Saturday, March 03, 2007

A Security Minded Linkfest

Some things you might want to make a note of...

Wordpress version 2.1.1 Compromised

Wordpress 2.1.1 Dangerous, Upgrade - If any of you out there are using Wordpress to host/manage your blog off your server, AND if you have recently upgraded to version not pass "Go", do not collect $200. Go immediately and upgrade to version 2.1.2 right now. I'll wait.

Done? Good!

Seems someone gained user-level access to a server used by and modified the version file. Impact? According to Wordpress, the scoundrel "...modified two files in WP to include code that would allow for remote PHP execution." Since you may or may not have downloaded v2.1.1 before the attack, be safe and move on up to v2.1.2.

Wordpress has locked down the server for forensics, and reset some user passwords for those with certain types of access. And they are making some changes to monitor the integrity of their download version code.

Is your pc/laptop a Wi-Fi Tattle?

With cities such as Houston gearing up for Wi-Fi access...many users are getting excited.

Wi-Fi can be a great convenience...and with the right precautions, can be pretty secure.

However, a c|net News article reminds us that Your Wi-Fi can tell people a lot about you (surprise!).

There are a number of tools that let um, "security-minded", folks "sniff" the Wi-Fi waves and the traffic they contain. The article also mentions a new one from Errata called Ferret (currently at a proof-of-concept release level).

If the data is not properly encoded or funneled through a Virtual Private Network (VPN) pipe, then there are lots of goodies that can be captured; site address during browsing sessions, unencrypted passwords, account names. Windows PCs may even spit out a list of wireless networks it has connected to in the past...unless the list contents have been manually removed by the user (patch available). That could tell someone the location of physical places you frequent.

These Security Now! discussions provide good background reading on the subject of Wi-Fi security:

Episode #11 - Bad WiFi Security (WEP and MAC address filtering)

Episode #13 - Unbreakable WiFi Security

ISP leaves a Backdoor to Router/Modem open

Accidental backdoor by ISP - Securiteam blogs

So a Securiteam blogger Sid finds a (British) ISP he has been happy with.

Then a bored friend of said blogger decides to run an nmap session against his friends IP address. And finds a listening port, and (kindly) tells his friend of it.

Dude is surprised since he didn't know about that capability...logs in (using unchanged credentials) with a telnet connection. Yep. It's there. So he locks the password down via his web-access interface.

Then he telnets back into the router and pokes around. Finds four other accounts on the box. Cleverly finds the configuration file which contains the accounts and their unencrypted passwords. Yikes!

Dude cleans house.

Now he is curious. Nmaps to find list of other ISP users likely running same router. Snagged.

Ftps to those IP's and grabs the configuration .ini file. Oh no.

Another dude does the same thing, grander-scale, and reports finding 14716 "potentially" vulnerable routers provided by said ISP.

Dude contacts ISP...cleans up his post to remove IP's and passwords he posted (good idea).

Dude posts script to patch boxes for those now freaked out.

ISP's response (off line) seemed positive. No public news yet.

Suggestion? Try Nmap Online from Matousec - Transparent security for a check of your primary broadband router/cable box.

Mine came back clean

And don't forget the always fun - ShieldsUP port-test by GRC (Gibson Research Corporation).

It is a good and easy way to see how effective your INBOUND firewall protection is working.

Thunderbird Released

Mozilla has just released version of Thunderbird to the public.

Mozilla Thunderbird Release Notes

I've since moved all of our home email clients to Thunderbird 2.0 Beta 2. I'm quite happy with its performance and have had no problems or crashes at all.

How do the Major Anti-Virus Software Compare?

The ever valuable has just released their February 2007 "on-demand" results.

Go check out their work.

Be Safe.


No comments: