A new version of Firefox was released today, following the reports of several critical bugs that could allow remote code execution by clicking an URL. If you have automatic updating enabled in Firefox (it’s on by default) it should automatically update itself.
Release notes: http://en-us.www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/
Vulnerability details from Secunia: http://secunia.com/advisories/26201/
Color copiers contain detection algorithms for bank notes, and will refuse to copy any documents they consider to be bank notes. The actual algorithm used by the copiers was documented by Markus Kuhn in this PDF file. A new perl program called eurionize allows you to embed a pattern into any Postscript file that will prevent color copiers from making copies of the file.
This is not fool-proof of course, but it is an interesting hack nonetheless. As the eurionize author notes, the technique might provide a small increase in security of documents like coupons and entertainment admission tickets.
Here’s a useful utility you’ll want to have on hand when analyzing compromised or possibly compromised machines:
Process Explorer by SysInternals (recently acquired by Microsoft)
This is the most powerful process viewer, bar none, and what we use on our lab machines when analyzing trojans. Especially useful is the ability to search all handles and DLLs as this helps in locating trojan modules that are loaded into other processes.
In this post on Apache security, I will show you the 10 most important things you need to do to secure your server.
This is very important as each additional module, such as for example mod_php will increase the security risk to your site. If there’s a security vulnerability in PHP, and you aren’t running with mod_php enabled, you won’t be exposed. If you only require mod_rewrite then the only uncommented module line in your httpd.conf should be
LoadModule rewrite_module modules/mod_rewrite.so
(Bonus points if you spotted that the above line is only for Apache 2.x config files)
This means subscribing to mailing lists and check blogs and web sites regularly for news on security vulnerabilities to modules you have installed.
Although Apache has an excellent security track record, you should still check for new versions regularly at http://httpd.apache.org/
There’s no need to tell anyone what web server and product version you’re running. To turn off server signatures both on error pages and in the HTML response header, add the following to httpd.conf:
ServerSignature Off
ServerTokens ProductOnly
If a user types http://www.yoursite.com/images/ in their browser bar, and there is no index page for the images directory, the might be able to see all the files in that, or any other directory without an index page. To make sure this doesn’t happen, disable directory indexing by putting the following in your httpd.conf:
Options -Indexes
This module, written by Apache guru Ivan Ristic, allows you to do such things as filter out SQL injection attempts from URI strings, detect shell code in POST or GET queries, and much, much more.
Get it at http://www.modsecurity.org/
This advanced configuration allows you to “jail” Apache to a specific root directory. The process won’t be able to access anything beyond the chroot’ed directory. For a tutorial, see this Linux.com article.
FBI apparently has a trojan called CIPAV which it uses to obtain information about the computers used by suspects under investigation for computer crime.
This affidavit seeks permission to install the CIPAV through MySpace, which suggests something like a browser exploit embedded in a message sent to the suspect. It is interesting to speculate whether this exploit targets Internet Explorer or Firefox (or possibly even both).
The following quote from page 16 of the affidavit leads me to believe that the FBI has several ready-made exploits, each targeted at a different browser:
It is requested that this court issue a search warrant authorizing … the use of multiple CIPAVs until one CIPAV is activated by the activating computer.
The investigators could then simply try each one in turn, until one succeeds in activating the trojan and sending information back.Several news outlets have contacted AV vendors to get clarification on whether they will detect government trojans such as CIPAV. Some have declined to comment. Needless to say, TrojanHunter will always be detecting trojans, no matter what their source.
