Gmail now blocking fake eBay, PayPal e-mails

July 9, 2008 – 1:51 PM

Google on Tuesday said it is now using an e-mail authentication technology to keep phishers from luring Gmail users to fake eBay and PayPal Web pages in order to steal usernames and passwords.

Source:
http://news.cnet.com/8301-10784_3-9985605-7.html?hhTest∂=rss&tag=feed&subj=NewsBlog

Zero day Word flaw exploited by Trojan

July 9, 2008 – 1:46 PM

Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks.

The flaw – which is restricted to Microsoft Office Word 2002 Service Pack 3 – creates a mechanism for hackers to inject hostile code onto vulnerable systems. Redmond has published workarounds as a stop-gap measure while its researchers investigate the flaw in greater depth.

In the meantime, Microsoft is keen to downplay alarm. “At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue,” a post on its security response blog explains.

The vulnerability has appeared in a number of samples on malware. A widening number of anti-virus firms have issued signature updates to defend against the threat. Symantec, acting on samples sent to it by handlers at the SANS Institute’s Internet Storm Centre, was the first to publish an advisory.

The timing of the arrival of the exploit means Microsoft had insufficient time to respond before its regular Patch Tuesday update, a factor that’s unlikely to be a coincidence. The ins and out of the flaw are still under investigation and will probably be withheld until a fix is unavailable. It’s also unclear who the attack is targeting, though historically unpatched Word exploits are a particular favourite of Chinese hackers.

Source:
http://www.theregister.co.uk/2008/07/09/zero_day_word_flaw/

Microsoft DNS Security Fix Knocks ZoneAlarm Users Offline

July 9, 2008 – 1:42 PM

The problem began when Microsoft on Tuesday sent patch number KB951748 to Windows users. The patch is designed to plug a security vulnerability that leaves computers vulnerable to so-called DNS attacks.

The vulnerability is widespread and affects products made by numerous networking and software vendors beyond Microsoft. It was discovered by Dan Kaminsky, of the Seattle-based security firm IOActive.

Through a DNS attack, a hacker can redirect Internet users’ page requests to phishing sites or other malicious pages. Various reports suggest that ZoneAlarm interprets the Microsoft patch itself as malicious code, and automatically severs the user’s Internet connection in response.

Until a fix is issued, some forum users are working around the glitch by either uninstalling ZoneAlarm or the Microsoft patch. Either move, however, could leave their computers vulnerable to cyber-attacks.

Source:
http://www.informationweek.com/news/security/client/showArticle.jhtml?articleID=208806946&cid=RSSfeed_IWK_All

Massive DNS security problem endangers the internet

July 9, 2008 – 5:57 AM

US-CERT and other security experts have warned of a critical design problem affecting all DNS implementations. The Domain Name Service is responsible for converting readable names like www.heise-online.co.uk into the IP addresses that computers can handle, such as 193.99.144.85. DNS is thus the internet equivalent to a phonebook and without it, nothing works. Anyone who takes control of it can control the internet.

In order to avoid repeating name resolution for every network connection, many systems store the results in a cache for a certain length of time. If an attacker succeeded in slipping false addresses into such a cache, he could divert any network connections to systems under his control. That would open up the possibility of enormous phishing campaigns and the large-scale theft of passwords, credit-card data, and even access data for online banking.

The fundamental problem with the DNS is that the responses to queries can, in principle, be faked. For that reason, current systems use a randomly selected 16-bit transaction ID for each query. If the answer also contains this ID it comes from the correct server, and the prospect of an attacker guessing it is negligibly small.Amit Klein, however, has already shown several times how implementation errors, say in the random-number generator used, can be exploited to enable DNS cache poisoning.

Vulnerability notes from US-CERT say the security expert Dan Kaminsky has now discovered a general method for reducing the odds sufficiently, for cache poisoning to be implemented effectively. The method is evidently not based on defective implementation, but on a cunning attack scenario that markedly increases the attacker’s chances. Kaminsky doesn’t want to reveal the details until the Black Hat conference in August. Almost all noteworthy vendors are affected, including ISC (whose BIND is the most widely used server), Cisco and Microsoft.

Kaminsky informed these vendors, who then developed updated versions of their software and issued them in a coordinated operation on 8 July. These updated versions are intended to reinforce the barriers against attackers to some degree. Among other things, they select random UDP source ports for their outgoing DNS queries. ISC emphasises, however, that ultimately only the DNS Security Introduction and Requirements extension will give reliable protection, and since its introduction, can’t be completed overnight, due to political and technical problems, ISC urgently advises that the current updates be installed.

The seriousness of the problem is indicated by the coordinated action of these normally competing firms, which otherwise are not greatly interested in cooperation. Now the cat is out of the bag, we must fear that others will very quickly catch on to how Kaminsky managed to fool the DNS servers. For that reason, all operators of DNS servers that also work as a cache should contact the vendor of their software as quickly as possible to check the current state of affairs and see if there are any recommended protective measures. There is no need to panic yet, but haste is definitely advisable.

Source:
http://www.heise-online.co.uk/news/Massive-DNS-security-problem-endangers-the-internet–/111070

Security fixes in new version of Joomla!

July 9, 2008 – 5:54 AM

The development team behind Joomla! has released version 1.5.4 of its content management system. This includes fixes for security problems, as well as numerous improvements and bug fixes. These include a patch for a problem with LDAP which allowed unauthorised access to Joomla! administration pages. The developers have also fixed a bug which allowed unauthorised access to cached pages.

Source:
http://www.heise-online.co.uk/news/Security-fixes-in-new-version-of-Joomla–/111072