HoneyPoint Security Server Creates Proactive Protection

Posted on May 19, 2008 by Brent Huston

Columbus, Ohio; May 19, 2008 – MicroSolved, Inc. is pleased to announce the general availability of HoneyPoint™ Security Server version 2.50.

This latest release of their best-of-breed corporate honeypot product expands its capabilities to include new types of bleeding-edge protection in the form of HornetPoints and HoneyPoint Trojans. HornetPoints introduce a pioneering and patent-pending approach called “defensive fuzzing” that identifies and stops attacker activity in its earliest stage of reconnaissance, in some cases, literally eliminating bot-net and zero-day attacks before they have a chance to begin and propagate. HoneyPoint Trojans, modeled after the counter-intelligence efforts of nation states, enables organizations to create pockets of “dis-information” that, once touched, create a forensic tracking capability that follows it’s movement inside the network or out. Imagine the ability to literally turn the tables on attackers as you follow how this data is spread and used as it moves around the world.

“The addition of HornetPoints to the product really takes things to a new level. For the first time, organizations can proactively create protection that is robust, effective and capable of automatically defending them against many forms of attack.”, declared Brent Huston, CEO of MicroSolved. “Add the HoneyPoint Trojans to that mix and you finally have organizations that are capable of removing the layers of confidentiality, integrity and availability from attackers. Used properly and creatively, the product lends itself well to the creation of a corporate counter intelligence program.”, Huston added.

“Any organization that wants to improve their traditional security approach from a “defense-only” posture to a new and pro-active mode of protection, simply must have a look at HoneyPoint. I don’t care how many layers of defense you have… it’s time to play some offense.”, said Allan Bergen, Business Development Director of MicroSolved.

For details on obtaining the 2.50 upgrades and/or to discuss the product or its new features, please contact a MicroSolved account executive. For more information, please visit www.microsolved.com/honeypoint

About MicroSolved, Inc.

MicroSolved, Inc. was founded in 1992, making it one of the most experienced information security services companies in the world. Providing risk assessment, ethical hacking, penetration testing and security intelligence to organizations of all sizes has been their passion for more than a decade. Today, they secure businesses on a global scale and still provide expertise close to home. From governments to the Fortune 500 and from small business to your business, they are the security experts you can trust.

Press Contacts

Brent Huston
CEO & Security Evangelist
(614) 351-1237 x201
Info@microsolved.com

Allan Bergen
Business Development Director
(614) 351-1237 x 250
Info@microsolved.com

Code Execution Exploit for Internet Explorer 7.0/8.0b

Posted on May 16, 2008 by wstoner

Internet Explorer has been found to be vulnerable to a cross-zone scripting when a user prints an HTML page and the browser is using its “Print Table of Links” options. The vulnerability exists because printing takes place in the local zone not the Internet zone. Any links within the page are not validated allowing for malicious code to be injected and run. The solution is simply to print without the “Print Table of Links” option. The original advisory can be read at: http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx

Fear Renewed: The Cisco Router Rootkit

Posted on May 15, 2008 by Brent Huston

The media is all abuzz about a possible Cisco router rootkit that may be part of a presentation at a near future security conference.

While various issues with Cisco gear have emerged over the years and there has been at least one really public overreaction on the part of Cisco to vulnerability disclosure talks, there is probably little to really get spun up about here for the average corporate manager or infosec person.

The big news is that hostile, difficult to detect code could be introduced to routers at any point in their lifespan if an attacker has access to introduce images onto the router. This is a common problem with almost every type of device. There have been a number of trojan horse loads for everything from home firewalls to other forms of network gear for a number of years. Sure, the Cisco router is almost ubiquitous, and sure, it powers a lot of the Internet at large, but I think we pretty much always assumed that attackers with physical access and opportunity could introduce bad things to a device if they gained opportunity.

So before you give in to the hype or fear mongering, consider how this is different than any other form of software/firmware or the like. Likely, you already have a process in place for blowing new firmware onto all devices you purchase before putting them into use (right???). If not, it might be time to think about writing one…

Debian SSH/SSL Predictable Keys

Posted on May 15, 2008 by Adam Hostetler

A serious issue was discovered this week in the OpenSSL packages distributed with Debian based distributions over the last year and a half. The issue revolves around a small piece of code that was removed, it turned out that removing this bit of code crippled the pseudo random number generator used when creating keys. The vulnerable code has been using only the process id of the service as the seed, which leaves a very small number of seeds that can be used (32,768 to be exact).

All SSL and SSH keys generated affected systems since September 2006 could be affected. All generated certificates will be need to recreated and resigned by the CA. This includes web site certificates as well as OpenVPN certificates. If your CA was created on an affected system, it will also need to be recreated, and the old one revoked. As for SSH, any systems using key authentication need to be audited. If the keys were generated on these affected systems, they should be updated and regenerated ASAP.

Debian and Ubuntu have released updated packages, as well as a tool for checking your keys. Upon installing the packages, it is possible to recreate the keys during the update. These updates should be installed immediately, and keys regenerated after installing the updates.

April Virtual Event MP3 Available – Selling Security to Upper Management

Posted on May 15, 2008 by Brent Huston

We are pleased to announce the availability of the MP3 from last month’s virtual event that covered the selling of security to upper management.

We got great feedback on the event and plan to continue our monthly virtual presentations. If there are topics you would like to see us cover or want us to dig into, please drop us a line or comment.

The slides for this presentation are available here.

The MP3 is available here.

Thanks again for spending time with us. We really love working with each and every one of you!

MS Word CSS Exploit

Posted on May 14, 2008 by Nathan Grandbois

A vulnerability in Microsoft Word could allow attackers the ability to execute arbitrary code. Cascading Style Sheets (CSS) are documents that allow the definition of various styles within a word document. A vulnerability in the processing of CSS results in memory corruption, which could be exploited by malicious attackers. Users would have to open an infected document on their local system to trigger the exploit.

Microsoft Patches Released for May

Posted on May 13, 2008 by Brent Huston

Microsoft posted their patches for May today. Looks like 3 critical patches, all of which allow remote code execution. A denial of service patch is also included as a moderate.

Given the interest lately in patch-based vulnerability generation, if exploits don’t already exist in the wild, they are likely very quickly.

Organizations should immediately begin testing the patches against their normal QA process and get them applied as quickly as possible.

Mass Injection Attacks

Posted on May 12, 2008 by wstoner

Reports of a mass file injection attack were seen over the weekend. Upwards of 400,000 sites seem to have been affected so far by URLs that download a file that seems to be related to the Zlob trojan. Most of these sites seem to be running phpBB forum software. If you have the capability you may want to examine egress logs and/or blacklist the two URLs that are currently known to be distributors. Those URLs are:

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

New Thunderbird Version, Rdesktop Vuln

Posted on May 9, 2008 by Adam Hostetler

A new version of the Mozilla Thunderbird Client was released today. The new version fixes a security issue that could allow JavaScript to escalate privileges and execute arbitrary code. It also fixes a crashing issue. If you use Thunderbird as your mail client it should be updated as soon as possible due to the mitigation of a security flaw.

MSI Announces May Virtual Event – Corporate Counterintelligence

Posted on May 9, 2008 by Brent Huston

Corporate Counter Intelligence: Ancient Strategy,Bleeding-Edge Protection

Abstract:

The message is very clear. What we have been doing to secure information has not been working. Attackers are on the rise, the number of successful compromises is higher than before and all of the legislation and regulations just make things more complicated. Attackers continue to grow in number capability and sophistication.

The principles of corporate counterintelligence are rooted in the history of warfare. This presentation will explain how organizations can improve, simplify and increase the effectiveness of their information security programs. Using ancient principles and techniques based on the art of counter intelligence information security teams can become more strategic, focused their resources where they will achieve the highest return and reduce the risk that their organizations face.

MSI security visionary, Brent Huston, will explain how these techniques can be applied to your business and introduce specific strageties and tactics that you can deploy today. Explanations of how these evolutions in security thought can truly translate into faster, safer and more powerful protection for your organization will be revealed.

For more information, access to the visual and audio content for the presentation, simply email info@microsolved.com.

The virtual event will be conducted Tuesday, May 20, 2008 at 4pm Eastern.

MSI :: State of Security

Insight from the Information Security Experts