Date: 05 October 2012
Click here for printable version
Greetings and salutations,
The main stories this week are based on a newie and an oldie; definitely both
Many people would have already heard about the scams where you receive a phone
call, supposedly from Microsoft Tech Support, or another well known
organisation, saying that your PC has problems and that you have to pay for
software to fix said problems. This week, a combined effort to crack down on
the international scam has resulted in US$188,000 in assets being frozen, with
more expected in the not too distant future. What I think is particularly cool
is that regulators from five countries, including Australia, joined forces in
order to make a significant dent in what is being touted as one of the biggest
scams this decade. The scammers certainly have not made it easy, apparently
they used "virtual offices, including more than 80 different domain names and
130 different phone numbers". Nice. Read the full story on ZDNet.
In other news, a number of reports have been circulating about ADSL modems
being hacked in Brazil. Cristine Hoepers from CERT.br presented information
about these attacks at the 2012 FIRST Symposium earlier this year. In
brief, ADSL modems with a vulnerable chipset and web interface credentials
stored in plain text, had their DNS server settings changed. When the victim
visited a popular site such as Google or Facebook, they are directed to a
malicious replica that results in malware being installed and banking
protection disabled. The concern being that many people do not take steps to
secure and update their ADSL modems and it appears that at least some
makes/models do not encrypt web interface credentials.
AusCERT recommends that you keep your ADSL modems up-to-date with the latest
firmware, regularly verify settings such as DNS servers, and make sure that the
password used for your web interface is unique. This way if someone gets hold
of it they can't then use the same password to log into net banking for example.
If you suspect that your ADSL modem has been compromised, do a hard reset to
factory default settings and install the latest firmware. If you are anything
like me Murphy's Law is likely to apply. Have an alternative connection such as
3G handy in case something goes wrong :)
Before moving onto the top bulletins for the week, AusCERT has published updated
Incident Response Metrics so check it out.
Now onto the bulletins:
1) ESB-2012.0953 - ALERT [Win][Mac][OSX] Adobe code signing certificate: Reduced security - Remote/unauthenticated
Adobe is revoking a code signing certificate after reports of it being misused.
According to Adobe's bulletin the certificate was to be revoked on October 4.
2) ASB-2012.0134 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction
Wireshark 1.8.3 has been released addressing multiple denial of service
vulnerabilities. Each of which require "injecting a malformed packet onto the
wire or by convincing someone to read a malformed packet trace file".
The rest of the bulletins we've seen this week have been reasonably ordinary.
However there were a significant number from IBM over the long weekend for
Tivoli products, Websphere, and a couple for Rational Business Developer. If
you use IBM products go back and look through our bulletins page to see if any
of these affect your organisation.