Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

It's the Season

From all the staff here at S?nnet Beskerming we wish all our readers a very merry Christmas and a happy New Year. We hope that the security advice and reporting that we have provided to you this year has helped you avoid difficulties, and that it is allowing you to have a peaceful break over the Christmas / New Year period. Before everyone can go and enjoy themselves there are a few issues to have come up over the last few days which could impact over Christmas.

Firstly, Symantec and a number of other Information Security vendors have had vulnerabilities disclosed which could leave systems open to complete compromise by remote attackers. In Symantec's case, almost the entire product line has been found to be vulnerable to a flaw which can allow a remote hacker to execute code of their choice on systems running Symantec software. Interestingly, this problem is cross-platform, affecting both Windows and Macintosh Symantec software with similar results. In McAfee's case, their Security Centre and VirusScan software products can expose underlying systems to remote attackers, with similar outcomes to the Symantec issues. While the Symantec flaws can be completely automated, the McAfee flaw requires the victim to activate it, either by visiting a malicious website, or other vulnerable action. In Symantec's defence, the filesize required to exploit this flaw is in the range of 50 MB.

Normally, Apple software doesn't attract a lot of attention from hackers, and so not a lot of security flaws tend to get discovered. The past week has seen two different vulnerabilities discovered, affecting the QuickTime media player, iTunes, and the OS X Operating System. The first flaw, which affects QuickTime and iTunes, leads to a Denial of Service against the software and is launched by opening a malicious .mov media file. While the original discoverer has claimed that arbitrary code execution is possible, there is no indication that this is the case (at this time). This flaw affects both the OS X and Windows versions of the software. The second flaw affects the OS X Operating System itself. In this case, malformed HTML input will cause the KHTMLParser to crash, bringing down vulnerable applications with it. It is known to affect Safari and TextEdit at this stage, but any application which relies upon the inbuilt KTMLParser to render HTML content is likely to be vulnerable. The discoverer of this flaw, who also discovered the QuickTime / iTunes flaw, claims that arbitrary code execution is possible, but again there is no indication that this is the case (at this time).

The timing for public release of this information seems suspect, especially the claims of arbitrary code execution and the lack of a timeline which indicates when Apple were notified of the problems. While the vulnerabilities are certainly real, it is probable that a patch will be delayed due to the Christmas / New Year holiday period. Concerned users should be careful about accepting QuickTime media files from untrusted sources (for the first vulnerability), and about visiting potentially malicious / untrusted websites (for the second vulnerability), lest their application suddenly shut down.

Website applications are not escaping the attention of hackers over the Christmas period, either. It is suspected that many of the most active and prolific website defacers are secondary or tertiary students, and the increase in defacement activity seems to correlate with school holiday periods, with significant reductions during exam seasons. Turkish based hacking groups appear to have become very active over the last couple of weeks, with some fairly significant attacks taking place during that time period. Not only are single sites being targeted, but servers which host multiple sites are being attacked with increasing frequency. To aid the defacement and other attacking efforts, a number of vulnerabilities have been discovered over the last couple of weeks in a range of common Internet software packages. These vulnerabilities are already seeing fairly rapid deployment, with a number of sites running the Mambo Content Management System in particular being targeted over recent days.

The company behind leading law enforcement forensic software EnCase, amongst other titles, has released a statement admitting that they were recently compromised in an attack which allowed the attackers access to financial and personnel data connected to thousands of law enforcement personnel and security professionals. The attack was first discovered on December 7, and it is believed that the incident took place at some stage in November. While normal identity theft cases can net valuable information, the perceived level of compromise, and the specific industry groupings covered, would mean that this particular security breach could have some significant long term effects. It is reported that the US Secret Service has become involved in investigating the breach.

Microsoft's Internet Explorer web browser for the Macintosh Operating System was frozen at version 5 a couple of years ago when active development ceased in response to the emergence of Safari. All support for the application will be ceased as of December 31, 2005, and it will no longer be included for distribution from January, 2006. While this move is not unexpected, it has been some time since Internet Explorer was the default web browser installed on Apple Operating Systems (it was always installed, or was on the installation disks, just not the system default browser). While not a complete reproduction of the Windows version of the software, it did make for a useful testing and development tool for Web designers and other Internet professionals, as well as providing a fall back for sites which refused to display in other browsers.

IBM's once flagship Operating System, OS/2, has also reached the end of its lifespan, with all support for the product being withdrawn as of December 23.

24 December 2005

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.