Tuesdays With Microsoft

Tuesdays are the day when we patch the holey Microsoft products.

Patch Tuesday leaves Duqu 0-day for another day

November marked a light Patch Tuesday with just four bulletins, only one of which tackles a critical flaw.

All four advisories relate to problems in Windows. None is related to the zero-day vulnerability related to Duqu, the highly sophisticated worm reckoned to be related to the infamous Stuxnet pathogen.

See also:
Microsoft Security Bulletin Summary for November 2011
Microsoft Patch Tuesday Fixes Critical Windows 7 Bug, Leaves Out Duqu Zero-Day
Microsoft Fixes Four Bugs for November Patch Tuesday
Microsoft offers simple patch Tuesday for election day
Microsoft fails to patch Duqu, but fixes critical hole in Windows TCP/IP stack
One critical bulletin, no Duqu patch, in November 2011 Patch Tuesday updates
A mild November Patch Tuesday from Microsoft
Light Patch Tuesday May Lead To Out-of-Band Patch
Microsoft fixes gaping hole in Windows TCP/IP stack
Microsoft patches critical Windows bug, but not Duqu flaw
Microsoft patches critical Windows 7 bug, downplays exploit threat
Microsoft Leaves Duqu Worm Exploit Unpatched
Windows Update

I find it more than interesting that Microsoft is unable or unwilling to patch for the Duqu Virus. Is it intentional?

/anyway, you know the drill, get on with it

From China, With Sprinkles

Gee, you’d think there’s be some type of common sense rule about not buying critical electronic components for your military hardware from your enemy, but I guess not.

Fake electronics becoming military danger

“Sprinkling” sounds like a fairly harmless practice, but in the hands of sophisticated counterfeiters it could deceive a major weapons manufacturer and possibly endanger the lives of U.S. troops.

It is a process of mixing authentic electronic parts with fake ones in hopes that the counterfeits will not be detected when companies test the components for multimillion-dollar missile systems, helicopters and aircraft. It was just one of the brazen steps described Tuesday at a Senate Armed Services Committee hearing examining the national security and economic implications of suspect counterfeit electronics — mostly from China — inundating the Defense Department’s supply chain.

See also:
U.S. defense equipment has been outfitted with counterfeit parts from China
Senate Homes in on China’s Role in Counterfeit Parts Entering DOD’s Supply Chain
Senators to Take on Counterfeit Electronic Parts in DOD
US Senators Demand China Crack Down on Suppliers of Fake Military Parts
Officials: Fake weapons parts ‘ticking time bomb’
Officials: Fake weapons parts ‘ticking time bomb’
Opening Statement at SASC Hearing on Counterfeit Electronic Parts in DOD Supply Chain
Fake Chinese weapons costs US millions
Lawmakers says counterfeits flood Pentagon supply
Chinese counterfeit parts found in U.S. weapons
Officials: Fake weapon parts hit Pentagon supplies
Lawmakers describe counterfeit electronic parts flooding into military’s supply chain
Probe traces bogus military parts to China
Report: US military supply chain riddled with shanzhai parts from China
China rejects U.S. charges of bogus weapons parts

It’s bad enough that China steals our intellectual property at will and that we owe them over a trillion dollars, but now they’re deliberately sabotaging our military equipment with fake electronics that, upon failure, could cost the lives of our military service members?

/it’s not a hot war, but it’s not a cold war either and we seem to be losing

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem

Not So Astute

It’s a bad end to a bad week for the British military.

A beached wail from the world’s top submarine

THE British Royal Navy faces a possible multimillion-dollar repair bill for damage to the world’s most advanced submarine, with stealth technology so sophisticated it can lie undetected for weeks off an enemy coast.

The sub, which is so new that it is not yet fully operational, has sonar with a range of 3000 nautical miles and carries more firepower than a squadron of 16 Tornado bombers.

But on Friday the £1.2billion ($1.9billion) HMS Astute nuclear submarine spent the day stuck on a shingle bank near the Isle of Skye off the west coast of Scotland in view of a curious public after it ran aground during a routine crew transfer. It was towed free by a tug that night but the incident is another blow for the Royal Navy, which suffered considerably last week with budget cuts to its aircraft carriers, warships, Harrier jump jets and the prospect of 5000 redundancies.

The navy insisted that there was no likelihood of a nuclear leak or any other environmental issue and no one was injured in the incident.

But the ship’s Commander, Andy Coles, will face questions and a possible court martial over why the ship ran aground.

See also:
Royal Navy chiefs left red-faced after brand new £1.2bn nuclear submarine is left high and dry off the coast of Scotland
Experts assess grounded submarine
Navy’s nuclear super-stealth submarine stuck off Skye for ten hours
High-tech sub runs aground in Scotland
HMS Astute – the navy’s £1.2billion nuclear vessel – runs aground
Sub shows too much to be stealthy
Navy not quite so astute after stranding
Red faces for Navy as stealth submarine left high and dry
Nuclear submarine HMS Astute is finally freed after running aground off Skye
Barrow submarine HMS Astute rescued
Grounded Nuclear Submarine Is Towed Free
Nuclear submarine freed after running aground off Isle of Skye
Grounded nuclear sub HMS Astute docked for tests
FACTBOX-Britain’s Astute class submarines
HMS Astute (S119)

Well, at least they got her back underway with no apparent damage and no loss of life.

/I’m guessing Commander Coles won’t be in command much longer