Intel Joins LibreOffice

Summary:  Intel distributes LibreOffice, can Microsoft be pleased?

The month of February is a month to remember for the LibreOffice project. LibreOffice, the OpenOffice fork, is a very popular open-source office suite. But, while it has great support from Linux distributors, like openSUSE and Ubuntu, LibreOffice has never had a major corporate backer on the Windows side… until now. Intel is now offering LibreOffice to Windows users via its AppUp application store. I wonder how Microsoft feels about this. (more…)

Free Java Exploit

An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows and Mac systems.

The Java exploit is being sold on cybercrime forums and incorporated into automated crimeware kits like BlackHole. Since then, security researchers @_sinn3r and Juan Vasquez have developed a module for Metasploit that makes the attack tool available to penetration testers and malicious hackers alike. According to a post on the Metasploit blog, the Java vulnerability “is particularly pernicious, as it is cross-platform, unpatched on some systems, and is an easy-to-exploit client-side that does little to make the user aware they’re being exploited.”

Metasploit also posted the results of testing the exploit against a variety of browsers and platforms, and found that it worked almost seamlessly to compromise systems across the board, from the latest 64-bit Windows 7 machines to Mac OS X systems.  (more…)

Windows Patch Tuesday – December 2011

Patch up warmly this winter if you’re running Java, as Oracle’s software platform is the single biggest target for hackers. Java proved the single most popular target in the 12-month period to the end of June, according to Microsoft’s latest Security Intelligence Report has found here. Running Java as a Web-browser Plugin is much more dangerous than Flash, and you should disable the Java Applet Plugin.

Microsoft today issued software updates to patch at least 19 security holes in Windows XP, Vista, 2003 and 7 (no surprise there), including three flaws that earned the company’s most serious “critical” rating. Separately, Oracle released a security update that fixes several issues in its Java software. (more…)

Save on Software

In this day and age of technology, computer applications are a dime a dozen. There are apps available for the various different desktop operating systems and even more for the varying mobile platforms. This makes it important for the user to get one that suits his or her needs perfectly. One may only know about which commercial apps are popular amongst organizations, while remaining ignorant to the numerous apps produced by niche communities. One may spend money on a program when he or she could have gotten a better one for cheaper, if not free. That said, there is a strong need for parties to consider all of their options before deciding on which software to use for what purpose. (more…)

Apple Mac Malware

Malware that targets Mac OS X isn’t anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that’s been in favor among Windows malware authors for several years now.

The new piece of malware hides inside a PDF file and delivers a backdoor that hides on the user’s machine once the malicious file is opened. Once the user executes the malware, it puts the malicious PDF on the user’s machine and then opens it as a way to hide the malicious activity that’s going on in the background, according to an analysis by researchers at F-Secure. The Trojan then installs the backdoor, which is named Imuler.A, which attempts to communicate with a command-and-control server.

That server isn’t capable of communicating with the malware, however, the researchers found, so the malware is on its own once it’s installed on a victim’s machine. What’s not clear is exactly how the malware is spreading right now, what IS known is that this disables Apples built-in malware protection

“This malware may be attempting to copy the technique implemented by Windows malware, which opens a PDF file containing a “.pdf.exe” extension and an accompanying PDF icon. The sample on our hand does not have an extension or an icon yet. However, there is another possibility. It is slightly different in Mac, where the icon is stored in a separate fork that is not readily visible in the OS. The extension and icon could have been lost when the sample was submitted to us. If this is the case, this malware might be even stealthier than in Windows because the sample can use any extension it desires,” the analysis by F-Secure said.

Windows-based malware variants have been using the same sort of techniques for hiding themselves for a long time now. They often use common file extensions such as DOC, PDF, XLS and others to entice users into opening the malicious file. In some cases, the malware may not have the proper icon to go along with the fake file extension, as is the case with the Mac OS X Revir.A malware that F-Secure identified. It’s a simple trick, but it’s still quite effective and users have shown themselves to be willing to open these files, regardless of the potential consequences.

Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you’ve been infected; the fix involves deleting entries from your browsers’ .plist files. Check out F-Secure’s page if you’re concerned, but you only need to worry if you recently installed Flash Player from a download that you didn’t get from Adobe’s website.

Researcher Cracks Lion

No system is fool-proof….period and thought your Mac was secure running Apple’s latest operating system? Think again. Turns out that in some respects Lion is actually less secure than previous version of Mac OS X, due to some permission-tweaking by Apple that has opened up a way for an attacker to crack your password on your Lion box. The flaw was discovered by an Australian researcher who has previously published a guide to cracking Mac OS X passwords. Sounds like Apple had better get a patch out for this. Once someone has physical access your toast.

An Australian security expert respected for his work testing the defences of Apple software has published a method which appears to allow an attacker to break through the password defences of Cupertino’s latest Max OS X Lion operating system.

According to his LinkedIn profile, Patrick Dunstan is currently an information security specialist at the University of Adelaide, although he also works as a guest lecturer at the University of South Australia. Dunstan had previously attracted attention in late 2009 with a blog post explaining how a user who had already gained access to a Mac OS X system could extract a user’s password on that system.

In a new blog post this week — first reported by Secure Computing Magazine last week — Dunstan published an update to his technique. However, this time around he discovered a startling new fact with respect to Lion’s security protection — according to the researcher it leaves a crucial step out which could allow remote access to user passwords on the system.

In previous versions of Mac OS X, in order to access a users’ password, an attacker would need to break into what is referred to in Unix-based operating systems (such as Mac OS X) as a ‘shadow’ file — a file which stores critical data but can only be accessed by users with a high privilege — such as root access.

“So for all modern OS X platforms (Tiger, Leopard, Snow Leopard and Lion) each user has their own shadow file (hash database) whose data is accessible only by the root user … or at least it should be,” wrote Dunstan in his post. “It appears in the redesign of OS X Lion’s authentication scheme a critical step has been overlooked. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data.”

This means, according to the researcher, that it might be possible for an attacker to crack a users’ Lion password by attacking their system through a Java app hosted online. The attack vector would still require the owner of the computer running Mac OS X to allow the Java app to run — but it is possible.

Dunstan noted that due, no doubt, to Lion’s relatively short time being available for use, he could not find any major cracking software supporting the ability to crack encrypted passwords in the operating system — but he has published a simple script which allows users to do so. It is not yet clear whether Apple is aware of the issue, but a temporary workaround allows users to secure their system through setting different permissions on a certain file.

The news comes as Mac OS X continues to be subject to fewer security attacks than Microsoft Windows. Security researchers have stated in the past that there could be a number of reasons for the appearance of heightened security on the Apple platform, ranging from its Unix basis, which allows a high degree of fine-grained permissions to be used on files and applications, to the relative dominance of Windows in the desktop PC market.

However, researchers have also speculated that attacks on Mac OS X will increase in future, along with the platform’s growing popularity and use on mobile devices such as iPhone and iPads.

As this attack would likely require a user to allow an application to run on their system before it could succeed, I would regard it as less dangerous than many other security headaches out there, which would require no support from a user. However, what Dunstan’s blog post demonstrates is that Mac OS X is not inherently safe from security problems. They do exist on the Mac; and I’m sure we’ll see more of them as time goes on; especially aimed at devices such as iPads.

The issues described in this post have now been resolved by Apple. Users running OS X Lion 10.7.2 or security update 2011-006 are no longer affected by the vulnerabilities detailed below (CVE-2011-3435 and CVE-2011-3436). For further details on this security update please see Apple’s advisory.

For further information: http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html

Adobe Flash Update

Adobe has issued a critical software update for its Flash Player software that fixes at least a dozen security vulnerabilities in the widely-used program. Updates are available for Windows, Mac, Linux,  Solaris and Android versions of Flash and Adobe Air.

The update fixes flaws present in Flash Player versions 11.0.1.152 and earlier for Windows, Mac, Linux and Solaris systems, and in Flash11.0.1.153 and earlier for Android. The vulnerabilities are rated critical, meaning they could give hacked or malicious Web sites an easy way to install software on your machine.

Adobe’s advisory says users of Flash version 11.0.1.152 and earlier should update to v. 11.1.102.55; those using Flash v. 11.0.1.153 and earlier versions for Android should update to Flash Player 11.1.102.59. Users of AIR 3.0 for Windows, Macintosh, and Android should update to AIR  v. 3.1.0.4880. The company says it is not aware of any active attacks against these flaws at this time.

To find out if you have Flash and which version may be installed, visit the About Flash page. Windows users who browse the Web with Internet Explorer and another browser may need to apply the Flash update twice, once using IE and again with the other browser (Google Chrome users should already have the latest version of Flash). Again, check the About Flash page with each browser you use to see whether you need to apply this update. To avoid using Adobe’s Download Manager, which tends to add little “extras” if you’re not careful, IE users can grab the latest update directly from these links; 32-bit IE installer, and 64-bit IE installer. Firefox and Opera users can grab the 32-bit installer here and the 64-bit version here. If you don’t know which one you need, you let Adobe’s site choose for you (although the download manager may try to foist other software unless you uncheck pre-checked options).

The installer for the latest Adobe Air version is available from this link.

Some Flash components also are bundled with Adobe Reader, so I asked Adobe whether current versions of Reader also were exposed to these vulnerabilities. Adobe spokeswoman Wiebke Lips confirmed that some of the issues fixed in today’s Flash Player update do impact the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.x) and 9.x for Windows and Mac. Lips said Adobe feels comfortable that its sandboxing technology built into the latest versions of Reader will protect users until January, when the company expects to issue the next quarterly update for Reader.

“These issues will be resolved in the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012,” Lips wrote. “Note that the Authplay.dll component is part of the ‘sandbox’ for users of Adobe Reader X (Protected Mode) and Acrobat X (Protected View), which would protect against potential exploits.”

Internet Safety: 7 tips

Don’t use a single, easy-to-remember password for everything you sign up for. It’s tempting because you’re always being asked to create another user name and password at one site or another.

“When criminals are able to get your password from one site that they’ve hacked into, they then take it and try to use it on other common services to see if they can get more access to your personal information,” said Chester Wisniewski, a security expert at security firm Sophos Ltd. “So they’ll go to Facebook and use the same password you used on [the site they hacked into] and they’ll go to your Gmail account.”

If it sounds too good to be true, it probably is. “We see all these survey scams on the Internet all the time where you’re asked to fill in all this personal and private information and enter to win an iPad,” Wisniewski said.

The problem is most of them are frauds and scams. “No one is getting an iPad,” Wisniewski said.

Instead of entering a sweepstakes, what you’re really doing is handing your information over to criminals who might sell it off to someone else or use it to commit identity theft.

Be cautious about sharing information, even if it seems harmless. Don’t give out information such as your birth date on social media or other sites that ask for it.

“Unfortunately, the way we work in the real world, these things may be used to identify you,” Wisniewski said.

Instead of giving away your identity, make another one up.

Keep your anti-virus software up to date. Anti-virus software comes pre-installed on most computers. But after the initial free trial period is over, either shell out for a subscription or install free anti-virus software. You’ll need it.

“It’s not a bulletproof answer because things still get by anti-virus software,” Wisniewski said. “But keeping it up to date improves your safety dramatically. And there are great free solutions out there — namely Linux.

Keep all regular software up to date to ensure it’s secure. If you do, you’ll lessen the chances of experiencing a security breach.

Trojan horses, viruses and other forms of malware evolve every day. When a bug or hole that could harm your computer or let in the bad guys is found in a piece of software, the software company will usually release an update. It’s very important that you run these updates to minimize the opportunities for criminals to steal or misuse your information.

“For example, if you get that little balloon in the tray in Windows, that says ‘Hey, there’s an Adobe update available,’ click ‘yes,’” Wisniewski said.

Keep your browser up to date. If you’re using an outdated browser, you’re also running the risk of being scammed or having your identity stolen. Up-to-date browsers have much better protection against cyberattacks than older versions.

Enable a firewall and configure it properly. A firewall is a system designed to prevent unauthorized access to your computer. Most current operating systems, such as updated versions of Windows XP, Vista and 7, as well as Mac OS X 10.4 and later, have one built in. Otherwise, you can get a inexpensive software firewall from your local computer store, software vendors or your Internet service provider.

“Turning the firewall on makes a big difference,” Wisniewski said, “because if something were to escape your anti-virus [software] and try to communicate with the Internet to send all your banking information, your firewall will stop that if it’s enabled and configured properly.”

Windows XP – 10 years

Ten years ago this, Microsoft released Windows XP, which became one of its most popular flavors of the Windows operating system — largely because what came after it, Windows Vista, was so terrible and a complete failure. Windows 7, and all its glory was so great it took two years to surpass XP.

This month marks the first time that Microsoft Windows XP has dipped below 50 percent market share among personal desktops and laptops worldwide, after having peaked at about 75 percent in 2007, according to NetApplications.com and Statcounter.com

The 10-year-old operating system is notorious for its security holes. It’s got much less protection against viruses, Trojans and other malware than do its successors Windows Vista and Windows 7, and even the National Security Agency itself advised against XP’s continued use in a document released earlier this year. Yet it maintains a strong presence worldwide, especially in China and Russia, and that huge installation base makes it easier for malware writers to spread their wares.

Savvy users might blame XP’s enduring popularity on the naivete of less knowledgeable consumers, but the real culprit might be Microsoft’s own naivete when it comes to how consumers make their decisions.

“Users in general are averse to taking time out of their schedules to come up to speed on the newest features which, at the end of the day, they don’t view as significantly improving their productivity,” said Tom Halleran, a service delivery executive at a global IT services provider.

Microsoft is slowly but surely abandoning XP. Mainstream support was officially retired in 2009, and the software giant will discontinue all support — likely including security patches — for XP by 2014. The company’s motivation is clear: Compared to streamlined modern operating systems such as Linux, XP has become an embarrassment. I have a XP counter at the bottom right sidebar of my website, don’t wait to act and to make a decision on what operating system to migrate too.

Aside from perpetuating security holes that were never fully addressed, XP makes other operating systems more attractive to consumers looking to trade up. Comparison shopping between Windows 7 and Apple’s Mac OS X is a more or less level playing field; comparison shopping between XP and OS X is no contest.

So why are XP users reluctant to upgrade? There are four main reasons.

Price is an obvious factor, and not just because Windows 7 starts at $200. Mainstream consumers tend not to upgrade their operating systems until they buy new machines. Microsoft expects its customers to respond to upgrade deals, yet ignores the fact that the cost of the hardware itself — a new desktop or notebook — is the real stumbling block from a financial perspective.

Then there’s another concern: compatibility. Corporations may have to buy new machines for entire departments to keep up with operating-system requirements. Home users often prefer to have all their machines running the same operating system — the unpredictable network mismatches that can arise are often too difficult or time-consuming to troubleshoot — and at $200 per Windows 7 license, it may be easier to stick with XP across the board.

Home and corporate users also don’t like the learning curve of adapting to a new system. XP users are used to their work flows; they know where to find what they need, and they like it that way.

Microsoft is mistaken in thinking that every new version of its flagship OS must be a substantial change from the last. Windows users have set tasks to accomplish when they boot up, and taking time out to re-learn how to accomplish those tasks is not what they signed up for. The waste of hours (and, potentially, corporate resources) is a strong deterrent to upgrading.

Some advanced users might consider the above three reasons for resistance to be limited to the less computer literate, but many coders and developers find a fourth reason to avoid updating: preference.

“Tech-savvy users who understand the security benefits of upgrading are often unhappy with what they see as an increasing lack of control over their system,” Halleran said.

With both Vista and Windows 7, Microsoft has been pushing toward a sleeker, more user-friendly, but less user-controlled model. It’s no coincidence that these developments have been compared to Apple’s standard look and functionality. A quick Google search for the phrase “more and more like Mac” turns up nearly half a million results, and even a cursory glance at the text excerpts suggests that this isn’t what a lot of Windows users want.

If it’s attempting to win over Mac users, Microsoft has failed on two counts: Mac users exhibit tremendous brand loyalty, and PC power users tend to stick with Windows precisely because it isn’t Mac. If anything, this race toward a shiny OS singularity only encourages power users to adopt alternative operating systems such as Linux; and indeed, as XP’s market share has dwindled, Linux has gained ground.

In mimicking the Mac model, Microsoft is alienating its hardcore demographic. Despite quirky ad spots to the contrary, the choice of “Mac or PC” these days is usually based on mere preference, not technical factors.

At the same time, Microsoft’s unrealistic assessment of consumers’ willingness to upgrade to unfamiliar systems at high prices means that the world will likely be saddled with XP for years after support is completely abandoned.

Facing the glaring security problems of an XP-infested future, Microsoft might need to rethink both its OS development and its business strategy. The company can sweep XP under the rug, but it won’t be easy to smooth out the big lump that remains.

While many of us may be looking to migrate from Windows 7 to Windows 8 when it becomes available (I’m not, I have no need for either) — no date is set, but it could be late next summer — there are still plenty of folks using XP for many of reasons. However, with the economy as it is and getting tighter, now is the time to look at a decent operating system, such as Linux Mint. The benefits are enormous and you are missing out! There is no reason to go out and buy a new computer, just because Windows XP is expiring or even upgrade. Windows 7 has no feature benefits worth spending the money on; the only difference maybe you get Internet Explorer 9, but who needs that when you have Firefox and Chrome, which are are supported with extensions.

The advantages of Linux are five fold:

• Cost – The most obvious advantage of using Linux is the fact that it is free to obtain, while Microsoft products are available for a hefty and sometimes recurring fee. Microsoft licenses typically are only allowed to be installed on a single computer, whereas a Linux distribution can be installed on any number of computers, without paying a single dime.
• Security – In line with the costs, the security aspect of Linux is much stronger than that of Windows. Why should you have to spend extra money for virus protection software? The Linux operating system has been around since the early nineties and has managed to stay secure in the realm of widespread viruses, spyware and adware for all these years. Sure, the argument of the Linux desktop not being as widely used is a factor as to why there are no viruses. My rebuttle is that the Linux operating system is open source and if there were a widespread Linux virus released today, there would be hundreds of patches released tomorrow, either by ordinary people that use the operating system or by the distribution maintainers. We wouldn’t need to wait for a patch from a single company like we do with Windows.
• Choice (Freedom) – The power of choice is a great Linux advantage. With Linux, you have the power to control just about every aspect of the operating system. Two major features you have control of are your desktops look and feel by way of numerous Window Managers, and the kernel. In Windows, your either stuck using the boring default desktop theme, or risking corruption or failure by installing a third-party shell.
• Software - There are so many software choices when it comes to doing any specific task. Sometimes its a simple modification or feature enhancement of a already existing piece of software, sometimes its a brand new application. In addition, software on Linux tends to be packed with more features and greater usability than software on Windows. Best of all, the vast majority of Linux software is free and open source. Not only are you getting the software for no charge, but you have the option to modify the source code and add more features if you understand the programming language. What more could you ask for?
• Hardware - Linux is perfect for those old computers with barely any processing power or memory you have sitting in your garage or basement collecting dust. Install Linux and use it as a firewall, a file server, or a backup server. There are endless possibilities. Old 386 or 486computers with barely any RAM run Linux without any issue. Good luck running Windows on these machines and actually finding a use for them.

Either way you look at it, you will be forced to relearn Windows 7 when you leave XP, then yet again when you leave for Windows 8. Look at the advantages Linux can offer you and make the decision to try something new for once. You will have to eventually as Windows is totally change the user interface and killing off the start menu. http://jet-computing.com/microsoft-kills-start-menu/

Mac Flashback Trojan

The security by obscurity myth is finally blown out of the water…Mac’s are pretty much mainstream these days and it yet again proves my points about Mac virus resistance, it may be virus resistant, but unless you upgrade the users, no platform is Trojan proof.

Apple has updated the malware protection built into its Mac operating system to flag a recently discovered trojan that hijacks users’ machines by masquerading as a benign document. Malware disguised as an Adobe Flash installer, meanwhile, remained unchecked.

The file quarantine, which Apple snuck into a prerelease version of Snow Leopard in 2009, was updated to include a definition for Trojan-Dropper: OSX/Revir.A, which antivirus provider F-Secure disclosed on Friday. According to an update on F-Secure’s blog, the malware disguises itself as a PDF file in an attempt to trick users into clicking on it.

“The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background,” stated the F-Secure analysis, which was posted Monday. “As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet.”

By Tuesday morning, Apple had added a definition for Revir.A into the file quarantine feature, our review of a Mac running OS X Lion, aka 10.7, has shown. By our count, it’s the 10th definition to be included, although two of them cover malware with the identical label of “OSX.HellRTS.” The definitions are stored in a file called XProtect.plist tucked away in the /System/Library/CoreTypes.bundle/Contents/Resources/ folder.

Apple engineers pushed out the update around the same time that a new trojan was discovered menacing Mac users. According to Mac antivirus provider Intego, the Flashback trojan is built on a sophisticated code base that installs a backdoor on infected machines, and covers its tracks by using encryption when communicating with remote servers.

“The backdoor is able to download further software, but, for now, we are not seeing this activity,” Intego’s analysis stated. “It is also able to update itself, and creates an Sha1 hash of the malware to see if it has changed. If the Sha1 of the software version on the server is different from that installed, this means that an update is necessary.”

With the explosive growth of Macs, iPhones, and iPads, malware purveyors have finally begun targeting Apple products after years of almost exclusive focus on Microsoft users. Earlier this year, an outbreak of fraudulent Mac antivirus products ignited a huge spike in support calls from frantic Mac users who had been tricked into installing a piece of malware called MacDefender. Apple eventually added definitions for it to its file quarantine, as well.

I think the difference between Microsoft and Apple here is that Microsoft weren’t the ones to create a condescending “I’m a PC” commercial insinuating that their operating system was virus free…With the amount of braindead Apple fans who claim that Apple Virus / Malware is an oxymoron, that 30 second spot could turn out to be some of history’s most damaging tech-related FUD.

Early I wrote that actually most targeted vulnerabilities are in Flash, PDF or Java these days via Internet Explorer (IE) and once you take IE out of the equation, Windows does quite well, especially given the rich rewards and vast selection of low-hanging fruit users can offer.