From alertmailinglist at skiifwrald.com  Wed Sep  9 20:10:53 2009
From: alertmailinglist at skiifwrald.com (Security and IT News Alerts)
Date: Wed, 9 Sep 2009 14:10:53 +0400
Subject: [Sunnet Alert] Advisory #270 - Microsoft (Multiple), Multiple News
Message-ID: <04A46707-813B-434E-B00B-5742D766D9E6@beskerming.com>

S?nnet Beskerming Alert List Advisory #270

You are receiving this message because you have subscribed to our  
Information Security Alert Mailing List, or have been selected for a  
specific one-off copy.  If you believe that you are receiving this  
message in error,please contactinfo at beskerming.com to resolve the error.

Why not upgrade to get same day notification on security threats?   
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).

Why not go the next step and get delivery tailored just for your  
company?
(http://www.beskerming.com/premium/focussed_advisory.html)


Contents
--------------------------------------------------------------------
1.	SECURITY
--------------------------------------------------------------------
1.1	Microsoft (Multiple)
	- Remote Hacker Automatic Control
	- Time Since Discovery - 2 days
======================================
/*
	- Remote or Local - Can it be achieved through a network or does it  
require physical access?
	- Hacker - The bad guy
	- Manual or Automatic  - Does the vulnerability need to be manually  
performed, or can it be automated?
	- Control, Denial of Service or Data Theft - Will the hacker get  
control of your system / website, will they prevent you from using it,  
or will they steal data.
*/
--------------------------------------------------------------------
2.    NEWS
--------------------------------------------------------------------
2.1	Just Three People Accused Over Heartland Breach, and Others
2.2	Established Media Taking Different Approaches to Online Content
2.3	Anonymous Targets Australian Government Over Censorship Plan
=====================================

1.	SECURITY

1.1	Microsoft (Multiple) - Remote Hacker Automatic Control

	-- Products Affected --
	Windows
	
	-- Technical Description --
	MS09-045 - JScript Scripting Engine. Remote code execution. Replaces  
MS06-023. Critical
	MS09-046 - DHTML Editing ActiveX. Remote code execution. Critical
	MS09-047 - Windows Media Format. Remote code execution. Replaces  
MS08-076. Critical
	MS09-048 - TCP/IP. Remote code execution. Critical
	MS09-049 - Wireless LAN. Remote code execution. Critical

	-- Description --
	Microsoft have released five patches as part of the September  
Security patch release, all of which are rated as Critical and deal  
with core Windows components and can lead to arbitrary code execution  
on vulnerable systems.  There were no known exploits against the  
vulnerabilities and the vulnerability data was not known about ahead  
of patch release.

	-- Recommended Action --
	All users and administrators should apply the updates at the earliest  
opportunity.

	-- Source --
	http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx
	http://www.beskerming.com/premium/patch_pack.html
	http://store.eSellerate.net/s.asp?s=STR3448907936&Cmd=CATALOG&CategoryID=9811
	
	-- Updates Available --
	http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx
	http://www.microsoft.com/technet/security/bulletin/ms09-046.mspx
	http://www.microsoft.com/technet/security/bulletin/ms09-047.mspx
	http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx
	http://www.microsoft.com/technet/security/bulletin/ms09-049.mspx

	-- External Tracking Data --
	CVE-ID: CVE-2009-1920 (MS09-045)
	CVE-ID: CVE-2009-2519 (MS09-046)
	CVE-ID: CVE-2009-2499 (MS09-047)
	CVE-ID: CVE-2009-2498 (MS09-047)
	CVE-ID: CVE-2009-4609 (MS09-048)
	CVE-ID: CVE-2009-1925 (MS09-048)
	CVE-ID: CVE-2009-1926 (MS09-048)
	CVE-ID: CVE-2008-1132 (MS09-049)

	-- Threat Matrix --
			U	O
	Home User	10	10 (Highly Critical)
	Corporate	10	10 (Highly Critical)

=======================================
/*
Threat Matrix:
	U - User
	O - Operator
	Harmless - 0 ----- 10 - Highly Critical
*/
=======================================

2.	NEWS

2.1	Just Three People Accused Over Heartland Breach, and Others

It can be amazing sometimes how inter-related many Information  
Security events can be, especially when they are important enough to  
make the news individually. Major credit card data thefts in the last  
couple of years from Heartland, 7-Eleven, TJ Maxx, and others all made  
news in their own right, but now one individual is being charged in  
relation to all of the cases, with up to 130 million different card  
details having been compromised across all of the various companies  
and businesses that the accused broke into.

Using SQL-injections in at least some of the cases, the accused and  
two unnamed co-accused were able to extract the information and make  
plans to sell the data for other fraudulent use. The use of a well- 
known and understood technique, not to mention one that can be  
defended against, speaks volumes about the inherent state of data  
security within the organisations that were breached. Those  
responsible for managing data in other businesses should look at these  
cases as a warning about what can happen when things go wrong, and  
take steps to mitigate that risk.

Companies that are moving to using external services for managing and  
storing their payment and privacy related data need to be certain of  
the level of services being provided and not merely assume that it  
will be fine. In some cases, moving data to external services can make  
it difficult or impossible to maintain at the same standard of  
protection that it would have been at if kept internally.

Facing up to 20 years jail time for fraud and another five years for  
conspiracy, it would make for a serious punishment, which not many  
would argue is over the top. A concern is that the accused was at one  
stage an informant for the US Secret Service, providing technical  
expertise for tracking other hackers and was previously involved with  
the carder group Shadowcrew. It wouldn't be the first time that  
authorities have misjudged the capabilities and motivation of the  
people they are working with and ultimately up against.

Court dates for the suite of charges won't be until 2010, and by then  
we all may get to find out the identities of the still-unnamed major  
retailers that were also attacked and compromised as part of the spate  
of attacks. Whoever they are, they are seemingly in violation of  
breach reporting rules and it, too, will be worth watching to see the  
reasoning given for not notifying customers in a reasonable or even  
regulated timeframe. There isn't anything that can be gained from this  
information being kept secret, so it needs to be something incredible  
for this information to have been suppressed for so long.

It is going to be some time until a major sequence of attacks such as  
these can be tied back to an individual or a small group of attackers  
but there are massive botnets where the authors remain unknown that  
would likely challenge for scope of overall breach, but not for media  
notoriety prior to arrest.


2.2	Established Media Taking Different Approaches to Online Content

Traditional media groups continue to struggle with falling advertising  
rates, declining circulation figures and what many might see as a  
reduced relevancy in the face of news-coverage-as-it-happens on the  
Internet.

Australia's Fairfax Media group has reported a loss of $300 million  
AUD for the most recent financial year, and although advertising  
income has stabilised, there is no recovery yet. When compared to  
profit for the previous year's results, it can be surprising that,  
with only 10% less revenue, there is such a great loss (EBITDA shows  
the significance of this 10%). A lot of it can be put down to a  
reduction in the ethereal value associated to goodwill and the  
"carrying value of its mastheads".

It could be seen as a chance to write off some overvaluation or  
unprofitable business operations in a challenging economic  
environment, perhaps planning for further decline in advertising and  
reach. Rather than making waves about how much harder it is competing  
against other news sources online, it appears that the Fairfax Group  
is making an effort to be positioned to make the most of what is  
possible online. With its online division showing the smallest decline  
(0.8%), it shows that established media groups will have a place  
online and still have a role for distributing and publishing news.

Another take on the difficulties facing media is provided by James  
Murdoch, while delivering the McTaggart lecture, who attacked publicly  
funded news sources such as the BBC for making it harder for private  
news organisations to ask people to pay for their news. With News  
Corporation coming off a $3.4 billion USD loss for the most recent  
financial year, the decision by the company to charge across its suite  
of online services has already been covered here before.

The claims being made by James Murdoch may carry some value, but  
having those sources available also represents a diversification of  
news coverage and bias, something that is more difficult to achieve if  
news becomes completely corporatised, and which continues to inform  
people, irrespective of their economic circumstances.

This attack against the BBC could soon be echoed against state and  
publicly funded broadcasters globally, all of which present their own  
biases when delivering news content.

In an environment where there is only commercial news sources, or even  
one where there is only publicly funded sources, dissenting viewpoints  
can be lost and it is important that as many sources as possible are  
kept around to provide the broadest coverage, and ultimately a  
neutrally-weighted average point of view on news.


2.3	Anonymous Targets Australian Government Over Censorship Plan

An entry on the ISC blog suggests that Australian government websites  
will be targeted later on today (September 9) in a targeted attack by  
"Anonymous", a loose group of other-wise unconnected individuals  
acting towards a common goal, commonly associated with having  
originated from the 4chan messageboard.

The website set up as a call to action 09-09-2009.org doesn't  
explicitly mention the steps that will be taken as part of their plan  
to get their demands met, namely the resignation of current Federal  
Communications Minister, Stephen Conroy, and the abolition of the  
blacklist that forms the basis for the Federal Government's censorship  
plan.

Despite the lack of explicit activity mentioned, if past actions  
linked to "Anonymous" groups are any indication, then it is highly  
likely that a distributed Denial of Service (dDoS) will be carried out  
against government sites. The statement that the group also seeks to  
leak and distribute the backlist as well as make freely available  
methods to bypass the censorship, raises the possibility that rather  
than carrying out a straight denial of service, the attacks may lead  
to the takeover of certain specific sites where information about  
avoiding the blacklist and planned censorship will then be published.

While there is a general sense of disgust at the planned government  
censorship plan, it also seems that the plans for Internet filtering  
aren't going to be anything more than that, just plans. The wider  
Australian public may not know about the plans in depth, nor really  
care about the means to bypass the filtering. Those that do, probably  
already know how to achieve it and this action under the "Anonymous"  
banner quite likely may not lead to any significant change, either in  
government stance, or in wider awareness of the information that  
"Anonymous" is distributing. Australian's are famous for their laid- 
back attitudes, and this is probably going to be a situation where the  
laid-back attitudes will see a smaller than expected result, if any at  
all from the currently-unknown actions that "Anonymous" will carry out.

If they are successful, then it would be a remarkable first for many  
reasons. Forcing a sitting Minister to resign through nothing more  
than Internet bluster would be astounding, as would be an "Anonymous"  
challenge being successful beyond a short term or a very localised area.

=======================================

Sincerely,

S?nnet Beskerming Team
info at beskerming.com
S?nnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444

** S?nnet Beskerming Pty. Ltd. **

Established in mid 2004, S?nnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..  
S?nnet Beskerming Pty. Ltd. is an Information Security specialist and,  
in conjunction with the tools developed by Jongsma & Jongsma Pty.  
Ltd., provides total security solutions and services, from the  
perimeter to internal data stores, including web application security  
and security testing and analysis.