MIR-ROR 1.1 is available on the CodePlex MIR-ROR site. This is a minor update to the MIR-ROR script including a repaired path declaration. We also removed a pause statement to promote improve WMI scripting with MIR-ROR.
MIR-ROR is a specialized, command-line script for incident response that makes use of the Windows Sysinternals tools, as well as some other useful tools. Further, you can easily enhance the script to your liking with whatever command line tool you require for response.

Thanks to Bryan Casper, Mike Maonde, Alex Alborzfard, Gene Morganti, Andreas Bunten, Harlan Carvey, and Rick Wanner for feedback after the initial release.

del.icio.us | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

Article by Zen Habits contributor Jonathan Mead; follow him on twitter.

We often think that our success depends on focusing on ourselves. But this simply isn’t true.

Every successful person knows that you become successful because of how much value you give to others.

Yet, we often forget this.

It works the same way with our happiness, too. When I become overly focused on my goals and my feelings and my desires, I start to feel down. When I become focused on myself, it’s easy to think that everything is about me. But it’s not. And when I’m so focused on myself, I start to become easily offended by others. I think that others do things that I don’t like because of me, when they’re really just doing those things because of themselves.

See how easy it is to become depressed when you feel overly self-important?

That’s why it helps to turn your attention to others, and put your focus on giving, rather than receiving. You would think that by giving all the time, you will never receive. But the exact opposite is true; it’s because you give so much that you attract the desire for others to give back to you.

It’s crazy how this works:

• The best way to be interesting is to be interested in others.
• You gain more physical energy by burning energy when you exercise.
• The way to be loved is to be lovable.
• When you seek to understand, others are more likely to want to understand you back.
• By helping others, they are more inclined to help you in return.

I think it’s interesting how we intuitively know these things, but somehow our ego gets in the way. Our self-importance makes us think that we need to receive to justify giving. This is the same part of you that seeks to be right instead of happy. Is it worth it?

I think it’s a much more empowering position to be the one that gives first. Otherwise, who knows how long it will take the other person to initiate, if it even happens at all. To wait for others to give is like waiting for someone to give you what you want. Why not just ask and find out what happens?

Giving yourself away.

When you can give without expecting anything in return, you have mastered the art of living.

Is it any wonder that the most successful people in the world are masters of giving? The most successful people are the ones that provide the most value to others.

So the question is: How can you give more of yourself away?

I think you’ll find, as I have, that you’re most fulfilled not when you’ve done something really cool, or when you’re doing something that excites you (not that those things aren’t important). You are most fulfilled when you’re serving others.

Here are some suggestions for small, but powerful ways you can give to those around you today:

• Drop the expectations that you have for your partner and your family. Instead of expecting them to behave a certain way to you, see how you can show them how much they really mean to you.
• Give away your attitude. This is really one of the most awesome ways you can give to others. Your attitude and positive energy has an amazing effect on those around you. Darkness, when approached with light, becomes illuminated. In the same way, low energy, when approached by higher energy, dissolves. Help dissolve others’ lower energy patterns by bringing your higher, positive energy to them.
• Gift your intention. Whenever you encounter someone, say a silent blessing or send them a positive intention, instead of judging them.
• Show your gratitude. Write a simple note or letter expressing to someone how much they mean to you and the reasons you love them. The impact this will have on the receiver is amazing.
• Simply offer your help. If there’s nothing specific you can do for another person, simply let them know that if there is ever a way you can help, you would like them to let you know.

These things may seem small, but I think the world is changed by a profusion of micro ideas. Revolutions start with small actions.

So what I’d like to ask you now is, How can I help you? Let me know!

This article was written by Zen Habits contributor Jonathan Mead of Illuminated Mind.  For more ways to give back, grab a copy of Reclaim Your Dreams.

WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages.

Core Security found that admin pages added by certain plugins could be viewed by unprivileged users, resulting…

So MS releases this waring, with a KB with a "FixIT!" button, when clicking it your are automaticly protected. But what if you have a couple of hundred PCs, even thousands.

MS says, yes change these registrty keys, you can deploy them using Group Policies.

Well wouldn't it be nice if MS would supply a policy template file (.ADM) and save IT Pro's a lot of time. Unfourtunalty no.

So I spend some time creating it the day before yesterday, but yesterday I discoverd a better one. I combined it and here it is,

Download: http://bink.nu/files/folders/scripts/entry44446.aspx

KB972890 Workaround – Prevent Microsoft Video ActiveX Control in Internet Explorer
http://support.microsoft.com/default.aspx/kb/972890
When patch is released and deployed, first disable this policy before removing the GPO!
8 July 2009: Steven Bink (http://bink.nu) and 'DataBitz' (http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24548832.html)

Send via e-mail | Submit to Digg | Add to Live Favorites

So MS releases this waring, with a KB with a "FixIT!" button, when clicking it your are automaticly protected. But what if you have a couple of hundred PCs, even thousands.

MS says, yes change these registrty keys, you can deploy them using Group Policies.

Well wouldn't it be nice if MS would supply a policy template file (.ADM) and save IT Pro's a lot of time. Unfourtunalty no.

So I spend some time creating it the day before yesterday, but yesterday I discoverd a better one. I combined it and here it is,

Download: http://bink.nu/files/folders/scripts/entry44446.aspx

KB972890 Workaround – Prevent Microsoft Video ActiveX Control in Internet Explorer
http://support.microsoft.com/default.aspx/kb/972890
When patch is released and deployed, first disable this policy before removing the GPO!
8 July 2009: Steven Bink (http://bink.nu) and 'DataBitz' (http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24548832.html)

Send via e-mail | Submit to Digg | Add to Live Favorites

Here is the latest milw0rm exploits tarball.
God bless twitter for allowing us making a lot geeky dudes and share information so fast so quick and happily.
Big thanks to devilok & mikemurr for sharing.
Download (local copy on security-database.com)

-
Security Tools

Advance Notification for the July 2009 Security Bulletin Release

Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of:

·          Three Critical updates affecting Windows.

·          One Important update affecting Publisher.

·          One Important update affecting Internet Security and Acceleration (ISA) Server.

·          One Important update affecting Virtual PC and Virtual Server.

I want to provide some clarity on two of the pending Windows updates mentioned. First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890).

As you know, this information may change between now and next Tuesday. We will do our best to keep you updated if it does.

Some notes on restart requirements: One of the three updates for Windows will require a restart, the others may if the DLL being updated is in use. This goes for the Publisher update as well. To reduce your chances of requiring a restart, please see Knowledge Base article 887012. Both the ISA Server and Virtual PC/Virtual Server updates require restarts. Note however that the Virtual PC/Virtual Server update will not prompt you so you should factor a manual restart in to your deployment plans as soon as possible.

On release day, look for additional information on both this blog and the Security Research and Defense blog.  If you have questions or would like more information about this month’s release, please plan to attend our regularly scheduled security bulletin webcast on Wednesday, July 15, 2009, at 11:00 a.m. PDT (UTC –7). Click HERE to register.  

Thanks!

Jerry Bryant

*This posting is provided “AS IS” with no warranties, and confers no rights*

Published 07-08-2009 -
Every business needs a realist. In the world of enterprise technology, this is the IT specialist.

It looks like Apple released safari 4.0.2 for OS X and Windows platforms.
It would appear that this new versions addresses the following security related issues in WebKit (as well as some performance increases in the nitro JS engine).
Detailed information can be found at Apples KBarticle: http://support.apple.com/kb/HT3666

CVE-ID: CVE-2009-1724

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

CVE-ID: CVE-2009-1725

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Description: A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.

You can get the new version of Safari at the url below.
http://www.apple.com/downloads/macosx/apple/application_updates/safari.html

It looks like Apple released safari 4.0.2 for OS X and Windows platforms.
It would appear that this new versions addresses the following security related issues in WebKit (as well as some performance increases in the nitro JS engine).
Detailed information can be found at Apples KBarticle: http://support.apple.com/kb/HT3666

CVE-ID: CVE-2009-1724

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

CVE-ID: CVE-2009-1725

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Description: A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.

You can get the new version of Safari at the url below.
http://www.apple.com/downloads/macosx/apple/application_updates/safari.html

Reader Paul writes in with an interesting tip for using relative paths in a batch file: you can use a special code to represent the current path—useful for batch files on a Flash drive.

We’ve previously covered a similar way to create shortcuts that run off a USB stick—but if you need the full path to the batch file regardless of the machine you plugged it into, you can substitute %~dp0 anywhere you want to use the current path of the batch file. Paul explains:

If you use “%~dp0″ (sans quotes) in a batch file, this will point to the batch file’s path. For example :

SET MAC=00:00:00:00:00:00
%~dp0mc-wol.exe %MAC%

MC-WOL.EXE is a wake-on-lan program, and this script wakes up the PC ready for the boss to remotely access his PC. I can get him to wake up his PC remotely without confusing the poor thing too much.

It’s one of those tips that might not be useful for everybody, but it could really come in handy as part of your flash drive toolkit. For more, you can check out how FAST is a geeky command-line database, or how to kill multiple applications from the command line with a batch file. Thanks, Paul!

Got any useful batch-scripting wisdom to share? Tell us in the comments.

We’ve received multiple emails today from readers who cannot reach Milw0rm. The site’s owner, str0ke, left this message on the site yesterday:

Well, this is my goodbye header for milw0rm. I wish I had the time I did in the past to post exploits, I just don’t :(. For the past 3 months I have actually done a pretty crappy job of getting peoples work out fast enough to be proud of, 0 to 72 hours (taking off weekends) isn’t fair to the authors on this site. I appreciate and thank everyone for their support in the past.

Be safe, /str0ke
Marcus H. Sachs

Director, SANSInternet Storm Center

Last week we showed you how to crack a Wi-Fi network’s WEP key using a live CD and some command line fu. Today we’ve got other cracking options—but more importantly, clarification on the point of all this.

Even Easier Ways to Crack WEP

The cracking method we covered last week involved typing in 10 tedious commands you can easily fat-finger. While there’s no super-simple GUI with a giant button that says “Crack this network” and plays James Bond theme music, a couple of windowed options are much more usable.

SpoonWep in BackTrack 3 (booted on a PC or Mac or in VMware)
With the same BackTrack 3 live CD or VMware image that we used last week, you can bypass almost all the commands you see there and use SpoonWep instead. When you’re booted into BackTrack 3, from the KDE menu, choose BackTrack>Radio Network Analysis>80211>Cracking>SPoonWep. You’ll get the window you see in the screenshot here. All you need to run SpoonWep against a Wi-Fi network is its channel and BSSID. (I used the previously-mentioned airodump-ng command to get the BSSID of my router; you can also use Kismet in the BackTrack>Radio Network Analysis>80211>Analyser folder of BackTrack’s KDE menu to get that info.)

Enter the BSSID in the “Victim Mac” field of SpoonWep. Choose your Wi-Fi adapter from the drop-down, set the channel, and launch your attack. Increase or decrease your injection rate using the slider. (Thanks to thehacker123, PrunellaIguana and RamonHans for pointing out SpoonWep.)

As for the BackTrack 4 pre-release, commenters point out that it supports more wireless cards and can crack passwords faster using aircrack-ptw. BT4 consistently froze on me, but I believe it was the version of the Alfa USB adapter I was using that caused the problem, so your mileage will likely vary.

KisMAC for Mac OS X
If you want to get your crack on Mac-style, download the free KisMAC. KisMAC cannot crack WEP with your regular old built-in Airport card; you’ll still need a card that works with a KisMAC driver which supports packet injection. Here’s a list of the built-in drivers KisMAC comes with, and the list of wireless adapters that work with those drivers. If you’re using an Alfa 500mw like I am, you can use the USB RTL8187L driver. The YouTube video below walks you through the steps. From KisMAC’s Preferences pane you add the driver that works with your wireless adapter. Scan for networks, choose the one you want to crack, and from the Network menu choose “Deauthenticate.” Then, also from the Network menu, choose “Reinject packets.” Once your “Unique IVs” number is high enough, from the Network menu, choose Crack and then pick your attack.

The clip demonstrates a “Weak Scheduling Attack” against a 40-bit key in action with KisMAC. Go full screen and high quality for best legibility.

Windows: aircrack-ng suite
As far as I can tell, there is no non-command line software you can install on Windows to crack WEP. There are plenty of tutorials on how to install the aircrack-ng suite on Windows and run it. I half-heartedley tried a few on my own but just went back to BackTrack 3. (If you’ve got to use the CLI anyway, might as well do it from a Linux image.) If your Cygwin-devoted heart is braver than mine, here’s how to install Aircrack-ng for Windows and a longer tutorial on how to crack WEP on Windows XP Pro SP2.

The Point: Now You Know How to Better Secure Your Wireless Network

Knowing how to crack WEP keys doesn’t mean you go out and actually break into people’s Wi-Fi networks. It means you’ve seen, firsthand, exactly how crackable WEP keys are. I’ve “known” for years now that WPA is more secure than WEP, but the bridge on my network offered WPA but couldn’t authenticate with it on my (old, cheap) router. It wasn’t until I wrote the article last week that I got an updated router that did work. That’s the power of seeing something in action you’ve normally got to wade through nefarious blackhat web sites to dial into.

This is sticky issue, of course. But thanks to all of you, the comment thread on last week’s howto illuminated some of the best points about the wireless security issue. To recap:

WEP doesn’t actually keep anyone out. I like MaribelAlligator’s comparison of a WEP key to a home bathroom lock, the one you can open just using a bent paperclip. Everyone knows how to unlock it, but when it’s locked everyone who walks by understands they should stay out. Glenn Fleishman likens WEP to a “No Trespassing” sign—a clear indicator the people inside don’t want the uninvited in, but nothing that will actually keep people out.

WPA is crackable as well, but it’s more difficult (especially WPA2). A wired network is more secure than a Wi-Fi network because it’s more difficult to connect to it. But if wiring up your home isn’t an option—and let’s face it, it really isn’t something any one of us wants to do—opt for WPA2 where possible. As several commenters pointed out, WPA has been cracked in some circumstances as well, but it’s not done as easily as WEP. To explain, MaribelAlligator continues the “bathroom lock” analogy:

WPA is like a standard door lock; it’s a lot more secure, but it is still possible to get by for someone with the right tools, knowledge, and circumstances. WPA2 is like a bank safe. It may be possible to defeat, depending on how it’s been set up, but it’s not realistically possible for anybody to actually do so… yet.

Filtering MAC addresses and hiding SSID’s doesn’t matter to folks who want to get in. A few commenters said they’ve stopped broadcasting their router’s SSID, and set up MAC address filtering, which only allows particular devices to connect to it. These measures will stop folks who don’t know what they’re doing, but not those who do. Spoofing a MAC address is very easy, and any network scanner worth its salt (including free ones like NetStumbler) detect networks with hidden SSIDs. To continue the bathroom lock analogy, MaribelAlligator said:

Not broadcasting your SSID is like taking the numbers off of your house – The house is still there and everyone can see it, it’s just a bit harder to find for people that don’t know what they are looking for already. Filtering by MAC address is like having a guard at the door that checks everyone’s name against a list to see if they can enter. The only problem is, he doesn’t ask for ID or remember what people look like, so anybody can and can listen in to see what names are allowed and then claim to be anybody else.

The bottom line: Protect your stuff using multiple layers of security. Whether your network is wired or wireless, open, WEP, WPA, or WPA2, take several measures to secure your important stuff. Password your network shares (choose good ones!), do virus and malware sweeps, back up your data, run firewalls—in short, don’t rely entirely on your wireless router’s password (whether it’s WEP encryption or not) to keep out intruders.

If you’ve got old devices that ONLY support WEP… Like everything in life, you’ve got to balance risk and reward. If your Nintendo DS only speaks WEP, and you want wireless access, use WEP knowing what the risks are. Ben D. makes a great point about WEP-only devices:

Make sure your firmware is up-to-date, and if it is, lobby the heck out of the manufacturers to start supporting WPA2. “I saw this article on Lifehacker”… It’s totally outrageous that any manufacturer-supported wireless device, in 2009, would only offer WEP.

Thanks to everyone who dropped knowledge in the comments on the previous tutorial. Now go forth and configure your wireless network as it should be.

Gina Trapani, Lifehacker’s founding editor, is finished with this Wi-Fi encrypted key-cracking business. For now. Her weekly feature, Smarterware, appears every Wednesday on Lifehacker. Subscribe to the Smarterware tag feed to get new installments in your newsreader.

Whilst researching videos for security awareness programs, SecurityVibes came across the award winning Barclays series and spoke with Jonathan Rhodes the main actor in the series. Jonathan kindly sent us this email.
"Thank you for promoting my YouTube account; I may add that I only use YouTube to embed into my own site and that this would be a more pertinent place to point readers to – specifically this link to the series of Barclays videos, that I have hyperlinked into the word Barclays."
The one featured below on password security was our favourite.

Whilst researching videos for security awareness programs, SecurityVibes came across the award winning Barclays series and spoke with Jonathan Rhodes the main actor in the series. Jonathan kindly sent us this email.
"Thank you for promoting my YouTube account; I may add that I only use YouTube to embed into my own site and that this would be a more pertinent place to point readers to – specifically this link to the series of Barclays videos, that I have hyperlinked into the word Barclays."
The one featured below on password security was our favourite.