Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
James O'Connor | 19 Apr 2007 07:00:00 GMT | 0 comments

Some of you may have read my blog article last year about the BlackBerry mobile device: Hacking the BlackBerry along with the associated whitepaper, Blackberry Security: Ripe for the picking? We decided not to widely distribute that paper for a number of reasons, including the fact that the model reviewed was a tad on the old side (BlackBerry 7290 circa 2004). Well, fast-forward to 2007, when I was supplied with a shiny new BlackBerry Pearl 8100 and a blank sheet of paper.

As I alluded to in my previous blog, the Pearl represents a significant departure for Research In Motion; a departure from the world of purely corporate utility, and an arrival at the world of consumer-oriented features. The device sports a beautifully stylized slimline form-factor, a 1.3 megapixel camera, and a removable media card as standard. Of course, all the...

Ron Bowes | 18 Apr 2007 07:00:00 GMT | 0 comments

The Home and Home Office Security Report(HHOSR), a monthly report released by Symantec, provides a high-leveloverview of Internet security concerns that may be of interest to homeand home office users. March's HHOSR focused largely on Volume XI of Symantec's Internet Security Threat Report.

This HHOSR's hot topic discussed the price of a wide variety ofinformation related to personal identity. The types of information, andthe prices at which they were offered, are outlines in table 1 below.

Item Cost in US Dollars
Complete Identity $14 - $18
US Credit Card $1 - $6
UK Credit Card $2 - $12
...
Elia Florio | 17 Apr 2007 07:00:00 GMT | 0 comments

What we saw in the first Trojan.Peacommoutbreak during January was only the beginning of the “storm-worm” war.The initial outbreak seemed to be an experiment in setting up apeer-to-peer (P2P) bot network, and to test the potential of theTrojan. The bad guys who were behind those criminal activities used thefirst variant of Peacomm to distribute a set of single-module Trojansthat were programmed to send spam, perform DDoS attacks, gather mailaddresses, and distribute new versions of the Trojan.


20070416%20-%20Peacomm_B_fig1_small_2_EF.jpg
...

Peter Ferrie | 17 Apr 2007 07:00:00 GMT | 0 comments

A few days ago, a postto a vulnerability discussion mailing list included a demonstration ofa heap corruption in Windows .hlp files' "bm" section. .hlp files areWinHelp-format Help files, a primitive version of .chm, or CompiledHelp Module-format help files. The "bm" section, or the Bitmap-formatgraphics section, is the part of the .hlp file that contains graphics(icons, pictures, etc.). The poster had discovered the vulnerability byusing a fuzzer to insert random data into the file. However, it seemsthat he did not understand why this vulnerability works.

After digging into the issue, it appeared to me that the filetargets the same vulnerability that was last attacked in December of2004, the WinHelp Phrase Heap Overflow.However, after a careful review, I realized that this...

Shunichi Imano | 16 Apr 2007 07:00:00 GMT | 0 comments

It has been reported that a worm that exploits the Microsoft Windows Domain Name Server Service Remote Procedure Call Interface Vulnerability is in the wild. Symantec Security Response has obtained a sample of the worm and we detect the threat as W32.Rinbot.BC.

UPDATE
We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.

Blaster, Sasser, W32.Rinbot.BC
We have observed that the time taken from exploit code...

Shunichi Imano | 16 Apr 2007 07:00:00 GMT | 0 comments

It has been reported that a worm that exploits the Microsoft Windows Domain Name Server Service Remote Procedure Call Interface Vulnerability is in the wild. Symantec Security Response has obtained a sample of the worm and we detect the threat as W32.Rinbot.BC.

UPDATE
We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.

Blaster, Sasser, W32.Rinbot.BC
We have observed that the time taken from exploit code...

Shunichi Imano | 16 Apr 2007 07:00:00 GMT | 0 comments

It has been reported that a worm that exploits the Microsoft Windows Domain Name Server Service Remote Procedure Call Interface Vulnerability is in the wild. Symantec Security Response has obtained a sample of the worm and we detect the threat as W32.Rinbot.BC.

UPDATE
We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.

Blaster, Sasser, W32.Rinbot.BC
We have observed that the time taken from exploit code...

Marc Fossi | 16 Apr 2007 07:00:00 GMT | 0 comments

The taxing time of year

It’s tax time once again – that time of year when those who owe aresweating while those getting refunds are gloating. Many people whoprepare their own returns use one of the many software packages on themarket to help them out. One thing that I’ve noticed is that many ofthe makers of these packages are beginning to offer Web-based tools toprepare and file their returns.

Honestly, the security of these Web applications worries me. In therecently published Symantec Internet Security Threat Report it wasfound that 66 percent of the 2,526 vulnerabilities in the second halfof 2006 affected Web applications. To highlight this fact, someonerecently reported that she was able to access other peoples’ returns through the TurboTax Web site. This is likely the result of a simple input validation flaw in the Web application.

Now, many of you who use the...

Vikram Thakur | 14 Apr 2007 07:00:00 GMT | 0 comments

Right at the heel of Microsoft releasing its slew of patches, another vulnerability has been released. Microsoft didn't delay getting into action, releasing an advisoryfor it almost immediately. This time, the vulnerability lies within theDomain Name System (DNS) Server Service affecting the server line ofMicrosoft's operating systems. The vulnerability allows the attacker torun code remotely in the security context of DNS Server Service, whichby default is SYSTEM.

Symantec Security Response have analyzed a sample of the proof-of-concept code and have released Bloodhound.Exploit.136signatures to detect threats that utilize this vulnerability. Thisdetection is...

Symantec Security Response | 13 Apr 2007 07:00:00 GMT | 0 comments

Facebook is quickly becoming one of themost popular social networking sites for the 20-something crowd. It wasinitially focused on college students, but has since opened up to thewider public. Recent statistics place Facebook among the most popularsocial networking sites on the Internet.

Privacy has become a bigger issue in recent times for socialnetworking sites. People are becoming aware of the danger of placingpersonally identifiable information in plain view on the Internet. Theapproach Facebook has taken towards privacy issues is a granular one.People with profiles on Facebook can join “networks” based on theirschool or workplace. All that is necessary to join a network is anemail account from that organization. Privacy settings can becustomized in many configurations, including maximum visibility, whereanyone can find your limited profile in a search; limited privacy,where only those in one of your networks can see your full profile; anda restrictive setting,...