IT consulting and tech support blog
New IE Zero-Day vulnerability discovered.
Published September 18, 2012
Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer, which he claims will affect fully patched versions of Microsoft Internet Explorer 7, 8 and 9.
The exploits, developed over the weekend for the Metasploit exploit toolkit, have been linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August. “Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers such as Chrome or Firefox until a security update becomes available,” a post on the Metasploit community blog said. “The exploit had already been used by malicious attackers in the wild before it was published in Metasploit.”
Microsoft is [strongly] advising all Windows users to install a free security software to protect their PCs from a newly discovered vulnerability in its Internet Explorer browser. The free security tool, called the Enhanced Mitigation Experience Toolkit (EMET), will prevent hackers from gaining access to Windows-based systems and is currently available from Microsoft here .
SPAM!!!
Published September 10, 2012
A funny video about one of the most annoying things ever…SPAM!!!
Disable Java…NOW!!!
Published September 04, 2012
Unfortunately, it appears that Java is once again unsafe. Over the weekend, the good folks over at security firm FireEye spotted a new attack that exploits a vulnerability in Java to install a Trojan named Poison Ivy, which communicates with C&C servers in China and Singapore.
Since there’s no fix in sight, it is highly recommended that users turn off/disable Java in their browsers. This might keep certain websites from operating 100% but, it will help prevent possible “drive-by downloads”. What is a “drive-by download” you might ask? Well, in a drive-by download, your computer becomes infected just by visiting a website which contains malicious code. Cybercriminals search the Internet looking for vulnerable web servers that can be hacked, and when one is found, they can then inject their malicious code onto the web pages. If your operating system or one of your applications is un-patched, a malicious program is downloaded to your computer automatically when you access the infected web page.
For instructions on how to disable Java in Google Chrome, go here, for Firefox, go here, for Safari, here and for disabling it in Internet Explorer, click here. You might be tempted to “downgrade” to an earlier version of Java since these new exploits only target version 7 but, don’t do it! The previous versions of Java also have security flaws. Don’t waste time downgrading to an earlier version since it will be equally insecure.
If you absolutely MUST use a Java-enabled browser for mission-critical productivity apps, Brian Krebs over at Krebs On Security suggests users switch to a secondary browser with Java installed, using a Java-less browser for normal browsing and only occasionally switching to a Java-enabled one. This isn’t a bullet proof plan but, it’s safer than surfing the Web with a browser where Java is fully enabled. Good news if you use Google Chrome, you will get a warning every time Java wants to execute and you can decide for yourself whether or not to allow it.
Java SE 7 Update 7 and SE Update 35 released
Published August 30, 2012
The folks at Oracle have released updates for Java, versions 1.7.0_07 and 1.6.0_3.
Oracle strongly recommends that all Java SE 7 users upgrade to this release.
You can download the installers from here.
Researchers who’ve been investigating the exploit for the new Java CVE-1012-4681 vulnerability found that there were actually two previously unknown security bugs in Java 7 and that the exploit has been traced back to attackers in China. News of the Java vulnerability started to circulate on Sunday and researchers have spent the last several days looking at the bug as well as the exploit code. What they found is that there were in fact two distinct zero day vulnerabilities in the latest version of Java and that the new exploit uses them both.
“There are 2 different zero-day vulnerabilities used in this exploit: one is used to obtain a reference to the sun.awt.SunToolkitclass and the other is used to invoke the public getField method on that class. The exploit is making use of the java.beans.Expression which is a java.beans.Statement subclass. There are 2 Expression instances that are used to trigger these 2 different bugs.”
Exploits for the new bugs have already made their way into the BlackHole exploit kit. BlackHole is one of the more popular exploit packs in use by malicious hackers/criminals and is easily available on the underground internet market.
Blizzard’s Battle.Net HACKED!
Published August 13, 2012
Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo. Blizzard president, CEO and co-founder Michael Morhaime has released a statement explaining that:
“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers, the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
Blizzard claims – but doesn’t guarantee – that financial data such as credit cards, billing addresses, and real names weren’t accessed. Nonetheless, since Blizzard’s servers hold enough data to verify that you know your password and can type it in correctly, therefore anyone who has a clone of Blizzard’s authentication system can easily run a password-guessing attack against accounts.
Here are a few steps that you should implement immediately:
- Change your Blizzard password.
- If you chose excessively simple passwords, it could be guessed quickly. Stop choosing simple, non-complex passwords! Always try to use alpha-numeric, case sensitive passwords while incorporating special characters. Here’s a good example of what a strong password looks like: MyP4ssW3rD!
- If you’ve used the same password someplace else, change that one also, and don’t reuse passwords on different sites.