Archive for November, 2007

Apple Mail vulnerability walk-through

Wednesday, November 21st, 2007

Heise Security has released information about an Apple Mail vulnerability which is the resurrection of a bug that affected Mac OS X Tiger back in 2006.

Apple Mail transports information about which program should be used to open a file (content type: multipart/appledouble;) in an additional attachment that is invisible to Mac users. Attackers can then call a shell script "image.jpg" and nonetheless have commands in the script executed. Apple took care of this security problem with an update in March 2006. This email has a shell script attached to it that is disguised as a JPG. If your version of Apple Mail does not have the patch, it will show the icon for an image but nonetheless execute the commands contained in the attachment without further ado. This script only opens a terminal and displays the content of the current directory.

Heise have a web app that will send you a test email containing an attachment that will open a terminal window and display the contents of the current directory. Out of curiosity I decided to take a look at this. Here's the steps users would have to go through to be compromised:

  • Receive an affected email.
  • Open the attachment.
  • Confirm that you want it opened.

Apple Mail vulnerability walk-through

And that's it. The good thing here is that the Mac OS does warn the user that this is an application that will be opened in Terminal. If users have their eyes open they should spot this.

Here's the fake JPG file next to a real one:

Apple Mail vulnerability walk-through

Here's what Get Info brings up:

 Apple Mail vulnerability walk-through

However, bringing back a bug from the dead is embarrassing for Apple. Hopefully this will be picked up soon.

HELP! My CD/DVD-ROM drive has disappeared!

Wednesday, November 21st, 2007

Question: HELP!  My CD/DVD-ROM drive has disappeared!  I can see it in Device Manager but not in Windows Explorer.  I'm running Windows Vista.

There is a fix for this, but unfortunately you have to go digging into the system registry.

Here's how you fix things:

  1. Fire up Regedit (Click Start and type regedit into the search box and click on the listing that appears in the Start menu).  Note that you will get a UAC prompt.
  2. Navigate to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
  3. Click on this key and in the right pane and right-click on UpperFilters and choose Delete.
  4. Repeat the process for the LowerFilters values.

Reboot.  Job done!

Don’t give up on Vista

Wednesday, November 21st, 2007

Here's a Mac ad that made me chuckle ...

Mac ad

ITsafe Warning 07-015

Wednesday, November 21st, 2007

Title
=====
ITsafe Warning 07-015

What is it?
===========
Loss of Personal Data from HMRC

What does it affect?
====================
ITsafe subscribers will be aware from the Press that some CDs being sent between HM Revenue and Customs (HMRC) and the National Audit Office (NAO) are unable to be traced.

These CDs contain child benefit details of some 7.25 million families (about 25 million people), with information including names, addresses, dates of birth, bank account and National Insurance numbers.

What does it do?
================
The status of these discs is unknown, with the Metropolitan Police currently investigating the event: the Chancellor of the Exchequer, Alistair Darling MP, has stated that there is no suggestion that anything untoward had happened as a result of the discs' loss to date.

Of concern is that should the discs fall in to the wrong hands, the information could be useful to criminals, and aid Identity Fraud.

How do I fix it?
================
As a precaution, ITsafe subscribers are recommended to:

- Ensure you are following good password procedures as explained by our partners at GetSafeOnline
(http://www.getsafeonline.org/nqcontent.cfm?a_id=1127): if any of your passwords are things like date of birth or name, these should be changed

- Do not give out any personal information or account information if anyone contacts you unexpectedly, and in particular be vigilant for spoof emails, which could, if this additional information became available, look more convincing if they claim to come from HMRC or banks. HMRC have some existing guidance about this (http://www.hmrc.gov.uk/security/spoofs.htm)

- Monitor your bills, invoices, receipts and bank statement entries for things you do not recognise, and if you find any, inform your bank immediately: if you are the innocent victim of banking fraud you will not have to pay

ITsafe's Small and Medium Sized business customers are recommended to also review their procedures for storing and sending any personal or otherwise sensitive information in the light of these events, to ensure they would not encounter any similar potential Data Protection problems should such electronic information become mislaid or stolen.

Details of Specific Problem
===========================
Further details on the issue is available from HMRC and from APACS, the Banking organisation:

- HMRC statement (http://www.hmrc.gov.uk/childbenefit/customer-update.htm)

- APACS statement
(http://www.apacs.org.uk/BankingindustryresponsetoHMRCdatacomprise.html)

Notes
=====
ITsafe Warnings are issued by e-mail when significant risks have been identified that are likely to affect the majority of ITsafe users.

ITsafe Team
Making IT safe for You
http://www.itsafe.gov.uk
The UK Government Alerting and Advisory Service for Information and Communications Technologies (ICT) Security

First look at Firefox 3.0 Beta 1

Tuesday, November 20th, 2007

Web developers (and add-on developers) take note - Firefox 3.0 Beta 1 has hit the Internet.

First, the disclaimers:

Please note: We do not recommend that anyone other than developers and testers download the Firefox 3 Beta 1 milestone release. It is intended for testing purposes only.

Firefox 3.0 beta 1

I've posted some initial thoughts on this latest incarnation over on ZDNet:

Is Firefox 3.0 going to be better?  Given what I’m seeing so far, I think so.  Why?  Because it looks like Mozilla have gone back to basics and worked on what really matters to users - security, speed and ease of use.

Everything about Firefox 3.0 beta 1 is fast.  The download package is small which means that it comes in fast, the installation is fast, the browser fires up fast, pages and tabs open fast, the browser shuts down fast, and the uninstall process is fast and painless (I always like to test the uninstall process on applications because there’s nothing worse than having a bad house guest on your system that you can’t get rid of).  This is all good stuff.