Tag Archives: security

Ongoing Sec – More Exploited Vulnerabilities Patched

29 December – Krebs reports that real bad guys are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer. Now we know what a “Watering Hole Attack” is – the targeted compromise of legitimate websites thought to be of interest to or frequented by end users who belong to organizations that attackers wish to infiltrate.


Being fully upgraded does not stop this exploit~!

Attackers Target Internet Explorer Zero-Day Flaw — Krebs on Security

11 December – More Flash, eh?

Critical Updates for Flash Player, Microsoft Windows — Krebs on Security

7 November – More Mandatory Flash updates; Best explained at Adobe Ships Election Day Security Update for Flash — Krebs on Security, who warns, “Adobe urges users to grab the latest updates from its Flash Player Download Center, but that option pushes junk add-ons like McAfee VirusScan. Instead, download the appropriate version for your system from Adobe’s Flash Player Distribution page. Most users can find out what version of Flash they have installed by visiting this link.”, then goes on to explain with graphs and links the best things to do.

9 October – To find what version of Flash you have installed – click this link.

Then, Flash Player Download Center

Then, Critical Adobe Flash Player Update Nixes 25 Flaws — Krebs on Security

20 September – Solution for Explorer…kinda…Internet Explorer Users: Please Read This — Krebs on Security

18 September – Explorer Zero Day in the wild. Exploit Released for Zero-Day in Internet Explorer — Krebs on Security ONLY ONE SOLUTION: Use another browser…anything but Internet Explorer, until this is sorted out, patched and sorted out again.


5 September – Apple Users…Software Update…Java Joy…OK; Java Safety.

Apple Releases Fix for Critical Java Flaws — Krebs on Security

29 August – “New analysis of a zero-day Java exploit that surfaced last week indicates that it takes advantage of not one but two previously unknown vulnerabilities in the widely-used software. The latest figures suggest that these vulnerabilities have exposed more than a billion users to attack.”

Just get you Java change on now, and tell your friends…and read: Researchers: Java Zero-Day Leveraged Two Flaws

22 August – “For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least five six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild.”

Read more…everyone, that means Mac, and Windows and Linux and Android…: New Adobe Flash Player Update Fixes 6 Flaws — Krebs on Security



14 August – “…is actively being exploited to break into Windows computers…” Ain’t those just the Adobe and Microsoft words you love to hear? Active X, Flash Player, Shockwave…for Mac and PC. Clearly, not the time to be reading. Get all the computers in your domaine fixed now.

See:  Critical Security Fixes from Adobe, Microsoft — Krebs on Security

6 July – A Java attack will commence on 8 July upon those who have not upgraded to the latest Java according to Krebs: New Java Exploit to Debut in BlackHole Exploit Kits — Krebs on Security

Krebs suggests that Java be turned off if unused. Apple automatically turns off Java if unused for 35 days.

Regardless, make certain that family and friends and employees are up to date with Java.

Run How do I test whether Java is working on my computer? to make certain Update 33 of Version 6 or Update 5 of Version 7 is running.

As long as you are checking, you may as well also check you vernon of Flash at:

Adobe – Flash Player

[I am doing a study on this subject. If Mac users could email me with their Java version and OS version, I would appreciate it: Editor]

22 June – Some who updated Flash recently report that there is more Firefox crashes…thus: Adobe updates Flash Player 11.3 to fix Firefox crashing problem – The H Security. The fixes are reported for Windows users, but I must say that my Mac is having weird Firefox crashes recently…like 3 or 4 in as many days.

As far as Cisco VPN, the company is full of advisories. Read H-Online for the details: Cisco closes holes in its VPN client and security appliances.

14 June – Java now, this time for Apple. Since it can take days before you computer informs you, go to Software Update now.

Krebs on Security describes it at: Apple, Oracle Ship Java Security Updates — Krebs on Security

Apple Security describes it at: About the security content of Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9

13 June – Update Windows Now, ask questions and read articles later. 26 separate security holes, three critical PLUS Microsoft XML Core Services has “Browse and Get Owned” flaws.

Microsoft Patches 26 Flaws, Warns of Zero-Day Attack — Krebs on Security

So, if you have just returned from vacation, that’s Windows, Flash changes and change your password at LinkedIn and anywhere else that you use a similar password.

8 June – Flash replacement time fixing at least 7 vulnerabilities and adding sandboxing protection to Mac users who use Firefox. Full data at Krebs:

Critical Security Fixes for Adobe Flash Player — Krebs on Security

Adobe Flash Player Download Center

Adobe Flash Removal tool

Meanwhile, if you haven’t been following the embarrassing news from LinkedIn, eHarmony and Last.fm, it is time to change your passwords to any and all of them, and ANY ACCOUNT THAT YOU HAVE THAT USES THE SAME OR SIMILAR PASSWORD. You can read about this, or you can just get started and come up with a new password phrase and change every password that you have.

Password leaks bigger than first thought

Millions of Last.fm passwords leaked eHarmony admits to leaking 1.5 million passwords

Comment: LinkedIn and its password problems

And, just because Microsoft and Flame should own each other forever:

Flame – oversights and expertise made for Windows Update worst case scenario

Windows Update compromised

5 June – Flame and Windows; at one time it seemed like Flame was going to be a real lesson, and it would be a non-event. Just a virus/trojan package that has been around for a few years, hitting ‘those guys’ in the middle-east somewhere. Now it turns out that hundreds of thousands of people are affected and have been for a long while, and that it was signed by a Microsoft SSL Certificate and the only thing certain is that there are more surprises ahead.

Then today Microsoft says they have a solution, download an update today. Oops, another news story says that the hackers have performed a “man in the middle attack” that allows them to infiltrate your computer when you think that you are getting a real Microsoft Software Update.

The answer is that you must have your employees upgrade their Windows software. Read the stories yourself:

Microsoft Update and The Nightmare Scenario – F-Secure Weblog : News from the Lab

Flame alleged to have infected systems via Windows Update

Flame worm was signed by forged Microsoft certificate

‘Flame’ Malware Prompts Microsoft Patch — Krebs on Security

Don’t believe this Update notice…or at least don’t let anyone click on it…upgrade with the standard upgrade pull down on the Start menu.



9 May – “I just went through several days of hell after Microsoft’s truly massive Patch Tuesday updates trying to fix my Adobe PremierePro CS5 edit system, only to discover that Nvidia released an update to ALL the Quadro cards on May 4 that is required in order for ActiveX to work properly after the Patch Tuesday events.” Robin McCain reports at Cutter-Talk. “This may or may not affect Mac owners who use Quadro cards for editing, but it is worth checking out if you suddenly have problems…”

Meeanwhile, Apple pushes on with several security fixes in a 350MB  10.7.4 upgrade…and a similar upgrade for 10.6 users. Use the Software Update pull down. Here is the Security Issue:

About the security content of OS X Lion v10.7.4 and Security Update 2012-002

15 April – Use the standard Apple Software Update pulldown now because: “This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.” About Java for OS X Lion 2012-003

10 April – “What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.”

Other notable fixes from Microsoft this month include a .NET update, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update.

Adobe’s updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows, Mac OS X, and Linux.”

Read the whole Krebs On Security article:  Adobe, Microsoft Issue Critical Updates

3 April – Java Update for Mac…jeesh…holiday presents for everyone. Seeing as how there are active threats against Java, just run the Mac Updater.

27 March – New Java Attack Rolled into Exploit Packs is how Krebs on Security is describing the latest security hole in your universe’s wa. Read the details and kill any unnecessary Java tools for now.

13 March – Remote Desktop Protocol from Microsoft…ever turned it on? Sitting there on any of your systems? RDP Flaws Lead Microsoft’s March Patch Batch — Krebs on Security

Don’t read anymore…just make certain that you and all the people who ever send you mail and all their friends who send them mail are updated. Good luck.

16 Feb – The exploit seems to affect IE users on Windows at this time, but Adobe is telling everyone to go to the Adobe Flash Player Download Center and get the latest inoculation. Krebs says (Flash Player Update Nixes Zero-Day Flaw — Krebs on Security):

“…although if you’re not careful to untick the check box next to whatever “optional” goodies Adobe tries to bundle with Flash Player (the most common is McAfee Security Scan Plus) you could end up with more than you wanted.”

14 Feb – Patch Tuesday…but don’t update Silverlight…jeesh. For those keeping score, with 21 security holes on 9 updates for MS and 9 vulnerabilities for Shockwave, put aside 30 minutes per machine today. Come back and do the silverlight/.NET update last, by itself. Here’s the scoop from Krebs: Critical Fixes from Microsoft, Adobe — Krebs on Security.

Mac users: You will probably need the Silverlight upgrade as well if you use sites such as Netflix and poke here to check your Shockwave.

13 Fab – More Firefox urgent security upgrade news. Get 10.0.01 now. Versions before the recently release 10.0 do not have this problem, but had other security issues. Use after Free means what it sounds like. You set your browser free because you love it so much, and it gets abused.


3 February – Tibetan Restaurant? If your Windows browser goes to a Tibetan restaurant on its own, suspect a very clever Trojan, and suspect that code is being dumped onto your computer. Most Trojans get caught because they start doing something when loaded. This trojan waits, then innocently gives a command for this website.

As this H-Online article states: “This example once again shows how important it is to install a virus scanner with a behaviour monitor.”

Trojan downloader is a problem for virus scanners – The H Security: News and Features

2 February 2012 – Non-Lion OSX users should not delay with the current security update, though none of the flaws are known to be in the wild.  About the security content of OS X Lion v10.7.3 and Security Update 2012-001

27 Jan – Microsoft Again! Update against what is being termed a “browse-and-get-owned flaw for Windows XP, Windows Vista, Windows Server 2003 and 2008 users, meaning these folks can infect their machines merely by browsing to a hacked or malicious site hosting a specially crafted media file. If you run Windows and have delayed installing this month’s updates, consider taking care of that now by visiting Windows Update.” This is from Krebs, who also point to a new and dangerous PC Anywhere flaw that PC Anywhere says, “REPAIR OR REMOVE.”

Go to: Warnings About Windows Exploit, pcAnywhere — Krebs on Security


10 January – If you use Acrobat, Adobe Reader or Windows, it’s time to patch…Oy! According to Krebs on SecurityAdobe, Microsoft Issue Critical Security Fixes there are enough reasons to drop everything and update now. I mean, critical is blasé and “seven security bulletins addressing at least eight vulnerabilities” is barely worth a comment.

29 Dec – Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Read the whole article at: New Tools Bypass Wireless Router Security — Krebs on Security

21-update on 27 Dec – Update Firefox now…MS, run Updates again, but the horror of another hole is exposed…first blamed on Apple’s Safari but as it turns out it is a MS flaw in Windows 7, potentially with all browsers…first thought not a problem on 32 bit systems but now seen to be 7-wide…no exploits seen now…but stay aware…and teach others in your circle.

Microsoft confirms Windows vulnerability – The H Security: News and Features

Critical holes in Firefox, Thunderbird and SeaMonkey – The H Security: News and Features

14 December – Critical Microsoft Updates. Force the updates now, then read why:

Security Updates for Microsoft Windows, Java — Krebs on Security
13 pre-Christmas patches from Microsoft – The H Security: News and Features


30 Nov – Critical Ultimate Critical – Update Java Now everywhere. All systems on all platforms are vulnerable to active exploits. Upgrade Now.

Read Public Java Exploit Amps Up Threat Level — Krebs on Security

Do nothing before doing this, and tell all your friends.

12 November – Critical Flash Update Plugs 12 Security Holes

13 October – Apple Safari’s turn – urgent. Upgrade now! This means you and everyone you know.

11 October – Microsoft Updates Galore. Don’t delay. Including iTunes for Microsoft. See: Critical Security Updates from Microsoft, Apple — Krebs on Security

3 October –Android seriously exposes yourself: Backdoor in HTC Android smartphones – Update

Firefox 7 also seems mandatory, but 7.1 is as well: Security Advisories for Firefox shows 7 critical vulnerabilities in 7 that need repairing with the latest, but earlier issues on 7 show that upgrading from 6 was important as well. Mozilla details security fixes in Firefox and Thunderbird updates

28 Sept – Skype for iOS repaired, PDF Pretense exposed

Force an update on your iOS Skype, as they have repaired a flaw that could expose your contact list, among other things.

Last week, Mac Trojan hunters found what appears to be a proof-of-concept use of a malware program for the Mac hidden inside a PDF. Open the PDF and the other program opens in the background. Today Apple has added that to their super list of Super Don’t Open XProtect malware signature list. Great, if you are using 10.5 or above.

But this might be a perfect time to bring up the question, “Why is anyone in need of security using a PDF file that isn’t secure. The only secure PDF file is a PDF/A file, also known as standards called ISO 19005-1 and ISO 15930-3 – that’s PDF/A-1 and PDF/X-3. It appears that we are entering the age of darkness.

21 Sept – If Vegas had a betting line on Adobe Flash being secure, you couldn’t get any takers. Here we are again. Read Krebs, or just force an update…ALL Operating Systems. Flash Player Update Fixes Critical Flaws — Krebs on Security

14 Sept – “correct critical vulnerabilities in the programs that could be exploited by attackers just by convincing users to open a booby-trapped file.” For 3 points, is that Adobe generally, Adobe Reader or Adobe Acrobat? Choose any three.

Don’t forget Microsoft: Excel, Office, Windows Server and SharePoint upgrades for security holes.

Get those patches now. So sayeth:  Adobe, Windows Security Patches — Krebs on Security

30 Aug – SSL Cert Violation Repaired! – Mandatory Firefox and Chrome Updates – False SSL certificate violation repaired. See stories at: Updated Chrome and Firefox for fraudulent Google certificate available – The H Security: News and Features


Fake Google certificate is the result of a hack – The H Security

Or, don’t read the articles and just do the updates now…Madatory, as in Danger Will Robinson…now now now

10 Aug – Updates for Adobe Flash, Shockwave, AIR are mandatory. Read the Krebs on Security link for details, and do it now.

28 July – Force an update of iOS 4.3.5 now. There is a real SSL security hole that is fixed with this version.

12 July – “Zitmo (on the Android) is designed to intercept the one-time passcodes that banks send to mobile users as an added security feature. It masquerades as a component of Rapport, a banking activation application from Trusteer. Once installed, the malware lies in wait for incoming text messages, and forwards them to a remote Web server.” Read the rest of this horror story and keep your dcinema keys off of any Android tool. ZeuS Trojan for Google Android Spotted — Krebs on Security

15 June – If you repaired your Adobe Reader or Flash last week, cut out some time to re-do it today. (The only pain is closing all those 100 browser windows you have open.)

MS has 34 fixes available, including some for Mac Office users.

Since both the Adobe and the Microsoft issues address active malware in the wild, do not hesitate to protect your systems…again.

Krebs on Security has two excellent articles: Microsoft Patches Fix 34 Security Flaws AND Adobe Ships Security Patches, Auto-Update Feature

6 Jun – Adobe Flash is finally repaired. Any computer that touches a USB stick that touches a DCinema server must immediately update, at Adobe Update Site. This affects all OS, including Mac and Linux, so update party everyone.

Google Chrome will auto-update but not run the code until a reboot is done. So, do so.

The Zero Day problem that Flash was a magnet for is not gone into in much detail on the Adobe site. Security by Obscurity – bad news for us all.

3 June – Malware Mutates should be the headline. For extra protection see the following article (with pictures and arrows!): Mac Defender mutates past security update – The H Security: News and Features


31 May – Apple released an OS upgrade to attack the MacDefender malware. It is 2.1 Megs. Get the Upgrade process started now while you read the details at Krebs on Security: Apple Update Targets Mac Malware — Krebs on Security.

Your computer will eventually do this, but it cannot be relied upon to make this update immediately. Force a “Software Update” by clicking on the top left Apple icon and click on the Software Update link.

KNOW AND TELL OTHERS THIS ! ! ! – This particular upgrade is not ready yet for OS 10.5 or below. Also, it does not protect against infections through USB drives, BitTorrent downloads and other similar methods of penetration. This is not going to be the last that Mac users hear of this.

Apple releases update to protect against MacDefender | Naked Security says:

My impressions? A good reaction from Apple in a short amount of time. They are making the best of what is available in the OS X platform at this time. Unfortunately it falls short in many respects.

The biggest problem is the lack of an on-access scanning component. While LSQuarantine works to protect against downloads in most browsers, it doesn’t prevent infections through USB drives, BitTorrent downloads and other applications.

Daily updates are a good start, but it remains to be seen how frequently the criminals may release new variants. If they start moving in a polymorphic direction similar to the one the Windows malware writers have gone, XProtect will have issues.

Of course this update only applies to OS X 10.6 “Snow Leopard,” so older Mac users are left unprotected.

OS X 10.6 users should apply this update as soon as possible, and I recommend installing a more fully featured anti-virus solution like our freeSophos Anti-Virus for Mac Home Edition. It’s totally free; we don’t even ask you for your name or email.

26 May – Mac malware just got serious. Definitely go to Safari Preferences and under General uncheck “Open ‘safe’ files after downloading”. But that may not help if a varient of the malware named MacDefender is able to load its two files – somehow they are able to load without a password, according to Intego. Mac Defender variant doesn’t require admin password – The H Security

— And you PC users shouldn’t be gloating. A zero-day cookie monster can do whatever it wants:  Internet Explorer: cookie theft made easy – The H Security.

25 May – Mac Malware, “MacDefender, MacProtector and MacSecurity” are attacked by Apple. The following Knowledgebase Document tells how to get rid of the phishing software if you have been hit, and news is that there is an OS update coming that will remove all known variants of the bad code.

How to avoid or remove Mac Defender malware

24 May – LinkedIn security needs improvement according to H-Security: LinkedIn is careless with access cookies – The H Security: News and Features

Doncha just love Side Channel Attacks? This time it is a successful timing attack, grabbing ‘secret’ keys from RSA and DSA cryptography. There are similar attacks against AES-256 in case you were thinking of gloating.

Successful timing attacks on elliptic curve cryptography – The H Security: News and Features

9 May – There are a number of odd exploits out there that we should all be aware of, For example, Mac users of Skype should make certain that they are running Version since there is a bizarre hole in previous versions that allow a clever person or worm to contact the user and then create a shell that can take over the Mac. See: Confusion over Skype for Mac security issue – H Security

For users of the Check Point Router and VPN/SSL client, there is also an exploit in the previous versions of software. Get the latest. See: Security update for Check Point for SSL-VPN clients – H Security

Finally, Google Images are being loaded with worms and trojans. Instruct your employees and friends to stay away…don’t send pictures, don’t send links until Google solves this. Both Krebs on Security and H-Security have explanations of this problem.

Scammers Swap Google Images for Malware — Krebs on Security

Google Images search results may lead to malicious sites – The H Security

28 April – The Coreflood botnet gets an effective smack from Microsoft. If you are using MS software, be certain to do a software update now. Usually MS only updates on the 2nd Tuesday of the month but the Coreflood villains have learned to take advantage of this with the millions of computers that it has infected.

Read the H-Security article for more solutions to this mess. You’ll thank yourself and MS too: Microsoft releases out-of-schedule update for anti-malware tool – The H Security: News and Features

21 April – Relief; Reader and Acrobat Patched – Update Now. This is a ActiveThreat™ Alert.

Krebs on Security: Adobe Reader, Acrobat Update Nixes Zero Day — Krebs on Security

16 April – Again with the UPDATE NOW!! This time only Flash because Adobe can’t keep up and won’t have the Reader updates available for at least a week. But the ActiveTricksters™ aren’t waiting. Read about it at Krebs On Security – Time to Patch Your Flash

22 Mar – Update NOW!! Flash and Reader Repaired – Get the links and story from Krebs: Critical Security Updates for Adobe Acrobat, Flash, Reader — Krebs on Security

15 Mar – Ouch! A new and in the wild Flash and Reader security problem won’t have a fix until 21 March. Krebs reports the whole story here:
Adobe: Attacks on Flash Player Flaw — Krebs on Security

“Adobe warned today attackers are exploiting a previously unknown security flaw in all supported versions of its Flash Player software. The company said the same vulnerability exists in Adobe Reader and Acrobat, but that it hasn’t yet seen attacks targeting the flaw in those programs.

In an advisory released today, Adobe said malicious hackers were exploiting a critical security hole in Flash (up to and including the latest version of Flash. The software maker warned the vulnerability also exists in Adobe Flash player and earlier versions for WindowsMacLinux and Solaris operating systems ( and earlier for Chrome users), Flash Player 101.106.16 and earlier for Android. In addition, Adobe believes the bug lives in the “authplay.dll” component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Mac systems.”

9 Mar – New Java for Macs, a load of updates for Windows…

The turnaround for Java updates for Mac is very quick this time, and that’s good news. There was a lot of security problems in the last release from Oracle. Java Update 4 is available with the standard Update tool. You can read about the update here: About the security content of Java for Mac OS X 10.6 Update 4

Window Patch Tuesday also has critical updates, but that is usual and ‘do it now’ necessary.

Also ‘do it now’ necessary is a critical Shockwave update patch, and an Adobe Flash update available here.

As Krebs On Security points out, you must update for each browser that you have on your computer. Check whether you have the latest version at this page.

Krebs also points out that Apple has a new iTunes for Windows that has dozens of security fixes. Use the new Windows version of Apple Software Update that comes bundled with the iTunes. Why you have iTunes on your production computer that touches security keys is a different question. Rethink your security policies and always think Vigilance.

Patch Tuesday, Etc. — Krebs on Security

6 Mar – Check your Firefox Update. Two in the last few days. The latest is just a Java problem fix, but the last one and the one before that had more RED alerts to paint a stop sign.  Security Advisories for Firefox 3.6

24 Feb – Microsoft’s virus scanner causes security problem – The H Security: News and Features

Read the report.

This brings up: Why do we pay attention to Windows news when most all the servers out there are Linux based?

The answer comes from two directions. First, It is a rare facility in any part of the distribution chain that doesn’t have Windows machines as part of their production cycle. Emails are sent and received with Windows, keys are downloaded from windows, pdf files are downloaded from windows, which are put onto USB sticks. These USB sticks are put into systems that are dedicated to creating terrific movies – but they aren’t set up to be updated against the latest virus or trojan threat.

Viruses and Trojans can be designed to bounce around, doing nothing to intermediate systems, staying dormant until they reach the target machine. The code that they are made of doesn’t register as a virus by the transmitting machines, meaning that your desk computer won’t alert you if the pdf you put on your USB stick has a Linux virus.

In truth, it seems like a stretch to assume that someone would write a program for some target machine that requires several dozen steps before it is able to wreck havoc. But tell that to the Iranian Nuclear Facility. Tell that to the US Dept. of Defense, whose systems took two years to clear from a virus caught by a USB stick from a laptop of an employee.

DCinema systems are under the radar now. The movies on them are very secure. Only 11 of the 16 layers of AES-256 encryption have been broken. It is easier to pirate movies off the screen.

Which brings up the 2nd viewpoint: Proper security is done by design, not by luck.The habit of constant vigilance takes a long time to build.

Enough said.

23 Feb – H-Security reports “As expected, Microsoft has made the first Service Pack for Windows 7 and Server 2008 R2 available for download and started to distribute it via Windows Update.” For links and ideas, go to the original article:

Service Pack 1 for Windows 7 available for download – The H Security: News and Features







17 Feb – Limit the exploitability of the SMB flaw by blocking the BROWSER protocol at the network edge.

New SMB Bug Found in All Versions of Windows.

Yeah; that’s all you need to do. Read: Notes on exploitability of the recent Windows BROWSER protocol issue – Security Research & Defense – Site Home – TechNet Blogs

16 Feb – Oracle Updates Java for 21 Vulnerabilities – www.esecurityplanet.com – Mac users have to wait until Apple makes a change in their update code. This took weeks last time.

10 Feb – GMail gets high tech password option – Advice: Use it.

Details at KrebsOnSecurity: Google Adds 1-Time Passwords to Gmail, Apps

More data on One Time Passwords:
Intel Introduces One Time Password Hardware)
Symantec Introduces Game Changer for Strong Authentication Credentials
Intel, Symantec and Vasco propagate single-use passwords – The H Security: News and Features

8 Feb – Adobe, Microsoft Patch Tuesday; 29 Security problems with Adobe, 22 from Microsoft, 5 of which are “Critical”. There are reports of problems with the updates. Changes to the OS behavior are reported as well. Time to change to Reader X if you haven’t already done so. It seems a lot better in terms sandboxing problems: Adobe Reader X Update

Read Krebs on Security:
Adobe, Microsoft, WordPress Issue Security Fixes

31 Jan – H-Security provides an important update to the 27 Jan story from Krebs below. “Apparently Trusted Websites” is what catches my eye, and a reference to a blog post that shows how to test for vulnerability. See:

Microsoft warns of cross-site scripting in Windows – The H Security: News and Features

27 Jan – “Hackers have published instructions…” Words that have to make Microsoft quiver. Do you go to sites that need to handle MHTML? All versions of Windows are exposed to the siphoning of user data, or worse.

Firefox has an MHTML add-on, which most people wouldn’t know to download, unless you need to open web archives from Windows users.  This happened to your editor just last week. turn off this Firefox add-on.

Microsoft: Exploit Published for Windows Flaw — Krebs on Security

12 Jan – Microsoft confirms what ITPro reports, that the Internet Explorer bug is in the wild now. It points out that the latest updates will close the hole created (but still leaves the Zero-Day unprotected.) Warning: Don’t have unprotected IE internet.

Microsoft warns IE flaw is being exploited | IT PRO

11 Jan – Microsoft Plugs 3 Security Holes, 1 Critical. Zero-Day flaws go unfixed. Update now anyway. Story well told at: Microsoft Plugs Three Windows Security Holes — Krebs on Security, which notes: Microsoft has released two separate FixIt tools to help users mitigate the threat from a couple of the more pressing outstanding vulnerabilities. If you use Windows, and especially if you browse the Web with Internet Explorer, you should take a moment to take advantage of these stopgap fixes, available here and here.

6 Jan – Mac OS 10.6.6 released; among the 126Mb download is one security fix, having to do with an obscure man-in-the-middle attack. Most of the update seems to be interfacing the AppStore, except for a couple odd issues with the mouse pointer and cropping postscript. Doesn’t seem essential unless they are hiding something. But, it worked with no problems on my old MBP.

Mac OS X v10.6.6 Update Combo

Mac OS X v10.6.6 Update

4 Jan – Imagine that…Microsoft starts the New Decade in a panic. Krebs on Security reports Microsoft Warns of Image Problem — a disappointing set of circumstances brought notice to this Graphics Engine bug because a Google spider broadcast it before Microsoft found a solution to this XP, 2003 Server and Vista security hole.

Microsoft’s solution – escalate access rights in such a way that thumbnail pictures are no longer displayed…ever. You can do that either with chaning shimgvw.dll library or buying a Mac.

IT Pro reports: “With Patch Tuesday due next week, Microsoft may fix numerous issues, including a flaw affecting all versions of Internet Explorer. Microsoft investigates Windows zero-day flaw | IT PRO

“Hackers could have take advantage of the security hole through a technique which lets attackers get around two important security defences in Windows 7 and Vista.

“Meanwhile, a Google researcher has warned details on a potentially serious vulnerability affecting the Microsoft browser could be in the hands of Chinese hackers.”

23 Dec – I can’t imagine anyone clever enough to read this is un-clever enough to us Internet Explorer. But, if someone you know is, read them this from H-Security: Microsoft issues warning about critical IE hole – An exploit recently went into circulation for a critical security flaw in Internet Explorer (IE), so you could infect your computer if you visit a specially crafted malicious website. In an advisory, Microsoft warns of the danger, confirming reports claiming that Internet Explorer versions 6 to 8 are vulnerable in all Windows editions.

14 Dec – 40 Security holes patched in 17 updates including STUX and other ‘in the wild’ vulnerabilities. URGENTLY – Get them all now through Windows Update.

Then, rush over to How to opt-out of Microsoft Spynet – Disable Microsoft Spynet | Malware Help. Org – The theory is that Microsoft has shown that they can’t be trusted to safely operate a spynet on your computer, even if it was a good idea…which it ain’t.

10 Dec – Windows Users – Wake up on the 14th to finally getting an update to fix the Stux and other problem areas. Then rejoice.

9 Dec – Mac users still using Microsoft Office – Microsoft Office 2008 for Mac 12.2.8 Update;  something about “potentially be exploited to poison the proxy cache and inject manipulated pages.”

December – 16 vulnerabilities fixed in QuickTime, both for Mac and PC, immediate upgrade advisable, though these are fixed if you are upgraded to 10.6.5. About the security content of QuickTime 7.6.9

Windows download site.

H-Security has an article that shows how Linux root privileges are not secure: OOPS – Root privileges under Linux

New version of OpenSSL fixes two vulnerabilities including Password Authenticated Key Exchange by Juggling” protocol (J-PAKE) allows intruders to authenticate themselves without a secret key.

Are you using WordPress with remote publishing turned on? Now is the time to update.  – WordPress 3.0.3 security update released

Don’t mess with the beta Firefox 4 v7 – Version 8 has removed transparent proxies whichcan potentially be exploited to poison the proxy cache and inject manipulated pages.


22 Nov – Don’t read the Security Notes for IOS 4.2: About the security content of iOS 4.2


Just set aside 75 minutes or so, and do the auto update. Don’t click on anything, especially while it is syncing. Worked for me…even kept my ‘folders’.

Read some of the other articles at DCinemaTools instead. Or, write your own and submit.

19 Nov – Side note; Interesting use of cloud based GPU power to crack passwords. See:

GPUs crack passwords in the cloud. Harbinger Alert. Get a stronger password security plan.

19 Nov – Apple Safari incorporates 27 security Critical Updates in the open source WebKit engine. Don’t delay. Use your auto-update feature in Safari immediately. It will require a reboot of the computer.

16 Nov – Critical vulnerabilities have been identified in Adobe Reader 9.4 (and earlier versions) for Windows, Macintosh and UNIX; so begins the Security Bulletin for Adobe Reader 9.4.1. The current updated Adobe Security Advisory for Flash and Reader reminds us to check that we have Flash Player, which is weird since I have version – Check your version of Flash here, or at the permanent link on the DCinemaTools.com Front Page.

Reader Download Center

Adobe Flash Player Download Center

Krebs In Security makes the following points:

Note that this is not the sandboxed version (Adobe Reader X, or v 10.0) which is expected to be released at the end of this month.

Separately, the company is warning users not to fall for recent phishing and other e-mail scams targeted at Adobe customers looking for the Adobe Acrobat X, a new product being released this week. “Many of these emails require recipients to register and/or provide personal information. Please be aware that these emails have not been sent by Adobe or on Adobe’s behalf,” Adobe said.


11 Nov – 10.6.5 OSX Upgrade with over 50 Security Fixes. Dozens of them appear to be for the Flash Plug-in…


About the security content of Mac OS X v10.6.5 and Security Update 2010-007

I just used the standard Software Upgrade without problems, but it is also possible to download the Combo Update:
Mac OS X v10.6.5 Update (Combo)

November – The new Flash Player should be installed. Who needs 18 security holes (since the last release). Of course, a newly discovered hole in the authplay.dll wasn’t patched, but really, who uses PDFs with multimedia anyway.

Flash Player is available to download for Windows, Linux and Mac OS.

For more see H-Security: Adobe: hole closed, hole open


27 October: URGENT – STOP Using Firefox…Now! Until you read this and install script-blocking add-on like NoScript. Read this piece at Krebs on SecurityNobel Peace Prize Site Serves Firefox 0day. Update…It appears to only attack Windows XP, but that is not for certain.

19 October: Apple Mac Java Update: Amazing 1 week turnaround for an Apple Java Update. Use your standard Apple Update pulldown; many security vulnerability fixes. Very important.

Java for Mac OS X 10.6 Update 3
Java for Mac OS X 10.5 Update 8

20 October; RealPlayer is in the news with a new version that fixes seven critical vulnerabilities that they admit to, and remember, vulnerability means that they could be used to compromise host systems (that’s your computer) remotely if left unpatched.

Firefox fixes and Java passes Adobe in security exploits. (Clue – Exploits mean attacked and found attackable.)

According to Java surpasses Adobe kit as most attacked software • The Register,

Oracle’s Java framework has surpassed Adobe applications as the most attacked software package, according to a Microsoft researcher who warned she was seeing “an unprecedented wave of Java exploitation.”

Hmmm. A Microsoft spokesperson assailing Java and Oracle in one paragraph. This author apologizes for wasting your time. We’ll get less biased sources next time.

Meanwhile, Firefox’s 3.6.11 fixes several flaws that hackers have been using, so if your DCP passwords are coming off a system that is also using Firefox, upgrade now. Performance and stability are also improved. Mozilla Firefox 3.6.11 Release Notes


12 October – Who is comfortable seeing the Oracle name when you see the word Java? Notwithstanding, 30 bug and security fixes –  The official Java Download page. Not for Macs…they usually follow a while after, but the last MacJava update took care of a critical problem a month ago that is only now being fixed for everyone else.


5 October – After a long period (about 6 weeks) without a bug and security fix, Adobe releases new versions of Reader and Acrobat with the nuanced reason of “…a Flash player update as well as numerous bug fixes. Several security fixes are included as described here and here. The operative language is: “Critical vulnerabilities have been identified in Adobe Reader 9.3.4 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.4 (and earlier versions) … could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.4. …”


Since I get 3 or 4 crashes a week with my Flash plug-in for Safari and don’t use Reader at all, this isn’t so critical to me. But I see dcinema players, and computers where people manipulate their keys, with different versions of Reader – none of them are what Adobe calls secure…well, they call them secure when released, but weeks later they change their minds.

9 September–Continued UltraCritical–Can bypass Windows 7 and Vista Protection–Bottom Line…start using PDF/A format in-house–Adobe warns of zero day vulnerability in Reader and Acrobat

Opera DLL vulnerability fix–Read: Opera 10.6 update addresses DLL vulnerability

Adobe warns of zero day vulnerability in Reader and Acrobat – The H Security: News and Features

iOS 4.1 released for iPhone and iPod touch – I’ll let you know if it helps my battery drain, but there are also 24 critical security fixes.













8 September–Mozilla fixes Firefox holes, curtails clickjacking. Go to this link for all details:

Mozilla fixes Firefox holes, curtails clickjacking | Deep Tech – CNET News












7 September–Get on top of Safari Updates…more security…run Software Update now.

26 Aug–DLL scare continues. Many more programs found vulnerable. Double check you firewall. Then read this article in H Security: Scope of DLL security problem widens – Update

25 August–Shocking Shockwave | 18 Critical vulnerabilities

Here is the download link.

24 August–Apple OS again….Security this says.

19 August–Adobe again. Reader. Out of Cycle Security Patch.

13 August–The Adobe Flash update reported yesterday for the Mac version is joined with other versions as a mandatory security update that covers many security problems. H Security reports the details. ITPro also examines some specifics.

In positive news, reports that Macs were vulnerable to the Eleonore online banking trojan have proved to be false.

Apple did patch Quicktime for Windows. Mandatory Security Update…though not for Macs.

12 August–iOS 4.0.2 update for the iPhone (and iPod touch) and iOS 3.2.2 Update for iPad were released today to fix security flaws that allow PDF files to contain “maliciously crafted embedded fonts may allow arbitrary code execution.” Get down. The links above go to the Security Description pages on Apple’s website.

DO THIS UPDATE NOW. Depending on the cycle that you have set, you may not be notified of this update for a week or more. Crafty PDF coding is becoming rampant. Corporate solution: Encode your PDF files with version A, which can’t contain motion pictures and other un-needed things.

Adobe is also in the news with a new Flash for the Mac (This link goes to Adobe’s Tech PR). Your editor became a guinea pig this morning. The old MacBook Pro still works, if that means anything to you.  Download site is here. The version as of this morning was

DO THIS UPDATE NOW (ALSO) – It not only fixes security holes, but speed is improved:

“In internal testing, we’ve seen dramatic performance improvements — up to two-thirds reduction in CPU utilisation for 1080p H.264 video playback”, but it also has Security enhancements. Yes. I know. What a surprise. You did get your Adobe Reader updates…oh, not ready yet? Sorry. Beware. There are problems in the wild.

10 August: Microsoft: 14 bulletins to address 34 vulnerabilities

Adobe: Not posted yet, but upgrades to Reader and Acrobat promised today

5 August–Microsoft will have a fix for a critical zero-day hole in all supported versions of Windows which is already being exploited…supposedly on Monday, 9 August.

See the eSecurity Planet story at: Out-of-band Microsoft Security Patch Coming Monday

29 July – Big App Upgrade Time

Firefox, Safari, Adobe Reader and Flash all have new upgrades that are required for security reasons. Put a couple hours of your weekend aside for back-ups and upgrades!

If you didn’t do Open Office to 3.2.1, better get that too.

25 June – Look for an important set of releases for all platforms which use Adobe Reader. Adobe brings forward security update for Reader

Whether you need or don’t need the functionality, Upgrade to the latest Apple everything; Safari 5, 10.6.4, Quicktime, Java…there are too many major repaired security holes to count and comment upon.

7 June – OpenOffice brings 2 security reports on the new version 3.2 (fixed with 3.2.1), including SSL/TLS and Python problems. Don’t delay.

5 June 2010 – Yet again, Adobe Flash, Reader and Acrobat is in the vulnerability news. H Security reports:

According to a security advisory from Adobe, there is a critical vulnerability in Flash Player (and earlier versions) and in the authplay.dll component that ships with Adobe Reader and Acrobat 9.0; Windows, Mac OS X, Unix and Linux versions are all vulnerable. Attackers can exploit the hole to crash the software or gain control of the system and there are already reports of exploitation in the wild for all three products.

The Flash Player 10.1 release candidate is apparently not vulnerable and Adobe offer the option of installing this as a mitigation step. For Reader and Acrobat 9.x, Adobe recommend deleting, renaming or removing access to theauthplay.dll file to mitigate the threat. On Windows, this file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat. Adobe say that Reader and Acrobat 8.x are not vulnerable.

2 Jun 2010 – Finally, a Mac serious malware problem in the field. It ain’t a virus or a worm (though it can self-update), but it does send data and open a back door. Martin James, at IT Pro Security reports:

Security firm Intego has warned Mac OS X users that downloading free software from several popular download sites may install spyware that opens a back door for hackers to collect personal details.

The spyware, called OSX/OpinionSpy, is a variant of a Windows threat first discovered in 2008. It has been found piggy-backing on nearly 30 screensaver downloads from a company called 7art and a video converter app called MishInc FLV to MP3.

Softpedia, MacUpdate and VersionTracker were all found to be hosting the infected downloads, which have now been withdrawn, Intego said.

Read the entire report. Your family members will be calling you.

Spyware found on popular Mac websites

27 May—IT Pro Reports potential intercept vulnerability in Cisco’s Network Building Mediator products.

Cisco warns that there are numerous vulnerabilities that could lead to malicious parties taking complete control over affected devices. The NBM units are used in professional installations to monitor a building’s operations with IT; the status of doors, energy consuming devices, and overall efficiency.

Importantly, it is tied to the IT network where certain security gaps allow unauthorised users to change a device’s configuration.

“A malicious user must authenticate as an existing user but does not need to have administrator privileges or know administrator credentials to modify device configuration,” the company noted.

Other vulnerabilities mean that interactions between an operator workstation and the Cisco Network Building Mediator could be intercepted by any willing person.

“A malicious user able to intercept the sessions could learn any credentials used during intercepted sessions (for administrators and non-administrators alike) and could subsequently take full control of the device,” Cisco explained.

Other threats include potential password theft and account data loss.

As usual, whether you have the particular devices listed below, it is critical that your DCinema system stays secure, so awareness of all devices in the room is critical.

The weaknesses affect the legacy Richards-Zeta Mediator 2500 product and Cisco Network Building Mediator NBM-2400 and NBM-4800 models as well as Mediator Framework software releases prior to 3.1.1.

Given that the “workarounds” offered by Cisco are somewhat limited, affected firms will want to get hold of the free software updates that the provider has issued to deal with the security holes.

24 May—

IT Pro Security reports that IBM has distributed USB sticks at a conference in Australia this week which were riddled with malware – two separate worms to be exact – and the company was forced to send out emails to the recipients warning them and asking them to return the sticks to IBM’s Australian headquarters as soon as possible.

So, raise your hands if you ever used a give-away USB stick on your computer.

Again, the message; Constant Alertness. One clever trojan that can send log files outbound, or a pdf with a worm that can spread though a network and attach itself to media files, and the game gets too interesting.

14 April—Microsoft, Adobe and Oracle have all issued important security updates as part of this month’s Patch Tuesday. ITPro for Business

Microsoft has issued 11 patches to fix 25 flaws across Windows, Office and Exchange as part of its monthly update cycle.

Of the 11 patches, five were rated critical, five were important, and the last was moderate.

Microsoft highlighted three – MS10-019, MS10-026, and MS10-027 – as being priorities for administrators. The first affects all versions of Windows and allows for code to be executed, while the latter pair could be triggered just by visiting a malicious web page.

Microsoft’s security communications manager Jerry Bryant also warned that one of the patches is a Windows Kernel update, and therefore includes a system to check for rootkits, after the last kernel update uncovered a few infections.

8 April 2010—PDF virus spreads without exploiting any flaw

A security researcher has demonstrated a proof-of-concept attack that could allow malicious PDF files to spread to other PDF files on a system without exploiting a specific vulnerability.


Jeremy Conway, a product manager at NitroSecurity, built on the work done by fellow security specialist Didier Stevens to come up with an attack that could spread malicious code into clean PDFs as part of an incremental update.

Last week, Stevens showed how a program launch action triggered by the opening of a PDF could be exploited to execute code embedded in the PDF. Stevens also demonstrated that the pop-up dialogue box normally accompanying such a launch action could be partially manipulated to give users a false sense of security.

However, Conway – who says he was inspired by Stevens’ work – said the vulnerability could be used to infect other PDF files with the same problem.

17 Fevrier–Acrobat and Reader users are strongly encouraged to install an update that fixes ‘critical security holes’. ScanSafe reports that 80% of web-based exploits attacked Adobe Reader vulnerabilities.


Updates links for WindowsMac and Linux 9.3.1 version of Reader.

Firefox has also released their 3.6 version – much enhance security and speed.

Krebs on Security also reports:

If you decide to do without Adobe Reader and uninstall it, you might want to nix the Adobe Download Manager as well. Researcher Aviv Raff points to some nifty work he’s done which shows that Adobe’s Download Manager — which ships with all new versions of Flash and Reader — can be forced to reinstall an application that’s been removed, such as Reader.

According to Raff, a Web site could hijack the Adobe Download manager to download and install any of the following:

Adobe Flash 10

  • Adobe Reader 9.3
  • Adobe Reader 8.2
  • Adobe Air 1.5.3
  • ARH tool – allows silent installation of Adobe Air applications
  • Google Toolbar 6.3
  • McAfee Security Scan Plus
  • New York Times Reader (via Adobe Air)
  • Fanbase (via Adobe Air)
  • Acrobat.com desktop shortcut

Raff writes: “So, even if you use an alternative PDF reader, an attacker can force you to download and install Adobe Reader, and then exploit the (yet to be patched, but now known) vulnerability. The attacker can also exploit 0-day vulnerabilities in any of the other products mentioned above.” Read more on his findings atthis link here.

Acrobat update Links



10 February

Along with 13 update bundles and a critical rating for this months exploit vulnerability patches, Microsoft is stealing the Nike slogan, saying “Just freakin’ do it” – change your operating system, change anything that came with it (Paint, anyone?), especially that Internet Explorer dated from 6 years ago…and XP too while you are at it.

And, if you get a Bluescreen after updating, check this post at Krebs On Security



February 4–The iPhone gets an update…just plug it into iTunes and get OS 3.1.3 – and Apple gets FUD from InformationWeek.




20 Jan, 2010–In a wave of ‘finally’, Apple and Shockwave get much needed security upgrades. For Apple, use the update utility, or go to Apple-Support-Downloads; they have also finally caught up with the Windows 7 upgrade for Bootcamp.

Shockwave is a bit heavier, and applies to both PCs and Macs. It requires a manual uninstall, a reboot, an install, and another reboot. But, it is supposed to fill the glaring hole that has been present (and exploited) security risk: The patches fix multiple integer overflow and buffer overflow flaws that can be exploited to execute malicious code on computers that use the software.

Get your Shockwave here.


This is the Friday, 15 Jan Report

Finally—Adobe Reader is safe. Well, at least it no longer has the hole that was allowing people in for the last few months. Update Now. Read no more. This is all for now. Even Firefox is playing nice.

December Firefox 3.5.6 handles 3 critial security issues – great strides from the two previous releases. There were 62 bug fixes. Seems like a lot of work for handling a version that will be superceded in the next few months, but 3.6 is still in alpha. (We have been informed that 3.0 is losing support as of Jan 2010.)

Meanwhile, Adobe can only be described as refusing to fix the zero-day trojan that has active exploits, until January 12. This strikes Windows systems at the current software rev, 9.2 and below…since anything below passed other problems like a sieve, this is not a good solution.

Hire someone to check your virus protection on a regular basis if you are using Windows.

See articles at CNET Security; Firefox 3.5.6 patches and Adobe to patch zero-day Reader, Acrobat hole [BFD-Editor] – Note the part where Adobe says that they’d rather not spend the extra time and money over the holidays to fix this hole.

This weekend is a great one for setting aside whatever time it takes to back up everything and then replace each program that you use with the latest version.

Looking at the security notes for this weeks releases of Safari, and Firefox, Adobe Shockwave and the recent Reader upgrades are downright scary. The Operating Systems changes were also important.

Cute little terms like ‘unexpected application termination or arbitrary code execution” and “maliciously crafted website may lead to the disclosure of local information.” A less subtle writer might put exclamation points after a big “WTF?’

Don’t waste time reading any more of this note than you must.

1) Buy whatever backup disk you need

2) Back up Now!

3) Open every program that you use. Check for an update.

4) Then, when your updates are finished…Back up again.

That is all. Go. Now. Please. I don’t want to read your complaints about arbitrary code disclosing your local information.

How To Break Into Security-Part One

Kreb's How To Break Into SecurityKrebs on Security has started a series named How To Break Into Security.

I decided to ask some of the brightest minds in the security industry today what advice they’d give. Almost everyone I asked said they, too, frequently get asked the very same question, but each had surprisingly different takes on the subject.


How to Break Into Security, Ptacek Edition — Krebs on Security

Now might be a good time to give the job of reading these to your apprentice.


How To Break Into Security-Part One

Kreb's How To Break Into SecurityKrebs on Security has started a series named How To Break Into Security.

I decided to ask some of the brightest minds in the security industry today what advice they’d give. Almost everyone I asked said they, too, frequently get asked the very same question, but each had surprisingly different takes on the subject.


How to Break Into Security, Ptacek Edition — Krebs on Security

Now might be a good time to give the job of reading these to your apprentice.


Security Toys…Uhm, I mean, Quality Control for Networks

Quality Control for a projector is lamps and lenses and knowing how to keep the management system working.

Quality Control for a network is knowing how people will break into it, and knowing where it will break. So in that regard we need to know things in the same manner as a plumber knows what goes on in the pipes.

Wireshark does some of that. Being able to break into the system does some of that. Because if you can, someone who smells a perfect digital print worth millions certainly will be able to.

Good luck.

Introduction To Wireshark

Register for a complimentary Network Monitoring and Troubleshooting For Dummies

Network Monitoring and Troubleshooting For Dummies

Security Toys…Uhm, I mean, Quality Control for Networks

Quality Control for a projector is lamps and lenses and knowing how to keep the management system working.

Quality Control for a network is knowing how people will break into it, and knowing where it will break. So in that regard we need to know things in the same manner as a plumber knows what goes on in the pipes.

Wireshark does some of that. Being able to break into the system does some of that. Because if you can, someone who smells a perfect digital print worth millions certainly will be able to.

Good luck.

Introduction To Wireshark

Register for a complimentary Network Monitoring and Troubleshooting For Dummies

Network Monitoring and Troubleshooting For Dummies

SSL Breaches & Duqu; What is DCinema Interesting

This is not something to panic about. This is just a topic to learn about. We typically attach our common work machines to the same network as the machines that control projectors and ticket systems. The lesson of StuxNet is that a breach of one is a breach of all. The lesson of the US Department of Defense is that employees must learn the basics of how systems can be infected and how to stop those infections. A simple USB stick allowed an infection that later allowed people to download secure documents from other countries through the US defence department systems.

Now Duqu, which appears to be targetting machine control systems in much more clever ways than Stuxnet and capable of many future variations. Let’s not forget that Digital Cinema Systems are machine control systems. The nature of the infection is to wildly scatter then wait for the new slaves to start chattering back where someone then checks to see what kind of fish has been caught. Then they put a list up on the ‘black hat’ web sites announcing Systems With Access Holes and trade your life for a few hundred dollars.


Here are some of the more recent articles. Make certain that there is someone in your organization who learns to stay on top of these things. Don’t pass it off to an outside group without also having employee training. This is a quality control issue. Put someone in charge.

Good News:

DuquDetector released to forensically detect pest – The H Security: News and Features

Not so good News

How much similar? Remotely Opening Prison Doors Schneier on Security

Cyber Intrusion Blamed for Hardware Failure at Water Utility — Krebs on Security

Stolen government certificate signed malware – The H Security: News and Features

Compromised certificates: Revocations alone are insufficient – The H Security: News and Features

Malware Signed With a Governmental Signing Key – F-Secure Weblog : News from the Lab

Old but relevent news:

Autopsy of RSA Attack

More Military Systems Hacked

Who Else Was Hit by the RSA Attackers?

DCinema Exhibitors and Distributors: Read the above paragraph again. Combine it with the news of a new Stuxnet type of malware bot being uncovered just last week that targets machine control systems. Then, rethink your security. Does your current system match what you would like to have?

Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to talk publicly about which other companies may have been hit.  Today’s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.
Since the RSA incident was disclosed, lawmakers in the U.S. Congress have taken a renewed interest in so-called “advanced persistent threat” or APT attacks. Some of the industry’s top security experts have been summoned to Capitol Hill to brief lawmakers and staff about the extent of the damage. The information below was shared with congressional staff.

Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA. The first victims appear to have begun communicating with the attacker’s control networks as early as November 2010.

A few caveats are in order here. First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations (there are several antivirus firms mentioned  below) may be represented because they  intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.

Among the more interesting names on the list are Abbott Labs, the Alabama Supercomputer Network, Charles Schwabb & Co., Cisco Systems, eBay, the European Space Agency, Facebook, Freddie Mac, Google, the General Services Administration, the Inter-American Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), the Massachusetts Institute of Technology, Motorola Inc., Northrop Grumman, Novell, Perot Systems, PriceWaterhouseCoopers LLP, Research in Motion (RIM) Ltd., Seagate Technology, Thomson Financial, Unisys Corp., USAA, Verisign, VMWare, Wachovia Corp., and Wells Fargo & Co.
At the end of the victim list is a pie chart that shows the geographic distribution of the command and control networks used to coordinate the attacks. The chart indicates that the overwhelming majority of the C&Cs are located in or around Beijing, China.
8e6 Technologies, Inc.
ABBOTT Abbot Labs
ABOVENET-CUSTOMER – Abovenet Communications, Inc
ACCNETWORKS – Advanced Computer Connections
ACEDATACENTERS-AS-1 – Ace Data Centers, Inc.
ACS-INTERNET – Affiliated Computer Services
ACS-INTERNET – Armstrong Cable Services
ADELPHIA-AS – Road Runner HoldCo LLC
Administracion Nacional de Telecomunicaciones
AERO-NET – The Aerospace Corporation
AIRLOGIC – Digital Magicians, Inc.
AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services
AIS-WEST – American Internet Services, LLC.
ALCANET Corporate ALCANET Access
ALCANET-DE-AS Alcanet International Deutschland GmbH
ALCATEL-NA – Alcanet International NA
ALCHEMYNET – Alchemy Communications, Inc.
Alestra, S. de R.L. de C.V.
ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd.,Alliance Gateway AS,Broadband Services Provider,Kolkata,India
ALMAZAYA Almazaya gateway L.L.C
AMAZON-AES – Amazon.com, Inc.
AMERITECH-AS – AT&T Services, Inc.
AMNET-AU-AP Amnet IT Services Pty Ltd
ANITEX-AS Anitex Autonomus System
AOL-ATDN – AOL Transit Data Network
API-DIGITAL – API Digital Communications Group, LLC
APOLLO-GROUP-INC – University of Phoenix
ARLINGTONVA – Arlington County Government
ARMENTEL Armenia Telephone Company
AS3215 France Telecom – Orange
AS3602-RTI – Rogers Cable Communications Inc.
AS4196 – Wells Fargo & Company
AS702 Verizon Business EMEA – Commercial IP service provider in Europe
ASATTCA AT&T Global Network Services – AP
ASC-NET – Alabama Supercomputer Network
ASGARR GARR Italian academic and research network
ASIANDEVBANK – Asian Development Bank
ASN852 – Telus Advanced Communications
AS-NLAYER – nLayer Communications, Inc.
ASTOUND-CABLE – Wave Broadband, LLC
AT&T Global Network Services – EMEA
ATMAN ATMAN Autonomous System
ATOS-AS ATOS Origin Infogerance Autonomous System
ATT-INTERNET4 – AT&T Services, Inc.
AUGERE-AS-AP Augere Wireless Broadband Bangladesh Limited
AVENUE-AS Physical person-businessman Kuprienko Victor Victorovich
BACOM – Bell Canada
BANGLALINK-AS an Orascom Telecom Company, providing GSM service in Bangladesh
BANGLALION-WIMAX-BD Silver Tower (16 & 18th Floor)
BASEFARM-ASN Basefarm AS. Oslo – Norway
BBN Bredbaand Nord I/S
BEAMTELE-AS-AP Beam Telecom Pvt Ltd
BEE-AS JSC _VimpelCom_
BELINFONET Belinfonet Autonomus System, Minsk, Belarus
BELLSOUTH-NET-BLK – BellSouth.net Inc.
BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue)
BENCHMARK-ELECTRONICS – Benchmark Electronics Inc.
BEND-BROADBAND – Bend Cable Communications, LLC
BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
BIGNET-AS-ID Elka Prakarsa Utama, PT
BLUEWIN-AS Swisscom (Schweiz) AG
BM-AS-ID PT. Broadband Multimedia, Tbk
BN-AS Business network j.v.
BNSF-AS – Burlington Northern Sante Fe Railway Corp
BNT-NETWORK-ACCESS – Biz Net Technologies
BORNET Boras Energi Nat AB
BSC-CORP – Boston Scientific Corporation
BSNL-NIB National Internet Backbone
BT BT European Backbone
BT-ITALIA BT Italia S.p.A.
BTN-ASN – Beyond The Network America, Inc.
BTTB-AS-AP Telecom Operator & Internet Service Provider as well
BT-UK-AS BTnet UK Regional network
CABLECOM Cablecom GmbH
CABLE-NET-1 – Cablevision Systems Corp.
CACHEFLOW-AS – Bluecoat Systems, Inc.
CANET-ASN-4 – Bell Aliant Regional Communications, Inc.
CANTV Servicios, Venezuela
CARAVAN CJSC Caravan-Telecom
CARRIER-NET – Carrier Net
CCCH-3 – Comcast Cable Communications Holdings, Inc
CDAGOVN – Government Telecommunications and Informatics Services
CDS-AS Cifrovye Dispetcherskie Sistemy
CDT-AS CD-Telematika a.s.
CE-BGPAC – Covenant Eyes, Inc.
CELLCO-PART – Cellco Partnership DBA Verizon Wireless
CENSUSBUREAU – U. S. Bureau of the Census
CERNET-ASN-BLOCK – California Education and Research Federation Network
CERT – Computer Emergency Response Team (CERT) – Coordination Center
CHARLES-SCHWAB – Charles Schwab & Co., Inc.
CHARTER-NET-HKY-NC – Charter Communications
CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
CHINA169-GZ China Unicom IP network China169 Guangdong province
CHINANET-BACKBONE No.31,Jin-rong Street
CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation
CHINANET-SH-AP China Telecom (Group)
CIPHERKEY – Cipherkey Exchange Corp.
CISCO-EU-109 Cisco Systems Global ASN – ARIN Assigned
CITEC-AU-AP QLD Government Business (IT)
CLIX-NZ TelstraClear Ltd
CMCS – Comcast Cable Communications, Inc.
CMNET-BEIJING-AP China Mobile Communicaitons Corporation
CMNET-GD Guangdong Mobile Communication Co.Ltd.
CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited
CNCGROUP-GZ CNCGROUP IP network of GuangZhou region MAN network
CNCGROUP-SH China Unicom Shanghai network
CNIX-AP China Networks Inter-Exchange
CNNIC-DSNET-AP Shanghai Data Solution Co., Ltd.
CNNIC-WASU-AP WASU TV & Communication Holding Co.,Ltd.
CO-2COM-AS 2COM Co ltd.
COGECOWAVE – Cogeco Cable
COLO4 – Colo4Dallas LP
COLT COLT Technology Services Group Limited
COLUMBUS-NETWORKS – Columbus Networks USA, Inc.
COMCAST-33490 – Comcast Cable Communications, Inc.
COMCAST-33491 – Comcast Cable Communications, Inc.
COMCAST-36732 – Comcast Cable Communications, Inc.
COMCAST-7015 – Comcast Cable Communications Holdings, Inc
COMCAST-7725 – Comcast Cable Communications Holdings, Inc
COMCAST-HOUSTON – Comcast – Houston
COMNET-TH KSC Commercial Internet Co. Ltd.
Completel Autonomous System in France
COMSTAR COMSTAR-Direct global network
CORBINA-AS Corbina Telecom
COVAD – Covad Communications Co.
CPMBLUE-AS-BD CPM BLUE ONLINE LTD.Transit AS Internet Service Provider, Dhaka
CSC Computer Management and CSC Denmark
CSC-IGN-AUNZ-AP Computer Sciences Corporation
CSC-IGN-EMEA – Computer Sciences Corporation
CSC-IGN-FTW – Computer Sciences Corporation
CSUNET-NW – California State University Network
CSXT-AS-1 – CSX Technology
CTIHK-AS-AP City Telecom (H.K.) Ltd.
CTS-MD I.S. Centrul de Telecomunicatii Speciale
CXA-ALL-CCI-22773-RDC – Cox Communications Inc.
CYBERVERSE – Cyberverse, Inc.
CYPRESS-SEMICONDUCTOR – Cypress Semiconductor
CYTA-NETWORK Cyprus Telecommunications Authority
DARLICS-AS Darlics ltd. provides IP transport and Internet
DATAGRUPA SIA _Datagrupa.lv_ Marijas 7 – 412a Riga, LV-1050, LATVIA
DCI-AS DCI Autonomous System
DECHO – Decho Corporation
DHL-AS DHL Systems Inc.
DIGCOMM Digital communications, LTD
DIGITAL-TELEPORT – Digital Teleport Inc.
DINAS-AS PE Kuznetsova Viktoria Viktorovna
DINET-AS Digital Network JSC
Diveo do Brasil Telecomunicacoes Ltda
DK-ESS-AS Syd Energi Bredbaand A/S
DMSLABNET – DoD Network Information Center
DNC-AS IM Data Network Communication SRL
DNEO-OSP7 – Comcast Cable Communications, Inc.
DNIC-ASBLK-00721-00726 – DoD Network Information Center
DNIC-ASBLK-27032-27159 – DoD Network Information Center
DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri
DOMAINFACTORY domainfactory GmbH
DREAMHOST-AS – New Dream Network, LLC
DRWEB-AS Doctor Web Ltd
DSE-VIC-GOV-AS Department of Sustainability & Environment,
DSIJSC-AS DSI Autonomous system
DTAG Deutsche Telekom AG
DWL-AS-IN Dishnet Wireless Limited. Broadband Wireless
DYNDNS – Dynamic Network Services, Inc.
EASYDNS EasyDNS Technologies, Inc.
EASYNET Easynet Global Services
EBAY – eBay, Inc
EDGECAST – EdgeCast Networks, Inc.
ELISA-AS Elisa Oyj
EMBARQ-WNPK – Embarq Corporation
EMC-AS12257 – EMC Corporation
EMOBILE eMobile Ltd.
EPM Telecomunicaciones S.A. E.S.P.
EQUANT-ASIA Equant AS for Asian Region covering Japan
ERICSSON-APAC-MY-AS Ericsson Global Services. BUGS N&V APAC
ESRI – Environmental Systems Research Institute
ETPI-IDS-AS-AP Eastern Telecoms Phils., Inc.
ETSI Autonomous System
EURONET Online Breedband B.V. Global AS
European Space Agency
EUSKALTEL Euskaltel S.A.
EXCELL-AS Excellmedia
EXIM – Export Import Bank of the U.S
FACEBOOK – Facebook, Inc.
FANNIEMAE – Fannie Mae
FASTMETRICS – Fastmetrics, LLC
FAST-TELCO Fast Telecommunications Company W.L.L.
FDA – Parklawn Computer Center / DIMES HQ
FIBREONE-AS fibre one networks GmbH, Duesseldorf
FITC-AS – FITC – FedEx International Transmission Corporation
FMAC-I-BILLING – Freddie Mac
FMI-NET-AS – Freeport-McMoran Inc.
FORATEC-AS Foratec Communication AS at Sverdlovsk, Tyumen, Perm regions
FPT-AS-AP The Corporation for Financing & Promoting Technology
FRONTIER-AND-CITIZENS – Frontier Communications of America, Inc.
FRONTIER-FRTR – Frontier Communications of America, Inc.
FR-RENATER Reseau National de telecommunications pour la Technologie
FX-PRIMARY-AS FX Networks Limited
GBLX Global Crossing Ltd.
GIGAINFRA Softbank BB Corp.
GLOBAL-SPLK – Sprint International
GOLDENLINES-ASN 012 Smile Communications Main Autonomous System
GOOGLE – Google Inc.
GSA-GOV – General Services Administration
GT-BELL – Bell Canada
Gtd Internet S.A.
GYRON ====
H3G-AS H3G S.p.A.
H3GUKNIE Hutchison 3G UK and Ireland Core AS
HANARO-AS Hanaro Telecom Inc.
HATHWAY-NET-AP Hathway IP Over Cable Internet
HETZNER-AS Hetzner Online AG RZ
HINET Data Communication Business Group
HNS-DIRECPC – Hughes Network Systems
HOPONE-GLOBAL – HopOne Internet Corporation
HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
HP-INTERNET-AS Hewlett-Packard Company
HTCL-IAS-HK-AP Hutchison Telephone Company Limited
HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd
HURRICANE – Hurricane Electric, Inc.
HUTCHISON-AS-AP Hutchison Global Communications
HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services,
IADB-NETWORKS – The Inter-American Development Bank
IBM E-business Hosting Delivery
IBMDES-AS – IBM Dallas Engineering & Scientific
IBSNAZ Telecom Italia S.p.a.
ICONNECT-BD Planners Tower
IDK-NETWORK CJSC Interdnestrcom AS
IEUNET BT Ireland Backbone
IFX-NW – IFX Communication Ventures, Inc.
IHNET – IHNetworks, LLC
IINET iiNet Limited
IJ-NET – Internet Junction Corp.
IN2CABLE-AP AS Number of In2cable.com (India) Ltd.
INET-AS-ID PT. Inet Global Indo
INFINEON-SG 8 Kallang Sector
INFLOW19294 – Inflow Inc.
INFOSPHERE NTT PC Communications, Inc.
INFOSTRADA Infostrada S.p.A.
INIT7 Init7 Global Backbone
INS-AS – AT&T Data Communications Services
Instituto Costarricense de Electricidad y Telecom.
Instituto Tecnol??gico y de Estudios Superiores de Monterrey
INTEGRATELECOM – Integra Telecom, Inc.
INTELSAT Intelsat Global BGP Routing Policy
INTEL-SC-AS – Intel Corporation
INTERNAP-2BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK3 – Internap Network Services Corporation
INTERNAP-BLOCK-4 – Internap Network Services Corporation
INTERNET-PATH – Internet Path, Inc.
INTERNET-PRO-AS Internet-Pro Ltd
INTEROUTE Interoute Communications Ltd
INTERPHONE-AS Interphone Ltd.
IPASAULE-AS _Interneta Pasaule_ SIA
IPG-AS-AP Philippine Long Distance Telephone Company
IPO-EU IP-Only Telecommunication Networks AB
IQUEST-AS – IQuest Internet
IRONPORT-SYSTEMS-INC – Cisco Systems Ironport Division
IRS – Internal Revenue Service
ISC-AS1280 Internet Systems Consortium, Inc.
ISKON ISKON INTERNET d.d. za informatiku i telekomunikacije
ISP-KIM-NET Kalush Information Network LTD
ISW – Internet Specialties West Inc.
ITSCOM its communications Inc.
JAWWAL Jawwal will be multihoming with us AS15975 and AS12975
JAZZNET Jazz Telecom S.A.
Jordan Data Communications Company LLC
JUNIPER-NETWORKS – Juniper Networks, Inc.
KABELBW-ASN Kabel Baden-Wuerttemberg GmbH & Co. KG
KAISER-NCAL – Kaiser Foundation Health Plan
KAMOPOWER – KAMO Electric Cooperative, Inc.
KHERSON-TS Kherson Telecommunication Systems Ltd.
KIXS-AS-KR Korea Telecom
K-OPTICOM K-Opticom Corporation
LANTELECOM-AS Lan-Telecom AS Number
LATISYS-ASHBURN – Latisys-Ashburn, LLC
LEVEL3 Level 3 Communications
LGCNS-AS – LG CNS America Inc.
LINKLINE – LinkLINE Communications, Inc.
LUCENT-CIO – Lucent Technologies Inc.
LVLT594-598 – Level 3 Communications, Inc.
LYSE-AS Altibox AS
MAGNUS-AS TOV _Magnus Limited_
MANGOTELESERVICE-AS-BD Only private Owned IIG in Bangladesh
MAP Moscow Network Access Point
MASERGY-US Masergy US Autonomous System
MASSCOM – Massillon Cable Communications
MAXIS-AS1-AP Binariang Berhad
MBL-AS-AP Micronet Broadband (Pvt) Ltd.
MCAFEE – McAfee, Inc.
MCAFEE-COM – McAfee, Inc.
MCC OJSC _Moscow Cellular Communications_,
MCT-SYDNEY Macquarie Telecom
Mega Cable, S.A. de C.V.
MEGAPATH2-US – MegaPath Networks Inc.
MF-KAVKAZ-AS Caucasus Branch of OJSC MegaFon AS
MF-NWGSM-AS North-West Branch of OJSC MegaFon Network
MFNX MFN – Metromedia Fiber Network
MICRON21-AS-AU-AP Micron21 Melbourne Australia Datacentre. Co-Location Dedicated Servers Web Hosting
MICROSOFT-CORP-AS – Microsoft Corp
MISD-NET – Macomb Intermediate School District
MIT-GATEWAYS – Massachusetts Institute of Technology
MOLDCELL_AS Moldcell SA Autonomous System
MOLDDATA-AS Administrator of the top level domain .MD,
MOLDTELECOM-AS Moldtelecom Autonomous System
MORENET – University of Missouri – dba the Missouri Research and Education Network (MOREnet)
MOTOROLA – Motorola, Inc.
MOTOROLA-PHX – Motorola, Inc.
MPX-AS Microplex PTY LTD
MTNL-AP Mahanagar Telephone Nigam Ltd.
MTS-INDIA-IN 334,Udyog Vihar
MTSNET OJSC _Mobile TeleSystems_ Autonomous System
N9E7X5E3N1I2N4C – Nexen Inc.
NAWALA-AS-ID Asosiasi Warung Internet Indonesia (AWARI)
NAWRAS-AS Omani Qatari Telecommunications Company SAOC
NBLNETWORKS-AS Nebula Oy Autonomous System
NCNET-AS National Cable Networks
NEOLINK CJSC _ER-Telecom Holding_ Izhevsk branch
NET-ACCESS-CORP – Net Access Corporation
NET-AIG – American International Group (AIG) Data Center, Inc.
NETCOM-AS NetCom as Autonomous system
NETELLIGENT – Netelligent Hosting Services Inc.
NEWCOM-AS NEWCOM mirror object from ARIN
NEWCOM-ASN New Com Telecomunicatii SA
NEWEDGENETS – New Edge Networks
NEWTT-IP-AP Wharf T&T Ltd.
NEXTTELL-VRN-AS LLC NextTell-Voronezh AS Number
NG-AS NextGen Communications SRL
NIANET-AS nianet is a Danish carrier and Internet Service Provider
NOC – Network Operations Center Inc.
NOKIA Nokia Internet
NOKIA-AS NOKIANET APAC Data Centre network
Nominum Global NameServer network
NORDLINKS-AS S.C. _NordLinks_ S.R.L.
NORTHROP-GRUMMAN – Northrop Grumman
NOVELL – Novell, Inc.
NTL Virgin Media Limited
NTT do Brasil Telecomunicaoes Ltda
NUMERICABLE NUMERICABLE is a cable network operator in France, offering TV,VOICE and Internet services
NUVOX – NuVox Communications, Inc.
NV-ASN 013 NetVision Ltd.
OCN NTT Communications Corporation
OFIDEN – OppenheimerFunds, Inc.
OMD-FNO Orange Moldova Fix Network Autonomous System
ORANGE-BUSINESS-SERVICES-UK Orange Business Services (formerly Equant) AS for UK
OSIS-PACOM – Joint Intelligence Center Pacific
P4NET P4 Sp. z o.o.
PACIFIC-INTERNET-INDIA-ASN Pacific Internet India Pvt. Ltd.
PACIFIC-INTERNET-IX Pacific Internet Ltd
PACNET Pacnet Global Ltd
PAH-INC – GoDaddy.com, Inc.
PAIR-NETWORKS – pair Networks
PALTEL-AS PALTEL Autonomous System
PARTNER-AS Partner Communications Ltd.
PBTL-BD-AS-AP Pacific Bangladesh Telecom Limited.
PEER1 – Peer 1 Network Inc.
Pegaso PCS, S.A. de C.V.
PERSNET Korea Telecom Freetel
PI-AU Pacific Internet (Australia) Pty Ltd
PI-HK Pacnet Internet (Hong Kong) Limited
PIXNET-AS – Providers Internet Exchange
PKTELECOM-AS-PK Pakistan Telecom Company Limited
PLUSSERVER-AS PlusServer AG, Germany
POLYCOM – Polycom, Inc.
Prima S.A.
PRIMORYE-AS Open Joint Stock Company _Far East Telecommunications Company_
PRINCETON-AS – Princeton University
PS-NETPLEX-AS – Perot Systems
PT KPN Internet Solutions
PTK-CENTERTEL-DSL-AS PTK Centertel Sp. z o.o.
PTLP-CORE – People_s Tel Limited Partnership
PTPRIMENET PT PRIME – Solucoes Empresariais de Telecomunicacoes e Sistemas S.A.
PUSAN-AS-KR Pusan National University
PWC-AS – PriceWaterhouseCoopers, LLP
Q9-AS – Q9 Networks Inc.
Q9-AS-BRAM – Q9 Networks Inc.
QUALCOMM – Qualcomm, Inc.
QUALCOMM-BLR-AS-AP Qualcomm Inc. Bangalore AS, Developer of CDMA Technology India
QWEST – Qwest Communications Company, LLC
RACKSPACE – Rackspace Hosting
RCN-AS – RCN Corporation
Rede Nacional de Ensino e Pesquisa
RELIANCEGLOBALCOM – Reliance Globalcom Services, Inc
RENAM RENAM Association
RIML-CORP-AS-3 – Research In Motion Limited
RIPE-NCC-AS RIPE Network Coordination Centre
RISC-SYSTEM – Rockwell Scientific Company
RMH-14 – Rackspace Hosting
RMIFL RM Education PLC – Internet for Learning
ROGERS-CABLE – Rogers Cable Communications Inc.
ROSTOV-TELEGRAF-AS Rostovelectrosviaz_ of Public Joint Stock Company
RU-SURNET Uralsvyazinform, Chelyabinsk branch
RWT – RagingWire Telecommunications
SAFELINES The network of ISP Safelines,includes POPs in various cities
SAITIS-NETWORK Saitis Network, N.Desir
SAN-JUAN-CABLE – San Juan Cable, LLC
SASUSA SunGard Availability Services USA
SAVVIS – Savvis
SBIS-AS – AT&T Internet Services
SCARTEL-AS Scartel Ltd.
SCRR-10796 – Road Runner HoldCo LLC
SCRR-11426 – Road Runner HoldCo LLC
SCRR-12271 – Road Runner HoldCo LLC
SCV-AS-AP SCV Broadband Access Provider
SDL-20-AS – Smithville Digital, LLC
SEAGATE-USA-MN-1 – Seagate Technology
SEEDNET Digital United Inc.
SELECTNET-AS – SelectNet Internet Services
SERBIA-BROADBAND-AS Serbia BroadBand-Srpske Kablovske mreze d.o.o.
SERVICENET-AP Internet service provision to Western
SGNET-AS-AP Singapore Government Network AS
SHAW – Shaw Communications Inc.
SIBNETWORKS-AS Siberian Networks
SIFY-AS-IN Sify Limited
SIKA-AS Sika Informationssysteme AG
SKYVISION SkyVision Network Services
SLTINT-AS-AP Sri Lanka Telecom Internet
SOFTLAYER – SoftLayer Technologies Inc.
SOFTNET-AS-AP Software Technology Parks of India – Bangalore
SOLNET BSE Software GmbH
SONICDUO-AS AS for MegaFon-Moscow
SONOMA – Sonoma Interconnect
SONY-APAC-AP Sony – ASN for Asia Pacific
SOVAM-AS OJSC _Vimpelcom_
SPBMTS-AS Mobile TeleSystems, OJSC, MR North-West
SPCS – Sprint Personal Communications Systems
SPEAKEASY – Speakeasy, Inc.
Sprint US
SS-NOC-AS – Straitshot Communications, Inc.
STARHUBINTERNET-AS StarHub Internet Exchange
STARNET-AS StarNet Moldova
STATEL-AS Stavropol branch of Southern Telecommunications Company
STEADFAST – Steadfast Networks
STOMI – State of Michigan, DMB-CNOC
SUDDENLINK-COMMUNICATIONS – Suddenlink Communications
SUMTEL-AS-RIPE Summa Telecom
SUNCOMMUNICATIONS-AS JV _Sun Communications_ Autonomous System
SUNRISE Sunrise Communications AG
SUPERNET-PAKISTAN-AS-AP Supernet Limited Transit Autonomous System Number
SURFCONTROL-US-ASN Websense Hosted Security Network
SURFNET-NL SURFnet, The Netherlands
SWEETNET-AS Private entrepreneur Bliznichenko Vitalij Volodumirovich
SWISSCOM Swisscom (Switzerland) Ltd
SWITCH SWITCH, Swiss Education and Research Network
TATACOMM-AS TATA Communications formerly VSNL is Leading ISP
TATTELECOM-AS Tattelecom.ru/Tattelecom Autonomous System
TC Radio Systems Autonomous System
TCH – TCH Network Services
TDC TDC Data Networks
TDDE-ASN1 Telefonica o2 Germany Autonomous System
TDN Tikona Digital Networks Pvt Ltd.
TEAM-CYMRU – Team Cymru Inc.
TELCOM-UA-AS _Telecomunikatsiina Companiya_ Ltd
Telecom Argentina S.A.
TELECOMMD-AS ICS Networks Solutions SRL
Telecomunicacoes da Bahia S.A.
Telefonica de Argentina
Telefonica Empresas SA
TELEFONICA-DATA-ESPANA Internet Access Network of TDE
TELENERGO EXATEL S.A. Autonomous System
TELENET-AS Autonomous System of Teleset-Servis Ltd.
TELESC – Telecomunicacoes de Santa Catarina SA
TELESWEET-AS Telesweet ISP Autonomous System
TELETECH – TeleTech Holdings, Inc
Television Internacional, S.A. de C.V.
TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
TELLCOM-AS Tellcom Iletisim Hizmetleri
Telmex Chile Internet S.A.
Telmex Colombia S.A.
TELSTRA Telstra Pty Ltd
TEOLTAB TEO LT AB Autonomous System
TFN-TW Taiwan Fixed Network, Telco and Network Service Provider.
THEPLANET-AS – ThePlanet.com Internet Services, Inc.
T-HT T-Com Croatia Internet network
TKPSA-AS TKP S.A. is 3S.pl network operator.
TMIB-BD-AS-AP TM International Bangladesh Ltd. ISP, Gulshan-1,Dhaka-1212
TMN-AS TMN Autonomous System
TMNET-AS-AP TM Net, Internet Service Provider
TM-NETSYS-ASH – TicketMaster
TOMLINE Tomsk telecommunication company Ltd
TOTNET-TH-AS-AP TOT Public Company Limited
TPNET Telekomunikacja Polska S.A.
TRAVELERS – Travelers Property Casualty Corp.
TRENDMICRO Global IDC and Backbone of Trend Micro Inc.
TRENDMICRO Trend Micro Inc.
TRUENORTHCOMM – True North Communications
TSF-IP-CORE TeliaSonera Finland IP Network
TSU-SM – Texas State University – San Marcos
TTNET Turk Telekomunikasyon Anonim Sirketi
TTSL-MEISISP Tata Teleservices ISP AS
TULIP Tulip Telecom Ltd.
TVCABO-AS TVCABO Autonomous System
TWTC – tw telecom holdings, inc.
UARNET-AS Ukrainian Academic and Research Network
UA-SEECH Seech-Infocom NCC
UA-SMART-AS Broadcasting company _Smart_ Ltd
UCSB-NET-AS – University of California, Santa Barbara
UCSC – University of California, Santa Cruz
UDMVT-AS OJSC VolgaTelecom branch in Udmurtia Republic AS Number
UECOMM-AU Uecomm Ltd
UKRBIT-NET-AS SPD Bilopol Roman Leonidovich
ULTRADNS – Centergate Research, LLC.
UMANITOBA – University of Manitoba
UMC-AS UMC Autonomous System
UMICH-AS-5 – University of Michigan
UMN Ural-TransTeleCom Autonomous System
UNI2-AS France Telecom Espana SA
Uninet S.A. de C.V.
UNINETT UNINETT, The Norwegian University & Research Network
UNISYS-6072 For routing issues, email [email protected]
UNISYS-AP-UI-AS-AP Unisys AsiaPac Intranet Access to Internet
UNISYS-AS-E – Unisys Corporation
Universidad Nacional de Colombia
University de Los Andes
UNL-AS – University of Nebraska-Lincoln
UPC UPC Broadband
UPITT-AS – University of Pittsburgh
URAN URAN Autonomous system
USI Uralsviazinform
UUNET – MCI Communications Services, Inc. d/b/a Verizon Business
UUNET-INT – MCI Communications Services, Inc. d/b/a Verizon Business
VERISIGN-CORP – VeriSign Infrastructure & Operations
VERSATEL AS for the Trans-European Tele2 IP Transport backbone
VIA-NET-WORKS-AS PSINet Europe / VIA NET.WORKS international AS
VIDEOTRON – Videotron Telecom Ltee
VIETEL-AS-AP Vietel Corporation
VINS – ViaWest
VIRGINIA-AS – University of Virginia
VITSSEN-SUWON-AS-KR Tbroad Suwon Broadcating Corporati
VMWARENET-1 – VMWare, Inc.
VNET-AS VNET ISP Bratislava, Slovakia, SK
VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT)
VODAFONE_ICELAND Backbone Autonomous System
VODANET International IP-Backbone of Vodafone
VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC
VOLKSWAGEN Volkswagen AG, Wolfsburg 1
VRIS-AS-BLOCK – Verizon Online LLC
VZB-AU-AS Verizon Australia PTY Limited
VZGNI-TRANSIT – Verizon Online LLC
WATEEN-IMS-PK-AS-AP National WiMAX/IMS environment
WAYPORT – AT&T Wi-Fi Services
Webex Communications, Inc.
WEBSENSE Websense, Inc.
WELLSFARGO – Wells Fargo & Company
WESTHOST – WestHost, Inc.
WESTNET-AS-AP Westnet Internet Services
WESTPUB-A – West Publishing Corporation
WICAM-AS WiCAM ISP Cambodia Peering AS
WIDEXS ion-ip B.V.
WINDSTREAM – Windstream Communications Inc
WITCOM- Wiesbadener Informations – und Telekommunikations GmbH
WN-AS Private enterprise Gorbunov A.A.
WORLDCALL-AS-LHR Worldcall Broadband Limited
WORLDNET-AS World Net & Services Co., Ltd.
WOW-INTERNET – WideOpenWest Finance LLC
WXC-AS-NZ WorldxChange Communications LTD
WYOMING – wyoming.com
XO-AS15 – XO Communications
XTRA-AS Telecom XTRA, Auckland, NZ
YAHOO-BANGALORE-AS-AP Yahoo Bangalore Network Monitoring Center
YAHOO-US – Yahoo
ZIGGO Ziggo – tv, internet, telefoon
ZIPNETBD-DKB-AS-AP Zipnet Limited DKB AS number
The following chart maps the location of more than 300 command and control networks that were used in these attacks. 299 of them were located in China.

The geographic location of the more than 300 control networks used in the attacks.

Read more…

Autopsy of RSA Attack

From the Security Site at ITPRO

The RSA hack was months ago now, but the file and email which helped compromised the security giant has just been found.

By Tom Brewster, 26 Aug 2011 at 15:36

F-Secure believes it has discovered the file and the email which helped crack EMC’s security arm RSA, in what became one of the most famous hacks in history earlier this year.


Timo Hirvonen, an F-Secure analyst, doggedly pursued the XLS file used to hack RSA even after others had given up the chase. Hirvonen created a tool to analyse samples for a Flash object, which was used to exploit the target’s system.

“The new tool located several relevant samples. However, one of them was not an Excel file. It was an Outlook message file (MSG),” an F-Secure blog read.

“When Timo opened it up, he knew he was onto something. The message file turned out to be the original email that was sent to RSA on 3 March, complete with the attachment 2011 Recruitment plan.xls. After five months, we finally had the file. And not only that, we had the original email.”

The email which was sent to a single EMC employee, with two others CC’d in, was made to look like it came from Beyond.com, a career network.

The subject line read “2011 Recruitment plan” and the body copy contained just one line: “I forward this file to you for review. Please open and view it.”

Once the file was opened the Flash object was executed by Excel, using a vulnerability to write code on the victim’s machine and then drop a Poison Ivy backdoor to the system. Excel is then closed automatically and the infection is done.

What we think…

It’s clear the email which duped EMC was pretty simple. Certainly it would be unadvisable to trust an email which contains just a single line.

This only emphasises the need for further education amongst workforces about spear phishing. It seems even workers at security firms aren’t getting the message, which would be laughable if the connotations of the RSA hack weren’t so serious.

Tom Brewster, Senior Staff Writer

“After this, Poison Ivy connects back to it’s server at good.mincesur.com. The domain mincesur.com has been used in similar espionage attacks over an extended period of time,” F-Secure said.

“Once the connection is made, the attacker has full remote access to the infected workstation. Even worse, it has full access to network drives that the user can access. Apparently the attackers were able to leverage this vector further until they gained access to the critical SecurID data they were looking for.”

As F-Secure noted, the attack itself did not appear to be hugely sophisticated, although as the vulnerability was a zero-day there was no way RSA could have protected itself by patching.

“Was this an advanced attack? The email wasn’t advanced. The backdoor they dropped wasn’t advanced. But the exploit was advanced,” F-Secure added.

“And the ultimate target of the attacker was advanced. If somebody hacks a security vendor just to gain access to their customers systems, we’d say the attack is advanced, even if some of the interim steps weren’t very complicated.”

The hackers who went after RSA wanted the company’s SecureID information so they could hit US Government contractors, including Lockheed Martin.

Following the Lockheed attacks, RSA offered token replacement for customers “with concentrated user bases typically focused on protecting intellectual property and corporate networks.”

What Is A Projectionist? In The Digital Age

In addition to being the last expert in the post-production chain, the projectionist also is the last person in the chain that starts with the security experts who literally keep the keys to the safe. 

No less urgent is the organization of the presentation, which begins with the negotiations between the studios and distribution and advertising groups and involve the exhibition management. Soon this will include the added duty of presenting more and better closed and open caption presentations for an audience who have been largely left out of the mainstream cinema theater culture, the deaf, hard of hearing and visually impaired audience. 

Add to that the mixing in of various forms of alternative content, which means satellite feeds and interface boxes with very nuanced choices (neither the NOC nor the cinema manager is going to change from side to side from sequential or make certain the encryption code is set right for a particular show.) Bluray means audio changes, and last years inexpensive cable boxes won’t work soon in the cinema. [Unmentioned: a truly professional satellite presentation always has backup everything – dish, electronics, test gear. The kit is incredibly cheap, especially compared to returning the cost of premium tickets. Of course, this should never be brought up since we don’t want to scare the cinema owner who already has made a 4X investment in dcinema gear compared to the film equipment it is replacing. (“We are solving a problem that didn’t exist”, as one studio exec said.)] 

In the rapidly disappearing days of film presentation, the projectionist assembled the film from multiple cans, put it onto the mechanical film chain, and made certain that the focus was correct. In the best of cases they made certain that the gates and pull-downs and pulleys weren’t physically harming the film, although there wasn’t much that could be done to prevent the enormous amounts of heat from bringing the plastic to its melting point, with its two harmful effects: desaturating the colors from the film, and creating a dust magnet from the electrostatic condition of all that heat and change that melts the dust into the cooling film. Except for keeping the bulb fresh and the voltage up, there wasn’t much more that a person could do for the picture. [We are, but we shouldn’t be, avoiding the audio topics of dcinema in this document.]

With digital projectors, all of the parameters of the color and luminance are available to perfect. There is no reason for a properly sized system to be anything less than up to SMPTE/ISO specifications. According to some manufacturers, today’s xenon bulbs don’t really even gain much more time or use less electricity by tweaking them down.

The recent kerflufle brought on by the Boston Globe article points to other issues that a projectionist should be solving. 3D alone is an issue that involved color shifts and brightness issues that should be controlled between each movie. When cinemas play 2D and 3D on the same screen, it isn’t surprising that something will suffer. It shouldn’t be the audience, but that is what is happening.

Then there is the system itself. Not the media player (SMS)/projection/audio/satellite feed/bluray player system at every port hole, but the IT system that holds all the SMS systems to one theater management system – with all the projectors filtering data back as required for keeping logs and ‘state of health’ info to network operation centers (NOCs). The projectionist is the person who has to respond quickly and well to the experts at the other end. For all the hype about what can be monitored at a NOC, it is hundreds of times better if there is a person to communicate with at the other end who is versed in perceiving the extant situation.

Perhaps there are people who have been around banks of computers that work flawlessly for days and months and years. But more common is the reality that computers always need some attention from someone on-site. 

[The unwritten topic concerns the issue of how well D-Cinema systems are defended in this age when nothing seems sacred. There are weekly reports about corporations with elaborate staff and technology, who still have secure information exposed. So far, dcinema has been flying under the radar, but with ugly habits. The US military took two years to clean up vital systems after an infected (probably targeted) USB stick put secret data into criminals control. See: Infected USB caused biggest US military breach ever.]

Point being, a trained projectionist in the digital age is a Solution to many a Why. 

Yet when asked, two large cinema chains acknowledged that they didn’t have an updated job description for Projectionist. Booth Monitor was one recently seen posting.

What is a projectionist in the digital age? What are the responsibilities? Is it reasonable that these responsibilities will get fewer as the technology evolves? 

[Update] IPv6, Security, Future Near

The 27th Chaos Communication Congress – subtitled We Come In Peace had an excellent presentation on IPv6 by Marc Heuse, an expert in the field and creator of several tools to test IPv6 security.

IPv6 is the coming standard for intranets, the internet and most IT/IP interconnect equipment. It is quite different from the IPv4, which is currently in place in all of our network systems. The IPv4 protocols use the typical 4 octet system, e.g. (taking 32 bits), while IPv6 uses 128 bit address of numbers and letters. The comparison is 232 v 3.4 x 1038 – the number is 340 undecillion unique addresses.

Other advantages include autoconfiguration of IP addresses and networking, a hierarchical address structure which reduces operational cost and several Integrated security features. 

As Mr. Heuse points out, all major operating systems and most modern routers already support IPv6, but it is turned off. For most intranet installations, IPv4 will probably continue to be sufficient and won’t need to be replaced by IPv6. But as with all new protocols, there are some advantages that might move manufacturers to use the system to uniquely identify equipment for communication security, or other features that are not available with IPv4. Therefore we need to stay abreast of its advantages and potential pitfalls. Especially when one of the current problems being worked out is security weaknesses in tunneling, when using IPv4 and IPv6 together (like that will ever happen!). And though it handles multicasting more securely than with IPv4, that area is also one that has some issues. 

The issues with security come from the standard’s original outline being laid out 15 years ago. It dealt with the security problems of the time. Recommended practices have been developed to upgrade the protocol’s implementaion, but there are many, and they aren’t always dealt with the same way by all manufacturers.

Notwithstanding this, IPv6 is being tested this month in a ‘live on the internet’ plug fest fashion. It will be rolled out in the coming months. The Youtube video that follows isn’t for everyone, but it should be for everyone who claims to be a professional in the entertainment technology field of digital cinema, as cinema is by its nature ‘unique addresses’, on the internet and very concerned with security.

This link points to a page that has several slide presentations on the subject:
27C3: Recent advances in IPv6 insecurities
Don’t miss this slide presentation: 
Recent Advances In IPv6 Insecurities

Side note before the 53 minute video, if you run across any interesting information in this field, or recommendations or comments by the technologists in the d-cinema field about IPv6, please forward it to the editor.

Other articles: 
Last of the IPv4 Addresses Allocated
Understand IPv6 Addresses

YouTube – [27C3] (en) Recent advances in IPv6 insecurities


Stuxnet and SCADA – New News

New Siemens SCADA Vulnerabilities Kept Secret

SCADA systems — computer systems that control industrial processes — are one of the ways a computer hack can directly affect the real world. Here, the fears multiply. It’s not bad guys deleting your files, or getting your personal information and taking out credit cards in your name; it’s bad guys spewing chemicals into the atmosphere and dumping raw sewage into waterways. It’s Stuxnet: centrifuges spinning out of control and destroying themselves. Never mind how realistic the threat is, it’s scarier.

Last week, a researcher was successfully pressured by the Department of Homeland Security not to disclose details “before Siemens could patch the vulnerabilities.”

Read the entire article and some cogent comments at: 
    Schneier on Security: New Siemens SCADA Vulnerabilities Kept Secret

Update Everything Month~! Software Vulnerability Records

Just glancing through the update literature we see that Windows had started the trend with a record number of patches, then Adobe got into the competition with several programs getting the ‘record number’ treatment. Opera thought that was good publicity and topped the 50 fixes line, then Java gave everyone a good run at the records. All in all, there have been other “Update Everything” months, but nothing like this last two weeks of October 2010.

Set aside the time, and if required, the task force to make certain that every computer in your operation that could ever be connected to any of your digital cinema systems, whether by USB key (moving a security key), or by network, has every piece of software checked for updates. Start with the major ones, especially those listed in this article: Ongoing Security–It’s “Update Everything Month”

Remote wiping technology Hard Disks

[For the DCinema business, this isn’t in the direct line of possible solutions…but good to know. The original article is at:
Secure Business Intelligence Magazine: Remote wiping technology introduced for Toshiba products]

The company said that Wipe can automatically invalidate a hard disk drive security key when its power supply is turned off, instantly making all data in the drive indecipherable. Also, copier and printer systems vendors can now use Toshiba’s Wipe technology to securely invalidate sensitive document image data by automatically erasing the SED’s internal encryption key.

This feature can be used prior to system disposal or re-purposing to ensure that private data never leaves the control of the responsible business unit or IT department.