Keep your Java Runtime Environment (JRE) updated

Everyone is talkng about patching their Windows, updating their AV(Anti Virus). But not many people really bother whether their Java Runtime Environment(JRE) is patched or up to date.


Many websites uses Java. Searching on the Vulnerabilities for JRE from the National Vulnerability Database (NVD), 23 vulnerabilities were found for the past 3 months. Majority of them are rated Severity High by NVD.


Recently, Java website provides a link to verify whether one's JRE version, is up to date. It will also prompt to download and install the latest version if older version was found. It is very useful and it just ttook less than a minute to check your JRE version.

You can click HERE or goes to the link below to check your JRE now. http://java.com/en/download/installed.jsp

趁火打劫 (Loot a burning house)

趁火打劫 (Loot a burning house) is one of the Thirty-Six Stratagems (三十六计). This stratagem basically teaches one to "attack" when the "enemy" is at the weakest, troubled by internal problem such as natural disaster.

As many of you may know the state of Victoria in Australia has seen the worst bushfires ever. The death toll seems to hit over 300 and it seems that the fire were deliberately lit. Some people are using this "opportunity" to carry out a "Loot a burning house" stratagem.

Many domains, that may sound relevant to the bushfire, are registered. Websites requesting for donations starts to appear. These people are trying to profit from this event either by sell those potentially demanded domain or by posing as collectors for charities.

There are some suspicious websites that are claims to collect donations and forward them to respective organisations.

- bushfireappealqld.org


This site claims to be collecting donation for Australian Red Cross.


Each donation is AUD$15 using Paypal


From the Whois record, the site belongs to "Yasin Odeh from Queensland"

- bushfirevictims.com


This site seems to be selling CD and donate AUD$10 from each CD sold to the bushfire. But he did not state which organisation he will donate to. The website also accept donation for the bushfire.


From the Whois record, the site belongs to "Bayram Kudret from Victoria"

There are other suspicious domains that have yet to put up any webpages such as:
- bushfirebunker.com
- bushfirerelief.info
- bushfireshelters.co
- bushfireactionplan.com
- bushfirehomes.com
- bushfirehomes.org
- bushfirehousing.net
- bushfiresafety.net
- victorianbushfires.info

There are others domains that are reserved. Maybe to make profit from the demand of the domain or to be reserved for organisation to use. To name afew,
- bushfireappeal.org
- bushfirerelief.com
- australianbushfires.com
- victorianbushfirereliefvolunteers.org

Besides all the suspicious domains and websites, there are also many that provide support for victims, or information and either do not ask for financial donations or redirect donations to the red cross or Salvation Army.
- victorianbushfire.com
- victorianbushfireforum.com
- bushfireappeal.com
- bushfirehousing.org
- victorianbushfires.com

If anyone want to donate for victims of the Australia Bushfire, i encourage them to use the official Australian Red Cross site or the Salvation Army websites.

Lastly, i wish to dedicate this post and my regards to all the victims and their family.

IPv6-101: Whats new in IPv6?

It's been coming for some time now. We are hearing about IPv6 since ages, but for every IP crunch, some or the other technology has extended the life of IPv4 (the last and very important) like local IPs and NATs. Beijing Olympic 2008 was IPv6 compatible, Cisco wants to make its all networking equipments IPv6 enabled, Google is on IPv6 and US DoD has made it compulsory to support IPv6 for every new deal... looks like we have to learn about IPv6 sooner rather than later.

The version of IP currently being used on the internet is IPv4 and is around for 20 years. IPv4 is remarkably resilient in spite of its age, but it is beginning to have problems. The most serious problem with IPv4 is shortage of IP address space for internet growth. IPv6 has much larger address space than IPv4. IPv6 uses 128bit address as compared to just 32bit address space used by IPv4. The new address space thus supports 2128 addresses. This expansion eliminates NATing, gives flexibility in allocating addresses and routing. The other important features implemented by IPv6 include stateless auto-configuration, network renumbering with router announcements, standard subnet size, mandatory security at network layer etc. As of now IPv6 is implemented on all major operating systems in use in commercial, business, and home consumer environments.

This video is about important features of IPv6. It starts with, how to check that your computer is IPv6 enabled or not and then discusses the main features like

- Extended address space
- Auto-Configuration
- Simplified header formats
- Improved support for options and extensions
- Security at internet layer
- Better routing decisions etc.


You can also view the video from SecurityTube


Note:
Thanks networkwiz for sharing his IPv6-101 video series. It will start with the basic introduction to IPv6 protocol. This video series will serve as a IPv6 tutorial for beginners and will help as a quick reference for advanced users. I will try to add more and more practical examples and real life scenarios in IPv6 tutorial video series along with the theoretical explanation

AV website been hacked AGAIN!!

Within 3 days, two Anti-Virus (Kaspersky & Bitdefender) websites were reported being hacked. Sensitive information such as Users info, account password were claim to be havested. Both attacks were reported to be using simple SQL injection on their databases.

Kaspersky
The hacker posted in the blog, claiming that just by altering one of the parameters, he was able to access every field in the database such as users, activation codes, lists of bugs, admins, shop, etc. So far, representatives from Kaspersky declined to comment on the vulnerbility.

The picture shows the version, username and name of the database. The other shows username, host and password for mysql user.



Updated on 15 Feb 09
An independent auditor has reported that no customer information was exposed during last week breach on the Kaspersky website, after an internal investigation conducted by the firm.

It wasn't the first time that a Kaspersky site was hit by a SQL injection attack. In July last year, Kaspersky's Malaysian site was defaced by hacker who left pro-Turkish slogans "hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members".


Bitdefender
Bitdefender's portugese also been hit by SQL injection attack on their database. Customer sensitive data were extracted. It was said that "bitdefender.pt" is hosted by a reseller for bitdefender.

The picture shows the version, username and name of the database. The other shows the Admin userName, userPass, sessionID and lastlog.



The attack extracts details of the customers and sales table (tabel vendas). Under the table inscricoes(Newsletter), there are thousands of email addresses that can be useful for spammer.



Related Reports:
- SecurityFocus: Kaspersky exposes sensitive database, says hacker

- ZDnet.com: Kaspersky’s Malaysian site hacked by Turkish hacker

- HackerBlog: Bitdefender (Portugal) exposes sensitive customer data

Updated Report
- Kaspersky breach: No user info lifted, auditor confirms