WinZip opens security hole in Windows 2000

Some versions of popular file compression utility WinZip apparently contain a security weakness that rears its ugly head in Windows 2000 systems. The root of the issue has to do with WinZip versions 11.0 through 11.2 containing a vulnerable version of gdiplus.dll graphics library that has since been patched by Microsoft in September.

Viewing malicious images with a vulnerable version of gdiplus.dll could result in an arbitrary execution and infection. In this scenario, affected versions of WinZip on Windows 2000 will use the vulnerable gdiplus.dll file installed in the WinZip program folder by default instead of the system-supplied version.

Interestingly, WinZip says that versions prior to 11 do not contain the vulnerable library. Users — especially those on Windows 2000, are encouraged to update to WinZip 11.2 SR-1 or WinZip 12 as soon as possible. Read more about this issue over at heise Security UK

Hackers using Google Trends in social engineering attempts

Hackers are tapping into the use of Google Trends to lure victims to fake blogs riddled with malware. According to security software maker Webroot, what is happening is that Trends is used to identify the stories and keywords that Web surfers are looking for. Accordingly, fake blogs with links to the most sought-after news that users are searching for are created in order to lure them in via the search engine. These malicious blog pages are designed with standard social engineering tricks to get users to download Trojans or non-existent codecs.

Excerpt from eWeek:

Once a user clicks on one of the video links, they are asked to download a video codec. The codec downloads a rogue anti-spyware program geared to bait the user into buying an illegitimate program that may put their personal information and data at even greater risk.

This sounds like these hackers are attempting to use SEO techniques to garner a bigger stream of incoming traffic. There is really nothing much that security administrators can do here except to ensure that computers are properly updated with the latest patches and antivirus definitions.

New bill to address laptop searches at borders

A new bill designed to limit border searches of laptops and other electronic devices have been announced. The Travelers Privacy Protection Act bill will allow border agents the right to conduct searches on electronic devices only if they have reasonable suspicions of wrongdoing. Even then, agents can only take the device out of its owner’s possession up to 24 hours, after which the search would be deemed a seizure, requiring that probable causes be furnished.

In a statement, Senator Russ Feingold noted that the decision to propose this legislation comes in the wake of the failure of the Department of Homeland Security to furnish information pertaining to searches of electronic devices and any limitations on its scope and power.

Excerpt from the statement:

“Most Americans would be shocked to learn that upon their return to the U.S. from traveling abroad, the government could demand the password to their laptop, hold it for as long as it wants, pore over their documents, emails, and photographs, and examine which websites they visited –- all without any suggestion of wrongdoing,” Feingold said in the statement. “Focusing our limited law enforcement resources on law-abiding Americans who present no basis for suspicion does not make us any safer and is a gross violation of privacy.”

Has anyone on TechRepublic encountered an invasive search of their laptops or cell phones so far? Read this SecurityFocus article for more information.

Newly discovered bugs have potential to crash Internet systems

Security researchers Robert Lee and Jack Louis from security vendor Outpost 2 say they have discovered a number of critical flaws in the TCP/IP protocol that can be used together to take down Internet systems via denial of service (DoS) attacks. The concern here is that such an attack could be launched with very little bandwidth.

Whats more, results range from “complete shutdown of the vulnerable machine, to dropping legitimate traffic” meaning effects of an attack could persist beyond the cessation of the DoS attack. So far, the team has tried it successfully on Windows, Linux, embedded systems, and even firewalls. Few technical details are available at this point, though Lee says that the vendors that need to be informed have already been contacted.

Not everyone agrees with the way this issue is handled though. Arbor Networks Chief Security Officer Danny McPherson noted that, “These partial disclosures really do little more than trigger a slew of skepticism.”

Feel free to to discuss the various security events here.