Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Kaspersky IPv6 security flaw crashes personal computers

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 8, 2013

Internet security firm Kaspersky Labs says it has repaired and solved a security hole that could freeze personal computers with 'Kaspersky Internet Security 2013' installed on them if they received a specially malformed IPv6 packet, whether intentional or not.

On Tuesday, Infosec's company representative Marc Heuse reported that sending a fragmented IPv6 network packet with multiple extension headers (one of which is unusually very long) to a Windows computer with Kaspersky Internet Security 2013 installed on it will freeze up the computer completely.

The Russian security firm confirmed the bug, which it has fixed in its software, and apologized for its coding error.

In a company statement, Kaspersky Labs stressed that the security hole only crashed PCs, rather than creating a means to take control of them: "After receiving some feedback from the researchers, Kaspersky Labs quickly fixed the error. A private patch is currently available on demand and an autopatch will soon be released to repair the issue automatically on every computer protected by Kaspersky Internet Security 2013."

"Although Kaspersky Labs acknowledges the problem, it would like to stress that there was no threat of malicious activity affecting the PCs of any users who may have experienced this rare problem," the company added.

"Kaspersky Labs would like to apologize for any inconvenience caused. Actions have been taken to prevent such incidents from occurring in the future," read the statement.

In his security advisory, Heuse revealed that the freeze flaw is not restricted to KIS 2013 but also affects any other Kaspersky products that bundle the same firewall functionality with the related flaw.

Heuse said that he only went public on Monday with this, after failing to get a response from Kaspersky on the issue, which he first reported to the security firm in late January of this year.

In other internet security news

Microsoft said this morning that it's planning to deliver no less than seven complex security patches on next Tuesday, March 12. In all, there are four patches deemed 'critical' and three 'important' as part of the March edition of its now regular-like-clock-work Patch Tuesday security upgrade program.

The most troublesome of the critical security vulnerabilities implies a remote code execution risk and affects *every* version of Windows - from XP SP3 up to Windows 8 and Windows RT as well as all versions of Server 2003, Server 2008, Server 2012 and of course, the Internet Explorer browser.

So the software engineers in Redmund have been very busy the past few days, and it's not over yet. A second critical update addresses critical security vulnerabilities in Microsoft Silverlight both on Windows and Mac OS X.

Silverlight is widely used as an alternative to Flash, in particular to run media applications, for example Netflix.

Third on the critical list is a security vulnerability in Visio and the Microsoft Office Filter Pack.

The final critical security update covers a privilege elevation flaw in SharePoint, Microsoft's portal and content management enterprise server software.

The practical aspect to all of this is that ALL versions of Windows, some Office components and many consumer Mac OS X installations and more will need updating because of a myriad of security flaws on the Windows platform.

The important bulletins cover an update to Microsoft Office for Mac 2008 and 2011 as well as an elevation of privilege security bug in Windows that affects XP SP3 up to Windows 8.

And last comes at 'important' update for OneNote, Microsoft's note-taking software. In related news, the ZDI’s Pwn2Own competition at CanSecWest security conference in Vancouver led to the discovery of new security vulnerabilities in browser platforms (both IE, Chrome, Safari and Firefox are affected), as well as Java and Adobe apps.

This is likely to produce plenty of patching action over upcoming weeks, especially if past history is any guide.

In other internet security news

China has accused the United States for most of the cyberattacks launched against its military networks. In a statement released today, China's Ministry of National Defense said that cyberattacks against its military sites have increased over the past few years.

Based on various checks of IP addresses, China's Defense Ministry claimed an average of 144,000 cyberattacks per month in 2012, according to various news media outlets.

And it pointed its finger directly at the U.S. for almost 63 percent of them. The allegations from Beijing come hot on the heels of a recent report from U.S. security firm Mandiant, linking the Chinese army to cyberattacks against the United States.

Citing digital forensic evidence, investigators for Mandiant said that they found an office building just outside of Shanghai that housed People's Liberation Army Unit 61398, and then traced a Chinese hacking group to that location.

China immediately denied any involvement and condemned the report for lack of hard evidence. Defense Ministry representative Geng Yansheng challenged Mandiant's findings, saying that IP addresses can be stolen by hackers and are no proof as to the source of a hacking attack.

"Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis," Yansheng said last week.

The irony is that China's accusations against the United States cite IP addresses as "proof" that the U.S. is behind most of the cyberattacks against its military sites. So the Chinese government is clearly trying to play cat and mouse.

Today's statement also pointed to recent news that the U.S. plans to expand its cyberwarfare capabilities but said that such actions would not help the international community defend itself against cyberattacks.

"We hope that the U.S.' side can fully explain and clarify this in a cohesive manner," the statement added. We will keep you posted on these and other developments.

In other internet security news

Various security vulnerabilities in the U.S.' television emergency alert system, exploited last week by pranksters to put out fake warnings of a zombie apocalypse still remain widespread. And that's after TV station system admins remembered to change their default passwords on their broadcast equipment after they got hacked into.

As it happens, the hackers managed to attack a television station's emergency alert system in Montana to broadcast an on-air audio warning about the end of the world...

But it gets worse-- the initial attack on KRTC's equipment was also repeated in three other states-- two stations were electronically broken into in Michigan as well as several others in California, Montana and New Mexico, according to Karole White, president of the Michigan Association of Broadcasters.

"It isn't what the pranksters said," White added. "It's the fact that they hacked into the system in the first place."

And it's very easy to understand how the hacks were possible to begin with, since the TV stations had neglected to change their original default passwords on their own equipment facing the public internet. Most broadcasting equipment makers today issue factory default passwords that need to be replaced before being connected to the internet, and this is clearly indicated in their installation manuals.

A security advisory sent by regulators at the FCC to broadcasters urged TV station system admins to take immediate action to correct the issue. They were told to change all passwords on all equipment regardless of the manufacturer as well as make sure that all equipment were protected behind a firewall and that hackers had not queued up bogus alerts for later transmission.

Reuters reports that an alert controller device from Monroe Electronics had been abused to carry out at least some of the apocalypse pranks. Monroe responded by publishing an advisory on its web site: "To improve overall security all One-Net R189 users are urged to: 1) Change the factory default password immediately. 2) Make sure that all network connections are behind secure firewalls.

Meanwhile, researchers at IO-Active Labs discovered a substantial number of insecure emergency alert system devices directly connected to internet, making it possible for hackers to exploit even more security flaws in attacks that go beyond pure mischief.

Mike Davis, a hardware expert at IO-Active Labs, says that by using Google he was able to find no less than thirty alert systems across the United States that were easily vulnerable to attacks. The security holes allow attackers to remotely compromise these devices, and then they can broadcast official alerts through U.S. radio and TV stations all over the country.

Davis also discovered very weak cryptography and security shortcomings in the firmware loaded into emergency warning systems. He reported the security vulnerabilities to the U.S.' Computer Emergency Response Team (CERT) about a month ago but isn't revealing the details of the vulnerabilities nor the names of the manufacturers they affect, pending confirmation of a security patch.

In other internet security news

Federal police in Spain has arrested eleven individuals suspected of running a €1 million a year ransomware gimmick using malware that posed as a message from law enforcement officials.

Investigators first became interested in the 'Reveton Malware' after hundreds of complaints from victims of the crime starting flooding in at the beginning of 2011.

Trend Micro and Spanish law enforcement agencies worked with the European Cybercrime Centre (EC3) at Europol in a concerted operation coordinated by Interpol over the months that followed, sharing gathered intelligence, samples and many related technical details.

Cops said that their research allowed them to literally map the criminal network infrastructure including traffic redirection and command control servers.

They then conducted multiple raids on various premises, seizing computers, hard drives, servers, IT equipment and stolen credit cards used to cash out the money that victims had paid.

In a statement, police said that since it was detected in May 2011, there had been more than 1,200 complaints about the so-called "POLICE VIRUS" (Reveton drive-by malware).

Police said this intelligence led to the arrest of eleven individuals. One of the suspects, an unnamed 27-year-old, is suspected to be the kingpin of the group that produces the Reveton ransomware.

This Russian national was arrested in Dubai, United Arab Emirates. Spanish authorities have filed an extradition warrant. Along with this key arrest, police said they had run a takedown operation focusing on the lower-ranked members of gang, in connection with which they made several additional arrests.

Police added that lower-ranked members in the group were involved in monetization of the Pay Safe Card/Ukash vouchers received as payment in the scam. The gang had a branch in Spain's Costa Del Sol that exchanged these vouchers and then converted them into real cash, which would then be sent to the main group in Russia.

Europol said in a separate statement: "The financial cell of the network specialized in laundering the proceeds of their crimes obtained in the form of electronic money. The gang employed both virtual systems for money laundering and other traditional systems using various online gaming portals, electronic payment gateways or virtual coins."

Spanish cops said that ten of the suspects had been arrested in connection with allegations of money-laundering activity. Six of the cuffed suspects are Russian, two Ukrainian and two Georgian, but all of them were based in Spain, police said.

Spanish police said the fraudsters behind the scam were netting about €1 million a year in illegal profits. "This coordinated activity, in a similar fashion as the Trend Micro/FBI action against the DNS Changer gang last year, leading directly to the arrest of individuals believed to be actively engaged in cybercrime, should serve as a model for how the security industry and law enforcement can effectively cooperate in the global fight against online criminal activities," said Rik Ferguson, director of security research and communications at Trend Micro.

The ransomware used by the gang utilizes police logos to make it look like it came from a law enforcement agency to convince victims to cough up a fine"of around €100 using cash vouchers in order to unlock their computers.

In other internet security news

U.S. defense contractor Raytheon has developed new software that can mine social media websites such as Twitter and Facebook to track and predict users' behaviour, according to British media news outlets.

The story from The Guardian says that the key features of Raytheon's software, developed in co-operation with the U.S. government and delicately titled Rapid Information Overlay Technology are said to be an ability to sift through social media and figure out who your friends are and the places you frequent.

What is disturbing is that such a tool could likely end up in the hands of a repressive State, or a shadowy agency inside a more open State. Australia's Sydney Morning Herald today has a similar story on the same theme.

All of this *is* disturbing, except for the fact that similar software can be had from other sources that are far less scary than a defense contractor.

For instance, IBM sells “social media analytics” software that can “capture consumer data from social media to better understand attitudes, opinions, trends and manage online reputation” and even “predict customer behavior”. That's the same company that can whip up a supercomputer or sell you a scale-out NAS capable of storing multiple petabytes of raw information.

And customer service software firm Genesys sells “social engagement” software that “automates the process of social listening to your customers” and “extends business rules and service level strategies to the growing volume of social media-based customer interactions.

A quick mention of Big Data, daily and breathlessly advanced as capable of all of the above, and much more to more data, is also surely worth inserting at this point.

And then there are Google, Twitter, Facebook and others whose entire business is built on figuring out who you spend time with and where you spend or intend to spend that time, so they can sell that information to advertisers all over the globe.

Or hand over your data to the government, which seems to be happening rather more regularly if the social networks' own reports on the matter suggest.

We're not suggesting that Raytheon's software was designed as an instrument of State surveillance, but it's still worth pointing out that the company is far from alone in having developed software capable of tracking numerous data public sources, aggregating them into a file on an individual, and doing so without the individuals' knowledge.

And that the company has done so in full collaboration with the U.S. government should not surprise anyone.

As for the spatial aspect of these allegations, the fact that photos contain spatial metadata is hardly news, nor is the notion that social media leaves a trail of breadcrumbs a novel-- it's a well-known fact.

One has only to revisit news from 2010 to be reminded of how pleaserobme.com pointed out how social media can alert thieves to the fact you've left your home.

Far clearer is the fact that you are the product for any free online product. Also very clear is that by using such services, data about you will be consumed by a large and diverse audience. The scariest thing of all may be how few of those that use such services care or even realize the vast implications this could have on their personal and professional lives.

In other internet security news

The Canadian government is blaming a simple printing error for the fact that some student loan recipients who received letters to say their personal information had gone missing along with a portable hard drive also got letters addressed to someone else.

Canada's Human Resources and Skills Development (HRSDC) revealed in mid-January that a hard drive containing the personal information of some 583,200 Canadian students had gone missing.

The data included social insurance numbers and dates of birth of people who had received student loans between 2002 and 2006.

Victims of the data breach began receiving notification letters a few days ago, and at least 100 of those envelopes contained letters intended for other people.

In Ottawa's House of Commons, opposition members hammered the government over the latest blunder in question period earlier this week.

“Mr. Speaker, the incompetence continues regarding the data breach and mail-outs now going to the wrong people,” Liberal MP Rodger Cuzner said.

Human Resources Minister Diane Finley responded that her department had identified the cause of the wayward letters and “the issue has been fixed.”

HRSDC said that a technical issue with printers led to some envelopes being double stuffed, and the personal information contained in the letters was limited to names and addresses.

The department will send pre-paid envelopes to those who received letters intended for others so they can be returned to the intended recipients.

The department went public about the lost of the data last month after a RCMP investigation into another breach revealed that there was a hard drive missing from an office in Gatineau, Quebec.

The hard drive was last seen in August but was only discovered missing in November. Finley has said there is no evidence to suggest that the missing data has been used for unlawful purposes.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Kaspersky Lab.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

















Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Click here to order your new fully dedicated Plesk server with the Linux operating system.


Get your Linux or Windows dedicated server today.





Click here to order your new fully dedicated Plesk server with the Linux operating system.





Click here to order your new fully dedicated Plesk server with the Linux operating system.