security researcher announced a massive, multi-vendor patch release to address a fundamental flaw in DNS that could allow attackers to spoof IP addresses.

Source:
http://news.cnet.com/8301-10789_3-9987632-57.html?hhTest=1∂=rss&subj=news&tag=2547-1_3-0-5

Updates for Java eliminate many security holes

July 10, 2008 – 5:59 AM

Sun Microsystems has issued updates for Java to eliminate many errors and vulnerabilities in the Java Development Kit (JDK) and the Java Runtime Environment (JRE). These include DoS vulnerabilities, buffer overflows and other errors that could cause a crash or allow a crafted applet to access certain resources, the filing system, or even the entire computer. Some of the errors are in Java Web Start, some in the Java Management Extensions (JMX) Management Agent, while others are in the functions that process XML data.

However, not all of the errors listed are contained in all versions. Users will have difficulty deciding which versions are actually affected by what, because Sun has divided its explanations of the individual problems over eight security advisories. Basically, all the errors listed are eliminated in the latest versions; JDK and JRE 6 Update 7, JDK and JRE 5.0 Update 16, SDK and J2SE 1.4.2_18 and SDK and J2SE 1.3.1_23.

The three older versions of Java – 1.3.1, 1.4.2 and 5 – have either entered the technology End of Life (EOL) transit period, or have already exceeded it. For 1.3.1, for example, there are only updates for Solaris. Support for 1.4.2 will end on 30 October 2008, and for version (1.)5 on 30 October 2009. After that, there will be no further security updates. So users should consider switching over immediately to version 6 – which is really 1.6. Since the Java installation programs don’t uninstall older versions of the software, users have to remove them manually, by for example, using system control under Windows.

Source:
http://www.heise-online.co.uk/news/Updates-for-Java-eliminate-many-security-holes–/111080

DNSenum – Domain Information Gathering Tool

July 10, 2008 – 5:54 AM

The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.

The program currently performs the following operations:

1. Get the host’s addresse (A record).
2. Get the namservers (threaded).
3. Get the MX record (threaded).
4. Perform axfr queries on nameservers (threaded).
5. Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
6. Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
7. Calculate C class domain network ranges and perform whois queries on them (threaded).
8. Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
9. Write to domain_ips.txt file ip-blocks.

Source:
http://www.darknet.org.uk/2008/07/dnsenum-domain-information-gathering-tool/