Bits are Bits…Net Neutrality

But they say we'll all be better off this way (as they cut new content, innovation, consumer choice)

But they say we’ll all be better off this way (as they cut new content, innovation, consumer choice) – Imgur.com

What is net neutrality?

At its simplest, net neutrality holds that just as phone companies can’t check who’s on the line and selectively block or degrade the service of callers, everyone on the internet should start on roughly the same footing: ISPs shouldn’t slow down services, block legal content, or let companies pay for their data to get to customers faster than a competitor’s.

In this case, we’re also talking about a very specific policy: the Open Internet Order, which the FCC adopted in 2010. Under the order, wired and wireless broadband providers must disclose how they manage network traffic. Wired providers can’t block lawful content, software, services, or devices, and wireless providers can’t block websites or directly competing apps. And wired providers can’t “unreasonably discriminate” in transmitting information. The FCC has been trying in one way or another to implement net neutrality rules since 2005.

That was in the sidebar from The Verge’s article from May 14, 2014 called GAME OF PHONES: HOW VERIZON IS PLAYING THE FCC AND ITS CUSTOMERS

So very important!

Much more in the article.

I found that when I was reading a more recent article by arstechnica called Report: Verizon FiOS claimed public utility status to get government perks:

“It’s the secret that’s been hiding in plain sight,” said Harold Feld, senior VP of consumer advocacy group Public Knowledge and an expert on the FCC and telecommunications. “At the exact moment that these guys are complaining about how awful Title II is, they are trying to enjoy all the privileges of Title II on the regulated side.”

“There’s nothing illegal about it,” Feld, who wasn’t involved in writing the report, told Ars. However, “as a political point this is very useful.”

The FCC classifies broadband (such as FiOS) as an information service under Title I of the Communications Act, resulting in less strict rules than the ones applied to common carrier services (such as the traditional phone system) under Title II. But since both services are delivered over the same wire, Verizon FiOS is able to reap the benefits of utility regulation without the downsides.

Much more in this article as well.

Bits are bits. This is the point I have been pushing. Like water companies, electric companies and even telcos. There should be no fast lanes. There should be no place where they discriminate between bits. They are the water or electric company of the Internet. they provide the pipes that the data rides through. They should be simply providing the bits and not discriminating between them.

If they start discriminating between the bits, they set themselves up as the gatekeepers of the Internet. It opens the door to invasion of privacy and discrimination. It also stifles innovation by making it easier for big business to control the industry. It makes it exponentially harder for the next “Google” or “Yahoo” or other disruptive innovation to take off. If Google or Yahoo had to pay for fast lanes for their customers in the early days of the Internet, they never would have made it out of the gate. Neither will the next innovative and disruptive technology. And we will all be the losers if that happens. It will also make it harder for small businesses in general that might have an online component to their business to provide competitive services because they can’t afford to pay for those fast lanes. This will be true of small businesses that provide remote services as well as hosting, etc.

I think it is very important to contact the FCC and submit your thoughts on this very important issue of Net Neutrality which will affect us all in one way or another. Even if we are just users of the Internet, we will also feel the monetary impact, as well as freedom and privacy impact, and innovation impact. We always do.

What Do You Want Your Representatives to Ask Chairman Wheeler About Net Neutrality? – EFF.org:

Thus, Congress has an important role to play in the struggle for a neutral Internet. We know that members of the subcommittee are planning to re-write the Communications Act, and we know that letters from Congress members aren’t taken lightly by the FCC in the rulemaking process. That means it’s time to let our elected officials and the FCC know that we will fight to protect the future of our open Internet.

Here are three ways to join the debate and have your voice heard:

  1. Today, tweet your questions for FCC Chairman Wheeler during the Communications and Technology Subcommittee hearing using the hashtag #AskWheeler.
  2. Call your representative. Let’s be clear: any rules that allow Internet providers to discriminate against how we access websites would be a disaster for the open Internet.
  3. Submit comments in the FCC official rulemaking process. We’ve made it easy with our DearFCC.org public comment tool. It’s time to fill the FCC’s Open Internet docket with our voices and our stories. After all, it’s our Internet.

There are no easy solutions. But the FCC and Congress both want and need to hear from us. So let’s give them what they ask for. Let’s defend our Internet.

IE Zero-Day Vulnerability

Microsoft Security Advisory 2963983 – Vulnerability in Internet Explorer Could Allow Remote Code Execution – TechNet

General Information

Executive Summary

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.

Mitigating Factors:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.

  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.

  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

More information in the full article. There is no patch. But Microsoft has given some recommendations which are easier to understand at Security Garden’s posting:

Recommendations

As illustrated in the “Security Research and Defense Blog” reference below, users of IE 10 and 11 should ensure they haven’t disabled Enhanced Protection Mode.

Another option is to install the Enhanced Mitigation Experience Toolkit (EMET). The recommended setting for EMET 4.1, available from KB Article 2458544, is automatically configured to help protect Internet Explorer. No additional steps are required.

See the Tech Net Advisory for instructions on changing the following settings to help protect against exploitation of this vulnerability:

  • Change your settings for the Internet security zone to high to block ActiveX controls and Active Scripting

  • Change your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

 

Those still using Windows XP on the Internet, please be aware:

VERY IMPORTANT FOR ANY HOLD OUT WINDOWS XP USERS

This is the first of the security vulnerabilities that DOES NOT include workarounds  for Windows XP. The oldest Windows noted as being affected are: Windows Server 2003 SP2 and Vista SP2.

IMPORTANT NOTE: Once a Microsoft product’s support has expired — as is true now about Windows XP SP3 since April 8, 2014 — Microsoft no longer lists it as affected by the vulnerabilities being patched. Microsoft only list Windows versions which are still under Mainstream Support or Extended Support. This has always been the case.

If anyone is still using Windows XP on the Internet (UNWISE!!), it would be strongly recommended to disallow IE (Internet Explorer) access to the Internet through your software firewall*, and use another browser like Firefox and Google Chrome which will still be getting updates for a time.

* Any Windows XP users still on the Internet should at least have:

  • a hardware router with Stateful Packet Firewall
  • should be using a ‘real’ software firewall as well as a good AV program. Just one good choice that will continue to support Windows XP is ESET’s Smart Security which is a very good antivirus and firewall. It is the one I use. It is not free. There are several free antivirus programs but not many free security suites.
  • block Internet Explorer through the ESET or other software firewall.
  • should be using a 3rd party browser like Mozilla Firefox with NoScript, Adblock Plus and WOT to help sort out safer search results on search engines, or Google Chrome with ScriptSafe, Adblock Plus and WOT Extension.
  • uninstall Java entirely, keep Adobe Flash religiously updated for Firefox as long as Adobe continues to provide them. Google Chrome updates Flash within itself. Might want to switch from Adobe Reader to Sumatra PDF reader which is a simple PDF viewer.
  • need to be even more careful than ever before about where you go. The bad guys will be looking with great anticipation for computers with expired Windows XP.
  • no risky behavior
  • no banking … note very soon banks will be disallowing expired Windows XP entirely anyway.

IMPORTANT: You can not block a program from getting out to the Internet with the Windows XP Firewall. It is only a one way firewall. It only monitors incoming Internet requests, instead of both ways as any real firewall including Windows 7 and Windows 8 built-in software firewalls do.

Here’s a quote from a ZDNet article:

To those planning to stick resolutely with the aged Windows XP operating system even after Microsoft ends support next year, the advice from experts is simple: Don’t do it.

Again: I would strongly suggest you get a new computer, upgrade your computer if it can be upgraded to a modern/still supported Windows such as Windows 7 or Windows 8, or get a Mac, or you could  convert/upgrade the computer to Linux or use a Linux LiveCD to visit the Internet and still use Windows XP as a standalone NOT CONNECTED TO THE INTERNET computer.

If you need help with any of this, please contact your computer guru, join a forums like Scot’s Newsletter Forums – BATL (Bruno’s All Things Linux) to ask questions, or you can use the contact info on my website  to contact me for some help.

Support Ends today for Windows XP and Office 2003

RIP Windows XP and Office 2003!

Well, like it or not, Windows XP Home and Professional, as well as Microsoft Office 2003 support ends today, April 8, 2014.

Windows XP Home and Professional Support Ends today, April 8, 2014!

Windows XP Home and Professional Support Ends today, April 8, 2014!

 

Windows XP support end: 10 steps to cut security risks – ZDNet

“While doing nothing is an option, we do not believe that most organisations — or their auditors — will find this level of risk acceptable,” vice president and Gartner fellow Neil MacDonald said in a report, Best practices for secure use of XP after support ends.

Between 20 percent and 25 percent of enterprise systems are still running XP, and one-third of organisations continue to use it on more than 10 percent of their machines, Gartner estimates.

For those still using the venerable OS after the end of routine Microsoft updates and security patches, MacDonald has come up with 10 best practices to minimise the risks.

Rest in Peace, Windows XP – PCMag SecurityWatch

Rest in Peace Windows XP 2001-2014 You will be missed!

Rest in Peace Windows XP 2001-2014 You will be missed! Image links to PCMag article.

This is the end. Your Windows XP computer will get its last update today. Oh, it’s not going to roll over and kick the bucket, but continuing to use it will be more and more dangerous, since any new vulnerabilities that arise won’t be patched. We checked in with a number of security experts to discuss just how risky life will be for those who continue to run XP.

It’s the end of the line for Windows XP – USAToday

The software — introduced in an era before texting, Facebook, Snapchat, the iPhone and iPad — has lingered thanks to the reluctance of many consumers and small businesses to change. Despite its age, XP is the No. 2 computer operating system, and many folks are in store for a rude wake-up call.

Microsoft on Tuesday ceases official support for XP. The company will no longer issue patches or system updates to protect against viruses and other malware. If you run into any snags at all, you won’t be able to call Microsoft for technical assistance.

Microsoft Ends Support for Windows XP – Mashable

“Microsoft has provided support for Windows XP for the past 12 years. But now the time has come for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences,” wrote Microsoft in an announcement.

Launched on October 25, 2001, Windows XP is one of the most successful Microsoft products ever; its successor, Windows Vista, was quickly replaced with Windows 7, and it took as long as September 2012 for Windows 7 to overtake XP as the most popular desktop operating system.

Microsoft ends support for Windows XP and Office 2003 – TheNextWeb

If you’re wondering why April 8, 2014 is the date support for both of these products ends, it’s really quite simple. Microsoft releases regular patches on Patch Tuesday, the second Tuesday of every month.

Microsoft supports its products for many years, and depending on when service packs as well as successors are released, the company eventually announces, in advance, when it will cut off support. April 8 happens to be the last Patch Tuesday for both products, meaning if security holes are found after today’s date, they won’t be plugged.

Excellent point!

Netmarketshare.com for Operating Systems pulled today showed March 2014 tallies:

Networkmarketshare, as of March 2014, pulled today, still shows Windows XP as 27.69% of the MarketShare.

Networkmarketshare, as of March 2014, pulled today, still shows Windows XP as 27.69% of the MarketShare. Link goes to metmarketshare.com

I personally still find it unbelievable that Microsoft, or any company really, would retire/pull support an OS that still garners nearly 30% of Windows users around the world.

Of course if you are an Enterprise company that can afford $200 PER PC for the first year, and increasing amounts each year THEREAFTER for Windows XP updates (security updates only by the way)…

Windows XP support will be available after April 8—just not for you – PCMag

Meet Microsoft’s Custom Support for Windows XP, described as a last-ditch effort for big businesses to quite literally buy some more time to migrate from Windows XP to a more modern operating system. The U.K. paid 5.548 million pounds to Microsoft for an additional year of support to maintain critical and important security updates for Windows XP, Office 2003, and Exchange 2003. Otherwise, Microsoft plans to end support for Windows XP by April 8.

Microsoft has been warning about the demise of Windows XP support since September, 2007, and Custom Support will extract a heavy toll from businesses that were too slow to act: up to $5 million per year (according to a report from Gartner), negotiated on a custom, per-company basis. Last year, Gartner issued a report claiming that the prices could go as high as $200 per PC, per year. The firm called such prices “punitive”.

Should consumers get the same break?

To date, Microsoft has given no indication that it will extend consumer support for Windows XP after the April 8 deadline, even though it has extended anti-malware support through July, 2015. After that date, any and all vulnerabilities found for Windows XP will live on forever, even though there are some avenues to keep your PC safe and protected after the deadline expires.

BTW: Apple‘s Mac OS X Mavericks holds 3.75% of the market (putting it between Windows 8.1 and Vista), however, if you include all Mac OS X operating systems listed: Mac OS X 10.6 1.29% (support ended), Mac OS X 10.8 1.18%, Mac OS X 10.7 1.05% Mac OS X 10.5 .24% (support ended), Mac OX X 10.4 0.06% (supported ended), and Mac OS X no version reported 0.01%, then the total is 7.58% of the operating system total market share (which puts it on the low end between Windows XP and Windows 8).

But, that does mean that only 1.59% of all Mac OS X users are running expired versions with no support.

Compare that with 27.69% of Windows users running  Windows XP.

NOTE: That doesn’t count the expired/no support users running Windows NT at 0.15%, Windows 2000 at 0.03%. Apparently Windows 98 users have finally fallen off at 0.00%.

Windows XP end of support: why it concerns you – OnWindows.com

Reto Haeni explores the risks of running Windows XP after its end of service and the benefits of migrating to newer operating systems

This article was first published in the Spring 2014 issue of Touch

Designed in a different era

Computers running Windows XP routinely experience a significantly higher malware infection rate than computers running any other supported version of Windows. Much of the elevated infection rate on Windows XP can be attributed to the fact that some of the key built-in security features included with more recent versions of Windows are not present in Windows XP. Windows XP, designed in a different era, simply can’t mitigate threats as effectively as newer operating systems, like Windows 7 and Windows 8. As the threat landscape has evolved over the past twelve years since the release of Windows XP, so has software security.

It’s time folks! If you haven’t done it yet, and if you are still running Windows XP on the Internet, it is high time to correct this by upgrading to a modern OS that is still supported, or disconnect from the Internet.

Please, unless you are a technical person who truly understands the risks and has taken steps to mitigate the overwhelming risks, then please be responsible and disconnect your Windows XP computer now!

Or move to new computer running a current version of Windows, or a Mac from Apple, or the Open Source ‘UNIX like’ Linux operating system and run Windows XP programs with Crossover as suggested here, or you could use Windows XP offline, and use a Linux LiveCD for Internet surfing and email, etc as suggested here and not mess up your offline Windows XP system. No matter how you do it, PULL THE PLUG on Windows XP – Disconnect the Ethernet or Wireless connection to the Internet! Just as soon as you get any April 8th Windows Updates on Patch Tuesday.

Unless you know what you are doing, you will be playing Russian Roulette with your Windows XP computer if you allow it to be online once Microsoft ends support after April 8, 2014. And that has been only Life Line extended support since 2009.

 

Microsoft Office 2003 support ends today, April 8, 2014!

Microsoft Office 2003 support ends today, April 8, 2014!

We also mentioned Microsoft Office 2003. Oh, yes, Microsoft Office 2003 has also expired today. No more security updates will be provided for Office 2003 either, just like Windows XP.

If you are still using Office 2003, it’s high time to remove it and move to a current version of Microsoft Office, or move to one of the Open Source alternatives such as;  Apache Foundation‘s OpenOffice.org or Document Foundation‘s LibreOffice, or move to using online versions of MS Office software like MS Office Web Apps or move over to Google’s online document handling programs; Google Docs.

 

Lizamoon and Epsilon breach

[tweetmeme source=”franscomputerservices” only_single=false]There are two major things that users need to be aware of right now, as if there weren’t enough already. 😉

One affects email and the other affects browsing/surfing the Internet. Both bad news, and we all need to be very aware of what has happened and why we have to be very vigilant in making sure we don’t click on links in email, open attachments sent in email, or respond to potential unexpected boxes and requests while surfing the Internet.

Financial and payment services are the biggest areas being hit right now, and will continue to be so much more effective and dangerous due to the current economy while people scramble to survive around the world.

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Lizamoon/LizaMoon drive-by rogue malware infection

Lizamoon is a drive-by rouge antimalware or antivirus download infection. Thankfully you generally have to take some action to allow it to install as noted by Fred Langa in the comp copy of WindowsSecrets.com newsletter in his article entitled, “LizaMoon infection: a blow-by-blow account“. Must read!

The most important takeaway is that Fred said he had to take action on four separate occasions before the infection took place:

On the other hand, deliberate choices and actions by a user can defeat any software. LizaMoon required my active, voluntary involvement four different times before the infection took hold.

LizaMoon wasn’t even subtle: I had plenty of warnings and opportunities to abort the process, the malware itself provided abundant clues to its own bogus nature (such as an inability to keep its aliases straight).

Much more in the article. A must read for all who surf the Internet to be able to identify this rogue drive-by infection when it happens/if it happens.

The biggest takeaway:We can prevent these types of things by being aware and not clicking on things just because they are presented to us while surfing the Internet.

Epsilon breach – Spear Phishing attacks

Epsilon is an outsourcing marketing company for many big companies/banks. They have a huge database of people’s email addresses, names and the company or bank associated with each email address. This makes the spear phishing, generally a very effective social engineering technique and can make their attacks via email so much more effective…mainly because they know the email addresses are real, and more importantly they can link the real name and the actual company/bank connected the email address.

Computerworld reports, “Security experts today warned users to be on the watch for targeted email attacks after a breach at a major marketing firm that may have put millions of addresses in the hands of hackers and scammers.”

Brian Krebs (KrebsOnSecurity) and Heise Online Security report,

Epsilon has now confirmed that approximately 2 per cent of its total clients were affected. According to a blog post by security blogger Brian Krebs, financial services company Visa and American Express (Amex) say that they were not impacted by the Epsilon breach. However, the following banks, service providers and online retailers are said to have been affected:

1-800-FLOWERS
AbeBooks
Air Miles (Canada)
Ameriprise Financial
Barclay’s Bank of Delaware
Beach Body
Bebe Stores
Best Buy
Benefit Cosmetics
Brookstone
Capital One
Chase
Citigroup
City Market
College Board
Dillons
Disney Destinations
Eddie Bauer
Eileen Fisher
Ethan Allen
Euro Sport (Soccer.com)
Food 4 Less
Fred Meyer
Fry’s Electronics
Hilton Honors Program
Home Depot Credit Card (Citibank Editor)
Home Shopping Network
JPMorgan Chase
Kroger
Marks and Spencer
Marriott
McKinsey Quarterly
MoneyGram
New York & Co.
QFC
Ralph’s
Red Roof Inns
Ritz-Carlton
Robert Half International
Smith Brands
Target
TD Ameritrade
TiVo
U.S. Bank
Walgreen’s

Much more in these articles, must read, as well as others on the web including WashingtonPost, eWeek, BBC, and others.

The biggest takeaway: Don’t believe everything you see in email. Don’t trust links or downloads in email. Check with the person who sends it before opening any downloads and don’t give out information from your bank, and other sites, etc. unless you can confirm it definitely came from them. You can always go to the site directly from your own bookmarks/favorites and login to ensure you get to the right place. Don’t use their links in email unless you can verify it’s really from the company. In fact, one can get into trouble and get further compromised by clicking on links in email.

Side note: this is why I do not view email as HTML. So much can be hidden behind all the pretty pictures and code.

And be prepared. Keep your antivirus software and antimalware program as well, clear your Internet cache frequently. If you suspect you have been hit with one of these rogue antivirus/antimalware attacks, unplug the Internet/network cable from your computer to prevent further harm and take appropriate action by running Malwarebytes Antimalware, CCleaner (or other temporary Internet cleaner program you use), and then a scan with your antivirus software and take whatever recommended action they call for. Links to these programs provided on our Resources page.

If you make sure both of these are updated before you surf for the day, you will be in a much better situation should you somehow get hit with something.

And do your backups, and have an image of your OS to restore from if it becomes necessary. Windows 7 makes this very easy to do with their built-in image creator and backups, and system repair disk.

Race Conditions aka TOCTOU and now KHOBE

[tweetmeme source=”franscomputerservices” only_single=false]There is a ‘supposedly new’ threat on the horizon for Windows XP users, and more so on multi-core systems called KHOBE (Kernel HOok Bypassing Engine).

Although this is a threat, it is not a new threat — in fact, this type of thing has been a threat to computing since 1998 when it was written about in PDF format: RaceConditions.pdf, and in 1996 in this PDF: racecond.pdf and many times since then in articles online about TOCTOU (noted below in this posting).

It definitely sounds pretty bad when it is reported that this ‘new’ KHOBE can bypass EVERY Windows security product in an article by the respected Adrian Kingsley-Hughes at ZDNet Blogs and as reported and tested by MATOUSEC here. And it certainly isn’t a non-issue…

However, let’s look at this objectively. First this is not the first, last or only situation that has or will arise. Race Conditions as noted above have been created by TOCTOU (Time of check to time of use) situations since the dawn of computing and yes, they are not easy to test for in all situations/hardware prior to release of software/Operating Systems, but these types of conditions have been a potential threat for a very long time in all kinds of software.

A time-of-check-to-time-of-use bug (TOCTTOU − pronounced “TOCK too”) is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race condition.

Before Windows was capable of true multi-tasking/multi-threading, it was possible to create these conditions on UNIX machines as noted in this 2001 article at InformationWorld.

So, why the fuss now? Windows 7 is basically claimed to be immune — by its omission in the ‘affected Windows Operating Systems’ list. Apparently only Windows XP (ONLY about 60% of Windows users –eeek! — per Adrian Kingsley-Hughes article above), or earlier Windows OSes are affected and in this particular case, and then only by security software that use the KHOBE (Kernel HOok Bypassing Engine).

Graham Cluely at his Sophos Blog notes,

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of “doing something extra” if the bad guys’ malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that’s one of the reasons, of course, why we – and to their credit other vendors – offer a layered approach using a variety of protection technologies.

In addition, Paul Ducklin’s Sophos blog notes,

The security panic of the week is the widely-reported story of a “vulnerability” called KHOBE. One news headline goes so far as to announce that this “new attack bypasses virtually all AV protection”.

I disagree.

The sample “attack”, which claims to be an 8.0 earthquake for desktop security software, describes a way in which the tamper protection implemented by some anti-malware products might potentially be bypassed. Assuming you can get your malicious code past the anti-malware product in the first place, of course.

Much more in his blog entry. All of these links are must read if you wish to understand as much as is possible what the real threat is.

So, given all this, is the game over on security software because this is now disclosed to be possible (READ: it was always possible) — at least till they figure out how to prevent Race Conditions in security software?

Hardly. But due to the release of the information, this situation may make life interesting security-wise for Windows XP users (earlier Windows OSes like Win2K, Win98, WinME, WinNT shouldn’t even be on the net at this point for many reasons, the least of which is this situation).

So, if you are a Windows user what can you do in the meantime?

  • Keep your systems up to date
  • Make sure you have a hardware NAT or SPI Firewall/Router on your local network, and a software firewall in place and working properly and updated (if it’s a third party firewall – Windows Firewall is updated with your Windows Updates)
  • Keep your browsers up to date
  • Keep your browser plugins (Adobe products, Apple products, Java, etc.) and extensions (like Firefox’s AdBlock Plus, etc.) up to date
  • Keep all Internet facing programs (Adobe, Microsoft, etc.) up to date
  • Run your CCleaner (or other Temporary Files/Temporary Internet Files cleaner program) frequently (I actually run mine several times a day) – Fully close any browsers before running your ‘cleaner’ and then re-open it as needed after you run the ‘cleaner’
  • Make sure your antivirus software is updating as it should and doing its scheduled scans
  • Update and Run any cleaner software and secondary anti-malware programs (like Malwarebytes Anti-malware) at least once a week or more often and immediately if something seems odd on your computer
  • Don’t open suspicious emails, even from known senders
  • Be careful where you go on the Internet. Even some legitimate sites have been hacked
  • Be careful about links and friends on Facebook (if you haven’t deactivated your account yet), Twitter, LinkedIn, and other Web 2.0/dynamic Social Networking sites.

In short, do what you should always be doing to keep yourself safe. Because this isn’t over. It was always a possibility whether we were aware or not, and it will likely be a possibility for a long time to come.

You might also consider installing a preventative program like BillP’s WinPatrol on your system to make you aware of potential changes to your system. *See EDIT below for a note from BillP about WinPatrol and kernel hooks.

And as I noted earlier, the focus of this issue, at this time, is apparently Windows XP, but any operating system is vulnerable to this type of attack and always has been — and that is not likely going to change any time soon.

EDIT: Added the following comment from BillP who developed WinPatrol:

* Thanks! I’m honored by the mention.
It’s a great topic and mentioning WinPatrol is appropriate since I don’t use any kernel hooking to detect changes. Thumbs Up!

Bill

Oracle, Java and Security

[tweetmeme source=”franscomputerservices” only_single=false]Oracle, Java and Security … oh my!

Java bug exposes users to serious code-execution risk – Researchers disclose because Oracle won’t!

This zero day bug, which is in the Java Web Start (this is automatically added as an ‘extension’ in Firefox – which I always disable) has become a real problem. Here’s a quote from the article regarding the Researchers’ attempt to make Oracle understand the severity of this issue:

Both researchers stressed the ease in which attackers can exploit the bug using a website that silently passes malicious commands to various Java components that jump-start applications in Internet Explorer, Firefox, and other browsers. Ormandy said he alerted Java handlers in Oracle’s recently-acquired Sun division to the threat but “they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

(bold emphasis in the quote mine)

Merely disabling ActiveX or Firefox plugins isn’t enough because the toolkit is installed separately from Java. That means the only temporary fixes are browser specific for IE and Firefox and involve setting killbits or employing file system access control list features. (More about that here).

Or we could always just uninstall Java entirely until Oracle decides to protect their users.

That is a sad option since Secunia makes use of Java for it’s OSI (Online Software Inspector) which has become a very handy free tool for folks to keep up on the myriad of “Internet-facing” programs, plugins, missing Windows Updates, etc.

And of course, Weather.gov (for animated maps) and NASA/JPL use Java for many online projects. I would think they would want Oracle to rethink their position on this problem!

Plus, this is not just a Microsoft Windows Issue. The article also notes that this could affect Linux.

And from the sound of it, also Apple’s Mac OS; particularly since Apple is slow to upgrade Java on their OS platform, and they haven’t done an update for Java in a while for OS X Tiger at all.

What a mess. This issue with Java vulnerabilities, and how Oracle is handling it, may well provide a backdrop that opens up other concerns about Oracle’s stance on security related to their flagship products … things that maybe Oracle wouldn’t want folks to start thinking about…