Microsoft released 13 bulletins today instead of 14, as announced in the Patch Tuesday announcement some days ago. In their final Patch Tuesday for the year, Microsoft addressed bugs in Windows, Internet Explorer, and Microsoft Office, while adding in a fix for DUQU in the bulletin MS11-087, which is also known as the DUQU zero-day remote code execution flaw. Attackers embedding specially crafted TrueType fonts in documents can exploit this vulnerability in the Windows kernel. MS11-087 was given a ‘Critical’ rating.

MS11-092 also deserves attention in this security bulletin as it affects Windows Media Player and also allows an attacker remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. Microsoft also includes fixes for Active Directory, OLE and the Windows kernel.

To lean more about Microsoft support for the affected software, more details on the security bulletins for December can be found in their official bulletin summary. Users may also refer to our Trend Micro security advisory page.

Users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in can also find updates to their products that will protect them from threats exploiting the vulnerabilities made public today, in advance of IT administrators being able to roll out these patches to their systems.

As 2011 draws to a close, it’s time to look towards what will come next in order to help users and enterprises prepare for the challenges of the upcoming year. Broadly speaking, our predictions can be split into four categories: enterprise IT trends, the mobile market, data breaches, and the ever-evolving cybercriminal industry.

Enterprise IT Trends Will Change The Security Landscape

Thanks to consumerization (BYOD), virtualization, and cloud computing, the enterprise IT landscape in 2012 will be a very different landscape from what it was just a few years ago. System administrators will have to contend not only with conventional security threats, but also with the increasing complexities of maintaining and securing systems and networks in these new platforms.

The Mobile Market Matures

As the number of users of smartphones and tablets continues to grow globally, cybercriminals will find it is now worth their time to actively target these users in record numbers. In particular, users of the Android platform will be at particular risk – its completely open app environment allows both malicious and Trojanized apps to easily reach user devices. We fully expect to see significant numbers of Android malware in the wild in 2012.

(more…)

For the past week or so, the Internet has been buzzing over Carrier IQ – an application that is apparently preinstalled in devices to monitor network and handset performance – and the privacy issues surrounding it.

There are several issues surrounding the reports about Carrier IQ, issues around the kind of information it gathers, the fact that it comes preinstalled in certain devices without asking for user consent, and about what users can do about it.

According to reports, Carrier IQ logs information such as sent or received text messages, Internet searches made, and phone numbers typed into devices. This routine was confirmed through the video posted by Trevor Eckhart, the researcher who initially raised the flag on Carrier IQ.

All Part of the Service

Let us consider the purpose of Carrier IQ: it is an application designed to monitor the performance of the network and the handset. The performance of the carrier can be measured by checking if the services they offer are served properly, services such as text messaging, calls, Internet connection, and others.

Based on this, we can say that collecting information related to the usage of the aforementioned phone features makes a whole lot of sense, or is even a necessity for carriers to effectively monitor and troubleshoot the services they offer.

(more…)

Earlier this week the folks over at OpenDNS announced a preview release of their new tool DNSCrypt. This is touted as a huge step forward for privacy and security across the Internet. The premise is simple, encrypt all DNS traffic between the user and their recursive resolver. It’s a nice idea and all, but I think they missed the mark.

According to OpenDNS, the code is actually the first real-world implementation of the DNSCurve scheme. The stated goals are to provide privacy and authenticity to the entire DNS transaction. Unfortunately, you can’t just wrap an existing protocol with crypto and expect to be more secure than you were before. In this case you need to look at the entire ecosystem. Sure your DNS query will be private, invisible to other users or attackers on the same network. The problem comes a few milliseconds after you get the result. The privacy you gained by encrypting your DNS traffic evaporates when the browser makes its request of the server. An attacker in a position to see your DNS traffic is likely to have the same visibility into other forms of traffic.

If you are more concerned with authenticity of the data than privacy, there are better ways to get that as well. DNSSEC is ready to answer your call. A major advantage of DNSSEC is that in the case of some TLDs it can authenticate the result all the way to the root (This list includes an indication of which TLDs are signed). According to the DNSCrypt FAQ at OpenDNS, DNSSEC and DNSCrypt function perfectly in concert: “They aren’t conflicting in any way.”

(more…)

On December 6 2011, a number of pro-Kremlin activists launched an attack on Twitter using bots which posted messages with a hashtag #триумфальная (Triumfalnaya). These bots posted a range of national slogans and crude language. With a rate of up to 10 messages per second, these bots succeeded in blocking the actual message feed with that hashtag.

The reason to boycott the conversations surrounding the pre-arranged #триумфалtная (Triumfalnaya) hashtag was that it had been announced as a channel for exchanging information by anti-government opposition protesters, and was also been used as a live text translation on protestor actions against the recent election results in Russia – which are taking place at Triumfalnaya Square in Moscow.

(more…)