Silicon Technix

A Mac developer has posted a tool that detects a Flashback malware infection on Apple's computers. Last week we posted about, More than 600000 Macs system infected with Flashback Botnet. That's slightly more than 1 percent of all 45 million Macs in the world still a relatively small number, but a worrisome one for Mac users, as the tally of infected machines continues to grow

Apple has released new security updates that check for and remove the common Flashback malware variants.
I highly encourage Snow Leopard and Lion users to run Software Update and get the official Apple tool.
http://support.apple.com/kb/HT5247

————————————————————————————————————————————————————————

Flashback checker runs the tests described in the F-Secure Bulletins:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml

Download Flashback Checker 1.0: https://github.com/downloads/jils/FlashbackChecker/FlashbackChecker.1.0.zip

**Note** This utility checks and reports the presence of Flashback malware,
it does _not_ remove it!

No affiliation with F-Secure.

Supports 10.5 and up, PPC and Intel clients.
Juan I. Leon
April 6th, 2012

After loosing  Norton AntiVirus Corporate Edition source code in 2006, now Symantec is asking its customer to stop usage of Norton/PcAnywhere which was also leaked on Internet.

The security firm said the theft occurred in 2006, compromising 2006-era version of Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks and most important "pcAnywhere", which could allow malicious users to gain complete access to systems and data very easily.

Also it is intresting to add that the guy who hacked that code also released source code of Indian Spy software 

“So far we have discovered within the Indian Spy Program source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI”

What does that mean? Indian agencies are doing signed agreements for spying using Symantec/Norton products and others???? must be those agreements are not in favor of Pakistan 🙂

"The headline is very embarrassing to Symantec,"

Anup Ghosh, founder and CEO of Virginian security firm Invincea, told FoxNews.com at the time.

"But this has now become the normal in securities. Every single corporation is susceptible to threats."

hahahah, very funny!!!!

“Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks,” the company wrote in an online statement about the hacking.

The “The Lords of Dharmaraja”, the hacking group who authored the Pastebin note, has released the code online(last week).

Some security tips from (Ira Victor, a security expert in Nevada):-

1. Do not use a "suite" of security protection from any one firm. A mixture of best of breed security is more secure.

2. Usernames and passwords alone are not enough protection for remote access. A single-use password system makes unauthorized remote access exponentially harder for cyber criminals.

3. Do not run computers in "Administrator" mode. Run systems in "User mode" so that malware does not install automatically.

4. Businesses should deploy application "whitelisting." This will prevent unauthorized malware from running on computers.

In previous versions of PuTTY, 0.59, 0.60 and 0.61, the password used to log on to an SSH2 server was retained in memory.
The password was then retrievable by other programs that could read the memory, or could be found in swap files and crash dumps.
The update also fixes non-security-related errors including correcting the rendering of underlines and VT100 line-drawing characters, removing a spurious GSSAPI authentication message, restoring saved sessions, and closing a leak of file mapping handles when authentication failed.

Details of the changes are in the release notes. Pre-built binaries and source code for the MIT-licensed PuTTY are available to download.

Microsoft launched a website today designed to give users a detailed look at how secure their browser is. The site, called Your Browser Matters, automatically detects the visitor's browser and returns a browser security score on a scale of four points.

When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you’re using. Well, if you’re using IE, Chrome, or Firefox—other browsers are excluded. Not surprisingly, Microsoft’s latest release, Internet Explorer 9, gets a perfect 4 out of 4

Link: Your Browser Matters

Firefox 7 isn't just about speed, there's also a long list of security patches. Surprisingly, a fix for the SSL BEAST attack is not one of them.

Mozilla is patching it's Firefox Web browser for at least 10 vulnerabilities, seven of which are rated as being "critical." Firefox 7 was released on Tuesday offering users the promised of improved performance and better memory usage.

On the security front, the Firefox 7 release provides a critical fix for what Mozilla describes as, "Miscellaneous memory safety hazards."

"Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,"
Mozilla stated in its advisory. "Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of  these could be exploited to run arbitrary code."

There is also a critical fix for an interesting flaw that could have been triggered by having a user hold down the 'Enter' key. By holding
down the key, code could potentially be installed without a user's knowledge.

"Mariusz Mlynski reported that if you could convince a user to hold down the Enter key — as part of a game or test, perhaps — a malicious
page could pop up a download dialog where the held key would then activate the default Open action," Mozilla warned.

Other critical flaws that are fixed in Firefox 7 include potentially exploitable crashes in WebGL graphics and the YARR regular expression
library. Firefox 7 also provides a fix for a high impact flaw where cross-site scripting (XSS) could have been enabled via plugins.

There is also a fix in Firefox 7 for a flaw rated as "moderate" that is triggered by the motion of a device. Mozilla's advisory noted that a recent research paper detailed how it would be possible to inferring keystrokes from device motion data on mobile devices.

"Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk," Mozilla warned. "We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher
keystrokes the user is entering into the foreground tab."

SSL BEAST

While Firefox 7 addresses multiple security issues, it is not taking specific aim at the recent disclosure of potential SSL vulnerabilities. Overall, Mozilla has publicly noted that they do not believe Firefox to currently be at risk from the SSL BEAST attack

SSL is a critically important part of Internet security and it has come under increasing scrutiny in recent months. Last Friday, a pair of security researchers demonstrated a new attack called SSL BEAST at the ekoparty security conference in Buenos Aires, Argentina. Researchers Thai Duong and Juliano Rizzo leveraged weaknesses in cypher block chaining (CBC) in order to exploit SSL.

"The SSL standard mandates the use of the CBC mode encryption with chained initialization vectors (IV)," the researchers wrote in a white paper detailing their research. "Unfortunately, CBC mode encryption with chained IVs is insecure, and this insecurity extends to SSL."

Duong and Rizzo noted the CBC vulnerability can enable a man-in-the-middle (MITM) attacks against SSL to decrypt and obtain authentication tokens.

"The novelty of our attacks lie in the fact that they are the first attacks that actually decrypt HTTPS requests by exploiting cryptographic weaknesses of using HTTP over SSL," the researchers stated.

While the SSL BEAST attack is a cause for concern, there are already technologies in place to help mitigate the risk. For one, the BEAST attack only affects the TLS 1.0 version of SSL and not later versions. One vendor that leverages a non-vulnerable version of TLS is the Tor onion router project which provides a degree of anonymyity and privacy to users..

"Tor uses OpenSSL's empty fragment feature, which inserts a single empty TLS record before every record it sends," the Tor project noted in a blog post. "This effectively randomizes the IV of the actual records, like a low-budget TLS 1.1. So the attack is simply stopped."

Google's Chrome Web browser has also taken steps to mitigate the risk as well.

"Chrome has already addressed the issue and the fix on the browser side is quite simple and elegant," ISC SANS security research Mark Hofman blogged. "We'll see the other browsers implement something similar over the next few weeks. That doesn't fix the protocol, but it will help address the immediate issue of clients being attacked in this manner."

Google engineer Adam Langely blogged that Google's own servers are also somewhat protected from the SSL BEAST attack since they use a cipher that doesn't use CBC.

While Google has already taken steps to protect its users, Microsoft sees the risk as being low.

"Microsoft is aware of the industry-wide SSL 3.0 / TLSv1.0 issue demonstrated at a recent security conference which we believe presents low risk to our customers and to the Internet," Jerry Bryant, Group Manager, Response Communications, Microsoft Trustworthy Computing said in a statement emailed to InternetNews.com. "Windows 7 and Windows Server 2008 R2 support TLSv1.1 and TLSv1.2 but due to compatibility issues with many web sites, are not enabled by default."

2011 has not been a good year for SSL. SSL has come under fire due to the exploit of a pair of certificate authorities. Both Commodo and DigiNotar were exploited this year leaving big sites including Google and Mozilla at risk.