May 2006

OneCare will be available in shops or for download. For $49.95 users can sign up three computers for a year’s protection.

Security vendors ramp up to counter Microsoft’s Windows Live OneCare
Info World
By Jeremy Kirk, IDG News Service
May 31, 2006

Security scores big at World Cup
German government is taking substantial security precautions with next month’s soccer tournament
Info World
By John Blau, IDG News Service
May 26, 2006

The list of security precautions the government is taking is substantial. It begins with the use of RFID (radio frequency identification) technology. More than 3.5 million tickets for the 64 matches will be sold with an embedded RFID chip containing identification information that will be checked against a database as fans pass through entrance gates at all 12 stadiums.

eEye
EEYEB-20060524
Vendor: Symantec
Severity: High (Remote Code Execution)
Date Reported: May 24, 2006

ZDNet
May 25, 2006
Remote Exploit in Norton Anti-Virus Puts 200 Million at Risk
Posted by Richard Stiennon

eEye Digital Security is reporting that they have uncovered a major vulnerability in Symantec’s AV product. Basically it will allow a remote hacker to compromise any machine that is running Norton Anti-Virus. This is a big oops. Symantec will have to scramble to get an update pushed out to all of their customers. I would imagine they can do this before an exploit is developed that allows wide spread use of the vulnerability or a worm to spread.

The Register
eEye, eEye, D’oh
By Joe Fay
Published Friday 26th May 2006 15:03 GMT

Symantec disclosed this week that researchers have discovered a software vulnerability that could allow hackers to take remote control of a PC and that it is working to verify the hole and provide a patch.

And the software in question? Symantec’s AntiVirus Corporate Edition 10.x. Oops.

symantec.com

SYM06-010
May 25, 2006
Symantec Client Security and Symantec AntiVirus Elevation of Privilege

Revision History
May 26, 2006 - Updated Products Affected section and other details

Update:

SANS Internet Storm Center
Handler’s Diary May 27th 2006
Symantec Patch Posted
Published: 2006-05-27,
Last Updated: 2006-05-27 20:01:00 UTC by Deborah Hale (Version: 1)

Symantec has just posted patches for the Security Advisory SYM06-010. It appears at this time that the patches are manual download and install. We don’t know at this point if a product live update will be posted for these patches but for the meantime it is there for manual load.

So for those of you enjoying the long weekend, look at what you get to look forward to on Tuesday. If you are running Symantec Corporate Edition 10.1 you get to spend Tuesday patching.

Handler’s Diary May 29th 2006
Symantec AV Vulnerability Latest
Published: 2006-05-29
Last Updated: 2006-05-29 21:21:41 UTC by Kevin Liston (Version: 2)

Symantec has updated their advisory

They confirm that the following versions are affected:
Symantec Client Security-
3.0 all builds
3.1 all builds
Symantec Antivirus Corporate Edition-
10.0 all builds
10.1 all builds

The following patches are available:
Symantec Client Security-
3.0 Builds 3.0.2.2010 and 3.0.2.2020
3.1 Builds 3.1.0.394 and 3.1.0.400

Symantec Antivirus Corporate Edition-
10.0 Builds 10.0.2.2010 and 10.0.2.2020
10.1 Builds 10.1.0.394 and 10.1.0.400

Symantec recommends that you upgrade to a “patchable” version. This may be bad news for some organizations.

Some have reported that the patching process is not trivial, and can be difficult to roll out in some environments.

At this time, there have been no reports of proof-of-concept-code or exploit code other than that held privately by eEye.

We have not received any reports of exploitation in the wild.

Handler’s Diary May 31st 2006
More on Symantec vulnerabilities
Published: 2006-05-31,
Last Updated: 2006-05-31 01:21:02 UTC by Bojan Zdrnja (Version: 1)

The latest patches from Symantec are causing quite a bit of confusion. To reiterate again what Kevin wrote in his diary (http://isc.sans.org/diary.php?storyid=1368):

*ALL* versions of 10.0.x and 10.1.x of Symantec Antivirus Corporate Edition and 3.0.x and 3.1.x of Symantec Client Security seem to be vulnerable.
Symantec Antivirus Corporate Edition version 8.x and 9.x seem to be ok.

Symantec released 4 patches for each product (http://www.symantec.com/avcenter/security/Content/2006.05.25.html):

Symantec Antivirus Corporate Edition
10.1.0.394 -> 10.1.0.396 (there’s a typo here on their web, it’s not version 3)
10.1.0.400 -> 10.1.0.401
10.0.2.2010 -> 10.0.2.2011
10.0.2.2020 -> 10.0.2.2021

Symantec Client Security
3.1.0.394 -> 3.1.0.396
3.1.0.400 -> 3.1.0.401
3.0.2.2010 -> 3.0.2.2011
3.0.2.2020 -> 3.0.2.2021

Now, if you are running *ANY* other version that is affected, you will have to first upgrade to one of the versions that have the patch out and then install the patch. I hope this will clear the confusion.

Hundreds arrested in $1B marketing fraud
International operation uncovers 2.8 million victims who suffered more than $1B in losses
Info World
By Grant Gross, IDG News Service
May 24, 2006

More than 565 people in North America and Europe have been arrested in an international sweep that targeted marketing fraud using the Internet and other means, the U.S. Department of Justice (DOJ) announced Tuesday.
The international operation, called Operation Global Con, targeted lottery and sweepstakes schemes, offers of nonexistent investments, bogus offers of preapproved credit cards, and fee scams similar to the popular Nigerian banking schemes, the DOJ said. Fraudsters used various means, including the Internet, telemarketing and mass mail, to target victims, the DOJ said.

Germany nabs 3,500 in file-sharer sweep
Investigators charge eDonkey network users with illegal music sharing
Info World
By Nancy Gohring, IDG News Service
May 23, 2006

German investigators charged 3,500 people with illegal music sharing, in the biggest single sweep of its kind, the International Federation of the Phonographic Industry (IFPI) said Tuesday.

German authorities helped identify the file sharers, who were using the eDonkey network to share thousands of music files. EDonkey software allows users to find and share files with other eDonkey users.

Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
Microsoft TechNet
Published: May 22, 2006

Microsoft is investigating new public reports of limited “zero-day�? attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.

Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.

Microsoft is concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

RFID tag can survive being washed, ironed, and pressed at least 100 times
Info World
By Martyn Williams, IDG News Service
May 18, 2006

The tag, encased in a soft plastic shell, can be attached to any textile and be washed, ironed and pressed at least 100 times and survive, said Midori Taniyama, of Fujitsu’s RFID Systems Department. Sample tags are being demonstrated Thursday and Friday at a company event in Tokyo as part of a laundry management system.

Info World
Three sentenced for ‘warez’ activities
By Grant Gross, IDG News Service
May 19, 2006

Three U.S. men have been sentenced to jail or home confinement for their participation in so-called warez online piracy groups, the U.S. Department of Justice (DOJ) announced.

These are the first federal criminal sentences for members of pre-release music groups resulting from Operation FastLink, an ongoing U.S. Federal Bureau of Investigation crackdown against organized piracy groups allegedly responsible for most of the initial illegal distribution of copyrighted movies, software, games and music on the Internet.

Apple Mac Products Affected by Multiple Vulnerabilities
Original release date: May 12, 2006
Last revised May 16, 2006
Source: US-CERT

Cyber Security Alert SA06-132A
Systems Affected
Apple Mac OS X version 10.3.9 (Panther) and version 10.4.5 (Tiger)
Apple Safari web browser
Apple Mail
Previous versions of Mac OS X may also be affected.
Overview
Mac OS X, Safari web browser, Mail, and other products are affected by multiple vulnerabilites. Apple has released Security Update 2006-003 to address these vulnerabilities, the most serious of which may allow a remote attacker to place and run malicious code on your computer.
Solution
Install an Update

Install Apple Security Update 2006-003 through Apple Update.
Disable “Open ’safe’ files after downloading”

For additional protection, disable the option to “Open ’safe’ files after downloading,” as specified in “Securing Your Web Browser.”

For more technical information, see US-CERT Technical Alert TA06-132A.

Copyright © is the original authors