DirectX Confusion Is Good News -- For Hackers
Thanks to Microsoft, outdated versions of DirectX can leave users vulnerable.
MS05-050 v2 - Vulnerability in DirectShow Could Allow Remote Code Execution:
Microsoft re-issued this bulletin
yet again, this time providing an entirely new binary that is now alleged to
account for all possible problem DirectX installations. Problem installations
come about because some users may have installed the wrong DirectX version on
their system. Of course one has to ask the question: How the heck could someone
install the wrong version of DirectX on their system? The answer lies in the
ongoing problem Microsoft has that some technologies have their own teams who
seem to be unaware of the various Microsoft operating systems, or at the very
least how to properly identify them.
I choose to install the wrong version of a package on my system…shame
on me…MS allows me to install the wrong version of an integral component
on my system…what are they thinking?
It was a rough year for Internet Explorer 6.0 in 2005. We received seven
Cumulative Updates for Internet Explorer addressing 18 different vulnerabilities
in 2005, versus only four in 2004, which addressed 16 vulnerabilities. Probably
the most interesting fact was that all of the IE vulnerabilities addressed in
2005 affected IE 6.0 SP2 equally with IE 6.0 pre-SP2. Given all of the hoopla
associated with the massive effort put into developing SP2, one could have hoped
to see it fare better than its predecessors. One could easily conclude that
the exhaustive search Microsoft suggested it did to root out bad code simply
yielded more features and, seemingly, little bad code. On the upside I suppose
we can say that at least we didn’t see vulnerabilities that were unique
to IE 6.0 SP2.
Metasploit Framework v3 “Alpha” released: Metasploit Framework
is an open-source platform for, amongst other things, exploit “research”
The primary change in this version seems to be the change from Perl to Ruby
as the development language.
Denial of Service
Northgate Information Systems, 3Com and online fashion retailer
ASOS were among companies affected by explosions at the oil depot near
Hemel Hempstead, U.K. Northgate indicated that, as a result of the damage caused
by the explosion, its backup facilities failed. As such, they had to institute
their business continuity plan, which involved the use of off-site facilities
in order to service their customers.
This just goes to emphasize that it's not just your building you have to worry
about, but nearby buildings, too, when considering your disaster recovery and
business continuity plan.
The next big Sober worm attack was scheduled to take place Jan. 5 or
6. The date was embedded in previous Sober variants. AV vendors determined the
URLs the worm would use to download new instructions from.
You got to love the hype that was wrapped around that announcement. Far be
it for me to suggest that this had anything to do with hoped-for Christmas sales
of anti-virus and other security software.
Spyaxe purports to be an anti-spyware tool, but it’s in fact adware.
It has been, at times, the No. 2 hit on Google for "spyware." CoolWebSearch
was No. 1 on the you-don't-want-to-get list, but it has now been replaced by
Spyaxe. This isn’t the first time that software purporting to be “security
software” has, in fact, been malicious…nevertheless, it demonstrates
the problem the public face. What do they hear? “Got spyware, get an anti-spyware
tool!” How are they to know that one tool is legitimate and yet another
Adobe has announced that it, too, like Microsoft, Cisco and others, is
going to go to a regularly monthly schedule for publishing fixes for most, if
not all, of their products. This will also include updates for the Macromedia
Flash Player, recently acquired by Adobe.
We’ve been in favor of monthly patch release schedules, particularly
for security updates. However, we do hope that Adobe chooses a date of their
own rather than piggybacking on a date in use by others, especially the second
Tuesday of each month used by Microsoft. If all vendors decided to use the same
day, that day would easily become too burdensome to allow for immediate action
should it be needed by any vendor.
A victim of the recent Sam's Club security breach believes his information
was stolen via a card-skimming device attached to the credit card reader on
the Sam’s Club gas pump. "I remember the credit card reader looking
different," he said. "Unfortunately, I realized what this meant after
I discovered the fraudulent charges."
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
Problems determining whether cash is real or fake have led to numerous improvements,
but regardless it remains a prevalent risk for any consumer and merchant. Today,
consumers face the additional problem of being able to determine whether or
not the device a merchant offers them to pay electronically is legitimate or
not. With so many steps in the process, there is a far greater opportunity for
fraud in electronic payment processing than there is in cash payments, yet electronic
transactions remain the safest method for consumers, primarily by virtue of
the financial institutions’ willingness to reimburse customers for fraud.
Windows OneCare Live has been found to disable Absolute Software's
Computrace LoJack software. Windows OneCare Live is a comprehensive security
solution from Microsoft, which is still in beta; it provides firewall, anti-virus,
anti-spyware and “tune-up” features. LoJack is intended to provide
laptop tracing in the event a laptop is stolen.
News stories about problems with beta software…you gotta love it. Unfortunately,
far too many people forget the purpose of beta testing, which is to determine
whether any problems exist, and if they do, get them resolved prior to going
public. In this case, one beta tester decided to inform Cnet, who in turn made
a story out of it.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.