Blog This: » Make this an open source Christmas | Open Source | ZDNet.com

Blog This: » Make this an open source Christmas Open Source ZDNet.com

Make this an open source Christmas by ZDNet's Dana Blankenhorn -- Don't think of this as just a Christmas gift. Follow-up. Make certain this new account is serviced. See to it that workers there are trained, and that they train others. Toss in some old books on computer programming, either from your own library or from others.

Trackback URL for his post: http://blogs.zdnet.com/open-source/wp-trackback.php?p=857

Yesterday, I installed Ubuntu (Dapper Drake) in an old Dell Optiplex that had a 10 Gig hard drive and 256 Megs of Ram. My state representative Monique D.Davis bought about twenty of these boxes from a suburban Chicago School that was upgrading its network so the OS had already been removed. Some of them only have 128 Megs, so I'll either have to go with an older version of Ubuntu or use a different distribution, but I really like Drake. Haven't tried the Eft but I've put in an order for the disks at http://shipit.ubuntu.org. I'm going to have to either do a lot of downloading or use GParted and do some imaging, since for reasons unknown my last order for disks was cancelled. Maybe I should hace used the community center's address, but I had no problems ordering to my home the first time around.

Security Watch from PC Magazine - Dealing With Downloaders

Security Watch from PC Magazine - Dealing With Downloaders:

"Downloaders are very simple programs that do nothing harmful directly by themselves. Instead, they go out to other sites and download a second payload and execute it."

This article is a cautionary tale and a must read for anyone responsible for a network or server.

http://www.pcmag.com/article2/0,1895,2061213,00.asp

Dark Reading - Desktop Security - The Ten Most Dangerous Things Users Do Online - Security News Analysis

Dark Reading - Desktop Security - The Ten Most Dangerous Things Users Do Online - Security News Analysis:

"No matter how many times they train them, no matter how many classes they hold, most IT professionals still watch helplessly as end users introduce new malware because they 'just couldn’t resist looking at the attachment.' Security pros cringe as their users download software for personal use, turn off firewalls to speed up a connection, or leave their passwords stuck to their laptops.

Wouldn’t it be nice if you could give end users a list of the most dangerous things they do online every day, and then tell them why those activities are particularly risky?"

Contents:

• Page 2: Clicking on email attachments from unknown senders
• Page 3: Installing unauthorized applications
• Page 4: Turning off or disabling automated security tools
• Page 5: Opening HTML or plain-text messages from unknown senders
• Page 6: Surfing gambling, porn, or other legally-risky Websites
• Page 7: Giving out passwords, tokens, or smart cards
• Page 8: Random surfing of unknown, untrusted Websites
• Page 9: Attaching to an unknown, untrustworthy WiFi network
• Page 10: Filling out Web scripts, forms, or registration pages
• Page 11: Participating in chat rooms or social networking sites

http://www.darkreading.com/document.asp?doc_id=107771

from Security Watch in PC Magazine - Change the Privileges of an Application

Security Watch from PC Magazine - Security Tips Galore: "Change the Privileges of an Application"

"From a security standpoint, running with your user privileges as low as possible is always best. On the other hand, running as an Administrator is especially bad. But even if you supervise a network and need to do much of your work logged in as an administrator, you still shouldn't run certain dangerous applications—most prominently Internet Explorer—as Administrator.

You can drop the privileges for such applications, though, using a capability that is new in Windows XP and Windows Server 2003, but not exposed in the user interface. A Microsoft Engineer has written a program to expose the facility and also penned an explanation in his article "Browsing the Web and Reading E-mail Safely as an Administrator".

Download and install the DropMyRights.msi file, which will install both the dropmyrights.exe program, and its source code on your system"

Dropmyrights.exe is a command-line utility that takes the program you want run as its first argument. The second argument is 'N,' 'C,' or 'U.' These correspond to Normal user (the default), Constrained user, and Untrusted user. For example:

DropMyRights.exe "c:\Program Files\Internet Explorer\iexplore.exe" c

runs Internet Explorer as a constrained user. For convenience, you can create a Windows shortcut that executes the command line and give the shortcut a descriptive name like "Internet Explorer (Constrained)." You'll find details about what these user levels mean in the Microsoft article.

Voice Extention Via Internet Protocol

I only pay a dollar a month for long distance, so I haven't given up my long distance carrier. I need my landline for DSL, but, the day naked DSL comes to Chicago, I'll have to give it serious consideration.

I used to limit my long distance calls to Sundays when the rates were lowest. Then I got Skype and made calls when
I needed to talk at just 2¢s ($.02) per minute. Now I call whenever I feel like talking to anyone in the U.S or Canada, at least until December.

I make most of my calls from my laptop. It's not as convenient as a cellphone, but it works for me. Just try taking notes and doing research, while recording the call from a cell.

Googles GTalk just added voicemail capability and it works. You can send voice messages to any Gmail account whether or not they have the GTalk client. The only problem I have with it is that there isn't a Mac client, so if your in a mixed (Mac/PC) relationship you can text chat, but only one of you can send voicemail.

Yes, I know Skype offers voicemail and has clients for both platforms, but Skype's voicemail isn't free and Gmail is everywhere.

Between the two platforms even a whisper can be heard around the world.

From VARBusiness | Phishers Snare Victims With VoIP

VARBusiness Security, Convergence News Phishers Snare Victims With VoIP: "By Antone Gonsalves, TechWeb.com
Tue. Apr. 25, 2006

A security firm on Tuesday reported discovering a phishing scheme in which the scammers used spam disguised as coming from a small bank in a large East Coast city, Cloudmark Inc., a messaging security firm, said. The message asked the recipient to dial a telephone number to talk with a bank representative.

The number went to an automated voice system that asked for an account number and personal identification number, or PIN, in order to access the caller's finances. The number was obtained through a regular provider of voice over Internet protocol services"

I'd say the other shoe just dropped, wouldn't you?

The scheme is the first Cloudmark has seen using Internet telephony. An investigation showed that the scammers used open-source software called Asterisk to convert a computer into aprivate branch exchange, or PBX, running an automated phone information system. The system sounds exactly like the bank's phone tree, directing callers to extensions, according to Adam J. O’Donnell, senior research scientist at Cloudmark.

He believes it's likely the phishers were using virus-infected computers that had been converted into a botnet to take calls over the Internet.

http://www.varbusiness.com/sections/news/breakingnews.jhtml?articleId=186701129

Mozilla users warned--upgrade now | Tech News on ZDNet

Mozilla users warned--upgrade now Tech News on ZDNet:
“The Computer Emergency Readiness Team (CERT) warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.

The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.

According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as critical.

CERT advises people who use Mozilla's e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.”

Is this the end of Faith-Based web browsing?

I seriously doubt it.

http://news.zdnet.com/2100-9588_22-6062713.html?tag=nl.e589

Do You Trust Yourself? - Highly Critical IE Flaw In The Wild

Security Watch from PC Magazine - Highly Critical IE Flaw In The Wild:

"Executive Summary
Name: Critical IE Flaw: 'Vulnerability in the Way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution'
Affects: All Internet Explorer versions on all current versions of Windows

Security researchers have found and publicized a vulnerability in all current versions of Internet Explorer on Windows. The vulnerability in the handling of the 'createTextRange()' method call applied on a radio button control is easily exploitable. Exploits are already circulating and by this past weekend, malicious Web sites began to appear to compromise computers through it.

Microsoft has announced that they are testing a patch for the vulnerability. At present it is scheduled to be released on the next regularly scheduled patch day, April 11, 2006, but the company will consider an earlier release if circumstances warrant. Such circumstances would probably involve widespread exploitation."

Do you trust your own judgement?

Do you run everything in administrator mode?

Do you feel lucky?

If you trust yourself, set Active Scripting to prompt. If you click first and ask questions later, set it to disable.

This vulnerability cannot be spread through HTML e-mail except through very old versions of e-mail clients which have not been patched in at least 5 years. Current Internet Explorer-based mail clients default to a model where scripting is blocked in all messages unless this setting is changed by the user.

To be exploited, the user would have to visit an affected Web page using Internet Explorer or an IE-based application. It is likely that many of the users who will be affected by this flaw have adware on their systems which will serve them advertisements containing the flaw. Such users, already compromised by the adware, are especially vulnerable to further attacks.

Consider the fact that this zero day exploit can turn your machine into somebody else's machine…!

http://www.pcmag.com/article2/0,1895,1943175,00.asp

VM Rootkits: The Next Big Threat?

VM Rootkits: The Next Big Threat?: "By Ryan Naraine
Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.

The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.

Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK.

…

Today, anti-rootkit clean-up tools compare registry and file system API discrepancies to check for the presence of user-mode or kernel-mode rootkits, but this tactic is useless if the rootkit stores malware in a place that cannot be scanned.

"We used our proof-of concept [rootkits] to subvert Windows XP and Linux target systems and implemented four example malicious services," the researchers wrote in a technical paper describing the attack scenario.

"[We] assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits," said the paper, which is co-written by researchers from the University of Michigan.

Stealth rootkits are bombarding Windows XP SP2 systems. Click here to read more.

A virtual machine is one instance of an operating system running between the hardware and the "guest" operating system. Because the VM sits on the lower layer of the operating system, it is able to control the upper layers in a stealthy way.

"[T]he side that controls the lower layer in the system has a fundamental advantage in the arms race between attackers and defenders," the researchers said.

"If the defender's security service occupies a lower layer than the malware, then that security service should be able to detect, contain and remove the malware. Conversely, if the malware occupies a lower layer than the security service, then the malware should be able to evade the security service and manipulate its execution."

The group said the SubVirt project implemented VM-based rootkits on two platforms—Linux/VMWare and Windows/VirtualPC—and was able to write malicious services without detection.

The paper describes how easy it is to get the VM-based malware on a target system.

For example, a code execution flaw could be exploited to gain root or administrator rights to manipulate the system boot sequence.

Once the rootkit is installed, it can use a separate attack operating system to deploy malware that is invisible from the perspective of the target operating system.

"Any code running within an attack OS is effectively invisible. The ability to run invisible malicious services in an attack OS gives intruders the freedom to use user-mode code with less fear of detection," the researchers said.

The group used the prototype rootkits to develop four malicious services—a phishing Web server, a keystroke logger, a service that scans the target file system for sensitive information and a defense countermeasure to defeat existing VM-detection systems.

The researchers also used the VM-based rootkits to control the way the target reboots. It could also be used to emulate system shutdowns and system sleep states.

While the prototype rootkits are theoretically offensive in nature, the researchers also discussed ways to defend against malicious use of VM. "

http://www.eweek.com/print_article2/0,1217,a=173285,00.asp

Apple Fixes Eight QuickTime Bugs

ChannelWeb Executive Briefing:

"'Most IT departments probably saw Apple's security update and thought 'that's a consumer application, I don't have to worry about security policies for that,'' said Marc Maiffret, co-founder of eEye and its chief hacking officer, in a statement. 'Those IT departments would be mistaken. There are few people that have not seen a co-worker with an iPod wandering the halls of their organization, and those iPods probably mean iTunes is on your network.'"

The bugs in QuickTime, Apple revealed in a security advisory, are in how the player parses a number of image file formats, including .gif, .tif, and .tga, as well as in other media file formats. Attackers who craft special files, and deliver those files to unsuspecting users, could trigger integer or heap buffer overflows, crash the computer and/or run code of their own choosing.

In response, Apple has posted QuickTime 7.0.4 for Mac OS X 10.3.9 and later, and Windows 2000 and XP. The update can be downloaded and installed via Software Update for Mac OS X users, or from this page for Windows users.

http://www.channelweb.com/nl/execbriefing/showArticle.jhtml?sssdmh=dm4.163137&articleId=175803624

The Sky is Not Falling

Wait for Windows patch opens attack window Tech News on ZDNet:
"A serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won't deliver a fix until next week.

That could be too late, security experts said. The vulnerability, which lies in the way the operating system renders Windows Meta File images, could infect a PC if the victim simply visits a Web site that contains a malicious image file. Consumers and businesses face a serious risk until it's fixed, experts said.

"This vulnerability is rising in popularity among hackers, and it is simple to exploit," said Sam Curry, a vice president at security vendor Computer Associates International. "This has to be taken very seriously, and time is of the essence. A patch coming out as soon as possible is the responsible thing to do."

Microsoft has come under fire in the past for the way it releases security patches. The company has responded in the past by instituting a monthly patching program, so system administrators could plan for the updates. Critics contend that in high-urgency cases such as the WMF flaw, Microsoft should release a fix outside of its monthly schedule.

Details on the WMF security problem were publicly reported last week. Since then, a number of attacks that take advantage of the flaw have surfaced, including thousands of malicious Web sites, Trojan horses and at least one instant messaging worm, according to security reports.

More than a million PCs have already been compromised, said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. He has found a hidden Web site that shows how many copies of a program that installs malicious software have been delivered to vulnerable PCs.

Microsoft has said that a patch will not be made available until Jan. 10, its next official patch release day. That delay could provide an opportunity for attackers, security provider Symantec said on Tuesday. "

The sky is not falling. Most major antivirus programs detect and block this vulnerability. The file has to be opened and it isn't a standard file the browser automatcally opens.

from <http://www.eweek.com/article2/0,1895,1907131,00.asp>
AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. Products from the following companies have identified all 73:

• Alwil Software (Avast)
• Softwin (BitDefender)
• ClamAV
• F-Secure Inc.
• Fortinet Inc.
• McAfee Inc.
• ESET (Nod32)
• Panda Software
• Sophos Plc
• Symantec Corp.
• Trend Micro Inc.
• VirusBuster

There are work arounds and commonsense that can keep you safe until patch Tuesday, but nothing can protect you from your own bad habits. We've got to stop clicking on links when we don't know the consequences. When in doubt, click the close button.

http://news.zdnet.com/2100-1009_22-6016747.html?tag=nl.e539