MSN Ends Hotmail's Free Outlook Access:
"Citing a rise in spam abuse, Microsoft Corp.'s MSN division has ended free access to its Hotmail Web-based e-mail service through the Outlook and Outlook Express clients.
MSN had offered its 187 million active Hotmail users the ability to read and send e-mail through the e-mail clients rather than a Web interface using a protocol called Web-based Distributed Authoring and Versioning, or WebDAV."
But as of Monday, news users wanting to make use of WebDAV will have to pay for the service, said Brooke Richardson, product manager for MSN's communications services. MSN plans to transition current WebDAV users to subscription plans in the next few months as well.
"We really wanted to try and keep it available to customers for free," Richardson said. "[But] in the last few months we were seeing spammers going more and more after this particular protocol."
WebDAV-based spam abuse has risen following anti-spam measures over the past year, such as enforcing a 100-message daily cap and requiring the solving of proofs to open accounts, Richardson said. The latest move targets spammers who are writing automated scripts for WebDAV to send the daily maximum amount of e-mails from multiple Hotmail accounts.
Hotmail users now will have to sign up for one of two MSN Hotmail subscriptions to gain Outlook access—either MSN Hotmail Plus for $19.95 a year or MSN Premium for $99.95 a year, Richardson said.
WebDAV is a set of HTTP extensions that allows for the reading and writing of documents through the Web. MSN Hotmail was one the few Web-based e-mail services to offer free downloading of e-mail to clients, and between 5 percent and 7 percent of users signed up for it, Richardson said.
Most other services, such as Yahoo Inc.'s Mail, include it in premium offerings and use POP3 (Post Office Protocol 3).…
http://www.eweek.com/article2/0,1759,1652391,00.asp
Saturday, October 02, 2004
Friday, October 01, 2004
New Bagle Variant Raises Alarms
New Bagle Variant Raises Alarms:
"The new version is known by a variety of names: McAfee Inc. calls it Bagle.az, Trend Micro Inc. has dubbed it Bagle.AM and Symantec Corp. refers to it as Beagle.AR. All three companies have elevated the threat level for this worm because of increased submissions to their monitoring services compared with the average Bagle variant."
"The new version is known by a variety of names: McAfee Inc. calls it Bagle.az, Trend Micro Inc. has dubbed it Bagle.AM and Symantec Corp. refers to it as Beagle.AR. All three companies have elevated the threat level for this worm because of increased submissions to their monitoring services compared with the average Bagle variant."
All the major companies offer protection against the worm. Symantec also has a removal tool http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html.
Many e-mail programs, including Microsoft Outlook and Outlook Express will, in the default configuration, delete the infected executable attachment to the e-mail message in which the worm arrives.
According to Trend Micro's description http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AM, the message comes from a spoofed address. The subject line is either "Re: Hi!," "Re: Thank you!," or "Re: Thanks :)," and the message body is always ":))." The message comes with an attachment with a file name of "Joke" or "Price," which has an extension of either ".com," ".cpl," ".exe," or ".scr."
Once the user runs the executable, it drops a copy of itself in the user's Windows System folder and sets Windows to load it when the computer boots up.
The worm attempts to propagate by copying itself to shared folders for LANs and peer-to-peer networks, and through a conventional e-mail distribution using a built-in SMTP engine. It attempts to terminate a large number of security-related programs, such as anti-virus software.
http://www.eweek.com/article2/0,1759,1662430,00.aspWednesday, September 29, 2004
Security Watch Letter: Inside the JPEG Virus
Security Watch Letter: Inside the JPEG Virus:
"The end of summer lull for viruses and worms continues. We're still seeing new versions of RBots, and a new Bagle, but nothing with teeth. The big news appears to be the anticipation of a viral exploit of the JPEG vulnerability that Microsoft patched earlier this month. Within days of the release of the security bulletin, there was proof of concept code available on the web. As the exploit was analyzed by various security groups, it was found that it was similar to a four year old Netscape vulnerability reported by Openwall project.
Shortly after the initial proof of concept code was posted, some C language code was posted that would create a JPG file that starts a command prompt shell in Windows and opens a port. A hacking tool also became available that would allow anyone to create exploitable JPG files. On Monday, Easynews, a newsgroup service company reported getting the first JPG exploit virus."
Top Threat: JPEGS of Death
Executive Summary
Name: Windows GDI+ JPEG parsing vulnerability
Affects: Unpatched Windows 9x/Me/2000/XP systems, and other Microsoft Software.
What it does: Currently there is no real viral threat. A malicious JPG was reportedly found in porno newsgroups that downloads and executes a Trojan which opens a port on the victim's system if a specific JPEG file is viewed on a non-patched system. It also may crash Explorer on some systems.
How to prevent it: Apply either Windows XP SP2 update, or the MS04-028 update. Avoid downloading JPEGS from newsgroups. Update your antivirus (most if not all vendors are detecting the exploit).
Details
While no worm currently exists that uses the JPEG vulnerability, security experts are saying it is only a matter of time. For worm authors, the vulnerability may be the holy grail of infection vectors, as it can be passed through e-mail, web sites, IM, or downloaded programs. Additionally, many, many kinds of applications (and OS versions) can view JPEGS, offering innumerable paths for the malicious files. A worm with this kind of infection power could make Blaster's epidemic pale in comparison.
The first truly malicious version of the JPEG exploit showed up as a pornographic image on a newsgroup. Usenet newsgroup service Easynews.com posted an alert claiming they had found several JPEG images that, when viewed, will download a Trojan via an external FTP site. The images were found in porn newsgroups under the user name "Power-Post 2000". The alert claims that the Trojan is downloaded and executed. Currently the code does not propagate, only infecting the one machine the JPEG is viewed on. However, the Trojan could allow the victim's machine to be controlled remotely, possibly for propagation or other purposes.
Sample C source code dubbed "JPEG of death", published on K-Otik and Easynews, can be compiled to create JPEG files that create a shell (execution environment) and open and bind ports to the shell on the victim's system. Comments in the code indicate that the JPEG can also be named .BMP or .TIF and Windows will still execute the code. The comments also hint that a more dangerous worm may not be far behind.
As if the posting of C language source code isn't bad enough, iDefense reports that a utility is available to make it easier for anyone to create the files. The utility lets a hacker wannabe specify a web site, and file which is built into a specially crafted JPEG file. If the JPEG is viewed on an unpatched system, it will download and execute the file.
The vulnerability itself is a buffer overflow flaw in the JPEG parsing engine contained in the GDIPlus.DLL file. The file is used by the operating system, as well as many applications [[link to application list]]. It can be exploited by a specially crafted JPEG image. The JPEG specification allows the embedding of comments in the JPEG file. The comment sections start with a hex value of 0xFFFE to signal the start of the comment, followed by a two byte value. The value specifies the length of the comment, plus 2 bytes (for the field itself). The two byte field theoretically allows 65,533 bytes of comment data (invisible when the JPEG is viewed). If the comment field is empty, the length value must contain the minimum length, or a value of 2. (2 bytes in length). However, if a specially crafted JPEG file sets this length to a 0 or 1 (illegal values), it causes a buffer overflow condition, which overwrites memory structures in the DLL.…
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
http://www.pcmag.com/print_article/0,1761,a=136159,00.asp
"The end of summer lull for viruses and worms continues. We're still seeing new versions of RBots, and a new Bagle, but nothing with teeth. The big news appears to be the anticipation of a viral exploit of the JPEG vulnerability that Microsoft patched earlier this month. Within days of the release of the security bulletin, there was proof of concept code available on the web. As the exploit was analyzed by various security groups, it was found that it was similar to a four year old Netscape vulnerability reported by Openwall project.
Shortly after the initial proof of concept code was posted, some C language code was posted that would create a JPG file that starts a command prompt shell in Windows and opens a port. A hacking tool also became available that would allow anyone to create exploitable JPG files. On Monday, Easynews, a newsgroup service company reported getting the first JPG exploit virus."
Top Threat: JPEGS of Death
Executive Summary
Name: Windows GDI+ JPEG parsing vulnerability
Affects: Unpatched Windows 9x/Me/2000/XP systems, and other Microsoft Software.
What it does: Currently there is no real viral threat. A malicious JPG was reportedly found in porno newsgroups that downloads and executes a Trojan which opens a port on the victim's system if a specific JPEG file is viewed on a non-patched system. It also may crash Explorer on some systems.
How to prevent it: Apply either Windows XP SP2 update, or the MS04-028 update. Avoid downloading JPEGS from newsgroups. Update your antivirus (most if not all vendors are detecting the exploit).
Details
While no worm currently exists that uses the JPEG vulnerability, security experts are saying it is only a matter of time. For worm authors, the vulnerability may be the holy grail of infection vectors, as it can be passed through e-mail, web sites, IM, or downloaded programs. Additionally, many, many kinds of applications (and OS versions) can view JPEGS, offering innumerable paths for the malicious files. A worm with this kind of infection power could make Blaster's epidemic pale in comparison.
The first truly malicious version of the JPEG exploit showed up as a pornographic image on a newsgroup. Usenet newsgroup service Easynews.com posted an alert claiming they had found several JPEG images that, when viewed, will download a Trojan via an external FTP site. The images were found in porn newsgroups under the user name "Power-Post 2000". The alert claims that the Trojan is downloaded and executed. Currently the code does not propagate, only infecting the one machine the JPEG is viewed on. However, the Trojan could allow the victim's machine to be controlled remotely, possibly for propagation or other purposes.
Sample C source code dubbed "JPEG of death", published on K-Otik and Easynews, can be compiled to create JPEG files that create a shell (execution environment) and open and bind ports to the shell on the victim's system. Comments in the code indicate that the JPEG can also be named .BMP or .TIF and Windows will still execute the code. The comments also hint that a more dangerous worm may not be far behind.
As if the posting of C language source code isn't bad enough, iDefense reports that a utility is available to make it easier for anyone to create the files. The utility lets a hacker wannabe specify a web site, and file which is built into a specially crafted JPEG file. If the JPEG is viewed on an unpatched system, it will download and execute the file.
The vulnerability itself is a buffer overflow flaw in the JPEG parsing engine contained in the GDIPlus.DLL file. The file is used by the operating system, as well as many applications [[link to application list]]. It can be exploited by a specially crafted JPEG image. The JPEG specification allows the embedding of comments in the JPEG file. The comment sections start with a hex value of 0xFFFE to signal the start of the comment, followed by a two byte value. The value specifies the length of the comment, plus 2 bytes (for the field itself). The two byte field theoretically allows 65,533 bytes of comment data (invisible when the JPEG is viewed). If the comment field is empty, the length value must contain the minimum length, or a value of 2. (2 bytes in length). However, if a specially crafted JPEG file sets this length to a 0 or 1 (illegal values), it causes a buffer overflow condition, which overwrites memory structures in the DLL.…
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
http://www.pcmag.com/print_article/0,1761,a=136159,00.asp
Tuesday, September 28, 2004
Building Websites with the ASP.NET Community Starter Kit - WebReference.com-
Building Websites with the ASP.NET Community Starter Kit - WebReference.com-:
"In this chapter from Building Websites with the ASP.NET Community Starter Kit, we illustrate how easy it is to create a a complete and functional community website from scratch with a personalized look and feel."
http://www.webreference.com/programming/asp-net-com/
"In this chapter from Building Websites with the ASP.NET Community Starter Kit, we illustrate how easy it is to create a a complete and functional community website from scratch with a personalized look and feel."
http://www.webreference.com/programming/asp-net-com/
Subscribe to:
Posts (Atom)
Posts
