Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 27, 2014

Click here to order the best dedicated server and at a great price.

Senior network system admins can get themselves ready today, after the company just created six new security patches to deal with a complex range of DoS (denial-of-service) security vulnerabilities in its routers, switches and firewall IOS.

The security vulnerabilities all scored a CVS base score more than 7 (considered high) as being remotely exploitable without authentication.

Most of them boil down to how various bits of IOS handle (or don't handle) malformed packets, among other things.

Here's a brief description of the security vulnerabilities and how Cisco is dealing with them:

  • SIP DoS in IOS – Some SIP messages, even though they'd be considered “well-formed”, can trigger a device reload. IOS XE Software release 3.10.0S and 3.10.1S are affected and a fix is now available.
  • Key exchange module – the Internet Key Exchange module, IKEv2, can be crashed with a malformed packet. Customers are advised to upgrade to a non-vulnerable version of IOS XE.
  • IOS NAT – Malformed DNS packets can crash the NAT in various IOS versions. Fixed versions are now available.
  • IOS SSL VPNs – the SSL subsystem in IOS is vulnerable to crafted HTML requests “designed to consume memory to an affected device”. Various IOS 15.1, 15.2, 15.3 and 15.4 releases are affected, with fixes available.
  • IOS and IOS XE IPv6 stack – can be crashed with crafted IPv6 packets, with fixes available.
  • 7600 Switch Processor with 10 Gbps Ethernet uplinks – crafted IP packets can crash the Kailash FPGA in versions prior to 2.6, with fixes available.

    We will update you when more fixes are available, but for now that's all we have from Cisco. The networking giant realizes that security threaths are growing rapidly and is trying to make a difference by being proactive.

    In other internet security news

    It sure took a while but it was well worth the wait, and now the internet community can relax a bit. Internet heavyweights have teamed up to form a non-profit organization designed to supply Web infrastructure operators and hosting companies with free tools and intelligence in the endless battle against cybercrime and email spammers.

    Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are putting their support behind the Secure Domain Foundation (SDF).

    Cybercrooks, hackers and especially email spammers have long used domain names to control botnets, distribute malware, spam inboxes and compromise unsuspecting visitors.

    The SDF’s free API solution will give credit ratings for customers based on security reputation and contact data validation.

    Domain name transactions such as new account creation, domain registration, and record updates can be queried against this trustworthiness database to red flag potential issues before they become a real nuisance to the internet community.

    The database of malicious domains and suspicious businesses has been in development for two years. Domain registrars are being invited to incorporate this contact data validation services into their domain registration processes.

    SDF was founded by security researcher Chris Davis, who was involved in the successful Mariposa botnet takedown operation in 2010 and Norm Ritchie, a domain industry expert and one of seven keyholders of the secure root zone.

    “To be sure, ICANN has recently mandated that domain registrars must validate postal addresses, phone numbers, and email addresses that are provided as contact information during the domain registration process,” said Norm Ritchie, chairman of the SDF.

    “Many new gTLD registries have pledged to take a more proactive role in fighting domain abuse within their TLDs. The SDF provides an entirely free service that not only validates the contact registration data provided but also lets the registrar and registry know if we have seen that data used previously in relation to specific cyber crimes.”

    The SDF plans to provide free-of-charge tools, technology, research, and security intelligence to Internet domain name registrars, registries, ccTLD operators, and gTLD operators.

    The organization hopes to expand its services to hosting providers, DNS operators, CERTS, law enforcement and other Internet infrastructure operators over the coming months.

    The SDF will act as a “brains trust” analysing thousands of malware samples daily before teaming up with domain registrars and others to shut down the criminals’ command and control infrastructures.

    “Beyond our current offering of tools and services, we are also dedicated to significantly raising the cost and the overall risks of any form of cyber crime,” said Chris Davis, president of the SDF.

    “With our partners, we analyse hundreds of thousands of malware samples daily and actively engage with registries, registrars and hosting providers to shut down the criminal command and control the infrastructure. Our staff and volunteer researchers and analysts work tirelessly to provide criminal attribution intelligence to the proper global law enforcement organizations and help to bring these criminals to justice,” he added.

    Davis is the co-founder of SDF and director of intelligence partnerships at CrowdStrike, and he acknowledged that abuse will continue despite SDF's efforts because cybercriminals often use bulletproof hosting from unscrupulous providers or hacked systems.

    What SDF can do is to make life a lot more difficult for bot-herders and other cybercrooks. "Right now, there is essentially no 'barrier to entry' for a bad guy to set up something like a botnet command and control infrastructure," Davis explained.

    "Our hope is, if we can start in the domain segment and make life a lot harder, we can expand this model towards hosting providers and other infrastructure type organizations," he added.

    "One of our goals is to publicly name and shame or spotlight malicious and/or apathetic providers. We have on our roadmap a plan to provide DNS RPZ feeds to allow users to easily block those providers," he added.

    In other internet-security news

    Microsoft is warning that its Word software is vulnerable to a newly discovered security issue which is being exploited in limited but targeted attacks in the open. For now, there is no security fix available at this time.

    The security problem is triggered by opening a maliciously crafted RTF document in the Word processor, or opening it via Outlook, and it allows the attacker to execute arbitrary code on the computer.

    The security issue was disclosed by Microsoft yesterday outside its monthly Patch Tuesday cycle. Opening a poisoned Rich Text File (RTF) document allows the attacker to hijack the PC with the same privileges as the logged-in user.

    Microsoft Word 2003, 2007, 2010, 2013, and Office for Mac 2011 are all vulnerable to this, the company says. Microsoft Office Web Apps, Automation Services on SharePoint Server 2010 and 20103, and Outlook 2007, 2010 and 2013 when using Word as the email viewer, are also affected.

    Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team reported the Word RTF memory-corruption flaw to Microsoft; the security flaw was assigned CVE-2014-1761 on January 31, 2014.

    One particularly bad part of the security vulnerability is that it can be triggered if a specially crafted RTF document attached to an email is previewed in Outlook.

    Alternatively, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability, Microsoft explained yesterday.

    "An attacker who successfully exploited the security flaw could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this flaw could take complete control of an affected system," Microsoft warns.

    Microsoft added that system admins should disable the opening of RTF data in Microsoft Word to prevent exploitation of the vulnerability. Using the Enhanced Mitigation Experience Toolkit may also thwart attempts to compromise systems via this issue.

    "On the completion of its investigation for this security vulnerability, Microsoft will take the appropriate actions to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," the company added.

    In other internet security news

    Oracle is warning its Australian customers in the enterprise segment to get ready for extra security patches in the next coming months.

    Recent changes at Australia's federal laws mean that Oracle has warned its customers that one security patch will be needed to handle a new gender equity reporting requirement, while changes to superannuation (tr. retirement pension) will mean another two.

    Then there's a fourth patch that can be expected to handle general other changes expected in the Federal budget, which is delivered in the first week of May and comes into effect as of July 1st.

    Australia's financial management software vendors are briefed in advanced of the Budget, so that vendors generally know what they need to start working on.

    Their software is also tuned to cope with the need for rapid adjustment. We understand that financial management packages have modular designs to make it easy for vendors' outposts in different nations to encode local regulations into their wares.

    We're aware that at least one top tier ERP vendor outsources the creation of these hyper-local patches, in part because the local office is more concerned with – and competent at - sales and marketing than actual coding.

    Even if outposts of multinational vendors have to scramble to get the job done, the work is probably welcome if Oracle's missive is anything to go on-- only users of version 12.0 or higher of Oracle Payroll can put the patches to work.

    Government therefore keeps users on the upgrade treadmill, along the way creating just the kind of red tape Australia's rulers will this week decry with a “repeal day” dedicated to “cutting administrative overhead.”

    In other internet security news

    Farid Essebar, aka Diablo, has finally been arrested by Bangkok police after more than 3 years on the run, on suspicion of causing no less than $4 billion worth of damage to Swiss banking systems and various other institutions in Europe.

    The 27-year-old Moroccan, who has a Russian passport, was caught by police from the the Department of Special Investigation (DSI), as well as officials from the Immigration Bureau, and the Office of the Attorney-General.

    "We arrested the suspect at a condominium on Rama Road. Thailand will then send him to Switzerland within 90 days in accordance with the extradition agreement," police chief Songsak Raksaksakul said.

    Swiss authorities are said to have alerted the Thai police through their embassy in Bangkok that the hacker and three associates had come to the south-east Asian country.

    Why did it took so long to track him down is still a mystery, although the report claims that law enforcers wanted to make sure they got a positive identification of the criminal before swooping in for an arrest.

    Over the past three years, Essebar and the three other men apparently spent their time moving between various Thai tourist destinations and also made stints to other nearby countries including Hong Kong, among others.

    It’s still unclear exactly how long the Moroccan is facing in a Swiss jail, but if the prosecution is successful it won’t be the first time he’s gone behind bars.

    Essebar was arrested back in August 2005 and jailed by a Moroccan court a year later for spreading the infamous Zotob worm which infected systems across the globe including those of CNN, ABC, the Financial Times and the New York Times.

    It even managed to crash the Department of Homeland Security's (DHS) US-VISIT border screening system, much to the embarrassment of the George Bush administration.

    In other internet security news

    European police agency Europol warns internet users again that using free Wi-Fi hotspots poses a data risk and that sensitive information can be lost or stolen by potential hackers that are located in the same hotspot.

    Troels Oerting, head of Europol's cybercrime centre, told BBC News that a growing number of attacks are being carried out via public Wi-Fi service and that people should send personal data only across trusted networks.

    "We have seen a growing increase in the misuse of Wi-Fi hotspots and the issue is getting worse, in order to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections," he added.

    The problems posed by using insecure Wi-Fi have been known for many years, and underscore the important need to use a VPN connection when accessing the internet from insecure public places such as cafes, transport hubs and conference venues.

    But consumers often ignore these best practices, putting them at increased risk of getting hacked as a result. Sean Sullivan, security advisor at anti-virus firm F-Secure, commented-- "This has been a concern for many years, and that's why sensible companies force employees to use VPN connections. A Firefox plugin called 'Firesheep' definitively demonstrated just how utterly insecure Wi-Fi hotspots can be back in 2010."

    Sullivan added that he used open hotspots all the time but always took care to take basic security precautions when he did. "If you want to use an open Wi-Fi hotspot to search for the latest sports scores, then go for it. But if you want to check your bank balance, read your email, have a private chat with your friends, then get yourself a VPN service,” he concluded.

    According to a recent Kaspersky Lab survey, 34 percent of people using a PC admitted to taking no special measures to protect their online activity when using a Wi-Fi hotspot.

    Only about 12.6 percent of internet users take the time to actively check the encryption standards of any access point before they use it, and that number is extremely low, considering all the risks that are involved.

    The Kaspersky Lab survey does offer some comfort to those concerned about consumer attitudes to internet security. Only one in seven of those quizzed were comfortable banking or shopping online while connected to an untrusted Wi-Fi hotspot.

    And in a related development, privacy groups such as the EFF (Electronic Frontier Foundation) have teamed up with technology firms such as Twitter and privacy-focused search service DuckDuckGo to create a new campaign to improve data security for consumers in a post-Snowden world of dragnet surveillance.

    The 'Encrypt all Things' campaign has drawn up a seven point Data Security Action Plan for 2014 specifically designed to promote better data protection practices by websites and the technology industry, as well as promoting greater security awareness about privacy-enhancing technologies among consumers.

    In other internet security news

    Internet security consultants are suggesting that Canadian businesses and the federal government should adopt a just-released U.S. government framework for tightening IT security of critical infrastructure, and by adding additional layers of security to improve the confidentiality of all saved data.

    “I honestly don’t think that we should re-invent the wheel,” said Kevvie Fowler, a partner in the forensic advisory services at KMPG Canada.“

    Fowler said that the guidelines were released February 12 by the federal National Information Technology Laboratory (NIST). “If you look at what has been done, it already leverages several concepts from internationally-adopted standards like ISO 27001/2 and a few others,” he added.

    In 2010, the Harper government announced a national strategy to better protect critical infrastructure calling for the public and private sectors to work on addressing risks. But two years later, the Auditor General released a report complaining the strategy still didn’t have an action plan. That plan has since been completed.

    Public Safety Canada has released a guideline of best practices for incident response. But Fowler said the NIST document goes further. Meanwhile, as part of its effort to work on an infrastructure security plan, the Canadian government is holding an invitation-only conference in New York next week.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.

    Source: The Secure Domain Foundation (SDF).

    Click here to order the best dedicated server and at a great price.

    Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

    You can link to the Internet Security web site as much as you like.

    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

    Click here to order our special clearance dedicated servers.

    Get your Linux or Windows dedicated server today.

    Click here to order our special clearance dedicated servers.