Adobe Releases Emergency Reader Patch

According to ComputerWorld, Adobe just issued an emergency update for its popular Reader PDF software patching two critical vulnerabilities, including one attackers have been exploiting for weeks.  Successful attacks have dropped a Trojan horse and other malware on victimized Windows PCs.

Adobe Advisory


Well, There Goes The e-Neighborhood!

Nearly 15% of the world’s Internet traffic — including data from the Pentagon, the office of Defense Secretary Robert Gates and other US government websites — was redirected through computer servers in China last April, according to a congressional commission report obtained by

According to a draft report, a state-owned Chinese telco, China Telecom, hijacked” massive volumes of Internet traffic during the 18-minute incident.  It affected traffic to and from .gov and .mil websites in the United States, as well as websites for the Senate, all four military services, the office of the Secretary of Defense, the National Oceanic and Atmospheric Administration and “many others,” including websites for firms like Dell, Yahoo, IBM and Microsoft.

I hope the report is released publicly, as I would like to understand how we can start building IP’s replacement protocol suite, since the baby AND the bathwater are tainted, FUBAR.  I’ve said it for over 10 years, IP is crap, build a new suite with security at its heart!  I hope the governments and big corporations regularly super encrypt their really sensitive stuff…



Increasing Canadian Internet Monitoring

Earlier this month I blogged about the government tabling its latest proposal for increasing Internet surveillance capabilities with 3 little bills (C-50, C-51, C-52).  So far, they have received limited attention despite their potential to completely change the way the Internet is used in Canada.

I am not a lawyer; however, the bills appear to focus on required information disclosure, mandating surveillance technologies, and providing new police powers:  

  • ISPs currently may voluntarily disclose customer information, but are not required to do so.  Under the new rules, Internet Service Providers (ISPs) must provide customer information to law enforcement without court oversight.  The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers.

    The decision to require disclosure of personally identifying information (PII) without any oversight should immediately raise Canadian privacy community concerns.  The ability to link PII with other data will open the door to creating detailed profiles for individuals. 

  • ISPs will be forced to introduce deep-packet inspection technologies that will allow real-time surveillance.  The bill sets out detailed capability requirements that will eventually apply to all Canadian ISPs, including intercepting communications, and isolating the communications of a particular individual.

    The bills also establish reporting requirements including the disclosure of all ISP technical surveillance capabilities within 6 months of the law being enacted.  Follow-up reports are required when providers acquire new technical capabilities. 

  • New police powers will be provided allowing law enforcement to gain access to surveillance data.   These include new data transmission warrants granting real-time access to all information generated during the creation, transmission or reception of a communication, including the type, direction, time, duration, origin, and destination of the communication.  Preservation orders could then be obtained, requiring ISPs to preserve subscriber information for 90 days.  Having preserved the data, production orders can be issued to require the disclosure of the information and data.  

Of course I believe that it is important to provide law enforcement with the necessary tools to address online crime issues, but I fail to see clear evidence that the current legal framework has impeded important police work, and big brother does NOT need to see what we google or how we spend our personal time.  Proposals to alter the fundamental protections afforded to, and privacy expectations of, individuals in Canada come at an enormous financial and personal cost.  If one is suspected of serious wrong-doing, and sufficient evidence can be produced to demonstrate probable cause to a judge, then by all means, phone calls, Internet use, and other communications can be legally intercepted after a warrant is issued. 

Arguments that “those who have nothing to hide have nothing to fear” are clearly misguided.  Under this new legislation, anyone with a wireless access point setup at home or experiencing a malware infection could potentially find themselves languishing in jail.  Cops trolling through logs looking for anyone that might have done something wrong at some point could scoop them up in the broadest of nets. 

I suspect that ISPs are going to see a marked increase in the volume of encrypted traffic on their networks.

Vulnerability Awareness Tools

Many small to medium sized businesses don’t manage their security well.  Some rely completely on a third party to manage their security, and to provide them with security intelligence.  There is nothing wrong with using a service or allowing someone knowledgeable to assist you with securtiy, in fact, it is the ideal model for SMB’s in my opinion, since Info-Sec staff are kind of expensive to keep hanging around.  However, as a Business Owner, Business Manager or IT Manager, you should be aware of and paying attention to evolving risks to your environment and asking your service providers what they are doing about them for you.

There are a number of good resources avaialble for FREE that will keep you in the loop.  Some of these are minimal offerings that provide just enough useful awareness if you have the time to conduct your own investigations, intended to tease you into buying an intelligence package.  These purchases are worth your while if the price is reasonable, and I encourage you to take advantage of the free feeds, as well as leverage the paid services of these companies.

 One company that offers excellent value and a pretty nice free feed service is Secunia.  They are based out of the Netherlands, and offer some fantastic products.  I especially like their genuine concern for home users, and the provisioning of a FREE vulnerability scanner and reporting service aimed at that niche.  Here is a snippet from their latest free email report.

During the past week 81 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business.  This weeks Secunia Advisories had the following spread across platforms and criticality ratings:

  • Platforms:
    • Windows:                       12 Secunia Advisories
    • Unix/Linux:                 40 Secunia Advisories
    • Other:                                3 Secunia Advisories
    • Cross platform:          26 Secunia Advisories
  • Criticality Ratings:
    • Extremely Critical:       0 Secunia Advisories
    • Highly Critical:             16 Secunia Advisories
    • Moderately Critical:   21 Secunia Advisories
    • Less Critical:                  33 Secunia Advisories
    • Not Critical:                    11 Secunia Advisories

Want to Subscribe?

Other handy services that a SMB should examine include NIST’s Vulnerability Database and Purdue University’s FREE Cassandra alerting system.  Cassandra simplifies keeping up-to-date with vulnerabilities.  Instead of going to NIST or Secunia every day and repeating the same searches, Cassandra does the work for you.  It works by saving lists of products, vendors and keywords. Whenever new information is available regarding these keywords, Cassandra can notify you by email.  I’ve been using both of these resources for years and am pleased with the informaiton that they provide.

This is just a short list of many resources that can be used to stay on top of security vulnerabilities as they are announced by vendors.  What do you use?

Learn To Reverse Engineer Malware

The InfoSec Network provides some great information, and handy resources.  If you haven’t checked them out before, check them out now.  I like their focus on sharing information and forensic techniques.  Giuseppe Bonfa has recently provided  a complete step-by-step tutorial on how to reverse engineer the ZeroAccess (AKA Smiscer, or Max++) Rootkit. 

 The 4 part article takes the reader through an introduction and backgrounder, demonstrates how to de-obfuscate the user-mode agent dropper, reverse engineer the kernel mode device driver, the process injection kit, all the the way to tracing the malware’s origins through code.  Well worth the read if you are just curious, but especially if you are interested in forensic analysis.

ZeroAccess article

 Other Malware/Reverse Engineering articles on InfoSec Network