Crafted EXE files can inject code in ClamAV

April 14, 2008 – 12:21 PM

Security service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated EXE files.

According a Secunia advisory, a boundary error in the cli_scanpe() function in libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows .exe files) compressed with the Upack runtime packer can provoke this buffer overflow to inject and execute code.

ClamAV’s developers apparently intend to release an updated version soon that will remedy the vulnerability in versions up to and including 0.92.1. Until then, administrators running ClamAV on their servers should check executable Windows files with a different virus scanner and install the ClamAV update as soon as it becomes available.

See also:

• ClamAV Upack Processing Buffer Overflow Vulnerability, Secunia security advisory
• Download the current version of ClamAV

Source: Heise Security

Posted in Coding, Security, Software | No Comments

Bot breaks Hotmail’s CAPTCHA in 6 seconds

April 14, 2008 – 10:01 AM

A new bot can crack defenses erected by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service within seconds, a security researcher said Friday.

Dan Hubbard, vice president of security research at Websense, said the bot broke Live Hotmail’s CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) within six seconds, on average. CAPTCHA is the name given to the distorted, scrambled characters that many Web services require users to decipher and type in to create a new account; the tests are meant to block automated account registration by spammers and malware authors.

The bot, Hubbard acknowledged, is similar to one Websense uncovered in February.

“In the past, though, it was kind of questionable whether the CAPTCHA breaking was automated,” Hubbard said Friday, noting that there had been some evidence that spammers were paying people to decode and type in the CAPTCHA characters. “But the bot’s breaking [CAPTCHA] in six seconds, so it’s definitely automated.”

In a long post to the Websense blog Thursday, Sumeet Prasad — “our CAPTCHA expert,” said Hubbard — provided technical details of how the bot automatically registers Live Hotmail accounts and then immediately begins using those accounts to spew spam.

Read the rest of this story…

Posted in Internet, Privacy, Security, Software | No Comments

BT Home Hub Wi-Fi Security Easy to Crack

April 14, 2008 – 9:53 AM

A security researcher claims to have found a significant weakness in the wireless encryption of a DSL home gateway made by Thomson and distributed to broadband subscribers in the U.K. by network operator BT.

Exploiting the weakness could enable someone to connect to a victim’s Wi-Fi router for malicious purposes such as snooping on their Internet traffic or hacking other machines using the same network, according to GNUCitizen, a group of blogging security researchers.

BT’s Home Hub ships with default encryption keys to encrypt wireless network traffic using either WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access).

Router manufacturers use an algorithm to generate those WEP and WPA default keys, wrote Adrian Pastor, one of the GNUCitizen’s researchers, on their blog. But the algorithm is predictable and only creates a limited number of easily-guessed keys, Pastor wrote.

“Chances are that if you own a wireless router which uses a default WEP or WPA key, such keys can be predicted based on publicly-available information such as the router’s MAC [Media Access Control] address or SSID [Service Set Identifier],” Pastor wrote.

Read the rest of this story…

Posted in Hardware, Internet, Security | No Comments

Add File types to the Microsoft Outlook Attachment Manager

April 14, 2008 – 9:08 AM

Microsoft Outlook categorizes mail attachments into three risk types which are high, medium and low. Outlook uses the default Microsoft configuration to determine if a file poses a high, medium or low risk when the user tries to open the attachment. The file extension .exe for instance poses a high risk while .txt does not and is seen as a low risk file extension. If a file type has not been specified by Microsoft it is seen as a medium risk. Microsoft Outlook can block or display warning messages whenever the user tries to open a file type that is seen as a high or medium risk.

This is probably not a problem for most users but if you do get lots of files of a certain type – at work for instance – then you might want to change the default configuration and lower the risk setting of that specific file type. The following tip is also explaining how users can add new file types to the attachment manager and assign a risk level to them.

We need to open the Windows Registry because the custom settings have to be added to the Registry. Press Windows R, type regedit and hit enter. Now navigate to the Registry key HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies. Right-click the Policies key and select New -> Key and name that key Associations.

Read the rest of this story…

Posted in Internet, Security, Software, Windows | No Comments

Hackers exploit poor website code

April 14, 2008 – 8:59 AM

Many of the loopholes left in the code created for websites have been known about for almost a decade say the security researchers.

The poor practices are proving very attractive to hi-tech criminals looking for a ready source of victims.

According to Symantec the number of sites vulnerable in this way almost doubled during the last half of 2007.

Wholly vulnerable

Kevin Hogan, director of security operations at Symantec, said the bug-ridden web code was putting visitors to many entirely innocent sites at risk.

“It overturns the whole notion that if you stay away from gambling and porn sites you are okay,” he said.

The attack that a malicious hacker can carry out via these web code vulnerabilities is known as cross-site scripting (abbreviated as XSS).

Typically these involve lax control of the data being swapped between a web server and the browser program someone is using to interact with it.

An XSS vulnerability could, for instance, allow attackers to steal the login credentials of a visitor to a site.

Read the rest of this story…

Posted in Coding, Internet, Privacy, Security | No Comments