Just for your information: We released an advisory regarding the WMF 0day tonight. You can find it here: http://www.microsoft.com/technet/security/advisory/912840.mspx
Roger
As probmised during today's IE-7-webcast, here is the link to the IE7-Blog: http://blogs.msdn.com/ie/
H A P P Y N E W Y E A R A N D A L L T H E B E S T F O R 2 0 0 6 !
Hopefully you will stay with us and perhaps we will see some more comments and feedbacks from you as well... ;-)
Urs & Roger
Well, I hope you enjoyed Christmas as much as I do and additionally I hope that you have the opportunity to have a few days off.
But it seems that the bad guys have too much time as well. There are reports that there is a 0day out there attacking a vulnerability in Microsoft Windows WMF Handling. We are aware of it and it is under investigation at the moment. Here you can find some information about it:MELANI: http://www.melani.admin.ch/newsticker/00072/index.html?lang=en&PHPSESSID=5f98437d926027b133d27ab41e1f6748 Secunia: http://secunia.com/advisories/18255/SANS: http://isc.sans.org/diary.php?storyid=975
F-Secure, one of our VIA (Virus Information Alliance) partners, has some good information on this from an attack perspective: http://www.f-secure.com/weblog/archives/archive-122005.html#00000753
Several AV-vendors including Symantec, Trendmicro, McAfee, and F-Secure have already updated their signature – therefore you should as well
Besides the 0day there is some good news as well. Today (you see we are working during Christmas time J) we published V2 of the Windows Server 2003 Security Guide covering SP1
If can be found here: http://www.microsoft.com/downloads/details.aspx?FamilyId=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en
This is the best document on how to harden Windows Server 2003 SP1 in different roles
There is a pretty interesting White Paper by Trendmicro describing the "Future of Bot Worms". One of the trends they see is RSS feed hijacking. Pretty interesting and scary. Read more at: http://www.trendmicro.com/NR/rdonlyres/EEE8DBC3-6948-4F0D-B5F4-0673260B88D5/17036/Future_of_Bots_FINAL.pdf
P.S. You might still stay on our RSS feed - it is secure ;-)
Some advertising: Next Wednesday we will run a webcast for IE7 and the corresponding security technology (what has changed since IE6 SP1). If you are interested, please register: http://www.microsoft.com/switzerland/technet/de/events.mspx in the middle of the page
A few months ago there was news that in Israel a trageted trojan attack blew up. Today there were additional (pretty interesting) information on CNet News: http://news.com.com/Online+scammers+go+spear-phishin/2100-1029_3-5981917.html?part=rss&tag=5981917&subj=news
Microsoft launches anti-virus service. Microsoft has launched Windows One Care Live Security beta, an anti-virus and anti-spyware service for consumers only. The service offers anti-virus, firewall, backup and recovery, as well as personal computer maintenance. Initially free, it will eventually be available for a subscription fee. The service is part of the company's Windows Live strategy announced last month, which sees Microsoft compete more directly with the likes of Google, Yahoo and Salesforce.com by using the web to deliver new products and services to customers.
http://www.windowsonecare.com/
http://www.vnunet.com/vnunet/news/2146980/microsoft-launches-anti-virus
Urs
A security analyzer is an automated tool for helping analysts find security-related problems in software. Modern security analyzers focused on building security in analyze software source code, trying to automate some of the tasks that a human analyst might perform. The impetus for security analyzers originally came with the realization that many software vulnerabilities are in reusable library functions, so that programs could be scanned to check whether they contain any calls to those functions. This process is more or less equivalent to opening the source code in an editor and searching for the name of vulnerable functions like strcpy()and stat(). Modern security analyzers are more sophisticated; they use data- and control-flow analysis to find subtler bugs and to reduce false alarms. Unfortunately, these tools are still not capable of replacing a human analyst. The purpose of this document is to outline what automated security analyzers can do and provide some criteria for evaluating individual tools.
https://buildsecurityin.us-cert.gov/portal/article/tools/code_analysis/overview.xml
MELANI, our Swiss CERT, just recently published its first semi-annual report. It gives a pretty interesting overview of the situation in Switzerland and internationally regarding information security. You can find the report here:
German: http://www.melani.admin.ch/newsticker/00071/index.html?lang=de
French: http://www.melani.admin.ch/newsticker/00071/index.html?lang=fr
Italian: http://www.melani.admin.ch/newsticker/00071/index.html?lang=it
English: http://www.melani.admin.ch/newsticker/00071/index.html?lang=en
If you intereseted in a deep analysis what happened during Blaster including some quantitative metrics, you should look into this case study, we recently published: http://www.microsoft.com/downloads/details.aspx?FamilyId=A66EA079-9180-4D4F-A8AF-269486D3217B&displaylang=en
Not exactly security-related but cool :-)
Microsoft Research released a tool called SNARF that should help you to organize your mails according to importance. I did not yet try it but it sounds interesting. Feel free to test: http://www.research.microsoft.com/community/snarf/
A pretty interesting case. Especially as those guys have been caught like any other normal thief - they did not behave too clever - and not by something like the IT-security: http://news.com.com/Former+software+chief+admits +stealing+trade+secrets/2100-7350_3-5989750.html
I would like to make some comments regarding this month's updates:
This is extremely good news. It gives credit to what we are doing to improve security and gives us credibility on the market. Common Criteria is one of the most important security certifications for products and the level we achieved is the highest achieveable level for multi-purpose operating systems.
http://www.microsoft.com/technet/security/prodtech /windowsserver2003/ccc/default.mspx
AIM Sniff is a utility for monitoring and archiving AIM and MSN messages across a network. It can be used to monitor for cases of harassment or warez trading. It has the ability to do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. AIM Sniff will also monitor for an IM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with IM login names (handles). MSN sniffing support was added. The code was modularized for ease of contribution and protocol development.
http://freshmeat.net/projects/aimsniff
http://www.microsoft.com/downloads/details.aspx? FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en
We wish you a merry christmas! Hopefully you can take a few days off!Stay secure and do not open unknown gifts without proper scanning... ;-)
You probably know those mails that tell you that a legal investigation has been started against you because child pornography has been found on your computer. When you open the attachement, a trojan will be installed.
Well, those kind of mails sometimes have a good side: A child pornographer turned himself in to the police in Germany after having received such a mail.....
Read the whole story: http://news.yahoo.com/s/nm/20051220/wr_nm/crime_germany_worm_dc
Viruses are not always bad :-)
Merry Christmas