| |
 |
 |
 |
|
|
|
|
Date: 04 April 2008
Click here for printable version
Greetings,
Another week has gone by, and with it came another notable day and another wave of Storm emails. This week saw April Fools Day - the 1st of April 2008 (well every year actually). So Storm sent out a slew of emails with subjects such as "Happy April Fool's Day." and "All Fools Day". The body of the message contained a similar message with an IP address URL.
Tomorrow Today!
On a related topic, although slightly off-topic, it is good to see Google Australia leading the world in search technology. They recently (around the 1st of April strangely enough) released a new service called gDay. This new service allows someone to find data that will be on the Internet 24 hours from now. Unfortunately they were forced to remove the technology the day before they released it due to economic problems it caused when it was released.
This week's vulnerabilities
On the vulnerability front, there were 2 bulletins of interest to me this week. Firstly Apple released QuickTime 7.4.5 to correct a code execution problem. Interestingly the only QuickTime update that I could find in our records that did not have a code execution vulnerability was ESB-2005.0411 which was "Access Privileged Data".
The second is the Cisco Unified Communications Disaster Recovery Framework. This entire set of products is vulnerable to an Administrator Compromise. The problem was that the DRF Master server did not perform authentication on requests that it received. This would allow an attacker to perform a system backup to a remote server, or to restore a user-specified configuration from a remote server. Both of which could be reasonably problematic.
Captured Data Handling
Finally, some of you may have received an email from us informing you of the possibility of compromised accounts. For those of you who are either wondering what these are (and are still reading) I shall give a short introduction to these emails in chronological order.
As you all know there are many computers on the Internet with malicious software installed on them. Many of them are home PC's and many will have key loggers on them (programs that capture users information).
When these users visit a website (like auscert.org.au) and enter some data (like a username and password to log into our site, OR a search term in the search box) the key logger will record this data and (normally) send it off to a web server for "safe" keeping.
At some point in time we (AusCERT) find (or get told about) this web server where all the data is being logged to. We then do 2 things:
1) attempt to obtain the log data
2) attempt to have the logging site shutdown
This data, which often contains usernames and passwords to many different websites, is then split into pieces. Each piece will contain all the data that was logged for a given domain.
We then send each piece to the contact email address of that domain. This way each domain only gets the log information pertaining to their domain.
So that is how we process the logs that you may have received.
And with that I hope you all have a fun and power-outage-free weekend.
Regards,
Richard
|
|
|
|
 |
|
 |
|
|