[Sunnet Alert] Advisory #270 - Microsoft (Multiple), Multiple News
Security and IT News Alerts
alertmailinglist at skiifwrald.com
Wed Sep 9 20:10:53 EST 2009
Sûnnet Beskerming Alert List Advisory #270
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error,please contactinfo at beskerming.com to resolve the error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 Microsoft (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 2 days
======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using it,
or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 Just Three People Accused Over Heartland Breach, and Others
2.2 Established Media Taking Different Approaches to Online Content
2.3 Anonymous Targets Australian Government Over Censorship Plan
=====================================
1. SECURITY
1.1 Microsoft (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
Windows
-- Technical Description --
MS09-045 - JScript Scripting Engine. Remote code execution. Replaces
MS06-023. Critical
MS09-046 - DHTML Editing ActiveX. Remote code execution. Critical
MS09-047 - Windows Media Format. Remote code execution. Replaces
MS08-076. Critical
MS09-048 - TCP/IP. Remote code execution. Critical
MS09-049 - Wireless LAN. Remote code execution. Critical
-- Description --
Microsoft have released five patches as part of the September
Security patch release, all of which are rated as Critical and deal
with core Windows components and can lead to arbitrary code execution
on vulnerable systems. There were no known exploits against the
vulnerabilities and the vulnerability data was not known about ahead
of patch release.
-- Recommended Action --
All users and administrators should apply the updates at the earliest
opportunity.
-- Source --
http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx
http://www.beskerming.com/premium/patch_pack.html
http://store.eSellerate.net/s.asp?s=STR3448907936&Cmd=CATALOG&CategoryID=9811
-- Updates Available --
http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-046.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-047.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-049.mspx
-- External Tracking Data --
CVE-ID: CVE-2009-1920 (MS09-045)
CVE-ID: CVE-2009-2519 (MS09-046)
CVE-ID: CVE-2009-2499 (MS09-047)
CVE-ID: CVE-2009-2498 (MS09-047)
CVE-ID: CVE-2009-4609 (MS09-048)
CVE-ID: CVE-2009-1925 (MS09-048)
CVE-ID: CVE-2009-1926 (MS09-048)
CVE-ID: CVE-2008-1132 (MS09-049)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 Just Three People Accused Over Heartland Breach, and Others
It can be amazing sometimes how inter-related many Information
Security events can be, especially when they are important enough to
make the news individually. Major credit card data thefts in the last
couple of years from Heartland, 7-Eleven, TJ Maxx, and others all made
news in their own right, but now one individual is being charged in
relation to all of the cases, with up to 130 million different card
details having been compromised across all of the various companies
and businesses that the accused broke into.
Using SQL-injections in at least some of the cases, the accused and
two unnamed co-accused were able to extract the information and make
plans to sell the data for other fraudulent use. The use of a well-
known and understood technique, not to mention one that can be
defended against, speaks volumes about the inherent state of data
security within the organisations that were breached. Those
responsible for managing data in other businesses should look at these
cases as a warning about what can happen when things go wrong, and
take steps to mitigate that risk.
Companies that are moving to using external services for managing and
storing their payment and privacy related data need to be certain of
the level of services being provided and not merely assume that it
will be fine. In some cases, moving data to external services can make
it difficult or impossible to maintain at the same standard of
protection that it would have been at if kept internally.
Facing up to 20 years jail time for fraud and another five years for
conspiracy, it would make for a serious punishment, which not many
would argue is over the top. A concern is that the accused was at one
stage an informant for the US Secret Service, providing technical
expertise for tracking other hackers and was previously involved with
the carder group Shadowcrew. It wouldn't be the first time that
authorities have misjudged the capabilities and motivation of the
people they are working with and ultimately up against.
Court dates for the suite of charges won't be until 2010, and by then
we all may get to find out the identities of the still-unnamed major
retailers that were also attacked and compromised as part of the spate
of attacks. Whoever they are, they are seemingly in violation of
breach reporting rules and it, too, will be worth watching to see the
reasoning given for not notifying customers in a reasonable or even
regulated timeframe. There isn't anything that can be gained from this
information being kept secret, so it needs to be something incredible
for this information to have been suppressed for so long.
It is going to be some time until a major sequence of attacks such as
these can be tied back to an individual or a small group of attackers
but there are massive botnets where the authors remain unknown that
would likely challenge for scope of overall breach, but not for media
notoriety prior to arrest.
2.2 Established Media Taking Different Approaches to Online Content
Traditional media groups continue to struggle with falling advertising
rates, declining circulation figures and what many might see as a
reduced relevancy in the face of news-coverage-as-it-happens on the
Internet.
Australia's Fairfax Media group has reported a loss of $300 million
AUD for the most recent financial year, and although advertising
income has stabilised, there is no recovery yet. When compared to
profit for the previous year's results, it can be surprising that,
with only 10% less revenue, there is such a great loss (EBITDA shows
the significance of this 10%). A lot of it can be put down to a
reduction in the ethereal value associated to goodwill and the
"carrying value of its mastheads".
It could be seen as a chance to write off some overvaluation or
unprofitable business operations in a challenging economic
environment, perhaps planning for further decline in advertising and
reach. Rather than making waves about how much harder it is competing
against other news sources online, it appears that the Fairfax Group
is making an effort to be positioned to make the most of what is
possible online. With its online division showing the smallest decline
(0.8%), it shows that established media groups will have a place
online and still have a role for distributing and publishing news.
Another take on the difficulties facing media is provided by James
Murdoch, while delivering the McTaggart lecture, who attacked publicly
funded news sources such as the BBC for making it harder for private
news organisations to ask people to pay for their news. With News
Corporation coming off a $3.4 billion USD loss for the most recent
financial year, the decision by the company to charge across its suite
of online services has already been covered here before.
The claims being made by James Murdoch may carry some value, but
having those sources available also represents a diversification of
news coverage and bias, something that is more difficult to achieve if
news becomes completely corporatised, and which continues to inform
people, irrespective of their economic circumstances.
This attack against the BBC could soon be echoed against state and
publicly funded broadcasters globally, all of which present their own
biases when delivering news content.
In an environment where there is only commercial news sources, or even
one where there is only publicly funded sources, dissenting viewpoints
can be lost and it is important that as many sources as possible are
kept around to provide the broadest coverage, and ultimately a
neutrally-weighted average point of view on news.
2.3 Anonymous Targets Australian Government Over Censorship Plan
An entry on the ISC blog suggests that Australian government websites
will be targeted later on today (September 9) in a targeted attack by
"Anonymous", a loose group of other-wise unconnected individuals
acting towards a common goal, commonly associated with having
originated from the 4chan messageboard.
The website set up as a call to action 09-09-2009.org doesn't
explicitly mention the steps that will be taken as part of their plan
to get their demands met, namely the resignation of current Federal
Communications Minister, Stephen Conroy, and the abolition of the
blacklist that forms the basis for the Federal Government's censorship
plan.
Despite the lack of explicit activity mentioned, if past actions
linked to "Anonymous" groups are any indication, then it is highly
likely that a distributed Denial of Service (dDoS) will be carried out
against government sites. The statement that the group also seeks to
leak and distribute the backlist as well as make freely available
methods to bypass the censorship, raises the possibility that rather
than carrying out a straight denial of service, the attacks may lead
to the takeover of certain specific sites where information about
avoiding the blacklist and planned censorship will then be published.
While there is a general sense of disgust at the planned government
censorship plan, it also seems that the plans for Internet filtering
aren't going to be anything more than that, just plans. The wider
Australian public may not know about the plans in depth, nor really
care about the means to bypass the filtering. Those that do, probably
already know how to achieve it and this action under the "Anonymous"
banner quite likely may not lead to any significant change, either in
government stance, or in wider awareness of the information that
"Anonymous" is distributing. Australian's are famous for their laid-
back attitudes, and this is probably going to be a situation where the
laid-back attitudes will see a smaller than expected result, if any at
all from the currently-unknown actions that "Anonymous" will carry out.
If they are successful, then it would be a remarkable first for many
reasons. Forcing a sitting Minister to resign through nothing more
than Internet bluster would be astounding, as would be an "Anonymous"
challenge being successful beyond a short term or a very localised area.
=======================================
Sincerely,
Sûnnet Beskerming Team
info at beskerming.com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and,
in conjunction with the tools developed by Jongsma & Jongsma Pty.
Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
More information about the Alertmailinglist
mailing list