copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


AusCERT Week in Review for 8th June 2012

Date: 08 June 2012

Click here for printable version


The calm feeling of the past few weeks has given way to back to back action this week.

As analysis of the Flame malware reveals more of its 'features' to the world, those impacted have taken appropriate action, including Microsoft this week.

Infosec researchers have long dreaded the theoretical scenario where Microsoft's Windows Update is being used to deliver malware. This week we've discovered it's no longer a theory with Flame including forged MS Terminal Server certificates.

I tip my hat to whomever is responsible for Flame, as they've just opened Pandora's box and let loose a collection of new malware technologies that garden variety malware writer will soon copy. Thanks a lot... (not)

So if you've not already attended to them, here are my top 5 patches/actions for the week:

1) ESB-2012.0516 - ALERT [Win] Microsoft Windows: Access confidential data - Remote/unauthenticated

If you run Windows on anything, then you should have already applied Microsoft's out of band patch mentioned in MS Security Advisory (2718704). A high priority.

2) ESB-2012.0518 - ALERT [Win][UNIX/Linux] BIND: Denial of service - Remote/unauthenticated

Given that the Berkeley Internet Name Domain (BIND) servers provide much of the translation between humans using URLs all over the place, and computers and devices chatting away via IP addresses, then a remote denial of service against BIND could spoil things for many. Updated packages already exist for Debian and RedHat. A high priority.

3) ASB-2012.0082 - [Win][UNIX/Linux] Firefox , Thunderbird, and SeaMonkey: Multiple vulnerabilities

Mozilla Firefox & Thunderbird must be feeling lucky at version 13 with a collection of important bugs squashed. If you use Firefox or Thunderbird then patching it is a must. Updated packages have been released for RedHat and Debian. Enterprise Windows users should consider using their favourite delivery method to update Mozilla products on their clients machines.

4) ESB-2012.0514 - [Debian] nut: Denial of service - Remote/unauthenticated

Network UPS Tools is a suite of software used across various *nix flavours, Linux distributions as well as being available for OS X and Windows. It can talk to Solar Controllers, but more likely to be communicating with an Uninterruptible Power Supply. This update fixes CVE-2012-2944 which is quite desirable as a remote denial of service resulting in electric-power outage on devices connected to your UPS is best avoided. A high priority.

5) ASB-2012.0083 - [Win][UNIX/Linux][Mobile] LinkedIn: Access privileged data - Existing account

The breach of 6.5 million unsalted LinkedIn passwords was well publicised and its likely that most of them have been cracked by now. Resist the temptation to type your LinkedIn password on a site that offers to tell you if it's been stolen or not. Instead, take this as a good opportunity to change your LinkedIn password to something new and unrelated to previous ones. While you're at it, if you have a or eHarmony account they've also been breached and will need new passwords.
The moral of the story is; don't store password hashes as salt free SHA1. Are you doing this on any of the applications you develop or manage? Some salt is necessary for the health of your users.

Happy patching,