Upcoming releases of Microsoft's spyware removal tools will uninstall Sony copy-protection software that functions as a rootkit. "We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP (Extended Copy Protection) software," Jason Garms of Microsoft announced on the Anti-Malware Engineering Team blog. "Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems." The detection of the Sony tool will be included in upcoming releases of the Malicious Software Removal Tool, which is updated through Windows Update, as well as the beta of Windows Antispyware.
Sony uses XCP software to restrict unauthorized copying of music CDs. The software's controversial operations were detailed by Mark Russinovich of SysInternals two weeks ago, prompting alarm among many security experts. "Although the software isn't itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves," noted F-Secure, which soon discovered a trojan attempting to use the Sony XCP software to disguise its presence. Fortunately, the trojan had coding errors that prevented it from spreading widely.
Hackers are launching attacks on popular PHP-based blogging, wiki and content management program that failed to patch a serious security hole discovered in July. The attacks exploit flaws in the way PHP libraries handle XML-RPC commands, and appear to be targeting installations of WordPress and Drupal.
If left unpatched, an attacker could compromise a web server through vulnerable programs including WordPress, Drupal, PostNuke, Serendipity, phpAdsNew and phpWiki, among others. These projects all issued fixes six months ago, as did the authors of the affected PHP libraries.
A phishing attack led the Bank of New Zealand to take its online banking web site offline Thursday to prevent scammers from draining customer accounts. The bank said that although there had been no threat to its Internet infrastructure, the site was shut for eight hours to protect customers who shared their banking logins with a spoof web site operated by a phishing crew. The BNZ web site came back online Thursday evening with "restricted functionality," and returned to full service on Friday, bank spokesman told the National Business Review.
Bank of New Zealand said it will continue to closely monitor Internet banking transactions, and has revised daily transaction limits for all customers. The bank also suspended Internet banking access for customers who enteered their details at the fake site.
Microsoft has issued workaround instructions for a buggy patch issued last Tuesday as part of its monthly security update. The patch repairs a critical security hole, which could leave Windows 2000 systems open to an Internet worm attack. Microsoft says that few systems have been affected by issues with the update for a security hole known as MS05-051, which could allow attackers to gain control of Windows 2000 computers via an unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC).
Late last week users began reporting significant problems on some Windows XP, Windows 2000 and Windows Server 2003 systems after the patch was applied. Although few users were directly affected, the bug reports may have prompted many network administrators to delay patching their systems until the issues were resolved.
OpenSSL has released a software update to fix a flaw that could make it easier for hackers to attack secure web servers. The security issue could allow attackers to force an SSL-enabled site to use the outdated and potentially insecure SSL version 2.0 protocol.
Some secure web sites allow visitors to connect using earlier versions of SSL, an option which can be enabled by OpenSSL's SSL_OP_ALL setting. Normally, web servers will default to the most current encryption protocol supported by the user's browser, usually TLS or SSL version 3. But a flaw in the SSL_OP_ALL implementation could allow an attacker to trick the server into using SSL 2.0.
"An attacker acting as a 'man in the middle' can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0," notes the advisory from OpenSSL. "The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only." The OpenSSL Project is advising users to either upgrade their server software with the latest version or disable SSL 2.0 entirely.
Paypal will implement strengthened anti-phishing measures for up to 1 million users next year through a deal announced yesterday between VeriSign and eBay, which operates Paypal. While most of the headlines focused on eBay's purchase of VeriSign's payment processing unit for $370 million, the most widely-felt benefit of the deal will likely be the enhanced security for Paypal, which has been relentlessly targeted by phishing scams.
The agreement calls for eBay to buy up to 1 million two-factor authentication tokens from VeriSign. eBay and PayPal plan to begin the rollout of two-factor authentication to customers in 2006, including marketing and security programs designed to "promote customer adoption."