Crypto-Gram: July 15, 2004

Crypto-Gram: July 15, 2004:
"

• Due Process and Security


• Security Notes from All Over: X-Ray Machines and Building Security


• Cryptographers and U.S. Immigration


• Crypto-Gram Reprints


• Security and Portable Storage Devices


• News


• Counterpane News


• Security Notes from All Over: Coca-Cola and the NSA


• The Doghouse: ICS


• The CLEAR Act Does Not Help Fight Terror

"

http://www.schneier.com/crypto-gram-0407.html

Latest Bagle succeeds by sheer numbers, contacts one of 141 Web sites - News - ZDNet

Latest Bagle succeeds by sheer numbers - News - ZDNet:
"Bagle.AF arrives in e-mail as an attached file and infects computers running the Windows operating system if the user opens the file. The program attempts to halt more than 250 security applications from running on the computer, mails itself to any e-mail address it can find on the computer, and contacts one of 141 German Web sites, twice the number that a previous version of the virus contacted. The diverse Web sites have likely been compromised by online vandals, leaving behind software to record which computers have been infected by the Bagle worm.

With that information, the vandals can use the compromised computers to spread spam, or sell the information to spammers, Friedrichs said. The virus leaves open a backdoor specifically for that purpose."

http://zdnet.com.com/2100-1105_2-5271930.html

Spam grows as spammers mature - News - ZDNet

Spam grows as spammers mature - News - ZDNet:
"It's been 12 months since spam really burst into the public consciousness. Before then it had certainly been a well-publicized problem, but often only with the more tech-savvy while the wider public had far more questions than answers about strange mail appearing in their inbox.

Then last summer the level of spam passed the important watershed of the 50 percent mark--meaning more e-mail traffic was unsolicited than not. For every 100 e-mails the average user was receiving more than 50 that were offering everything from pornographic content to college diplomas.

Since shattering that 50 percent mark the level of global spam e-mail has continued to skyrocket. By most measures that figure is now somewhere around 75 percent. "

But perhaps the biggest change in the spam world has been in the types of e-mails users are seeing. According to the latest figures from Clearswift, the traditional mainstays of the inbox menace--namely pornography and more frivolous offers--are being replaced by financial services, scams and pharmaceuticals which despite the best advice of the 'don't buy from spammers' lobby still seem to have some traction in the marketplace.…

http://zdnet.com.com/2100-1105_2-5270764.html?tag=adnews

ZDNet AnchorDesk: Go MacGyver on your gadgets

Here are some favorite TechGyverisms

http://reviews-zdnet.com.com/AnchorDesk/4520-7298_16-5143156.html?tag=adss

Google Toolbar Can Browse By Name

Google Toolbar Can Browse By Name:
"The Google Toolbar's new Browse by Name feature, introduced on Wednesday, takes the concept of searching from the browser address bar and kicks it up a notch. Now, to search, you simply type the name or description of the site you're looking for. If there's a strong match, Google will go straight to that page. For example, 'new york times', 'ben and jerry', 'john kerry' and 'strong bad' all zoom directly to the appropriate page. "


When there's no single obvious match, you haven't lost anything—you still get a standard Google search results page. Browse by Name is especially useful when the URL you're searching for is not obvious. For example, Browse by Name on "Muir Woods" brings up the National Park Service's site, www.nps.gov/muwo.…

http://www.eweek.com/article2/0,1759,1623934,00.asp?kc=ewnws071504dtx1k0000599

'Important' Windows flaw could turn critical - News - ZDNet

'Important' Windows flaw could turn critical - News - ZDNet:
"Security experts are bracing themselves for a spate of new worms and viruses designed to exploit of the seven new vulnerabilities announced by Microsoft on Tuesday as part of its monthly patch cycle.

Of the new vulnerabilities, Windows Shell (MS04-024)--has been picked out by security experts as a potential target for future worms and viruses.

Ben Nagy, senior security engineer at security researcher firm eEye, said he expects the Windows Shell bug to be the most serious threat--despite Microsoft rating the problem as 'important' rather than 'critical'."

According to Microsoft, if a user is vulnerable to MS04-024 and has administrator privileges, an attacker could "take complete control of the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges."

However, the flaw is not rated as critical because it would require "significant user interaction" to work. This means that a user would need to open an e-mail attachment, or download a file from a malicious Web site.

Richard Starnes, president of security industry group ISSA UK, said that malware writers usually reverse-engineer Microsoft's patches in order to produce exploits. Based on his on experience of previous threats, he expects the first batch of new exploit codes to be available as early as next week. These would probably be used to create a worm delivered as an email attachment.…

http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx

http://zdnet.com.com/2100-1105-5268989.html

MS Security Bulletin MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution

Microsoft Security Bulletin MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873):
"This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.…"

http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx

MS Security Bulletin MS04-023: Vulnerability in HTML Help Could Allow Code Execution

Microsoft Security Bulletin MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315):
"This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.

If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.…"

http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx

Defensive Perimeter, The Top 10 Best Security Tools:

Defensive Perimeter:
"You may not don battle gear, but switch on an Internet-connected PC, and you've stepped into a war zone where countless insurgents relentlessly pound your system, looking for ways in. 'Keep Your PC Safe', part of the comprehensive new Security Special on our Security Watch page, provides the Special Forces training you need to prevail. As backup, in this roundup we've stockpiled reviews of the products recommended in that PC combat manual."

http://www.pcmag.com/article2/0,1759,1618645,00.asp

http://www.pcmag.com/category2/0,1738,12,00.asp

http://www.pcmag.com/article2/0,1759,1621759,00.asp

Troubleshooting Windows XP, Tweaks and Fixes for Windows XP

Troubleshooting Windows XP, Tweaks and Fixes for Windows XP:
"To use the Regedits: Save the REG File to your hard disk. Double click it and answer yes to the import prompt. REG files can be viewed in Notepad by right clicking on the file and selecting Edit.…"

http://www.kellys-korner-xp.com/xp_tweaks.htm

Anti-Phishing Working Group

Anti-Phishing Working Group:
"What is Phishing?

Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them."

http://www.antiphishing.org/

Atak, The latest mass-mailing Worm sleeps to avoid detection - News - ZDNet

Worm sleeps to avoid detection - News - ZDNet:
"The latest mass-mailing worm, Atak, hides by going to sleep when it suspects that antivirus software is trying to detect it.

Atak was first discovered Monday. Although antivirus companies do not expect it to cause much damage, they say it will be a nuisance because it can generate a large amount of spam.…"

"Atak tries to tell when someone is stepping through the code to analyze whether it is a virus or not. Often, a virus will contain lots of code that is designed to make it more complicated for (antivirus) companies to write the detections,"Graham Cluley, senior technology consultant for antivirus company Sophos said.…

http://zdnet.com.com/2100-1105-5267258.html

Lovgate.ad prevention and cure - ZDNet: Reviews

Lovgate.ad prevention and cure - ZDNet: Reviews:
"Lovgate.ad is the latest variation of a known mass-mailing worm family that includes a backdoor Trojan horse and, this time, overwrites several key Windows files, including executables files ending with .exe. While Lovgate.ad (w32.Lovgate.ad@mm, also known by some antivirus software vendors as Lovgate.ab, Lovgate.ae, Lovgate.ah, Lovgate.ao) doesn't destroy personal data, it will destroy access to the applications that run the data. Restoration from a backup utility after removal of the worm is required. Mac, Linux, and Unix users are not affected. At this time, Lovgate.ad is spreading slowly via e-mail, network-shared files, and network connections still vulnerable to the flaw that allowed the MSBlast worm to spread last summer. Because Lovgate.ad contains a variety of ways in which to spread and could damage system files, this worm rates a 6 on the CNET/ZDNet Virus Meter.…"

http://reviews-zdnet.com.com/4520-6600_16-5143031.html

FCC chief blogs to tech industry - News - ZDNet

FCC chief blogs to tech industry - News - ZDNet:
"WASHINGTON--U.S. Federal Communications Commission Chairman Michael Powell has started his own Web log, or blog, to reach out to the high-tech community and bypass the scores of Washington lobbyists who typically skulk around his office.

Powell, who wants to avoid regulating new technologies like Web-based telephone service for fear of stifling innovation, said he started the blog to encourage the high-tech industry to get involved because its past practice of flying under the radar to avoid regulations would no longer work.

'Regulated interests have about an 80-year head start on the entrepreneurial tech community when it comes to informing regulators what they want and need, but if anyone can make up for that, Silicon Valley can,' he said in his first blog comments posted Thursday morning.…"

http://www.alwayson-network.com/comments.php?id=4860_0_3_0_C

http://zdnet.com.com/2100-1103_2-5264405.html