The PowerShift Program puts a world of resources at your fingertips.
Login Page:
http://powershift.netgear.com/ 
Apply to be a Partner:
http://powershift.netgear.com/et.cfm?eid=register
Forgot Password:
http://powershift.netgear.com/et.cfm?eid=resend_password
Not Yet a Partner? Learn More
Language or region not listed above?
Visit our Contact Us page to locate detailed regional contact information using our worldwide map.
Check back soon for deployment of more international websites.
From wireless routers and adapters to Layer 3 Managed Switches we have the networking equipment you need for your home or small business.
Visit NETGEAR.com
Purchase your license key(s) today for your ProSecure® STM and UTM appliances.
Posted By Pete at 1:45 PM, January 26, 2010
A new vulnerability in Internet Explorer has been discovered (again).
This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a victim's machine.
The result - gain access to all of the victim's files.
Jorge Luis Alvarez Medina, a security consultant will demonstrate proof-of-concept code next month after the Black Hat Conference in Washington DC, and Microsoft intends to subsequently release a patch for this soon after.
"These vulnerabilities are just features ... the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says.
To give you a better idea of how the attack is carried out, here is what Medina says about the attack. "With IE's Security Zones, an Internet zone would not be allowed to read files from a local machine, for instance. But if a local machine is considered part of the Internet zone, its files could be accessed by an attacker."
Until a patch is released, a few ways to protect yourself from being exposed would be to:
1. Deploy IE's Protocol Lockdown feature to restrict the file protocol
2. Set the security level to "High"
3. Disable active scripting in the Intranet and Internet Zones
4. Run IE in Protected Mode if available in the OS
5. Lock down and disable the MHTML protocol handler
6. And last but not least use another browser
Along with the attacks on Google last week, it seems to me that IE still has a long way to go before we can consider it "secure". This is not isolated to IE as Firefox actually has even more vulnerabilities. Software companies simply have to do a better job at breaking their products before releasing them to the public. As it stands, Web browsers and many other types of software are simply acting as a gateway for hackers to the rest of a user's system.
Posted by: Pete at 1:45 PM
Categories: General , Vulnerability
Posted By Netgear Threat Lab at 7:00 PM, January 24, 2010
Troj.Exploit.W32.PDF-URI.o
Behavior:9
Description:Adobe Acrobat and Reader are prone to a remote code-execution vulnerability CVE-2009-0927.
When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
Affected Versions: Reader and Acrobat 7.1 and prior
Reader and Acrobat 8.1.2 and prior
Reader and Acrobat 9
Posted by: Netgear Threat Lab at 7:00 PM
Categories: Malware , Netgear Threat Lab
Posted By Netgear Threat Lab at 6:55 PM, January 24, 2010
Troj.Downloader.VBS.Agent.ex
Description: The EDraw Office Viewer Component ActiveX control (officeviewer.ocx) is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when an excessive amount of data is passed to the 'FtpDownloadFile()' method of the EDraw. OfficeViewer(officeviewer.ocx) ActiveX control with the CLSID: 6BA21C22-53A5-463F-BBE8-5CF7FFA0132B.By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Affected: EDraw Office Viewer Component 5.3
Posted by: Netgear Threat Lab at 6:55 PM
Categories: Malware , Netgear Threat Lab
Posted By Netgear Threat Lab at 5:33 PM, January 24, 2010
One of the world's top four search engines Bidu, who has 75% of the search engine market share in China, was hacked earlier this month. It is reported that the number of people affected by this could be up to 120 million.
We believe that large networks of businesses such as Baidu, invest a lot on network security. They deploy layers security including anti-virus, vulnerability discovery, intrusion detection, DDoS attack prevention, etc... But Baidu still got hacked, taken down for over five hours. Why?
Because what Baidu encountered was a DNS hijacking attack. The inherent weakness of the DNS system has left Baidu and other enterprises helpless and exposed to this type of attack.
We know that the global DNS system is a hierarchial system, with the root and core registration system located in the United States. This means that the core of the domain is not in the control of the domain owner, so once hackers hijack DNS resolution from the root the domain name owner is powerless.
At the same time, since DNS caching and synchronization takes time, even if the root entry is repaired, there is still a period of time needed for the correct entry to synchronize globally. This means repairs for such problems will be a lengthy process.
We believe that the future, people will pay more attention to the root DNS security issues. But as long as the robustness of the system is not fundamentally improved, this kind of problem will continue to happen.
Posted by: Netgear Threat Lab at 5:33 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 5:32 PM, January 24, 2010
Now with 2009 just past us, it's clear that hackers are exploiting all types of software in record numbers, but it's pretty clear that Microsoft products are still their favorite. This can be seen from the number of patches Microsoft issued during 2009.
Microsoft released in 2009, a total of 72 monthly security patches, including 27 in the first half of the year and 45 in the second half. In addition to that, Microsoft released two emergency security patches at the end of July. For the year, Microsoft released a total of 74 patches - fixing 190 security holes.
Of the 74 patches, 44 were of the critical variety, which is the highest level of Microsoft's patches. In addition, 27 were of the important level, and 3 were middle level. Of the 190 security holes, 132 were classified as high-risk, 53 as serious, and another 5 were moderate.
These patches fixed a total of 157 remote code execution vulnerabilities, 7 denial-of-service vulnerabilities, 7 fraud vulnerabilities, 18 privilege elevation vulnerabilities, and 1 information-disclosure vulnerability.
On the operating system side of things, 34 security holes were found in Windows Server 2003. Three total vulnerabilities were found in the newly released Windows 7. For Web browsers, IE6 had 7 security holes, IE5 and IE7 each had 6. IE8 had the least with 4. For productivity, Office 2003 led the pack with 13, Office XP had 11, Office 2007 had 10, and Office 2000 had the least with 8.
From the data from 2009, we are sure that 2010 will be another big patch year for Microsoft.
Posted by: Netgear Threat Lab at 5:32 PM
Categories: Malware , Netgear Threat Lab
Posted By Pete at 3:18 PM, January 6, 2010
SmallNetBuilder has posted a very thorough review of the UTM10. For those of you who are interested in what the UTM looks like under the hood as well as how it performs, I highly recommend heading on over there.
Read the review here.
Posted by: Pete at 3:18 PM
Categories: General