Office vulnerability (MS12-015)

MS12-011 is an XSS vulnerability in Sharepoint

MS12-014 and MS12-012 cover DLL preloading vulnerabilities

MS12-010 fixes four vulnerabilities in Internet Explorer

MS12-013 - Media Player vulnerability

MS12-016 - .NET framework and Silverlight vulnerabilities

MS12-009 -  64bit Windows 7 vulnerability

The above february patches from Microsoft should be taken into consideration as they target both Windows and Mac apps.

Nessus 5.0 delivers delievers enhancements that streamline and optimize all the important steps in the vulnerability and configuration process. Here are some benefits to be found in the download Nessus 5.0 vulnerability scanner:

Streamlined startup – A brand new installation wizard and web interface features Nessus 5.0 to be up-and-running, a configuration that only need a few minutes.

Quick policy creation – There are many new plugin filters that make it fast and easy to create policies for targeted scans. You can select multiple filter criteria, such as, vulnerability publication date, public vulnerability database ID, information assurance vulnerability alert (IAVA), and it is also very simple to identify easily-exploitable vulnerabilities.

Industry-leading efficiency – The real-time scan results combined with on-the-fly filtering lets users that download Nessus 5.0 vulnerability scanner to quickly observer risk level and act upon vulnerability data without before the scan is over. 1-click navigation lets you jump from critical vulnerability to vulnerable host to the details of the vulnerability. 5 critical levels quickly separate informational data from actionable results.

Customizable reports – Multiple filters, results management, and new pre-configured report formats allow users to produce targeted reports tailored to fit the needs/interests of executives, systems administrators, and auditors. Users can also combine multiple report templates into a single, comprehensive report, which can be delivered in a variety of formats, including PDF after you download Nessus 5.0 vulnerability scanner

“Tenable’s dynamic library of now nearly 50,000 individual vulnerability and configuration checks is updated continuously to ensure the accuracy and relevance of Nessus scans and audits. Our next-generation scanner continues to be recognized by security professionals, network penetration testing teams, and auditors as the de facto standard for vulnerability and configuration assessment.” said Ron Gula, CEO and CTO of Tenable Network Security. “Version 5.0 builds on the solid foundation Nessus has established for quality and accuracy, and now makes it easier and faster to install and use.”

Download Nessus 5.0 vulnerability scanner

Hilding Arrehed, Director Worldwide Professional Services at ActivIdentit has come up with some suggestions on how is possible to combine advanced security technologies of today to create an online banking security system that gives strong protection, and in the same time is maintaining high convenience and access to as many services as you want to make available:

• At the time of log in, let customers choose which authentication method to use based on what they intend to use the service for.
• Give customers the option to configure their own security levels.
• Let customers decide which type of device to connect from.
• Integrate the online banking system and its security with your other operations to give customers a consistent sense of your approach to security.
• Let customers use the same security credential as they use for online banking when they access other bank services.
• Give customers good support the way they want it. Through FAQ on the website, online chat, telephone, email, face to face or by letter.

A typical stereotype in online banking security is that everything hoovers around the securely authenticated access account.

Based on his experience with successful online banks, Arrehed says banks have done just that and he shares a few recommendations they gave:

Make it as easy as possible. Only ask for transaction signing when money is transferred to accounts other than the customers’ own accounts and allow transactions to be batched.

Use a secure but risk-appropriate technology to carry out the transaction signing. Smart cards, tokens, soft tokens and SMS text messages are all good ways to provide electronic transaction signing.

Make sure that it is clear to the user what is being electronically signed. This is to prevent the risk of man-in-the-middle attacks which is particularly important now given the recent attacks on trusted Certificate Authority providers and hacks of the session in online banking security protocol mechanisms (SSL/TLS) used by our web browsers.

Store the transaction data including the customer’s electronic signature in a secure tamper-evident audit database for archiving purposes. It can be very useful to be able to prove that a money transfer was correctly carried out and approved many years after it happened.

Arrehed concludes: “Every bank obviously has its own advantages, challenges and security needs. Your online banking security solution, including authentication and money transfer approval mechanisms, therefore needs to be specifically defined to meet those needs.”

We hope that you have found this article about online banking security interesting and of use.

Abine has released Do Not Track Plus, this is a download free online privacy tool DNT+ that makes it easy for everybody to see whether they’re being tracked online and stop this profiling by social networks, large advertisers, and data collection companies, including Google and Facebook.

After installation, download free online privacy tool DNT+ blocks hundreds of trackers that collect, use, and sell consumers’ personal information. If you download free online privacy tool, this will work seamlessly with all major browsers, including Internet Explorer, Firefox, Chrome, and Safari. It stops tracking across hundreds of websites, including those with whom consumers share most of their personal information.

DNT+ can even increase website loading by up to four times, and allows consumers to see who is tracking them every each website they visit with a simple numbered icon in the corner of their browser window.

Consumers can select to block or allow the tracking at the individual website level. By doing so, consumers become in control of informations while shopping, playing games, socializing, and more, and prevent real problems that can occur from profiling such as identity theft, reduced credit score ratings, and loss of employment.

The average web consumer is tracked by more than 100 technologies every day. While using the Download free online privacy tool DNT+, you can:

• Stop advertisers from knowing everything they do online, including site visits, shopping interests, hobbies, clicks, and geographic location
• See how they’re being tracked on millions of websites
• Block a growing list of 580 different tracking technologies and more than 200 tracking companies
• Improve web page load times by up to 4x
• Block social tracking while still being able to voluntarily use social-sharing buttons, a feature that’s exclusive to DNT+
• Keep a running count of who’s tracking them with DNT+’s block counter
• Browse in true privacy, far beyond what built-in “private browsing modes” offer.

Download free online privacy tool DNT+

“The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach,” shared Peleus Uhley, Adobe’ platform security strategist.

This Flashplayer sandbox for Firefox is customized to protect the browser from attacks exploiting Flash vulnerabilities, and the Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7. This is what Flashplayer sandbox for Firefox is all about.

“Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits. For example, since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X,” says Uhley, and added that the final Flashplayer sandbox for Firefox version is due to be released later this year.

Firefox is the first browser that Adobe engineers took into consideration for developing a sandboxed version of Flash, as Google’s developers did the implementation for Chrome.

This study analyzes a random sampling of 2,884 active Facebook accounts in order to spot the differences between average real user accounts and fake accounts that are forged by hackers and spammers.

Highlighted findings from the Barracuda Labs study include:

• Almost 60 percent of fake accounts claim to be bisexual, 10 times more than real users
• Fake accounts have six times more friends than real users, 726 versus 130
• Fake accounts use photo tags over 100 times more than real users, 136 tags per four photos versus one tag per four photos
• Fake facebook profiles almost always (97 percent) claim to be female, as opposed to 40 percent for real users.

“Likes, News Feeds and Apps have helped lead Facebook to its social network dominance and now attackers are harnessing those same features to efficiently scale their efforts,” explained Dr. Paul Judge, chief research officer at Barracuda Networks. “These fake profiles and apps give attackers a long-lived path to continuously present malicious links to innocent users.

“Also, researchers have shown how friending malicious accounts can lead to account takeover using Facebook’s trusted friend account recovery,” Judge continued. “We have analyzed thousands of fake accounts to determine features and patterns that distinguish them from real users, and created a feature-based heuristic engine to distinguish real users from fake facebook profiles.”

The study also analyzed data collected from Barracuda Profile Protector, a free tool that analyzes and blocks malicious activity on Facebook and Twitter, along with public data collected from streams and network crawling to demonstrate how users typically operate.

This study shows how attacks on Facebook are structured to exploit the “friendship” concept and trust of widely-used applications. A variety of machine learning techniques are used to analyze shared URLs, profile images, profile information, and connections with other users to reveal associations, weak and strong, between malicious users that use fake facebook profiles.

Thanks to what we know so far, I think it was a mistake, but if you’re looking to blame Symantec, you won’t find that person here. It seems that the detection, in fact, was a new release of an ad platform, created to allow Android developers to earn money from their apps… not a Trojan, designed to steal information or turn the victim’s device into part of an Android botnet.

That can be an easy mistake. The old versions, which was probably also innocent, had some features, such as the possibility to download extra modules. So this must be the reason they were mistaken with a  Trojan in the first place, and I think that this feature was removed in this release. The code probably was similar enough and it triggered Symantec’s fuzzy signatures, and made them suspicious.

This is how an Android infected apps looks today:

Because there were a lots of apps targeted as a  Trojan, the numbers could have been estimated much higher.

The problem is how to precisely say if these apps are in fact Trojans. Viruses and worms are easy to spot, because they spread by themselves. If you notice a  code its spreading by itself, it’s a virus. With a Trojan on the other hand there are only three ways to tell it is a Trojan:

1. You have to see it is doing something it shouldn’t, such as hooking keystrokes, sending premium SMS texts, or downloading other modules without having permission, or
2. Reverse the code enough so it is clear that it carries code that might do something it was not suppose to, or
3. The antivirus scanner tells you it’s malicious.

The first one is hard, and second one is really hard. Number three is easy, but it can be easily become a mistake.

When you have hundreds of thousands of apps, coming from all over the world, from any one of numerous and unknown developers, it’s just plain hard to figure out when something has crossed the line from aggressive advertising to outright maliciousness and to spot android infected apps.

What this all means is that, on this occasion, there is probably nothing to worry about, but that doesn’t mean that nothing will ever happen.

Unlike iPhone and BlackBerry, Android is essentially a decentralized distribution model. Google tries to control the official marketplace, but users can download apps from anywhere. There are entirely too many “alternative” markets and warez sites (copyrighted works distributed without fees or royalties) that offer “free” versions of commercial software. What most people don’t realize is that Android apps are just zip files, and it is really easy to unzip, add some Trojan code, re-zip it, and stick it out on a warez site, masquerading as a legitimate copy of the original app in order to be hard for detection of android infected apps.

On top of all that, the Android development platform is cheap and well understood. Twenty-five years of virus history has shown “cheap” and “well understood” are two of the necessary requirements for a platform to have viruses. Put another way, lots of computing platforms, including mainframes, could have had viruses, except that they didn’t fulfill those two requirements.

Android is a wonderful, useful and exciting platform, but it turns out that it’s a really good idea to only download your apps from well-known companies in order to stay away from android infected apps.

451 Research, published an all-encompassing document highlighting the most disruptive and significant trends that the analyst firm expects to dominate and drive the enterprise IT industry agenda over the approaching year.

Key findings of the document include Significant 2012 IT trends:

Virtualization becomes mission-critical – Virtualization is evolving from a cost-effective extension to development & test-lab resources in to a platform for mission-critical applications in production.

Enterprise cloud adoption moves from the playground to production – In 2012, cloud services will compete more aggressively with IT departments. There is an ideal storm of economic, technological & operational conditions in play that make cloud adoption inevitable.

Cloud security questions linger – “Cloud security” is still predicated on a one-enterprise view (whether it be the view from the customer side or the provider side), & although there’s tools being adapted for the virtualized surroundings, vendors are only slowly working out how to scale in a multi-tenant fashion that takes in to consideration the fact that an enterprise will seldom use cloud.

Cloud drives agenda & consolidation in hosting – They expect to see continued consolidation in hosting in the work of 2012, in Europe. Smaller players will be swallowed up by larger peers, or by telcos & SIs looking to build up their portfolios.

Mobile apps to drive the enterprise in 2012 – IT’s focus on mobility for voice & messaging is coming to an finish. More organizations will build or buy mobile apps, generating the necessity for mobile security & mobile application lifecycle management across the whole tool & platform landscape.

Modularity drives the 2012 datacenter agenda – They expect the great majority of new datacenters to be highly modular in design, tightly integrated and pre-configured before actual construction or delivery. This will disrupt datacenter supply chains as suppliers and service companies seek new partnerships and routes to market.

Innovation returns to the systems world – Pre-integrated converged infrastructure, specialized application appliances and high-density blades for server farms using low-power processors will all play an increasing role, for midsized organizations as they look to squeeze more value from virtualization as this are some significant 2012 IT trends

Storage spotlight focuses on efficiency – Continued information growth and a persistent tight spending surroundings will place more emphasis on efficiency than ever before, which will open opportunities for innovative approaches. The emergence of solid-state technologies will stay the Significant 2012 IT trends.

Shift to software-defined networking accelerates – Software-defined networking will have a dramatic impact on the way in which datacenter and service-provider networks are built. There won’t be any sizable production networks jogging OpenFlow in 2012, but its implications are causing ripples in the strategies of traditional networking vendors, swelling the ranks of new networking startups and making a tide of new approaches to networking hardware.

Information, information in every single place – cloud to IT’s rescue? – In 2012 the focus will be on making information more obtainable by mobile and cloud strategies, without sacrificing governance goals. IT will must meet the needs of business users with mobile devices (and Apple iPads ) or take the risk that those users will go on their own to consumer services in lieu.

Questioning the worth of “big data” – Sizable information will continue to be a hot topic, but the focus will shift from volume, variety and velocity to the all-important endgame of deriving value from information – what they term “Total Information.”

(Some) clarity emerges in Eco-IT – Energy management will continue to gain ground as the point of interest of eco-efficient IT, and will slowly but surely move up the priority lists of C-suite executives and Significant 2012 IT trends.

In this month you can read about the following topics:

• Securing Android: Think outside the box
• Interview with Joe Sullivan, CSO at Facebook
• White hat shellcode: Not for exploits
• Using mobile device management for risk mitigation in a heterogeneous environment
• Metasploit: The future of penetration testing with HD Moore
• Using and extending the Vega open source web security platform
• Next-generation policies: Managing the human factor in security

Download Insecure Magazine Issue 33 – February 2012

The group said a campaign dubbed “#OpIreland” & mounted DDoS assaults against the sites of the aforementioned politician & junior minister Seán Sherlock, & the Departments of Finance & Justice last week, downing them for some time.

After this “warning shot”, last night the hackers turned their sights towards various sites tun by the Department of Foreign Affairs, but this time they took it on themselves to do more damage.

According to The Journal, 17 of the 19 compromised accounts belong to staff of the Department of Foreign Affairs, while the remaining are used by the company that designed the site.

The assault resulted in the breach of the servers hosting the site and the theft and later publication on Pastebin of account and login details and personal knowledge of 19 users of the Irish Aid web-site, the government’s aid programme for developing countries.

A spokesman for the Department of Foreign Affairs confirmed the breach but said that other servers belonging to the Department were not compromised. The Irish Aid web-site is still down as the Department’s IT specialists are inquiring in to the matter.

“A fast look at those passwords shows that despite repeated warnings users still use insecure passwords,” pointed out Brian Honan, the founder and head of Ireland’s first CERT team and owner of BH Consulting. “Three of the accounts had ‘password’ as their password with other being more advanced at having ‘password1′. So clearly some user schooling needs to be done for those users or better options to authorize users are needed.”

“But before they start pointing fingers at the Department of Foerign Affairs and the weak passwords of those users, they ought to not forget that they are the victim of this assault,” says Honan. “There are no winners in this particular situation but I urge people to view it with a clear head and recognize that no matter what vulnerabilities were used to breach the net site, the Department and the affected users are victims of a crime.”

Also attacked last night was the net site of Sherlock’s Labour party, but except being made inaccessible for some time in the work of the night, the organization sustained no other destroy.