Microsoft Powerpoint Vulnerability

April 3, 2009

IMPORTANT INFORMATION REGARDING: Microsoft PowerPoint Vulnerability

OVERVIEW:
A vulnerability has been discovered in various software versions of
Microsoft PowerPoint.  Exploitation of this vulnerability can lead to
code execution at the rights level of the logged in user.  No patches or
workarounds have been released.

Microsoft has stated that exploit attempts have been seen in the wild,
on a limited/targeted basis.

AFFECTED VERSIONS:
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office XP
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Powerpoint 2003

MITIGATING FACTORS:
As previously stated, successful exploitation limits malicious code
execution to the rights of the logged on user. Steps should be taken to
ensure permissions for various account types are regulated per
applicable policies.

Successful exploitation of this vulnerability requires user interaction
with the specially crafted PowerPoint file.  Users would therefore have
to to click links in malicious e-mails, or otherwise convinced to visit
websites hosting malicious PowerPoint files.  The best defense against
this is educating users on the dangers of accepting files and acting
upon links to websites provided to them via e-mail, IM, or other means
from unknown parties.

REPORTING AGENCIES:

Microsoft:

Microsoft Security Advisory (969136)

Leave a Comment » | Inforensics News | Tagged: , , , , | Permalink
Posted by inforensics

Crimes Against Children Research Center: Trends in Arrests of “Online Predators”

April 2, 2009

The Crimes Against Children Research Center has released a new report noting that the types of online sex crime  offenses haven’t changed much, but the profile of your average online predator has been shifting.

I have read the actual report as well as the methodology (methodology available here, report available here) and, while I am no expert in report methodology, I can not spot any serious flaws.  This seems to be a well thought out study that avoids the typical hysteria and FUD that is oh-so-common in this type of work.

Some notable findings:

  • Online sex crimes only account for 1% of all arrests for sex crimes committed against children and youth.
  • Most of the arrests involved solicitation of undercover officers and not actual youth.
  • The percentage of internet users ages 12-17 rose by 20% between 2000 and 2006, at the same time there was a 21% increase in arrests of offenders who solicited youth online for sex and a 381% increase in arrests of offenders who solicited undercover officers.
  • There was a significant increase in arrests of offenders between the ages of 18-25.

There were some distinct differences between this report’s findings and my own perceptions:

  • Most offenders were open about their motives in their online communication with youth.
  • Only 4% of those arrested (in total) were registered sex offenders.
  • The majority of contacts did not occur through social network sites (social network sites accounted for just over 30%).

For those that have kids or are involved in family law, internet crime or data forensics and investigations this is likely to be an interesting read.

Any further comments and observations would be great too!

Leave a Comment » | Inforensics News | Tagged: , , , , , , , | Permalink
Posted by inforensics

Mac != Automatically Safe (Take It From a Mac Fan!)

April 1, 2009

I love my Macbook Pro – ask anyone who knows me.

Before you Windows users leave thinking that this is YAFBR (Yet Another Fanboy Rant) you should all know that I believe strongly in using the right tool for the job – which does not always mean using the trusty Macbook, and sometimes using MS Windows instead (lord help me, but I said it and there is no taking it back).  Sometimes it involves Linux or a BSD variant.  I love them all for different reasons.

I am concerned with the number of Tweets I saw related to Conficker this morning that stated (not an exact quote) “Thank goodness I have a Mac – it is safer than a PC…Macs never get viruses” and other sentiments that denigrated MS Windows in a sometimes more, sometimes less manner.

Before you get too happy consider the information discussed at CanSecWest last week and published by Milw0rm prior to vendor notification.  Check it out here (but come back!)

It is important to note that you are only as safe as your habits and software, Apple system or not.

I have worked a number of Apple forensics cases involving intrusion and interception of electronic communication.  In each case the firewall was turned off (the user wasn’t aware of how to control the firewall) and there was an astounding lack of logging (the user didn’t know how to control or review logs on the Apple system).

I can also tell you that the number of these types of cases is definitely on the rise.

Here is a quick test:  If your Apple (you can also insert Linux, *BSD, Windows) system was potentially compromised, how would you know?  Can you pull up, right now, failed connection attempts, firewall logs, running process logs?

If not, then take that as your sign and make sure to get yourself battle-ready.

As bot-nets become more and more prevalent if you are not part of the solution you are truly a large part of the problem.

Leave a Comment » | Inforensics Opinion | Tagged: , , , , , | Permalink
Posted by inforensics