Archive | Editorial Articles RSS feed for this section

PostgreSQL Update Fixes Critical Security Flaw

April 4, 2013 by Corey Nachreiner 2 Comments

If you’re a web developer or database administrator, you’ve surely heard of PostgreSQL (or Postgres for short); a relatively popular object-relational database management system (ORDBMS). According to an alert posted today, the PostgreSQL Global Development Group (PGDG) released security updates for the latest releases of the popular Postgres database system.

The updates fix five vulnerabilities in the latest versions of Postgres, including version 8.4.x and above. The most serious of the flaws allows an unauthenticated attacker to write data to any accessible file on your Postgres server, including critical database files. The Postgres folks call this a Denial of Service (DoS) attack, but I think it’s a bit worse than that, since it can also allow attackers to corrupt your database files. Furthermore, if an attacker can obtain a valid login to your server, even as an underprivileged user, he could also exploit this flaw to elevate his privileges to a superuser, and execute arbitrary code. That said, the attacker can only pull this off if you allow external access to the Postgres ports (typically TCP 5432).

This flaw was first discovered externally, by two Japanese security researchers. They found that a particular cloud service called Heroku was especially vulnerable to this issue, since it makes Postgres servers publicly accessible online. According to their blog post, Postgres offered the fix to Heroku a few days before today’s public release, which illustrates the seriousness of this issue. In short, if you manage a PostgreSQL server, we recommend you apply the proper updates as soon as possible. You can learn more about this vulnerability and the update in PostGres’ FAQ about the issue.

As an aside, inquisitive users may realize that we use Postgres in a number of our products, including our WSM Logging and Reporting servers, and our XCS appliances. I can happily report our implementations of Postgres are not vulnerable to these issues, because we don’t use the vulnerable versions, nor do we expose the Postgres service in a way that an attacker could leverage this flaw.  — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , ,

Microsoft Kicks Off Spring with Nine Security Bulletins

April 4, 2013 by Corey Nachreiner 4 Comments

The advanced notification results are in, and it’s looking good for Patch Day.

Next Tuesday, Microsoft will release nine security bulletins, two of which the Redmond-based software company rates as Critical. The bulletins will fix flaws in Windows, Internet Explorer (IE), Office, and some of Microsoft’s server and security software. As usual, they haven’t shared many details yet, but some experts expect the critical IE update to fix the zero day vulnerabilities disclosed at CanSecWest’s recent Pwn2Own contest. Either way, I expect the IE flaws to pose the greatest risk to most users, so you should plan on applying that patch as quickly as possible.

While nine bulletins may sound like a lot, it’s pretty average for Patch Day lately. Nonetheless, you should prepare your IT staff for a busy day of testing and patching next Tuesday. We’ll know more about these bulletins next week, and will publish alerts about them here. — Corey Nachreiner, CISSP (@SecAdept)

Screen Shot 2013-04-04 at 10.01.09 PM

Editorial Articles
, , , , , , ,

March Radio Free Security: Record Breaking DDoS

April 4, 2013 by Corey Nachreiner 6 Comments

Record Breaking DDoS, Cracked Crypto, and ICS Honeypots

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you.

After a small unscheduled hiatus, Radio Free Security is back. Unfortunately, I had to skip our February episode due to a very busy work travel schedule. To make up for it, we return this month with a double heaping of information security (InfoSec) stories and news. Plus, we’ve thrown in a fun security-themed song parody to boot.

Here’s what to expect in this month’s episode:

  • Security Story of the Month (SSotM) [Pt.1 3:20 - 34:05, Pt.2 37:10 - 1:07:00] - During SSotM, Ben Brobak, Chris Shaiman, and Corey Nachreiner highlight the most concerning security stories and incidents from the month. Topics include a new weakness in a cipher associated with SSL and TLS, more zero day Java exploits, a severe sentence in a cyber security trial, the largest DDoS attack ever seen, and more. Follow along to learn which story takes the cake, and what you can do to defend your network.
  • WatchGuard’s Secure Shop Song Parody [34:19 - 37:10] -  We debut our latest security-themed song parody. A talented and creative group of WatchGuard employees wrote a song parody to Macklemore’s popular Thrift Shop rap. We’re proud of this rising Seattle-based rapper, so thought how better to celebrate his success than making our own tongue-in-cheek security tune in this honor. I think the song turned out great, and you can expect us to post the accompanying music video soon. Give it a listen (I will post a new direct link shortly).

So settle in, adjust your volume, and enjoy the show.

[runtime: 1:08:17]

You can always find the latest episode of Radio Free Security:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , , , , , , , , , , , , , , , , , , , , , ,

[JOKE] Breaking Update: ByteMarx Virus Targets Computing Devices with “Zombification”

April 1, 2013 by Corey Nachreiner 34 Comments

WatchGuard’s LiveSecurity team has discovered an alarming new strain of computer virus that is plaguing devices of all types, and even spreading to household electronics such as microwaves, electric toothbrushes and coffee makers. The new threat, known colloquially as ByteMarx (based on its file attachment ByteMarx.exe), is spreading rapidly throughout North America and Europe, and several recent cases have been reported in Australia and Southeast Asia. WatchGuard security experts have reported that this new malware could signal the initial stages of a cyber zombie network apocalypse. For breaking details, watch the short video below or continue reading.

(Runtime: 3:46)

Direct YouTube Link: http://www.youtube.com/watch?v=zrXwWz-RR1A

ByteMarx is a fast spreading computer and electronic device virus that seems to spread via email, instant messager (IM), and social network messages that contain links to a malicious file. Our security experts have discovered that once a device is infected with ByteMarx, response time slows significantly and the device hunts for other victim devices anywhere within range. Electronics afflicted with ByteMarx devour the information stored on hard drives, motherboards and circuitry of nearby devices. Rather than shutting down or malfunctioning, the victim device starts to display the traits of the malicious device and begins an insatiable, relentless hunt for other devices to attack. This process is known as “zombification.”

Additional symptoms of device zombification include:

  • Spontaneous start-up after shut down of the device, even when unplugged (known as “living dead” capabilities)
  • Inability of the device to enter “Sleep” or “Hibernate” power-saving modes
  • Browser homepage defaults to The Walking Dead website
  • Desktop icons and Emoticons turn green, disheveled and appear bloodthirsty
  • Document names have all been changed to “Brainzzz.doc” and the content is no longer decipherable
  • Audio files have been replaced with clips of moaning, shrieking, growling or screams of terror
  • Default photos on social networking sites are changed to photos of zombies

So far, our experts haven’t discovered a way to clean or remove the virulent ByteMarx infection. Your only option is destroying the infected device before it spreads to other electronics. Unfortunately, the tainted devices seem to develop quite a resilience to normal damage. The only way we’ve discovered to stop an infected device is by taking out it’s CPUalso known as the brain of a computing device. We highly recommend you remain very wary of multi-processor devices, as they’re quite difficult to decommission once infected.

Experts are unsure of the origins of the ByteMarx malware, but early research shows evidence of the digitization of a mutated rabies virus, combined in an unholy union with a powerful form of malware. While investigations are still being conducted, early estimates show that nearly 38 percent of devices in the U.S. have already been infected with the virus, however it appears that organizations and individuals using red unified threat management (UTM) appliances to watch and guard networks have been able to successfully ward off attacks.

This attack has illustrated that there is an urgent need for companies around the globe to review their security infrastructure and ensure they are taking the proper precautions to prevent zombification of their network. If you don’t already have a UTM appliance, or can’t obtain one immediately, well… it may already be too late.

Although computer inoculation attempts have failed so far, WatchGuard LiveSecurity analysts will continue to try and develop anti-malware signatures for computers and other consumer electronics that might work as an antidote to the ByteMarx malware. In the meantime, we recommend you keep your favorite computers and consumer devices behind red UTM appliances, or try to find one to hunker behind immediately.

We’ll update you as this breaking situation develops. Until then, WatchGuard security experts would like to wish a sincere “Happy April Fool’s Day” to our customers and partners worldwide. — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , , , , ,

WatchGuard Security Week in Review: Episode 57 – 300Gb DDoS

March 29, 2013 by Corey Nachreiner 2 Comments

POS Trojans, Android Spear Phishing, and Record DDoS

Extra, Extra, the Internet almost broke (no it didn’t). Read… View all about it!

Too much security news, and too little time? Let me summarize the highlights for you in my weekly InfoSec recap video. This week I cover two trojans targeting point-of-sale (POS) computers, a few software updates, a targeted spear phishing campaign spreading Android malware, and the record-breaking SpamHaus DDoS attack, which didn’t really break the Internet despite some reports. Click play for the details

There were also a ton of other interesting Infosec tidbits this week, beyond what’s in the video. If you’re interested, check out the Reference section below. Stay frosty out there, and have a Happy Easter weekend.

(Episode Runtime: 9:47)

Direct YouTube Link: http://www.youtube.com/watch?v=sC1zLvbjzI4

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 56 – ICS Honeypot

March 22, 2013 by Corey Nachreiner 2 Comments

Jailed Hackers, ICS Honeypots, and Krebs SWATing

Currently, I’m attending a security expo in Helsinki, Finland, so I had to produce this week’s episode quickly, while on the road. Nonetheless, it’s still been a busy security week so far, and there’s a lot of InfoSec news to cover

Today’s episode includes two unrelated stories that share a cyber-law theme, some interesting research about an ICS/SCADA honeypot that attracted a lot of attention from nation-state cyber attackers, and a story about a popular security journalist being targeted by a SWAT attack. Watch the video below for the full scoop, and check out the Reference section below if you’d like more details (and links to some extra InfoSec stories I didn’t have time to cover).

(Episode Runtime: 9:46)

Direct YouTube Link: http://www.youtube.com/watch?v=Lvv-KgcsI0w

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 55 – SSL/TLS Weakness

March 15, 2013 by Corey Nachreiner 6 Comments

Lots of Patches, Celebrity Hacks, and a SSL/TLS Weakness

If you’re anything like the average IT professional, you’re probably too busy putting out proverbial IT helpdesk fires, and installing new business IT solutions to spend much time each week staying on top of the latest security news and threats. That’s where we come in! For a quick recap of the biggest information and network security news from the week, check out the YouTube video below.

In this episode, I cover a ton of software updates from the week (it was Patch Day after all), the latest celebrity hack incident, an ironic breach of a security organization’s web site, and yet another weakness in the SSL/TLS encryption protocol. I even share a tip on how webmasters can learn to recover from web site hacks.

Enjoy the episode, and share your thoughts, suggestions, and questions in the comment section below. You can also find more details about these stories in the Reference section. Thanks for watching, and enjoy your St. Patty’s Day weekend.

(Episode Runtime: 11:00)

Direct YouTube Link: http://www.youtube.com/watch?v=yD6wNDXVsHE

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , , , , , , , , , , , , ,

Microsoft Black Tuesday: Security Flaws in a Menagerie of Products

March 12, 2013 by Corey Nachreiner 3 Comments

Though today’s Patch Day might seem pretty average as far as the number of security bulletins released, it does cover a rather eclectic range of Microsoft products. In fact, a few of the updates affect Mac users as well, and one is even exclusive to Mac.

During today’s Patch Day, Microsoft released seven security bulletins fixing  20 vulnerabilities in the following products:

  •  Windows (all versions)
  • Internet Explorer (IE)
  • Office Suite updates
    • Visio Viewer 2010
    • SharePoint Server 2010
    • OneNote 2010
    • Office Outlook for Mac
  • Silverlight 5 (For PC and Mac)

They rate four of the bulletins as Critical, and three as Important. Many of the Critical issues can allow remote attackers to execute code on affected systems. So we highly recommend you patch them quickly.

We’ll share more details about today’s bulletins in upcoming alerts. Until then, feel free to check out Microsoft’s March bulletin summary.  — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 54 – Nuke Hackers

March 8, 2013 by Corey Nachreiner 2 Comments

Pwn2Own, Evernote Breach, and Nuke Cyber Attackers

Want a quick way to catch up on weekly information and network security (InfoSec) highlights? Well you’ve found the right place. In this episode of our InfoSec summary video, I talk about Evernote’s 50 million user data leak, web browsers falling to the Pwn2Own contest, and a U.S. government document that talks about nuclear retaliation against cyber attackers. Click play below for all the details, and check the Reference section for stories and links associated with the video.

If you have any suggestions, comments, or questions, leave them in the comment section. Meanwhile, stay safe out there.

(Episode Runtime: 7:27)

Direct YouTube Link: http://www.youtube.com/watch?v=ROG2LDBZZ9E

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , , , , , , , , , , , , ,

Microsoft Leprechaun Leaves a Pot Full of Patches

March 8, 2013 by Corey Nachreiner 0 Comments

We’re coming upon that time of the month again for Microsoft administrators; patch time.

According to the latest Advanced Notification page, our Microsoft friends plan on releasing seven security bulletins next Tuesday. The bulletins will including updates to fix security vulnerabilities in Windows, Office, Internet Explorer (IE), Silverlight, and some of their Server Software. They rate more than half (4/7) of the bulletins as Critical, which typically means remote attackers can likely exploit them to gain control of vulnerable computers.

MS Notification 3/13At this point you’re probably quite familiar with the monthly update routine, and know you should prepare your IT team for Patch Day so that they can apply Microsoft’s fixes as soon as possible; especially the Critical ones.

As always, I highly recommend you take some extra time to test the updates before applying them. Lately, there have been a few more reported incidents of Microsoft patches causing issues. You should at least take the time to test the server related updates before deploying them to production machines.

I’ll know more about these bulletins next Tuesday, and will publish alerts about them then.

In an unrelated aside, some business travel has delay production of my weekly security news video. For those waiting, it will come out today, but it may be later in the afternoon. — Corey Nachreiner, CISSP

Editorial Articles
, , , , , ,
Newer Entries
Older Entries

Follow

Get every new post delivered to your Inbox.

Join 7,114 other followers

%d bloggers like this: