Hello and welcome to the CERTStation Podcast for the 20th week of 2010. I am Jay Johnson and these are the headlines:

Hackers have exposed data of a German carder forum (pause)
Microsoft has warned about a critical hole in 64-bit version of Windows 7 while
Apple is catching up with Java on security updates (pause)
Intelligence agencies of Canada has sighted a growth in cyber attacks and Finally
MySQL forthcoming version will contain several important security patches

And now for this week's newswire details
Hackers have penetrated German underground forum carders.cc, copied login details, e-mail addresses and private e-mails from several thousand members and published them on Rapid Share. The forum was used by criminals for various illegal activities, such as trading stolen credit card details and login details for online games. As well as posts from forum members, the SQL dumps from the forum application uploaded to RapidShare unfortunately also include a range of victim-related data. The unidentified hackers may well be the same group which hacked the leet crew underground forum in late 2009 and likewise published the stolen data in response; German police arrested a number of forum members and administrators. In a German language message to their members, the group behind carders.cc describes it as a dark day for the scene and apologizes for logging IP addresses. They add that this was not done deliberately, but was the result of an error by administrator Zagerus, who has now been suspended. They anticipate that only the team behind the site will be caught up in any legal investigations.

(pause)
Microsoft reports that a flawed Canonical Display Driver (CDD) for rendering images in the 64-bit versions of Windows 7 and Windows Server 2008 R2 x64, as well as Windows Server 2008 R2 for Itanium, can potentially be exploited to compromise a system. However, systems are only vulnerable if the Aero desktop is enabled; Aero is enabled by default in Windows 7 but requires manual installation in Windows Server 2008. The problem is caused by a flawed parsing routine when copying information from user-land to kernel-land. Microsoft's advisory does not provide details about how exactly the flaw can be provoked. The vendor states that the flaw can only be exploited via applications that still use the (old) GDI API to render images. The CDD simply emulates a Windows XP interface for GDI graphics engine access. The old API, however, can launch older third-party applications. Microsoft are working on a patch but recommend that users disable the Aero desktop or change their theme until the patch becomes available.

(pause)
Apple has released Java updates for versions 10.5 and 10.6 of Mac OS X, patching a number of security holes and bringing its two latest versions of OS X up to date. The updates include Java 6 Update 20 from mid-April, which patched a remotely exploitable security vulnerability that affected Java when running in a 32-bit web browser. The Java for Mac OS X updates also include other previously missing Java 6 updates, including Java 6 Update 18 which included more than 350 bug fixes and added support for Windows 7, as well as Ubuntu 8.04 LTS Desktop Edition, SUSE Linux Enterprise Server 11 and Red Hat Enterprise Linux 5.3. Java 6 Update 19 from the end of March addressed a total of 26 vulnerabilities, some of which were rated as critical. Previously, the latest versions of Mac OS X were only updated to Java 6 Update 17, released in early December. More details about the updates, including a full list of closed vulnerabilities, can be found in Apple's security advisories. The updates are available via Apple's built-in Software Update service. Alternatively, Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 are available to download from Apple's web site. All users are advised to update as soon as possible.

(pause)
Canadian government, college and industry computers are increasingly vulnerable to cyber attack, federal authorities said. Cyber attacks via social networking sites have grown substantially in Canada said a censored report from Canada's Security Intelligence Service. The Canadian government needs to act now or risk being targeted by computer hackers who use social networking services to steal government, academic and corporate information, said the report obtained by the Canadian Broadcasting Corp. The threat of cyber attacks is one of the fastest growing and most complicated issues, the report said. In addition to being virtually un attributable, these remotely operated attacks offer a productive, secure and low-risk means to conduct espionage. Officials from the intelligence service and Public Safety Canada declined to comment on the report.

(pause)
Oracle's forthcoming version 5.1.47 of MySQL is said to contain several important security patches. The change log states that the developers have closed three security holes which allow attackers to cause a server crash, obtain unauthorized database access or, in the worst case, inject arbitrary code and execute it on the server. The developers didn't mention which exact versions are affected. While the flaws are already listed in the MySQL bug tracker, unlike the change log the bug tracker entries are not publicly available. It was, therefore, a rather clumsy decision to provide the general public with such detailed information about the security holes; while the added attention makes it more likely that the holes will be exploited, the hands of administrators are tied because they have no fixed version to switch to.

If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week.