DP's Security Bits

In the past, US-CERT has received reports of an increased number of phishing scams that take advantage of natural disasters. Due to recent natural disasters, US-CERT would like to remind users to remain cautious when receiving unsolicited email that could be a potential phishing scam.

Phishing scams may appear as requests for donations from a charitable organization asking users to click on a link that will take them to a fraudulent website that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises.

Users are encouraged to take the following measures to protect themselves from this type of phishing scam:

• Do not follow unsolicited web links received in email messages.
• Review the Federal Trade Commission's Charity Checklist.
• Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
  

• Recognizing and Avoiding Email Scams (pdf)
• Avoiding Social Engineering and Phishing Attacks

One of the researchers behind ScanAlert, the "Hacker Safe" certification company McAfee recently acquired, is facing fraud charges in Indiana.

Continues at computerworld.com 

Thirty-eight people in the U.S. and Romania have been charged in two federal indictments alleging that they used complicated Internet phishing schemes to steal thousands of credit and debit card numbers, U.S. and Romanian authorities said today.

The indictments, in U.S. District Court for the Central District of California and the District of Connecticut, focus on two related phishing schemes with ties to organized crime, the U.S. Department of Justice said. Phishing involves sending e-mail messages that look like official correspondence from banks or credit card vendors in attempts to get recipients to go to fake Web sites and enter their account numbers.

Story continues at computerworld.com 

Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct brute force attacks and obtain sensitive information. These vulnerabilities may affect any Debian-based systems, such as Ubuntu, and may indirectly affect other systems if these weak keys have been imported into them.

US-CERT encourages users to review the following advisories and apply any necessary workarounds or updates:

• Debian Security Advisory DSA-1571-1
• Debian Security Advisory DSA-1576-1
• Ubuntu Security Notice USN-612-1
• Ubuntu Security Notice USN-612-2
• Ubuntu Security Notice USN-612-3
• Ubuntu Security Notice USN-612-4
• Ubuntu Security Notice USN-612-5
• Ubuntu Security Notice USN-612-6

Additional information about these vulnerabilities is available in the Vulnerability Notes Database.

US-CERT will provide more information as it becomes available.

http://www.us-cert.gov/current/index.html#debian_openssl_vulnerability 

Issued: May 14, 2008

Summary

he following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS08-026 - Critical
  * MS08-017 - Critical

Bulletin Information:

* MS08-026 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
  - Reason for Revision: V1.1 (May 14, 2008): Updated the Deployment
    Information sections for Office 2004 for Mac and Office 2008
    for Mac to link to the Microsoft Download Center. Also added
    entry to Update FAQ to clarify why the update for Outlook
    2007 is rated Critical. 
  - Originally posted: May 13, 2008
  - Updated: May 14, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-017 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx
  - Reason for Revision: V1.3 (May 14, 2008): Bulletin updated to add
    a link to Microsoft Knowledge Base Article 933103 under Known
    Issues in the Executive Summary. 
  - Originally posted: March 11, 2008
  - Updated: May 14, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.3

 

Issued: May 13, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (950627)
  - Title: Vulnerability in Microsoft Jet Database
    Engine Could Allow Remote Code Execution
  - http://www.microsoft.com/technet/security/advisory/950627.mspx
  - Revision Note: May 13, 2008: Advisory updated to reflect
    publication of security bulletin.    

Issued: May 13, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS06-069

Bulletin Information:

* MS06-069

 - http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx
 - Reason for Revision: V2.0 (May 13, 2008): Bulletin updated to add
    Windows XP Service Pack 3 as affected software. This is a
    detection update only. There were no changes to the binaries. 
 - Originally posted: November 14, 2006
 - Updated: May 13, 2008
 - Bulletin Severity Rating: Critical
 - Version: 2.0

Note: There may be latency issues due to replication, if the page does not display keep refreshing
May 13, 2008

Today Microsoft released the following Security Bulletin(s). 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

May Bulletin Summary

Critical (3)

MS08-026 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
MS08-027 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
MS08-028 - Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) 

Moderate (1)

MS08-029 - Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)  

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
 

Microsoft Security Bulletin Advance Notification for May 2008
Issued: May 8, 2008

This is an advance notification of security bulletins that
Microsoft is intending to release on May 13, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for May 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx.

This bulletin advance notification will be replaced with the
May bulletin summary on May 13, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, May 14, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the May
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:

Critical Security Bulletins

Word Bulletin

  - Affected Software:
    - Microsoft Word 2000 Service Pack 3
    - Microsoft Word 2002 Service Pack 3
    - Microsoft Word 2003 Service Pack 2
    - Microsoft Word 2003 Service Pack 3
    - Microsoft Word 2007
    - Microsoft Outlook 2007
    - Microsoft Word 2007 Service Pack 1
    - Microsoft Outlook 2007 Service Pack 1
    - Microsoft Office 2004 for Mac
    - Microsoft Office 2008 for Mac
    - Microsoft Word Viewer 2003
    - Microsoft Word Viewer 2003 Service Pack 3
    - Microsoft Office Compatibility Pack for Word, Excel, and
      PowerPoint 2007 File Formats
    - Microsoft Office Compatibility Pack for Word, Excel, and
      PowerPoint 2007 File Formats Service Pack 1

    - Impact: Remote Code Execution
    - Version Number: 1.0

Publisher Bulletin

  - Affected Software:
    - Microsoft Publisher 2000 Service Pack 3
    - Microsoft Publisher 2002 Service Pack 3
    - Microsoft Publisher 2003 Service Pack 2
    - Microsoft Publisher 2003 Service Pack 3
    - Microsoft Publisher 2007
    - Microsoft Publisher 2007 Service Pack 1

    - Impact: Remote Code Execution
    - Version Number: 1.0

Jet Bulletin

  - Affected Software:
    - Microsoft Windows 2000 Service Pack 4
    - Microsoft Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 x64 Edition
    - Windows Server 2003 with SP1 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0


Moderate Security Bulletins

Security Software Bulletin

  - Affected Software:
    - Windows Live OneCare
    - Microsoft Antigen for Exchange
    - Microsoft Antigen for SMTP Gateway
    - Microsoft Windows Defender
    - Microsoft Forefront Client Security
    - Microsoft Forefront Security for Exchange Server
    - Microsoft Forefront Security for SharePoint
    - Standalone System Sweeper located in Diagnostics and Recovery
      Toolset 6.0

    - Impact: Denial of Service
    - Version Number: 1.0


Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

Please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
  Article 894199, Description of Software Update Services and
  Windows Server Update Services changes in content for 2008.
  Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
  Revised, and Released Updates for Microsoft Products Other Than
  Microsoft Windows

Microsoft Security Bulletin Minor Revisions
Issued: May 7, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS07-040 - Critical

Bulletin Information:

* MS07-040 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
  - Reason for Revision: V3.2 (May 7, 2008): Bulletin updated:
    Removed erroneous references to .NET Framework 1.0 as a
    component of Windows Server 2008 x64 Edition and Windows
    Server 2008 for Itanium-based Systems. 
  - Originally posted: July 10, 2007
  - Updated: May 7, 2008
  - Bulletin Severity Rating: Critical
  - Version: 3.2
 

Q&A Natalya Kaspersky set up antivirus company Kaspersky Lab with then-husband Eugene Kaspersky in 1997.

She graduated from the Moscow Institute of Electronic Engineering in 1989 with a degree in applied mathematics and then worked as a research assistant at the Russian Central Scientific Design Office.

In 1994, she commenced employment at the KAMI Information Technologies Center, where she managed the antivirus software development group set up by Eugene. When the two established Kaspersky Lab three years later, Eugene provided the technical expertise, while Natalya, as chief executive, supplied the business acumen.

Continues at news.com 

In a continuation of its series of posts on Internet security, Google on Tuesday warned its users about phishing attacks.

Google engineer Ian Fette in a blog post explains that phishing is pretty simple: "Someone masquerades as someone else in an effort to fool you into sharing personal or other sensitive information with them," he says. "Phishers can masquerade as just about anyone, including banks, e-mail and application providers, online merchants, online payment services, and even governments."

Fette acknowledges that while some phishing attacks are obvious, many are not. "That fake e-mail from 'your bank' can look very real; the bogus 'login page' you're redirected to can seem completely legitimate," he cautions.

Story continues at informationweek.com