November 18, 2008 by
Jason
The exploit for a vulnerability affecting the Server Service on all supported versions of Windows has been included in a commercial malware kit, available for sale. MS08-067 is labeled with a maximum severity rating of Critical, and the security bulletin is designed to patch vulnerable Windows operating systems, which could allow for remote code execution via a successful attack involving a specially crafted, malicious RPC request. The vulnerability affects the latest Windows client and server operating systems, including Windows 7, Windows Vista Service Pack 1 and Windows XP Service Pack 3.
“Probably the most widely reported topic in the Chinese Security community this month will be the availability of a commercial MS08-067 attack pack, customized for Chinese users. On October 26th, 2008, exploit code was posted on to a well-known public repository site. In a few days, malware kit author, WolfTeeth, was quick to sell a MS08-067 port scanning tool with attack capability to his ‘customers,’ using free code from the Internet,†revealed Haowei Ren and Geok Meng Ong, from the McAfee Avert Labs.
The security issue is rated Critical on Windows Server 2004, Windows XP (including SP3), and Windows Server 2003, and just Important on Windows Vista (SP1) and Windows Server 2008. Microsoft made available MS08-067 as an out-of-band release in October 2008. During the same month the company issued the first security patch for Windows 7, designed for the pre-Beta Build 6801 Milestone 3 release. Read More»
Posted in Windows 7 | No Comments »
The Carnegie-Mellon University (CMU) made available a Firefox extension developed at their School of Computer Science and College of Engineering that improves security in Firefox by protecting against man-in-the-middle attacks. The extension, named Perspectives, is available only for Firefox 3 and works on Windows, Linux (32-bit) and OS X (Intel), with support for Linux (64-bit) and Open Solaris being in the experimental stage of development.
A man-in-the-middle attack is performed by intercepting the traffic between a user and a resource that he is trying to access. This can be achieved by exploiting several vulnerabilities, like the latest DNS cache poisoning or GMail accounts hacking incidents show.
When accessing a server resource using secure protocols like SSL or SSH, a correct identification of the server is required. This is achieved through digitally signed certificates. Due to the fact that certificates issued by trusted authorities like VeriSign are expensive, it became common practice for small businesses and websites to use self-signed certificates. Read More»
Posted in Firefox | No Comments »
You invested in dead bolts and alarm systems to protect your business from theft of merchandise and equipment. But a cyber thief does not need access through the front door to steal the information you store on your PCs. Client credit card and bank account numbers, employee data and other confidential files are all at risk in a cyber attack.
Implementing sound security measures can greatly reduce your vulnerability to phishing (a type of Internet-based scam designed to steal your identity), spyware, and other malicious software used to steal or otherwise compromise business data. The good news is that built-in security features in Windows Vista Ultimate make it much easier to safeguard your PCs. Here are three you should know about: Read More»
Posted in Windows Vista | No Comments »
Loading ...
