Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

YYAMCCBA

Published: 2009-07-28
Last Updated: 2011-01-24 23:57:41 UTC
by Adrien de Beaupre (Version: 1)
1 comment(s)

Yes Yet Another Massive Credit Card Breach Alas, this time Network Solutions. They appear to still be in the process of investigating and customer notification. More information available from them here. The breach happened some time before 12 March 2009, and was discovered some time after 08 June 2009. Thousands of merchants and almost 600,000 credit cards may be affected.

If you have additional comments or information please contact us!

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

1 comment(s)

Twitter spam/phish

Published: 2009-07-28
Last Updated: 2011-01-24 23:57:19 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

Ben wrote in that: "There's a new worm going around Twitter.  Victim feeds it her username and password to see "whos (sic) stalking you on twitter", TwitViewer shows her 200 randomly selected users (even if the account has just been created and therefore almost certainly hasn't been viewed before), then posts a link to itself on her Twitter stream."

At the moment the twitterview . net domain is not resolving.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

 

Keywords: phish spam twitter
0 comment(s)

MS released two OOB bulletins and an advisory

Published: 2009-07-28
Last Updated: 2011-01-24 23:56:59 UTC
by Adrien de Beaupre (Version: 2)
0 comment(s)

Microsoft has released two Out of Band (OOB) bulletins and one advisory. The security advisory (973882) relates to issues discovered in Microsoft’s Active Template Library (ATL), which is included in Visual Studio. The first bulletin (MS09-035) describes how ATL is used, and some of the code within it that can lead to memory corruption information disclosure, and creation of object instances disregarding set security policy. A number of third party software packages will also have to be updated to reflect this change. The second bulletin (MS09-034) is a defense in depth mitigation for potential bypass of ActiveX killbits, commonly used to mitigate other vulnerabilities. Apply this patch ASAP. The impact of a user viewing an evil web page is arbitrary code execution. Related CVE entries are:

ATL Uninitialized Object Vulnerability - CVE-2009-0901
ATL COM Initialization Vulnerability - CVE-2009-2493
ATL Null String Vulnerability - CVE-2009-2495

Memory Corruption Vulnerability - CVE-2009-1917
HTML Objects Memory Corruption Vulnerability - CVE-2009-1918
Uninitialized Memory Corruption Vulnerability - CVE-2009-1919

Microsoft's investigation into MSvidctrl(MS09-032) apparently found the underlying issue in the ATL library, which is addressed in the bulletin and patches. More information will be available tomorrow at BlackHat . Here is a teaser advanced preview of the IE ActiveX killbit bypass being presented tomorrow: http://www.hustlelabs.com/bh2009preview/

Microsoft had provided advance notification of these releases 24 July 2009. We covered it here.

References:
http://blogs.technet.com/msrc/archive/2009/07/28/microsoft-security-advisory-973882-microsoft-security-bulletins-ms09-034-and-ms09-035-released.aspx
http://www.microsoft.com/technet/security/advisory/973882.mspx
http://www.microsoft.com/technet/security/bulletin/MS09-034.mspx
http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx
http://blogs.technet.com/srd/archive/2009/07/28/overview-of-the-out-of-band-release.aspx

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

0 comment(s)
Diary Archives