2010
01.16

Happy new year

Happy new year ! (I know I’m late…)

Been a busy new year for me, which is basically a continuation of how 2009 finished. Either being sick or extremely busy at work and family life. Personal projects and other testing took a back seat unfortunately.
Since I don’t have much of anything to write up, here’s part of SANS’ newsletter. One article, in m opinion, is worth reading. Skoudis’ comment is on the money. It’s too bad that the powers that be (management) probably never read this stuff…

–Zero-Day IE Flaw Used in Attacks on Google, Adobe and Others
(January 14, 2010)
Attackers exploited a zero-day vulnerability in Internet Explorer (IE)
to launch attacks on Adobe, Google and about 30 other US companies. The
flaw reportedly affects all versions of IE. Microsoft became aware of
the vulnerability on January 13 and plans to issued an advisory on
January 14. The memory corruption vulnerability allows attackers to
inject malware onto users’ computers. So far, the flaw has been
exploited only in targeted attacks. While there have been reports that
the attackers also used maliciously crafted PDF files to launch their
attacks against the companies, now it is believed that only the IE flaw
was used in the attacks.
http://www.wired.com/threatlevel/2010/01/hack-of-adob
http://www.theregister.co.uk/2010/01/14/cyber_assault_followup/
http://www.computerworld.com/s/article/9144844/Hackers_used_IE_zero_day_not_PDF_in_China_Google_attacks?source=rss_security
Microsoft advisory: http://www.microsoft.com/technet/security/advisory/979267.mspx
Storm Center: http://isc.sans.org/diary.html?storyid=7993
[Editor’s Note (Skoudis): The news this week about Google, China, and
advanced persistent threats illuminates an important change in security.
The threatscape has been shifting from cyber crime to more insidious
attacks over the past couple of years, but in a way that didn’t garner
a lot of attention. Until now. I think it’s a good thing to see folks
finally waking up to this issue, rather than pretending it doesn’t
exist.
(Honan): This vulnerability when exploited uses the same user levels as
the logged on user; maybe it is time to convince your management and
users that they do not need local administrator access.]

On another note, Kioptrix will be tapping it’s first pod-cast this evening. Must warn you, it’s in French… It’s going to be available for download soon. Bare in mind, this is our first crack at this.

As always, visit us at kioptrix.com and check out our media section and VM download section. A few things are in the works that we hope people will enjoy. Also pretty soon, I’ll be moving this blog post to it’s new home permanently.

Have a good one.
LF