Escalada de directorios a través de TFTP en CiscoWorks
CiscoWorks Common Services se ve afectado por una vulnerabilidad que podría permitir a un atacante remoto sin autenticar acceder a diversos archivos del sistema.
CiscoWorks Common Services representa un conjunto común de servicios de administración compartidos por las aplicaciones CiscoWorks. CiscoWorks es una familia de productos basados en estándares de Internet para la administración de redes y dispositivos. Son muchos los productos CiscoWorks que usan y dependen de Common Services.
Cisco ha publicado una actualización para corregir una vulnerabilidad (de la que no ha especificado detalles) en TFTP, del conjunto de servicios de CiscoWorks Common Services. El fallo podría permitir a un atacante remoto no autenticado efectuar un ataque de escalada de directorios y obtener o modificar información sensible y potencialmente causar una denegación de servicio.
La vulnerabilidad solo afecta a CiscoWorks sobre plataformas Microsoft Windows.
Cisco ha publicado la actualización cwcs3.x-win-CSCsx07107-0.zip disponible desde:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one
lunes, 25 de mayo de 2009
Gumblar en los medios
Gumblar es un espécimen de origen chino que llevaba cierto tiempo circulando, se detectó y comenzó a seguir desde finales de marzo. Los medios se han fijado en él (siempre recordando que la noticia origen es de una casa antivirus) por el preocupante y rápido aumento de infectados que se ha contabilizado en las últimas semanas. Ha llegando a doblar el número de victimas semanalmente; también se le atribuye el 42 por ciento de las nuevas infecciones detectadas en sitios web.
El comportamiento del ejemplar es interesante. Gumblar se nutre de dos vías diferentes, la principal es infectando un sitio web a través de contraseñas FTP capturadas o explotando vulnerabilidades de servidor conocidas. Una vez consigue acceder al servidor web, inyecta código javascript en las páginas alojadas pero intenta evadir aquellas que son más susceptibles de ser examinadas ocasionalmente por un administrador, como la página principal o un index.html. Adicionalmente, cada vez que el script se inserta, es ofuscado de diferente forma para eludir la identificación mediante firma de los motores de los antivirus.
La segunda vía toma forma cuando el sitio web infectado es visitado. El script es ejecutado por el cliente e intenta explotar en el un abanico de exploits que van desde vulnerabilidades multiplataforma en el reproductor Flash o el lector de archivos PDF Adobe Reader hasta específicas de Internet Explorer. Si consigue su objetivo (entre otras acciones ya comunes entre el malware) instalará un troyano en la máquina del visitante que se dedicará a inspeccionar el tráfico con, a su vez, dos funciones a destacar: examinar el tráfico en busca de contraseñas de servidores FTP para usarlas en nuevas infecciones y la inyección de tráfico cuando el usuario efectúa una búsqueda en Google, mostrándole resultados manipulados que apuntan a sitios fraudulentos. Ser el "Google" particular (e insospechado) de un buen número de "clientes" puede resultar muy lucrativo.
En las últimas infecciones se ha detectado, como no podía ser de otra forma, la instalación de un componente para asociar al nodo infectado a una botnet.
Los dominios principales de los que se sirve el malware son entre otros "gumblar.cn" y "martuz.cn" y han sido bloqueados. Pero el malware descarga otros componentes desde otras localizaciones que todavía siguen activas. Estos binarios tienen un nivel de detección de poco más del 50% de los motores según el análisis en virusTotal.com.
El comportamiento combinado de Gumblar no deja de ser interesante aunque todavía no se conozca la incidencia a largo plazo del espécimen.
El comportamiento del ejemplar es interesante. Gumblar se nutre de dos vías diferentes, la principal es infectando un sitio web a través de contraseñas FTP capturadas o explotando vulnerabilidades de servidor conocidas. Una vez consigue acceder al servidor web, inyecta código javascript en las páginas alojadas pero intenta evadir aquellas que son más susceptibles de ser examinadas ocasionalmente por un administrador, como la página principal o un index.html. Adicionalmente, cada vez que el script se inserta, es ofuscado de diferente forma para eludir la identificación mediante firma de los motores de los antivirus.
La segunda vía toma forma cuando el sitio web infectado es visitado. El script es ejecutado por el cliente e intenta explotar en el un abanico de exploits que van desde vulnerabilidades multiplataforma en el reproductor Flash o el lector de archivos PDF Adobe Reader hasta específicas de Internet Explorer. Si consigue su objetivo (entre otras acciones ya comunes entre el malware) instalará un troyano en la máquina del visitante que se dedicará a inspeccionar el tráfico con, a su vez, dos funciones a destacar: examinar el tráfico en busca de contraseñas de servidores FTP para usarlas en nuevas infecciones y la inyección de tráfico cuando el usuario efectúa una búsqueda en Google, mostrándole resultados manipulados que apuntan a sitios fraudulentos. Ser el "Google" particular (e insospechado) de un buen número de "clientes" puede resultar muy lucrativo.
En las últimas infecciones se ha detectado, como no podía ser de otra forma, la instalación de un componente para asociar al nodo infectado a una botnet.
Los dominios principales de los que se sirve el malware son entre otros "gumblar.cn" y "martuz.cn" y han sido bloqueados. Pero el malware descarga otros componentes desde otras localizaciones que todavía siguen activas. Estos binarios tienen un nivel de detección de poco más del 50% de los motores según el análisis en virusTotal.com.
El comportamiento combinado de Gumblar no deja de ser interesante aunque todavía no se conozca la incidencia a largo plazo del espécimen.
viernes, 22 de mayo de 2009
Java Flaw Still Unpatched in OS X
Java Flaw Still Unpatched in OS X
In December 2008, Sun Microsystems warned of a flaw in its Java virtual machine that could be exploited to execute code on vulnerable computers.
Although the problem has been addressed in Windows and major Linux distributions, Apple has not issued a fix for the vulnerability, despite having recently issued a major security upgrade. The flaw is being actively exploited, and attack code that specifically targets the flaw in Mac OS X has been posted in an attempt to draw attention to the unpatched vulnerability. Mac users are urged to disable Java applets in their browsers until a fix is made available.
Mac users too often assume that their machines are not vulnerable to attacks, but reality dictates otherwise. News of this latest security flaw is yet another indication that Mac OS X is by no means invincible to attacks.
Apple's reliance on third party / open source software, and it's inability to release timely patches in sync with other vendors is a big threat currently only mitigated by the obscurity of the platform.
A modern day software company just can't afford to wait months to release a patch for a publicly known vulnerability. Microsoft learned this lesson the hard way.
In December 2008, Sun Microsystems warned of a flaw in its Java virtual machine that could be exploited to execute code on vulnerable computers.
Although the problem has been addressed in Windows and major Linux distributions, Apple has not issued a fix for the vulnerability, despite having recently issued a major security upgrade. The flaw is being actively exploited, and attack code that specifically targets the flaw in Mac OS X has been posted in an attempt to draw attention to the unpatched vulnerability. Mac users are urged to disable Java applets in their browsers until a fix is made available.
Mac users too often assume that their machines are not vulnerable to attacks, but reality dictates otherwise. News of this latest security flaw is yet another indication that Mac OS X is by no means invincible to attacks.
Apple's reliance on third party / open source software, and it's inability to release timely patches in sync with other vendors is a big threat currently only mitigated by the obscurity of the platform.
A modern day software company just can't afford to wait months to release a patch for a publicly known vulnerability. Microsoft learned this lesson the hard way.
Ball State Server Breach Not Due to IIS Flaw
Ball State Server Breach Not Due to IIS Flaw
Ball State University network administrators now say that a computer security breach at the Muncie, Indiana school was due to misuse of an authorized Ball State user account and not to an exploit of a known zero-day privilege elevation vulnerability in Microsoft's Internet Information Services (IIS) web server, as was previously reported.
Microsoft issued a warning about the flaw earlier this week; the vulnerability affects IIS version 5 and 6.
Ball State University network administrators now say that a computer security breach at the Muncie, Indiana school was due to misuse of an authorized Ball State user account and not to an exploit of a known zero-day privilege elevation vulnerability in Microsoft's Internet Information Services (IIS) web server, as was previously reported.
Microsoft issued a warning about the flaw earlier this week; the vulnerability affects IIS version 5 and 6.
miércoles, 20 de mayo de 2009
Password Bypass Bug in Microsoft IIS Version 6.0
Password Bypass Bug in Microsoft IIS Version 6.0
A WebDAV vulnerability in Microsoft's Internet Information Server 6.0 (IIS) enables attackers to gain access to password-protected files and directories controlled by the web server. Attackers can also use the exploit to upload and download files to the server. The attack exploits a flaw in the processing of Unicode characters added to a web address.
WebDAV is not enabled by default on IIS 6.0. Web administrators are urged to temporarily disable WebDAV until the issue is addressed. A spokesperson from Microsoft said "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," but the US-CERT team are reporting "active exploitation" of the bug.
A WebDAV vulnerability in Microsoft's Internet Information Server 6.0 (IIS) enables attackers to gain access to password-protected files and directories controlled by the web server. Attackers can also use the exploit to upload and download files to the server. The attack exploits a flaw in the processing of Unicode characters added to a web address.
WebDAV is not enabled by default on IIS 6.0. Web administrators are urged to temporarily disable WebDAV until the issue is addressed. A spokesperson from Microsoft said "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," but the US-CERT team are reporting "active exploitation" of the bug.
jueves, 14 de mayo de 2009
Adobe Reader and Acrobat - Javascript Vulnerabilities
Adobe has released Security Bulletin APSB09-06, which describes Adobe Reader and Acrobat updates for two JavaScript vulnerabilities that could allow a remote attacker to execute arbitrary code.
Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB09-06 and update vulnerable versions of Adobe Reader and Acrobat. According to APSB09-06, these vulnerabilities are addressed in versions 9.1.1, 8.1.5, and 7.1.2 of Adobe Reader and Acrobat.
Preventing PDF documents from opening inside a web browser reduces attack surface. If this workaround is applied to updated versions of the Adobe Reader and Acrobat, it may protect against future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser with Adobe Reader:
To disable the vulnerable getAnnots() method, rename or remove the Annots.api file. This will disable some Annotation functionality, however annotations can still be viewed. This does not protect against the customDictionaryOpen() vulnerability. On Windows, Annots.api is typically located here:
http://www.adobe.com/support/security/bulletins/apsb09-06.html
I. Description
Adobe Security Bulletin APSB09-06 announces updates for two JavaScript vulnerabilities that affect Adobe Reader and Acrobat.- A vulnerability in the getAnnots() method (CVE-2009-1492) affects Adobe Reader and Acrobat for Microsoft Windows, Apple Mac OS X, and UNIX.
- A vulnerability in the customDictionaryOpen() method(CVE-2009-1493) appears to only affect Adobe Reader for UNIX.
Further details are available in Vulnerability Note VU#970180.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a website is usually sufficient to cause Reader or Acrobat to open a PDF file.II. Impact
By convincing a victim to open a specially crafted PDF file, a remote, unauthenticated attacker may be able to execute arbitrary code.III. Solution
UpdateAdobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB09-06 and update vulnerable versions of Adobe Reader and Acrobat. According to APSB09-06, these vulnerabilities are addressed in versions 9.1.1, 8.1.5, and 7.1.2 of Adobe Reader and Acrobat.
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript prevents these vulnerabilities from being exploited and reduces attack surface. If this workaround is applied to updated versions of the Adobe Reader and Acrobat, it may protect against future vulnerabilities.To disable JavaScript in Adobe Reader:
Open Adobe Acrobat Reader.- Open the Edit menu.
- Choose the Preferences... option.
- Choose the JavaScript section.
- Uncheck the Enable Acrobat JavaScript check box.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:Disable the display of PDF documents in the web browser
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]"EditFlags"=hex:00,00,00,00
Preventing PDF documents from opening inside a web browser reduces attack surface. If this workaround is applied to updated versions of the Adobe Reader and Acrobat, it may protect against future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser with Adobe Reader:
- Open Adobe Acrobat Reader.
- Open the Edit menu.
- Choose the preferences option.
- Choose the Internet section.
- Un-check the "Display PDF in browser" check box.
To disable the vulnerable getAnnots() method, rename or remove the Annots.api file. This will disable some Annotation functionality, however annotations can still be viewed. This does not protect against the customDictionaryOpen() vulnerability. On Windows, Annots.api is typically located here:
"%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins"Example location on GNU/Linux:
Do not access PDF documents from untrusted sources
/opt/Adobe/Reader8/Reader/intellinux/plug_ins/Annots.api
Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
http://www.adobe.com/support/security/bulletins/apsb09-06.html
miércoles, 13 de mayo de 2009
Microsoft corrige 14 vulnerabilidades en PowerPoint
Microsoft corrige 14 vulnerabilidades en PowerPoint
Tal y como adelantamos, este martes Microsoft ha publicado sólo un boletín de seguridad (el MS09-017) correspondientes a su ciclo habitual de actualizaciones. Esta actualización que corrige un total de 14 vulnerabilidades presenta, según la propia clasificación de Microsoft, un nivel de gravedad "crítico".
Las vulnerabilidades corregidas afectan a diversas versiones de PowerPoint de Microsoft Office (XP, 2000, 2002, 2003 y 2007), Office para Mac y el visor de archivos PowerPoint (PowerPoint Viewer 2003 y 2007). Entre las vulnerabilidades corregidas se incluye el problema ya comentado anteriormente que venía siendo explotado de forma activa desde primeros de abril.
Todos los problemas corregidos pueden permitir la ejecución remota de código al abrir un archivo PowerPoint maliciosamente construido. El problema se agravaba al ser PowerPoint un formato de archivo sobre el que la gente tiende a confiar, y que se usa con frecuencia para el intercambio de presentaciones de todo tipo entre usuarios (desde presentaciones profesionales hasta totalmente intrascendentes), lo que podría permitir la rápida infección debido precisamente a estos factores.
Las actualizaciones publicadas pueden descargarse a través de Windows Update o desde el boletín de Microsoft donde se incluyen las direcciones de descarga directa de cada parche. Dada la gravedad de las vulnerabilidades se recomienda la actualización de los sistemas con la mayor brevedad posible.
Tal y como adelantamos, este martes Microsoft ha publicado sólo un boletín de seguridad (el MS09-017) correspondientes a su ciclo habitual de actualizaciones. Esta actualización que corrige un total de 14 vulnerabilidades presenta, según la propia clasificación de Microsoft, un nivel de gravedad "crítico".
Las vulnerabilidades corregidas afectan a diversas versiones de PowerPoint de Microsoft Office (XP, 2000, 2002, 2003 y 2007), Office para Mac y el visor de archivos PowerPoint (PowerPoint Viewer 2003 y 2007). Entre las vulnerabilidades corregidas se incluye el problema ya comentado anteriormente que venía siendo explotado de forma activa desde primeros de abril.
Todos los problemas corregidos pueden permitir la ejecución remota de código al abrir un archivo PowerPoint maliciosamente construido. El problema se agravaba al ser PowerPoint un formato de archivo sobre el que la gente tiende a confiar, y que se usa con frecuencia para el intercambio de presentaciones de todo tipo entre usuarios (desde presentaciones profesionales hasta totalmente intrascendentes), lo que podría permitir la rápida infección debido precisamente a estos factores.
Las actualizaciones publicadas pueden descargarse a través de Windows Update o desde el boletín de Microsoft donde se incluyen las direcciones de descarga directa de cada parche. Dada la gravedad de las vulnerabilidades se recomienda la actualización de los sistemas con la mayor brevedad posible.
Microsoft to Test Windows 7 Update Process
Microsoft to Test Windows 7 Update Process on May 12
Microsoft plans to test the update process for Windows 7 on Tuesday, May 12 by sending out phony patches to PCs running the newest release candidate. As many as 10 updates will be issued; none will contain fixes or new features. Microsoft ran a similar test for Windows 7 update capabilities in February. Users who do not wish to receive the test updates can change the appropriate settings in their Windows Update control panel.
Microsoft plans to test the update process for Windows 7 on Tuesday, May 12 by sending out phony patches to PCs running the newest release candidate. As many as 10 updates will be issued; none will contain fixes or new features. Microsoft ran a similar test for Windows 7 update capabilities in February. Users who do not wish to receive the test updates can change the appropriate settings in their Windows Update control panel.
Vulnerability in Windows 7 Release Candidate
Vulnerability in Windows 7 Release Candidate
A flaw has been found in the most recent Windows 7 Release Candidate; Microsoft has issued a hotfix for the vulnerability. The flaw affects the 32-bit (x86) English-language version of Windows 7 build 7100. The problem is that "the folder that is created as the root folder of the system drive is missing entries in its security descriptor." This could cause "applications that reference folders under the root" to fail to install or uninstall successfully and "applications that reference these folders may fail."
Knowledge Base : http://support.microsoft.com/kb/970789
A flaw has been found in the most recent Windows 7 Release Candidate; Microsoft has issued a hotfix for the vulnerability. The flaw affects the 32-bit (x86) English-language version of Windows 7 build 7100. The problem is that "the folder that is created as the root folder of the system drive is missing entries in its security descriptor." This could cause "applications that reference folders under the root" to fail to install or uninstall successfully and "applications that reference these folders may fail."
Knowledge Base : http://support.microsoft.com/kb/970789
lunes, 11 de mayo de 2009
Google Chrome - Correccion de dos vulnerabilidades
Google ha publicado una actualización de su navegador Google Chrome, para corregir dos vulnerabilidades que podrían llegar a permitir a un atacante remoto la ejecución de código arbitrario.
El primero de los problemas reside en un error de validación de entrada en el proceso del navegador. Un usuario remoto podría crear código HTML de forma que al ser cargado por el navegador provocaría un desbordamiento de búfer en InitSkBitmapFromData() y ejecutar código arbitrario en el sistema atacado.
El segundo de los problemas corregidos permitiría a un usuario remoto crear una imagen o un archivo canvas de forma específica para que al ser cargado por el navegador provoque un desbordamiento de búfer y la ejecución de código arbitrario dentro de la sandbox de Google Chrome.
Se recomienda comprobar que el navegador está actualizado a la última versión disponible.
El primero de los problemas reside en un error de validación de entrada en el proceso del navegador. Un usuario remoto podría crear código HTML de forma que al ser cargado por el navegador provocaría un desbordamiento de búfer en InitSkBitmapFromData() y ejecutar código arbitrario en el sistema atacado.
El segundo de los problemas corregidos permitiría a un usuario remoto crear una imagen o un archivo canvas de forma específica para que al ser cargado por el navegador provoque un desbordamiento de búfer y la ejecución de código arbitrario dentro de la sandbox de Google Chrome.
Se recomienda comprobar que el navegador está actualizado a la última versión disponible.
sábado, 9 de mayo de 2009
Microsoft Will Offer Fix for PowerPoint Vulnerability on May 12
Microsoft Will Offer Fix for PowerPoint Vulnerability on May 12
Microsoft's will release just one security bulletin on Tuesday, May 12.
The critical update will address a remote code execution vulnerability
in PowerPoint. Microsoft acknowledged the flaw in early April when it
issued an advisory warning that it was being used in "limited and
targeted attacks." The vulnerability affects PowerPoint 2000, 2002,
2003 and 2007. The small security release is good news for PC users,
as the same day, Adobe plans to will release security updates for Reader
and Acrobat.
Microsoft's will release just one security bulletin on Tuesday, May 12.
The critical update will address a remote code execution vulnerability
in PowerPoint. Microsoft acknowledged the flaw in early April when it
issued an advisory warning that it was being used in "limited and
targeted attacks." The vulnerability affects PowerPoint 2000, 2002,
2003 and 2007. The small security release is good news for PC users,
as the same day, Adobe plans to will release security updates for Reader
and Acrobat.
Windows 7 RC has disappointments and Improvements
Windows 7 Release Candidate Has Disappointments and Improvements
----------------------------
Microsoft's Windows 7 release candidate, which was made available earlier this week, is already disappointing some for not implementing certain changes that would improve security. There was hope that with Windows 7, Microsoft might change its long-standing practice of hiding file type extensions in Explorer, but the newest release still hides the extensions. The problem is that attackers can trick the system into displaying a file called, for example, name.txt.exe as a .txt file, which users would perceive as being safer than an .exe file. On a brighter note, the Windows 7 version of AutoPlay does not automatically run applications on external data devices except for CD/DVD players.
----------------------------
Microsoft's Windows 7 release candidate, which was made available earlier this week, is already disappointing some for not implementing certain changes that would improve security. There was hope that with Windows 7, Microsoft might change its long-standing practice of hiding file type extensions in Explorer, but the newest release still hides the extensions. The problem is that attackers can trick the system into displaying a file called, for example, name.txt.exe as a .txt file, which users would perceive as being safer than an .exe file. On a brighter note, the Windows 7 version of AutoPlay does not automatically run applications on external data devices except for CD/DVD players.
miércoles, 6 de mayo de 2009
Elcomsoft Password Recovery
ElcomSoft Co. Ltd. updates Advanced Office Password Breaker (AOPB), a product to remove password protection from Microsoft Office documents, adding Rainbow Tables for password-protected Excel spreadsheets. Rainbow Tables offer near-instant recovery of 97% spreadsheets protected with 40-bit encryption used by Microsoft Excel 97/2000 (as well as Excel XP/2003 with default/compatible encryption settings).
With the added benefit of new Rainbow Tables for quickly recovering protected Microsoft Excel spreadsheets that come in addition to already available Thunder Tables™ for Microsoft Word which recover password-protected Microsoft Word documents in just seconds, and provide a 100% recovery guarantee of 40-bit encrypted Word files - the total price of Advanced Office Password Breaker does not increase, and remains at 399 EUR.
With the added benefit of new Rainbow Tables for quickly recovering protected Microsoft Excel spreadsheets that come in addition to already available Thunder Tables™ for Microsoft Word which recover password-protected Microsoft Word documents in just seconds, and provide a 100% recovery guarantee of 40-bit encrypted Word files - the total price of Advanced Office Password Breaker does not increase, and remains at 399 EUR.
Meeting PCI DSS Requirements With Acunetix
Unlike web application firewalls, Acunetix Web Vulnerability Scanner focuses on fixing web security problems, whether than preventing them from happening. Acunetix WVS helps in detecting cross site scripting, sql injections and other web vulnerabilities before the web application is exposed on the internet.
Watch this video (http://www.youtube.com/) to see what advantages there are when Acunetix Web Vulnerability Scanner is used to secure, and audit web applications to meet PCI DSS requirements.
Watch this video (http://www.youtube.com/) to see what advantages there are when Acunetix Web Vulnerability Scanner is used to secure, and audit web applications to meet PCI DSS requirements.
PassWare - Recover passwords for Ms Excel and MS Word
Key Features
* Recovers passwords for MS Excel and Word files, VBA projects, Access databases, email accounts in Outlook and Outlook Express, Powerpoint presentations, Windows Administrators, Acrobat documents, websites in Internet Explorer and Firefox, dial-up and VPN network connections, Zip and Rar archives, and many other types of passwords
* Scans computers and finds lost or hidden password-protected files
* Built-in online decryption instantly removes passwords to open MS Word and Excel files (up to version 2003)
* Recovers or resets most password types instantly
* Multiple-core CPUs are efficiently used to speed up the password recovery process
* nVidia GPU is used to accelerate MS Office 2007 password recovery speed by 3500%
* 8 advanced attacks (and any combination of them) recover difficult types of passwords
* Includes a wizard for easy setup of password recovery attacks
* Combines attacks for passwords like "strong123password"
* Recovers passwords for MS Excel and Word files, VBA projects, Access databases, email accounts in Outlook and Outlook Express, Powerpoint presentations, Windows Administrators, Acrobat documents, websites in Internet Explorer and Firefox, dial-up and VPN network connections, Zip and Rar archives, and many other types of passwords
* Scans computers and finds lost or hidden password-protected files
* Built-in online decryption instantly removes passwords to open MS Word and Excel files (up to version 2003)
* Recovers or resets most password types instantly
* Multiple-core CPUs are efficiently used to speed up the password recovery process
* nVidia GPU is used to accelerate MS Office 2007 password recovery speed by 3500%
* 8 advanced attacks (and any combination of them) recover difficult types of passwords
* Includes a wizard for easy setup of password recovery attacks
* Combines attacks for passwords like "strong123password"
DDoS Attacks Targeting Internet Infrastructure
Groups monitoring the frequency and magnitude of distributed denial of
service (DDoS) attacks have noted a sharp increase in particularly
virulent attacks in the last several months. The attackers also appear
to be targeting critical Internet infrastructure systems more often. A
March attack on cloud computing provider GoGrid lasted for several days
and affected half of the company's 1,000 customers. Other attacks have
targeted web hosting providers Register.com and The Planet as well as
Brazilian Internet service provider (ISP) Telefonica. In most cases,
the attacks persisted for several days and then ceased abruptly.
service (DDoS) attacks have noted a sharp increase in particularly
virulent attacks in the last several months. The attackers also appear
to be targeting critical Internet infrastructure systems more often. A
March attack on cloud computing provider GoGrid lasted for several days
and affected half of the company's 1,000 customers. Other attacks have
targeted web hosting providers Register.com and The Planet as well as
Brazilian Internet service provider (ISP) Telefonica. In most cases,
the attacks persisted for several days and then ceased abruptly.
Botnets Stealing 70 GB Of Data
Researchers at the University of California at Santa Barbara were able
to monitor a botnet's activity for 10 days before the
command-and-control instructions were changed. The researchers observed
as the botnet harvested 70 GB of data, including email passwords and
online banking account information. The botnet, known as Torpig,
Anserin and Sinowal, infected PCs through drive-by downloads when they
visit compromised websites. The researchers are working with the FBI,
the US department of Defense and various ISPs to notify people affected
by the data theft; ISPs are also shutting down some of the sites that
have been used to send instructions to compromised machines.
to monitor a botnet's activity for 10 days before the
command-and-control instructions were changed. The researchers observed
as the botnet harvested 70 GB of data, including email passwords and
online banking account information. The botnet, known as Torpig,
Anserin and Sinowal, infected PCs through drive-by downloads when they
visit compromised websites. The researchers are working with the FBI,
the US department of Defense and various ISPs to notify people affected
by the data theft; ISPs are also shutting down some of the sites that
have been used to send instructions to compromised machines.
Windows 7 Release Candidate - Trojan Included
Pirated Versions of Windows 7 Release Candidate Contain Trojan.
Reports are circulating that pirated versions of Windows 7 Release
Candidate available on filesharing sites contain malware. The malware
has been identified by one user as the Falder Trojan horse program,
which plants scareware on PCs and uses a rootkit to evade detection by
real antivirus packages. Microsoft is scheduled to release Windows 7
RC on Tuesday, May 5. Earlier this year, pirated copies of Apple's
iWork '09 were found to contain malware that took control of Macs.
ES
---------------------------------------------------------------------
Es de suponerse que cualquier version pirata de un sistema operativo,
en este caso Windows 7, pueda contener alguna modificación. Sin embargo
existen personas que no toman cuidado de estas "caracteristicas" del
sistema operativo. El malware se propaga. Y ya sabemos las consecuencias.
Reports are circulating that pirated versions of Windows 7 Release
Candidate available on filesharing sites contain malware. The malware
has been identified by one user as the Falder Trojan horse program,
which plants scareware on PCs and uses a rootkit to evade detection by
real antivirus packages. Microsoft is scheduled to release Windows 7
RC on Tuesday, May 5. Earlier this year, pirated copies of Apple's
iWork '09 were found to contain malware that took control of Macs.
ES
---------------------------------------------------------------------
Es de suponerse que cualquier version pirata de un sistema operativo,
en este caso Windows 7, pueda contener alguna modificación. Sin embargo
existen personas que no toman cuidado de estas "caracteristicas" del
sistema operativo. El malware se propaga. Y ya sabemos las consecuencias.
Suscribirse a:
Entradas (Atom)
