Greetings,

Recently we have seen some Storm emails using a hook of Independence Day and/or fireworks to get people to click links. Needless to say if you see one - don't click the link.

Now, continuing on with the theme from last weeks Week in Review - there was an interesting news article that talks about vulnerabilities in a coffee machine! Now I understand that there will be fewer of these than Xerox Printers, but just imagine how long it would take to discover that it was the coffee machine hosting a C&C server rather than your PC. These sort of devices may seem like extremely unlikely targets, but once a vulnerability in one has been exploited they would make a very obscure place to use for nefarious purposes.

Thankfully our coffee machine at AusCERT is one of those old fashioned, NON Internet connected ones. So our coffee will remain strong.

In other news on a similar note - Monday saw AusCERT release 2 bulletins on network appliances (AA-2008.0143 and AA-2008.0144). Both of these were (in part) SIP devices. We are seeing more and more of these types of vulnerabilities. I know of one company who has recently rolled out a set of VOIP phones where a simple port scan with nmap will cause the device to freeze up and sometimes do strange things. So if you are looking to implement VOIP in your organisation (or have recently) then a security assessment may be a good place to start.

Back to the PC again and what I consider the 3 main (non IE) browsers each released new versions this week. Firefox (and related Mozilla products) have all had updates for the 2.0 version branch. Opera released version 9.5.1, and Safari 3.1.2 was released for Mac OSX. Of course they were all probably trying to catch up with the Internet Explorer 6 (ESB-2008.0652) bulletin we pushed at the end of last week.

Lastly, Wireshark 1.0.1 has been released. The first time I heard that a "hacking" tool was vulnerable, I thought that it would not matter because you run it and then move on. This gives a very small attack surface. But after mentioning my point of view to a network administrator I was very quickly put in my place. I had never thought that many of the monitoring tools we use to alert us to threats use these sort of tools all the time. Which now means they have a very large attack surface.

In many ways this is similar to Anti Virus products. They run all the time, with high permissions, so they can scan all areas of your computer. However if they are vulnerable, it can often mean an easy way into a system that may otherwise have been OK. Of course I should probably say virus scanners are good etc etc, but I personally believe this is only true if they are kept up to date. An out of date (vulnerable) virus scanner will probably not detect any new (and current) viruses. It will also leave your system with one more attack surface. So make sure you keep your Anti Virus software patched and up to date.

And with that, have a good weekend!
Richard