Block the Windows Shortcut Exploit

The Windows Shortcut Exploit is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link to run a malicious DLL file. Sophos now has a free, easy-to-use tool blocks this exploit from running on your computer.

Please note: Existing Sophos Endpoint customers are already protected from the Windows Shortcut Exploit and do not need to install this tool.

Tool:
http://downloads.sophos.com/custom-tools/Sophos%20Windows%20Shortcut%20Exploit%20Protection%20Tool.msi

Source:
http://www.sophos.com/products/free-tools/sophos-windows-shortcut-exploit-protection-tool.html

Posted in Hardware, Security, Windows | No Comments

WPA2 security hole discovered

Security experts at AirTight Networks have discovered a hole in the WPA2 Wi-Fi security protocol. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document:. Right at the bottom of this page, the IEEE introduces the keys used by WPA2: the PTK (Pairwise Transient Key), which is unique for every Wi-Fi client and used for unicast traffic, and the GTK (Group Temporal Key) used for broadcasts. While data forgeries and spoofed mac addresses can be detected with the PTK, the GTK does not offer this functionality.

The AirTight experts say that this is the crux of the matter, because it allows a client to generate arbitrary broadcast packets other clients respond to with information about their secret PTKs which can be decrypted by attackers. AirTight reportedly only needed to add 10 extra lines of code to the Madwifi driver to make a PC with an ordinary Wi-Fi card act like an access point. Attackers could reportedly exploit this to cause damage on the network, for instance via denial-of-service (DoS) attacks. The experts say that the only factor mitigating the attack potential is that attackers need to be internal, authorised Wi-Fi users. They do not anticipate that a patch will become available because “Hole 196″ is written into the standard.

Source:
http://www.h-online.com/security/news/item/WPA2-security-hole-discovered-1044970.html

Posted in Internet, Networking, Privacy, Security | No Comments

Update Adobe Flash Now!

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.

Update: Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Posted in Internet, Security | No Comments

KHOBE – 8.0 earthquake for Windows desktop security software

In September 2007, we have published an article about a great disease that affected tens of Windows security products. The article called Plague in (security) software drivers revealed awful quality of kernel mode drivers installed by all the major desktop security products for Windows. The revealed problems could cause random system crashes, freezes and in some cases more severe security issues.

Today, we reveal even more serious problem of the Windows desktop security products that can be exploited to bypass a big portion of security features implemented by the affected products. The protection implemented by kernel mode drivers of today’s security products can be bypassed effectively by a code running on an unprivileged user account. If you ever heard of SSDT hooks or similar techniques to implement various security features such as products’ self-defense, we will show you how to bypass the protection easily.

Source:
http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Posted in Internet, Security, Software, Windows | No Comments

IronKey launches secure online banking USB stick

IronKey has launched its Trusted Access for Banking USB stick at InfoSec 2010 in London. The IronKey TAB uses an isolated virtual machine launched from the stick and a intermediate server accessed through a VPN like connection to create a secure channel from the user to IronKey’s servers, and from there to the bank’s web servers.

The solution is aimed at commercial banks and their customers who have found that malware using keyloggers on host PCs have made techniques such as two factor authentication vulnerable. IronKey say that already, in some cases, key-logging malware is monitored live for user access; the entry of security tokens can be listened in on and replicated while the token is still valid. The IronKey TAB runs a Linux based operating system which in turn runs a dedicated Firefox based browser. It takes a number of steps to prevent key-loggers from intercepting passwords and has an optional virtual keyboard for non-keyboard password entry. It also makes use of the IronKey’s integrated RSA SecurID to provide login tokens, but adds an extra, variable obfuscation to ensure that any malware spies will see an invalid token.

In some ways, the IronKey TAB is similar in intent to the process of booting a Live CD of Linux and performing banking from the read only Live CD environment, but without the need to reboot the host system and activated only when the stick is plugged in and the stick itself is not compromised. IronKey goes further than a dedicated machine or LiveCD solution by taking control of the connection to the banks servers, using a VPN like wrapper for network traffic and handling DNS requests through IronKey’s server, to avoid man in the middle or DNS manipulation based attacks. The bank can configure the device to only allow access to its own websites and those of trusted partners. The server can also block access based on IP addresses, time of day or location, a capability based on IronKey’s secure USB flash drive offerings. The system also offers remote kill or lock-out capabilities to disable lost or stolen sticks.

Source:
http://www.h-online.com/security/news/item/IronKey-launches-secure-online-banking-USB-stick-988577.html

Posted in Hardware, Internet, Privacy, Security | No Comments