As a Valentine's Day gift, Raw Logic Software gives you NetBrute Scanner version 188.8.131.52. All known bugs have been fixed and there are a few enhancements. Everything should now work as advertised! You can download the latest version here.
As a holiday gift for everyone, I allocated eight hours of labor to fixing NetBrute's bugs and adding a few of the most sought after features. NetBrute version 184.108.40.206 is now available for download here. This will likely be the last release of this branch of development. The next version is still in the research and development phase but will be a complete multi-threaded re-design.
The Homepage VBS E-mail worm has hit. Looking at the actual VBS script, it's hard to tell which commands are actually executed because it is encoded and self-decodes itself at runtime. I've decoded the script and provided you with a text file with the actual VBS source code that is executed here. You can read more about the Homepage VBS E-mail worm at F-Secure's website here. You may also see the decoding in action by downloding this free educational Homepage decoder program here.
To be more marketable, Raw Logic Software changes the name of their popular NetView Scanner suite to NetBrute Scanner.
Development of the next version of NetView Scanner Suite is underway. You can download a test application called NetBIOSTest.exe that will allow you to attempt a brute force dictionary attack on NetBIOS shared resource passwords to test their strength. See a screen shot here. Download the zip file here. Works on both 95 (98, ME) and NT (2000). The zipped file includes a small password list called "common.txt". This new NetBIOS brute force dictionary attack feature will be included in an upcoming version of the NetView Scanner Suite. There is no support for this test application, so please do not re-distribute.
Raw Logic Software changes the use of the "Latest News" portion of their website. This section will now be used strictly for announcements directly related to Raw Logic Software and its products. This decision has been made based on the data collected from our customer poll. If you wish to comment on the change, please send email to email@example.com. Thank you.
Double clicking on Microsoft Office documents from Windows Explorer may execute arbitrary programs in some cases. Georgi Guninski, and independent security consultant, has discovered a security vulnerability in Microsoft Office that could allow a malicious user to run a malicious dynamic link library file on your computer when opening an Office document. The most likely scenario would entail making use of a shared document folder on a network. Read the complete details on Guninski's web site here.
Microsoft Front Page Server extensions prior to service release 1.2 have a serious Denial of Service vulnerability. This DoS is very easily exploited, and Microsoft has down-played the seriousness of the need to update the Server extensions to 1.2 by not releasing a security bulletin or otherwise notifying the security community. This will no doubt cause the importance of installing service release 1.2 to be overlooked, leaving many Microsoft IIS web servers vulnerable. Read the full details about the DoS vulnerability from Xato Network Security's web site here.
Download service release 1.2 for Front Page Server extensions from Microsoft's website here.
The rumors that Microsoft's Internet Explorer failed to properly implement Java security in the same way that Netscape Communicator did prove to be true as Microsoft releases a patch to their Virtual Machine to fix a vulnerability that would allow an unsigned applet to access resources on a user's local network. To get more details and to find the appropriate patch for your version of Microsoft's Virtual Machine, read Microsoft's Security Bulletin at their website here.
Netscape has released a new version of Netscape Communicator. The new version is 4.75 and has corrected the incorrect Java security implementation that previously allowed an unsigned applet to access local and remote resources. This effectively removes the threat that the Brown Orifice exploit posed. Download the new version of Communicator from Netscape's website here.
Netscape Navigator and Communicator versions 4.04 through 4.74 ship with Java classes that allow an unsigned applet to access local and remote resources, violating standards in Java security. This allows a malicious Java applet to send the contents of any local file or other resource to the web server from which the applet originated. An exploit titled "Brown Orifice" has been released to the public that uses this vulnerability to turn Netscape into a web server, serving local files to anyone that can connect to it. Read
CERT's full advisory at their website here. Note that Brown Orifice has its own security vulnerabilites. Currently, Netscape recommends disabling Java as a work-around for the problem. Netscape states that an update or patch will be released soon at their security website here.
Microsoft releases a security bulletin regarding the "Scriptlet Rendering" vulnerability in Microsoft Internet Explorer 4.x and 5.x that allows malicious web site operators to read files from a user's computer. Read the bulletin from Microsoft's website
here. Download the patch from Microsoft's website
here. This patch also corrects other security vulnerabilities in Internet Explorer and is highly recommended. For example, Microsoft has updated the security bulletin regarding the "IE Script" vulnerability. "This vulnerability could allow [a] script hosted on a malicious user's web site to reference a Microsoft Access file on the site. In turn, the Access file, when opened, could cause macro or VBA code to run." See the
updated bulletin in Microsoft's website here,
which includes a link to the patch mentioned above.
Microsoft releases a security bulletin and patch regarding a vulnerability in Microsoft Office 2000 products that allows arbitrary code to be ran when a user opens an HTML document saved as an Office document that contains a malformed data object tag. Get the details and download the patch from Microsoft's website here.
A Vulerability in NetBIOS architecture allows Denial of Service attacks on all Microsoft Windows versions. See Covert Lab's (PGP) advisory here. Read Microsoft's Security
Bulletin and get their proposed patch here
SANS reveals what they are describing as "the most dangerous programming error in Windows workstation (all varieties -- 95, 98, 2000, NT 4.0) that Microsoft has made". It is a bug that allows Internet Explorer to run a Microsoft Access document as an ActiveX component before declaring to the user that some of the components on the HTML page may be unsafe. This can be exploited via having the victim browse an HTML document with IE or by sending an HTML formatted email to the victim (since Outlook and Outlook Express use Internet Explorer to interpret the HTML). Read the complete advisory at the SANS site here. Read Microsoft's Security Bulletin here and Microsoft's proposed workaround here.
Microsoft Outlook and Outlook Express suffer from a serious buffer overflow vulnerability, allowing attackers to send you an email that runs malicious code without you even opening up the email or attachment. Read complete details about the exploit
here. Or fix the patch by immediately installing Internet Explorer 5.1 Service Pack one here, or for Windows 2000 users, you must install Internet Explorer 5.5 here. These installations update Outlook Express and fix the error. Finally, if you have Outlook Express 5.1, you can update it directly by installing the patch located
Microsoft's HTML Help ActiveX Control allows local files to be executed. For those using Internet Explorer, malicious web pages can use active scripting to exploit this vulnerability. Compiled HTML help files could also be maliciously distributed via email, FTP, etc. Do not open any compiled help files (CHM) from untrusted sources. For further details on the vulnerability, and information on a
patch from Microsoft, please view CERT's complete advisory here.
PGP 5.0's non-interactive random key generation, using the /dev/random device has a flaw in its implementation, allowing attackers to predict keys and recover encrypted information. If you have generated any keys non-interactively, via the command line in PGP 5.0, read more from CERT's advisory here.
L0pht Research Labs and @Stake Inc. reveal a dangerous vulnerability in systems where Microsoft Office 2000 and Internet Explorer are installed. Microsoft incorrectly labeled a powerful Microsoft Office ActiveX control named "Microsoft Office UA Control" as "safe for scripting". This gives any website access to execute the control via scripting (a common feature), without warning, through Internet
Explorer. See the advisory at L0pht here. See CERT's advisory here. You can download the patch for Microsoft Office 2000 from Microsoft's website, but lose some functionality here.
F-Secure remarks about the latest variant of the ILOVE you virus, named "NEWLOVE". This variant could be considerately more dangerous, as the polymorphic virus randomly renames itself after recently used files. The subject line would read "FW: (random_file_name.ext)". It is also more destructive in that it infects *all* files on the victim's harddrive, making the computer un-bootable. Read more
details on this variant from F-Secure's website here.
CERT advises that there is at least one new buffer overflow vulnerability in the Kerberos authentication system. The most severe vulnerability allows remote intruders to gain root privileges on systems running services using Kerberos authentication. See the full text of the advisory here.
CERT releases an advisory regarding a serious flaw in Netscape Navigator's implementation of SSL, allowing atackers to steal your personal data. Read their advisory with complete exploit information here.
F-Secure released another press release today announcing that different versions of the "VBS/LoveLetter" virus are making their way around the world. The most cunning perhaps, is the one with the subject header of "Mothers Day Order Confirmation". Click here for a full description of the virus on F-Secure's web site.
CERT releases their advisory regarding the LoveLetter worm. For detailed information, view their advisory here.
"LoveLetter" worm is announced in press release by F-Secure (formerly Data Fellows). They warn not to open the email attachment received in an email with the subject header of "ILOVEYOU". The attachment appears to be a text file but is actually a VBScript installed worm. When infected, email will be generated to everyone in your address book with the same subject line, also containing the virus. Microsoft Office users are particularly susceptible. Click here for a full description of the virus on F-Secure's web site.