BH Consulting's Security Watch Blog
An issue with the DAT 5958 update to the McAfee VirusScan Enterprise product causes PCs running Microsoft Windows XP Service Pack 3 to crash. The DAT 5958 update incorrectly identifies the system file svchost.exe as containing malicious code belonging to w32/wecorl.a. When the McAfee software tries to clean the mistakenly identified malicious code from the [...]
One of my favourite security tools, L0phtCrack, is back and available for download. L0phtCrack is an excellent password auditing tool which allows you to determine whether or not there are weak passwords on your network. L0phtCrack first came out in 1997 and it is a sad reflection on the information security industry, that twelve years later we [...]
Subsequent to the critical out of cycle patch, MS08-067, issued by Microsoft in October 2008, the Conficker Worm was discovered which infected systems that had not applied the MS08-067 patch. Since then the Conficker Worm has infected over an estimated 9 million PCs. Recent reports also highlight that the Conficker Worm has been upgraded by [...]
The computer security community is abuzz with the news announced today by a team of security researchers at the 25th Chaos Communication Congress in Berlin. The researchers were able to demonstrate how they were able to generate a fake Certificate Authority certificate and thereby allowing them to impersonate any secure website using SSL certificates. The research [...]
Microsoft has announced that it will release an out of band patch for the vulnerability in Internet Explorer as outlined in the Microsoft Security Advisory 961051. The patch will be released on the 17th December 2008. Microsoft will host two webcasts to address questions on the patch. The first is scheduled for 13:00 Pacific Time (US [...]
New worm detected in the wild Gimiv.A exploiting the MS08-067 vulnerability. More details at http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmiva.html?_log_from=rss http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html No details as to impact yet but Internet Storm Center InfoCON’s status still remains yellow. If Microsoft and others think this is a ig enough deal to warrant an out of cycle patch then it [...]
Microsoft tonight released a critical patch, MS08-067, outside their normal patch cycle. For Microsoft to release a patch outside of their patch cycle indicates that this is a serious issue that we must pay attention to. I am obviously not the only one who thinks that as the Internet Storm Center‘s Infocon has turned yellow which [...]
Details of the much talked about Clickjack exploit are now available on Jerermiah Grossman’s blog, RSnakes blog and Adobe’s website. Jeremiah and RSnakewere meant to demonstrate clickjack at a recent conference but decided not to in order to give the vendors time to address the problem. Given that this exploit can be used to remotely use [...]
Since my post on this issue yesterday and also Andy Whelan’s post to the ISSA Ireland’s newslist, a number of people have come back to me offline with regards to the current status within the Irish Internet space. It seems that a number of ISPs, 16 apparently, have not yet patched their DNS servers. But the biggest challenge [...]
Various vendors have banded together to fix a critical DNS cache poisoning vulnerability. The vulnerability was discovered by Dan Kaminsky six months ago and can enable criminals to conduct phishing scams by altering DNS records for legitimate sites to point to their phishing sites. The Register has a good article on it and SiliconRepulbic.Com also [...]