Saturday, May 27, 2006

Symantec confirms vulnerability in antivirus software

Symantec confirmed Friday afternoon a vulnerability in its Antivirus Corporate Edition software that had been discovered by security firm eEye. According to the company, a successful exploit of the flaw could "potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system."

At this time, Symantec has only issued IDS signatures that will be able to detect attempts to exploit the vulnerability. Network Security Appliance 7100 signatures (SU 46), Gateway Security 3.0 signatures (SU 19) and Client Security 2.0 and 3.0 signatures (SU 22) have been made available via the software's live update feature.

The company recommends that customers adjust their software policies as long as the flaw is exposed to a potential exploit. Specifically, the firm said that companies should restrict access to administration or management systems to privileged users only, keep all operating systems and applications updated with the latest vendor patches and "run both firewall and antivirus applications, at a minimum to provide multiple points of detection and protection to both inbound and outbound threats."

Symantec also said that users should "be cautious visiting unknown or untrusted websites or following unknown URL links" and should not "open attachments or executables from unknown sources."

Symantec Anti Virus Software Flawed !!!

A flaw has been detected in Symantec's leading anti-virus software AGAIN!, by researchers from eEye Digital Security.

The anti-virus software, Symantec 10.x, which protects some of the world's largest corporations and US government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files, or implant malicious programs.

Symantec is investigating the issue, but could not immediately confirm the vulnerability. However, if confirmed, the threat to computer users would be severe because the security software is widely used, and because no action is required on the part of victims to bring on the attack.

Symantec says it has these anti-virus products installed on more than 200 million computers. Meanwhile, a spokesman for the company said that it is examining the reported flaw, but described the flaw as so new that the company does not have any details on the same.

Researchers at eEye Digital Security have said that the vulnerability is capable of being exploited by remote hackers to take complete control of the target machine, "without any user action". eEye Digital has published a note about the discovery on its Web site, but has pledged not to reveal details until after Symantec repairs the flaw, as this would help hackers attack Internet users. eEye Digital has posted a brief advisory to raise alarm about the bug, which can allow execution of malicious code with system-level access. The flaw carries a "high risk" rating because of its potential for serious damage.

Meanwhile, the flaw happens to come at a very awkward time for Symantec. John Thompson, chief executive, Symantec just recently campaigned to convince consumers to trust Symantec and not Microsoft for protecting their personal information, he he he lol…

Friday, May 26, 2006

Security in the CLR World Inside SQL Server

SQL-CLRIs running ।NET Framework code within SQL Server 2005 exciting or a threat? Which is it? This article explores the security issues of SQLCLR code so that both developers and DBAs can make informed decisions about its use.

One of the major benefits of writing .NET code to run in the Common Language Runtime (CLR) hosted in any environment is code access security (CAS).

CAS provides a code-based rather than user-based authorization scheme to prevent various kinds of luring and other code attacks. But how does that security scheme coexist with SQL Server 2005's own, newly enhanced security features? By default your .NET code is reasonably secure, but it's all too easy for the two security schemes to butt heads and cause you grief. In this article I'll look briefly at the concept behind CAS and a few new security features in SQL Server 2005, then explore how to make the two systems work for you instead of against you as you take advantage of these advanced programming features in SQL Server.
The good news is that Microsoft did a great job bringing together the security systems of SQL Server and the Common Language Runtime, with tools to control code. But there are some interesting features—both to watch for and to take advantage of!
Don Kiely gives a complete detail about and how to secure ur SQL Server, chk it out।

Tuesday, May 23, 2006

New Yahoo IM Worm Poses as 'Safety' Browser

Security researchers have identified a new worm spreading across Yahoo's instant messaging network that has been cloaked under the guise of a "safety" browser in an attempt to dupe users.
The worm (named yhoo32.explr) installs a piece of software called 'Safety Browser' and then hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs.

Because Safety Browser uses the IE icon to identify itself, users can easily mistake it for the legitimate Internet Explorer. This is the first recorded incidence of malware installing its own web browser on a PC without the user's permission, according to security firm FaceTime.

The self-propagating worm spreads the infection to all contacts in Yahoo! Messenger by sending a website link that loads a command file onto the user's PC and installs Safety Browser.

"This is one of oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime Security Labs.

"This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser,' have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."

Friday, May 19, 2006

Iskorpitx Strikes Again

Type the word "Iskorpitx" into Google, and see what you get. Exactly the same word spit back at you, except from any number of different sites. That's because Iskorpitx is the handle of a hacker who recently committed the biggest hacking incident in web-hosting history. Those search results are the graffiti he left. 

Thought to be a 45-year-old Turkish man, Iskorpitx successfully hacked at least 21,549 sites at once (a tally is still being made-expect the final count to be much higher), defacing pages on all of them. His signature included a Turkish flag, his handle and country of origin, and several repetitions of the "f***" next to the names of France, Greece, and Armanian [sic].

As one might imagine, this has upset quite a few people. A brief glance at the list of sites Iskorpitx affected shows the domains .org, .net, and .com, indicating a probable lack of aim or distinction on his part.

Iskorpitx has quite a reputation for this sort of thing. Since 2003, he's hacked an estimated 117,000 websites, not even including this latest round, and some of those were the sites of his own country's government.

The Turkish hacker seems to have ignited some sort of passion for the activity in his country. In recent months, more than 50 percent of notified defacements appear to have originated from Turkey. Brazil was formerly the most prominent home of these sorts of hackers.

It remains unknown whether the most recent attacks where made at the root or webserver level. Iskorpitx executes his hacks by creating subpages, regardless of what authorization level he achieves on the servers.

Iskorpitx's motivations are unclear. Although many of the Turkish hackers have religious agendas, he does not seem to share them. Whatever his reasons or inspiration, Iskorpitx is acting as a massive nuisance throughout the Web.

Via Doug Caverly.