Vulnerability Summary for the Week of June 27, 2011
Jul 7, 2011The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High — Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
- Medium — Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
- Low — Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Persistent XSS Vulnerability in Facebook
Mar 10, 2011There is a JavaScript Spam trick on Facebook resulting in spam messages being posted on many user accounts. First mentioned yesterday by Internet security experts at GFI Software, the persistent cross-site scripting (XSS) vulnerability still remains unpatched as of this writing.
So, what happened? Some attacker has discovered a XSS vulnerability which can be used to inject JavaScript through specially crafted Facebook application pages. Normally the script would be removed by filters before the page is shown to the user, but in this case, it is able to slip through. The malicious script will then be executed in the context of Facebook.com, allowing it to perform requests under the user’s session. Keep in mind this happens before the application asks for any permissions. Visiting the page while being logged into Facebook is enough to get it started, which is normally the case when a user is viewing new messages.
Black Hat 2010: Security industry best practices
Aug 14, 2010Following an industry conference, I find it a good practice for me to reflect back on what I learned and observed and see how I can apply it to my current work. At the conference there is so much to learn and take in, so I find it helps to let it all marinate for a bit of time and then I can start to uncover the new learning once I’m back at my desk and away from the conference buzz. It’s now been nearly two weeks since BlackHat wrapped up and these are the topics and observations from the conference that have been swilling around in my head. I hope to explore these thoughts more with my industry colleagues and find my way to contribute to improving security industry best practices.
Stuxnet Introduces the First Known Rootkit for SCADA Devices
Aug 7, 2010As we’ve explained in our recent W32.Stuxnet blog series, Stuxnet infects Windows systems in its search for SCADA programming software. SCADA systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a Windows system. These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory. SCADA programmers use software (e.g., on a Windows PC) to create SCADA code and then upload their code to the PLCs.
Previously, we reported that Stuxnet can steal SCADA code and design projects and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. Stuxnet has the ability to take advantage of the programming software to also upload its own SCADA code to the PLC. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known SCADA rootkit that is able to hide injected SCADA code located on a PLC.
View details about a vulnerable application
May 26, 2010The Vulnerability Protection window displays the list of the programs that are susceptible to malicious attacks. In addition, you can view details of the vulnerabilities that a program contains. The Program Vulnerability Details window displays the names of the attack signatures that Intrusion Prevention uses to detect the vulnerabilities in the program.
You can click an attack signature to get additional information about the signature in the Symantec Security Response Web site.
View the list of vulnerable programs
The Vulnerability Protection window lets you view the extensive list of programs with the known vulnerabilities that Norton Internet Security protects you against.
For each of these programs, you can view details such as the name of the program, its vendor, and the number of vulnerabilities that the program contains.
Vulnerability Protection
Vulnerability Protection is a component of Intrusion Prevention System. Vulnerability Protection provides information about the susceptibility of the programs that may be on your computer against malicious attacks. It also provides information about the known attacks that they are protected from.
Vulnerabilities are flaws in your programs or your operating system that can create weaknesses in overall security of your system. Improper computer configurations or security configurations also create vulnerabilities. External attackers exploit these vulnerabilities and perform malicious actions on your computer. Examples of such malicious attacks are active desktop monitoring, keylogging, and hacking. Such attacks can slow down the performance of your computer, cause program failure, or expose your personal data and confidential information to the hackers.
Permanently block a computer that has been blocked by AutoBlock
You can permanently block a computer that AutoBlock has blocked. The permanently blocked computer is removed from the AutoBlock list and added as a Restricted computer in the Network Security Map.