The Catawba County Schools is playing the blame game rather than owning up to operator error on behalf of their own employees. The school district somehow convinved a judge to issue an injunction against Google for allegedly posting names, social security numbers and grades of 619 students.
They school district claims that Google somehow trespassed on their server and made information publicly available. There is very little information about this incident being publicly released, however the following statement really caught my attention:
“One of the students on the list had a presence on the Web,” she said. “In Google’s effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.”
Based on reading the statement by the district I can only surmise that they have incompetent system administrators working on their web server. It is common knowledge by those in the industry that if information is posted on a publicly accessible web site then it can be spidered and indexed by Google. If the information is properly protected then there is no way for Google’s spider to crawl the documents, therefore they will not be included in their index.
Sadly, it appears that nobody is willing to own up and tell the school district that they made a mistake. Taxpayer dollars will be wasted on a baseless lawsuit that could have been avoided if 1) the district hired competent system administrators and 2) the employees properly briefed their supervisors on their own mistakes.
Microsoft issued a security advisory for an Excel vulnerability that I recently wrote about. The company acknowledged reports of the exploit but has not yet determined the cause, or any fix action as of yet.
Microsoft is investigating new public reports of limited “zero-day†attacks using a vulnerability in Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac. In order for this attack to be carried out, a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker.
In order to avoid the possibility of being compromised by this vulnerability just do not open attachments from untrusted, unreliable authors. This is a best practice that should be followed daily. If you are already weary about opening attachments from unknown senders then you are on the right track.
Cracking OS X Passwords is far easier than you might have thought. But how often does a system administrator really need to do something like this?
It’s interesting how most papers on the subject state that’s it is useful knowledge for Sysadmins to know how to crack passwords; come on, let’s be honest a Systems Administrator will most likely reset the password or if he can’t he will simply reinstall the Operating System. I’ve worked as a Sysadmin for several years and not once I had to “crack†a password.
Nonetheless, while not exactly the most necessary piece of information around, know that it is available in the event that you need it. Or, if you just desire to play around then you now know that capability exists.
A day after Microsoft released 12 patches that fixed 21 vulnerabilities, including an exploit in Word, it appears that reports of a new vulnerability in Microsoft Excel are surfacing.
Here’s what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.
There probably will not be a patch until the next Patch Tuesday so be on the lookout for any malicious activity that may attempt to exploit this vulnerability.
If you have ever forgotten your Windows administrator password then you probably panicked, and ultimately ended up wiping your hard drive and performing a clean install of Windows. I bet you did not know that was completely unnecessary, as there is a pretty simple method for resetting an administrator password on just about every version of Windows.
ERD is an excellent multi purpose product, but you should know it is not a necessary one if you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password. Not necessary because you can easily change or wipe out your Administrator password for free during a Windows XP Repair. Here’s how with a step-by-step description of the initial Repair process included for newbie’s.
The main reason I bring this up is because it is an attack vector on to a workstation and, ultimately, network. If the system administrators have not properly locked down a computer then the chances that this simple “attack” succeeds is fairly significant.
The second largest patch Tuesday has arrived, with Microsoft issuing fixes for 8 critical security flaws, and a host of other non-criticals, in a number of their products. Today’s set of patches offered the greatest number since February 2005, and is the second largest overall.
Out of the eight critical fixes, 2 resolve Internet Explorer vulnerabilities, 1 is for Windows Media Player, 2 are for the Windows operating system itself, 1 is for Word and 1 is for PowerPoint. The Word patch reconciles a major security issue regarding a highly-publicized zero-day exploit, which has already used in conjunction with a number of attacks. The vulnerability can be exploited after a user opens a specially crafted Word file with a malformed object pointer, allowing for code execution.
There is also a cumulative patch for Internet Explorer, which fixes five code execution vulnerabilities, a spoofing flaw, and an issue that could pose both an information disclosure or spoofing risk. Modifications to the way that Internet Explorer handles ActiveX controls is also included in the IE cumulative update.
It is highly recommended that all organizations take the necessary steps required in order to install these patches, especially considering the critical exploits that they resolve.
Microsoft announced during this week’s TechEd 2006 conference that it plans to consolidate all security efforts under a single umbrella, to be named “Forefront.” Along with their launching of Microsoft Antigen, an e-mail security product, they also announced ISA Server 2006, the successor to ISA Server 2004. ISA Server 2006 is an integrated edge security gateway, which combines a firewall and web proxy server in to a single product.
Forefront products reflect Microsoft’s ongoing strategy to provide a comprehensive set of security products across client, server and edge that integrate with existing infrastructure and simplify the task of managing and controlling IT security and access. The first Microsoft Forefront products will be Forefront Client Security (formerly Microsoft Client Protection), scheduled for open beta in the fourth quarter of this year, and the next generation of our Antigen products. Forefront Security for Exchange Server and Forefront Security for SharePoint are timed to coincide with the upcoming Microsoft Exchange Server 2007 and Office 2007 launches. As Microsoft ISA Server continues to evolve, customers can also expect a Forefront version of our integrated edge security and access gateway. To provide customers with further choice and flexibility, Forefront products will be available as stand alone solutions or as part of the Enterprise CAL suite, the Exchange Enterprise CAL suite or an integrated security product suite.
It will truly be interesting to see if security is really at the forefront of Microsoft’s mind, or if this is another meager attempt to confuse the masses in to offering up money for pointless services.
Social Engineering is an art that is almost a must have for would-be black hat types. It is the single most important way of obtaining insider information. Is it really any wonder that USB jump drives can be used as a social engineering tool?
The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.
Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.
I immediately called my guy that wrote the Trojan and asked if anything was received at his end. Slowly but surely info was being mailed back to him. I would have loved to be on the inside of the building watching as people started plugging the USB drives in, scouring through the planted image files, then unknowingly running our piece of software.
As the cliche goes, curiosity killed the cat. For some reason, when most people find a CD or USB drive laying around they assume that it is benign. Unfortunately, that could not be further from the truth in most instances.
The lesson learned here is this: when you see garbage, like a CD or USB drive, laying around your office, especially unattended, leave it be!
Exploit Prevention Labs, a company that I have never heard of prior to today, has just released SocketShield, an application that supposedly is capable of blocking zero-day exploits from penetrating a workstation.
SocketShield is the world’s first dedicated zero-day exploit blocker. Using a unique combination of research technologies, a deep understanding of anti-malware techniques, and skilled coding, the software is able to block exploits from entering your computer, regardless of how long it takes for the vendors of vulnerable applications to issue patches - or how long it takes for you to install those patches.
As the name implies, SocketShield works at the socket level. Sockets are the points of entry used by your computer to allow programs to be downloaded from the web and other sources; these sockets can be opened and closed to enable or prevent downloads. SocketShield uses the knowledge gained through its multiple research channels to determine whether any download is an exploit and to close any socket that a known or suspected exploit is attempting to use.
Certainly sounds like an intriguing tool that I am very interested in test-driving. A free trial is available, which I intend to download and install this week sometime. Look for an upcoming article that details the software and its capabilities.
Ethereal is probably the most popular protocol analyzer available today. It is an open-source project that spans multiple platforms, allowing the software to be used on Windows, OSX and Linux. Due to trademark ownership issues Ethereal changed its name to Wireshark.
John R.’s synopsis is essentially correct. Several years ago, my former employer (NIS) registered trademarks for the Ethereal name and logo. At the time this provided valuable legal protection for the project. Unfortunately, when I left we weren’t able to come to an agreement on the trademarks and they stayed behind.
There are several details about this that I can’t discuss, but I will say this: There was no “fight” between NIS and I. Although I’m deeply disappointed about the trademarks, I understand their decision. NIS is a great company and I still hold everyone there in high regard.
My reason to leave had more to do with the opportunities available at CACE (for the project, my family, and myself) than anything. The “good stuff” that will come from moving to CACE will far outstrip any “bad stuff” from the name change.
No matter what the name of the product is, it will surely remain the best protocol analyzer around. I have no doubt that the core development team knows what they are doing, and opted to take the best route for the product.