STE WILLIAMS

Vulnerability researchers at FireEye are reporting that Adobe’s Reader software has a zero-day flaw that hackers are already exploiting in the wild.

You’ve been pwned (click to enlarge)

The flaw is found in Adobe Reader 9.5.3, 10.1.5, and 11.0.1 and involves sending a specially crafted file to the target. Once opened, the malware installs two DLLs – one that shows an error message and opens a decoy PDF document, and a second that opens a backdoor to allow the code to communicate with a remote server.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files,” said the FireEye team in a blog post.

Adobe has responded with a brief blog post acknowledging that the problem has been noted and is being investigated further. No doubt its security engineers will be burning the midnight oil to investigate the issue and try and find a workaround or patch.

Those poor devils are having a very busy time of it this month. Last week Adobe rushed out two emergency patches for Flash after attackers started using them in active attacks. But while most people can get by without Flash, PDFs are another matter – by some estimates, Reader is on 90 per cent of PCs in the Western world.

Hackers realize this, of course, and Adobe’s products have been a primary attack vector for years now. And it’s not just Adobe having problems – the popular Foxit PDF reader plugin for web browsers got a zero-day exploit of its own in January that took nearly two weeks to fix. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/14/adobe_reader_flaw_fireeye/

Vulnerability researchers at FireEye are reporting that Adobe’s Reader software has a zero-day flaw that hackers are already exploiting in the wild.

You’ve been pwned (click to enlarge)

The flaw is found in Adobe Reader 9.5.3, 10.1.5, and 11.0.1 and involves sending a specially crafted file to the target. Once opened, the malware installs two DLLs – one that shows an error message and opens a decoy PDF document, and a second that opens a backdoor to allow the code to communicate with a remote server.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files,” said the FireEye team in a blog post.

Adobe has responded with a brief blog post acknowledging that the problem has been noted and is being investigated further. No doubt its security engineers will be burning the midnight oil to investigate the issue and try and find a workaround or patch.

Those poor devils are having a very busy time of it this month. Last week Adobe rushed out two emergency patches for Flash after attackers started using them in active attacks. But while most people can get by without Flash, PDFs are another matter – by some estimates, Reader is on 90 per cent of PCs in the Western world.

Hackers realize this, of course, and Adobe’s products have been a primary attack vector for years now. And it’s not just Adobe having problems – the popular Foxit PDF reader plugin for web browsers got a zero-day exploit of its own in January that took nearly two weeks to fix. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/14/adobe_reader_flaw_fireeye/

Vulnerability researchers at FireEye are reporting that Adobe’s Reader software has a zero-day flaw that hackers are already exploiting in the wild.

You’ve been pwned (click to enlarge)

The flaw is found in Adobe Reader 9.5.3, 10.1.5, and 11.0.1 and involves sending a specially crafted file to the target. Once opened, the malware installs two DLLs – one that shows an error message and opens a decoy PDF document, and a second that opens a backdoor to allow the code to communicate with a remote server.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files,” said the FireEye team in a blog post.

Adobe has responded with a brief blog post acknowledging that the problem has been noted and is being investigated further. No doubt its security engineers will be burning the midnight oil to investigate the issue and try and find a workaround or patch.

Those poor devils are having a very busy time of it this month. Last week Adobe rushed out two emergency patches for Flash after attackers started using them in active attacks. But while most people can get by without Flash, PDFs are another matter – by some estimates, Reader is on 90 per cent of PCs in the Western world.

Hackers realize this, of course, and Adobe’s products have been a primary attack vector for years now. And it’s not just Adobe having problems – the popular Foxit PDF reader plugin for web browsers got a zero-day exploit of its own in January that took nearly two weeks to fix. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/14/adobe_reader_flaw_fireeye/

Vulnerability researchers at FireEye are reporting that Adobe’s Reader software has a zero-day flaw that hackers are already exploiting in the wild.

You’ve been pwned (click to enlarge)

The flaw is found in Adobe Reader 9.5.3, 10.1.5, and 11.0.1 and involves sending a specially crafted file to the target. Once opened, the malware installs two DLLs – one that shows an error message and opens a decoy PDF document, and a second that opens a backdoor to allow the code to communicate with a remote server.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files,” said the FireEye team in a blog post.

Adobe has responded with a brief blog post acknowledging that the problem has been noted and is being investigated further. No doubt its security engineers will be burning the midnight oil to investigate the issue and try and find a workaround or patch.

Those poor devils are having a very busy time of it this month. Last week Adobe rushed out two emergency patches for Flash after attackers started using them in active attacks. But while most people can get by without Flash, PDFs are another matter – by some estimates, Reader is on 90 per cent of PCs in the Western world.

Hackers realize this, of course, and Adobe’s products have been a primary attack vector for years now. And it’s not just Adobe having problems – the popular Foxit PDF reader plugin for web browsers got a zero-day exploit of its own in January that took nearly two weeks to fix. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/14/adobe_reader_flaw_fireeye/

A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities.

Five of these bulletins reveal critical holes in the software giant’s products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component. One of the IE bugs can be exploited by an attacker to gain control of a user’s machine via a drive-by download.

Another update (MS13-010) also patches Microsoft’s web browser to squash a security bug in an ActiveX dynamic-link library. This update is, if anything, even more important because it addresses a vulnerability that’s being actively exploited by miscreants.

The other critical updates cover Windows bugs, as explained in Microsoft’s bulletin here.

In other patching news, Adobe followed up a Flash release last week that grappled with two 0-day vulnerabilities, with a new patch for its plugin. The update fixes 17 security flaws. Users of Internet Explorer 10 and Google Chrome should be patched automatically.

Commentary on both updates can be found in a blog post by Wolfgang Kandek, CTO of Qualys, here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/13/feb_patch_tuesday/

A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities.

Five of these bulletins reveal critical holes in the software giant’s products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component. One of the IE bugs can be exploited by an attacker to gain control of a user’s machine via a drive-by download.

Another update (MS13-010) also patches Microsoft’s web browser to squash a security bug in an ActiveX dynamic-link library. This update is, if anything, even more important because it addresses a vulnerability that’s being actively exploited by miscreants.

The other critical updates cover Windows bugs, as explained in Microsoft’s bulletin here.

In other patching news, Adobe followed up a Flash release last week that grappled with two 0-day vulnerabilities, with a new patch for its plugin. The update fixes 17 security flaws. Users of Internet Explorer 10 and Google Chrome should be patched automatically.

Commentary on both updates can be found in a blog post by Wolfgang Kandek, CTO of Qualys, here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/13/feb_patch_tuesday/

A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities.

Five of these bulletins reveal critical holes in the software giant’s products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component. One of the IE bugs can be exploited by an attacker to gain control of a user’s machine via a drive-by download.

Another update (MS13-010) also patches Microsoft’s web browser to squash a security bug in an ActiveX dynamic-link library. This update is, if anything, even more important because it addresses a vulnerability that’s being actively exploited by miscreants.

The other critical updates cover Windows bugs, as explained in Microsoft’s bulletin here.

In other patching news, Adobe followed up a Flash release last week that grappled with two 0-day vulnerabilities, with a new patch for its plugin. The update fixes 17 security flaws. Users of Internet Explorer 10 and Google Chrome should be patched automatically.

Commentary on both updates can be found in a blog post by Wolfgang Kandek, CTO of Qualys, here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/13/feb_patch_tuesday/

Lenovo, PayPal and lesser-known fellow travellers Agnitio, Infineon Technologies, Nok Nok Labs and Validity, have cooked up a new authentication standard for websites and an alliance to push it to the world.

The Fast Identity Online Alliance (aka FIDO), as the group and proposed standard are both known, advances a two-factor authentication scheme capable of working with a variety of tokens including biometrics, password-protected USB sticks and embedded hardware modules. The potential to use multiple tokens means the standard will be usable by one individual on many devices.

The group’s idea is that sites adopt FIDO, promote it as a more secure form of login, and then liaise with third-party token issuers to validate logins. Such an arrangement, it is hoped, will prove more secure than simple authentication arrangements and also rather harder for scammers and spear phishers to exploit with fake websites.

A browser plugin is an essential piece of the FIDO plan, as it will handle exchange of information between the token and the FIDO authentication server employed by a FIDO-using site.

How FIDO works. Or will work if anyone signs up.

The USA’s National Institute for Standards and Technology has applauded FIDO, with Jeremy Grant, senior executive advisor the Institute’s National Strategy for Trusted Identities in Cyberspace (NSTIC) program quoted in its launch press release.

But there are gaps in FIDO’s plan, including a lack of members who want to implement the standard. A seminar in Silicon Valley later in February should help to get the ball rolling.

Technical issues, such as persistence of tokens if one replaces or wipes a device, have also been identified and will be sorted out once committees sit down and start thinking about the standard in depth.

That committee’s work may will need to consider that being conducted by the folks behind Security Assertion Markup Language and oAuth, two authentication standards FIDO mentions as complementary rather than competitive. Indeed, FIDO hopes to extend the first by offering an authentication process it lacks and improve the second by ensuring logins only happen with users’ express permission. The group says it doesn’t compete with OpenID, as it has no ambitions to provide federated identity management.

PayPal has an obvious interest in the success of FIDO, as anything that reduces fraud will doubtless be good for its bottom line. Lenovo, too, clearly has an interest given it has in the past promoted face recognition software as an authentication tool and is doubtless keen to point out the utility of fingerprint readers in its devices. As a new entrant to the smartphone market, offering secure and hands-free faceprint authentication won’t hurt its prospects as it turns to markets beyond China. The other FIDO participants appear to hope for roles in the background, facilitating authentication with their own services and making a buck along the way. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/13/fast_identity_alliance_launched_with_lenovo_and_paypal_support/

Dan Nolan, an Australian software developer, has claimed that Google Play sends those who sell apps in the online bazaar personal details of app buyers.

Nolan rose to notoriety late in 2012 by launching “The Paul Keating Insult Generator”. Keating was Prime Minister of Australia between 1991 and 1996 and had a famously acid tongue. Keating described one political opponent as an “intellectual rust bucket” and laughed off criticism from another as “like being flogged with a warm lettuce.”

Nolan’s collection of Keating’s best insults became Australia’s best-selling iOS app. He’s since coded an Android version, and when checking to see how well it has done made the startling discovery that the “merchant account” feature lets him see personal details about those who have bought the app.

“Let me make this crystal clear,” he has blogged, “every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred.”

“With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase,” Nolan says.

Nolan’s not provided any screenshots or other substantiations for his claim.

The Register requested comment on Nolan’s report from Google, but the ad giant and self-driving car pioneer has not responded at the time of writing. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/13/developer_says_google_play_sends_personal_data/

Several Burmese journalists and foreign correspondents have been warned by Google that their Gmail accounts may have been compromised by “state-sponsored attackers”.

The writers, when logging into the webmail service, were confronted with a warning message stating “we believe state-sponsored attackers may be attempting to compromise your account or computer”, Hacker News reports.

Google introduced this form of alert in June to warn users if it suspected government-backed miscreants had tried to access their inboxes without authorisation.

“If you see this warning it does not necessarily mean that your account has been hijacked,” Google explained at the time. “It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account” – such as making use of Google’s two-factor authentication system.

The advertising giant won’t say what exactly triggers the state-sponsored hijacking alert, as opposed to attempts made by common-or-garden crooks, lest it helps “bad actors”. However the search biz hinted that reports by victims and its own monitoring activities play a role. Google also refrains from revealing which nation may be behind an attack.

Aye Aye Win, a correspondent in Myanmar, Burma, for the Associated Press, and Myat Thura, a Myanmar correspondent for Japan’s Kyodo News Agency, have both been confronted with warnings from Google about attempted compromises. Employees of Eleven Media, one of Burma’s leading news organisations, and local authors were also hit with alerts over the last few days, The New York Times reports.

Eleven Media’s website and Facebook page were shut down by hackers several times in recent weeks, the paper adds.

Internet traffic in and out of Burma has been tightly censored for many years. At one point the country even considering severing all links with the wider web, but in the interests of commerce the secretive nation scrapped that plan. In the two years since, President Thein Sein gained office and restrictions have been lifted – but true democracy may take longer to be established.

Reporters in Burma speculated that attempts by secret policemen or such types to hack into their Gmail accounts may be linked to articles about armed clashes between Kachin rebels and government forces in northern Myanmar; the fighting has put the country’s rulers on edge and their officials have denied reports that the government attacked rebels using aircraft – until Eleven Media filed pictures of air-to-surface assaults. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/13/burma_journo_email_hack_warning/