Gladiator Research and Security

Microsoft has released four patches resolving two Critical and two Important vulnerabilities in various Microsoft products.

Recently, researchers have discovered millions of PC’s that have been infected with the Conficker worm, also commonly known as Downup and Downadup.  Conficker is a rather nasty worm that can quickly spread itself around networks once entering in a few possible ways.  The majority of systems are first compromised via a vulnerability in Microsoft’s Server service.  This vulnerability, described in MS08-67, could allow remote code execution through specially crafted NETBIOS traffic.  The worm has also been found on compromised web servers and can be installed when users try to view web pages served by the compromised server.

Security researchers have found yet another new technique phishers are using to collect user information.  The new method is called “in-session phishing” and involves creating a pop-up requesting the user to re-enter username and password information for an already open banking session.  First, the site hosting the malicious code will try to detect whether the user has an open banking session.  The malicious site then will create a pop-up that indicates that the banking session has expired and the user credentials must be entered again.  Information then typed into the malicious pop-up will be recorded by the phishers.  Researchers also have stated that the pop-up may be cleverly masked and also can come in the form of customer satisfaction surveys or advertisements.  Since the site is not technically injecting code or files onto the user’s machine, this type of attack will be harder to detect than normal trojans or viruses.

Microsoft has announced a patch for a critical vulnerability affecting several versions of Windows for both servers and workstations. The vulnerability could allow a remote attacker to access a system with full privileges.

There’s a buzz on the Internet about a new attack against SSL certificates used to secure website communications.  Researchers have been able to create new certificates for existing websites that appear legitimate to web browsers.  That means if a user is browsing a fake website using HTTPS, his web browser will accept the certificate as valid.  There will be no warning messages or approval dialog boxes.  This could be detrimental to the Internet’s secure communications model, but how bad is it, really?

There has been more information released about the Internet Explorer (IE) 0-day vulnerability.  Microsoft has stated now that the vulnerability affects more versions of IE than previously thought.  Vulnerable versions include IE 7, IE 8 (beta), IE 6 (non-SP2) and IE 5.  Gladiator recommends that users switch to a different browser for the time being.  Using Internet Explorer for banking applications that are not compatible with other browsers is fine, but do not use IE to browse the Internet.

If you have been reading the news or surfing any IT based websites, you may have heard of “cloud computing,” a new buzz word going around.  Cloud computing is a new style of providing IT or business applications and services via the Web or Internet “cloud.”  One very popular form of cloud computing is Google Apps.  With Google Apps, Google is able to provide many publishing applications, similar to Microsoft’s Desktop Suite (Word, Excel, PowerPoint), over the Web.  Users can log in via an Internet browser and access the applications that are actually running on servers hosted by Google.