Posted on September 2nd, 2007 by Juha-Matti
Filed under: Commentary, Culture, Microsoft | 2 Comments »
New blog has been opened at MSDN Network Blogs section.
The opening post has officially – at last- informed the following fact:
We employ “white hat hackers” who spend their time pentesting and code reviewing applications and software looking for weaknesses and vulnerabilities so that others don’t once we’ve released that code into the wild.
It’s interesting to see if they will share information about BlueHat activities via this blog too.
But the link itself here:
Posted on August 28th, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Gadgets, Physical Security, Rootkits | No Comments »
This report of F-Secure’s Mika Ståhlberg states that MicroVault USM-F fingerprint reader software shipped with that Sony USB stick installs a driver that is hiding a directory under C:\Windows.
And – reportedly the guys of FS research laboratory
also tested the latest software version available from Sony at www.sony.net/Products/Media/Microvault/ and this version also contains the same hiding functionality. [added a hyperlink]
Hmmm – time to wear my white T-shirt with text familiar to many readers – “Most people don’t even know what a rootkit is, so why should they care about it?”
Posted on August 21st, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Culture, DDoS, Microsoft | 8 Comments »
In the situation when Skype’s explanation written on 20th Aug, Microsoft’s response written on Monday too and Skype’s clarification written today, 21th Aug exist it’s time to share word with a short summary:
Why the security community reacted like it reacted?
1. Microsoft has released monthly security updates since January 2004
2. There was three critical MS patches in July, and four critical in June
3. Only four August critical patches included a mandatory reboot
4. Critical patch (MS07-044) for code execution issue in Excel needs no reboot
5. Critical patch (MS07-050) for VML needs reboot only if files in use
6. SecurityLab.ru released public Skype Network Remote DoS Exploit on 17th Aug
7. There was new Skype for Windows version 126.96.36.199 out on 17th Aug
8. A lot of home users go to Microsoft Update on Tuesday, not on Thursday…
Do we need more reasons? No. Boys and girls at Skype, please share information that you are aware of public PoC, what the new bugfix release fixes etc.
But the good news: Villu Arak of Skype states that their “bug has been squashed.” And
The parameters of the P2P network have been tuned to be smarter…
Fine, because there are Black Tuesday patches in the future too!
Posted on August 21st, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Full Disclosure, Web | 2 Comments »
When putting together all six updates of IP address listings released at Cryptome.org it appears that National Security Agency knows very well what is happening in cables of companies, which are very familiar to us.
The newest August update Latest Updated NSA-Affiliated IP Resources 6 includes the following ISP’s and organizations: 3G Mobile, AT&T, Akamai Technologies, Amazon, Apple, Deutsche Telekom, eBay, Google, Microsoft, MySpace.com, Qwest, and Xerox Research Center.
From Tokyo Japan,the listing knows NTT Communications Corp., from Warszawa, Poland Netia Telekom, from Stockholm, Sweden and Helsinki, Finland TeliaSonera and from Vaasa, Finland VLP.
As always, Mr. John Young doesn’t disclose his sources.
Posted on August 21st, 2007 by Juha-Matti
Filed under: Commentary, Spam, Web | No Comments »
Some of the spam e-mails in my Inbox today are really funny, when looking the basic information of the messages.
From: Isabelle Hammer
Subject: Re: Ciaaaaaaliiis Viaaaaaagraaa Leeeeeevitra. Preise die keine Konkurrenz kennen
Message body: Hallo , jonleht !Meinung von unserem Kunden:
Ich nehme jedes Mal 10 mg….
Why the sender’s name differs from the visible name, why they are fighting against spam filters with thooose terrible wooords, why they send German language spam to Finland, why they call me jonleht – again?
Hey, we saw these non-working methods hundreds of times already!
Posted on August 18th, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Microsoft | 3 Comments »
When looking into this week’s Redmond patches there was a critical patch for Vector Markup Language component Vgx.dll – again.
The newest flaw exists in handling of compressed content and it’s heap overflow type vulnerability. The issue was discovered by Mr. Derek Soeder of eEye Digital Security.
Most of us remember the VML 0-day case in September ’06. ZERT released a 3rd party fix and Microsoft pushed out their official update before the monthly September bulletins. Details about the vulnerability and the case can be found from my Windows VML Vulnerability FAQ (CVE-2006-4868] document.
The reporting timelines of three newest VML issues below:
#1: fill method buffer overflow – Vgx.dll
18-Sep-06 Sunbelt Software contacted the vendor
Person who discovered this 0-day flaw is not known
25-Sep-06 MS06-055 is out
#2: Recolorinfo integer overflow – Vgx.dll
03-Oct-06 Vendor was contacted by iDefense
09-Jan-07 MS07-004 is out
#3: Compressed content heap overflow – Vgx.dll
24-Oct-06 Vendor was contacted by eEye
14-Aug-07 MS07-050 is out
Related to issue #2 Microsoft stated the following:
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
The fact is that Microsoft was aware of the latest vulnerability, i.e. issue #3 almost ten months.
Posted on August 13th, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Culture, Encryption, Full Disclosure, Law, Web | 1 Comment »
Mr. Stefan Esser of Hardened-PHP Project has informed that exploit codes of Month of PHP Bugs are not part of his Web site any more.
The reason for this is a new law in germany that is official since today. This new law renders the creation and distribution of software illegal that could be used by someone to break into a computer system or could be used to prepare a break in.
This list includes PoC exploits too, sees Mr. Esser.
But we know that The Internet remembers many things.
Posted on August 8th, 2007 by Juha-Matti
Filed under: Apple, Commentary, Fuzzing, Microsoft, Web | 2 Comments »
While running the tool, we found four crashers – one of which might have some security implications.
When we are reading news like this from Microsoft and Apple?
Posted on August 2nd, 2007 by Juha-Matti
Filed under: Commentary, Physical Security | No Comments »
Bluetooth Special Interest Group (SIG) has officially announced Core Specification v2.1 + EDR (i.e. Enhanced Data Rate) of Bluetooth.
The specification document itself is located here [.zip package].
The group states the following:
Improved pairing also offers “Man in the Middle” protection that in reality eliminates the possiblity for an undetected middle man intercepting information.
Posted on July 27th, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Culture, Virus, Web | 1 Comment »
During the last years several domains related to mispelled Microsoft.com have been registered, to advertise online casino etc.
But now, the Web site vvindowsupdate.com has been registered.
Did you see the address windowsupdate.com when reading the sentence? You are not alone!
Sunbelt guys are aware that a group behind the registration is affiliated with the infamous VxGame Trojan.
Posted on July 24th, 2007 by Juha-Matti
Filed under: Apple, Commentary, Web | No Comments »
The following Exploiting the iPhone video (1:20) has been posted to YouTube to demonstrate the recent MobileSafari vulnerability reported by Independent Security Evaluators.
The technical document is located here [PDF].
Posted on July 21st, 2007 by Juha-Matti
Filed under: Commentary, Culture, Interviews, Physical Security, Virus, Web | No Comments »
Dream Coders Team – a Russian team behind the MPack kit.
SecurityFocus has released an IM interview of
It’s really worth of reading!
Posted on July 13th, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Culture, Web | 2 Comments »
TippingPoint Technologies has released two alerts reporting about vulnerabilities in TippingPoint IPS this week.
The first issue is Signature Evasion type issue reported by Paul Craig, Security-Assessment.com.
3Com’s Alert 07-003
The second one is problem in the handling of fragmented packets.
Bypassing the intrusion prevention system is possible.
3Com’s Alert 07-002
But when looking into disclosure timeline [pdf] of Andres Riancho, Cybsec Security Systems the vendor was contacted on 6th February, 2006 already.
The updated TOS version was released on 4th July, 2007, i.e. last week.
I’m not saying 3Com is slow when fixing vulnerabilities, I think this issue was extremely difficult to resolve. Cybsec will “disclose technical details 30 days after publication of pre-advisory”. Let’s wait!
Posted on July 6th, 2007 by Juha-Matti
Filed under: Commentary, Web | 1 Comment »
The Web site of Zone-H (http://zone-h.org/) is running again – after a remarkable long downtime (and slowness).
It appears that they had some problems more than two years ago too.
Many thanks for replies posted to my message to funsec list confirming the problems.
In fact, there was problems to access their Web site on 31th May (and earlier) already.
The Digital Attacks Archive has content added in June too, however.
Posted on June 23rd, 2007 by Juha-Matti
Filed under: Commentary, Google, Web | No Comments »
The MOSEB campaign (Month of Search Engine Bugs) shared a good example of dangers of Googledorks this week.
When using the search string
site:youtube.com “clicks from ftp @” we’ll see 257 results.
“clicks from ftp” + filter=0, in turn, we will get 508 results.
Posted on June 17th, 2007 by Juha-Matti
Filed under: Commentary, Corporate Security, Microsoft, Web | 5 Comments »
Redmond giant has switched to IIS 7.0 on their Web site. Netcraft report of www.microsoft.com:
IP address: OS:
188.8.131.52 Windows Server 2003
Web Server: Last changed:
They don’t care about reports like this:
Web Server Software and Malware