Technical Tidbits

Over the past several months, I’ve heard from students and clients about how the Apple/Mac store personnel tell them how secure Mac’s are compared to PCs. So secure says one of my PC Security students that she boasts not using any antivirus software or security tools!

I received one of my many security update summaries for last week and something interesting caught my eye that made me think back to this student. The summary listed 7, yes 7, vulnerabilities in Apple/Mac software.

Of course I reported on the issue with safari here: http://mice.org/blog/microsoft-advisory-blended-threat-windows-and-safari/

But there were six others disclosed just last week that included not only the MAC OS X Server but the OS X Operating System also.

These are also beginning to sound a lot like Microsoft flaws!

Here they are:

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated byopening the document with TextEdit. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1028)

Integer overflow in the CFDataReplaceBytes function in the CFData API inCoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1030)

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1574)

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1575)

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1576)

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video inApple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to “multiple memory corruption issues.” (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1577)

This page at Apple’s site: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html also lists these items and a few more, but in all of their descriptions they call a crash an unexpected system shutdown. Ummmmm, Apple folks? Here’s a heads up for you - that’s called a CRASH!

The question remains: Are Apple Mac users that arrogant to believe they are immune to flaws purely by virtue that they are running a Mac? Or, are they purely THAT STUPID?

Linux users know better than to believe their OS is infallible! Windows users have learned from experience that they are not infallible — REPEATEDLY!

So Mac users, which is it? Arrogance or stupidity? Because it’s obvious you aren’t immune!

And to the young lady in my course that doesn’t use AV software on her MAC, I’d suggest you get one immediately!

written by Admin \\ tags: apple, apple video, application crash, crash, image, Mac, mac crash, mac mail, mac os x, mac video, mail, os, os x, os x server, osx, pdf, safari, safari browser, server, text, text document, video, vulnerabilities, vulnerability

As much as I preach and preach in my courses about Microsoft and their lame excuse for security - whether within their code or in an alleged security application - people continue to get suckered into the delusional image Microsoft presents about knowing what’s best for you in security.

I’ve posted before about this so I won’t rehash the same old arguments. I’m just going to illustrate YET ANOTHER reason why I continue to harp on the subject in an effort to educate users about the subject of their security.

I was reading my RSS feeds and ran across the current Microsoft Security Bulletin summary for May. Don’t know why I felt compelled to read it - I just did.

Published on May 13th (so I’m a little behind but give me a break, our PC Security course just launched!), the bulletin summary contains a “Moderate” severity listing hidden under the lovely plus signs [+] they use liberally to discourage people from actually reading the details.

First, if you click the link to see just what a Moderate severity rating is, you are taken to a page that explains the rating in such terms as: exploitability, mitigated, default configuration, and auditing. Yeah, right! I’m sure you all understand that right?

But okay, let’s give them a break since the technical writer was probably a nerd.

Moving on….. I click the nefarious plus sign [+] to expose the underlying dirt that M$ doesn’t want us to see. And what do I get?

This bulletin title:

Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)

Imagine that! A vulnerability in another Microsoft product!

Okay, so I’m not surprised by that, but what interests me is the fact that it’s in the Malware Protection Engine of their product. So, hmmmmm, I wonder… “could that be one of their so-called security products?” I ask myself as I start reading further.

I hit the jackpot! Not only is it one of their so-called security products, it’s a good many of them!

Specifically, the affected software is: Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security.

So now I’m REALLY interested! I clicked the link to go to the actual full bulletin - which is located here if you want to follow the whole story with me: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx

And once again tackling the plus signs [+] I get to see the “down and dirty” details of what’s really going on here!

There are two specific CVE references to this vulnerability:

1. Microsoft Malware Protection Engine Vulnerability- CVE-2008-1437

2. Microsoft Malware Protection Engine Vulnerability- CVE-2008-1438

(For those who do not know, the CVE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security and they track all reported vulnerabilities.)

The first one is pretty odd and just annoying. The vulnerability causes their software engine to “hang and reboot“. And that’s different from any other Microsoft program because?????

The second CVE report is what’s fascinating to me and interesting the way M$ plays it down in the initial bulletin.

CVE reports:

…allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with “crafted data structures” that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.

To translate that into common, every day language, the vulnerability allows an attacker to use a specially crafted file (crafted data structures) that when the Microsoft product scans the file for malicious content, it causes you to use up all your disk space (disk space exhaustion) by creating large temporary files on your computer which results in your not being able to use your computer (denial of service).

I vaguely remember an old virus that used to do that!

The updated fix is available, but that’s not the point. (Although if you’re running this garbage, you should update immediately!)

The point is Microsoft has been selling you a line of marketing bull sh**!

Here’s their sales pitches directly from their website:

Microsoft Forefront - Trial Downloads
Help secure your servers, clients, and network edge with these free software trials from Microsoft Forefront.

Protect Your PC From Viruses, Spyware & Other Problems
Protecting your PC is easy with Windows Live OneCare-Download a Free Trial

Microsoft Security At Home - Help Prevent Identity Theft, Spyware …
Learn about how to protect your home computer, data, and family from viruses, phishing, identity theft, spyware, and email hoaxes. Learn about online child safety. Microsoft …

Which leads you to these recommended products:

Security Products
· Windows Defender
· Windows Live OneCare
· Windows Live OneCare Safety Scanner
· Microsoft Phishing Filter
· Windows Vista: Parental Controls
· Xbox Family Settings
· Windows Live OneCare Family Safety

Anyone else see a problem with this besides me? (HINT: I’ve bolded all the products they’re wanting you to use for your security that were affected by this vulnerability!) I’m going to trust a company who has never put security first since day one and can’t even build a secure product designed to be secure to protect me???

Oh, and in case you don’t want to go read what caused this vulnerability in the first place, here’s the actual cause described by Microsoft in the bulletin - under the plus signs of course!

CVE-1437 portion of the vulnerability: The Microsoft Malware Protection Engine does not properly validate input when parsing specially crafted files.

CVE-1438 portion of the vulnerability: The Microsoft Malware Protection Engine does not properly validate certain data structures when parsing files.

Now let me see….. security means, in part, authentication and validation of data, access, and execution of files. And it seems that Microsoft managed to botch the major portion of that basic programming again!

So, I reitterate: Using Microsoft and security in the same sentence is an oxymoron.

Yeah, I think I’ll trust them with my security! NOT!

written by Admin \\ tags: Antigen, Defender, denial of service, DoS, Forefront Security, hang, Malware protection engine, Microsoft, Microsoft Antigen, Microsoft security bulletin, microsoft vulnerability, OneCare, oxymoron, pc security, reboot, Security, security vulnerability, vulnerability, Windows Defender, Windows Live OneCare

One of my students just reported this!

His teenage daughter’s PC was infested with a ton of malware.

After he driller her about where she had been visiting, he found out that she frequented YouTube very regularly. She remembered being told she needed a special codec to view a video. When she allowed the active X control to load is when she began to get the fake security alerts.

Within a couple of days this downloaded 186 different Trojans (the total infections were higher as some had been downloaded more than once), 44 viruses, and 22 worms. After he had removed almost all of them, he rebooted with network still connected and immediately re-infected with nealy 50 more trojans.

Be careful!

Debbie

written by Admin \\ tags: activex, codec, codex, fake security alert, vulnerability, vulnerability alert, you tube, youtube