Posts Tagged Security
Internet Security Threats
Posted by Michael McNamara in PersonalComputing on February 1, 2010
Over the past 5 weeks there have been a lot of Internet security related events in the news. You may have read about Google’s recent announcement that it and 30 other organizations where the victims of Chinese supported hackers. There have also been numerous stories how everyday people have had their banking user names and passwords stolen by hackers along with large sums of money from their banking accounts.
Let me focus the attention on the three recent vulnerabilities in Internet Explorer, Adobe Reader, Adobe Flash and Adobe AIR;
Microsoft Internet Explorer Vulnerability MS10-002 (Cyber Security Alert SA10-021A)
Adobe Reader and Acrobat Vulnerability APSB10-02 (Cyber Security Alert SA10-013A)
Adobe Flash Player and Adobe AIR APSB09-19 (Cyber Security Alert SA09-343A)
Any of these vulnerabilities can be remotely exploited when the user visits a poisoned web site/page or by opening a poisoned Adobe PDF document. Once the vulnerability is exploited additional software is usually installed on the personal computer which can disable antivirus solutions and begin harvesting user names and passwords including banking information.
What should I do?
You need to make sure that you have the latest and greatest software and security patches applied to your personal computer. You should make sure that you have turned on Microsoft Windows Update; this will update Internet Explorer automatically. You can also confirm that Internet Explorer is up-to-date by manually visiting the Microsoft Windows Update website. You should also update/install the latest and greatest versions of Adobe AIR 1.5.3, Adobe Reader 9.3 and Adobe Flash 10.0.42.34.
If you haven’t already updated your home (or work) computers recently you might want to invest some time in the task. It might save you from a lot of problems and headaches later down the road.
Cheers!
References;
SANS Top Cyber Security Risks
Symantec Internet Security Threat Report 2008
What To Expect In Security In 2010
Domain Name Server patch
Posted by Michael McNamara in Security on July 13, 2008
Last week there was a flurry of information revolving around a new security flaw in the Domain Name System — software that acts as the central nervous system for the entire Internet.
On Tuesday July 10, 2008 a number of vendors including Microsoft, Cisco, Juniper and RedHat released patches and/or acknowledged the flaw existed. The Internet Software Consortium, the group responsible for development of the popular Berkeley Internet Domain Named (BIND) server from which nearly all DNS offshoots are based, also acknowledged the flaw and released a patch.
I personally spent about 90 minutes on last Wednesday updating several internal and external systems including numerous CentOS v5.2 servers and Windows 2003 Service Pack 2 servers. I was unable to find any mention of the DNS flaw on the Alcatel-Lucent website so I’ll probably need to place a call concerning Alcaltel-Lucent’s VitalQIP product.
I used yum to patch the CentOS Linux servers ["yum update"] and then just restarted the named process ["service named restart"]. On the Windows 2003 Service Pack 2 servers I used Windows Update to download and install KB941672 after which I rebooted the servers.
Here are some references:
http://www.theregister.co.uk/2008/07/09/dns_fix_alliance/
http://www.networkworld.com/news/2008/071008-patch-domain-name-servers-now.html
http://www.networkworld.com/news/2008/070808-dns-flaw-disrupts-internet.html
http://www.networkworld.com/podcasts/newsmaker/2008/071108nmw-dns.html
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx
I would strongly suggest that all network administrators start looking into patching their DNS servers as soon as possible.
Cheers!
UPDATE: July 14, 2008
Here’s an update from RedHat concerning the configuration (named.conf) of BIND;
We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports.
It seems that a check of the configuration file would be in order. Let me throw in a quick warning though if your DNS server is sitting behind a firewall you may need to check with the firewall administrator to understand how the firewall will behave if you randomize your source ports. I believe there are quite a few firewalls out there that only expect to see DNS traffic sourced from a DNS server on UDP/53.
Good Luck!
About Me
network architect and security professional, excited about helping folks make the most out of what technology as a whole has to offer.
POLL
Loading ...
RECENT COMMENTS