Flame malware incident causes Microsoft to revamp Windows encryption keys

Granted it’s reactive instead of proactive but looks like a good move by Microsoft.

Starting next month, updated Windows operating systems will reject encryption keys smaller than 1,024 bits, which could cause problems for customer applications accessing websites and email platforms that use the keys.

Image representing Windows as depicted in Crun...

Image via CrunchBase

The cryptographic policy change is part of Microsoft’s response to security weaknesses that came to light after Windows Update became an unwitting party to Flame Malware attacks, and affects Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, according to the Windows PKI blog written by Kurt L. Hudson, a senior technical writer for the company.

“To prepare for this update, you should determine whether your organization is currently using keys less than 1,024 bits,” Hudson writes. “If it is, then you should take steps to update your cryptographic settings such that keys under 1,024 bits are not in use.”

Source: Microsoft to revamp Windows encryption keys in face of Flame malware | Microsoft Windows – InfoWorld.

Microsoft Issues Patches For Zero-Day Bug & 15 Other Flaws

Numerous flaws were addressed via patches Tuesday by Microsoft.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

The company also addressed at least 15 other flaws in its software, and urged customers to quit using the desktop Sidebar and Gadget capabilities offered in Windows 7 and Windows Vista.

By far the most urgent of the updates is MS12-043, which fixes a critical vulnerability in Microsoft XML Core Services that miscreants and malware alike have been using to break into vulnerable systems. Microsoft had already warned about limited, targeted attacks using this flaw, but late last month an exploit built to attack the XML bug was added to the BlackHole Exploit Kit, an automated browser exploit tool that is very popular in the criminal underground right now.

Other critical patch bundles include a fix for a dangerous flaw in the Microsoft Data Access Components (MDAC) of Windows, and an update to address a pair of vulnerabilities in Internet Explorer.

Microsoft also released a FixIt tool to help network administrators block the use of Gadgets and the Sidebar on Windows 7 and Windows Vista systems. “We’ve discovered that some Vista and Win7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run,” Microsoft said in a blog posting, without offering much more detail about any specific findings.

Source: Microsoft Patches Zero-Day Bug & 15 Other Flaws — Krebs on Security.

Malware went undiscovered for weeks on Google Play

Wonder what Google will have to say regarding this.

Security researchers have discovered malware hosted on the Google Play marketplace that went weeks undetected masquerading as games.

Android.Dropdialer, a Trojan that sends costly text messages to premium-rate phone numbers in Eastern Europe, had gone undiscovered for two weeks in the form of two game titles, Symantec researcher Irfan Asrar wrote in a blog post yesterday. The two games — “Super Mario Bros.” and “GTA 3 – Moscow city” — were uploaded to Google Play on June 24 and generated 50,000 to 100,000 downloads, Asrar said.

“What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered,” Asrar wrote. “Our suspicion is that this was probably due to the remote payload employed by this Trojan.”

The Trojan’s authors avoided detection during Google Play’s automated screening process by breaking up the malware into separate, staged payloads, Asrar said. Once downloaded and installed from Google Play, the apps would download an additional package for installation that sent the text messages.

Source: Malware went undiscovered for weeks on Google Play | Security & Privacy – CNET News.

NIST Updates Guidelines for Mobile Device Security

Mobile devices allow workers, including government employees, to work in multiple locations and to improve their efficiency. But the same features that make these devices desirable make them a security challenge. Mobile

logo of National Institute of Standards and Te...

(Photo credit: Wikipedia)

devices can easily be lost or stolen, and users may be tempted to download nonsecure apps that might conceal “malware” that could be used to steal confidential data. Since security is minimal for mobile devices, a thief can retrieve sensitive data directly from the device, or use the phone or tablet to access an organization’s computer network remotely.

The revised guidelines recommend using a software technology that centralizes device management at the organization level to secure both agency-issued and personally owned devices that are used for government business. Centralized programs manage the configuration and security of mobile devices and provide secure access to an organization’s computer network. They are typically used to manage the smart phones that many agencies issue to staff. The new NIST guidelines offer recommendations for selecting, implementing, and using centralized management technologies for securing mobile devices.

“Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats,” explains co-author and NIST guest researcher Karen Scarfone.

Source: NIST Updates Guidelines for Mobile Device Security | DFI News.

What are your thoughts on the proposed update? 

“Do you need a honeypot?”

An interesting argument on how honeypots are an important key in the security arsenal.

Let’s start at the beginning, what is a honeypot? Put simply, it is a machine that is designed to tempt any unknowing attacker to target it, whilst being configured to trace the origins of the attacker and identify them. However, this can lead to the perception that honeypots can be a quagmire of risk and liability, as well as raising understandable concerns about willingly allowing an attacker to access your system under your control.

However, there are many forms of honeypots, and they can be used in many different ways. The idea of the honeypot as merely a host designed to be breached; sitting on the perimeter of your network is far from the whole picture. Let’s take a look over some different uses of honeypot style systems and consider their place in a well-equipped enterprise security program.

Building a fully-functional and interactive honeypot that resembles a real production system can be a daunting task, replete with risk (you would be, after all, building a machine with the intention of it falling
under the control of an attacker) but there are many other levels of honeypots before this level of complexity, and all of them present value to security monitoring.

Source: Do you need a honeypot?.

Very informative descriptions of some of the honeypot methods that are out there for use by organizations. As Conrad Constantine points out:

The use of honeypots, like everything in information security, is always evolving and the technique has a lot of potential to disrupt attackers by wasting their time and resources, directing them away from their true targets and forcing them to reveal themselves.

Is Your Blog Over-optimized?

In the world of search engine optimization …

Well, that “level playing ground” is here with the April 24th release of the Penguin algorithm update, which has affected an estimated 3% of all search queries. If you saw your blog traffic dip unexpectedly on this date, it’s possible you’ve been “pecked” by the Google Penguin—an indication that your blog is considered to be over-optimized in the eyes of the search giant.

Of course, knowing that you’ve been affected and taking remedial actions to recover from a Penguin penalty are two different things. Because of Google’s natural reticence when it comes to revealing the exact parameters that cause a site to be flagged for over-optimization, it’s impossible to know exactly which factors led to your site’s penalty.

The key to determining how to move forward following a Penguin attack lies in identifying potential over-optimization flags that can be quantified and measured by the search engines. Remember, the Googlebot can’t manually assess the quality of every website online. Instead, it must rely on measurable signals that can be used to infer objective value.

Source:  Is Your Blog Over-optimized? : @ProBlogger.

“Android susceptible to sophisticated clickjacking malware”

Due to the loose restrictions Google places on it’s app-marketplace?

Clickjacking rootkits could pose the next big threat for the Android platform, according to a research team out of North Carolina State University. Led by computer science professor Xuxian Jiang, the team has developed a prototype clickjacking rootkit that’s more sophisticated than the other Android-oriented malware already out there.

This new prototype rootkit — which attacks the Android framework, rather than the kernel — differs from other malware in key ways, according to Jiang. “Unlike other rootkits for the platform, this one can function without a restart and without deep modification of the underlying firmware,” Jiang explained in a video in which he demonstrates the rootkit in action. “But it can still do all the things that a rootkit wants to do, such as hide or redirect apps.”

Source: Android susceptible to sophisticated clickjacking malware | Mobile security – InfoWorld.

In other words just as with other computing devices keep anti-virus software up-to-date.

Widely used Web attack toolkit exploits unpatched MSXML flaw

English: A candidate icon for Portal:Computer ...

(Photo credit: Wikipedia)

An exploit for an unpatched vulnerability in the MSXML (Microsoft XML Core Services) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.

The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability — an actively exploited vulnerability for which an official patch doesn’t yet exist.

Source:  Widely used Web attack toolkit exploits unpatched MSXML flaw | Security – InfoWorld.

Be sure to keep that anti-virus up-to-date and also utilize the Fix-It tool Microsoft has made available.

Windows 8 Pro Upgrade: Your FAQs Answered

Looks like Microsoft is making a big push to get users to upgrade later this year.

When Windows 8 launches later this year you’ll be able to upgrade to the pro version of Microsoft’s newest desktop OS for just $40 for a limited time. The deal will apply to a broad base of current Windows users including those running Windows XP, Vista and Windows 7. Microsoft had a similar offer during the launch of Windows 7 but this one is cheaper than its predecessor. (Windows 7 upgrades ranged from $50-$100 at launch.)

Another big difference between the Windows 7 and Windows 8 upgrade deals is that you get the pro version instead of the base version of Windows 8. And if you’re a Windows Media Center fan, Microsoft’s Windows 8 upgrade deal will let you download the entertainment center program for free (more on that later).

If you plan on upgrading to Windows 8, here’s what you need to know about Microsoft’s limited-time upgrade deal.

Source: Windows 8 Pro Upgrade: Your FAQs Answered CIO.com.

Ticketmaster Books a Private Cloud with Cisco

The third largest e-commerce company in North America is moving much of its operations to the cloud.

Live Nation Entertainment, which operates online ticket sales site Ticketmaster and three other entertainment-related businesses, is clouding up its Ticketmaster and Live Nation Concert and Network operations to achieve the efficiencies of virtualization and speed time-to-market with new offerings. The company is in the very early stages of its private cloud implementation, however, so efficiencies are currently difficult to quantify.

But it’s a sizable undertaking. Live Nation has 7,000 employees in 153 offices spread across 18 countries. Its revenue in 2011 was $5.4 billion, of which Ticketmaster accounted for $1.56 billion and other Live Nation operations $3.8 billion.

Source:  Ticketmaster Books a Private Cloud with Cisco CIO.com.

It will be interesting to see the efficiencies once the implementation has been completed.

%d bloggers like this: