copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


AusCERT Week in Review for 27th July 2012

Date: 27 July 2012

Click here for printable version

End of week Greetings,

High profile data breaches have been pre-occupying the media for much of this week, with much less attention being focused on avoiding breaches in the first place.

Hardening your world facing web infrastructure doesn't happen by accident, or the press of a button, it takes time, effort and significant amounts of planning.

Here are some quick points to consider:

Apple Released OS X 10.8 (Mountain Lion) this week, and is available for those game enough to try revision 1 of a product. More attention has been paid to security with Gatekeeper being a potentially valuable addition by making it harder for malicious software to be installed. Along with Address Space Layout Randomization (ASLR) OS X 10.8 also includes a Password Assistant feature to assist in the generation of strong passwords and keep them private and encrypted.

At the Black Hat security conference held this week in Las Vegas, security researcher Charlie Miller demonstrated how modern Android and Meego phones could be attacked using Near Field Communication (NFC). Using a Google/Samsung Nexus S and Nokia N9 Miller showed how it was possible to infect the smartphones with malicious code, without the need of interaction from the phone user. While NFC only has the range of a few centimetres, various tricks can be used to extend this range, and malicious NFC enabled devices could be easily hidden in very public places. Until this new technology matures, it would be wise to disable NFC on your smartphone, except for the occasions when you really need to use it.

For those who have not yet attended to them, here are my top 5 patches/actions for the week:

1) ESB-2012.0701 - [Win][UNIX/Linux] BIND: Denial of Service - Remote/Unauthenticated

Appropriately named, BIND is the glue that holds much of the Internet together. Any issues with BIND are rather serious, a denial of service even more so. While you need to be running DNSSEC for this vulnerability to be a problem, if you are then patch right away.

2) ESB-2012.0700 - [Win][UNIX/Linux] DHCP: Denial of service - Remote/unauthenticated

People will likely complain about "the network being down" when DHCP is not handing out addresses to authorised hosts upon request. To avoid this happening, apply this patch, or the related one from your vendor as they come out, like Debian for example (ESB-2012.0709).

3) ESB-2012.0702 - ALERT [Win] Microsoft Exchange Server and FAST Search Server 2010 for Sharepoint: Execute arbitrary code/commands - Remote/unauthenticated

Following on from the Oracle mega-bulletin last week, Microsoft have provided workarounds for remote code execution vulnerabilities in Microsoft Exchange Server and FAST Search Server 2010 for SharePoint. If you're running MS Exchange, you need to read this advisory and apply the workarounds where you can.

4) ESB-2012.0697 - [Win][UNIX/Linux] Symantec Web Gateway: Multiple vulnerabilities

Remote code execution or service denial is never nice, especially against a management console. Better apply this patch if you're a Symantec Web Gateway shop.

5) ESB-2012.0705 - [OSX] Safari: Multiple vulnerabilities

Up to date Web browsers should always be used. Safari running on OS X is no exception. Patch this presently!

Happy mitigating and patching,