BinShehab.com

A dangerous buffer-overflow flaw in Trend Micro anti-virus software products was reported by Trend Micro and confirmed by security researchers at iDefense Labs.

Researchers at Secunia have also posted an advisory on this vulnerability and have deemed this to be highly critical.

This flaw can be exploited in both Windows and Linux systems, and could be used to gain access to machines, cause DOS (denial of service) activity and allow attackers total control of affected systems.

Trend Micro responded to the vulnerability by pushing out a patch that a company spokesperson says fixes the issue.

"We have seen no cases in the wild, but Trend Micro moved quickly on this because, like others, we understand the highly critical nature of this issue," a company representative told eWEEK.

The vulnerability targets all scan engine and pattern file technology in Trend Micro products due to an error within UPX (ultimate packer for executables) compressed executables. This error can be exploited to cause buffer overflow processes when scanning a uniquely designed UPX file.

In Windows, the scan engine runs in kernel context. Under Linux, the scan engine runs as a daemon with superuser privileges, hence the ability to have complete system control.

iDefense reports that the following configurations are vulnerable:

• Trend Micro’s PC-Cillin Internet Security 2007
• VsapiNI.sys (scan engine) version 3.320.0.1003
• ServerProtect for Linux v2.5 on RHEL 4.x
• vsapiapp version 8.310

Trend Micro said that the majority of its customers use automatic updates, and therefore received the patch that fixes the problem within 24 hours.

Trend Micro targets SMBs with security offering. Click here to read more.

"Trend Micro is including the fix in VSAPI 8.5, which is expected to launch in Q2 2007. In the meantime, Trend Micro has created a pattern update (4.245.0) to detect this vulnerability. The pattern update was made available on February 5, 2007," said the company spokesperson.

For those customers that do not use automatic updates, Trend Micro highly recommends that its customers update to Virus Pattern File 4.245.00 or higher.

Representatives from iDefense and Secunia could not be reached for comment at the time of this reporting.

Over the past few years, it seems that more and more people have realized the problems with e-voting systems. Amusingly, in the comments to our last post about the limits Florida was trying to put on researchers testing the e-voting machines for security, we had someone show up in the comments claiming that this is all a big charade — and that e-voting machines are thoroughly tested by government agencies. Despite being asked a few times, the commenter has not explained why the company hired to do the testing was barred from further testing after they were unable to document whether or not they had conducted the tests at all. His response was that we’re all just a bunch of conspiracy theorists, and that no one other than approved government agencies should get to test these machines, since we’re all too ignorant to understand how e-voting machines should work, and because of our ignorance we’d hand over info to irresponsible parties (which seems like an admission that the machines aren’t actually safe — if there is information that can be handed over that would cause problems, then the machine shouldn’t be used in an election). He also accuses anyone (including respected professors Ed Felten and Avi Rubin) of just being "conspiracy theorists" though none of us have put forth any conspiracy theory — except for the commenter. He claims that the security concerns over e-voting machines are really a big conspiracy to spread fear and make everyone mistrust the voting system so we stay home on election day. Of course, it’s not clear how that fear is targeted in a way to ensure that one side wins — but perhaps we’re not thinking it through enough.

In the meantime, it looks like Congress must be up for continuing this "conspiracy." Despite the fact that most in Congress seemed to show little to no interest for many years as security experts pointed out the problems with the machines, now they’re talking about introducing new legislation that would require that e-voting machines have an audit trail. It’s not clear how a system that allows for recounting the votes is a way to add more fear to the e-voting process and keep us home, so I hope the same commenter can enlighten us on how this conspiracy works.

Earlier this week, we wrote about how Mikhail Gorbachev was publicly asking Microsoft to drop charges against a school head teacher who was arrested and faces Siberian imprisonment for purchasing computers for his school that apparently had pirated copies of Windows. Microsoft responded saying that they wouldn’t do anything, and it was all up to the police. We pointed out how short-sighted this was, especially considering that schools are where many students first get hooked on software like Windows — which they’ll later buy. However, the decision is looking even worse now. Yehuda Berlinger writes in to point out that Russian schools are now looking to drop Windows and switch to Linux simply to avoid facing the same Siberian imprisonment — since they don’t know if the computers they buy have legitimate copies of Windows or counterfeit ones. It’s difficult to see how this is anything but harmful to Microsoft.

Hackers are attacking computers at a near-constant rate.

On average, hackers are attempting to access computers with Internet access every 39 seconds, according to researchers at the A. James Clark School of Engineering at the University of Maryland.

"Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections," said Michel Cukier, professor at the Clark School’s Center for Risk and Reliability and Institute for Systems Research. "The computers in our study were attacked, on average, 2,244 times a day."

"Brute force" hackers use simple software-aided techniques to randomly attack large numbers of computers.

While hackers are often portrayed on TV and in films as people with grudges who target specific institutions and manually try to break into their computers, UM researchers found that in reality "most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities."

Once hackers gain access to a computer, they swiftly act to determine whether it can be of use to them. Hackers’ most common sequence of actions was to check the accessed computer’s software configuration, change the password, check the hardware and/or software configuration again, download a file, install the downloaded program, and then run it.

What is the best protection? Information. Use the hackers’ tactics against them.

The researchers found the most common password-guessing ploy was to re-enter or try variations of the username. Some 43% of all password-guessing attempts involved simply re-entering the username. The username followed by "123" was the second-most-popular choice. Other common passwords attempted included "123456," "password," "1234," "12345," "passwd," "123," "test" and "1."

"These findings support the warnings of security experts that a password should never be identical or even related to its associated username," said Mr. Cukier.

Hacking into sensitive machines and playing brain games on them certainly isn’t new — and a pair of researchers at Cambridge have already done just that on a "tamper-proof chip-and-PIN payment terminal," — but in a recent (and more serious) development, they’ve extended the exploit to demonstrate how they can "compromise the system by relaying information between a genuine card and a fake one." Saar Drimer and Steven Murdoch, members of the Cambridge University Computer Laboratory, have not only played Tetris on a banking machine, but have devised a scenario where a terminal is actually connected to a thief’s laptop (instead of a bank, for instance), thus passing through crucial information without throwing a red flag to the now-screwed customer. Through a series of RFID, WiFi, and SMS connections, the duo even explains how something so simple could be used to steal thousands of dollars in diamonds and jewelry if working with a trained crew. Still, it’s noted that this kind of stunt would be "difficult to execute in practice," and of course, whoever tries it runs the risk of being imprisoned for quite some time, but if you’re interested in an eerily detailed description of just how beautiful you life can become if you actually pull this off, the read link demands your attention.

Microsoft’s finally ready to take the wraps off Windows Mobile 6, the long-awaited successor to Windows Mobile 5 (what else?) that’s been baking in the oven for a while now as "Crossbow." The platform formerly known as Pocket PC Phone Edition has become Windows Mobile 6 "Professional," while its more pocketable little brother, the Smartphone, has become "Standard" and plain ol’ Pocket PCs are "Classic."

Major new features include:

- HTML support in email
- Windows Live for Windows Mobile
- File transfer capability in Windows Live Messenger
- New versions of mobile Outlook, Word, Excel, and PowerPoint with rich editing
- Remote wipe capability for stolen and lost devices
- Call history in contact cards
- Tight Vista integration
- "Calendar ribbon" for more easily viewing schedule by day or week
- New versions of .NET Compact Framework and SQL Server built-in

No carrier or manufacturer announcements have been made at this point regarding availability or upgrades — all eyes are on next Monday for that. Stay tuned for details to come fast and furious from us ahead of some fanfare at 3GSM in Barcelona, including full hands-ons with the new OS in both Standard and Professional form!

Although the motivation for the attack remains unknown, early Tuesday attackers launched a distributed denial-of-service attack against the Internet’s core DNS servers, which are ultimately responsible for converting human-friendly site names (like www.digitaltrends.com) to IP numbers (like 209.85.60.103) which computers, routers, and software uses behind the scenes. Think of DNS as the ever-updating address book for the millions of machines on the Internet. Three of the thirteen top-level root servers—one operated by ICANN, one by the U.S. Department of Defense, and one by UltraDNS—were briefly overwhelmed with the flood of bogus traffic pointed at them

This is the latest bloging form 93 years old bloger who is based in Canada.

This bloger should give a very good motivation for the new and old generations to jump in the Bloging arena.

To view his blog site http://dontoearth.blogspot.com/