Bios Password

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, July 24, 2010

Super-Fast Linkfest Throw-down: Pt I

Posted on 5:04 PM by Unknown

07/31/10: More updates posted at the bottom of this page regarding the .LNK vulnerability.

I had planned for a sleepy weekend.  You know, the kind to recharge your batteries after a crazy-insane work-week?

Yeah right.  Like that would come to pass….work responses required weekend dedication.  Bummer

So I offer only several rapid-fire posts to get the linkage unblocked.

Part I here continues with additional information I’ve saved on the Windows LNK exploit; building upon the my previous post: Windows zero-day exploit?: USB storage + .lnk file...

Unless something radical drops, this will probably be the last on this theme.  I’ve found it an interesting look into incident response, knowledge-sharing/growth, and a few more cool tools.

  • (Windows) Shellshocked, Or Why Win32/Stuxnet Sux… -- ESET ThreatBlog (filed under perspective)
  • It Wasn’t an Army -- ESET ThreatBlog (filed under perspective)
  • Mitigating .LNK Exploitation With Ariad-- Didier Stevens (filed under cool tool/utility)
  • Mitigating .LNK Exploitation With SRP-- Didier Stevens (filed under cool tool/utility)
  • linkiconshim - Project Hosting on Google Code (filed under cool tool/utility)
  • Novel New USB Attack | Optimal Security -- The Lumension Blog (filed under perspective)
  • Code for Shortcut Zero-Day Exploit is Public - F-Secure Weblog : News from the Lab (filed under perspective)
  • Shortcut mitigation and certificate revocation -- Chester Wisniewski’s Blog (filed under advice)
  • Microsoft revised Security Advisory (2286198) Vulnerability in Windows Shell Could Allow Remote Code Execution – Donna’s SecurityFlash (filed under MS vulnerability clarifications)
  • Preempting a Major Issue Due to the LNK Vulnerability - Raising Infocon to Yellow (filed under advice)
  • siemens to scada users – don’t change that default password – yikes! – ParanoidProse - (filed under perspective)
  • Tool Blunts Threat from Windows Shortcut Flaw — Krebs on Security (filed under perspective)
  • Stuxnet Memory Analysis and IOC creation – M-unition Blog (filed under threat analysis)
  • LNK Vulnerability: Embedded Shortcuts in Documents - F-Secure Weblog : News from the Lab (filed under new vector possibilities)
  • Applied Fix It Solution 50486 (KB2286198) in Vista and Windows 7... – Donna’s SecurityFlash (filed under it worked for me) 
  • Microsoft Security Advisory: Vulnerability in Windows Shell could allow remote code execution – Microsoft Support (filed under cool tool/utility)  Note:  links to MS “Fix it” one-click solution 50486 (to apply workaround) and 50487 (to remove workaround).  You also still have to manually disable the WebClient Service in Vista or Win7 to cover those bases as well; see Donna’s link above on that.
  • Code signing certificates used in repeat attacks -- Tim Callan's SSL Blog - Online Security (filed under perspective)
  • New Stuxnet-Related Malware Signed Using Certificate from JMicron - Points to a highly sophisticated industrial espionage operation – Softpedia (filed under perspective)
  • VeriSign working to mitigate Stuxnet digital signature theft –The Tech Herald – Security (filed under perspective)
  • Incorrect Information in MS09-014 -- Fortinet Security Blog (filed under perspective and analysis)
  • Stuxnet: A Comprehensive FAQ -- Fortinet Security Blog (filed under maybe-I-should-have-titled-this-post-a-FAQ)
  • Win32/Stuxnet: more news and resources -- ESET ThreatBlog (filed under I –wish-I –had-time-to-write-pithy-summaries-like-David)
  • Microsoft LNK Attack and Defense -- Hurricane Labs Engineering Notes (filed under attack and defense analysis)
  • Default Passwords and SCADA: Siemens Fails – /dev/null blog (filed under not-my-fault aka “the BP” defense)
  • Exploiting MS “LNK” Vulnerability -- Information Technology Enthusiast (filed under attack and defense analysis)
  • More malware exploiting Windows shortcut vulnerability -- Graham Cluley’s blog (filed under the-LNK-slick-grows)
  • Protection for New Malware Families Using .LNK Vulnerability - Microsoft Malware Protection Center (filed under small-victories)

07/31/10: More updates

Out of band Microsoft update to fix the .LNK vulnerability exploit coming August 2, 2010.  Just be aware, no soup for XP-SP2 and W2K systems!

  • Out of Band Release to address Microsoft Security Advisory 2286198 - The Microsoft Security Response Center (MSRC)
  • Stuxnet, malicious .LNKs, ...and then there was Sality - Microsoft Malware Protection Center
  • Microsoft to Issue Emergency Patch for Critical Windows Bug — Krebs on Security
  • Microsoft issues out of band update for LNK - The Laws of Vulnerabilities

Saddle up!

--Claus V.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in anti-virus software, hacks, Link Fest, malware tools, Microsoft, security, utilities, viruses | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Finally! Time to Post! New material list
    After a recent text from my bro reminding me it has been since March since I’ve done a blog post, I was finally able to clear the schedule a...
  • Oscar watch Linkpost
    Alvis and Lavie are watching the Oscars tonight and I’m along for the ride. I wasn’t able to come even close to getting out some of the pos...
  • New Year’s Day - First Post 2011
    Same day I came out with my first post after a long drought, I fell upon this article Blogging Seems To Have Peaked, Says Pew Report over a...
  • Utility Gumbo
    There’s a lot in this pot.  Probably something everyone can find to enjoy. I’m serving it up tonight out of the back of the truck on the s...
  • iodd : Multi-boot madness!
    Like many computer technicians and responders, I seem to always have at hand a collection of bootable media; CD’s, DVD’s, USB-HDD’s, flash m...
  • Ubuntu 13.10 Upgrade - Lessons Learned & VIDMA utility found
    A few weeks ago a new release of Ubuntu came out. Naturally that meant it was update time! I have been getting pretty good at this now so ...
  • Interesting Malware in Email Attempt - URL Scanner Links
    Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used t...
  • Windows 8 Linkage: A Bit Behind the Ball
    CC attribution: behind the eight ball by Ed Schipul on flickr . OK. Confession time. I’m more than a bit exhausted this weekend. Besides a...
  • Lego MiniFig Extravaganza
    picture clipped from Wired’s clip from Gizmodo clip… Thanks in no small part to the Windows 7 RC release, XPM mode research, and a big “l...
  • This Week in Security and Forensics: Beware the cake!
    Cube Party! image used with permission from John Walker at "rockpapershotgun.com" Yeah, the cake is a Portal thing.  Let’s d...

Categories

  • Active Directory
  • anti-virus software
  • Apple
  • architecture
  • art
  • AVG
  • Blogger
  • blogging
  • books
  • boot-cd's
  • browsers
  • cars
  • cell-phones
  • cheat sheets
  • Chrome/Chromium
  • command-line interface
  • cooking
  • crafts
  • crazy
  • curmudgeon
  • DHC
  • Dr. Who
  • E-P1
  • Education
  • family
  • Firefox
  • firewalls
  • For the Gentleman
  • forensics
  • Gmail
  • Google
  • graphics
  • hacks
  • hardware
  • humor
  • hurricanes
  • imagex
  • Internet Explorer
  • iOS
  • iPhone
  • iPod
  • iTunes
  • Kindle
  • Learning
  • Link Fest
  • Linux
  • malware tools
  • Microsoft
  • movies
  • music
  • networking
  • NewsFox
  • NFAT
  • Nook
  • Opera
  • organization
  • PDF's
  • photography
  • politics
  • PowerShell
  • recipes
  • Remote Support
  • RSS
  • science
  • Scripting
  • search engines
  • security
  • Shuttle SFF
  • software
  • Texana
  • Thunderbird
  • troubleshooting
  • TrueCrypt
  • tutorials
  • utilities
  • VBscript
  • video
  • Virtual PC
  • virtualization
  • viruses
  • Vista
  • Vista mods
  • wallpapers
  • Win FE
  • Win PE
  • Win RE
  • Windows 7
  • Windows 8
  • Windows Home Server
  • Windows Live Writer
  • Windows Phone
  • writing
  • XP
  • XP mods
  • Xplico

Blog Archive

  • ►  2013 (83)
    • ►  November (8)
    • ►  October (8)
    • ►  September (14)
    • ►  August (6)
    • ►  July (10)
    • ►  June (10)
    • ►  April (11)
    • ►  March (6)
    • ►  February (7)
    • ►  January (3)
  • ►  2012 (96)
    • ►  December (8)
    • ►  November (4)
    • ►  October (9)
    • ►  September (8)
    • ►  August (12)
    • ►  July (4)
    • ►  June (3)
    • ►  May (7)
    • ►  April (13)
    • ►  March (3)
    • ►  February (5)
    • ►  January (20)
  • ►  2011 (41)
    • ►  December (8)
    • ►  November (7)
    • ►  September (4)
    • ►  August (4)
    • ►  July (2)
    • ►  June (6)
    • ►  March (5)
    • ►  February (1)
    • ►  January (4)
  • ▼  2010 (69)
    • ►  December (1)
    • ►  October (3)
    • ►  September (2)
    • ►  August (13)
    • ▼  July (17)
      • Network Monitoring Madness: Poor Man’s Resource Li...
      • Network Linkfest
      • Super-Fast Linkfest Throw-down: Pt II
      • Fun Tiny Find: Mouse Jiggler
      • Super-Fast Linkfest Throw-down: Pt I
      • Security and Forensics Linkfest: Weekend Edition
      • Windows zero-day exploit?: USB storage + .lnk file...
      • Threat Vector: Xerox WorkCentre Pro scanned to ema...
      • Tracking down a BSOD Crash: AESTAud.sys
      • Firefox and Flash Security Warning Annoyance: Bani...
      • iodd : Multi-boot madness!
      • Micro-Linkfest
      • D-Link DIR-655 Updates
      • Fourth of July Fireworks
      • TeamViewer and WinPE: “Off-Line” Remote Support
      • GSD Hurricane Tracking Links – 2010
      • Firefox 4.0b2 – “Official” x64 Bit Edition Available
    • ►  June (3)
    • ►  May (3)
    • ►  April (3)
    • ►  March (11)
    • ►  February (1)
    • ►  January (12)
  • ►  2009 (177)
    • ►  December (20)
    • ►  November (11)
    • ►  October (7)
    • ►  September (7)
    • ►  August (21)
    • ►  July (17)
    • ►  June (7)
    • ►  May (18)
    • ►  April (9)
    • ►  March (17)
    • ►  February (23)
    • ►  January (20)
  • ►  2008 (35)
    • ►  December (23)
    • ►  November (12)
Powered by Blogger.

About Me

Unknown
View my complete profile