Information Security Blog

Greater Manchester Police computers infected by Conficker virus

Greater Manchester Police disconnected from the Police National Computer since Friday

Dave Bailey

Computing, 02 Feb 2010

The Conficker virus has infected Greater Manchester Police (GMP) IT systems, necessitating their isolation from the Police National Computer (PNC) system.

PNC IT experts disconnected GMP’s system from the central database last Friday. GMP has since been asking neighbouring forces to carry out name and vehicle checks on its behalf.
Speaking to the BBC, assistant chief constable Dave Thompson said no data had been lost and that the virus was not destructive, but gave no details of whether it was a variant of the original virus.

“A team of experts is now working on removing the virus, and we won’t be reconnected until we are sure there is no further threat,” said Thompson.

http://www.v3.co.uk/computing/news/2257206/greater-manchester-police

Pressure mounts to phase out Internet Explorer 6
A Downing Street petition is calling for the UK government to drop Microsoft’s Internet Explorer 6 (IE6) and move to a more modern browser.

The petition says that IE6 has security flaws and uses outdated technology, creating a burden for developers.

The petition comes as the Department of Health advised the NHS to move away from the old browser.

Other government departments – and many firms – still use the software, which was first released in 2001.

“Most creative and software development companies are forced by government department clients to build websites for IE6 when most of the industry has moved on,” the petition reads.

“Upgrading would be a massive task for government, but if the public is encouraged to lead the way and the government follows, that would create the momentum needed.”

http://news.bbc.co.uk/2/hi/technology/8492862.stm

Tor software updated after hackers crack into systems

Miscreants remain anonymous

By John Leyden • Get more from this author

Posted in Enterprise Security, 22nd January 2010 13:46 GMT

Privacy-conscious users of the Tor anonymiser network have been urged to upgrade their software, following the discovery of a security breach.

Two of seven directory authorities and a metrics data server were compromised in a hack discovered earlier this month, Tor developer Roger Dingledine explains. The three servers were taken offline and refurbished following the hack.
Fresh identity keys for the two directory authorities hit by the hack were created during the refurbishment process. Users should therefore update to either Tor version 0.2.1.22 or 0.2.2.7-alpha, so that they can use the refurbished servers as conduits for sensitive traffic.

Project volunteers have taken steps to harden systems and prevent a repetition of the hack, the significance of which has been downplayed. Attackers reportedly used Tor’s systems solely as a launchpad for other attacks, without realising that the same servers also hosted Tor code depositories. These were left unaffected by the breach.

“It appears the attackers didn’t realize what they broke into – just that they had found some servers with lots of bandwidth,” Dingledine explains. “The attackers set up some ssh keys and proceeded to use the three servers for launching other attacks.”

http://www.theregister.co.uk/2010/01/22/tor_security_update/

Kind of ironic that a network that provides such a great platform to lauch attacks, becomes a target for such a hack attack.

Apple fixes a dozen holes in Mac OS X
by Elinor Mills
Apple fixes a dozen vulnerabilities affecting Mac OS X 10.5 and 10.6 in its first security update for the year released on Wednesday.

The security update addresses several issues with the Flash Player plug-in, including one that could allow an attacker to take control of the computer if the user visits a malicious Web site.

Also patched were holes in CoreAudio, ImageIO, and Image RAW that could lead to arbitrary code execution and allow an attacker to take control of the computer if a malicious MP4 audio file were played, or malicious TIFF (Tagged Image File Format) or DNG (Digital Negative) images were viewed.

The release also affects OpenSSL, fixing a man-in-the-middle vulnerability that exists in the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols used to secure communications over the Internet. The vulnerability, discovered by researchers at PhoneFactor in August 2009, could allow someone to capture data or modify operations performed in protected sessions.

In addition, a hole in the CUPS printing service was plugged that could allow an attacker to cause a remote denial-of-service by issuing a malicious get-printer-jobs request.

http://news.cnet.com/8301-27080_3-10438313-245.html?tag=mncol;title

It always amazes me the tone change when people announce Apple’s patches versus Microsoft.  The headline could easily have been “Apple fails to fix serious SSL vulnerability for five months”.  SSL isn’t really that important though.  I mean we are only talking about snooping in on your ’secure’ banking transactions and the like, right?

Often the news stories gloss over the details of incidents and only focus on the sensational bits that appeal to the public. Hopefully, here we can delve a bit deeper.