Security Update 418 for Norton Internet Security

Posted on July 23, 2011 by

Security Updates give the most recent protection content for NIS product, which protect networked critical systems and remote and mobile users from unwanted network intrusions and hackers, as well as from viruses, Trojans, and worms.

To download and install the Security Update 418 you need to run LiveUpdate feature of Norton Internet Security product. Please note that LiveUpdate definition identifier of Security Update 418 is 20110721.031 and its description was last modified on July 21, 2011 6:16:56 PM PDT.

Security Update 418 adds coverage for the following vulnerabilities and threats:

  • Web Attack: MS FrontPage Remote Debug:
    This signature detects an attempt to exploit a flaw in Microsoft Frontpage Server Extension’s Remote Debugging interface through a specially crafted URI.
  • Attack: HP OpenView NNM CVE-2011-0267:
    This signature detects attempts to exploit a buffer overflow vulnerability in HP OpenView.
  • Attack: HP OpenView NNM CVE-2008-1697:
    This signature detects a buffer-overflow vulnerability in the HP OpenView Network Node Manager.
  • Web Attack: Firefox QueryInterface CVE-2006-0295:
    This signature detects attempts to exploit a remote code execution vulnerability in the Mozilla Firefox application by using a malformed SVG file.
  • Web Attack: HP OpenView NNM main CVE-2010-1964:
    This signature detects attempts to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager application.
  • Web Attack: HP OpenView NNM ovutil CVE-2010-1961:
    This signature detects attempts to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager application.
  • Web Attack: Apache Tomcat mod_jk CVE-2007-0774:
    This signature will detect attempts to exploit a buffer overflow vulnerability in Apache Tomcat.

Security Update 418 provides updated coverage for the following vulnerabilities and threats:

  • System Infected: Trojan Zlob Activity 2:
    This signature detects activities of Trojan.Zlob which, if infected, could allow further remote actions on the compromised computer.
  • Web Attack: HP OpenView NNM BO:
    This Signature detect attempts to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager.

 

Symantec Corporation
www.symantec.com
Posted in Internet | Leave a comment

A second breach of Sony’s internet security?

Posted on July 23, 2011 by

We have all heard that Sony‘s PlayStation Network was compromised nearly two weeks ago. The online services for the PlayStation 3 have yet to recover or come back online since the incident. This morning, Sony’s PR director Patrick Seybold claimed that there was no truth to the rumor that credit card information was stolen by hackers. However, SOE cautioned gamers to be vigilant nonetheless.

It has now come to light via Nikkei.com that there was a reported second security infraction in Sony’s gaming network. Nikkei claims that nearly 12,700 credit card numbers were stolen from Sony Online Entertainment this past Sunday in a second attack. As we reported this morning, all SOE sites have been brought offline because of “an issue that warrants enough concern for [SOE] to take the service down effective immediately,” according the the site.

Michele Sturdivant, a spokeswoman for Sony, countered this allegation in The Wall Street Journal. “We temporarily took down SOE’s services as part of our continued investigation into the external intrusion that occurred in April,” Sturdivant affirmed. “This is not a second attack.

[Update: SOE has posted a security update to The Station.com. "We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." The notice further suggests that "information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained" but that the "main credit card database" was not compromised in the attack. It appears this is part of the larger PSN attacks and not a separate security breach.]

Posted in Internet | Leave a comment

Lion: What is new in Security

Posted on July 23, 2011 by
by Johannes Ullrich (Version: 1)

Once you are over the online install experience, the upside down mouse gestures and all the other bling that comes as part of OS X Lion, it is time to look at what has changed from a security point of view. Apple doesn’t exactly advertise security features, but Lion provides some significant security improvements.

Just an important note: Lion is just a day old now, so a lot of these features haven’t exactly been tested yet by the large masses of users.

Address Space Layout Randomization (ASLR)

ASLR will make exploiting vulnerabilities significantly harder. In itself, it doesn’t prevent any vulnerabilities. Snow Leopard introduced ASLR, but limited it to libraries. ASLR on Snow Leopard also missed randomizing the stack and the heap.

Automatic Security Updates

In Snow Leopard, like in most other operating systems, the user was told about updates, but had to manually approve / install them. In Lion, this is all going to happen behind the scenes. We will have to see how well this works as “automatic” or “unmanaged” updates may of course break incompatible applications

Sandboxing

Sandboxing is supposed to limit how individual applications can affect each other, and the underlying system. In particular for Safari it will be interesting how well this works and if it prevents exploitation of some vulnerabilities. Safari itself is even split into different parts and javascript or plugins will run in its own sandbox.

Encrypted Backups

Time machine backups can now be encrypted.

Air Drop

Air drop sounds a bit dangerous, and we will have to revisit this protocol. It essentially allows setting up quick peer-to-peer networks to exchange files. However, the file transfer is TLS encrypted according to Apple and authenticated using the users Apple ID (which has always been available as a client certificate). It also appears to set up appropriate firewall rules. Looks like they did think about the important issues, but this is very much a topic that needs further testing.

File Vault 2

The original file vault feature in Snow Leopard only encrypted the users home directory. It was rather clunky and didn’t interoperate well with time machine. File Vault 2 implements full disk encryption. In addition, a number of additional features are implements. For example, one can instantly “wipe” the disk by deleting the key. If a users is afraid of losing the key, the key can be escrowed with Apple. Initial performance test have been pretty good.

Update: After experimenting with File Vault 2, I found that it can only be used if the installer was able to create a recovery partition, which it didn’t do in my case. Also, File Vault 2 is encrypting the partition, not the entire disk like other products (e.g. PGP).

Privacy

Lion uses refined privacy preferences in particular limiting the access to location information

Apple ID for authentiation

Not sure Air Drop, but other authentication features leverage your Apple ID. As you sign up for an apple id, Apple will create a client certificate for you that you can now use to authenticate for file sharing, iChat and Screen Sharing. The certificate has existed in the past, and was used in iChat. But now it is used by other features of the OS.

Complete Feature List: http://www.apple.com/macosx/whats-new/features.html

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Posted in Others | Leave a comment