ProSecure Security Blogtag:prosecure.netgear.com,2009-01-23:/community/security-blog//12010-03-01T05:08:23ZMovable Type 4.23-enRSA Conference is HEREtag:prosecure.netgear.com,2010:/community/security-blog//1.782010-03-01T04:59:30Z2010-03-01T05:08:23Z Just a reminder that the RSA Conference is back in town. For those of you interested in security, RSA is the place to be. Personally, I'm looking forward to what new developments in security 2010 will bring. See you...Pete
Just a reminder that the RSA Conference is back in town. For those of you interested in security, RSA is the place to be. Personally, I'm looking forward to what new developments in security 2010 will bring. See you all at the show!]]>
Twitter Suffers from Large Scale Phishing Attackstag:prosecure.netgear.com,2010:/community/security-blog//1.772010-03-01T04:48:46Z2010-03-01T04:58:34ZYesterday, a large number of Twitter users received from friends tweets titled "this you????" which pointed to a false Twitter landing page. If the victim enters their user name and password on the fake landing page, the attackers will be...Pete
If the victim enters their user name and password on the fake landing page, the attackers will be able to control their account and use it to send out even more phishing tweets.
Does this attack sound familiar? Here at the lab, we use MSN quite a lot and have seen many similar phishing attacks via MSN. This type of phishing attack is based on a sociological approach and is being rapidly ported to twitter and other social networks.
We recommend that you do not open any suspicious messages whether it's Twitter or MSN or anything else. If your friends frequently tell you that they are receiving strange messages from you, it probably means your account information has been stolen and that you need to change your password as soon as possible in addition to a full system virus scan.]]>
eWeek Reviews the UTM5tag:prosecure.netgear.com,2010:/community/security-blog//1.762010-02-23T22:04:30Z2010-02-23T22:11:27Z eWeek has just published their review of the UTM5. The review talks about the various components of the UTM5 and also gives their thoughts on setting up the unit. See what they have to say here....Pete
eWeek has just published their review of the UTM5. The review talks about the various components of the UTM5 and also gives their thoughts on setting up the unit.
See what they have to say here.]]>
Threat Lab Report: Apple's Ipad Sparks New SEO Threatstag:prosecure.netgear.com,2010:/community/security-blog//1.752010-02-12T23:08:32Z2010-02-12T23:41:46ZOn January 27th, Apple formally introduced to the world the iPad, when countless delighted when Apple fans rejoiced. They weren't the only ones. Cyber criminals were also excited but for other reasons. Big news events such as the earthquake in...Netgear Threat Lab
When the user arrives at the sites of these viruses, the site will present the user with a fake online virus scan, then inform the user's that the computer has been infected, and present a virus (Trojan-Downloader.Win32.FraudLoad.wxuf ) disguised as anti-virus software for the user to download and install.
This type of threat can be stopped in real-time by ProSecure appliances.]]>
ProSecure UTM5 Launchedtag:prosecure.netgear.com,2010:/community/security-blog//1.742010-02-05T23:48:30Z2010-02-06T00:03:04Z We just introduced the latest member of the UTM family the UTM5. It contains all the security found in the UTM10 and UTM25 at slightly slower speeds. It's a great fit for smaller office networks and basically gives you...Pete
We just introduced the latest member of the UTM family the UTM5. It contains all the security found in the UTM10 and UTM25 at slightly slower speeds. It's a great fit for smaller office networks and basically gives you the high level of protection found in high end Web/Email security gateways, plus the functionality and connectivity options of a good firewall.
One thing we didn't compromise on is the security effectiveness. What good is a security appliance if it doesn't effectively do what it was brought in to do? The UTM5 is a great value, but there is nothing "economy class" about the coverage and performance of the UTM5.
Contact your local VAR or sign up at prosecure.netgear.com for a risk free 30 day eval.]]>
ProSecure UTMs Firmware with SSL Vulnerability Patch Releasedtag:prosecure.netgear.com,2010:/community/security-blog//1.732010-02-05T23:39:13Z2010-02-05T23:48:16Z Back in November a critical SSL Vulnerability was discovered. I'm pleased to say that firmware version 1.0.16-0 for our UTM family contains patched versions of SSL. There are many components within the UTM that uses SSL so getting this...Pete
SSL Vulnerability was discovered.
I'm pleased to say that firmware version 1.0.16-0 for our UTM family contains patched versions of SSL. There are many components within the UTM that uses SSL so getting this patch was very important.
It's a good thing this vulnerability was discovered by researchers with good intentions as this could have resulted in a disaster (with the economy the way it is, even if the bad guys did exploit the vulnerability there probably wasn't that much to steal ;-))
You can read the release notes here.]]>
IT Pro Reviews the STM300tag:prosecure.netgear.com,2010:/community/security-blog//1.722010-02-02T18:38:20Z2010-02-02T18:48:35Z IT Pro has just published their review of the STM300. Head on over and see what they have to say about the STM300....Pete
IT Pro has just published their review of the STM300. Head on over and see what they have to say about the STM300.]]>
New Internet Explorer Vulnerability Potentially Exposes All of the Victim's Filestag:prosecure.netgear.com,2010:/community/security-blog//1.712010-01-26T21:45:24Z2010-01-26T23:42:09Z A new vulnerability in Internet Explorer has been discovered (again). This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a...Pete
A new vulnerability in Internet Explorer has been discovered (again).
This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a victim's machine.
The result - gain access to all of the victim's files.
Jorge Luis Alvarez Medina, a security consultant will demonstrate proof-of-concept code next month after the Black Hat Conference in Washington DC, and Microsoft intends to subsequently release a patch for this soon after.
"These vulnerabilities are just features ... the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says.
To give you a better idea of how the attack is carried out, here is what Medina says about the attack. "With IE's Security Zones, an Internet zone would not be allowed to read files from a local machine, for instance. But if a local machine is considered part of the Internet zone, its files could be accessed by an attacker."
Until a patch is released, a few ways to protect yourself from being exposed would be to:
1. Deploy IE's Protocol Lockdown feature to restrict the file protocol
2. Set the security level to "High"
3. Disable active scripting in the Intranet and Internet Zones
4. Run IE in Protected Mode if available in the OS
5. Lock down and disable the MHTML protocol handler
6. And last but not least use another browser
Along with the attacks on Google last week, it seems to me that IE still has a long way to go before we can consider it "secure". This is not isolated to IE as Firefox actually has even more vulnerabilities. Software companies simply have to do a better job at breaking their products before releasing them to the public. As it stands, Web browsers and many other types of software are simply acting as a gateway for hackers to the rest of a user's system.]]>
Threat Lab Report: Troj.Exploit.W32.PDF-URI.otag:prosecure.netgear.com,2010:/community/security-blog//1.692010-01-25T03:00:51Z2010-01-25T03:02:52ZTroj.Exploit.W32.PDF-URI.o Behavior:9 Description:Adobe Acrobat and Reader are prone to a remote code-execution vulnerability CVE-2009-0927. When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. By...Netgear Threat Lab
Troj.Exploit.W32.PDF-URI.o
Behavior:9
Description:Adobe Acrobat and Reader are prone to a remote code-execution vulnerability CVE-2009-0927.
When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
Affected Versions: Reader and Acrobat 7.1 and prior
Reader and Acrobat 8.1.2 and prior
Reader and Acrobat 9
]]>
Threat Lab Report: Troj.Downloader.VBS.Agent.extag:prosecure.netgear.com,2010:/community/security-blog//1.682010-01-25T02:55:35Z2010-01-25T03:04:11ZTroj.Downloader.VBS.Agent.ex Description: The EDraw Office Viewer Component ActiveX control (officeviewer.ocx) is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when an excessive amount of data...Netgear Threat Lab
Troj.Downloader.VBS.Agent.ex
Description: The EDraw Office Viewer Component ActiveX control (officeviewer.ocx) is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when an excessive amount of data is passed to the 'FtpDownloadFile()' method of the EDraw. OfficeViewer(officeviewer.ocx) ActiveX control with the CLSID: 6BA21C22-53A5-463F-BBE8-5CF7FFA0132B.By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Affected: EDraw Office Viewer Component 5.3
]]>
Baidu's First Look at the Weakness of the Current DNS Systemtag:prosecure.netgear.com,2010:/community/security-blog//1.672010-01-25T01:33:21Z2010-01-25T03:05:35ZOne of the world's top four search engines Bidu, who has 75% of the search engine market share in China, was hacked earlier this month. It is reported that the number of people affected by this could be up to...Netgear Threat Lab
We believe that large networks of businesses such as Baidu, invest a lot on network security. They deploy layers security including anti-virus, vulnerability discovery, intrusion detection, DDoS attack prevention, etc... But Baidu still got hacked, taken down for over five hours. Why?
Because what Baidu encountered was a DNS hijacking attack. The inherent weakness of the DNS system has left Baidu and other enterprises helpless and exposed to this type of attack.
We know that the global DNS system is a hierarchial system, with the root and core registration system located in the United States. This means that the core of the domain is not in the control of the domain owner, so once hackers hijack DNS resolution from the root the domain name owner is powerless.
At the same time, since DNS caching and synchronization takes time, even if the root entry is repaired, there is still a period of time needed for the correct entry to synchronize globally. This means repairs for such problems will be a lengthy process.
We believe that the future, people will pay more attention to the root DNS security issues. But as long as the robustness of the system is not fundamentally improved, this kind of problem will continue to happen. ]]>
Microsoft Released a Total of 74 patches to Fix 190 Vulnerabilities in 2009tag:prosecure.netgear.com,2010:/community/security-blog//1.662010-01-25T01:32:02Z2010-01-25T03:06:06ZNow with 2009 just past us, it's clear that hackers are exploiting all types of software in record numbers, but it's pretty clear that Microsoft products are still their favorite. This can be seen from the number of patches Microsoft...Netgear Threat Lab
Microsoft released in 2009, a total of 72 monthly security patches, including 27 in the first half of the year and 45 in the second half. In addition to that, Microsoft released two emergency security patches at the end of July. For the year, Microsoft released a total of 74 patches - fixing 190 security holes.
Of the 74 patches, 44 were of the critical variety, which is the highest level of Microsoft's patches. In addition, 27 were of the important level, and 3 were middle level. Of the 190 security holes, 132 were classified as high-risk, 53 as serious, and another 5 were moderate.
These patches fixed a total of 157 remote code execution vulnerabilities, 7 denial-of-service vulnerabilities, 7 fraud vulnerabilities, 18 privilege elevation vulnerabilities, and 1 information-disclosure vulnerability.
On the operating system side of things, 34 security holes were found in Windows Server 2003. Three total vulnerabilities were found in the newly released Windows 7. For Web browsers, IE6 had 7 security holes, IE5 and IE7 each had 6. IE8 had the least with 4. For productivity, Office 2003 led the pack with 13, Office XP had 11, Office 2007 had 10, and Office 2000 had the least with 8.
From the data from 2009, we are sure that 2010 will be another big patch year for Microsoft.
]]>
Small Net Builder Reviews the UTM10tag:prosecure.netgear.com,2010:/community/security-blog//1.652010-01-06T23:18:44Z2010-01-06T23:46:20Z SmallNetBuilder has posted a very thorough review of the UTM10. For those of you who are interested in what the UTM looks like under the hood as well as how it performs, I highly recommend heading on over there....Pete
SmallNetBuilder has posted a very thorough review of the UTM10. For those of you who are interested in what the UTM looks like under the hood as well as how it performs, I highly recommend heading on over there.
Read the review here.
]]>
Happy Holidaystag:prosecure.netgear.com,2009:/community/security-blog//1.642009-12-26T04:32:37Z2009-12-26T08:27:30ZFrom all of us here at ProSecure, we wish you all Happy Holidays and a Happy New Year!...PeteFrom all of us here at ProSecure, we wish you all Happy Holidays and a Happy New Year!]]>
Threat Lab Report: The First iPhone Worm Hits the Mobile Scenetag:prosecure.netgear.com,2009:/community/security-blog//1.632009-11-17T18:13:19Z2009-11-17T21:02:31Z Due to the iPhone being a hit in the smartphone market, network security researchers warned that the iPhone's popularity will lead to cyber-criminals to taking an interest in mobile phones. With the increase in horsepower and functionality in smartphones...Netgear Threat Lab
Due to the iPhone being a hit in the smartphone market, network security researchers warned that the iPhone's popularity will lead to cyber-criminals to taking an interest in mobile phones. With the increase in horsepower and functionality in smartphones phones, they are essentially mini computers. We all know the types of threats and vulnerabilities computers face and our phones are no exception.
Recently, some iPhone users were attacked by a worm - the first of its kind found on the iPhone. The virus automatically replaces the iPhone wallpaper with a photo of 80's pop singer Rick Astley and displays a message "Never give up your" (ikee is never going to give you up), but stops there and does not perform further attacks on the iPhone. The worm was written by a 21-year-old Australian hacker Ashley Towns to prepare, Towns said the production of the worm is to have iPhone users realize the risks of not changing the default root password.
However, only jailbroken iPhones are vulnerable to the worm virus. Jailbreaking is a process that allows iPhone and iPod Touch users to run homebrew apps on their devices by bypassing Apple's App Store. Once jailbroken, iPhone users are able to download homebew applications as well as cracked applications through unofficial installers such as Cydia, Rock App, Icy, and Installer. Jailbroken versions of Apple's iPhone is eligible for technical support and Apple has many times through software upgrades prevented users from cracking their iPhones. Apple also noted that Jailbreaking an iPhone is illegal. Users who jailbreak their iPhone, installed SSH, and did not change their default root password "alpine" were found with the worm. Once infected, the worm will attempt to search and spread to other jailbroken iPhones in the same network. This threat can be mitigated by changing the default password of their iPhone.
Prior to this incident, iPhone users have already been the target in attacks. A week ago, Dutch users received messages from an the attacker that warned of a security vulnerability in their cell phone and requested that these users donate 5 Euros each to a PayPal account. The attackers have since apologized and provided a fix. This is an example of an attacker who exploited the same flaw but not in the form of a virus or worm.
]]>
Just a reminder that the RSA Conference is back in town. For those of you interested in security, RSA is the place to be. Personally, I'm looking forward to what new developments in security 2010 will bring. See you all at the show!]]>
eWeek has just published their review of the UTM5. The review talks about the various components of the UTM5 and also gives their thoughts on setting up the unit.
When the user arrives at the sites of these viruses, the site will present the user with a fake online virus scan, then inform the user's that the computer has been infected, and present a virus (Trojan-Downloader.Win32.FraudLoad.wxuf ) disguised as anti-virus software for the user to download and install.
This type of threat can be stopped in real-time by ProSecure appliances.]]>
We just introduced the latest member of the UTM family the UTM5. It contains all the security found in the UTM10 and UTM25 at slightly slower speeds. It's a great fit for smaller office networks and basically gives you the high level of protection found in high end Web/Email security gateways, plus the functionality and connectivity options of a good firewall.
IT Pro has just published their review of the STM300. Head on over and see what they have to say about the STM300.]]>
A new vulnerability in Internet Explorer has been discovered (again).
This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a victim's machine.
SmallNetBuilder has posted a very thorough review of the UTM10. For those of you who are interested in what the UTM looks like under the hood as well as how it performs, I highly recommend heading on over there.
From all of us here at ProSecure, we wish you all Happy Holidays and a Happy New Year!]]>
Due to the iPhone being a hit in the smartphone market, network security researchers warned that the iPhone's popularity will lead to cyber-criminals to taking an interest in mobile phones. With the increase in horsepower and functionality in smartphones phones, they are essentially mini computers. We all know the types of threats and vulnerabilities computers face and our phones are no exception.