Snort 2.8.1 Released

April 3, 2008 – 6:23 PM

New Additions

• Target-Based support to allow rules to use an attribute table describing services running on various hosts on the network. Eliminates reliance on port-based rules.

• Support for GRE encapsulation for both IPv4 & IPv6.

• Support for IP over IP tunneling for both IPv4 & IPv6.

• SSL preprocessor to allow ability to not inspect encrypted traffic.

• Ability to read mulitple PCAPs from the command line.

• Support for new CVS rule detection options.

Improvements

• Update to HTTP Inspect to identify overly long HTTP header fields.

• Updates to IPv6 support, including changes to avoid namespace conflicts for certain Operating systems.

• Updates to address issues seen on various Sparc platforms.

• Stricter enforcement of shared object versions to avoid API conflicts.

Download here.

Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments

Microsoft Plans Five ‘Critical’ Security Updates For Windows, Explorer

April 3, 2008 – 4:24 PM

Microsoft said Thursday that it plans to release eight software updates for the Windows operating system and Internet Explorer Web browser to patch security holes, five of which the company described as “critical.”Microsoft said it plans to release the updates on April 8. PC users can determine if they need the updates by accessing the company’s online Baseline Security Analyzer, Microsoft said.

The five critical updates are designed to address security vulnerabilities that could leave Windows or Explorer open to remote code execution — a technique used by hackers to gain control of a target computer.

The updates apply to Windows Vista, Windows XP, Windows 2000, Windows Server 2003, and Windows Server 2008, as well as Explorer. Users will need to restart their systems after installing the updates.

Microsoft typically releases major security updates in the second week of each month.

Microsoft also plans to patch two “important” vulnerabilities that leave Windows open to spoofing and unauthorized user privilege elevation, and a vulnerability that could expose Microsoft Office to remote code execution.

The company said it plans to host a Webcast on April 9 to address user questions about the updates. Microsoft has set up an online registration form for the event.

Microsoft also said it plans to release an updated version of the Windows Malicious Software Removal Tool next week. The tool is designed to check for and remove malware programs such as Blaster, Sasser, and MyDoom.

The updated tool can be obtained next week from the online Windows Update service, Windows Server Update Services, or Microsoft’s Download Center.

Source: Information Week

Posted in Security, Software, Windows | No Comments

Web bugs return using digital certificates

April 3, 2008 – 5:22 AM

Spammers are once again using web bugs to verify the validity of of email addresses. This time the trick is not done with graphics but with digital certificates. Alexander Klink from German consultants Cynops has discovered a vulnerability in Microsoft products – or possibly in the Crypto API – that can be used to verify a victim’s email address if they open a crafted email which is signed using S/MIME.

Traditionally, web bugs are small graphic images – often just one pixel – inserted into HTML emails which the mail client downloads from a website when you read the email. Spammers use them to verify email addresses, but the FBI has also used them to help put blackmailers behind bars. Web bugs in office documents work in a similar way, tracking access to documents. For security reasons, modern email clients do not automatically download content from external sites and office applications no longer contact servers without asking the user.

When receiving and opening S/MIME emails, Microsoft Outlook and Windows Live Mail will attempt to contact the URIs specified in the X.509 certificates. RFC 3280 makes provision for extensions to the certificate via which the clients can check the validity of a certificate by downloading an “intermediate certificate”. The URI of the intermediate certificate is contained in the certificate itself. Because it is possible to enter as many URIs in the CA issuer fields as you like, spammers – or the FBI – can view the URI on their own servers and obtain information on the recipient’s IP address as well as the date and time of receipt. Microsoft’s Crypto API will fetch up to five such URIs for each certificate.

Read the rest of this story…

Posted in Coding, Internet, Privacy, Security | No Comments

Can’t Find Vista SP1 on Windows Update?

April 2, 2008 – 7:28 PM

Microsoft has released a Knowledge Base article to help users who are having problems getting Vista SP1 from the Windows Update site.  Here’s a list of possible causes they have come up with so far:

• You are already running Windows Vista SP1.
• Windows Vista SP1 has not been released for the language of the language pack that you have installed.
• Windows Service Pack Blocker Tool is used to block the delivery of Windows Vista SP1 from Automatic Updates or from Windows Update.
• You tried to install Windows Vista SP1, and the installation failed with a known inconsistency in the file or registry structure.
• A hardware device driver or device software was problematic when you updated to Windows Vista SP1.
• You have installed a prerelease version of Windows Vista SP1, and you must uninstall the prerelease version, or start with a new installation of Windows Vista.
• You used the third-party program vLite to configure the system, and you may have removed required system components that have to be available for Windows Vista SP1 to be installed.

Click here to read the rest of this Knowledge Base article, complete with their resolutions for all of the above symptoms.

Posted in Software, Windows | No Comments

Firefox 3 Beta 5 Finally Gets Cookies Right!

April 2, 2008 – 6:16 PM

Previous versions of Firefox had the option to block or allow 3rd party cookies removed from the GUI and completely hidden from view.  You had to go to about:config and change the value of network.cookie.cookieBehavior to “1” if you wanted to block them, or keep it at it’s default of “0” if you wanted to allow them.   Well, it looks like in Beta 5 they finally got it right and put the option back in the GUI where it belongs:

Very nice.  Let’s keep it there, guys.

Posted in Internet, Privacy, Security, Software | No Comments