Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Internet Explorer 7.0 High Priority Update

Published: 2006-11-02
Last Updated: 2006-11-06 16:57:42 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Just a quick update with more recent numbers. As of today (Nov. 6th), MSIE 7.0 share is still around 26% of all MSIE users who visit http://isc.sans.org. About 50% of our firefox users use Firefox version 2 (40% use 1.5 and the remaining 10% use various older version). So it looks like only a small number installed MSIE 7 after it became a high prioirty update. But then again... this is for isc.sans.org, not an average web site. If you are willing to share logs from an "average" (= consumer oriented) site, let us know.





Alex was the first reader to report that Internet Explorer 7.0 is now a high priority update on Windows Update. Unless you setup the respective blocking script, expect IE 7 to be installed on your systems if they are configured to retrieve and install high priority updates from Windows Update.

The update is still interactive. You will not just come back to your system and find IE7 all ready to go.

For isc.sans.org (which is probably not y our typical site), 50% of Firefox users already use Firefox 2.0, and 23% of Internet Explorer users use MSIE 7.0. Overall, we got about a 50/50 split between Firefox and Internet Explorer users.

I will keep the table below updated throughout the day to see if this changes the uptake of MSIE 7.0 for our users (the data comes from Google An alytics, which we use for our web stats tracking)

Last update: 7:47am EST.

   November 1st
 November 2nd
 Firefox (total)
 46.54%  45.13%
 % of Firefox users using Firefox 2.0
 46.54%  47.00%
 Internet Explorer (total)
 45.83%  45.78%
 % of Internet Explorer users Internet Explorer 7.0
 22.70%  24.11%
 Opera  2.79%  4.87%
 Safari 1.91%   1.08%

Keywords:
0 comment(s)

PHP: time to upgrade!

Published: 2006-11-02
Last Updated: 2006-11-03 11:25:24 UTC
by Pedro Bueno (Version: 1)
0 comment(s)

The PHP team announced today the release to the 5.2.0 version.
This is a major release and besided the new features, what we are looking for are the
security fixes, and the over 200 bug fixes.

Please, please, please, upgrade your PHP as soon as possible! We dont need another round of those bots/worms that exploits it, right?

--------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //%%// isc. sans. org )
Keywords:
0 comment(s)

New OS X PoC virus

Published: 2006-11-03
Last Updated: 2006-11-03 14:17:34 UTC
by Swa Frantzen (Version: 3)
0 comment(s)
There is again a Proof of Concept Virus for Mac OS X. To be honest the virus is no big deal in itself. But it is yet another warning for a lot of parties involved.

As we said before the ability to have viruses and all sorts of other malware is inherently available in all modern operating systems, Mac, Linux, BSD, ... included.

It is a warning to get antivirus protection for those Macs, even if the shopkeeper told you you do not need it, even if there are no viruses in the wild today, even if it's hard to buy it, and even if the antivirus vendors seem not to know what they talk about like in the image below (highlights are mine):


I'm sure it's just a template problem, but a problem nonetheless.

Yet, it is still your responsability to make sure you do not spread malware (even if you might not be vulnerable to it yourself).
And when (not if) a really bad one hits you or your company it's better to be ready and have a framework to distribute signatures ready than to have to start shopping, get a budget, get purchase to order it, roll it out, ... after you got hit. It is a lot easier to do before you get hit.

So Apple, Apple shopkeepers, antivirus vendors and Mac users, PLEASE get a decent framework in place and please be aware there is no magic shield preventing malware on a Mac (or any other modern platform).

P.S.:
- I writing this on my Mac, and I love my Macs.
- Thanks to Juha-Matti for pointing out the PoC.

Updates:
  • We got some notes from readers questioning the validity of this post. It's real. Check it out here.
  • We know the screenshot above has been updated by the vendor in the mean time.

--
Swa Frantzen -- Section 66
Keywords:
0 comment(s)

Bluetooth 0day hacking

Published: 2006-11-02
Last Updated: 2006-11-02 15:06:23 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Over the past few years with the high adoption of bluetooth by mobile devices, such as pda, phones and others, few advances were made in the security area, despite de fact that it is deserving more and more attention from security researchers.

Thierry Zoller wrote to us reporting a presentation that he and Kevin Finistere gave in a security conference in Luxembourg. In this presentation they show some new 0day related to Bluetooth and a live demo of getting a remote root shell over bluetooth on a Mac OSX 10.3.9 and 10.4 !

I recommend you to take a look on their presentation and on the live demos ! Ah, I also recommend you to pay attention in which of your devices has bluetooth turned on and which ones really needed to be on!:)

Keywords:
0 comment(s)
Diary Archives