Microsoft Update and The Nightmare Scenario

June 4, 2012 – 7:54 PM

About 900 million Windows computers get their updates from Microsoft Update. In addition to the DNS root servers, this update system has always been considered one of the weak points of the net. Antivirus people have nightmares about a variant of malware spoofing the update mechanism and replicating via it.

Turns out, it looks like this has now been done. And not by just any malware, but by Flame.

The full mechanism isn’t yet completely analyzed, but Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update or Windows Server Update Services (WSUS) system. If successful, the attack drops a file called WUSETUPV.EXE to the target computer.

This file is signed by Microsoft with a certificate that is chained up to Microsoft root.

Except it isn’t signed really by Microsoft.

Turns out the attackers figured out a way to misuse a mechanism that Microsoft uses to create Terminal Services activation licenses for enterprise customers. Surprisingly, these keys could be used to also sign binaries.

Source:
http://www.f-secure.com/weblog/archives/00002377.html

Posted in Internet, Privacy, Security | No Comments

Nmap 6 Released

May 23, 2012 – 4:48 AM

The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more!

Source:
http://nmap.org/6/

Download:
http://nmap.org/download.html

Posted in Internet, Linux, Networking, Software, Windows | No Comments

Rentpayment.com allows you to pay rent, for somebody else

April 1, 2012 – 9:51 AM

Ever since I moved into this apartment complex I have received monthly emails from rentpayment.com (a service from YapStone) as a reminder to pay my rent with a handy “click here to pay” type of link included.  Whenever I would click that link I would be immediately logged into the website.  No prompt whatsoever for my username and password.  I thought immediately of a persistent cookie or something on my machine.  I deleted all cookies and would still be immediately logged in after clicking on that link.  I then wondered if it was somehow just using my IP address.  I clicked the same link on my mobile phone using my 3G service which I knew would be a different IP address than my home network and that I knew I had no previously stored login credentials of any kind on the device.  Same thing…immediately logged in.  I sent them an email last month to ask about the details of this link and how this identifier at the end of the URL is tied to my account and I never heard back from anybody.  The format of this URL is:

https://www.rentpayment.com/pay/quickPayment.html?ta=pay&p=<seemingly random string>

To top this off, this month I get this same email reminder but when I click the link I am logged into somebody else’s account:

I entered a random amount just to verify:

Two previously saved credit cards to choose from.  I chose one:

Luckily for Lei Zhang, I am an ethical guy and this is where I stopped.  But I was one click away from charging their credit card.

YapStone/Rentpayment.com, it’s time for an internal audit of your processes and procedures.

Posted in Internet, Privacy, Security | 1 Comment

65 Open Source Replacements for Security Software

March 14, 2012 – 9:09 PM

This is a great list of 65 open source projects to replace various security applications that you are probably running right now.  I personally use most of them and it’s great to see such a thorough list like this posted all in one place. 

Source:
http://www.datamation.com/security/65-open-source-replacements-for-security-software-1.html

Posted in Internet, Networking, Privacy, Security, Software | No Comments

Install the old version of Tweetdeck (0.38.2)

March 2, 2012 – 9:42 AM
Image representing TweetDeck as depicted in Cr...

Image via CrunchBase

I have tried the newer versions of Tweetdeck (now owned by Twitter themselves) and I just do not like the look and feel of it.  I would much rather have the old look back but unfortunately there’s no “Revert to Classic Tweetdeck” option.  I also tried Seesmic Desktop 2 and could not find myself liking that one either.  I mean, come on, what good is a Twitter client without a “Reply” option?

I found the original version of Tweetdeck before Twitter ruined it (version 0.38.2) and am making it available to anyone else who may feel the same way as I do.

Download:
http://www.pcsympathy.com/TweetDeck_0_38.2.air

You will also need Adobe Air if you do not have it installed:
https://www.adobe.com/products/air.html

Enjoy.

Posted in Internet, Software | 12 Comments

Copyright 2008-2024 PC Sympathy - Entries (RSS) - Sitemap