Binarycse Blog

Symantec will launch its new Norton internet security software for Android based smart phones, which would provide a better, faster and safer online browsing experience.Apart from restricting the opportunity for cyber criminals, Norton Connect has been providing services to iPhone and Android users, access to files backed up using Norton Online Backup, reports Rajni Sharma from Infocera.com.The product will be refreshed by the company and made more magnificent while releasing Beta in June.

Simulatanously, a Beta version of Norton for Android with features like scanning for bogus apps, remote wipe and lock and caller blocking will be released. the Smartphone quickly recover files and folders or complete Windows systems in case of a system failure as the suite includes backup and recovery option.Download is for free for a certain trial period. This software will protect the system form all type of cyber attacks and users can experience safer and faster online browsing experienceSymantec will combine consumer security, back up and infrastructure technologies to deliver the products to consumers in new ways. The company plans to launch Norton Smartphone Security for Android Beta, Norton Connect Beta and North DNS BetaThe company is focusing on smartphones as the market is expected to continue to grow well into 2011. With this growth comes the need for security applications to meet the needs of the market. Symantec intends to launch the security products over the next few months.

According to the Symantec Internet Security Threat Report, India is one of leading countries featuring in malicious activities. India is placed at the 5th position just behind USA, China, Brazil and Germany. The report consists of around 100 pages, includes Executive Summary, and Highlights pages.

In India, Mumbai was found to indulge in largest malicious activity, which is just behind Delhi and Hyderabad. India was also found to serve 788 malicious bots (automated entity) per day during 2009, which resulted in 62,623 distinct bot-infected computers.

The Symantec Internet Security Threat Report releases its annual overview including the analysis of internet threat activity, malicious code, spams and phishing. In addition,it suggests preventive measures that you can implement for extra protection and security.

This time the report certainly takes to the conclusion that the emerging countries are a big victim. For example the report clearly clarifies the deep indulge in malicious activity of Brazil and India. The more developed countries like China seems to be much more aware regarding the Internet.

Targeted attacks like the “Aurora” incident, which led to conflict between Google and China stands on top as far as malicious activity is concerned. In addition, there were significant hacking attacks to retrieve personal information. The report claims that about 60% of exposed identities resulted due to hacking attacks. One of it included a single successful attack against a credit card processor.

Among the sites, Internet Explorer and Adobe Reader were the major victims of web attacks. There has been a sudden growth in PDF attacks from 11% of attacks in 2008 to 49% in 2009.
Symantec thus wants the highly affected nations to go for policies that are more serious on cyber security.

The laptop gives freedom and access anywhere to the employees, unless this freedom is tempered with responsibility business organizations stand to lose secure data. Lap top security software must be installed in all the laptops and employees must be educated on the proper use of security measures.
Employees with Laptop can cause Critical Data to Leak
Many business executives now work with laptops that give them the convenience of portable connectivity. Filing of reports and keeping track of sales targets and personnel has become simple with laptops. However, on the flip side it also increases the risk of data leakage. Unless the employees take computer laptop security wireless issues seriously there are bound to be security issues sooner than later. Let us see how usage of laptop computers compromises Internet data security
Downloading Unrelated Work Programs
The employees, who are provided with laptop systems, will have privacy. That makes it convenient to download any information from the Internet. Along with downloading software, it is possible to inadvertently allow network spyware detection / adware and other malicious software to be downloaded. Moreover download of p2p programs and instant-messaging programs also increases the risk of spyware infection. Once Spyware infects laptops, it is very difficult to clear them. By the time you identify and clear it, the spyware would have already transmitted sensitive data elsewhere.
Providing The Laptop To Outside People
Another way in which laptops could pose a security threat is usage of laptops by people outside the work circle. First step in computer laptop security is it should never leave the hands of the executive with whom it is entrusted. It is also better to create a password to restrict access to laptops by unauthorized personnel within or outside the organization. Providing open access to e-mail and files on your laptop computer to outside people are obvious security risks. Critical data like finance information, salaries, social security numbers, credit card data, tax returns etc are easy targets for identity theft.

Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences.

The researchers demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless.

These actions could happen without the owner being aware of what happened or what caused them.

“Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science in Rutgers’ School of Arts and Sciences. “So they are just as vulnerable to attack by malicious software, or ‘malware.’”

Ganapathy and computer science professor Liviu Iftode worked with three students to study a nefarious type of malware known as “rootkits.” Unlike viruses, rootkits attack the heart of a computer’s software – its operating system.

They can only be detected from outside a corrupted operating system with a specialized tool known as a virtual machine monitor, which can examine every system operation and data structure.

Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message, according to a Rutgers University press release.

In one test, the researchers showed how a rootkit could turn on a phone’s microphone without the owner knowing it happened.

In such a case, an attacker would send an invisible text message to the infected phone telling it to place a call and turn on the microphone, such as when the phone’s owner is in a meeting and the attacker wants to eavesdrop.

In another test, they demonstrated a rootkit that responds to a text query for the phone’s location as furnished by its GPS receiver. This would enable an attacker to track the owner’s whereabouts.

Cisco Systems Inc. has issued three security patches to fix bugs that could crash its products and is drawing a warning from the SANS Internet Storm Center.

The updates, issued Wednesday, fix denial-of-service bugs in the SSH (Secure Shell) software in Cisco’s Internetworking Operating System (IOS), which is used to power its routers, and in the Cisco Service Control Engine, which provides carrier-grade networking services.

Cisco has also patched a privilege-escalation vulnerability in its Voice Portal automated telephone customer service software.

In its security advisories, Cisco said that all of the bugs had been discovered by its own researchers, but SANS warned that researchers are likely reverse-engineering the patches and may release exploit code publicly.

These particular updates are getting extra attention from the security community, which is now closely investigating how malicious software might work on IOS, an operating system that has largely evaded serious scrutiny. On Thursday, for example, Core Security Technologies analyst Sebastian Muniz is slated to give a widely anticipated presentation on a Cisco rootkit he calls the DIK (for “da IOS rootkit”) at the EuSecWest Applied Security Conference in London.

Cisco recently changed its software update policy, saying it will now issue IOS patches only in March and September each year, unless forced to rush out a fix for serious bugs that are publicly disclosed or actively exploited. On Wednesday, a Cisco spokesman couldn’t immediately say whether his company considered the IOS patch, which fixes a flaw in the SSH server, an out-of-cycle update.

But Core Chief Technology Officer Ivan Arce said that Cisco’s SSH bug fix is not connected to his company’s rootkit presentation. “It is more likely that this is related to an ongoing distributed SSH brute-forcing attack that a few people reported in the incidents mailing list last week,” he said in an e-mail interview.

The SSH server is used by administers to remotely log into a router using encryption. Bugs in the software could let an attacker repeatedly reload the device or access “spurious” parts of the router’s memory and could be used to disable the hardware in a denial-of-service attack, Cisco said.

“While the ‘Exploitation and Public Announcements’ portion of all three advisories states that the [vulnerabilities] were discovered in-house, it’s a pretty safe bet that a fair number of security researchers are feverishly reverse-engineering the updates to develop exploits,” wrote SANS Internet Storm Center contributor George Bakos in a blog posting.

“Anytime we see a ‘spurious memory access’ leading to a denial of service, thoughts immediately go to arbitrary code execution. There is no evidence that this is possible, but in light of the recent work in IOS rootkits, [vulnerabilities] in Cisco devices should not be taken lightly,” he wrote.

Description
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle compressed media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

Technologies Affected
Microsoft DirectX 8.1
Microsoft DirectX 9.0
Microsoft DirectX 9.0 a
Microsoft DirectX 9.0 c
Microsoft DirectX 9.0 b

Recommendations
Run all software as a nonprivileged user with minimal access rights.
To limit the potential damage that a successful exploit may achieve, run all nonadministrative software as a regular user with the least amount of privileges required to successfully operate.
Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.

The vendor has released an advisory along with fixes. Please see the references for details.

References
Source: Microsoft Security Bulletin MS09-011
URL: http://www.microsoft.com/technet/security/Bulletin/MS09-011.mspx

Source: Microsoft DirectX Homepage
URL: http://msdn.microsoft.com/directx/

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS). Used by many leading third party security vendors and security auditors, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.
MBSA 2.1 is now available

In order to provide support for Windows Vista, Windows Server 2008, 64-bit scan tool and vulnerability assessment check support, new Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) Microsoft Baseline Security Analyzer (MBSA) 2.1 is now available.
What is MBSA 2.1?

MBSA 2.1 is an update to MBSA 2.0.1 to provide full Windows Vista and Windows Server 2008 support, general improvements and customer-requested enhancements.
Will I notice a difference when I run MBSA 2.1?

By customer request, the automatic distribution of the latest Windows Update Agent (WUA) client to client computers scanned by MBSA has been disabled in MBSA 2.1. This may prevent MBSA from successfully scanning computers that do not have the latest WUA client installed. Administrators and security auditors will want to select the option to “Configure computers for Microsoft Update and scanning prerequisites” in order to improve security scan success.

Note: Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to MBSA 2.1.
New Features found in MBSA 2.1:

* Support for Windows Vista and Windows Server 2008
* Updated graphical user interface
* Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components
* Improved support for Windows XP Embedded platform
* Improved support for SQL Server 2005 vulnerability assessment (VA) checks
* Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature
* New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) Windows Server Update Services 2.0 and 3.0 compatibility

With the release of the bulletins for December 2008, this bulletin summary replaces the bulletin advance notification originally issued December 4, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on December 10, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the December Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

For the out-of-band security bulletin added to Version 3.0 of this bulletin summary, MS08-078, Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at 1:00 PM Pacific Time (US & Canada) and December 18, 2008, at 11:00 AM Pacific Time. Register now for the December 17 webcast and the December 18 webcast. Afterwards, these webcasts are available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates.

Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)

This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Security Update for Internet Explorer (960714)

This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Cumulative Security Update for Internet Explorer (958215)

This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)

This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.