Wednesday, May 08, 2013

Will social media affect election 2014?


Will social media affect election 2014? - e-Knights Technologies

Will this be India's first social media election?

Will social media affect election 2014? - e-Knights Technologies
A new study revealed that at least 160 constituencies would have social media voters for the 2014 Lok Sabha elections.
The study conducted by IRIS Knowledge Foundation and Internet and Mobile Association of India said, "There are 160 high impact constituencies out of the total of 543 constituencies, which are likely be influenced by social media during the next general elections." 
India has about 62 million social media users and the numbers are continually increasing.
Will social media affect election 2014? - e-Knights Technologies
The study categorises high impact constituencies as those where "Facebook users account for over 10 per cent of total voters in a constituency."
Will social media affect election 2014? - e-Knights Technologies
Maharashtra has the maximum high impact constituencies (21) followed closely by Gujarat (17). Uttar Pradesh comes third with 14 high impact constituencies followed by Karnataka (12), Tamil Nadu (12), Andhra Pradesh (11) and Kerala (10).
Madhya Pradesh scores low with nine and the nation capital has seven such constituencies. While Haryana, Punjab, Rajasthan settle with five high impact constituencies, Bihar, Jharkhand, Chattisgarh, West Bengal and Jammu and Kashmir settle with four high impact constituencies, the lowest.

Will social media affect election 2014? - e-Knights TechnologiesHowever, the study pointed out, "It is not the number of likes and tweets that are going to determine the probability of winning of a certain candidate but the ability of a candidate to engage with the electorate, by rising above the media clutter, and by trying to get his or her message across to the voter directly."
The study based its findings on the changing scenario over the years with greater online activities in debates, discussion and initialisation of protests digitally.

Will social media affect election 2014? - e-Knights Technologies

The report also stated that a total of 67 constituencies fall within the medium impact constituencies, meaning those where "a Facebook user can influence one other voter who may not be on Facebook." 
There are 60 low impact constituencies and the rest 256 are tagged under "no impact constituencies."



courtesy: International Business Times, India; IRIS Knowledge Foundation; Google Images;

Saturday, April 27, 2013

Hacked: LivingSocial

50 Million users told to reset their passwords

Users' names, email addresses and passwords may have been accessed, 

CEO Tim O'Shaughnessy said

Hacked: LivingSocial - e-Knights Technologies
More than 50 million users of the daily deals site LivingSocial are being asked to reset their passwords after hackers attacked the company's servers and potentially made off with personal data.

The cyberattack "resulted in authorized access to some customer data on our servers," including names, email addresses, dates of birth and encrypted passwords, LivingSocial CEO Tim O'Shaughnessy said in an email to employees and in a separate email being sent to customers.

The database that stores customer credit card information was not affected, nor was the database that stores merchants' financial and banking information, the Washington, D.C.-based company said.

Although decoding users' passwords "would be difficult," the site says it is taking "every precaution" by expiring its users' passwords and asking them to create a new one. Emails are being sent this afternoon to the more than 50 million users whose data may have been compromised, a LivingSocial spokesman said.

LivingSocial says it has 70 million members worldwide. Customers in Korea, Thailand, Indonesia and the Philippines aren't being contacted because the company uses different computer systems in those countries, it said.

The group behind the attack has not been identified. "We are actively working with law enforcement to investigate this issue," LivingSocial said on its website.

The hack may have resulted in users' accounts on other sites being compromised. "We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)," O'Shaughnessy said.
"We need to do the right thing for our customers who place their trust in us," O'Shaughnessy said in the employee email, adding, "We'll all need to work incredibly hard over the coming days and weeks to validate that faith and trust."

The hack follows a slew of attacks on Twitter, Facebook, Microsoft and other companies. LivingSocial said it is "redoubling" its efforts to prevent future breaches.






courtesy: computerworld.com

Tuesday, March 19, 2013

3.5 Years in Prison for AT&T Hacker ‘Weev’

A hacker charged with federal crimes for obtaining the personal data of more than 100,000 iPad owners from AT&T’s publicly accessible website was sentenced on Monday to 41 months in prison followed by three years of supervised release.

The judge handed down the sentence following a minor skirmish in the courtroom when the defendant, Andrew Auernheimer, aka Weev, was pinned and cuffed. Auernheimer was reportedly asked to hand the court a mobile phone he had with him during the hearing, and after handing it to his defense attorney instead, court agents cuffed him.

Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty last November in federal court in New Jersey of one count of identity fraud and one count of conspiracy to access a computer without authorization after he and a colleague created a program to collect information on iPad owners that had been exposed by a security hole in AT&T’s web site.
The two essentially wrote a program to send Get requests to the web site.
The controversial case is one of a string of highly criticized prosecutions of security researchers who have been charged with serious computer crimes under the Computer Fraud and Abuse Act, prompting calls for reform of the legislation to make clear distinctions between criminal hacking and simple unauthorized access and to protect researchers whose activities are not criminal in intent.
Computer security researcher Charlie Miller tweeted Monday morning in reference to Auernheimer’s case that any security researcher could be facing the same fate.
3.5 Years in Prison for AT&T Hacker ‘Weev’ - e-Knights Technologies

Auernheimer and Daniel Spitler, 26, of San Francisco, California, were charged last year after the two discovered a hole in AT&T’s website in 2010 that allowed anyone to obtain the e-mail address and ICC-ID of iPad users. The ICC-ID is a unique identifier that’s used to authenticate the SIM card in a customer’s iPad to AT&T’s network.
The iPad was released by Apple in April 2010. AT&T provided internet access for some iPad owners through its 3G wireless network, but customers had to provide AT&T with personal data when opening their accounts, including their e-mail address. AT&T linked the user’s e-mail address to the ICC-ID, and each time the user accessed the AT&T website, the site recognized the ICC-ID and displayed the user’s e-mail address.
Auernheimer and Spitler discovered that the site would leak e-mail addresses to anyone who provided it with a ICC-ID. So the two wrote a script – which they dubbed the “iPad 3G Account Slurper” — to mimic the behavior of numerous iPads contacting the web site in order to harvest the e-mail addresses of iPad users.
According to authorities, they obtained the ICC-ID and e-mail address for about 120,000 iPad users, including dozens of elite iPad early adopters such as New York Mayor Michael Bloomberg, then-White House Chief of Staff Rahm Emanuel, anchorwoman Diane Sawyer of ABC NewsNew York Times CEO Janet Robinson and Col. William Eldredge, commander of the 28th Operations Group at Ellsworth Air Force Base in South Dakota, as well as dozens of people at NASA, the Justice Department, the Defense Department, the Department of Homeland Security and other government offices.
The two contacted the Gawker website to report the hole, a practice often followed by security researchers to call public attention to security holes that affect the public, and provided the website with harvested data as proof of the vulnerability. Gawker reported at the time that the vulnerability was discovered by a group calling itself Goatse Security.
AT&T maintained that the two did not contact it directly about the vulnerability and learned about the problem only from a “business customer.”
Auernheimer likened his actions to walking down the street and writing down the physical addresses of buildings, only to be charged with identity theft. He later sent an e-mail to the U.S. attorney’s office in New Jersey, blaming AT&T for exposing customer data, authorities say.
“AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders,” he wrote, according to prosecutors. ”I advise you to discuss this matter with your family, your friends, victims of crimes you have prosecuted, and your teachers for they are the people who would have been harmed had AT&T been allowed to silently bury their negligent endangerment of United States infrastructure.”
But prosecutors say his interest went beyond concern about the security of customer data.
According to the criminal complaint, a confidential informant helped federal authorities make their case against the two defendants by providing them with 150 pages of chat logs from an IRC channel where, prosecutors said, Spitler and Auernheimer admitted conducting the breach to tarnish AT&T’s reputation and promote themselves and Goatse Security.
Spitler pleaded guilty to the charges last year.
Upon his conviction last year, Auernheimer tweeted to supporters that he expected the verdict and planned to appeal.
3.5 Years in Prison for AT&T Hacker ‘Weev’ - e-Knights Technologies
On Monday, following the announcement of his sentence, the Electronic Frontier Foundation announced that it had joined Auernheimer’s appellate team.
“Weev’s case shows just how problematic the Computer Fraud and Abuse Act is,” EFF Staff Attorney Hanni Fakhoury said in a statement. “We look forward to reversing the trial court’s decision on appeal. In the meantime, Congress should amend the CFAA to make sure we don’t have more Aaron Swartzs and Andrew Auernheimers in the future.”
EFF joins a powerhouse team defending Auernheimer on appeal, including George Washington University law professor Orin Kerr, as well as Tor Ekeland and Mark H. Jaffe of Tor Ekeland P.C. and Nace Naumoski.
Auernheimer has been outspoken about criticizing AT&T and the government for pursuing prosecution. The day before his sentencing he posted a comment on Reddit saying, “My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won’t nearly be as nice next time.”
On Monday morning, federal prosecutors used his Reddit post to support their call for a four-year sentence.
In addition to the 41 months sentence handed down to Auernheimer on Monday, the judge also ordered him and Spitler to pay $73,000 in restitution.



Courtesy: wired.com, seclists.org

Wednesday, March 13, 2013

Backdoor.Miniduke!enc


Risk Level 1: Very Low


Summary

Discovered:
March 12, 2013
Updated:
March 13, 2013 6:24:54 AM
Type:
Trojan
Systems Affected:
Windows 2000, Windows 7, Windows Vista, Windows XP
Backdoor.Miniduke!enc is a detection for files that contain an encrypted copy of Backdoor.Miniduke. In order to update itself, the threat downloads and decrypts the file.

Antivirus Protection Dates

  • Initial Rapid Release version March 12, 2013 revision 003
  • Latest Rapid Release version March 12, 2013 revision 003
  • Initial Daily Certified version March 12, 2013 revision 005
  • Latest Daily Certified version March 12, 2013 revision 005
  • Initial Weekly Certified release date March 13, 2013
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low

Removal

You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your computer has been affected by this risk. 

Before proceeding further we recommend that you run a full system scan. If that does not resolve the problem you can try one of the options available below. 


FOR NORTON USERS 
If you are a Norton product user, we recommend you try the following resources to remove this risk. 
Removal Tool 

If you have an infected Windows system file, you may need to replace it using the Windows installation CD


How to reduce the risk of infection 
The following resources provide further information and best practices to help reduce the risk of infection. 


FOR BUSINESS USERS 
If you are a Symantec business product user, we recommend you try the following resources to remove this risk. 


Identifying and submitting suspect files 
Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec. 


Removal Tool 

If you have an infected Windows system file, you may need to replace it using the Windows installation CD


How to reduce the risk of infection 
The following resource provides further information and best practices to help reduce the risk of infection. 
Protecting your business network 



MANUAL REMOVAL 
The following instructions pertain to all current Symantec antivirus products. 


1. Performing a full system scan 
How to run a full system scan using your Symantec product 


2. Restoring settings in the registry 
Many risks make modifications to the registry, which could impact the functionality or performance of the compromised computer. While many of these modifications can be restored through various Windows components, it may be necessary to edit the registry. See in the Technical Details of this writeup for information about which registry keys were created or modified. Delete registry subkeys and entries created by the risk and return all modified registry entries to their previous values.

Technical Details

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
  • For further information on the terms used in this document, please refer to the Security Response glossary.





Courtesy: symantec

Tuesday, March 12, 2013

US-CERT warns of HP LaserJet printer backdoor


A number of HP LaserJet printers can be accessed through the network and unencrypted data can be read from them without authentication. The US-CERT has issued an advisory that warns users of these printers and is calling on them to update the printer's firmware with a fixed version.
US-CERT warns of HP LaserJet printer backdoor - e-Knights Technologies
In all, ten models of the LaserJet Pro series can be accessed via telnet without a password prompt. A debug shell is then started on that telnet port which gives access to the printer, allows for the disabling of SSL connections and showing passwords in plain text for the HP ePrint Cloud server connection. In an interview with online magazine CRN, Christoph von Wittich, who discovered the flaw while doing a routine scan of his company's network, explained that the flaw could also be used for a denial of service attack but, by default, the shell is not accessible from the internet and "should not cause much trouble for the end user".

HP's own advisory identifies HP LaserJet Pro P1102w, P1606dn, M1212nf MFP (Multi Function Printer), M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1219nf MFP and CP1025nw printers as affected by the problem and has issued firmware and installation instructions for that firmware to close the vulnerability.


Courtesy: h-online.com

Internet Explorer: Flash enabled by default by Microsoft



Internet Explorer: Flash enabled by default by Microsoft - e-Knights Technologies
Microsoft is shipping an update for Internet Explorer (IE) 10 for Windows 8 and RT today that will change the browser's behaviour to display more Flash content by default. The Windows 8 desktop version of IE will show all Flash content whereas the desktop and "Metro" versions on Windows RT will show a large percentage of it; only approximately four per cent of web sites with Flash content will be blocked by Microsoft on these versions.
With the decision, Microsoft is further softening its position on Flash support in Internet Explorer. Originally, the company had planned to release the browser completely without Flash support but moved away from this stance prior to the launch of Windows 8 and enabled Flash content in the browser based on a whitelist of "Metro" compatible sites. The company says that a large amount of sites using Flash are now compatible with Windows 8 and are usable with touch interaction.
According to Microsoft, less than four per cent "of the thousands of domains" it has tested for Flash compatibility are incompatible with what the company terms the "Windows experience". This is mostly due to the fact that the sites in question are using other plugins aside from Flash, says Microsoft. Developers who find their sites blocked on Windows RT after the patch to Internet Explorer may want to read Microsoft's developer guidance document on the topic.


Courtesy: h-online.com

What is ISO 9000/9001/9002?

ISO - e-Knights Technologies


ISO 9000/9001/9002

ISO 9000 - e-Knights Technologies
ISO 9001 or the entire ISO 9000 series deals with the Quality Management and the standard that is used to certify any QMS or any organization is ISO 9001. This in general is known as ISO 9000 certification or compliance or conformance. However, in the entire ISO 9000 family, only ISO 9001 is the only requirement standard that is used for the purpose of certification. 

We had provided consulting to many organizations and mostly it is seen that generally people use to indicate the conformance against ISO 9002 standard which in real is just a Model. The complete or full name of the standard is - 


ISO 9002:1994 - Quality systems -- Model for quality assurance in production, installation and servicing


Whereas the standard for certification is -


ISO 9001:2008 - Quality management systems -- Requirements


Now whenever you come across anything that says its ISO 9000 or ISO 9002 certified, it would simply mean it is certified against ISO 9001 standard. 

ISO 9001 

ISO 9001:2000 - e-Knights Technologies
ISO 9001 is a global quality management standard. Use it to establish and to update your organization's quality management system (QMS)It applies to all types of organizations. It doesn't matter what size they are or what they do. It can help both product and service organizations achieve standards of quality that are recognized and respected throughout the world.

ISO 9001:2008 standards replaced the previous ISO 9001:2000 and its objective is to provide Quality Management System that will be of real benefit and help managing business effectively and put in place best practice methodology.

(source: iso.org)

ISO 9001:2008 specifies requirements for a quality management system where an organization -

  • needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and
  • aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
ISO 9001:2008 - e-Knights TechnologiesAll requirements of ISO 9001:2008 are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.
Where any requirement(s) of ISO 9001:2008 cannot be applied due to the nature of an organization and its product, this can be considered for exclusion.
Where exclusions are made, claims of conformity to ISO 9001:2008 are not acceptable unless these exclusions are limited to requirements within Clause 7, and such exclusions do not affect the organization's ability, or responsibility, to provide product that meets customer and applicable statutory and regulatory requirements.
ISO 9001:2008 is the latest version in ISO 9000 however there had been some previous versions as well which are as follows -

Evolution of ISO 9000 standards

(source: wikipedia.org)
The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard.

1987 Version

ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three 'models' for quality management systems, the selection of which was based on the scope of activities of the organization:
  • ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organizations whose activities included the creation of new products.
  • ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
  • ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards ("MIL SPECS"), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management, which was likely the actual intent.

1994 Version


ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

2000 Version

ISO 9001:2000 replaced all three former standards of 1994 issue, ISO 9001ISO 9002 and ISO 9003. Design and development procedures were required only if a company does in fact engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing the concept of process management front and center ("Process management" was the monitoring and optimisation of a company's tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by upper executives in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

2008 Version

ISO 9001:2008 basically renarrates ISO 9001:2000. The 2008 version only introduced clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There were no new requirements. For example, in ISO 9001:2008, a quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.
ISO 9001 is supplemented directly by two other standards of the family:
  • ISO 9000:2005 "Quality management systems. Fundamentals and vocabulary"
  • ISO 9004:2009 "Managing for the sustained success of an organization. A quality management approach"
Other standards, like ISO 19011 and the ISO 10000 series, may also be used for specific parts of the quality system.

Variants of ISO 9000 standards


Since ISO 9001 is generalized and abstract; its parts must be carefully interpreted to make sense within a particular organization. A lot of diverse nature organization have adapted ISO 9001 and have incorporated within the very DNA of the organization. Developing software is not like making cheese or offering counseling services, yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these.
Whereas, over the course of time, various industries felt the need and wanted to standardize their interpretations of the guidelines within their own marketplace. This is to ensure the correct interpretation of the guidelines according to their specific requirements and also to ensure that their assessment is done by more appropriately trained and experienced auditors who understands and have experience of the specific industry. The different industry specific variants of ISO 9000 are -
(source: wikipedia.org)
  • The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
  • AS9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. Those major manufacturers include AlliedSignal, Allison Engine, Boeing, General Electric Aircraft Engines, Lockheed-Martin, McDonnell Douglas, Northrop Grumman, Pratt & Whitney, Rockwell-Collins, Sikorsky Aircraft, and Sundstrand. The current version is AS9100C.
  • PS 9000 * QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by ISO/TS 16949.
  • ISO/TS 16949:2009 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2008. The emphasis on a process approach is stronger than in ISO 9001:2008. ISO/TS 16949:2009 contains the full text of ISO 9001:2008 and automotive industry-specific requirements.
  • TL 9000  is the Telecom Quality Management and Measurement System Standard, an interpretation developed by the telecom consortium, QuEST Forum. The current version is 5.0; unlike ISO 9001 or other sector standards, TL 9000 includes standardized product measurements that can be benchmarked. In 1998 QuEST Forum developed the TL 9000 Quality Management System to meet the supply chain quality requirements of the worldwide telecommunications industry.
  • ISO 13485:2012 is the medical industry's equivalent of ISO 9001:2008. Whereas the standards it replaces were interpretations of how to apply ISO 9001 and ISO 9002 to medical devices, ISO 13485:2003 is a stand-alone standard. Because ISO 13485 is relevant to medical devices manufacturers (unlike ISO 9001, which is applicable to any industry), and because of the differences between the two standards relating to continual improvement, compliance with ISO 13485 does not necessarily mean compliance with ISO 9001:2008 (and vice versa).
  • ISO/IEC 90003:2004 provides guidelines for the application of ISO 9001:2000 to computer software.
  • ISO/TS 29001 is quality management system requirements for the design, development, production, installation, and service of products for the petroleum, petrochemical, and natural gas industries. It is equivalent to API Spec Q1 without the Monogram annex.

Tuesday, March 05, 2013

Remote system freeze using Kaspersky Internet Security 2013


Kaspersky Internet Security 2013 (and any other Kaspersky product which
includes the firewall funcionality) is susceptible to a remote system
freeze.
As of the 3rd March 2013, the bug is still unfixed.

If IPv6 connectivity to a victim is possible (which is always the case
on local networks), a fragmented packet with multiple but one large
extension header leads to a complete freeze of the operating system.
No log message or warning window is generated, nor is the system able to
perform any task.

To test:
  1. download the thc-ipv6 IPv6 protocol attack suite for Linux from
www.thc.org/thc-ipv6


  2. compile the tools with "make"
  3. run the following tool on the target:
        firewall6 <interface> <target> <port> 19
     where interface is the network interface (e.g. eth0)
           target is the IPv6 address of the victim (e.g. ff02::1)
           port is any tcp port, doesnt matter which (e.g. 80)
       and 19 is the test case number.
     The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.

Solution: Remove the Kaspersky Anti-Virus NDIS 6 Filter from all network
interfaces or uninstall the Kaspersky software until a fix is provided.

The bug was reported to Kaspersky first on the 21st January 2013, then
reminded on the 14th Feburary 2013.
No feedback was given by Kaspersky, and the reminder contained a warning
that without feedback the bug would be disclosed on this day.






Courtesy: securityfocus.com and Marc Heuse