Archive for April 2009
OpenDNS blogged about a new feature called SmartCache
If you ask for a DNS resolution, and it can’t contact the authoritative DNS server or the server returns a SERVFAIL they will respond with the last known good IP address. They dub this “one of the most significant DNS innovations of the last 25 years.” It is a opt-in setting.
Hmmm.
Trend Micro has bought Thrid Brigade. Trend has been licensing their software for the past couple of years.
The Adobe Product Security Incident Response Team blog has reported a security vulnerability in “all currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions.”
The suggested mitigation is disabling javascript. We’ve previously disabled that using Group Policy.
Adobe notes that at this time, this issue is not known to be exploited in the wild. That can change.
For the third time in the past 30 days, there is a Firefox update including security fixes. Firefox 3.0.10 is out.
“And you want to be my latex salesman”
I dont mean to get all Jeff Jones here, but it seems to me there is a bit of tarnish on that “security king” crown that people give to Mozilla.
Software is going to have bugs. I’m glad Mozilla patches them but more than once a month is getting a bit annoying. Its highlighting a problem that Mozilla doesn’t seem to care about. Enterprise patch deployment.
Mozilla loves to brag that their users apply patches. That’s the problem, you’ve got to use it to get prompted to update it. Even then the end user may turn off checking for updates.
Currently to get Firefox/Thunderbird updates to occur, I can either pray or send out emails, or use NAC to block their access to the network until Firefox is patched.
I can’t believe I’m saying this, but Quicktime and JAVA may have the better idea. JAVA has an always running updater process. I believe Quicktime (via Apple Software Updater) is using Scheduled tasks .
I’d love to just be able to use a logon script or NAC to be able to run C:\program files\Mozilla Firefox\updater.exe which would then prompt the user if a Firefox update was necessary. I’ve searched the Internet to see if this is possible. So far no dice.
Share your thoughts on keeping Firefox updated in the enterprise in the comments.
We’re all familiar with the story of Flight 1549′s landing in the Hudson River. This week’s Mozy newsletter told a story of two sets of Jones (sorry, obscure Big Tent Revival reference). One man performed backups by copying files from one computer to another. He also used USB drives. The second man used online backup from Mozy.
After the plane crashed the first man lost both computers and the USB drives. The second man contacted Mozy and received the backed up date on DVD in four days.
Mozy of course is pushing this story to get their name out. Its been carried by a USA Today Technology Blog and at ComputerWorld. I’ve seen some people charge that it is somehow creepy to be using this in advertising. I disagree. First of all, no one died. Second, war stories have a way of getting through to people in a way that no amount of cajoling can accomplish.
I do kind of wonder about the details of this story. A Computer Associates employee lost 250 GB of data due to a haphazard backup scheme. Don’t they use their own products? (lol perhaps that was the problem). The guy was a consultant. It should make you wonder if your backup software works for people that are constantly on the road. Does your security system and software patching work for road warriors.
If you’re not using a backup solution, check out Mozy, Home users get 2 GB backup for free. If you click on this link and start using Mozy (signup, install and backup files), we’ll both get an extra 256MB of free backup space on top of the 2 GB.
I know, I’m at risk of sounding like a commercial. This something I used and a story that I liked.
An AP story reports, that a bogus waiter collected $186 in cash from diners in two restaurants.
I received a bit of unsolicited commercial email from SmartDraw that claimed I can get the benefits of Microsoft Office 2007 without the costs and headaches of upgrading. In smaller type they claimed that the biggest improvements in Office 2007 over previous versions is new graphic and drawing tools. That you can buy their product and get those graphics improvements without upgrading Office.
I wonder how many people would agree with their premise. For me, I hadn’t noticed changes in graphics, but as a security guy I think Office 2007 is a great security update. While many of the improvements have been backported to Office 2003 in service pack 3, 2007 is still safer as seen in the latest Powerpoint zero day.
I’m also pretty happy with Outlook since the Feb 2009 update.
Paying $80-200 for Smartdraw so you can stay on a 5 year old version of Office, just doesn’t seem like such a good plan.
This morning Kaspersky is detecting Downloader.JS.Iframe.aqo in csshover.htc on a few different websites.
Seems to be a false positive.
Virustotal shows the following:
| File csshover.htc received on 04.09.2009 17:40:35 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.101 | 2009.04.09 | - |
| AhnLab-V3 | 5.0.0.2 | 2009.04.09 | - |
| AntiVir | 7.9.0.138 | 2009.04.09 | - |
| Antiy-AVL | 2.0.3.1 | 2009.04.09 | - |
| Authentium | 5.1.2.4 | 2009.04.08 | - |
| Avast | 4.8.1335.0 | 2009.04.09 | - |
| AVG | 8.5.0.285 | 2009.04.09 | - |
| BitDefender | 7.2 | 2009.04.09 | - |
| CAT-QuickHeal | 10.00 | 2009.04.09 | - |
| ClamAV | 0.94.1 | 2009.04.09 | - |
| Comodo | 1107 | 2009.04.09 | - |
| DrWeb | 4.44.0.09170 | 2009.04.09 | - |
| eSafe | 7.0.17.0 | 2009.04.07 | - |
| eTrust-Vet | 31.6.6447 | 2009.04.09 | - |
| F-Prot | 4.4.4.56 | 2009.04.08 | - |
| F-Secure | 8.0.14470.0 | 2009.04.09 | Trojan-Downloader.JS.Iframe.aqo |
| Fortinet | 3.117.0.0 | 2009.04.09 | - |
| GData | 19 | 2009.04.09 | - |
| Ikarus | T3.1.1.49.0 | 2009.04.09 | - |
| K7AntiVirus | 7.10.697 | 2009.04.08 | - |
| Kaspersky | 7.0.0.125 | 2009.04.09 | Trojan-Downloader.JS.Iframe.aqo |
| McAfee | 5578 | 2009.04.08 | - |
| McAfee+Artemis | 5578 | 2009.04.08 | - |
| McAfee-GW-Edition | 6.7.6 | 2009.04.09 | - |
| Microsoft | 1.4502 | 2009.04.09 | - |
| NOD32 | 3997 | 2009.04.09 | - |
| Norman | 6.00.06 | 2009.04.09 | - |
| nProtect | 2009.1.8.0 | 2009.04.09 | - |
| Panda | 10.0.0.14 | 2009.04.09 | - |
| PCTools | 4.4.2.0 | 2009.04.08 | - |
| Prevx1 | V2 | 2009.04.09 | - |
| Rising | 21.24.32.00 | 2009.04.09 | - |
| Sophos | 4.40.0 | 2009.04.09 | - |
| Sunbelt | 3.2.1858.2 | 2009.04.09 | - |
| Symantec | 1.4.4.12 | 2009.04.09 | - |
| TheHacker | 6.3.4.0.305 | 2009.04.09 | - |
| TrendMicro | 8.700.0.1004 | 2009.04.09 | - |
| VBA32 | 3.12.10.2 | 2009.04.09 | - |
| ViRobot | 2009.4.7.1686 | 2009.04.09 | - |
| VirusBuster | 4.6.5.0 | 2009.04.09 | - |
| Additional information | |||
| File size: 4314 bytes | |||
| MD5…: 4d50942ad963dd3d0cde4fe42ae1157b | |||
| SHA1..: ddb47d9f8d783f8ff1b79527b65ee7e6ac53a359 | |||
| SHA256: afb97a5d637531616f85cffcd11dd68e7b85f2b5aa01b51b7959dbf2fcf8704c | |||
| SHA512: c829e90f6a3669320aec4bb489fb91aa39ed17a85f1584156b5eb8fc32c26b4d 610ede9a8060ce5a82b945930796c7033c55a8e48e7c13a4a179d2aa41b459c0 |
|||
| ssdeep: 96:D+5yu5ugQhnmLzuAX6mLJ3FFD6wB5XhY/l1yYmLXiuiXqwCDGqh:Dju5ugQOF zLJ3FF5B5S/l1B8XiuiXtCP |
|||
| PEiD..: - | |||
| TrID..: File type identification Unknown! |
|||
| PEInfo: - | |||
| RDS…: NSRL Reference Data Set - |
|||
UPDATEThis afternoon, I reported the false positive to Kaspersky via a webform. I heard back pretty quickly that this was fixed in the latest defs. Also note Ryan’s entry in the comments.
My problem was compounded a bit becasue the BlueCoat cached the “infected” status, so I needed to clear the cache of that, before csshover.htc could be served.
