Friday, April 25th, 2008
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Wednesday, April 23rd, 2008
Malware authors will often have their files display something to the user so that they actually believe the file is legitimate. Many of us have experienced such tricks, including fake errors stating that a specific file could not be found or that the application failed to load properly. Today we ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, April 22nd, 2008
Following a friendly heads up from someone yesterday morning, I re-loaded the
following Kraken samples into my honeypot:
1d51463150db06bc098fef335bc64971
65b958bf6f5eddca3d9455354af08b6f
6ec7d67d5553cbec2a99c7fbe385a729
7ecef2f126e66e7270afa7b803f715bc
8fd8c67103ec073d9303a7fbc702f89a
and began monitoring them. Each sample proceeded to update itself;
the updated binary is around 160KB, given a random name and
placed in the system32 directory, and no longer has an imagefile icon.
The names/MD5 values of ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, April 22nd, 2008
Criminals changed tactics in the last six months of 2007, dropping malicious email in favour of Web-based attacks, according to data reported to Microsoft by Windows users.
The company saw the number of Trojan downloader programs it removed from Windows machines jump by 300 percent, according to Jimmy Kuo, principal architect ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, April 22nd, 2008
Foxit Reader is "a free PDF document viewer and printer, with incredible small size (only 2.1 M download size), breezing-fast launch speed and rich feature set. Foxit Reader supports Windows 98/Me/2000/XP/2003/Vista". Two security vulnerability in Foxit Reader allow a remote attacker armed with a malformed PDF file to cause the ...
Posted in Security, Software | No Comments
Monday, April 21st, 2008
In previous versions of Microsoft Windows, the System Preparation Tool (sysprep.exe) was found in the Deployment.cab file on your product CD. If you’ve examined the Vista DVD however, there’s no such cabinet file present.
So where can you find sysprep now? Turns out, it’s included in the operating system itself now ...
Posted in Networking, Windows | No Comments
Monday, April 21st, 2008
Abstract
Windows PowerShell™ is a new Windows command-line shell designed especially for system administrators. The shell includes an interactive prompt and a scripting environment that can be used independently or in combination.
Introducing Windows PowerShell
Most shells, including Cmd.exe and the SH, KSH, CSH, and BASH Unix shells, operate by executing a command ...
Posted in Coding, Linux, Windows | No Comments
Monday, April 21st, 2008
In a security alert last week, Microsoft reported a vulnerability which allows local users and users signed on with access to an Internet Information Server (IIS) or MS SQL server to escalate their privileges. Server operators such as hosting providers who allow user code to be executed, for example on ...
Posted in Coding, Privacy, Security, Windows | No Comments
Friday, April 18th, 2008
The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of ...
Posted in Internet, Privacy, Security | No Comments
Friday, April 18th, 2008
A demonstration of a security hole in the Microsoft Works Image Server (WkImgSrv.dll) ActiveX module contained in the Microsoft Works office suite has appeared on the Bugtraq mailing list. The demo appears to only cause a system crash. McAfee, however, has already found fully functional exploits which allow attackers to ...
Posted in Coding, Security, Windows | No Comments
