Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Office 2007 SP2 is released as well

Published: 2009-04-29
Last Updated: 2009-04-29 20:59:27 UTC
by Joel Esler (Version: 1)
0 comment(s)

Several people have written in to tell us that upon reading my article about the IE8 update, that they also found Office 2007's SP2 waiting for them as a "critical" update as well.

Be sure and update Office at the same time!  It's just general good practice to keep your software up to date.  But our readers probably know that one already ;).

-- Joel Esler | http://www.joelesler.net | http://twitter.com/joelesler

Keywords:
0 comment(s)

Microsoft is turning off Auto-Run!

Published: 2009-04-29
Last Updated: 2009-04-29 20:57:38 UTC
by Joel Esler (Version: 3)
3 comment(s)

Well, kinda.

Yesterday morning Microsoft through their MSRC announced that they were going to further protection of Windows customers by disabling the Auto-Run "feature" in Windows for everything *except* optical media.  (Because CD-ROM's can't be written to, according to them.  I see nothing about CD-R and CD-RW specifically.)

I feel this is a good idea.  There have always been virus/malware that liked to attach itself to things like thumbdrives and removable media like diskettes.  (Does anyone use those anymore? ;)  All the Windows environments that I've ever functioned in my whole career have always had Auto-Run disabled, so this is just good security practice by now.

For more details check out Microsoft's articles on the subject here and here.

Thanks to the reader who wrote in about this.

Update:  Had a reader write in asking how to disable Auto-Run on <Win 7 machines.  I "Googled" it (I haven't done this in years) and found this:

http://features.engadget.com/2004/06/29/how-to-tuesday-disable-autorun-on-windows/

http://blogs.technet.com/msrc/archive/2009/04/28/changes-in-windows-to-meet-changes-in-threat-landscape.aspx

http://support.microsoft.com/kb/967715/

 

-- Joel Esler | http://www.joelesler.net | http://twitter.com/joelesler

Keywords:
3 comment(s)

Facebook Phishing attack -- Don't go to fbaction.net

Published: 2009-04-29
Last Updated: 2009-04-29 20:52:58 UTC
by Joel Esler (Version: 1)
1 comment(s)

Matthew writes in to tell us about an article posted over on TechCrunch about a Phishing Attack that is "underway at Facebook."

This Phishing attack is an email that has the subject "Hello"  (First off, if you receive an email that has a subject of "Hello", and that's all...  immediately suspect for nonsense.  I used to get a ton of these at one point, because I belonged to a website where people would post via a webpage, and this webpage had no spam protections, so the most common Subject was "Hello".  It got so bad, I used to send all Emails with simply the subject "Hello" to /dev/null.  (Yes, it was *that bad*.) Anyway, I digress.)

The phishing attack with read something like ""YOURFRIEND" sent you a message" with a link to go click on and read what your "friend" wrote.

The link instead sends you off to fbaction.net (Don't go there.)  Where the page looks like the Facebook login page and they are hoping you will type in your credentials.  Farily simple phish, so keep your eyes open.

Original article here.  Thanks Matthew!

-- Joel Esler | http://www.joelesler.net | http://twitter.com/joelesler

Keywords:
1 comment(s)

Two Adobe 0-day vulnerabilities

Published: 2009-04-29
Last Updated: 2009-04-29 03:22:48 UTC
by Jason Lam (Version: 1)
0 comment(s)

There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by disabling Javascript on Adobe Acrobat.

Since the exploits for these vulnerabilities on Linux platform are posted to the Internet, we can just guess that someone will somehow make it work on Windows and use it to spread botnet agents shortly.

http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

0 comment(s)
Diary Archives