Tuesday Fun With Microsoft

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

See also:
Microsoft Security Bulletin Summary for December 2011
Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011
Last Patch Tuesday of 2011 Secures Windows XP, Vista, Windows 7
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft fixes 20 bugs in year’s last ‘Patch Tuesday’
Microsoft to patch three critical holes
Microsoft slims final patch Tuesday of 2011 to 13 patches from proposed 14
No BEAST fix from Microsoft in December patch batch
Microsoft fixes Duqu hole, but not BEAST problem
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
December Patch Tuesday Fixes Duqu Worm
‘Duqu’ zero-day Windows flaw patched this week
Microsoft: Duqu patched, bringing years total to 99 corrections

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Watching The Drone Watchers

I smell China, or maybe Russia. The fact that the virus keeps resisting efforts to remove it shows that there’s some sophistication involved.

U.S. Military Drones Infected With Mysterious Computer Virus

A fleet of U.S. military drones on a Nevada Air Force base has been infected by a keylogger virus that tracks every key and button their pilots press, Wired.com reported Friday — and top Air Force sources strongly contested.

The virus was first noticed by officials at Creech Air Force Base nearly two weeks ago using the base’s security system. It logged every keystroke of the pilots in the control room on the base as they remotely flew Predator and Reaper drones on missions over Afghanistan and other battle zones.

There has been no confirmation of information being lost or sent to an outside source, but the virus has been resistant to military efforts to clear it from the system.

“We keep wiping it off, and it keeps coming back,” a source told Wired.

See also:
Exclusive: Computer Virus Hits U.S. Drone Fleet
Computers Controlling Military Drones Reportedly Infected with Virus
Computer Virus Attacks U.S. Military Drones: Wired
Keylogger virus hits US drone operations
Combat drones’ computer systems reportedly infected with virus
Computer virus hits US’ Predator drone fleet
US war drones keep flying despite computer virus
America’s Drones Have Been Infected by a Virus
Virus infects Pentagon drones’ computers
U.S. Drone Controllers Said To Be Infected By Computer Virus
US drones hit by virus
U.S. Military Facing a Battle Unlike Any Other
Cyberwar: a Whole New Quagmire – When the Drones Come To Roost
Creech Air Force Base

Theses computers didn’t just infect themselves, they were almost surely infected by someone, either deliberately or unwittingly, connecting a malware infected memory stick or other portable media storage device to the network. This has been a known attack vector for a long time now and it’s easily preventable, simply don’t allow portable media storage devices anywhere near classified computer networks!

/search all personnel coming and going if that’s what it takes, it’s a small price to pay for avoiding potentially catastrophic security breaches like this

Good Luck With That Guy Fawkes

You really want to piss off important, rich and powerful people and call down the almighty wrath of God upon yourself? [Expletive deleted] with their money. This is so much bull[expletive deleted]. The New York Stock Exchange is one of the most hardened, redundant,and secure computer systems on Earth, Anonymous doesn’t have a chance in Hell of crippling it or shutting it down. Anonymous does, however, have a 100% chance of attracting a massive law enforcement investigative effort. Be sure to lock Mom’s basement door script kiddies and don’t forget to ask to see the warrant when the FBI comes knocking, if they knock.

Hacker Group Anonymous Threatens to Attack Stock Exchange

The FBI is investigating threats purportedly from the hacking collective that calls itself Anonymous to bring down the New York Stock Exchange on Monday by hacking into its computer system.

Members of the notorious hacker group appear to be threatening to bring the Occupy Wall Street protests in New York to a dangerous new level, sounding a call to “declare war on the New York Stock Exchange” on Monday by “erasing” it from the Internet.

“The FBI is aware of these schemes and threats and is looking into the matter,” FBI spokesman Tim Flannelly told FoxNews.com.

The hackers say they plan to launch a DDoS (or distributed denial of service) attack on the NYSE’s computer systems — the same type of computer attack that brought down numerous websites last Spring, making them inaccessible.

See also:
Anonymous Vows to Attack NYSE in Support of Wall Street Protests
Anonymous Threatens New York Stock Exchange Attack
Anonymous Hack Attack on NYSE: Will They or Won’t They?
Anonymous Vows to Attack NYSE
Anonymous Vows to Attack NYSE in Support of Wall Street Protests
A Tree Falls In The Forest: Anonymous Threatens To “Erase” NYSE From Internet
Is NYSE Vulnerable to Cyber Attack? Anonymous Might Just Try
Anonymous Group Pledges Digital Raid on NYSE Next Week
Anonymous Threatens to ‘Erase NYSE from the Internet’
Anonymous to (Maybe) Attack NYSE on Monday, Unconfirmed
‘Anonymous threat’ plot to undermine Wall Street protest?
Anonymous declares war on Wall Street? (Updates)
‘Invade Wall Street’: Occupy Wall Street’s Evil (And Probably Fake) Twin

With a threat this serious, the FBI is likely to get some help in hunting down these Anonymous douche nozzles, namely the full spectrum of U.S. “national technical means”. If Anonymous actually tries to attack the NYSE, using anything that requires electricity, they’ll quickly find out that they’re not so anonymous.

/hey scumbags, you’re in over your heads here, remember what happened to your mascot Guy Fawkes?

Do The Microsoft Patch Dance

The dance that never ends.

Microsoft Patch

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server.

Microsoft addressed seven vulnerabilities in Internet Explorer including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer

. . .

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated important for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer which could cause the system to crash.

See also:
Microsoft Security Bulletin Summary for August 2011
Microsoft Fixes IE, Windows DNS Server Flaws In Patch Tuesday Update
Microsoft Patches 22 Security Holes
Microsoft Security Patch Fixes 20-Year-Old Flaw
Microsoft fixes 22 security bugs
Microsoft’s August Patch Tuesday security update to tackle critical flaws in IE and Windows Server
Your Microsoft Patch Tuesday update for August 2011
Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update
Hefty Microsoft August Patch Delivers 13 Security Fixes
IE, Windows server bugs likely to be exploited soon
Microsoft expecting exploits for critical IE vulnerabilities
Microsoft Update

Get busy downloading.

/so, until the next Patch Tuesday . . .

Tuesday Is The Time At Microsoft When We Patch

It’s a relatively small one this time, but critical.

Microsoft Fixes 22 Bugs in July Patch Tuesday

Microsoft addressed 22 security vulnerabilities across four security bulletins in July’s Patch Tuesday update. Three of the patches fix issues in the Windows operating system.

The four bulletins patched issues in all versions of the Windows operating system and in Microsoft Visio 2003 Service Pack 3, Microsoft said in its Patch Tuesday advisory, released July 12. Of the patches, only one has been rated “critical.” The remaining three are rated “important,” according to Microsoft.

“Today’s Patch Tuesday, though light, should not be ignored, as these patches address vulnerabilities that allow attackers to remotely execute arbitrary code on systems and use privilege escalation exploits,” said Dave Marcus, director of security research and communications at McAfee Labs.

Security experts ranked Microsoft bulletin MS11-053, which addressed a critical vulnerability in the Windows Bluetooth stack on Windows Vista and Windows 7, as the highest priority. Attackers could exploit the vulnerability by crafting and sending specially crafted Bluetooth packets to the target system to remotely take control, Microsoft said in its bulletin advisory.

See also:
Microsoft Security Bulletin Summary for July 2011
Microsoft fixes 22 security holes
Microsoft issues critical patch for Windows 7, Vista users
Microsoft Releases 4 Updates for Windows and Office
Microsoft warns of critical security hole in Bluetooth stack
Security Experts Warn of Microsoft Bluetooth Vulnerability
Patch Tuesday Fixes Critical Bluetooth Flaw in Windows 7
‘Bluetooth sniper’ Windows vuln fix in light Patch Tuesday
Microsoft Squashes Bluetooth Bug
Microsoft patches ‘sexy’ Bluetooth bug in Vista, Windows 7
Microsoft Fixes 22 Bugs in July Patch Tuesday
Businesses should not ignore critical Microsoft Patch Tuesday update, say experts
Microsoft Patch Tuesday: four security bulletins
Microsoft Patch Tuesday – 12th July 2011
Windows Update

This isn’t the first time you’ve had to update Windows, you know what to do, so get busy.

/until next time, same patch time, same patch channel

Rockets Rejected!

Gee, I wonder if Hamas can get their money back for all the now impotent rockets they’re stockpiled.

Iron Dome intercepts first missiles from Gaza

Israel’s Iron Dome missile defense system for the first time intercepted rockets fired from Gaza.

Ashkelon’s Iron Dome intercepted two rockets fired Thursday on the southern Israeli city. The unit had been set up three days earlier.

Last week’s first deployment of the $200 million system in Beersheba is being called an “operational trial” by the Israel Defense Forces. The deployment came earlier than expected due to a rise in attacks on southern Israel from Gaza.

One unit also is set up in Haifa; another soon will be put up in central Israel.

See also:
Iron Dome successfully intercepts rocket fired at Israel
Iron Dome works in combat, intercepts Katyusha rocket
Iron Dome intercepts first rocket
‘Iron Dome’ Intercepts Enemy Missile
Israel Intercepts Rocket With New ‘Iron Dome’ System
Iron Dome successfully intercepts Gaza rocket for first time
Israel uses new anti-missile system as Gaza flares
Israeli system intercepts Gaza rocket for first time: AFP
“Iron Dome” Intercepts Rocket From Gaza
Israel’s Iron Dome ‘halts Gaza rocket for first time’
Israel PM: new missile shield stopped two rockets
A Paradigm Shift?

So far so good, a perfect operational record for Iron Dome. However, like defending against terrorism in general, Iron Dome needs to intercept 100% of the rockets to be successful, the terrorist scumbags only need to get a lucky round through once.

/however, that said, it’s got to be pretty demoralizing for the Hamas cretins to know that every time they fire a rocket from Gaza, it’s likely to be rendered harmless and they’re likely to get pounded by the IDF, all pain for no gain

A Paradigm Shift?

It looks like we’re going to get to see how a real world missile defense system performs under hostile fire.

Iron Dome to Become Operational

Following the recent escalation on the Gaza strip border, the IDF will deploy for the first time the Iron Dome missile defense system in strategic locations in the south of Israel as soon as Sunday, in order to shot down rockets and mortar shells fired at Israeli civilians.

The Iron Dome is a one of a kind portable anti missile system, designed to protect an area stretching over 10 square kilometers from short-range rockets and mortar shells. The system can calculate whether the rockets fired are a threat to civilian population or strategic sites based on their trajectory, thus intercepting only the ones which pose a threat and not handling the ones which will land in open areas.

The Israeli Defense Forces hope the system will perform as expected and intercept all incoming rockets. If it does do so, the IDF will mark another unprecedented historical achievement, which could mean a “game changer” in the Middle East.

See also:
Israel to deploy ‘Iron Dome’ anti-rocket system
Iron Dome Defense To Start Working Sunday in Southern Israel
Iron Dome heads south
Israel deploys air defense system ‘Iron Dome’ near Gaza
Israel to deploy Iron Dome anti-missile system across southern territories
Iron Dome to be deployed in South soon, IDF says
IDF Considers Deploying Iron Dome as of Sunday
What about the Iron Dome?
Vilnai: Israel has strategic reason not to use Iron Dome
Iron Dome

if Iron Dome works, what will the frustrated Hamas terrorists do, or the Hezbollah terrorists for that matter, with their vast Iranian supplied arsenal rendered useless?

/if I were a South Korean, living in Seoul, I’d be paying close attention