Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Hacking The High Ground

Not content to merely cyberattack our civilian and military computer systems every second of every day, the Chinese have now taken their hacking attacks to a whole new, higher level.

Chinese Military Suspected in Hacker Attacks on U.S. Satellites

Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission.

The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month.

“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”

See also:
Hackers Interfered With Two U.S. Satellites, Draft Report Says
Hackers Interfered With 2 US Government Satellites
Hackers reportedly behind U.S. government satellite disruptions
Hackers Targeted U.S. Government Satellites
Chinese military may have hacked US satellites
China may have hacked US satellites
Hackers Targeted U.S. Government Satellites
U.S. satellites tampered by hackers
Hackers interfered with two U.S. satellites, report says
Chinese hackers suspected of interfering with US satellites
New hacker target: Government satellites
Chinese hackers may have attacked U.S. satellites
China suspect in US satellite interference: report
US reportedly attacked by Chinese hackers linked with the military
US Satellites hacked by Chinese Military says Congressional Commission

Given their ongoing and constant obsession with conducting cyberwarfare, it’s hardly surprising that the Chinese would be interested in attacking satellites. After all, in the event of hostilities, taking out the enemy’s satellites would effectively render them “blind”. The U.S. military is particularly dependent on satellite technology for communication and navigation, so it would only be logical for the Chinese, either by hacking or with kinetic strikes, to attempt to neutralize our satellite network and with it our technological advantage. The question is, what are we doing to counter this extremely obvious and serious threat?

/does anyone still remember how to navigate using a map and compass?

Do The Microsoft Patch Dance

The dance that never ends.

Microsoft Patch

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server.

Microsoft addressed seven vulnerabilities in Internet Explorer including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer

. . .

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated important for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer which could cause the system to crash.

See also:
Microsoft Security Bulletin Summary for August 2011
Microsoft Fixes IE, Windows DNS Server Flaws In Patch Tuesday Update
Microsoft Patches 22 Security Holes
Microsoft Security Patch Fixes 20-Year-Old Flaw
Microsoft fixes 22 security bugs
Microsoft’s August Patch Tuesday security update to tackle critical flaws in IE and Windows Server
Your Microsoft Patch Tuesday update for August 2011
Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update
Hefty Microsoft August Patch Delivers 13 Security Fixes
IE, Windows server bugs likely to be exploited soon
Microsoft expecting exploits for critical IE vulnerabilities
Microsoft Update

Get busy downloading.

/so, until the next Patch Tuesday . . .

It’s Tuesday, Time To Download Microsoft Patches

And this Tuesday, there’s an extra big heapin’ helpin’ of downloadin’ fun!

Microsoft Issues Huge Patch Tuesday Fix for Windows, IE

Microsoft today released a batch of 17 security updates for a Patch Tuesday that cover 64 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

Nine of the bugs are rated critical, while eight are important. One of the “important” bulletins includes 30 vulnerabilities in one bug, MS11-034, and they all share the same couple of root causes, Microsoft said.

Microsoft identified three vulnerabilities as its top priority bulletins for the month: MS11-020, which resolves a problem with Windows that could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system; MS11-019, another Windows bug that could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request; and MS11-018, which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

See also:
Microsoft Security Bulletin Summary for April 2011
Tackling the Massive Microsoft Patch Tuesday
Microsoft fixes IE, SMB bugs in big Patch Tuesday
Researcher confirms kernel bugs will dominate Patch Tuesday
Microsoft Smashes Patch Tuesday Record With Massive Update
Another Microsoft Patch Tuesday, 64 New Flaws To Fix
Microsoft Pushes Giant Security Patch
Microsoft delivers monster security update for Windows, IE
Microsoft Releases Torrent of Security Updates
Windows Update

It’s another record! Will Windows software ever be fully patched?

/probably not, so see ya next time, and have a good time downloading, this one takes quite a while!

The Religion Of Babykilling Scumbags

The vile Islamic murderbots strike again.

“And slay them wherever ye find them . . .”

Quran 2:191

Family Slaughtered By Palestinians

Five members of an Israeli family were killed Friday night when a suspected terrorist broke into their home in the West Bank settlement of Itamar and stabbed them all to death. The 12-year-old daughter who returned home from a friend’s house discovered the bodies. According to police, the suspect broke into the house armed with a knife and stabbed the mother, father and three children, aged 11, three and a three-month-old baby. Two infants, aged 2 and 4, survived the attack while escaping to their neighbors.

One of the paramedics who arrived at the scene described the horrific sights “We could not help the first four stab victims. Following an inspection of the scene I spotted an infant of about three who still had a pulse. We engaged in lengthy resuscitation efforts but had to pronounce him dead,” he said. “The murder scene was shocking. Kids’ toys right next to pools of blood.”

Security sources suspect that the attacker who carried out the massacre cut the fence surrounding Itamar and entered the home of the victims through the window, authorities could not immediately discount the possibility that more than one attacker was involved in the murder. The military blocked the entrance to the northern West Bank settlement of Itamar, as soldiers poured inside and a pair of ambulances departed.

Gaza celebrates

Gaza residents from the southern city of Rafah hit the streets Saturday to celebrate the terror attack in the West Bank settlement of Itamar where five family members were murdered in their sleep, including three children.

Residents handed out candy and sweets, one resident saying the joy “is a natural response to the harm settlers inflict on the Palestinian residents in the West Bank.”

See also:
Itamar massacre: Fogel family butchered while sleeping
Israel hunts suspected Palestinian militants after 5 members of settler family killed in sleep
Israeli family stabbed to death in their beds by Palestinian attackers
Israeli troops scour West Bank villages for killers of 5 Jewish settlers
Fogel family identified as victims of Itamar terror attack
Victims of West Bank settlement attack identified as Fogel family
Victims Indentified as Family of Rabbi Fogel of Yeshiva Itamar
Israel hunts for killers of sleeping settlers
PM urges Abbas to ‘stop incitement’; int’l community slams Itamar killings
Binyamin Netanyahu calls on world to act after killing of Jewish settlers
Israel can no longer pretend there’s no Mideast conflict

This is what you get when children are conditioned and taught, from birth, that it’s not only okay, but noble and heroic, to kill Jews and Infidels.

/and Israel is supposed to make peace with these unrepentant 7th century savages?

New Year, More Patches

Same as it ever was, what fun would Tuesdays be without Microsoft issuing software patches?

Microsoft Fixes Windows Security Vulnerabilities in Light Patch Tuesday

Microsoft issued two security bulletins to fix three Windows vulnerabilities, getting Patch Tuesday off to a slow start in 2011.

Only one of the bulletins is rated “critical.” That bulletin, MS11-002, covers two vulnerabilities affecting Microsoft Data Access Components. The first of the bugs exists in the way MDAC (Microsoft Data Access Components) validates third-party API usage. The second is due to the way MDAC validates memory allocation. According to Microsoft, both vulnerabilities could be exploited via a specially crafted Web page to allow an attacker to remotely execute code.

See also:
Microsoft Security Bulletin Summary for January 2011
It’s Microsoft Patch Tuesday: January 2011
Microsoft Patches 3 Windows Vulnerabilities
Microsoft patches critical Windows drive-by bug
Patch Tuesday: Microsoft plugs ‘drive-by download’ security holes
Microsoft’s January Patch Tuesday: 3 fixes but 5 holes unpatched
Two bulletins from Microsoft on its first Patch Tuesday of 2011 but Internet Explorer zero-day remains uncovered
Microsoft ‘Patch Tuesday’ Doesn’t Address Problem
Microsoft Patch Tuesday Update – 11th January 2011
Microsoft Patch Tuesday Hits One Critical Bug
Windows Update

And, once again, Microsoft patches some holes but leaves others uncovered.

/so, I guess we’ll be doing this again in the near future

Pakistan Circling The Drain

The government is crumbling, prominent politicians are being openly assassinated, and the situation seems to be getting worse by the day.

Pakistan’s Government Scrambles to Survive Coalition Defections

Pakistan’s ruling party is struggling to keep its grip on power a day after a key partner quit the governing coalition, denying it the majority in the national parliament. The prime minister is meeting with opposition politicians in a bid to head off a possible no-confidence vote.

Last month, a small party in the parliament, the Jamiat Ulema-e-Islam, announced it was switching to the opposition in parliament and demanded Prime Minister Yusuf Raza Gilani step down.

But the major political setback came Sunday when the second largest party in the ruling coalition, the Muttahida Quami Movement,announced it was also ending its partnership with the government. The move has turned Prime Minister Gilani’s government into a minority coalition in parliament.

Leading Pakistani Politician Killed

A leading politician from Pakistan’s ruling party was gunned down in a wealthy neighborhood of Islamabad Tuesday by a member of his security detail after speaking out against the country’s controversial blasphemy laws, an assassination that highlights the nation’s struggle to contain extremism even among those close to the center of power.

Salmaan Taseer, governor of Punjab, Pakistan’s most-populous province, and a member of the ruling Pakistan People’s Party, died after a member of his security team fired multiple shots into his car at a shopping complex, police said.

His attacker, Malik Mumtaz Qadri, who surrendered to police, admitted he was angered by Mr. Taseer’s opposition to the blasphemy laws, Interior Minister Rehman Malik told local television.

See also:
Pakistan’s prime minister strives to keep government alive
Sharif Tells Pakistan’s Prime Minister to Rein in Prices Or Face Challenge
PML-N gives govt ultimatum to accept its demands
Pakistan’s Government Faces Its Sternest Test Yet
Yet another Pakistani crisis
Pakistan’s political crisis
Death in Islamabad: Pakistani Governor Killed by Own Bodyguard
Salman Taseer assassination points to Pakistani extremists’ mounting power
Escort kills governor Taseer; Pakistan in troubleNews Analysis: Governor’s murder complicates Pakistan’s crisis
Pakistan to bury assassinated governor
Top Pakistani official’s murder adds to Obama’s Afghan woes

Seriously, if you thought Pakistan was less than cooperative with the U.S. Coalition’s war effort in Afghanistan before, just wait and see what happens if the Pakistani government collapses. The current ruling party, the Pakistan People’s Party, are the moderates. Any follow on Pakistani government will surely be much less friendly to U.S. interests in the region, if that’s even possible. And don’t forget, Pakistan has nuclear weapons.

/last one across the border and out of the cesspool, don’t forget to flush

Let’s Play ATM Or Slot Machine?

Barnaby Jack is at it again.

Researcher Demonstrates ATM ‘Jackpotting’ at Black Hat Conference

In a city filled with slot machines spilling jackpots, it was a “jackpotted” ATM machine that got the most attention Wednesday at the Black Hat security conference, when researcher Barnaby Jack demonstrated two suave hacks against automated teller machines that allowed him to program them to spew out dozens of crisp bills.

The demonstration was greeted with hoots and applause.

In one of the attacks, Jack reprogrammed the ATM remotely over a network, without touching the machine; the second attack required he open the front panel and plug in a USB stick loaded with malware.

Jack, director of security research at IOActive Labs, focused his hack research on standalone and hole-in-the-wall ATMs — the kind installed in retail outlets and restaurants. He did not rule out that bank ATMs could have similar vulnerabilities, though he hasn’t yet examined them.

The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system’s remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the machine.

Tranax’s remote monitoring system is turned on by default, but Jack said the company has since begun advising customers to protect themselves from the attack by disabling the remote system.

To conduct the remote hack, an attacker would need to know an ATM’s Internet IP address or phone number. Jack said he believes about 95 percent of retail ATMs are on dial-up; a hacker could war dial for ATMs connected to telephone modems, and identify them by the cash machine’s proprietary protocol.

The Triton attack was made possible by a security flaw that allowed unauthorized programs to execute on the system. The company distributed a patch last November so that only digitally signed code can run on them.

Both the Triton and Tranax ATMs run on Windows CE.

Using a remote attack tool, dubbed Dillinger, Jack was able to exploit the authentication bypass vulnerability in Tranax’s remote monitoring feature and upload software or overwrite the entire firmware on the system. With that capability, he installed a malicious program he wrote, called Scrooge.

Scrooge lurks on the ATM quietly in the background until someone wakes it up in person. It can be initiated in two ways — either through a touch-sequence entered on the ATM’s keypad or by inserting a special control card. Both methods activate a hidden menu that allows the attacker to spew out money from the machine or print receipts. Scrooge will also capture track data embedded in bank cards inserted into the ATM by other users.

To demonstrate, Jack punched the keys on the typed to call up the menu, then instructed the machine to spit out 50 bills from one of four cassettes. The screen lit up with the word “Jackpot!” as the bills came flying out the front.

To hack the Triton, he used a key to open the machine’s front panel, then connected a USB stick containing his malware. The ATM uses a uniform lock on all of its systems — the kind used on filing cabinets — that can opened with a $10 key available on the web. The same key opens every Triton ATM.

Two Triton representatives said at a press conference after the presentation that its customers preferred a single lock on systems so they could easily manage fleets of machines without requiring numerous keys. But they said Triton offers a lock upgrade kit to customers who request it — the upgraded lock is a Medeco pick-resistant, high-security lock.

. . .

Jack said that so far he’s examined ATMs made by four manufacturers and all of them have vulnerabilities. “Every ATM I’ve looked at allows that ‘game over.’ I’m four for four,” he said at the press conference. He wouldn’t discuss the vulnerabilities in the two ATMs not attacked on Wednesday because he said his previous employer, Juniper Networks, owns that research.

Jack said his aim in demonstrating the hacks is to get people to look more closely at the security of systems that are presumed to be locked down and impenetrable.

See also:
Bunker-busting ATM attacks show security holes
Hacker breaks into ATMs, dispenses cash remotely
Security researcher demonstrates ATM hacking
Black Hat: Hacker Tricks ATMs Into Raining Cash
Researcher shows how to hack ATMs with “Dillinger” tool
Armed with exploits, ATM hacker hits the jackpot
Powered By Microsoft Windows
IOActive Labs
Tranax Technologies
Triton Systems

All your ATMs are belong to Barnaby Jack!

/I’ll bet Barnaby is really well paid and gets plenty of job offers from the Black Hats as well as the White Hats