Adobe 0-day vulnerability CVE-2009-4324 – what does this mean?

This new document has answers to What does this mean type questions, i.e. what an organization can make to protect itself?

Link:

blogs.securiteam.com/index.php/archives/1339

How to analyze timeline of 9/11 attacks – read pager traffic from N.Y. and Washington

Wikileaks has released hundreds of thousands pager messages from 11th September, 2001 sent in New York and Washington.

Link here.

Like mentioned in my SecuriTeam Blogs entry those messages are reportedly sent in Arch Wireless's, Metrocall's, and SkyTel's networks. The source or sources of the leak is not known, however.

Update: Further reading.

And the winners of oldest incident contest are…

Open Security Foundation’s DataLossDB has announced the winners of oldest incident contest.
Read more via SecuriTeam Blogs entry.

The oldest vulnerability is known – let’s find the oldest data loss incident

Open Security Foundation – an organization behind OSVDB and DataLossDB has launched a competition to find the oldest documented data loss incident.

The last day to make a submission is next Friday – 15th May.

This reminder was posted to my SecuriTeam Blogs section too.

Give me your fingerprints, I’ll sell you a mobile phone

After a delay of weeks I have posted an entry to SecuriTeam Blogs. The subject is Give me your fingerprints, I’ll sell you a mobile phone.

The fact is that in Mexico mobile phone companies are building a database of their clients, complete with fingerprints.

Read more here.       

OS X malware family has a new member: OSX.Lamzev.A

The new Trojan for Mac was found and the name of the malware is OSX.Lamzev.A.

This Trojan has been covered at my most recent SecuriTeam Blogs entry.

Sinowal Trojan - difficult to catch since Feb 2006

RSA Security’s Blog has released information about the seriousness of the Sinowal banking Trojan - including some statistics.

This was covered in my newest SecuriTeam Blogs post.

The victims of RPC Trojan Gimmiv were XP boxes in Asian area

A list of hundreds Windows machines has been released by 0x000000.com. The list entitled RPC Worm Victim List states that the victim machines are mainly Windows XP machines (i.e. MSIE 6.0 or MSIE7.0; Windows NT 5.1 in browser’s user agent).

I made a script yesterday to generate WHOIS queries and the results say that the victim machines are located mainly in Asian area.

There is one machine registered to Microsoft IP too.

Link to my newest SecuriTeam blog entry.

Microsoft Windows RPC Vulnerability MS08-067 (CVE-2008-4250) FAQ - October 2008

I have released an FAQ document about critical Windows RPC vulnerability MS08-067 at SecuriTeam Blogs site. The document will be updated during the Sunday (Finnish time) and hyperlinks will be added.

Link to the document below:
Microsoft Windows RPC Vulnerability MS08-067 (CVE-2008-4250) FAQ - October 2008

Update: hyperlinks added, new information added and several updates

Three good reasons why iPhone isn’t the major corporate smartphone

Overall three vulnerabilities have been reported in Apple's iPhone this month.

All of these affect to the most recent Phone version 2.1.

The summary about SMS information disclosure vulnerability and Mail's phishing and spamming vulnerability can be read via my newest SecuriTeam Blogs entry. Visit the link here.

My name is Elvis Presley and here is my RFID passport

The Hacker’s Choice group has managed to clone a chip of RFID-based passport and of course, they used the name, DOB and photo of Elvis Aaron Presley. This is the subject of my SecuriTeam Blogs entry posted recently.

Demonstration video and some technical information can be found here.

APWG: Number of phishing sites has decreased - crimeware is here to stay

First time in the history of Anti-Phishing Working Group (APWG) the number of phishing reports received and new phishing sites discovered decreased at the end of period (i.e. Mar ‘08).

The number of crimeware-spreading URLs rose to a new record, in turn.

The release of the APWG Q1 report [pdf] is the subject of my SecuriTeam Blogs entry written today.

Fedora confirms: Our servers were breached

New information about the "important infrastructure issue" affecting to Fedora Project has been released today.

Mr. Paul W. Frields, Fedora Project Leader has posted an announcement about the facts, including:

"One of the compromised Fedora servers was a system used for signing Fedora packages."

More information available at
redhat.com/...announce-list/2008-...

and

blogs.securiteam.com/index.php/archives/1130

Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist

It is not known if Sun Microsystems or Nokia Corp. paid €20 000 to get the detailed information about J2ME vulnerabilities affecting to Nokia Series 40, but both of the companies have confirmed the existence of these vulnerabilities.

Read more via my SecuriTeam Blogs entry.

Update 22nd Aug: The IDG.No reports that

“Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full research, which amounted to 180 pages and 14,000 lines of proof-of-concept code.

Nokia has a complete copy of Gowdiak’s research, said Mark Durrant of Nokia’s corporate communications.”

That device on my work computer - was it there yesterday?

There are several means how you can detect if there are spying devices etc. installed to workstations in your organization. This topic is the subject of my newest SecuriTeam Blogs entry - follow the link here.

MIDP’s and MIDlets put tens of millions Nokia S40 phones in danger

A new entry has been added to my SecuriTeam Blogs blog (in fact more than 24 hours ago already).

It discusses about the recent J2ME vulnerabilities discovered by Adam Gowdiak affecting to at least tens of millions Nokia Series 40 Java phones.

Update 14th Aug: Added link to the Nokia listing of S40 models.

Facebook worm - and how long we have to wait AV protection

There was two separate malwares spreading in the social networking site Facebook (and MySpace was affected as well). Until the Facebook security team had capable to block the Koobface worm we had a protection via Windows-based anti-virus software.

Russian-based Kaspersky Lab reported about the existence of the worm on 31th July. It took several days until there was coverage malware write-ups available from notable anti-virus vendors.

The following malware names have been assigned by the AV industry (listed in alphabetical order):

McAfee – W32/Koobface.worm
BitDefender – Win32.Worm.KoobFace.A
Kaspersky Lab – Net-Worm.Win32.Koobface.b
Panda Security – Boface.A [their technical name is W32/Boface.A.worm]
Sunbelt Software – Net-Worm.Win32.Koobface.b
Sophos – detected proactively as Mal/Heuri-D, Mal/Heuri-E, Mal/Emogen-N and Mal/Packer
Symantec – W32.Koobface.A

The protection exists before the write-up release in many cases, however.

You can read the entire SecuriTeam Blogs entry written on Friday here.

SecuriTeam Blogs - three years, 1000+ posts and towards the future

It was three years again - on Monday 25th Jul 2005 when Aviram Jenik posted his entry entitled First Post to SecuriTeam Blogs site.

The fact is that according to their statistics there are currently 1,037 posts and 3,435 comments written.

This anniversary is covered at this post. You can find the SecuriTeam Blogs main page here.

Word Viewer - it can be your workaround in the latest Word 0-day case

In many Microsoft Word zero-day vulnerabilities since 2006 Word Viewer utility is being included to affected products.

This week the situation is different, however.

Read my entry related to the most recent vulnerability (disclosed via targeted attacks, naturally) from SecuriTeam Blogs - link here.

Cisco: We know IOS rootkits can be made - harden your system

Mr. Sebastian Muniz, Core Security presented the Cisco IOS rootkit last week as promised - and it appears that Cisco guys have this presentation or they were at EuSecWest listening Mr. Muniz. I don't know the answer, but Cisco has updated its response document, see my latest SecuriTeam Blogs entry.

There has been a less active period because my girlfriend takes my time;-) but I'll post to my SecuriTeam blog in the near future, absolutely.

Link to the entry mentioned is here, post #1096 at SecuriTeam Blogs, BTW.