Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2008-03-19 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

When is your VM not your VM?

Published: 2008-03-19
Last Updated: 2008-03-19 23:42:43 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

When your provider seems to own it?

A reader sent us a link to a story which ends well, a gentleman who's spouse had passed away had asked his VM provider to restore the greeting she had made. My first reaction was isn't that wonderful! Then Darren and I started to discuss the implications. The original story is here.

  1. Who owns your voicemail?
  2. if you delete a VM message, is it deleted?
  3. If you delete a VM, can it be restored if you ask?
  4. Who authorized the backups of my VM?
  5. Are the backups subpoenable?
  6. Do providers adequately authenticate requests to retrieve VM?
  7. What logs are kept of such requests?

 I think we have only scratched the surface of the privacy and security implications raised by this case.

Cheers,
Adrien de Beaupré
Bell Canada

Keywords:
0 comment(s)

BBB is back

Published: 2008-03-19
Last Updated: 2008-03-19 23:34:02 UTC
by Adrien de Beaupre (Version: 2)
0 comment(s)

We have two separate reports of BBB targeted phishing (AKA spear phishing) attacks. Both are using the URL: hxxp://www.national-bbb.com/complaints/ViewReport.php...

The site tries to initiate an ActiveX install.

Browser beware!

Cheers,
Adrien de Beaupré
Bell Canada

Keywords:
0 comment(s)

Apple Patches AND Vista service pack

Published: 2008-03-19
Last Updated: 2008-03-19 20:45:24 UTC
by Adrien de Beaupre (Version: 5)
0 comment(s)

The first service pack from Microsoft for Vista is out. Please let us know your experiences downloading and applying the 434.5 MB Windows Vista Service Pack 1 Five Language Standalone (KB936330).

Apple has released Security Update 2008-02 and Security Update for Safari 3.1 for Mac users.

Update 1: If Vista SP1 will not install, or is not being offered as a option you should read the following article. You may have to update drivers first or other issues. If you run into any other problems please let us know.  (Thanks Susan!): Windows Vista Service Pack 1 is not available for installation from Windows Update and is not offered by Automatic Updates

Update 2: Before you install the final release of Windows Vista SP1, you must uninstall any previous releases (Thanks Chris!). As detailed in this article.

Update 3: V3.0 of MS08-014 dated March 19, 2008 should fix the Excel issues.

Cheers,
Adrien de Beaupré
Bell Canada


Keywords:
0 comment(s)

VMware updates resolve critical security issues (VMSA-2008-0005)

Published: 2008-03-19
Last Updated: 2008-03-19 04:06:24 UTC
by Raul Siles (Version: 1)
0 comment(s)

Last month we announced a critical VMware vulnerability where it was possible for a program running in a guest virtual machine to gain access to the host's complete file system and create or modify executable files in sensitive locations (that is, a true escape). The problem was due to a directory traversal vulnerability on the VMware share folder capabilities on Windows.

VMware has announced a new security advisory that includes a set of updates for VMware Workstation, Player, Server, ACE, and Fusion (VMSA-2008-0005), resolving this vulnerability plus a few other relevant security issues:

  • a.  Host to guest shared folder (HGFS) traversal vulnerability (CVE-2008-0923)
  • b. Insecure named pipes (CVE-2008-1361, CVE-2008-1362)
  • c.  Updated libpng library to version 1.2.22 to address various security vulnerabilities (CVE-2007-5269)
  • d.  Updated OpenSSL library to address various security vulnerabilities (CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339)
  • e.  VIX API default setting changed to a more secure default value
  • f.  Windows 2000 based hosted products privilege escalation vulnerability (CVE-2007-5618)
  • g.  DHCP denial of service vulnerability (CVE-2008-1364)
  • h.  Local Privilege Escalation on Windows based platforms by Hijacking VMware VMX configuration file (CVE-2008-1363)
  • i.  Virtual Machine Communication Interface (VMCI) memory corruption resulting in denial of service (CVE-2008-1340)

 The latest versions are:

  • VMware Workstation 6.0.3
  • VMware Workstation 5.5.6
  • VMware Player 2.0.3
  • VMware Player 1.0.6
  • VMware ACE 2.0.3
  • VMware ACE 1.0.5
  • VMware Server 1.0.5
  • VMware Fusion 1.1.1

 Update as soon as possible!

--
Raul Siles
www.raulsiles.com

Keywords: vmware
0 comment(s)
Diary Archives