ENHANCED MITIGATION EXPERIENCE TOOLKIT (EMET)

S

oftware is ubiquitously and fundamentally in all computing devices. Applications are developed using numerous sorts of programming languages, programmers and software vendors (with diverse training, experience and programming know-how). This creates difficulty in determining and discovering vulnerabilities present in software developed in house, vendor supplied or outsourced. It is very hard to determine the severity of a vulnerability that is or will be present having installed software package in a work environment.

Software Vendor market has become economic weapon as they try to outdo each other. The motivation being to seize software market segments so as to stay dominant. To achieve this, dirty tricks are deployed by competitors and hackers by use of malwares, viruses, Trojans and worms so as to mudsling competitors. The motivation of the attackers and the profile of a victim all play into who ultimately get attacked and who doesn’t. To prevent this, organizations need to deploy tools to deter this kind of attacks; example of this kind of a tool is Enhanced Mitigation Experience Toolkit (EMET). The tool is freely available and downloadable at Microsoft website. The tool plays a very critical role in enhancing the bank network security and detects malicious activities.

EMET is a free mitigation tool that helps system administrators, IT Professionals and developers beef up the security of third-party applications by helping prevent vulnerabilities in software (both Microsoft and third parties) from being successfully exploited. The tool protects through the state-of-the-art security mitigation technologies built into Windows, even in cases where the programmer of the software didn’t include security controls / code hardening so that the software is more resistant to known, zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.
Continue reading ENHANCED MITIGATION EXPERIENCE TOOLKIT (EMET)

Oracle Critical Updates

Oracle has released its Critical Patch Update for October 2013 to address 127 vulnerabilities across multiple products.
It consists of 51 Java vulnerabilities, 21 have a CVSS scores of at least 9 ie. The attack vector is so hight that an attacker could control the vulnerability to hack the system. 12 vulnerabilities have a CVSS score of 10, which means and attacker could use these vulnerabilities to hijack a system distantly without requiring verification.
Qualys CTO Wolfgang Kandek states that many of the 76 other vulnerabilities addressed in Oracle’s other products allow for remote unauthenticated access for an attacker. Therefore IT admins to apply these patches, predominantly those connecting to applications that are accessible through the internet
This update contains the following security fixes:
• 6 for Oracle Industry Applications
• 1 for Oracle Financial Services Software
• for Oracle Supply Chain Products Suite
• 8 for Oracle PeopleSoft Products
• 9 for Oracle Siebel CRM
• 2 for Oracle Primavera Products Suite
• 17 for Oracle Fusion Middleware
• 4 for Oracle Enterprise Manager Grid Control
• 1 for 51 for Oracle Java SE
• 12 for Oracle and Sun Systems Products Suite
• 2 for Oracle Virtualization
• 8 for Oracle MySQL
• 2 for Oracle Database Oracle E-Business Suite
• 2 for Oracle iLearning
Visit oracle website for more in-depth analysis

Alert:A backdoor found in many D-Link devices allows to bypass authentication

Are you using Dlink wireless router? You need to watch out if your device is one of the following or any Dlink family (more info to be available as more tests are made available on affected devices);

  1. DIR-100
  2. DIR-120
  3. DI-624S
  4. DI-524UP
  5. DI-604S
  6. DI-604UP
  7. DI-604+
  8. TM-G5240

The backdoor identified enables the attacker to access the administration web interface of network devices without any authentication and view/change its settings. The backdoor was found in the  firmware v1.13. for more information visit http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/. The article the Reverse Engineering a D-Link Backdoor.

How to mitigate the vulnerability

The company also offered this advice: “As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.”http://www.dlink.com

Also ensure that;

  1. Unsolicited emails – Don’t open any unsolicited emails from unknown people or organisations. by clicking the URL you might enable unauthorized user access your router administration page;
  2. Make sure that your wireless network is secure by enabling secure communication by use of encryption (AES is the clear choice for best security);
  3. Disable remote access of your router (this is disabled by default);
  4. Download the firmware install guide provided within the ZIP firmware package and update the firmware when Dlink officially releasing the patch (visit http://www.dlink.com/uk/en/support/security for any official release of Dlink updates)
  5. Lastly, Ensure strong authentication passwords to access administration interfaces.

The flaw is serious as the attacker with the technical know-how of how to conduct the attack. I would recommend that we check the model of Dlink devices being used so as to determine if the devices we are using are affected and monitor closely the traffic in these devices. The firmware to be upgraded as soon as Dllink releases the update.