Security Now 261
Topic: Your Questions, Steve's Answers 98
Recorded: August 11, 2010
Published: August 11, 2010
- 1 Security Now 261: Your Questions, Steve's Answers 98
- 2 Sponsors
- 3 Production Information
Security Now 261: Your Questions, Steve's Answers 98
News & Errata
3:26 - 11:57
- Microsoft breaks another record this week: and releases 14 sets of updates fixing at least 34 security holes in its Windows Secure Channel, XML Core Services, MPEG Layer-3 Codecs, IE, SMB Service, Cinepak Codec, Office Word (opening a maliciously crafted RTF eMail message), .NET CLR (common language runtime) and Silverlight, Windows Kernel, the Kernel-Mode drivers, Windows Movie Maker (Movie Maker project file), Office Excel (opening a specially crafted Excel file), TCP/IP (attacker gets root privileges), "Tracing Feature for Services".
- 10 are Critical/Remote Code Execution.
11:58 - 14:24
- Adobe Flash Player has been updated to fix six critical memory corruption vulnerabilities in v10.1.53.64 and earlier. Now updated to: v10.1.82.76.
- The latest releases of Adobe Reader & Acrobat are both vulnerable to a new remote code execution exploit due to an integer math overflow error in their TrueType font parsing code.
- No updates so far.
14:25 - 20:43
- Fixing the Shell LNK vulnerability in XP/SP2:
- HKLM\System\CurrentControlSet\Control\Windows+ "CSDVersion" : DWORD value => 200h (change to 300h)
- Google: XP Embedded KB2286198
- Security Update for Windows XP Embedded (KB2286198)
20:44 - 23:19
- PayPal are discontinuing their plug-in and, with it, their virtual credit card service.
23:20 - 26:16
- Congress Wonders...
- Following up on a "troubling" series in the Wall Street Journal
- US Representatives Ed Markey (D-Massachusetts) and Joe Barton (R-Texas)
- Sent letters to 15 major web sites including Microsoft, Yahoo, Comcast, MSN, AOL, Careerbuilder, MySpace and others.
- Asking how do they monetize the private information of their visitors and how much money do they make from that.
- Quoting: "We are troubled by the findings in this report, which suggest that the price of consumers' unfettered use of the Internet increasingly is surrender of their personal information, preferences and intimate details to websites, data monitoring companies, marketers and other information gathering firms that seek to track them online and develop digital dossiers for a range of purposes, including marketing. As Congress prepares to consider comprehensive privacy legislation, we request responses to the questions that follow to better understand your companies' practices in this area."
26:17 - 27:57
- RIM to place three Blackberry servers in Saudi Arabia
- Lebanon has also recently stated that it plans to start talks with RIM to allow Lebanese security agencies to monitor communications conducted through the BlackBerry network.
- Germany is making grumbling noises too.
27:58 - 30:54
- Firefox v4 to get Google Chome-like silent updater
- But Unlike Chrome, Firefox's can be made interactive and all major upgrades will remain interactive and manual.
- Two beta releases so far w/Beta 3 later this week.
30:55 - 32:25
- NoScript v2.0.1 *does* add the DNS Rebinding protection
32:26 - 36:47 Robert Greenfield
Spinrite fixed a damaged hard drive
Questions & Answers
42:30 - 01:16:52
Question: [ 01 ]
42:30 - 50:46 Glenn Edward (Nottingham, Maryland)
Question: In spite of Mr. Balmer extolling how Windows is the most secure operating system ever, the recent .LNK Shell exploit was able to easily bypass user privilege limits. This implies that much of what Windows does isn't geared toward following security rules. Otherwise, how could any one system file, that becomes compromised, bypass any levels of security established by others? I always assumed that the User Accounts Control (UAC) came ahead of something that mostly displays icons and text on the screen. And one would think that there would be a hierarchy of programing and user privilege within Windows. I mean since Windows asks for user name, password and permission before it does very much else. But it seems so shockingly stupid, that a malformed icon -- of all things! -- received from a browser or flash drive, could trump all that security!
Whatever programming it is that asks for one's password at the start should act as a sentry in preventing other programs that follow from affecting what takes place in higher privileged levels. Or even in the user inaccessible Root Account. But it's sounding more and more as if this isn't so, with Windows. In spite of the fifteen years time Microsoft has had to perfect this.
Is Linux any better constructed, as far as following strict security protocols? Is any other Unix based PC operating software? How about MacOS? Am I expecting too much?
Answer: The fundamental architecture of Windows hasn't changed since the beginning and it isn't a secure operating system. Linux was always developed with security in mind
Comment: [ 02 ]
50:47 - 56:17 Scott Finneran (Blue Mountains, Australia)
Listener Comment: Cars can be hacked through their wireless tire sensors http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars
Steve's Comment: In 2008 it was mandated by law that all cars produced had to have tyre pressure sensors that sent data to the cars ECU. They couldn't connect a sensor with wires so they used a RF transmitter. They have no encryption of any kind and you can receive the signal from 40m away. As they have no security you can mess with them and completely fool the cars instrument panel and crash the ECU and permanently damage it
Comment: [ 03 ]
59:11 - 01:01:04 Nathan Jackson (Cincinnati, Ohio)
Listener Comment: TrueCrypt System Encryption will cause a Blue Screen of Death when the computer hibernates if the disk controller DRIVER you are using is non-Microsoft, example Intel or AMD controllers
Steve's Comment: Steve could not confirm this but wanted to let the listeners know
Question: [ 04 ]
01:01:05 - 01:08:17 Jeroen van den Berg (Gouda, Netherlands)
Question: I was wondering how I could check if my router is vulnerable to DNS rebinding. Its my understanding that its pretty simple: check your wan IP via www.whatismyip.com and use that IP in your browser, if your routers web interface shows up: your router is vulnerable. Right?
Answer: DNS Rebinding can only be used to gain access to your router if you are using the default username and password. Also disable universal plug and play. Steve also notes that you should use https://secure.informaction.com/ipecho to get your IP address as it uses SSL. If you are going through a proxy then getting your IP from a site not using SSL will display the wrong IP.
Question: [ 05 ]
01:08:18 - 01:12:50 Rick Huebner (Melbourne, Florida)
Question: As an avid Android user, I took interest in your discussion (and the TWiG discussion) on why a wallpaper application would need access to full system resources as the Trojan application recently did.
My problem with the Android install warning screen telling you what resources the application is going to use ... is that you have no options, so like sheep to the slaughter we all just click approve. Kind of like websites that have invalid SSL certs. But that's another (albeit similar) problem. We are conditioned to just accept that the wallpaper application needs access to my contacts! HUH??
I wonder why the installer screen couldn't be modified to place check boxes (defaulted to checked for the lemmings out there) by the resources that the application is REQUESTING so that I could uncheck them. Then the application may not run correctly, but the application management screen could then allow me to enable those resources that I explicitly denied later.
I think that Anti-Virus solutions are all well and good, but I just envision this evolving into a pig of a solution – like the current bloatware – requiring a 3GhZ processor and 4 gig RAM just to run!
I also like the idea of an outbound firewall that will prompt me the first time an app tries to access something and let me check the box to not warn me on that app in the future.
Finally, in a previous episode you were talking about the loss of the 5.b.c.d IP space in the global IP crunch and you started to mention that Hamachi (LogMeIn) uses 5.x.x.x when the subject changed and you never finished your thought. Please Please Please tell me that ICANN didn't assign the 5.x.x.x addresses as routable public addresses? All of my family members are required to have Hamachi and VNC to request any support from me unless they want to fedex their computer to me!
Answer: 5.x.x.x is on the chopping block and will probably be given to someone. Most people are going to click ok no matter what the message says but it would be nice to have such a feature for advanced users
Comment: [ 06 ]
01:12:51 - 01:16:52 Matt Giuca (Melbourne, Australia)
Listener Comment: Please check out HackID its design to inspire children about STEM
Steve's Comment: This looks neat and is quite affordable
- Maker's Faire Post #2
- Ad Times: 0:46-1:03 and 36:47-40:25
- Ad Times: 1:04-1:16 and 56:16-59:09
- Edited by: Tony
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|