[2321] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, August 30, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Aug 30 11:53:43 2010
From: Monique Yeaton <myeaton@MIT.EDU>
Date: Mon, 30 Aug 2010 11:52:32 -0400
Message-Id: <973DF101-133F-421C-85FD-B8630E13A62C@mit.edu>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v1081)
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============0015267436=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0015267436==
Content-Type: multipart/alternative; boundary=Apple-Mail-68--66325591
--Apple-Mail-68--66325591
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Apple Issues OS X Security Update
2. Microsoft Releases Security Advisory for New Zero-Day Threat
3. Free iPad Scam
------------------------------------------------
1. Apple Issues OS X Security Update
------------------------------------------------
Apple has issued security update 2010-005 for OS X to address 13 =
security flaws. Eight of the flaws have been rated critical. The flaws =
could be exploited to execute arbitrary code, access sensitive data, =
create denial-of-service conditions or impersonate hosts within a =
domain. The update affects Mac OS X 10.5.8 client and server and Mac OS =
X 10.6.4 client and server.
The update can be downloaded via Software Update or from the Apple =
Downloads page <http://support.apple.com/downloads/>.
Details of the update:
<http://support.apple.com/kb/HT4312>
In the news:
=
<http://www.scmagazineus.com/apple-releases-os-x-update-fixes-13-flaws/art=
icle/177505/>
=
--------------------------------------------------------------------------=
---------
2. Microsoft Releases Security Advisory for New Zero-Day Threat
=
--------------------------------------------------------------------------=
---------
Last week this newsletter included an article on the flaw found in many =
programs that run on Windows due to how they load external libraries, =
files known as dynamically linked libraries (DLLs).=20
On August 23, Microsoft released Security Advisory 2269637 and a tool to =
block known exploits of the vulnerability. The advisory states that =
hackers will likely use so-call "DLL preloading attacks" or "binary =
planting" to take advantage of the vulnerabilities. Microsoft is =
reaching out to programmers and third party vendors to inform them of =
the mitigations available in the Windows operating system and is =
actively investigating which of its own applications may be affected.
More popularly known as DLL hijacking, these types of attacks occur when =
a program being run by a user asks for a .dll file every time it opens =
and doesn't do so via a secure path. The hacker knows that the program =
doesn't specify where Windows should find the .dll file, only what the =
.dll file is called, and that it should find it in order to run the =
program. Windows by default starts looking in the folder that contains =
the program, then goes to the systems folder, then the Windows folder, =
then the current directory, etc, looking for the file. If the hacker =
puts his own subverted .dll file on the system for the program to find =
instead, then you're hacked. This vulnerability underscores the =
importance of application programmers building security into all of =
their code.
This US-CERT article recommends some solutions:
<http://www.kb.cert.org/vuls/id/707943>
The Microsoft Advisory:
<http://www.microsoft.com/technet/security/advisory/2269637.mspx>
The InfoWorld article:
=
<http://www.infoworld.com/t/malware/heads-whole-new-class-zero-day-windows=
-vulnerabilities-looms-071>
------------------------
3. Free iPad Scam
------------------------
Facebook and Twitter users are complaining about their accounts being =
compromised and then being used to spam friends with suspicious free =
iPad offers. Twitter warned users of the scam, saying, "If you received =
a message promising you a new iPad, not only is there no iPad, but also =
your friends have been hacked."
The scam is also hitting Facebook users, according to the company's =
spokesman. "It's affecting an extremely small percentage of people on =
Facebook, but we take these threats seriously," Simon Axten said via =
email.
Online marketing programs pay cash for Web traffic, and hackers have =
found that by phishing victims and then using that information to break =
into legitimate Twitter and Facebook accounts, they can earn money. The =
spam is particularly effective because the message appears to come from =
a trusted source.
Read the full article:
<http://www.reuters.com/article/idUS62920422320100826>
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter in Hermes at =
<http://kb.mit.edu/confluence/x/ehBB> or by visiting the Security FYI =
Blog at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-68--66325591
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Apple Issues OS X Security Update</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">2. Microsoft Releases Security =
Advisory for New Zero-Day Threat</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Free iPad Scam</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Apple Issues OS X Security Update</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Apple has issued security update =
2010-005 for OS X to address 13 security flaws. Eight of the flaws have =
been rated critical. The flaws could be exploited to execute arbitrary =
code, access sensitive data, create denial-of-service conditions or =
impersonate hosts within a domain. The update affects Mac OS X =
10.5.8 client and server and Mac OS X 10.6.4 client and =
server.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The update can be downloaded =
via Software Update or from the Apple Downloads page <<a =
href=3D"http://support.apple.com/downloads/">http://support.apple.com/down=
loads/</a>>.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Details of the =
update:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://support.apple.com/kb/HT4312">http://support.apple.com/kb/HT=
4312</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">In the news:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a =
href=3D"http://www.scmagazineus.com/apple-releases-os-x-update-fixes-13-fl=
aws/article/177505/">http://www.scmagazineus.com/apple-releases-os-x-updat=
e-fixes-13-flaws/article/177505/</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------------------=
-----------</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Microsoft Releases Security Advisory for New =
Zero-Day Threat</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; =
">------------------------------------------------------------------------=
-----------</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Last week this newsletter included an article on the flaw found in =
many programs that run on Windows due to how they load external =
libraries, files known as dynamically linked libraries =
(DLLs). </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">On =
August 23, Microsoft released Security Advisory 2269637 and a tool to =
block known exploits of the vulnerability. The advisory states that =
hackers will likely use so-call "DLL preloading attacks" or "binary =
planting" to take advantage of the vulnerabilities. Microsoft is =
reaching out to programmers and third party vendors to inform them of =
the mitigations available in the Windows operating system and is =
actively investigating which of its own applications may be =
affected.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">More popularly known as DLL hijacking, these types of attacks occur =
when a program being run by a user asks for a .dll file every time it =
opens and doesn't do so via a secure path. The hacker knows that the =
program doesn't specify where Windows should find the .dll file, only =
what the .dll file is called, and that it should find it in order to run =
the program. Windows by default starts looking in the folder that =
contains the program, then goes to the systems folder, then the Windows =
folder, then the current directory, etc, looking for the file. If the =
hacker puts his own subverted .dll file on the system for the program to =
find instead, then you're hacked. This vulnerability underscores the =
importance of application programmers building security into all of =
their code.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">This US-CERT article recommends some solutions:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.kb.cert.org/vuls/id/707943">http://www.kb.cert.org/vuls=
/id/707943</a>></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">The Microsoft Advisory:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.microsoft.com/technet/security/advisory/2269637.mspx">h=
ttp://www.microsoft.com/technet/security/advisory/2269637.mspx</a>></di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">The InfoWorld article:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.infoworld.com/t/malware/heads-whole-new-class-zero-day-=
windows-vulnerabilities-looms-071">http://www.infoworld.com/t/malware/head=
s-whole-new-class-zero-day-windows-vulnerabilities-looms-071</a>></div>=
<div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Free iPad Scam</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Facebook and Twitter users are complaining about their accounts being =
compromised and then being used to spam friends with suspicious free =
iPad offers. Twitter warned users of the scam, saying, "If you received =
a message promising you a new iPad, not only is there no iPad, but also =
your friends have been hacked."</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">The scam is also hitting Facebook users, according to the company's =
spokesman. "It's affecting an extremely small percentage of people on =
Facebook, but we take these threats seriously," Simon Axten said via =
email.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Online marketing programs pay cash for Web traffic, and hackers have =
found that by phishing victims and then using that information to break =
into legitimate Twitter and Facebook accounts, they can earn money. The =
spam is particularly effective because the message appears to come from =
a trusted source.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the full article:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.reuters.com/article/idUS62920422320100826">http://www.r=
euters.com/article/idUS62920422320100826</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter in Hermes at <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>> or by =
visiting the Security FYI Blog at <<a =
href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.co=
m/</a>></div><br><div><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><font class=3D"Apple-style-span" =
face=3D"'Lucida Grande'"><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span></font><div>Monique =
Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT =
Information Services & Technology (IS&T)</div><div>(617) =
253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></span><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-68--66325591--
--===============0015267436==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0015267436==--
