securingyour.info

Her Majesty’s Royal Navy website was compromised by Romanian hacker “TinKode” in what appears to be more mischievous than malicious so far anyway. According to the Sophos technical consultant Graham Cluley “TinKode” appears to have also posted sensitive information on administration accounts and passwords related to the Royal Navy website. The Navy have posted a comment on their website stating  “Unfortunately, the Royal Navy website is currently undergoing essential maintenance”.

“TinKode” a member of insecurity.ro has also previously revealed security holes in NASA’s website and various vulnerabilities in US military websites.

This of course is in the face of the MoD as a few weeks ago it was announced that cyber attacks were declared as the highest priority in the new National Security Strategy.

Read more on the hack, ZDNet article

With a vulnerability score rating of 7.6 this is rather serious, the vulnerability lies in the PDF distiller component of the Blackberry attachment service on Enterprise server. The issue is a simple buffer overflow which could allow malicious individuals to execute a Denial of Service (DoS) attack. To successfully exploit this vulnerability a Blackberry user needs to open a specially grafted PDF file using the Get Link menu item on their Blackberry smartphone.

Affected Software:

BlackBerry Enterprise Server Express version 5.0.2 for Microsoft Exchange

BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for Microsoft Exchange

BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for IBM Lotus Domino

BlackBerry Enterprise Server versions 5.0.1, 4.1.7 and earlier for Novell GroupWise

BlackBerry® Professional Software version 4.1.4 and earlier for Microsoft Exchange and IBM Lotus Domino

Do read the advisory and patch up rather urgently.

Oracle have decided to follow suite with Microsoft on patch Tuesday with a staggering eighty one security patches to fix critical vulnerabilities in it’s database server software.  It is rumored that ten out of the tweleve health care organisations run oracle software so lets hope that they patch up fast. With some of the vulnerabilities as serious as remote exploitation with out the need for authentication lets hope the all the blue chips patch as soon as possible, especially the Sun worshipers as thirty one of the eighty one are for Oracle Sun products.

According to the pre-release statement by Oracle the following products and effected:

Oracle Database 11g Release 2, version 11.2.0.1

Oracle Database 11g Release 1, version 11.1.0.7

Oracle Database 10g Release 2, versions 10.2.0.3 and 10.2.0.4

Oracle Database 10g, Release 1, version 10.1.0.5

Oracle Fusion Middleware, 11gR1, versions 11.1.1.1.0 and 11.1.1.2.0

Oracle Application Server, 10gR3, version 10.1.3.5.0

Oracle Application Server, 10gR2, version 10.1.2.3.0

Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0 and 10.1.3.4.1

Oracle Identity Management 10g, versions 10.1.4.0.1 and 10.1.4.3

Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2

Oracle E-Business Suite Release 11i, versions 11.5.10 and 11.5.10.2

Agile PLM, version 9.3.0.0

Oracle Transportation Management, versions 5.5, 6.0, and 6.1

PeopleSoft Enterprise CRM, FMS, HCM and SCM (Supply Chain), versions 8.9, 9.0 and 9.1

PeopleSoft Enterprise EPM, Campus Solutions, versions 8.9 and 9.0

PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50

Siebel Core, versions 7.7, 7.8, 8.0 and 8.1

Primavera P6 Enterprise Project Portfolio Management, versions 6.21.3.0 and 7.0.1.0

Oracle Sun Product Suite

Peoplesoft Enterprise CRM

Peoplesoft Enterprise EPM

Solaris

Open Solaris

Again do patch up and make sure you read the pre-release statement for more information

Here we go again, patch Tuesday.  Microsoft will today release the patches for forty nine vulnerabilities and release sixteen bulletins four of which are marked as “Critical” the highest rating they can get. According to the Microsoft’s advanced notice a “Critical” rating is one that would allow the spread of internet worms without user action, to be honest anything that could compromise your organisations data and integrity is critical something they yet to understand. What has caused this sudden and rather large patch rush, you guessed it mostly to plug the holes used by the Stuxnet worm that targeted various key services and companies. Why you would run something like a Nuclear Power Plant or any country critical service on Microsoft is besides me really, its the equivalent of alarming your company or house then leaving the proverbial post-it note with the code on the front door. Nothing against Microsoft per se it has it’s place and time in any environment just not the most critical not until it far more secure and bug free than it is.

The products that are effected are listed below (basically everything):

Windows XP : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows Vista : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows 7 : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows XP : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows Server 2003 : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows Server 2008 : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows Server 2008 R2 : Bulletins 1, 2, 3, 4, 6, 7,10, 11, 12, 13, 14, 15, 16

Windows Sharepoint Services 3.0: Bulletins 5, 8

Microsoft Sharepoint Foundations 2010: Bulletins 5, 8

Microsoft Office Sharepoint Server 2007: Bulletins 5, 8

Microsoft Groove Server 2010: Bulletins 5, 8

Microsoft Office XP: Bulletins 8, 9

Microsoft Office 2003: Bulletins 8, 9

Microsoft Office 2007: Bulletins 8, 9

Microsoft Office 2010 32 bit: Bulletins 8, 9

Microsoft Office 2010 64bit: Bulletins 8, 9

Microsoft Office for Mac 2004: Bulletins 8, 9

Microsoft Office for Mac 2008: Bulletins 8, 9

Microsoft XML file converter: Bulletins 8, 9

Microsoft Word viewer: Bulletins 8, 9

Microsoft Excel viewer: Bulletins 8, 9

Microsoft Office Compatibility Pack: Bulletins 8, 9

Like I said just about everything, so do patch up there are some really serious holes being fixed and for that we can be grateful, even if it did take a potential nuclear disaster to make it happen.

The Unix contractor that planted a malicious script on the server of Fannie Mae when he was fired in 2008 faces a jail term of up to 10 years for computer intrusion, computer intrusion? He had full access and the threat was done while he still had full access I would hardly call that intrusion, but I’m guessing a loop hole that the US can charge him with. I am by no means fighting for his plight just the charges don’t make sense to me that’s all (enough on my thoughts on it). The malicious script was time bombed to run on the 31st January 2009, according to reports it would have taken Fannie Mae weeks to recover had it been successful. This is not the first or that last we have seen, read about or helped fix and just goes to show the biggest threat to any organisation is the insider threat.

Graham Cluley, senior technology consultant at Sophos, said this should serve as a timely reminder to all companies as to what they should be prepared for. “Implementing a combination of robust user policies and security measures is crucial in order to safeguard their IT networks -and ultimately their business -against such incidents.”

The whole story on Computer Weekly and some more