Recommendations for securing Internet Explorer, Firefox and Safari web browsers

Cert has a document that show some specific steps you can take to secure your Internet web browser.  Detailed instructions, including screen shots are provided, along with explanations of what you are configuring and what the potential ramifications are.

The document focuses on IE, Firefox, and Safari and includes supplemental reference links to additional content.  They also include links to configuring similar options for Opera, Mozilla SeaMonkey, Konqueror, and Netscape.

Found via ts/sci security blog.

Resources for Securing Mac OS X Panther, Tiger and Leopard

I will  be the first to admit that I am primarily a Windows and Linux user.  Not that I don’t like Macs, but the majority of my client base is single platform on the desktop (Windows) and either Windows or Linux servers. 

My lack of exposure to Macs, and subsequent lack of OS X-specific security understanding was made apparent to me this past week when I met with a large new educational client that was previously 95% Mac on the desktop.  Now they are down to about 50-50 Mac/PCs with a new mandate to become single platform, meaning converting from OS X to strictly Windows on the desktop.

I’m going to be making recommendations that will help this migration process, but in the meantime I have to make an assessment of their existing network and computing infrastructure, including down to the desktop level.  One of the assessment items includes workstation security, and like I said before, this is a major hole in my IT skillset, so I’m taking a crash course in OS X security this week.

I wanted to find a few online resources to prep with before I jumped head on into this project.  I know no one can become a security guru in a week, but everyone has to start somewhere.  I’m hoping my Linux security background will make digesting the OS X security information easier, but that is to be seen.

Here’s some of the resources I’ve found online that others may find usefull:

I’ve also ordered Foundations of Mac OS X Leopard Security by Charles Stephen Edge Jr.




Gone in 47.11 Seconds

I was performing a little security audit today, and used PWdump to dump the contents of the SAM file from a Windows 2000 Domain Controller.

I took the results from PWdump and imported them into LMcrack.  It took 47.11 seconds to enumerate 617 of the 2272 account passwords.

47.11 Seconds

Next I ran Richard Mueller’s DocumentGroups.vbs script which dumped the group membership of all the domain’s Active Directory accounts to a file.

Now I had a list of user and their passwords, plus a list of user account group memberships.  Are you suprised that three users with Domain Admin membership were on the cracked.dic list? 

I bet the entire process, from PWdump to LMcrack to DocumentGroups.vbs took all of ten minutes.   The local network admin was not happy with the strength of his user’s passwords.  Maybe now he’ll start enforcing stronger passwords.

VMware Running on Windows Host Security Hole

If you are running VMware on a Windows host configured with host-to-guest shared folders, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations.

A vulnerability exists in VMware’s shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it.

Affected versions include:

  • VMware Workstation 6.0.2 and earlier
  • VMware Workstation 5.5.4 and earlier
  • VMware Player 2.0.2 and earlier
  • VMware Player 1.0.4 and earlier
  • VMware ACE 2.0.2 and earlier
  • VMware ACE 1.0.2 and earlier
The following VMware products are not affected:
  • VMware Server is not affected because it does not use shared folders.
  • No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture, not a hosted architecture, it does not include any shared folder abilities.
  • VMware Fusion and Linux-hosted VMware products are unaffected.


Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.To disable shared folders in the Global settings:
  1. From the VMware product’s menu, choose Edit > Preferences.
  2. In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.
To disable shared folders for the individual virtual machine settings:
  1. From the VMware product’s menu, choose VM > Settings.
  2. In the Options tab, select Shared Folders and Disable.

Out of the Box, the ASUS Eee PC is Incredibly Insecure

HDM pointed out on the Metasploit blog that the guys from RISE Security rooted an ASUS Eee PC quite easily. They used Metasploit to exploit a Samba vulnerability that was published in July 2007 – almost seven months ago.

Why is ASUS shipping new products with vulnerabilities that are serious enough to allow attackers to gain root access through commonly used security tools such as the Metasploit Framework?

Carl at CandyFOSS doesn’t think this could realistically be exploited, but I’m not so sure.

I’ve searched all over ASUS’s support website, and have not found a downloadable patch for this problem. One of my school districts just ordered 60 Eee PCs , and you can rest assured there’s no way I’m letting these devices out of the box until I can find a fix.

Anyone out there who has one of these machines, can you confirm if there is a patch that is automatically installed through the update process to address this vulnerability?

The ISC has a brief write-up of additional information the Eee PC reveals in it’s default configuration.

SBS 2003 and Microsoft Security Bulletin MS08-006

I was scanning through Microsoft Security Bulletin MS08-006 and saw the Aggregate Severity Rating was ‘Important’ for all versions of Windows XP and Windows 2003. Because no critical ratings were listed, I felt secure in waiting a day or two before applying this patch. I tend to wait for others to find patch problems before I apply them to my vital machines.

Luckily Susan pointed out that in fine print at the bottom of the Security Bulletin is the following:

Note Supported editions of Windows Small Business Server 2003 contain the same affected code as Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2. However, for the ASP Vulnerability (CVE-2008-0075), default configurations of Windows Small Business Server 2003 have a greater exposure to the same vulnerability and therefore merit a severity rating of Critical.

Gee, thanks Microsoft for putting all the effort into making sure security professionals are aware that Small Business Server has this critical vulnerability. Talk about being the red headed stepchild of the server world.

Check out Hello Secure World Virtual Labs

Microsoft’s Hello Secure World web site has some very nice virtual labs all network administrators should take a run through. You’ll be introduced to some of the attacks the bad guys use to try to penetrate our networks, such as Cross Site Scripting and SQL Injection.

This site is definitely targeted towards the MSDN/developer crowd, but any IT professional who deals with web servers or network security should be aware of these potential threats, that target both poorly secured web applications and the users who interact with them.

The site requires Internet Explorer, Java, and Silverlight.