Mac Security: Weekly Summary 20060622 &A#JD1Tg!d8

It's another week for Mac users to sit back and relax.

Apple have not reported any new vulnerabilities, there are still no Mac OS X malware 'in the wild', and all the Mac Security FUD mongers have probably chewed their nails to the nub by now out of frustration that their predictions of DOOM have yet to pbutt.

The Windiots here say they don't get viruses
Or so they say, but how do they protect against this when AV wares don't...

And yet, fellow Mac users, this does not mean we should not have security tools at the ready! As ever I recommend all Mac users have installed: 1) An up-to-date copy of ClamAV in some form, 2) Paranoid Android by Unsanity, and 3) Little Snitch by Objective Development. Better safe than sorry. Always have an umbrella for a rainy day. A sbreastch in time saves 9. Tick off a wintroll today by telling them you have security software on your Mac, but you only need to use it to detect and kill Windows malware. ;-D

Time once again for Security Baseball! Here is the score for this week: - Windows related vulnerabilities - 8 - Mac related vulnerabilities - 0 Mac has been shut out again!

I know this next section gets a bit tedious for Mac users but I find it useful to get some perspective regarding the Windows world and the malware with which they have to contend. And afterall, Mac users are increasingly tossing Windows onto their Macintel machines thanks to Intel's VT-x virtualization and Apple's Boot Camp, which means they have to live with Windows malware like any other Windows user. So here is some potentially useful information:

The big Windows related vulnerability this week is in Microsoft Excel for Windows. Check out the Secunia reports linked below for details. Quoting the McAfee Threat Center: "Recently surfaced 0-Day vulnerabilities in Excel continue to be an area of concern due to the unavailability of vendor supplied patches. Caution should be exercised when opening Excel documents or activating links within an Excel document."

More virus education for Maccies
Most viruses aren't a threat because they haven't spread or don't work." "In March 1999, only 100 or so 32-bit Windows virus variants existed. Today, this number has grown to...

Also of concern is a security hole in WinAmp, the venerable shareware audio player for Windows. Be sure to get the latest update which includes a patch.

So what's going on over at the malware websites?

1) The McAfee Threat Center

The threat level this week has dropped to 'Elevated' because no exploits of last week's MS reported vulnerabilities have yet appeared.

Maybe this is what Jobs is banking on
At least on floating point Linpack benchmark anyway... By Nebojsa Novakovic: Friday 19 May 2006, 21:53 A FEW DAYS AGO, a friend told me that the famous Linpack FLOPs benchmark...

Of interest to all computer users: 1. Security Measures 2. Update account information 3. Update your account information. 4. Important Notice from Security Center 5. Please update your Amazon account !

2) Sophos' most recent virus alerts: 1) W32-Rbot-EMH - Windows worm, gives others access to infected computer, installs itself in the Registry, exploits system and software vulnerabilities. AKA 'clickspringinstaHmWhs26R.html'. (Gotta love these malware names!) Prevalence: Low. 2) Troj-Zlob-OX - Windows Trojan, installs into the Registry. AKA ' Trojan-Downloader.Win32.Zlob.uo' and 'Puper'. Prevalence: Low. 3) W32-Bagle-KN - Windows worm, turns off anti-virus apps (!), forges sender's email address, downloads code from the Internet, installs into the registry, leaves non-infected junk files on the computer. Prevalence: Low.

My tip of the week: There is a very good section of the Sophos website worth reading if you are interested in learning more about malware of all sorts:

A fun part of this site is the monthly Top 10 Viruses list. You can dig back as far as 1998 if so inclined. An amazing resource:

Coming up: Watch for my new post regarding why Windows has a dramatically higher number of malware, on a per user basis, than Mac OS X. Featured will be the very scary WebAttacker DIY spyware kit for Windows users. Yes, if you are willing to pay $300 to some scumbag in Russia you can buy this kit and build your own Windows spyware. Is that vicious or what?

And to complete this week's summary is my usual quotation of sections 2-4 of the Sequnia Weekly Summary. You can sign up for the summary at Sequnia's website, where you can also read their detailed reports.

Until next week, Share and Enjoy, :-Derek

-----------------------------------------

Secunia Online Vulnerability Database:

======================================================================== 2) This Week in Brief:

Two vulnerabilities have been discovered in Microsoft Windows and Microsoft Excel, which can be exploited to compromise a vulnerable system.

The first SA20686 has, according to Microsoft, already been used in targeted "Zero-day" attacks against a few companies.

Currently, no patches are available from Microsoft. Please refer to the referenced Secunia advisories below for additional details.

I need an HDDVD burner in my Mac!! 50
Nashton Film at 11. Apple provides a system that works together, not just parts. This involves working on the software support...

A vulnerability has been discovered in WinAmp, which potentially can be exploited by malicious people to compromise a user's system.

An updated version has been released by the vendor that fixes this vulnerability.

Reference:

VIRUS ALERTS:

During the past week Secunia collected 224 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia buttessment scale.

======================================================================== 3) This Weeks Top Ten Most Read Advisories:

1. SA20686 Microsoft Excel Repair Mode Code end Vulnerability 2. SA20748 Microsoft Office Long Link Buffer Overflow Vulnerability 3. SA20153 Microsoft Word Malformed Object Pointer Vulnerability 4. SA20595 Microsoft Internet Explorer Multiple Vulnerabilities 5. SA20576 Adobe Reader Unspecified Vulnerabilities 6. SA2068 plus 19 Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability 7. SA20722 WinAmp MIDI File Handling Buffer Overflow Vulnerability 8. SA15601 Mozilla Mozilla Firefox Frame Injection Vulnerability 9. SA15779 Sendmail Multi-Part MIME Message Handling Denial of Service 10. SA20661 Horde Cross-Site Scripting Vulnerabilities

======================================================================== 4) Vulnerabilities Summary Listing

Windows: SA20748 Microsoft Windows Hyperlink Object Library Buffer Overflow SA20722 WinAmp MIDI File Handling Buffer Overflow Vulnerability SA20721 ASP Stats Generator SQL Injection and Code Injection SA20719 Hitachi Products MDAC RDS.Dataspace ActiveX Vulnerability SA20756 MAILsweeper for SMTP-Exchange Multiple Vulnerabilities SA20752 Maximus SchoolMAX "errormsg" Parameter Cross-Site Scripting SA20743 Hosting Controller Privilege Escalation Vulnerability SA2068 plus 18 SSPwiz Plus "message" Cross-Site Scripting Vulnerability

UNIX-Linux: SA20710 SUSE update for awstats SA20709 Gentoo update for mozilla-thunderbird SA20708 Gentoo update for typespeed SA20766 SUSE Updates for Multiple Packages SA20716 Ubuntu update for kernel SA20715 Trustix update for libtiff SA20712 Ubuntu update for mysql-dfsg SA20703 Linux Kernel "xtsctp" Denial of Service Vulnerability SA2068 plus 14 Mandriva update for sendmail SA2068 plus 13 Mandriva update for libtiff SA2068 plus 10 Gentoo update for pammysql SA2068 plus 12 Mandriva update for spambuttbuttin SA20750 Debian update for horde2 SA20734 CHM Lib "extractchmLib" Directory Traversal Vulnerability SA2068 plus 19 Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability SA20754 dhcdbd DHCP Message Handling Denial of Service SA20702 Mandriva update for kdebase SA20729 NetPBM pamtofits Off-By-One Buffer Overflow Vulnerability SA20711 HP-UX Support Tools Manager Denial of Service Vulnerability

Other: SA20726 FortiMail Sendmail Multi-Part MIME Message Handling Vulnerability SA20720 FortiGate FTP Anti-Virus Scanning Bypbutt Vulnerability

Cross Platform: SA20771 Ralf Image Gallery File Inclusion Vulnerabilities SA20768 plus 1 SmartSiteCMS "root" File Inclusion Vulnerability SA20768 BandSite CMS "rootpath" File Inclusion Vulnerabilities SA20758 Micro CMS "microcmspath" Parameter File Inclusion Vulnerability SA20744 Ad Manager Pro "ipath" Parameter File Inclusion Vulnerability SA20733 easy-CMS Multiple File Extensions Vulnerability SA20731 Eduha Meeting PHP File Upload Vulnerability SA20713 CMS Faethon "mainpath" File Inclusion and Cross-Site Scripting Vulnerabilities SA2068 plus 15 Bitweaver Multiple Vulnerabilities and Weakness SA20772 Invision Power Board Hexadecimal HTML Enbreasties Script Insertion SA20763 IMGallery "galerie.php" SQL Injection Vulnerabilities SA20761 Ultimate Estate Cross-Site Scripting and SQL Injection SA20753 BbreastTracker "torrents.php" SQL Injection Vulnerabilities SA20747 thinkWMS Multiple SQL Injection Vulnerabilities SA20746 Joomla! "Name" SQL Injection Vulnerability SA20745 Mambo "Name" SQL Injection Vulnerability SA20740 phpTRADER SQL Injection Vulnerabilities SA20739 xarancms "id" Parameter SQL Injection Vulnerability SA20738 tplShop "firstrow" Parameter SQL Injection Vulnerability SA20732 IBM WebSphere Application Server Multiple Vulnerabilities SA20730 VUBB SQL Injection and Cross-Site Scripting Vulnerabilities SA20727 e107 Cross-Site Scripting and Script Insertion SA20724 singapore "template" Parameter Local File Inclusion Vulnerability SA20706 Clubpage Cross-Site Scripting and SQL Injection Vulnerabilities SA20705 Free Realty "sort" SQL Injection Vulnerability SA20704 Open-Realty "sorttype" SQL Injection Vulnerability SA20701 VBZooM "QuranID" SQL Injection Vulnerability SA20700 Groupmax Address-Mail Server Denial of Service Vulnerability SA2068 plus 16 Virtual War "war.php" SQL Injection Vulnerabilities SA20767 Atlbuttian JIRA Enterprise Edition Cross-Site Scripting Vulnerability SA20764 myPHP Guestbook Cross-Site Scripting Vulnerabilities SA20742 UltimateGoogle "REQ" Cross-Site Scripting Vulnerability SA20737 Ultimate eShop "subid" Cross-Site Scripting Vulnerability SA20736 Tradingeye Shop "image" Cross-Site Scripting Vulnerability SA20735 Cisco CallManager Web Interface Cross-Site Scripting Vulnerabilities SA20728 Confixx Pro Cross-Site Scripting Vulnerabilities SA20725 buttoCIateD "menu" Cross-Site Scripting Vulnerability SA20718 phpMyDirectory Cross-Site Scripting Vulnerabilities SA2068 plus 17 iPostMX 2005 "RETURNURL" Cross-Site Scripting Vulnerabilities SA2068 plus 11 NC LinkList "index.php" Cross-Site Scripting Vulnerabilities

========================================================================

-- Fortune Magazine, 11-29-05: What's your computer setup today? Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease of use, and I want my computer to be a tool, not a challenge. Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded the movement to modernize computer software engineering in 1975

List | Previous | Next

Maybe this is what Jobs is banking on

Mac OSX Advocacy from Newsgroups

iPod loses again

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Successes \| In the Media \| Newsgroups

		Mac Security: Weekly Summary 20060622 &A#JD1Tg!d8 It's another week for Mac users to sit back and relax. Apple have not reported any new vulnerabilities, there are still no Mac OS X malware 'in the wild', and all the Mac Security FUD mongers have probably chewed their nails to the nub by now out of frustration that their predictions of DOOM have yet to pbutt. The Windiots here say they don't get viruses Or so they say, but how do they protect against this when AV wares don't... And yet, fellow Mac users, this does not mean we should not have security tools at the ready! As ever I recommend all Mac users have installed: 1) An up-to-date copy of ClamAV in some form, 2) Paranoid Android by Unsanity, and 3) Little Snitch by Objective Development. Better safe than sorry. Always have an umbrella for a rainy day. A sbreastch in time saves 9. Tick off a wintroll today by telling them you have security software on your Mac, but you only need to use it to detect and kill Windows malware. ;-D Time once again for Security Baseball! Here is the score for this week: - Windows related vulnerabilities - 8 - Mac related vulnerabilities - 0 Mac has been shut out again! I know this next section gets a bit tedious for Mac users but I find it useful to get some perspective regarding the Windows world and the malware with which they have to contend. And afterall, Mac users are increasingly tossing Windows onto their Macintel machines thanks to Intel's VT-x virtualization and Apple's Boot Camp, which means they have to live with Windows malware like any other Windows user. So here is some potentially useful information: The big Windows related vulnerability this week is in Microsoft Excel for Windows. Check out the Secunia reports linked below for details. Quoting the McAfee Threat Center: "Recently surfaced 0-Day vulnerabilities in Excel continue to be an area of concern due to the unavailability of vendor supplied patches. Caution should be exercised when opening Excel documents or activating links within an Excel document." More virus education for Maccies Most viruses aren't a threat because they haven't spread or don't work." "In March 1999, only 100 or so 32-bit Windows virus variants existed. Today, this number has grown to... Also of concern is a security hole in WinAmp, the venerable shareware audio player for Windows. Be sure to get the latest update which includes a patch. So what's going on over at the malware websites? 1) The McAfee Threat Center The threat level this week has dropped to 'Elevated' because no exploits of last week's MS reported vulnerabilities have yet appeared. Maybe this is what Jobs is banking on At least on floating point Linpack benchmark anyway... By Nebojsa Novakovic: Friday 19 May 2006, 21:53 A FEW DAYS AGO, a friend told me that the famous Linpack FLOPs benchmark... Of interest to all computer users: 1. Security Measures 2. Update account information 3. Update your account information. 4. Important Notice from Security Center 5. Please update your Amazon account ! 2) Sophos' most recent virus alerts: 1) W32-Rbot-EMH - Windows worm, gives others access to infected computer, installs itself in the Registry, exploits system and software vulnerabilities. AKA 'clickspringinstaHmWhs26R.html'. (Gotta love these malware names!) Prevalence: Low. 2) Troj-Zlob-OX - Windows Trojan, installs into the Registry. AKA ' Trojan-Downloader.Win32.Zlob.uo' and 'Puper'. Prevalence: Low. 3) W32-Bagle-KN - Windows worm, turns off anti-virus apps (!), forges sender's email address, downloads code from the Internet, installs into the registry, leaves non-infected junk files on the computer. Prevalence: Low. My tip of the week: There is a very good section of the Sophos website worth reading if you are interested in learning more about malware of all sorts: A fun part of this site is the monthly Top 10 Viruses list. You can dig back as far as 1998 if so inclined. An amazing resource: Coming up: Watch for my new post regarding why Windows has a dramatically higher number of malware, on a per user basis, than Mac OS X. Featured will be the very scary WebAttacker DIY spyware kit for Windows users. Yes, if you are willing to pay $300 to some scumbag in Russia you can buy this kit and build your own Windows spyware. Is that vicious or what? And to complete this week's summary is my usual quotation of sections 2-4 of the Sequnia Weekly Summary. You can sign up for the summary at Sequnia's website, where you can also read their detailed reports. Until next week, Share and Enjoy, :-Derek ----------------------------------------- Secunia Online Vulnerability Database: ======================================================================== 2) This Week in Brief: Two vulnerabilities have been discovered in Microsoft Windows and Microsoft Excel, which can be exploited to compromise a vulnerable system. The first SA20686 has, according to Microsoft, already been used in targeted "Zero-day" attacks against a few companies. Currently, no patches are available from Microsoft. Please refer to the referenced Secunia advisories below for additional details. -- I need an HDDVD burner in my Mac!! 50 Nashton Film at 11. Apple provides a system that works together, not just parts. This involves working on the software support... A vulnerability has been discovered in WinAmp, which potentially can be exploited by malicious people to compromise a user's system. An updated version has been released by the vendor that fixes this vulnerability. Reference: -- VIRUS ALERTS: During the past week Secunia collected 224 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia buttessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. SA20686 Microsoft Excel Repair Mode Code end Vulnerability 2. SA20748 Microsoft Office Long Link Buffer Overflow Vulnerability 3. SA20153 Microsoft Word Malformed Object Pointer Vulnerability 4. SA20595 Microsoft Internet Explorer Multiple Vulnerabilities 5. SA20576 Adobe Reader Unspecified Vulnerabilities 6. SA2068 plus 19 Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability 7. SA20722 WinAmp MIDI File Handling Buffer Overflow Vulnerability 8. SA15601 Mozilla Mozilla Firefox Frame Injection Vulnerability 9. SA15779 Sendmail Multi-Part MIME Message Handling Denial of Service 10. SA20661 Horde Cross-Site Scripting Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: SA20748 Microsoft Windows Hyperlink Object Library Buffer Overflow SA20722 WinAmp MIDI File Handling Buffer Overflow Vulnerability SA20721 ASP Stats Generator SQL Injection and Code Injection SA20719 Hitachi Products MDAC RDS.Dataspace ActiveX Vulnerability SA20756 MAILsweeper for SMTP-Exchange Multiple Vulnerabilities SA20752 Maximus SchoolMAX "errormsg" Parameter Cross-Site Scripting SA20743 Hosting Controller Privilege Escalation Vulnerability SA2068 plus 18 SSPwiz Plus "message" Cross-Site Scripting Vulnerability UNIX-Linux: SA20710 SUSE update for awstats SA20709 Gentoo update for mozilla-thunderbird SA20708 Gentoo update for typespeed SA20766 SUSE Updates for Multiple Packages SA20716 Ubuntu update for kernel SA20715 Trustix update for libtiff SA20712 Ubuntu update for mysql-dfsg SA20703 Linux Kernel "xtsctp" Denial of Service Vulnerability SA2068 plus 14 Mandriva update for sendmail SA2068 plus 13 Mandriva update for libtiff SA2068 plus 10 Gentoo update for pammysql SA2068 plus 12 Mandriva update for spambuttbuttin SA20750 Debian update for horde2 SA20734 CHM Lib "extractchmLib" Directory Traversal Vulnerability SA2068 plus 19 Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability SA20754 dhcdbd DHCP Message Handling Denial of Service SA20702 Mandriva update for kdebase SA20729 NetPBM pamtofits Off-By-One Buffer Overflow Vulnerability SA20711 HP-UX Support Tools Manager Denial of Service Vulnerability Other: SA20726 FortiMail Sendmail Multi-Part MIME Message Handling Vulnerability SA20720 FortiGate FTP Anti-Virus Scanning Bypbutt Vulnerability Cross Platform: SA20771 Ralf Image Gallery File Inclusion Vulnerabilities SA20768 plus 1 SmartSiteCMS "root" File Inclusion Vulnerability SA20768 BandSite CMS "rootpath" File Inclusion Vulnerabilities SA20758 Micro CMS "microcmspath" Parameter File Inclusion Vulnerability SA20744 Ad Manager Pro "ipath" Parameter File Inclusion Vulnerability SA20733 easy-CMS Multiple File Extensions Vulnerability SA20731 Eduha Meeting PHP File Upload Vulnerability SA20713 CMS Faethon "mainpath" File Inclusion and Cross-Site Scripting Vulnerabilities SA2068 plus 15 Bitweaver Multiple Vulnerabilities and Weakness SA20772 Invision Power Board Hexadecimal HTML Enbreasties Script Insertion SA20763 IMGallery "galerie.php" SQL Injection Vulnerabilities SA20761 Ultimate Estate Cross-Site Scripting and SQL Injection SA20753 BbreastTracker "torrents.php" SQL Injection Vulnerabilities SA20747 thinkWMS Multiple SQL Injection Vulnerabilities SA20746 Joomla! "Name" SQL Injection Vulnerability SA20745 Mambo "Name" SQL Injection Vulnerability SA20740 phpTRADER SQL Injection Vulnerabilities SA20739 xarancms "id" Parameter SQL Injection Vulnerability SA20738 tplShop "firstrow" Parameter SQL Injection Vulnerability SA20732 IBM WebSphere Application Server Multiple Vulnerabilities SA20730 VUBB SQL Injection and Cross-Site Scripting Vulnerabilities SA20727 e107 Cross-Site Scripting and Script Insertion SA20724 singapore "template" Parameter Local File Inclusion Vulnerability SA20706 Clubpage Cross-Site Scripting and SQL Injection Vulnerabilities SA20705 Free Realty "sort" SQL Injection Vulnerability SA20704 Open-Realty "sorttype" SQL Injection Vulnerability SA20701 VBZooM "QuranID" SQL Injection Vulnerability SA20700 Groupmax Address-Mail Server Denial of Service Vulnerability SA2068 plus 16 Virtual War "war.php" SQL Injection Vulnerabilities SA20767 Atlbuttian JIRA Enterprise Edition Cross-Site Scripting Vulnerability SA20764 myPHP Guestbook Cross-Site Scripting Vulnerabilities SA20742 UltimateGoogle "REQ" Cross-Site Scripting Vulnerability SA20737 Ultimate eShop "subid" Cross-Site Scripting Vulnerability SA20736 Tradingeye Shop "image" Cross-Site Scripting Vulnerability SA20735 Cisco CallManager Web Interface Cross-Site Scripting Vulnerabilities SA20728 Confixx Pro Cross-Site Scripting Vulnerabilities SA20725 buttoCIateD "menu" Cross-Site Scripting Vulnerability SA20718 phpMyDirectory Cross-Site Scripting Vulnerabilities SA2068 plus 17 iPostMX 2005 "RETURNURL" Cross-Site Scripting Vulnerabilities SA2068 plus 11 NC LinkList "index.php" Cross-Site Scripting Vulnerabilities ======================================================================== -- Fortune Magazine, 11-29-05: What's your computer setup today? Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease of use, and I want my computer to be a tool, not a challenge. Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded the movement to modernize computer software engineering in 1975 List \| Previous \| Next



		Maybe this is what Jobs is banking on Mac OSX Advocacy from Newsgroups iPod loses again