securitybananas.com

Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are making great strides in helping the industry solve the myriad security problems confronting cloud computing. The benchmark guidelines established by the CSA in the document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This article is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document.

Read the full story on:

http://www.net-security.org/article.php?id=1270

For the details read the advisory:

http://www.adobe.com/support/security/advisories/apsa09-03.html

Update:Computer security firm Purewire writes in to say they have seen Web sites exploiting this vulnerability using poisoned Flash movies. According to them, not a single anti-virus product is detecting the malicious Flash file as harmful.

Purewire says it appears this exploit has been around since at least July 9, but that Adobe has known about the bug since at least December 2008.

Meanwhile, the SANS Internet Storm Center is reporting that the usual technique for mitigating the threat to Adobe Reader 0day attacks — turning off Javascript — won’t help in this attack.

For those not in the know, Netcat is a utility who’s goal is to be like the Unix cat command, but for network connections. It has been referred to as a “Swiss-army knife for TCP/IP” for good reason, with it you can:

1. Create simple telnet and other types of servers.
2. Banner grab.
3. Transfer files.
4. Do sockets (sort of) in shell and batch scripts, thus making a script that does about anything you want on the network.

Read the full tutorial on:

http://www.irongeek.com/i.php?page=videos/ncat-nmap-netcat

In the past ten years, botnets have evolved from small networks of a dozen PCs controlled from a single C&C (command and control center) into sophisticated distributed systems comprising millions of computers with decentralized control. Why are these enormous zombie networks created? The answer can be given in a single word: money.

A botnet, or zombie network, is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users’ knowledge. Zombie networks have become a source of income for entire groups of cybercriminals. The invariably low cost of maintaining a botnet and the ever diminishing degree of knowledge required to manage one are conducive to growth in popularity and, consequently, the number of botnets.

So how does one start? What does a cybercriminal in need of a botnet do? There are many possibilities, depending on the criminal’s skills. Unfortunately, those who decide to set up a botnet from scratch will have no difficulty finding instructions on the Internet.

Read the full story on:

http://www.viruslist.com/analysis?pubid=204792068

Interesting concept that is coming from University of Washington, and will be presented at Usenix Security.

http://uwnews.org/article.asp?articleID=50973

” Computers have made it virtually impossible to leave the past behind.

College Facebook posts or pictures can resurface during a job interview.

A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past.

The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them.”

New KOOBFACE Upgrade Makes It Takedown-Proof

Early this week, the KOOBFACE Command and Control (C&C) servers issued a new command to its downloader component. This new command identifies a list of IP addresses to be used by the downloader component as Web or relay proxies to retrieve subsequent commands and components.

http://na.blackberry.com/eng/ataglance/security/regappremover.jsp?CPID=OTC-REGAPPREMOVER

The document can be downloaded from the following URL: http://bit.ly/i5GjV

Sorry, you need to register before downloading, it’s their policy.

Trendmicro posted following on their blog:

Earlier today, Senior Threat Researcher Joseph Reyes spotted several malicious script files that exploited Mozilla Firefox and Microsoft Internet Explorer vulnerabilities:

• JS_DIREKTSHO.B exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files.
• JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV. In turn JS_SHELLCODE.BV exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN.
• JS_SHELLCODE.BU exploits a vulnerability in Microsoft OWC to download JS_SHELLCODE.BV.

Initial analysis done by Threat Analyst Jessa De La Torre shows that the scripts above may be unknowingly downloaded through either Firefox or Internet Explorer .

According to Mozilla, a Firefox user reported suffering from a crash that developers determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, the just-in-time (JIT) compiler could get into a corrupt state. This could then be exploited by an attacker to run arbitrary code. However, this vulnerability does not affect earlier versions of Firefox, which do not support the JIT feature.

Firefox 3.5 users can avoid this vulnerability by disabling the JIT compiler as described in the Mozilla Security Blog. This workaround is, however, unnecessary for Firefox 3.5.1 users.

On the other hand, the vulnerability in Microsoft Video ActiveX Control allows remote code execution if a user views a specially crafted web page with Internet Explorer, executing the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Microsoft is aware of attacks attempting to exploit the said vulnerabilities and advises its customers to prevent the OWC from running either manually or automatically using the solution found in Microsoft Knowledge Base Article 973472.

Trend Micro advises users to refer to the following pages to download updates/patches for the vulnerabilities the aforementioned script files exploit:

• Firefox: Mozilla Foundation Security Advisory 2009-41
• OWC: Microsoft Security Advisory (973472)
• DirectShow: Microsoft Security Bulletin MS09-032

Trend Micro advises users to download the latest scan engine to protect themselves against the above-mentioned exploits.

F-secure posted a nice blog entry about the ‘sexy view’SMS-worm.

The full blog can be read on:

http://www.f-secure.com/weblog/archives/00001732.html