One of the vulnerabilities is located in the tool’s help system and allows users with limited Windows accounts to start an instance of Internet Explorer with administrator privileges by clicking on URLs in help pages. That’s because Lenovo System Update itself runs under a temporary administrator account that the application creates when installed, so any process it spawns will run under the same account.
Source: Lenovo patches serious vulnerabilities in PC system update tool
Paul Stone and Alex Chapman of Context Information Security in the U.K. took a long look at the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL. While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could with some work tamper with the unencrypted communication and inject a malicious homegrown update.
Source: Manipulating Microsoft WSUS to Own Enterprises | Threatpost | The first stop for security news
lshw (Hardware Lister) command gives a comprehensive report about all hardware in your system. This displays detailed information about manufacturer, serial number of the system, motherboard, CPU, RAM, PCI cards, disks, network card etc.,
Source: How To Get Hardware Specs of Your System Using lshw Hardware Lister
If you’ve followed any tech news aggregator in the past week, you’ve probably seen the story about how SourceForge is taking over admin accounts for existing projects and injecting adware in installers for packages like GIMP. For anyone not following the story, SourceForge has a long history of adware laden installers, but they used to be opt-in. It appears that the process is now mandatory for many projects.
Source: Slashdot burying stories about Slashdot Media owned SourceForge
How is it possible that someone, somewhere, thinks that censoring SourceForge’s adware bundling on Slashdot is a net positive for Slashdot Media, the holding company that owns Slashdot and SourceForge? A quick search on either Google or Google News shows that the story has already made it to a number of major tech publications, making the value of suppressing the story nearly zero in the best case.
I find this entire situation incredible. Sourceforge was my go to site for FOSS and I have been using them for as long as I can remember.
Ever since the Linux world has moved to repositories where a simple yum install or apt-get loads up the entire package it has been awhile since I perused Sourceforge. I have a set of FOSS utilities for PCs that I always download from the site that produced the software, not Sourceforge. Many of those sites are listed on the sidebar under Tools.
All this started on Sourceforge a couple of years ago but people seem to be upset that it has recently hit the popular photo editor GIMP for Windows. On Linux it’s just:
sudo yum install gimp
… and that’s all there is to it. No adware, malware, nothing to worry about … so far.
As for FileZilla, the ftp program Sourceforge began making custom installers for a couple years ago, I prefer WinSCP on my Windows boxes nowadays although I have used FileZilla for many many years. Always download from the source site of the software and you shouldn’t have any problems. Sourceforge was the last one standing and now they have gone the route taken by CNET and Download.com many many years ago.
Here’s a Reddit thread posted a year ago about FileZilla and Sourceforge so this story isn’t something new.
That’s really deceptive. Filezilla for example, the big green DOWNLOAD button that is the correct way for downloading a file says the file name. Yet when you click it, you are taken to a page that offers you a different file name.Someone also pointed out that it’s signed by ASK.com and reporting back in with ASK.com for data. I never want ask.com associated with anything I do.
Source: Sourceforge starts using “enhanced” (adware) installers : technology
You can read the paper here.
This paper is the last artifact of my work at Mozilla, since I left employment there at the beginning of April. I believe that Mozilla can make progress in privacy, but leadership needs to recognize that current advertising practices that enable “free” content are in direct conflict with security, privacy, stability, and performance concerns — and that Firefox is first and foremost a user-agent, not an industry-agent.
Source: Monica at Mozilla: Tracking Protection for Firefox at Web 2.0 Security and Privacy 2015
If you want to see what services are being hosted by a particular svchost.exe instance, you can use the tasklist command from the command prompt in order to see the list of services.
tasklist /SVC
The exit node in question was in Russia, and Pitts discovered that the node was actively patching any binaries he downloaded with a piece of malware. He downloaded binaries from a variety of sources, including Microsoft.com, and each of them came loaded with malicious code that opens a port to listen for commands and starts sending HTTP requests to a remote server.
From: The Case of the Modified Binaries
Companies and developers need to make the conscious decision to host binaries via SSL/TLS, whether or not the binaries are signed. All people, but especially those in countries hostile to “Internet freedom,” as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear—and all users should have a way of checking hashes and signatures out of band prior to executing the binary.
BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:
- A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
- The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
- A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
via Turning USB peripherals into BadUSB | Security Research Labs.
EMET, short for the Enhanced Mitigation Experience Toolkit, is a free tool from Microsoft that can help Windows users beef up the security of commonly used applications, whether they are made by a third-party vendor or by Microsoft. EMET allows users to force applications to use one or both of two key security defenses built into Windows Vista and Windows 7 — Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).
Put very simply, DEP is designed to make it harder to exploit security vulnerabilities on Windows, and ASLR makes it more difficult for exploits and malware to find the specific places in a system’s memory that they need to do their dirty work.
via Tools for a Safer PC — Krebs on Security.
By creating a free account at OpenDNS.com, changing the DNS settings on your machine, and registering your Internet address with OpenDNS, the company will block your computer from communicating with known malware and phishing sites. OpenDNS also offers a fairly effective adult content filtering service that can be used to block porn sites on an entire household’s network.
The market is changing. PCs are lasting longer, and people are finding acceptable utility in replacing casual-use, low-end PCs with smartphones and tablets.
Again, it’s about the total compute time across all of society. The PC is just becoming a smaller chunk of a larger whole, the majority of which will be post-PC devices.