InfoSec links December 22, 2014

Hacker Lexicon: What is a Zero Day - Kim Zetter - WIRED

Zero-day vulnerability refers to a security hole in software—such as browser software or operating system software—that is yet unknown to the software maker or to antivirus vendors. This means the vulnerability is also not yet publicly known, though it may already be known by attackers who are quietly exploiting it. Because zero day vulnerabilities are unknown to software vendors and to antivirus firms, there is no patch available yet to fix the hole and generally no antivirus signatures to detect the exploit, though sometimes antivirus scanners can still detect a zero day using heuristics (behavior-tracking algorithms that spot suspicious or malicious behavior).

Finally, a New Clue to Solve the CIA's Mysterious Kryptos Sculpture - Kim Zetter - WIRED

The 12-foot-high, verdigrised copper, granite and wood sculpture on the grounds of the CIA complex in Langley, Virginia, contains four encrypted messages carved out of the metal, three of which were solved years ago. The fourth is composed of just 97 letters, but its brevity belies its strength. Even the NSA, whose master crackers were the first to decipher other parts of the work, gave up on cracking it long ago. So four years ago, concerned that he might not live to see the mystery of Kryptos resolved, Sanborn released a clue to help things along, revealing that six of the last 97 letters when decrypted spell the word “Berlin”—a revelation that many took to be a reference to the Berlin Wall.

How the World's First Computer Was Rescued From the Scrap Heap - Brendan I. Koerner - WIRED

When the Army declared ENIAC obsolete in 1955, however, the historic invention was treated with scant respect: its 40 panels, each of which weighed an average of 858 pounds, were divvied up and strewn about with little care. Some of the hardware landed in the hands of folks who appreciated its significance—the engineer Arthur Burks, for example, donated his panel to the University of Michigan, and the Smithsonian managed to snag a couple of panels for its collection, too. But as Libby Craft, Perot’s director of special projects, found out to her chagrin, much of ENIAC vanished into disorganized warehouses, a bit like the Ark of the Covenant at the end of Raiders of the Lost Ark.

Securing Internet Explorer from the latest vulernability

Over the weekend Microsoft put out an advisory for a zero-day vulnerability in Internet Explorer (IE) that allows an attacker to gain remote access to a computer via an Adobe Flash exploit. It appears that just about every version of IE is affected.

Secure your system

The easiest and simplest way to mitigate the vulnerability would be to not use IE. FireFox, Chrome and Safari are the three big alternatives to using IE. If you must use IE, though, you can mitigate the issue by installing Microsoft's Enhanced Mitigation Experience Toolkit (EMET) versions 4.1 or 5. Just download, install and run the recommended security settings. It's really simple to install and you likely won't notice any difference in system performance. 

Disabling the Adobe Flash player in IE is another option. Click on the gear icon in the top right corner, then select Manage add-ons. Click the drop down under 'Show:' and select 'All add-ons.' Select the Adobe Flash plugin, right click and select 'Disable.'  Of course, this will break many things on the internet as many sites utilize flash in their website design.

Finally, you can enable Enhanced Protected Mode in IE. Click on the gear icon again, then select 'Internet options.' Under the 'Advanced' tab, scroll down to the security section and check the box for 'Enable Enhanced Protected mode,' apply and close out internet options.

I would highly recommend avoiding IE, but if you must use it, implement the changes above. They're pretty straight forward and easy to do. A patch is on the way, that is, unless you're still using Windows XP. If you're still using Windows XP upgrade, or be prepared to see more of these types of vulnerabilities that will be on your system forever.

Reference

http://krebsonsecurity.com/2014/04/microsoft-warns-of-attacks-on-ie-zero-day/

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

https://technet.microsoft.com/library/security/2963983

http://blogs.msdn.com/b/ie/archive/2012/03/14/enhanced-protected-mode.aspx