Network and Computer Security

The September 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out. As usual, it’s a very good read. This issue is very much targetted to security in general and not only computer security. In particular terrorist threats and the current paranoia in the airports are very well described, as well as how counter-productive it is.

Here’s the full newsletter summary:

What the Terrorists Want
Details on the British Terrorist Arrest
More Than 10 Ways to Avoid the Next 9/11
Fifth Anniversary of September 11, 2001
Crypto-Gram Reprints
Educating Users
Human/Bear Security Trade-Off
Land Title Fraud
News
Is There Strategic Software?
Media Sanitization and Encryption
What is a Hacker?
Counterpane News
TrackMeNot
USBDumper
Microsoft and FairUse4WM
Comments from Readers

Less than 1 month after the discovery of a very serious vulnerability in Internet Explorer, EEyes has just published an advisory concerning a very similar (through different) vulnerability in the lastest IE.

Here’s the overview:

“eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.”

The actual problem lies in URLMON.DLL, here’s a link to the full advisory.

Michael Sutton has up an interesting post on the security vulnerabilities that we really need to be concerned about.

According to Sutton, it’s not the new ones that are scary, it’s the old ones that have long since been forgotten.

He illustrates his point by walking through an example where he uses Google and Yahoo! to identify 50 web servers that are wide open to attack. The list includes an ivy league school, various colleges and a company traded on the NYSE. Definately a must-read and very well documented article!

Just as if we needed that, a new polymorphism technique allows viruses on AMD-64 processors to be even harder to detect.

“The virus, dubbed W64.Bounds, is not spreading in the wild, but was submitted as a proof of concept to antivirus researchers. The program is not easy to detect because it encrypts itself using a new algorithm and exploits a Windows feature available only on AMD64 systems to control execution”, Peter Ferrie, senior antivirus researcher for Symantec, said.

See the full article on SecurityFocus.