25th week of Security Podcast for CERTSTATION

Hello and welcome to the CERTStation Podcast for the 25th week of 2010. I am Jay Johnson and these are the headlines:

Critical security updates have been released for Samba (pause)
GeoHot works on new exploit for the new iPhone iOS4 while
Web browser Opera 10.54 closes critical security holes (pause)
Malicious code is being spread on the Lenovo driver download page and Finally
Apple customers have no privacy under new policy

And now for this week's newswire details
A critical security hole has forced the Samba developers to release an update for the 3.3 branch, which is due to be discontinued soon. According to an advisory, the code for chaining SMB1 packets contains a flaw which allows certain memory areas to be overwritten via specially crafted packets. This is, in most cases, only said to trigger a server crash. However, the developers note that potentially the hole can also be exploited to remotely inject and execute code. Reportedly attackers wouldn't even require prior authentication. The developers recommend that affected administrators install the new version as soon as possible. A patch is also available. Versions 3.4.x and 3.5.x are not vulnerable because the code that causes the problem was rewritten from scratch for these versions.

(pause)
To clarify from the start, this isn’t a release of any sort but rather news on an upcoming release. Although we’ve heard a lot about jailbreaking from several different hackers, Geohot has been rather quiet. This doesn’t mean that he isn’t working on anything. George Hotz also known as Geohot famous for jail break and unlocking iPhone has currently been in France for the Nuit Du Hack conference. An event started in 2003 by Hackerz Voice team, and inspired by world famous DEF CON, Nuit Du Hack is one of the oldest French underground hacking conferences to date. During one of the talks held during the conference, George gave a presentation in which he discussed the discovery of his newest bootrom exploit, which by the sounds of it, can eventually jailbreak or pwn every iPhone and iPod Touch available, including the iPhone 4. It sounds like something that will be usable over and over again for any new iPhone devices that are released in the future. The name he has given to this new project of his is pwned4life.

(pause)
Norwegian vendor Opera has presented version 10.54 of its browser to close four security holes, one of which the company rates as extremely severe and as another highly severe. The company plans to protect users until the majority have updated to the new version, by only releasing details of the flaws at a later date. Opera advises all users to update to the latest release as soon as possible. The Mac version fixes numerous other minor bugs and instabilities, and now automatically uninstalls the old version during auto-updates. Last week, Opera released version 10.6 beta for Windows, Mac OS X, and UNIX, this version is considerably faster and prettier than its predecessor.

(pause)
The driver download portal of hardware manufacturer Lenovo temporarily deployed malicious code. Various virus scanners issued alerts about a Java-based Trojan downloader or dropper. The iframe injected by attackers points to the volgo-marun.cn server and can still be found on several pages of the download.lenovo.com server. However, the injected links to the Chinese server are now pointing to a non-existent target, so there is no longer an immediate threat. The Firefox and Chrome web browsers have also started to warn their users about accessing this server. Since Lenovo doesn't appear to have responded, the security hole may still be open, which would potentially allow attackers to deploy updated iframe links on the download pages at any time. The injected dropper has been known at least since the end of May. Which malicious code it eventually retrieved remains unclear. The presence of the iframe was first mentioned in the ThinkPad forum on Saturday afternoon. Those who have visited the Lenovo download portal in the past few days should run the latest virus signature updates to check their computers for potential intrusions.

(pause)
Unexpected new privacy rules give Apple and it's associated partners and licensees the legal right to track, monitor, and store the whereabouts of its customers in real time. Users who do not agree to these draconian measures are prohibited from downloading from the iTunes store. Apple says that its customers' consent to tracking improves service, although it leaves questions about privacy, security, and safety unanswered. In spite of a pledge to keep data anonymous, Apple customers have no reason to believe they have any privacy or anonymity. Studies at the University of Texas have demonstrated that customers can be identified by their behavior even when their names are not explicitly stated. Even worse, Apple customers are not told why they are being tracked or who is tracking them. In an apparent response to concern over the new data collection measures, Apple has created a page for turning off application access to location information. This presumably keeps user data away from unnamed Apple partners and licensees, but does not prevent Apple from continuing to track the every move of its users. iAd, the new Apple advertising service, is expected to use customer location data to choose which ads it will display to each customer. This could include proximity ads where real time coordinates are used to advertise products and services that are nearby as well as advertisements that are based on customer behavior patterns.

If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week.