Quicktime and Opera Multiple Vulnerabilities

Multiple vulnerabilities have been announced for Apple Quicktime. I counted 11 different vulnerabilities in the advisory, ranging in criticality from disclosure of personal information to buffer overflows. Apple has released an update, version 7.4.5, that fixes these vulnerabilities.

Opera versions prior to 9.27 are vulnerable to multiple issues. These vulnerabilities could allow for the execution of code on the local host. Users should update to version 9.27.

Patent Wierdness and the Security Market

CrowdedMarket.jpeg

So I was doing some patent research today and I have to say that some of the patents out there for information security are pretty weird.

I found patent applications for wireless access points that turn on radio jammers in response to attacks (thus blocking even legitimate users), ethernet cables that can be colored with special markers depending on the security of the system they are attached to, a physical key-based device that controls an ethernet air-gap and even a patent application that was denied for patenting the word “security”.

I had no idea that so many things had been patented, or attempted to be patented. Maybe I am not a “patent insider” – but a lot this sounds like junk, bad infomercials and “seen on TV” security products.

I think I should find a VC and maybe patent the special “security gnomes” that some software vendors believe protect their software from well-known exploits. Or the “magic security dust” that some managers believe allows them keep their data protected without investing in any real security staff or initiatives. If those don’t work, maybe I will patent some sort of “cyber-ninja” that seeks out and destroys cross-site scripting vulnerabilities and SQL injections. Why not? It might be as effective a control as colored ethernet cables…

For a couple of years now, Allan and I have been talking about just how noisy the information security market has become. Even after a large consolidation phase, there are still a bunch of vendors, some selling solutions and some selling snake oil. The average IT manager is probably getting 10+ calls a day from vendors selling them everything from firewalls to NAC and from AV software to USB blockers. No wonder average security consumers are having so much trouble knowing the real from the hype!

I didn’t start this blog post to be a rant or anything, but the oddity of the patent searches really left me in awe. The security space is crowded, noisy and a lot like a downtown Delhi market. There are exotic spices, rarities and a number of arcane items everywhere you look. Hopefully, there are also some honest to goodness, back to basics solutions mixed in too. Your mission, should you accept it, is to sort them out…

HP OpenView NNM 0day, lightthpd DoS

An exploit has been published for HP OpenView Network Node Manager (NNM). This exploit is preauthentication and can be exploited remotely. From what I’ve read it looks to be exploited over the HTTP port of OpenView and is exploiting the OVAS.exe service. No references to updates or fixes were found. Users should restrict network access to machines running this software.

There’s a vulnerability in lightttpd that can be exploited to cause a denial of service. The issue exists in the SSL error queue where a single connection could be exploited to deny all other SSL connections. This has been fixed in the SVN repository, available at:

http://trac.lighttpd.net/trac/changeset/2136
http://trac.lighttpd.net/trac/changeset/2139

InstallShield ActiveX Vuln, WP-Download SQL Injection

There’s a SQL injection in a the Wordress Download plugin. Data passed to wp-download.php is not properly sanitized before being processed by SQL. This could result in a SQL injection attack that could lead to the disclosure of usernames and passwords. WordPress admin’s should update to version 1.2.1.

There’s a major vulnerability in and activex control installed by Macrovision InstallShield InstallScript One-Click Install (OCI). The control gets installed via webpages prompting to install software. A large user base is likely affected by this. Basically, when the activex control is initiated it loads several DLL’s that are not sanity checked. These DLL’s could execute arbitrary code when loaded. This vulnerability has been confirmed in version 12.0. The following are the properties associated with the activex:

File: %WINDIR%\Downloaded Program Files\setup.exe

CLSID: 53D40FAA-4E21-459f-AA87-E4D97FC3245A

Macromedia has released a hotfix for this issue, available along with the KB entry for this vulnerability, at http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640