OS X, Java Web Start, Linux kernel and Symantec security appliance fixes

I have selected Symantec's half-yearly computer security summary and a news story about the arrest of the leader of a very successful Brazilian phishing scam ring. The latter is close to my heart, as although there is little evidence of their success where I see them, heaps of spam directing to South American 'banking Trojans' has passed my way of late...

This issue's topics:

Introduction:

* OS X, Java Web Start, Linux kernel & Symantec security appliance fixes

Virus News:

* Spam, phishing still rising, botnets falling?

* Brazilian authorities arrest phisher king

Security News:

* Multiple OS X security updates

* Privilege elevation in Java Web Start fixed

* Several Linux kernel flaws patched

* Fix for Symantec security appliance DNS cache poisoning available

* Microsoft documents its Security Development Lifecycle process

Introduction:

Nothing specific of note in the virus and malware world worth reporting on this week, so I have selected Symantec's half-yearly computer security summary and a news story about the arrest of the leader of a very successful Brazilian phishing scam ring. The latter is close to my heart, as although there is little evidence of their success where I see them, heaps of spam directing to South American 'banking Trojans' has passed my way of late.

On the security front, important to critical Mac OS X, Java Web Start, Linux kernel and Symantec security appliance updates have been released, and we include a link to a paper describing Microsoft's new in-house procedures for ensuring newly developed code meets its heightened security concerns.

Virus News:

* Spam, phishing still rising, botnets falling?

The latest six-monthly Symantec Internet Security Threat Report has been released, documenting increases in most computer security incidents. However, this issue of the threat report, covering the second half of 2004, says Symantec's network monitoring showed a marked drop in botnet activity, coinciding with the release of SP2 for Windows XP in August.

This claim seems somewhat at odds with the apparent suggestion in the Honeynet Project's article we referred to last week (and have included the link again, below), that the botnet problem was increasing.

Little of the rest of the report is likely to be surprising to regular newsletter readers though, documenting increased spam and phishing and an increased number of newly reported software vulnerabilities over the previous six months.

Regular readers should also not be surprised that the gathering interest of organised crime in the whole scene is also documented, with Symantec's analysts claiming that more than half of all viruses and worms released during the six-months covered by the report included or enabled various aspects of identity, and/or monetary, theft.

Symantec Internet Security Threat Report - symantec.com (registration required)

Know your Enemy: Tracking Botnets - honeynet.org

* Brazilian authorities arrest phisher king

Police in Brazil have arrested the alleged leader of a phishing scam gang. Valdir Paulo de Almeida and his associates have reputedly siphoned up to US$37 million from their victims bank accounts in the last two years while running a phishing scam that involved emailing more than three million spam messages a day with key-logging Trojan horse programs attached.

Almeida's arrest follows 50 other Brazilian arrests with similar charges last year, but the amount Almeida's gang is thought to have stolen is the largest among these arrests.

Brazilian cops net 'phishing kingpin' - theregister.co.uk

Security News:

* Multiple OS X security updates

Several vulnerabilities in OS X, some rated critical and allowing privilege elevation or arbitrary code execution, have been patched in the latest security update released by Apple. Some details of these vulnerabilities, and patch availability are described in the linked security bulletin.

About Security Update 2005-003 - apple.com

* Privilege elevation in Java Web Start fixed

A critical vulnerability in Java Web Start's handling of property tags in JNLP files means that Java applications can assume elevated privileges (including local file system access), effectively sidestepping sandbox restrictions.

Linux, Solaris and Windows versions 1.4.2_06 and earlier of the 1.4.2 release are affected. Java Web Start in J2SE 5.0 and later releases, and in J2SE releases previous to 1.4.2, and earlier releases, are not affected. J2SE 1.4.2_07 has been released to fix this vulnerability. Upgrading to J2SE 5.0 might also be considered and the Sun security alert on this issue (linked below) also lists some client-side (browser) workarounds to mitigate exposure to this vulnerability.

Security Vulnerability With Java Web Start - sun.com

* Several Linux kernel flaws patched

Several moderately critical Linux kernel vulnerabilities have been patched recently, leading most distributors to ship kernel update packages. Perhaps the most interesting are the ISO9660 file system handling flaws announced by Polish security researcher Michal Zalewski, which may be exploitable to run arbitrary code simply through the act of mounting or opening an ISO9660 CD-ROM, or even just listing its directory contents.

Updated kernel packages should be obtained from the usual places.

Archived Bugtraq list message - securityfocus.com

* Fix for Symantec security appliance DNS cache poisoning available

Symantec has released updates to fix a publicised DNS cache poisoning vulnerability in the DNSd component of several of its security gateways products, such as some models of the Symantec Gateway Security, Symantec Enterprise Firewall and Symantec VelociRaptor.

It is believed that exploits of this vulnerability were used to achieve a recent spoofing attack that re-directed network traffic intended for eBay and Google to malicious sites that attempted to install spyware and adware onto the unsuspecting victims' machines.

Symantec security gateway DNS redirection - symantec.com

* Microsoft documents its Security Development Lifecycle process

Microsoft security guru Michael Howard and Steve Lipner, (director of security engineering strategy for the Redmond software giant), have released a paper describing the company's Security Development Lifecycle (SDL) process. SDL is applied to all (new) Microsoft code that may have to face malicious attack (determining what is part of the SDL).

Whether you are, or work for, a software developer and have a hankering to improve the security stance of your own code, or are simply an administrator or user of Microsoft products interested in some of the practical, behind-the-scenes results of the much-hyped "trustworthy computing initiative", this paper should provide some worthwhile reading.

The Trustworthy Computing Security Development Lifecycle - microsoft.com

Join the newsletter!

Error: Please check your email address.

More about AppleApple.eBayGatewayGatewayGoogleJNLPLinuxMicrosoftSDLSymantec

Show Comments
[]