Wednesday, July 21, 2010

Stuxnet attacks! One more Zero-day for Microsoft Windows

In spite of its attack vector, the new worm exploiting a shortcut processing vulnerability becomes very popular. It would seem that this malware distribution vector was to become inefficient long ago, because this method of spreading worms has been used since the time of Elk Cloner (1982). However, 28 years later, we face this attack vector again, but the infection speed has become much higher and the scale has become much wider.

Event Chronology

The Byelorussian antivirus company VirusBlokAda (VBA) reports detection of a new malicious program.
The US-CERT receives notification of an attack exploiting a 0-day vulnerability in Microsoft Windows.

Information about the vulnerability becomes publicly available

Microsoft issues a security bulletin that confirms the vulnerability presence

An exploit becomes publicly available

Monday, July 19, 2010

Red Card: Specificity of PCI DSS in respect to Red Hat Enterprise Linux (Part 2)

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters


The requirements presented in this chapter are much more allied to the CIS than those from the previous chapter. The corresponding items of the CIS RHEL are the chapters 3 and 4, paragraphs 2.3, 8.2, 9.4, 11.2, and SN.8. However, it will be necessary to apply external tools, such as port scanners and password crackers, in addition to OS settings.

2.1 Always change vendor-supplied defaults before installing a system on the network

The question is about passwords of network devices and Wi-Fi points of presence, SNMP access strings, etc. The requirement implies manual check (which is absolutely necessary in most cases), but there is an opportunity to avoid the most part of routine works by applying a special network or offline password cracking tool.

Friday, July 9, 2010

Red Card: Specificity of PCI DSS in respect to Red Hat Enterprise Linux (Part 1)

Author: Feodor Kulishov

In the present article, we will discuss configuration of a standard Linux system (as well as the standard software supplied with the distribution kit) in accordance with the PCI DSS by examples of RHEL 5 and Fedora Core 12. For each requirement of the standard, recommended system settings will be given based on the existing technical standards (CIS, NIST, SANS) and the experience in configuring such systems.
RedHat Enterprise Linux was chosen to serve as the target Linux distribution kit, because it receives (along with Novell SUSE Enterprise Linux Server/Desktop) the most widespread support of hardware and software vendors and offers a wide variety of commercial support options. This is why the considered system is widely used in the business society, including the payment card industry. FC12 serves as the base for the future RHEL6.
Note. The present publication represents only one point of view on the problem of auditing the compliance with the PCI DSS requirements. Auditors who examine certain data processing systems can have their own vision of secure settings, which may differ from the recommendations given in this article, because some items of the standard may have various explanations. Nevertheless, this work can serve as the starting point to obtain RH systems that are not only compliant with the standard’s requirement, but also have safe configurations.