Even chatting online can expose you and your network to viruses and the like.
variants are being seen. Bropia is
a worm that spreads via MSN Messenger
. If you haven't
already closed access to MSN, consider doing so. Microsoft Knowledge Base article
describes how to prevent access to MSN within a corporate environment.
Remember, instant messaging services like MSN and AOL Instant Messenger (AIM)
are the leaky holes in your otherwise tight perimeter. With more and more malicious
code seeking to use them as conduits, we become very reliant on the messaging
service providers to filter out such malware. The best situation is to black-hole
it with a proxy that understands the protocol and denies it access to the sites.
This way the protocol won't search for alternative ways to get out (as MSN will
do), and instead just think the service is unavailable.
More buffer overflows that you can shake a stick at—that's
the best description of Microsoft's 12 new security bulletins and one reissue
this month. Several stand out:
is a buffer overflow in SMB (server message block)
response packet handling. Although the client has to initiate a request to
a malicious system in order to receive the packets that could overflow the
buffer, it's still the type of vulnerability that could very well turn into
a significant worm.
is a buffer overflow in the handling of OLE (object
linking and embedding) objects, specifically those objects with a MIME type
of MS-TNEF. This is particularly worrisome on Exchange
servers, as they'll interpret those MIME types when they're presented at the
server. Details have thus far been withheld.
is an overflow in the License Logging Service, typically
enabled on a server (only Windows Server 2003 has it disabled by default).
The service is defunct, so make sure it's been disabled.
is an overflow in the PNG (portable network graphics)
format handler in MSN Messenger and Windows
Media Player. Proof of concept code has been published, and W32.Bropia
already uses similar attack methods. This one could very well turn into a
new series of viruses.
- The widely-publicized Internet Explorer "Drag-n-Drop"
vulnerability has finally been fixed. It required two patches—MS05-008
for the OS, and MS05-014
was re-issued. This was a problem in the way Exchange Server handled DNS
response packets when it did a reverse lookup on an IP address for incoming
SMTP messages. The bulletin was re-issued because
a version was made available for Exchange 2000, which was previously not thought
to be vulnerable.
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
The World Cup 2006
will be one of the first events
to incorporate Radio Frequency Identification
technology in its tickets. A lot of information is recorded into the ticket,
including name, date of birth, address, nationality, team loyalty and banking
information. If all this data is all tied to the RFID, it opens the door to
possible massive privacy invasion.
Imagine if local bars figured out how to read the information and installed
sensors at their doors to only allow in followers of certain teams, or of certain
nationalities. The mind boggles at the potential for abuse here. That said,
it's unlikely that all this data would be readable off of the ticket, as opposed
to stored in a database for lookup. Still, despite the problems associated with
hooligans, is it necessary to gather this sort of information in advance? I
would hope it isn't.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.