|
 |
|
|
 |
|
 |
 |
|
|
| |
|
|
|
First, thanks for taking time out of your day to read my posts. I will continue to keep them simple and written for users, not techies…. I’m going to post monthly because it does a few things for everyone:
1. Allows me to introduce a new feature soon, which will be demonstrations of some of these exploits. I might make a little program that uses an exploit to open your calculator on your desktop. Maybe I’ll link to a trustworthy site that offers a demo. Sometimes I might offer video demonstrating the exploit. Regardless, you will have to clink a link to see the exploit or test your machine to see if it is patched and requires your interaction to see it.
2. Our customers who are maintenance customers get phone calls from us for severe issues that are zero day or need immediate attention, so what’s the point of posting an urgent message on the blog.
3. It limits emails that you get and makes better use of your time…
|
|
|
|
|
Firefox has an exploit that can give a user limited access to your computer. The exploit works by putting a fake error message on your computer, which once you acknowledge by hitting “OK”, it then actually runs the exploit on your computer. Free updates are available at Firefox’s website for version 3.0 and 3.5
|
|
|
|
|
Quicktime, an Apple made media player that competes with Windows Media player (default on Windows XP, 2000, vista, and 2008) and Flash player (youtube), has an exploit where if someone sends you a specially crafted file (think email and funny videos), they can execute some commands and code to gain some access to your machine. Check out Quicktime for a new download of Quicktime for free if you are a user of Quicktime. If you are not sure that you even use Quicktime, check out the link above still and you’ll probably recognize the blue Q that is the logo for Quicktime. Or, you can go into control panel and hit “Add/Remove Programs” in Windows XP or older to see if you have it installed. In Vista, you can go into control panel and choose “programs and features” instead of “Add/Remove Programs”.
|
|
|
|
|
Microsoft released five patches for Windows, including some high threat patches that allow hackers to gain control of the computer. You can skip all of this below and just visit WindowsUpdate for the patches:
1. Patch for the JavaScript Engine, that can be exploited to give a hacker or automated program access to your machine with your current access (user or admin). Usually, this will be done with using Internet Explorer and viewing a specially crafted page.
2. Another vulnerability that can be exploited by directing a user to a tampered webpage. Once the page is viewed, the hacker or automated program can gain control of the computer with current access (user or admin). A real world example of this is a tinyurl link that someone has in an email, once viewed and if you are not patched, you are exploited.
3. If a user is tricked into opening a video file with this third exploit, the attacker gains full control of the system regardless of your current user status. It’s important to point out that a great vehicle for this exploit would be through a “funny email” that would be forwarded. Do you look at those emails when they are sent to you? If so, make sure you are patched and remember that the friend who forwards you the video didn’t make the video, so keep yourself patched.
4. A special type of data packet can be sent to your computer that can allow a hacker to gain full control of your computer. This exploit is rated critical by Microsoft, but this is more for servers and computers that are fully exposed to the internet. If you are on the internet through a wireless card from Sprint, Verizon, etc., you are at a little more risk than regular users. If you use cellphone wireless cards, you should really be running your firewall in Windows anyway.
5. Finally, Vista has an exploit that if you use the automatic wireless configuration tool to join new networks, that can be exploited for a gain in access. This exploit isn’t that critical as a user would have to go to that compromised network and join it rather than just surfing on the web.
|
|
|
|
|
Apple released 18 updates for some issues, but nothing critical… No zero-day attacks, but as always, it is worth the free update and will provide some protection. Some issues include networking with Appletalk, which isn’t used as much as TCP/IP and is found more often in pure Apple environments as opposed to mixed (pc/apple). Most of the issues are just obscure issues and require a user’s username and password to abuse. Just run your normal software updates by clicking the Apple icon on the top left of your screen and choosing “software updates”.
Firefox released 3.5.2 and 3.0.13 to address some security issues that affect Java applets, which are very simply speaking, programs that run inside of Firefox. I strongly suggest you check out Firefox 3.5 instead of 3.0 as it is noticably faster than 3.0 if you are a firefox user. Checkout Firefox for the free download and don’t forget to uninstall any of your old Firefox browers…..
|
|
|
|
|
Adobe seems to be getting picked on so much over the past year compared to Microsoft, Sun, or other companies. The answer is simple, Adobe products are used on many platforms, from Windows, Mac, Linux, Solaris, and others, if a hacker can exploit a flaw in an Adobe product, there is so much more marketshare out there for them to use. So without further to do……
Adobe has released patches for Adobe Acrobat, Air, and Flash player for an odd exploit. The exploit takes advantage Flash running inside of a PDF file, which most people have never seen as opposed to never use. This patch is still important as this has been exploited in the wild by websites that offer these files and email links, but the patches are free if you are not being patched automatically by us, check out AcrobatReader, FlashPlayer, and AIR. Normally, I wouldn’t bring up Adobe AIR, which is flash for your desktop, but most Adobe products tend to slip in Adobe AIR on your computer, which means it is time to get that updated, too.
|
|
|
|
|
Microsoft released two critical updates for Internet Explorer which is a follow up patch to an emergency patch from a month ago (that we didn’t post on this blog while we were remodeling, but contacted our clients). The patch from a month ago can still be exploited through a workaround on the hackers end. Here is a nice demo of the attack that you can view here courtesy of Hustle Labs. Check out Microsoft for the free patch if Complete Solutions isn’t managing your patches and keeping your network safe….
|
|
|
|
|
Social networking viruses
Today, someone “sent me” a link in Facebook for a cool video. Now, I was able to figure out that the link was a virus without getting nailed. For starters, the link had YuoTube intead of YouTube and the subtle graphics for the site were different. My address bar in internet explorer didn’t say www.youtube.com in it, either. Long story short, I put this virus in my sandbox, which is a machine meant for virus to ravage and then I reverse the damage with a quick restore of a backup. This virus was the Koobface virus (it’s facebook rearranged) and has two versions for you MySpace users and for you Facebook users. The payload of the virus allows the virus, within a minute, to modify your computer to stop search engines from sending you to legit links and to silently take you to pages you didn’t click on for ads and more spyware. It is pretty nasty to remove as you can’t go to Symantec, CA, Mcafee, and other virus vendor sites anymore because the virus can tell what you are up to. The virus will then take your facebook or myspace username and password and send out an email, in Facebook or Myspace, encouraging your friends and contacts to click a link to allow the Koobface virus to install on their machines.
Don’t be “that guy” and send viruses to your friends…. Here’s what you do to be safe:
1. Are you expecting an email from a friend in Facebook or MySpace? Does this person normally send you email or do they post on your page? Look at the grammer, look for spelling errors… Does the link they want you to click on go to a site you know and trust like google or youtube? If the link goes to a website with numbers in it, for example, http://127.0.0.1 it probably isn’t legit…. Think before you click a link from a friend as these viruses can raid address books.
2. Did you get infected because you didn’t read number 1 above? Well, change your facebook or myspace password right away. The virus doesn’t immeditaly send an email to your friends and family, which is great, but if it can’t login under your account anymore, you can head off the damage that the virus can bring to friends or business contacts. Did you have credit card numbers or financial website passwords saved? Change those passwords right away, too.
MT
|
|
|
|
|
Wow, a pretty busy month for patches
Microsoft Patches:
Three patches for Microsoft Office for Mac and PC, some of the exploits allow a user to gain complete control of your machine… Check out http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US for updates. Pretty much, sparing the technical detail, if you open an attachment that is a word document or excel spreadsheet and this exploit is included, they will take advantage of your computer for data.
Another exploit involves users that have Microsoft Web Servers using WebDav, which is a type of security on web servers. This exploit allows a hacker to run code against your webserver and it gives them access to be able to have a chance, not guarenteed, but to have a chance to password crack some secured folders… Simply put, if you are not running a Microsoft web server, then don’t worry about this one.
Next, if you have a computer on a domain (server environment) you will want to follow the link above in the first paragraph to get patches…. A hacker or automated program from an email can push code to your computer to gain complete control of your machine by pretending to be a server. This is important to patch and you will have no worries if you knock this out right away. Other patches include smaller issues that gain partial or some limited access to files on your computer.
Finally, Internet Explorer has some major updates that prevent a hacker or automated program from gaining control of your computer… That pretty much concludes patches for all major Microsoft applications.
Adobe Acrobat
Intresting enough, Adobe has another major patch for people who use Adobe Acrobat reader and regular Acrobat. Check out http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows for Windows updates and http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh for Mac updates for Adobe Acrobat Reader and regular Acrobat. If you use PDF files, you use Acrobat; these patches cover 13 updates and exploits that are ranging from light to critical fixes.
|
|
|
|
|
A very busy day in the IT world…
Microsoft Powerpoint for Windows and Mac
On April 3rd 2009, a zero-day exploit was found on the Internet that allows a powerpoint presentation to be specially created to allow an unauthorized user to gain control of your computer. The good news was that if you were logged in as a regular user, then the exploit only granted user access, but if you were logged in as an administrator, then the unauthorized user had full access to your network and/or computer. Today, Microsoft released a patch to address this problem. Office for Mac, unfortunatly, does not have a patch as of yet and is vulnerable to this method of attack. The good news for Mac is that the exploit hasn’t been found on the internet, but Microsoft does realize it is vulnerable. Be careful who you are accepting powerpoint presentations from and be wary of the emails you get with funny .pps or .ppt files in them, if they are forwarded around the internet, they are likely to have some exploit in it. Check out Microsoft Updates for the non-mac users to get this update if you haven’t already installed it. For the technical breakdown of this issue and patch, check out Microsoft’s Technet site
Mac has 67 patches for OS X and Safari 3.2.3 comes out for PC and Mac
Mac normally will release their patches in clumps rather than priority, I’m not sure if that is a decision by engineers or by marketing to make Mac seem stronger. I’ll have an entry about the myth of Mac being way more solid than PC for security in the future, but for now, the details of these updates.
The 67 patches handle a lot of issues, some small and some huge. I strongly suggest you install this on all Macs, especially due to the flash player updates that prevent your computer from being compromised. You may click the Apple icon on the top left of your Mac and choose “Software Update” to download everything.
Safari 3.2.3 has three real patches in it according to Apple, one of them discovered by Microsoft’s team (MSVR). These patches are important, but not dire. With slight patches, I’m comfortable telling you to patch your computers with this as you don’t have the same risks associated with doing a full upgrade. For example, Safari 4 is in testing and I suggest you don’t download that until it has been out for awhile. Anytime a major upgrade comes out, you have two issues, the browser itself and websites working with the new version. For example, Safari 4 might work great, but your online banking site might not. So, to recap, install the patches and ignore Safari 4 beta testing at this time. If you want to read the gory details from Mac about each patch, grab a coffee and check out this link for the 60+ patches for OS X and this link for Safari 3.2.3
Adobe Acrobat 9.1.1 released
Though I enjoy the version number of 9.1.1, this release patches one critical issue that will crash Adobe 9.1 and earlier. It will allow an attacker to gain access to your computer, but not full control from what I can find. Checkout Adobe’s 9.1 here for a new version AND go here for the final patch. If you already know that you have Adobe 9.1 installed already, then you just need the second link. If you aren’t sure, use both links.
Finally, these patches are important, like all patches. Remember, if you get infected with a virus or an exploit, most of the time, you will hardly notice. These Malware makers are doing this to make money and to take advantage of your resources for another purpose. Sometimes they harvest data out of your computer, automatically by using automated programs to search for databases and other information. Sometimes, they want your internet speed to combine with other compromised computers at different homes and companies to create havoc like when the Storm Botnet attack the University of California-Berkeley for trying to disable it. Point being, they don’t want you to know they are in your network rather they want your data or someone elses…. Be smart and patch up. As always, if you need help with this, please give us a call at 715-309-3510 and we offer automated patching solutions and help on a case-by-case basis.
|
|
|
|
|
|
|
