Video Screencast Help
Security Response
Showing posts in English
Ollie Whitehouse | 20 Feb 2007 08:00:00 GMT | 0 comments

People who have been following the notunexpected initial wave of security research with regards to WindowsVista will have seen a few informative blog posts recently. First, in ablog titled "Running Vista Every Day!"Joanna Rustkowska pointed out some issues with UAC, one of them being asimple implementation bug in UIPI. This, I believe in part, resulted inMark Russinovich writing his blog entry "PsExec, User Account Control and Security Boundaries." Joanna posted another blog, "Vista Security Model ? A Big Joke?" in response to Mark's blog post. And then followed it with "...

Elia Florio | 20 Feb 2007 08:00:00 GMT | 0 comments

This morning we received reports of spammed emails with the following bodies:

John Howard survived a heart attack
Read more: http://wi[REMOVED]news.hk

Prime Minister survived a heard attack
Read more: http://in[REMOVED]help.hk

Once again, it’s the usual attack that tries to lead victims to a Web site that hosts an exploit code. In this case, attackers also added some additional social engineering fun to pursue their criminal purposes. In fact, when someone visits the hostile Web site, it will show a false “502” error and will gently suggest shutting down firewall and antivirus software to avoid the problem. (Of course! What else? Do you want my credit card number? Send money to your bank?).

...

Ollie Whitehouse | 20 Feb 2007 08:00:00 GMT | 0 comments

People who have been following the notunexpected initial wave of security research with regards to WindowsVista will have seen a few informative blog posts recently. First, in ablog titled "Running Vista Every Day!"Joanna Rustkowska pointed out some issues with UAC, one of them being asimple implementation bug in UIPI. This, I believe in part, resulted inMark Russinovich writing his blog entry "PsExec, User Account Control and Security Boundaries." Joanna posted another blog, "Vista Security Model ? A Big Joke?" in response to Mark's blog post. And then followed it with "...

Peter Ferrie | 19 Feb 2007 08:00:00 GMT | 0 comments

A colleague of mine came to see me one morning recently with anunusual result. For reasons that he didn't explain to me (he called it"a secret project"), he had intentionally placed a particular encodingof an invalid instruction near the end of a valid page, next to anunallocated page, then executed that instruction. However, instead ofseeing the expected invalid opcode exception, he was seeing a pagefault. Initially, I thought that it was related to the unexpected LOCKexception bug in Windows that I documented here, but it turned out to be something else entirely.

It turns out that the CPU performs a complete fetch, includingparsing the ModR/M byte, prior to performing any kind of decoding.Thus, because of the instruction encoding that he had used, the CPU wasattempting to retrieve all of the necessary bytes first,before it knew that the...

Debbie Mazurek | 19 Feb 2007 08:00:00 GMT | 0 comments

One of the most common practices insoftware development is code reuse. Developers use the strategy to savetime and money by reducing redundant tasks and the theory is put intopractice in several popular content management systems available tousers who want to create their own Web presence.

The CMS, or content management system, is a framework that can beused by both experienced and novice developers to produce Web sites forcountless purpose. From blog sites (like this one) to e-commerce sites,for Fortune 500 companies to private individuals, a CMS can makedeveloping content for the Web a whole lot easier.

Many of the popular CMS varieties employ a modular approach thatmakes it easy to construct your own add-ons to suit any purpose you'dlike - searching, FAQ building, file uploading, news posting - the listis exhaustive. In fact, the odds are good that someone else has alreadymade the add-on you seek: they figured out code reuse.

Joomla! and Mambo are two...

James O'Connor | 16 Feb 2007 08:00:00 GMT | 0 comments

There has been much talk recently about thelaunch of Windows Vista, and one feature in particular: SpeechRecognition. Speech Recognition allows the user to dictate arbitrarytext to the computer (a letter for example) using speech instead of thekeyboard. It also allows the user to carry out normal computing tasksvia a choice of pre-defined commands. There are commands such as"delete that," "press escape key," and "what can I say?" This last oneshows the user what kinds of command they can use in the currentsituation. If Speech Recognition is running, but sleeping, the usersays "start listening" to activate it.

It has been suggested that Speech Recognition could be subverted fornefarious purposes using malicious audio clips. The scenario would beas follows:

• The user is browsing the Web, with Speech Recognition enabled.
• They visit a Web site, with a background audio clip that plays as soon as the site is opened.
• The audio clip contains commands that...

Candid Wueest | 16 Feb 2007 08:00:00 GMT | 0 comments

Another Valentine’s Day has passed and everyone knows that there are certain guidelines that should be followed on this day of love. Over the years, I've developed a top three list of recommendations:
• Don’t forget Valentine’s Day.
• Don’t forget to get in touch with your loved ones.
• Don’t open any strange email attachments, not even if they seem to come from a secret admirer and have a special greeting card attached.

But after the stories I heard this year around Valentine’s Day, it appears I'll need to add new advice to my top three list. Apparently many people received a suspicious text message on their mobile phone this Valentine’s Day. The text message came from an online love message service, which lets you record a message onto a central voice recording machine that can be dialed into. The service then sends a timed SMS to your friend, who can collect the recorded message by calling a number. Of course you have to pay around US$ 4 per minute for...

James O'Connor | 16 Feb 2007 08:00:00 GMT | 0 comments

There has been much talk recently about thelaunch of Windows Vista, and one feature in particular: SpeechRecognition. Speech Recognition allows the user to dictate arbitrarytext to the computer (a letter for example) using speech instead of thekeyboard. It also allows the user to carry out normal computing tasksvia a choice of pre-defined commands. There are commands such as"delete that," "press escape key," and "what can I say?" This last oneshows the user what kinds of command they can use in the currentsituation. If Speech Recognition is running, but sleeping, the usersays "start listening" to activate it.

It has been suggested that Speech Recognition could be subverted fornefarious purposes using malicious audio clips. The scenario would beas follows:

• The user is browsing the Web, with Speech Recognition enabled.
• They visit a Web site, with a background audio clip that plays as soon as the site is opened.
• The audio clip contains commands that...

Zulfikar Ramzan | 15 Feb 2007 08:00:00 GMT | 0 comments

I wanted to talk about a recent new attack, called Drive-ByPharming, which I co-developed with Sid Stamm and Markus Jakobsson ofthe Indiana University School of Informatics. It allows attackers tocreate a Web page that, simply when viewed, results insubstantive configuration changes to your home broadband router orwireless access point. As a result, attackers gain complete controlover the conduit by which you surf the Web, allowing them to direct youto sites they designed (no matter what Web address you direct your Webbrowser to).

I believe this attack has serious widespread implications andaffects many millions of users worldwide. Fortunately, this attack iseasy to defend against as well. In this blog entry, I’ll describe theattack, mention some prior related work, and then go over bestpractices.

How the attack works:

I’ll start with a high-level real-world analogy of this attack.Imagine that whenever you wanted to go to your bank,...

Symantec Security Response | 14 Feb 2007 08:00:00 GMT | 0 comments

Anyone who has something to say now hasaccess to media and the means to distribute his or her message. Folkshave discovered that their fifteen minutes of fame can easily beachieved through the Internet with video clips, blogs, and vlogs(a blog that contains video). User-generated content opens the door tonew opportunities. We can learn about a day in the life of a soldier atwar, showing first hand what we have only been able to see in themovies. "Lookie loos" (or casual observers) now record events happeningin real time using only their cell phones, thus becoming amateur journalists. People are demonstrating their unique talents, effectively becoming ...