27B Stroke 6 as some more on the VA data theft, which contained an immense amount of information on US veterans and active duty military. This whole story is turning in to something very interesting. More specifically, a test case on how not to handle stolen sensitive material.
The FBI has done some forensic work on the laptop and says it can’t find any evidence that the data was accessed. InfoWorld’s Robert Grimes chimes in to say, Rumsfeld style, that the absence of evidence is not the evidence of absence, since any fool could have simply cloned the disk and then accessed the database on the cloned disk.
Now, there’s also some back in forth in the VA about whether the data analyst was authorized to take the data home. The analyst, who has been fired, says he has a letter authorizing him to take the data home, while the VA says the letter is for a different computer.
What really concerns me is this: why was this analyst working with social security numbers on a laptop, rather than in the office while connected to the network? I can not, for the life of me, come up with a good reason for why this analyst was doing what he was doing, with the data that ultimately ended up stolen.
The upcoming patch Tuesday from Microsoft will offer 7 security patches to reconcile vulnerabilities found in their widely used software.
Although Microsoft does not disclose in advance what flaws are to be patched, two vulnerabilities in Excel are likely to be among the fixes. One issue relates to maliciously crafted spreadsheet files that could lead to a full system compromise, while the other relates to hyperlinks in Excel documents.
Two security flaws affecting Internet Explorer were also reported last week, including a cross-site scripting issue where an attacker could view information in an open browser window from another that is visiting a malicious site.
As usual, Internet Explorer is being fixed yet again. For the second month straight Excel will receive some patch love among a few others that we are not yet aware of. If you are a corporate system administrator then ensure you test these patches on a closed network before deploying throughout your enterprise.
Once again, Microsoft is bowing to pressure from businesses rather than thinking of possible security ramifications of the features they add to Windows Vista. This time Windows Vista gets an ActiveX installer service so that the controls can be installed on client workstations regardless of the permissions of the user logged in.
The new feature, called ActiveX Installer Service, will be fitted into the next public release of Vista to provide a way for enterprises to cope with the UAC (User Account Control) security mechanism.
UAC, formerly known as LUA (Limited User Account), is enabled by default in Vista to separate Standard User privileges from those that require admin rights to harden the operating system against malware and malicious hacker attacks.
However, because UAC will block the installation of ActiveX controls on Standard User systems, enterprise applications that use the technology will encounter breakages. ActiveX controls are objects used to enhance a user’s interaction with an application.
This sounds like an exploit that many will be salivating to take control of. While it remains to be seen just how vulnerable this “feature” is, the base description certainly leaves a lot to be desired. How long before a privilege escalation exploit is released?
The Catawba County Schools is playing the blame game rather than owning up to operator error on behalf of their own employees. The school district somehow convinved a judge to issue an injunction against Google for allegedly posting names, social security numbers and grades of 619 students.
They school district claims that Google somehow trespassed on their server and made information publicly available. There is very little information about this incident being publicly released, however the following statement really caught my attention:
“One of the students on the list had a presence on the Web,” she said. “In Google’s effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.”
Based on reading the statement by the district I can only surmise that they have incompetent system administrators working on their web server. It is common knowledge by those in the industry that if information is posted on a publicly accessible web site then it can be spidered and indexed by Google. If the information is properly protected then there is no way for Google’s spider to crawl the documents, therefore they will not be included in their index.
Sadly, it appears that nobody is willing to own up and tell the school district that they made a mistake. Taxpayer dollars will be wasted on a baseless lawsuit that could have been avoided if 1) the district hired competent system administrators and 2) the employees properly briefed their supervisors on their own mistakes.
Cracking OS X Passwords is far easier than you might have thought. But how often does a system administrator really need to do something like this?
It’s interesting how most papers on the subject state that’s it is useful knowledge for Sysadmins to know how to crack passwords; come on, let’s be honest a Systems Administrator will most likely reset the password or if he can’t he will simply reinstall the Operating System. I’ve worked as a Sysadmin for several years and not once I had to “crack†a password.
Nonetheless, while not exactly the most necessary piece of information around, know that it is available in the event that you need it. Or, if you just desire to play around then you now know that capability exists.
A day after Microsoft released 12 patches that fixed 21 vulnerabilities, including an exploit in Word, it appears that reports of a new vulnerability in Microsoft Excel are surfacing.
Here’s what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.
There probably will not be a patch until the next Patch Tuesday so be on the lookout for any malicious activity that may attempt to exploit this vulnerability.
If you have ever forgotten your Windows administrator password then you probably panicked, and ultimately ended up wiping your hard drive and performing a clean install of Windows. I bet you did not know that was completely unnecessary, as there is a pretty simple method for resetting an administrator password on just about every version of Windows.
ERD is an excellent multi purpose product, but you should know it is not a necessary one if you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password. Not necessary because you can easily change or wipe out your Administrator password for free during a Windows XP Repair. Here’s how with a step-by-step description of the initial Repair process included for newbie’s.
The main reason I bring this up is because it is an attack vector on to a workstation and, ultimately, network. If the system administrators have not properly locked down a computer then the chances that this simple “attack” succeeds is fairly significant.
The second largest patch Tuesday has arrived, with Microsoft issuing fixes for 8 critical security flaws, and a host of other non-criticals, in a number of their products. Today’s set of patches offered the greatest number since February 2005, and is the second largest overall.
Out of the eight critical fixes, 2 resolve Internet Explorer vulnerabilities, 1 is for Windows Media Player, 2 are for the Windows operating system itself, 1 is for Word and 1 is for PowerPoint. The Word patch reconciles a major security issue regarding a highly-publicized zero-day exploit, which has already used in conjunction with a number of attacks. The vulnerability can be exploited after a user opens a specially crafted Word file with a malformed object pointer, allowing for code execution.
There is also a cumulative patch for Internet Explorer, which fixes five code execution vulnerabilities, a spoofing flaw, and an issue that could pose both an information disclosure or spoofing risk. Modifications to the way that Internet Explorer handles ActiveX controls is also included in the IE cumulative update.
It is highly recommended that all organizations take the necessary steps required in order to install these patches, especially considering the critical exploits that they resolve.
Exploit Prevention Labs, a company that I have never heard of prior to today, has just released SocketShield, an application that supposedly is capable of blocking zero-day exploits from penetrating a workstation.
SocketShield is the world’s first dedicated zero-day exploit blocker. Using a unique combination of research technologies, a deep understanding of anti-malware techniques, and skilled coding, the software is able to block exploits from entering your computer, regardless of how long it takes for the vendors of vulnerable applications to issue patches - or how long it takes for you to install those patches.
As the name implies, SocketShield works at the socket level. Sockets are the points of entry used by your computer to allow programs to be downloaded from the web and other sources; these sockets can be opened and closed to enable or prevent downloads. SocketShield uses the knowledge gained through its multiple research channels to determine whether any download is an exploit and to close any socket that a known or suspected exploit is attempting to use.
Certainly sounds like an intriguing tool that I am very interested in test-driving. A free trial is available, which I intend to download and install this week sometime. Look for an upcoming article that details the software and its capabilities.
If you have ever been involved in managing a host-based firewall solution for your organization then you know what a headache it can be. Possibly the most difficult task is maintaining the desktop firewall policy, so that users are capable of performing their daily work, without the interference that these applications are known to cause.
Security Focus has a great article outlining standards in desktop firewall policies. If you have experience running a program of this nature, or are endeavoring to commence one, then this is a must read.
The idea of a common desktop firewall policy in any size organization is a very good thing. It makes responses to external or internal situations such as virus outbreaks or network-oriented propagation of viruses more predictable. In addition to providing a level of protection against port scanning, attacks or software vulnerabilities, it can provide the organizations local security team a baseline or starting point in dealing with such events.
The trick to a good desktop firewall policy is to provide a balance between security and the networking requirements of the applications needed by the organization. It’s possible the organization may not yet have a complete knowledge of these requirements. This should make the first attempt to define a standard/global policy interesting, depending on the level of protection one is trying to provide and the situation or environment the desktops may be in.
The articles does not talk about the various products available, only about the basic theory behind managing and maintaining a desktop firewall policy. If you are looking towards defense in depth then host-based firewalls might be a good direction to go, which makes this a much more important read than you might have initially though.