RSS

Monthly Archives: August 2010

Can you still patch XP SP2 systems? Apparently so.

16 Aug
Microsoft Update in Windows XP.
Image via Wikipedia

The last two weeks should have made Windows XP Service Pack 2 users quite nervous.  They sit on a vulnerable operating system that Microsoft has stop supporting.  In doing so, they are left in a perpetually vulnerable state, especially as other XP vulnerabilities are discovered.

Initially there were reports of a simple registry hack that would identify your system as patched at Service Pack 3 and allow the patch to install.  Granted because this was a registry hack there were a lot of disclaimers around the use of this approach.  However at the end of last week, there was some reported information that there was a method to legitimately install patches on a SP2 machine.

The initial (unsubstantiated) rumors were that those who had a support contract with Microsoft had an inside line that provided them access to the patch.  After some research, Dale Pearson of Security Active posted his findings. Apparently the published patch for XP embedded does work on SP2 systems.  Since the only thing that kept the original patch from installing on a typical install is the single registry entry at HKLM\System\CurrentControlSet\Control\Windows\, one has to assume that this does not exist in the XP embedded patch or system (those who are familiar with XP embedded are more than welcome to correct me here).

Regardless, those who are still on Service Pack 2 must be there for a reason (if you aren’t, then please install SP3 and patch your system).  Whatever that reason is, you will need to take extra care from this point forward in determining ways to keep your machine patched as well as possible (or again you can install SP3).  So keep in mind that the patches for XP Embedded may be a work around for you (unless Microsoft catches on to this :) ).

Related Articles
 
2 Comments

Posted by on August 16, 2010 in Microsoft, Patching, Security, Technology

 

Tags: , , , , , , , , , , ,

How to follow me, well my car at least…

15 Aug

Conspiracy theorist ready your tin hats!

I’ve taken to listening to podcast instead of music while running and heard some interesting news that encouraged me to rush back to my computer this morning and do some research.

History: Most of you will remember the Firestone tire recall from 1990 where more than 100 deaths were attributed to tire separation which was due to over inflation of the tire.  In response to this, the Clinton Administration passed the TREAD act.  One of the key provisions of this act was that all cars sold after Sept 1 2007 have installed TPMS (Tire Pressure Monitoring Systems) which would give the driver near real time information on the status of tire pressure.  The information is fed back to your cars ECU (“computer”) which would presumably know the optimum pressure for your factory tires and warn you of over/under inflation.

If you don’t know how these work, these are small devices which are stuck to the inside of your rim with a small RF sensor that is run by a small watch battery (see image at right).  The information is not real time, it is sent periodically (60-90 second intervals) to your cars computer.  However your computer is always “listening” for input from these devices.

The news around this is that researchers from Rutgers University have published a press release that they are going to discuss the dangers of spoofing these devices in order to gain access to the computer possibly able to cause issues for the driver or the vehicles control systems.  The crux of the issue is that these devices have short (relatively) 32 bit IDs with no encryption between the tag (sensor) and the control unit.  According to the researchers the protocol is also quite simple and easy to spoof.  They will (presumably) demonstrate this week how they can send/receive signals from these units up to 40 meters away.

So let’s put a privacy spin on this (ready your tin hats!).

  1. The sensors have a broadcast range of roughly 40 meters
  2. The IDs are easily spoof able (and easily identified)
  3. There isn’t any encryption
  4. The protocol is simple
  5. Broadcasts occur in timed increments (60-90 seconds)

So do you want to follow me?  You could.  Building a single sensor that would read the ID from one (or all) of my TPMS would be quite simple.  Place it in a location where I’m going 1.5 MPH or less (rough math using 40 meter coverage and a 60 second window) and you have a reasonable chance of being able to authenticate my presence, or at least my car’s presence, at that location.  Granted you or I have a small issue here, the ability to do this on any scale that would be effective.  If you wanted to cover a large area or a large number of people, this would be quite an undertaking.  But if you are a government and control the local infrastructure of a municipality, you have quite an opportunity here.

Related Articles
 
Leave a comment

Posted by on August 15, 2010 in RISK, Security, Technology, Wifi

 

Tags: , , , , , , , , , , ,

P.T. Barnum wasn’t wrong – Firefox Beta Links spread Malware

06 Aug

It should not come as a surprise to you that Firefox is available for free download from Mozilla (hence the Open Source Project).  This must not be apparent to users who are being fooled by a fake Firefox 4.0 beta download scam.  

The scam goes a bit like this:

  1. You want software but don’t want to pay for it (in this case a new version of the Firefox browser)
  2. You get email/see link/etc that a new Firefox browser is going to be out
  3. Email/Link/etc portends to provide either a software crack or a key generation file (items used to break registration of what should be purchased software).
  4. You download and run crack files
  5. You get infected with a Trojan

Reports note the following trojans have already been seen using this scam:

  • FraudTool.Win32.FakeVimes
  • Trojan-Downloader.Win32.CodecPack.2GCash.Gen
  • Trojan.DNSChanger.Gen
  • Virus.Win32.Parite
  • TrojanDownloader-Win32/FakeRean

Moral(s) of the story:

  1. Always check an authoritative source.  If you are interested in the Firefox 4 Beta, check out Mozilla’s site and download it there.
  2. It’s always a bad idea to pirate software.  Sites that host/distribute cracked versions of software and keygens are already operating in a shady area, don’t be surprised to get infected/attacked if that is a site you visit.  (As I tell my kids, don’t touch that, you don’t know where it’s been).
  3. Patch and Update.  For at least the few noted pieces of malware being spread here, if your system is patched and your AV updated you should be okay.  However, this can change at any moment, so don’t test it.
 
Leave a comment

Posted by on August 6, 2010 in crimeware, malware, Phishing, Security, SPAM

 

Tags: ,

Older posts