Security Watch

Winamp BOV A Bad Attack Vector

Small number of hackers may try it, but won't get far. Plus: Banners ads that attack; remote robbery; fixing your Google rep; more.

A Winamp buffer overflow could be invoked as a potential victim listens to a criminally crafted Ultravox streaming media presentation. Both the artist and name parameters can be used to cause code of the criminal's choice to execute in the context of the victim user. Updates are available.

Okay, just take a moment and try to imagine an attack scenario: Some criminal has to host streaming media and attract victims to use Winamp to listen to it. Possible? Sure. Likely? Nope.

More Served Ads Attacks
Two more brand-name sites have been detected delivering criminally crafted banner ads to their customers. Expedia and Rhapsody both fell prey to Flash ads with embedded malware from ad suppliers somewhere in their ad network chain, according to this ComputerWorld report.

Must we say this again? If you don't check the validity of the ads you're running, then you're handing your reputation's control over to someone else. Make sure you have some form of contractual agreement that ensures that attack ads don't get served and provides adequate remedies to customers if you're so careless with your reputation.

Remote Robbery Does Not Pay
Seven Swedish criminals were arrested after an alert bank employee noticed electronic equipment connected to his or her computer. The device allegedly was attempting to transfer millions of dollars from the bank to accounts held by the criminals. "At the last minute," apparently, the bank employee disconnected a cable connected to the device, thereby preventing the transfer, said this report from The Register.

One just has to wonder how the employee noticed the device "at the last minute" after going for some period of time not noticing it. Almost sounds like an insider who changed his mind -- at the last minute.

Online Posse Hangs The Wrong Man
In an excellent example of how stupid criminals can be, and how poorly thought out some hactivism is, a site claiming to try and help a group who have been hacking Church of Scientology sites posted the name, address and phone numbers of an individual in Stockton, CA. From this story in Wired, the group claimed that person was responsible for hacking into a site used by their "friends," called the g00ns. Meanwhile, the 59 year-old man and his wife who own the phone number say they have nothing to do with this in any way, but have been receiving obscene phone ever since.

No matter the intent, there will always be collateral damage to innocent victims when such tactics are used by anyone. Consider, if you will, what happens if you use an anti-spam program that "retaliates" by sending e-mails back to a spammer. Anyone else on the same network segments now has the volume of traffic being consumed by the spammer, but doubled. If the spammers as well as the innocent bystanders on the same segment weren't noticing degraded performance before, they'll definitely notice now. Further, assume the e-mail server is being used by legitimate users but one of them has a spam-producing program installed. Everyone now suffers from the increased volume in both directions.

It just cannot be justified to use criminal tactics -- unless, of course, you're a criminal!

Googling Your Rep
Googling is rapidly becoming one of the most important methods of determining the reputation of someone you're interested in, whether it's for a job or a date. There are even reputation managers stepping into the fray, whose job is to attempt to fix a person's or a company's maligned reputation.

A key point made in this article is knowing just what is out there about you or your company. The fix isn't so simple for those who've been maligned, as there are significant obstacles to removing -- or just correcting -- bad information. Still, it doesn't mean you shouldn't try. Even just being aware of the misinformation could help you defeat or correct it.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular