Archive for the 'Security' Category

More bad news for Vista

Published
by
Tom Raftery
on 28/2/2007
in Microsoft, Security and Windows
. Comment

According to an article in InformationWeek, a privilege escalation vulnerability has been found in Windows Vista.

The vulnerability was reported to Microsoft by eEye Digital Security on the 19th of January.

Marc Maiffret, Chief Hacking Officer of eEye said:

with this vulnerability, you can elevate yourself to system-level access. Any normal user can do anything they want to the system.

He went on to speculate that:

If it was coupled with a virus or a different remote vulnerability, it would be a lot more serious… On its own, though, it’s only medium [threat]

Oh dear! How much did Microsoft invest in Vista again?

Symantec CEO profits while company burns!

Published
by
Tom Raftery
on 18/1/2007
in Security
. Comments

Good buddy Dennis Howlett has uncovered, through some clever financial detective work (Dennis is a former accountant), some very dodgy dealings.

It seems that the CEO of Symantec, John Thompson, made $1.5m profit on the sale of Symantec shares very shortly before the announcement to the market of losses by Symantec (and the inevitable share price fall that ensued).

This looks very bad and reeks of insider knowledge (whether or not that is, in fact, the case).

Companies engaged in security need to be whiter than white. When the CEO’s reputation is on the line like this, Symantec needs to explain this one quickly to everyone’s satisfaction of John Thompson needs to resign.

Critical vulnerabilities or a clever marketing ploy?

Published
by
Tom Raftery
on 15/11/2006
in Microsoft and Security
. Comments

Microsoft released updates for critical vulnerabilities in Windows (2000, XP and 2003). This includes fixes for three vulnerabilities that “criminal hackers are already exploiting” according to Brian Krebs.

The patches fix vulnerabilities which can allow remote code execution (it doesn’t come much worse than that!).

Microsoft critical security updates

Personally, I think they are trying to scare people into upgrading to Vista ;-)

Let the conspiracy theories commence…

Throw away the key!

Published
by
Tom Raftery
on 5/10/2006
in Privacy and Security
. Comment

I’m delighted to see that Bill Lockyer, California’s attorney general has filed felony criminal charges against former HP Chair Patricia Dunn and four others for their spying on fellow board members and on journalists.

The back story to this is that HP were concerned about leaks to the press from HP’s board meetings. An investigation was begun which involved spying on members of the board and various journalists (illegally accessing their phone records amongst other things).

The story broke recently causing havoc on the board (Dunn resigned, as did the general counsel, a second director and two other senior officers).

It will be interesting to see how this affects the company’s stock price.

I used to work for an employer who wouldn’t hesitate to spy on employees - throw away the key I say!

Blueface won’t let me make outgoing calls

Published
by
Tom Raftery
on 21/6/2006
in RSS, Security, Technology and blueface
. Comments

I have an account with Blueface - Blueface is a VOIP provider. For €19.99 per month I am supposed to get 1,000 minutes of calls to over 20 countries. All good, so far. The only issue is that for some bloody reason, at the end of every month my credit is deleted and I can no longer make outgoing calls.

Two problems here, in the first place, I should be able to carry the unused minutes I have paid for over into the next month and second, since I have signed a direct debit form, the money should go out of my account, pay for the next month and there should be no interruption to my service.

Come on guys, get with the program or lose a customer. Fast.

UPDATE:

I received the following email from Blueface support:

can you switch off the modem and ATA for 30 secs and then switch them back on and leave them for 5 mins.
if it still doesn’t work thrn let me know.
everything is connected fine and your ATA is registered on our server.

Of course that tells me nothing. I tried turning both the router and ATA off several times today and that didn’t fix it then - why was this time different?

Users are ’stupid’ - Microsoft

Published
by
Tom Raftery
on 5/4/2006
in Malware, Security and Windows
. Comments

I wrote a post over a year ago about how I deal with PCs which have become infected with malware (viruses/trojans/worms/rootkits, etc.):

what I do, is to re-install the OS - more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG… or consider formatting the PC.

It seems that I was on the money with that advice - eWeek are reporting today that Mike Danseglio, program manager in the Security Solutions group at Microsoft said at an InfoSec conference in Florida yesterday:

When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit

Malware is becoming more difficult to detect because malware writing has become a big business. The people who write these malware programs now do so for profit. They write programs which allow them to use infected machines (to send spam, for instance) and they sell their services to companies who want use infected machines. The more machines they control, the more money they can make. It is therefore in the malware writer’s interest that the malware be as unobtrusive and difficult to detect as possible.

Danseglio said:

We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,

This is similar to my observation that malware can hide in the System Restore volume and can re-install themselves after a scan is run.

The one place where Danseglio and I disagree fundamentally is in the apportioning of blame. Danseglio said:

Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity

Personally, I believe that if the software allows people to be fooled into clicking on a phishing link (and some of the phishing emails I have received have been extremely convincing), then it is the software which is stupid and not the user.

Tom Raftery’s Social Media is Digg proof thanks to caching by WP Super Cache!