Feed: Keijo Knutas IT Blog - AggScore: 46.1

Google Fixed Several Vulnerabilities In The Chrome Browser

---

Google released version 19.0.1084.52 for Linux, Mac and Windows operating systems, where they have fixed several security vulnerabilities. Some of those has been classified as critical and can allow an attacker to execute malicious code in the targeted system or cause a denial-of-service condition.

As there are several cyber criminals now analyzing these fixes, then reverse engineering those and attacking those systems which have not been updated, do protect yourself and do the update as soon as possible.

More information at Google Blog : Here

Source:

Apple Fixed 17 Vulnerabilities in QuickTime

---

Apple has fixed 17 vulnerabilities in the Windows version of QuickTime 7.7.2.  These vulnerabilities will allow attacker to crash the application or execute malicious application code in the system. This update has been released for Windows 7, Vista and XP Service Pack 2+ platforms.

Some of the fixed vulnerabilities did exist also in the Mac OS X version of QuickTime, but these has been already fixed in the Apples earlier operating system updates.

So, all Windows users of QuickTime, should update their systems to at least version 7.7.2. And as mentioned earlier, the cyber criminals are reverse engineering these kind of updates and attacking users who have not patched their systems yet.

More Information:

http://prod.lists.apple.com/archives/security-announce/2012/May/msg00005.html
http://support.apple.com/kb/HT1222

QuickTime Downloading page:

http://www.apple.com/quicktime/download/

Source (in Finnish):

Google Released Version 19 of Chrome Browser With Several Fixes

---

Google has released a version 19.0.1084.46 of their Chrome browser, where they have fixed 20 vulnerabilities, where seven is classified by Google as High. The most serious ones can allow attacker to crash the application or execute a malicious code in the targeted systems.

Do update older versions as 19 to the latest one. As so often after a fix to a vulnerability has been published, the cyber criminals are reverse engineering the fixes and are targeting those users who have not updated their systems. Do not be one of those.

More information:

http://googlechromereleases.blogspot.se/2012/05/stable-channel-update.html
https://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://chrome.blogspot.se/2012/05/keeping-tabs-on-your-tabs.html

Source (In Finnish):

Security Vulnerability In OpenSSL

---

Image: http://www.openssl.org/

Tavis Ormandy, information security engineer at Google, has found a security vulnerability in OpenSSL, which can potentially be used by attacker to execute malicious code in the targeted system. OpenSSL.org has published an updated version to solve this issue.

Tavis Ormandy Image: http://taviso.decsystem.org/

The vulnerability in the older versions of OpenSSL is in the fuction asn1_d2i_read_bio, where a multiple integer errors can cause a memory corruption. Notice that SSL/TLS code in OpenSSL is not affected.

OpenSSL is an open source implementation of SSL and TLS protocols and provides basic cryptographic and various utility functions.

Vulnerability is fixed in the OpenSSL versions : 1.0.1a, 1.0.0i och 0.9.8v.

More information about the vulnerability :
http://seclists.org/fulldisclosure/2012/Apr/210
http://www.openssl.org/news/secadv_20120419.txt

Source (Swedish):

Nokia Fixed The Connection Bug In Lumia 900

---

Nokia Lumia 900 Image: Nokia

Nokia announced on Saturday that they have fixed the software bug, which caused problems with data connections on Nokia Lumia 900 smartphones. As the problem was not in the hardware but in the software, AT&T customers can now download a software update and get this fixed.

Source (in Finnish):

Free Apps Are Consuming Most Of Your Battery Capacity

---

Source: Smithsonian Institution

A researchers from Microsoft and Purdue University tested several applications on Android and Windows Mobile platforms and concluded. Some applications are using move power and reducing battery capacity, than others. Surprisingly  the application which consumes most energy, will be the free one, due to the fact that these uses more energy to track users and show ads than anything else.

One of the worst applications was Angry Birds, which used half of the energy to track users and only 20% to calculations of the game itself. The second big consumer was The New Your Times application "Download", which used only 35 percent for the functions of application and rest of the power to everything else.

The common "problem" with the applications which are using a lot of power is that these are using a lot of connections like 3G, Wlan and GPS, as well as tracking user and forwarding that information.

More information (PDF): Here

Source (in Finnish):

New Variant Of Mac Trojan Imuler Masked As Pictures Of Irina Shayk

---

Screencapture of the Trojan among pictures Image: Intego

A new version of the known Apple Trojan Imuler, has been masked as pictures of 2012 Sports Illustrates Swimsuit Edition supermodel Irina Shayk. The latest version, two samples of the  Imuler.C has been found as zip archives: "Pictures and the Ariticle of Renzin Dorjee.zip" and "FHM Feb Cover Girl Irina Shayk H-Res Pics.zip". In both cases the malicious application was included among the various files with an image lookalike icon.

This malware installs a backdoor, which searches user data, takes screenshots and then attempts to upload those to a server.

This malware does not yet seem to be spreading wild, but demonstrates the creativity of cyber criminals.

More information:

Source:

A Malicious Security Demo Code From Microsoft Leaked

---

Classic Windows Logo Image: Wikipedia

A malicious code, to demonstrate possible ways to attack Windows operating system, which Microsoft made and sent to the security alliance Mapp, has leaked to the Internet and can now be used to attack those Windows users, who have not applied latest security patches.

Security alliance Mapp is a co-operation alliance where Microsoft and security companies together are developing solutions for different security vulnerabilities. However an Italian security consultant found out last week several examples of the malicious demonstration code on a Chinese website.

Microsoft and security firms are together trying to solve the source of the leakage.

The fact that this code is published and there are examples how to exploit unpatched systems, should encourage Windows administrators and users to apply latest Windows patches as soon as possible.

Source: (In Swedish):

Source: (In Finnish)
:

Android (Gingerbread) Data Still Reachable After Wipe?

---

Image: Wikipedia

Hatforce, a team who are doing security testing, have published a result of their test with Nexus S and Android Wipe function. Jan Schejbal, one of the members of the team, writes in an email to seclists.org that they were able to retrieve and read data from a Nexus S phone running Android 2.3.6 after they had used a wipe functions as well as after they executed function "Factory Data Reset".

Their method was to root the phone (=gain the full administrative rights to the phone), take a memory dump of the phone, move it to PC and recover it using any common recovery software.

They do notice that;
- they were not able to test a wide variety of devices, so if all manufacturers of Android 2.3.6 devices are suffering of the same problem or if they do have fixed it.
- Android 3.x and 4x devices does not seem to suffer about this problem, but they are presenting at the moment only 5% of the Android devices in use.
-they have noticed Android security team about this vulnerability.

In addition to the threat that a data from the lost or stolen devices can be retrieved using this method, business should also determinate what to with the devices their employees are using at the moment and what would be the correct disposal process after usage. Probably the best practice would be to treat it as a laptop PC is treated. 

More details :

Source:

VMware Has Fixed Several Vulnerabilities - Please Update

---

VMware, whose products are widely used in enterprises to maximize the usage of server hardware and even by private persons to try different operative systems and versions, has released updates to several of their products. These will correct seven security vulnerabilities where three can be used to execute malicious code in the host operative system.

These updates are fixing the following vulnerabilities:

VMware ESX/ESXi 4.0, 4.1 (5.0-ESXi)) : Two vulnerabilities where a local user in the quest operative system can execute malicious code in the host operative system.

VMware vSphere 4.1, 5.0: The internal web-browser can execute malicious script if a specially constructed log-file is opened.

VMware vCenter Orchestrator 4.0,4.1,4.2 : The logged in user in the web interface, can figure out password to vCenter Server.

VMware vShield Manager 4.0, 4.1: Vulnerability for CSRF-attacks (Cross-Site Request Forgery)

VMware View 4.6.0 and older versions: Three vulnerabilities, where a local user in quest operative system can execute malicious code in the host operative system. View Manager Portal is vulnerable for XSS-attacks. (Cross-Site Scripting)

Updates are available at the VMware.

More information and fixes:

http://permalink.gmane.org/gmane.comp.emulators.vmware.security.announce/146
http://permalink.gmane.org/gmane.comp.emulators.vmware.security.announce/144
http://www.securitytracker.com/id/1026818
http://www.securitytracker.com/id/1026817
http://www.securitytracker.com/id/1026816
http://www.securitytracker.com/id/1026815
http://www.securitytracker.com/id/1026814

Source (in Swedish):

A Critical Security Vulnerability In Microsoft Remote Desktop

---

Hacker Image: Wikimedia / Adlan1991

There is a critical security vulnerability in Microsoft Remote Desktop which allows attacker to execute malicious code in the system by sending a specially constructed RDP-packet (Remote Desktop Control). No authorization is needed to exploit this. Microsoft has published updates, which you should apply immediately if you are running Remote Desktop Service (typically used to manage Microsoft Servers from a remote location).

If you are not able to apply these fixes immediately, you should at least:

Disable TCP port 3389 in the firewall (This port is used for Remote Desktop)

Inactivate following services if not needed for other usage: Terminal Services, Remote Desktop, Remote Assistance or Windows Small Business Server 2003 Remote Web Workplace.

Enable "Network Level Authentication" (NLA) to close unauthorized users from the system.

More information and instructions for disabling NLA services:

http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://blogs.technet.com/b/msrc/archive/2012/03/13/strength-flexibility-and-the-march-2012-security-bulletins.aspx
Source (In Swedish) - a rapid response email from :

Police Arrested 25 Members Of Anonymous In Four Countries

---

Members of Anonymous in Los Angeles (Image: Wikipedia)

Police in Spain, Columbia, Argentina and Chile has arrested 25 members of the hacker group Anonymous which are accused for attacking government and private sites via network. Police did also confiscate over 200 mobile phones and computers.

Arrested are between 17 and 40 year of age.

According to Interpol, this group of hackers attacked the sites of Colombian defense ministry, national library of Chile and the electric company Endesa.

One of the arrested in Spain, is accused of hacking and publishing the names and personal information about the security personnel protecting Spanish Royal house.

Source (in Finnish):

PostgreSQL Fixed Several Security Vulnerabilities

---

Logo of PostgreSQL

Older versions of PostgreSQL have three security vulnerabilities which have been fixed in the latest upgrade. These can be used to increase user account privileges and to run malicious code.

These three security vulnerabilities which have been fixed are:

- Permissions on a function called by a trigger are not checked.
This fix prevents users from defining triggers which execute functions on which the user does not have EXECUTE permission.

- SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances.
 This fixes SSL common name truncation, which could allow hijacking of an SSL connection under exceptional circumstances.

- Line breaks in object names can be exploited to execute code when loading a pg_dump file.
pg_dump copied object names into comments in a SQL script without sanitizing them. An object name that includes a newline followed by an SQL command would result in a dump script in which the SQL command is exposed for execution. When and if the dump script is reloaded, the command would be executed with the privileges of whoever is running the script - often a superuser.

Versions having these vulnerabilities:

Older than 9.1.3, 9.0.7, 8.4.11 and 8.3.18.

More information:

http://www.postgresql.org/support/security/
http://www.securityfocus.com/bid/52188
http://www.securitytracker.com/id/1026744

Source (in Swedish):

Java 6 Standard Edition Update 31 Available

---

An update 31 for your Java 6 Standard Edition is now available. You can see your current version and change update schedule and force update to happen immediately via Control Panel - Programs - Java.

As cyber criminals are targeting more and more windows add-ons, like PDF and Java, it is important to keep these updated as well.

When and update like this is available, criminals are often reverse-engineering these. Checking what has been fixed and how to attack those users who have not updated their systems yet.

RIM will finally come with BlackBerry to Finland

---

Selection of BlackBerry devices Image: Cubio

BlackBerry has not been available earlier in Finland, which as a home for Nokia, has been dominated, specially at the business market, completely by Nokia's SmartPhones. Kyösti Järnefelt, manager of a BlackBerry division at the Finnish teleoperator Cubio, does see a change in the market: "Specially the last action of Nokia (Nokia announced recently about transferring the assembly of phones from Finland to Asia - now the Nokia phones are not "Made in Finland" anymore) have changed the customers mind mentally."

BlackBerry devices requests that both operators and RIM (Manufacturer of BlackBerry) needs to adjust their systems to co-operate for a fully functional data communication. In the other networks, BlackBerry devices can only be used for phone calls and SMS.

Cubio is a new mobile operator in Finland, but as they do operate as a tenant at operator Elisa, they can offer a good coverage.

It will be interesting to see, how this will success and if mobile phone market shares will look in future in Finland as they look in other countries.

Source (in Finnish):


More information :