July 2005 – Page 3 – CyberSecurity Institute

Wi-Fi Watchdog 5.0 Tracks Wi-Fi Users By Location

Posted on July 16, 2005December 30, 2021 by admini

Newbury said it believes it is the first company to use “precise location technology to deliver intrusion prevention, rogue containment, client protection and intrusion detection with a full set of location-specific security alerts, security-related compliance reports and enhanced graphical views for IT/Security personnel to identify and pinpoint security threats.”In an interview, Newbury Networks’ director of product management Brian Wangerien said Wi-Fi wireless networks are growing so rapidly that many organizations institute a “no Wi-Fi policy,” because they can’t control security on wireless networks.

“Many companies aren’t ready to deploy Wi-Fi,” he said. “Access points can be all over the place. So some start with ‘no Wi-Fi’ but then they gradually build out.” He added that Wi-Fi Watchdog 5.0 enables IT managers to gradually build out their wireless networks.

A network of sensors constantly monitors all access points on networks, establishing RF fingerprinting or RF pattern matching solutions. “Each physical location has a different pattern and (network operators) are able to track them very accurately,”When an unauthorized person attempts to enter the network he or she is blocked and users who wander off from the network are likewise “sniped” from the network.Wangerien said the Watchdog product has been successfully used by early adopters including the U.S. Air Force and Boston-based MFS, an investment banking firm.

In the Air Force application network operators have tight security over wireless access points ranging from commanders’ offices to fighter planes.

In the MFS application, control easily moves from different floors, even when non-MFS floors interspersed between MFS offices different floors.The server-based software Wi-Fi Watchdog 5.0 can stop threats that aren’t addressed by authentication and encryption technologies.

Wi-Fi Watchdog has long been able to classify the nature of attacks, but by identifying the physical location of attacks, the measure can eliminate false positives in most attacks, the firm noted.”IT and security personnel can visualize where the threats and attacks are originating in an easy-to-use graphical viewer,” Newbury stated.

http://informationweek.com/story/showArticle.jhtml?articleID=164903156

Major Windows exploit ‘days away’

Posted on July 14, 2005December 30, 2021 by admini

“Attackers are already using the JView Profiler flaw to download and install Trojan horses on victims’ machines,” said Dan Hubbard, senior director at Websense Security Labs. The Trojan horses would let the miscreants remotely control the hijacked PCs and make it part of a network of such computers known as a botnet, an increasing cyberthreat.

The other vulnerabilty affects the Microsoft Color Management Module, a component of Windows that handles colors.

The Windows vulnerabilities are described in two bulletins issued as part of Microsoft’s monthly patch cycle.

A third alert deals with a bug affecting Word 2000 and Word 2002. The Word flaw could allow an attacker to take control of a vulnerable PC, the software maker said.

http://news.zdnet.co.uk/0,39020330,39208852,00.htm

Cisco Plugs VoIP Gateway Holes

Posted on July 14, 2005December 30, 2021 by admini

The vulnerabilities make it possible for an attacker to trigger a heap overflow within a critical Call Manager process, causing both a denial of service condition and enabling an attacker to completely compromise the Call Manager server, ISS said.

“Like many of the applications that are driving today’s businesses, VoIP travels over a variety of networks and the public Internet and is therefore susceptible to the same security perils as other staple network components like e-mail, databases and servers,” Chris Rouland, chief technology officer at ISS, said in a statement. “We are aware of several vulnerabilities that potentially affect the Cisco Call Manager software.”

To date, Cisco is not aware of any active exploitation of these vulnerabilities and Cisco has made free software fix available,” the company said.

“An attacker may be able to redirect calls or perform eavesdropping as a result of this compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines with Cisco VoIP products,” the company said. No authentication is required for an attacker to exploit the vulnerability and compromise a network, according to ISS.

“Voice over Internet Protocol is increasingly being adopted by corporations that wish to save money on telecommunications costs and streamline their communication infrastructure, providing employees with advanced features while simplifying administration processes,” Rouland said.

http://siliconvalley.internet.com/news/article.php/3520351

Another pitch to UK Parliament for Denial of Service law

Posted on July 14, 2005December 30, 2021 by admini

A similar bill was pitched in March but was defeated by the timetable for the general election.

The Labour MP for Glasgow South called for amendments to the Computer Misuse Act of 1990 in his Ten Minute Rule Bill a type of Private Member’s Bill that rarely becomes law, but serves to raise Parliamentary awareness of a need for legal reform. Tom Harris’s Computer Misuse Act 1990 (Amendment) Bill picks up on the key recommendations of an inquiry into the original Act by the All Party Parliamentary Internet Group, known as APIG, published in June 2004.

Like Mr Wyatt’s recent proposal, Mr Harris’s Bill amends section three of the Computer Misuse Act in order to explicitly criminalise all means of interference with a computer system, in particular creating a specific offence for denial of service (DoS) attacks. The Bill also increases the tariff for hacking offences (dealt with in section one of the Act) from six months to two years, and from five to ten years for further related offences.

“We welcome this Bill particularly as it reflects the work of the All Party Group over the last two years and especially my own Ten Minute Rule Bill from earlier this year. We hope that the Government adopts the measures proposed in the Bill as a matter of urgency, reflecting the significant threat that cybercrime poses to the UK.”

In his speech to the House of Commons, Harris highlighted the inconsistency between the severe financial consequences of hacking attacks that can cause losses of millions of pounds and the sentences currently possible to punish such attacks. He gave some examples of DoS attacks, including one that had been launched by one of his own constituents, a gun enthusiast, who bombarded a gun control website with so many emails that its server crashed. “This is an issue that up until now hasn’t been taken seriously enough. So much of the UK economy depends on the internet, and so many services are vulnerable if we allow these attackers to go unpunished. It’s time we faced up to this new threat.”

Wyatt’s bill ran out of Parliamentary time. It would otherwise have been read a second time. Nobody opposed Mr Harris’s bill and it is scheduled for a second reading on 2nd December 2005.

http://www.theregister.co.uk/2005/07/15/mp_pitches_denial_of_service_law_to_parliament/

Word Bug Shows Trend In File Format Hacks

Posted on July 13, 2005December 30, 2021 by admini

“We’re starting to see a trend in vulnerability discovery where people are going after file format vulnerabilities,” said Michael Sutton, the director of iDefense Labs, the research arm of Reston, Va.-based security intelligence firm iDefense. “There have been numerous vulnerabilities found in image file formats and multimedia file formats,” Sutton went on. “Actually, the vulnerabilities don’t exist in the files themselves, but in the programs that read and interpret them.”

That’s the case with the Word vulnerability that Microsoft disclosed Tuesday. According to Microsoft’s security bulletin and iDefense’s own analysis, a specially-crafted Word file (in .doc format) containing extra-long font data can cause Word 2000 and Word 2002 to fail, and give the attacker complete access to the machine.

“If everyone plays by the [file format] rules, everything works fine,” said Sutton. “But what happens if I don’t follow that format?” The reason why attackers are increasingly looking for file format processing flaws, said Sutton, is that users are leery about accepting executable files, and most enterprises have blocked them from arriving as incoming e-mail attachments.

http://informationweek.com/story/showArticle.jhtml%3Bjsessionid=XQXHGZHLNPNA4QSNDBGCKHSCJUMEKJVN?articleID=165702181

Security authentication system Kerberos flaws

Posted on July 13, 2005December 30, 2021 by admini

One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system; MIT warned a successful attack could allow access to the entire authentication realm protected by the KDC.

Two of the flaws affect the Key Distribution Center (KDC), which authenticates users. One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system

A third flaw, affecting the krb5_recvauth() function, could allow a remote attacker to take over a system. However, the but is a double-free error, where a program attempts to free memory that’s already been freed. “Exploitation of double-free vulnerabilities is believed to be difficult,” MIT said in its advisory.

[Editors note: Microsoft’s implementation of Kerberos should not be affected since they coded their particular implementation internally]

http://www.xatrix.org/article3963.html