Guardian reporter delayed e-mailing NSA source because crypto is a pain

If you still haven't gotten around to encrypting your e-mail, you have company. Glenn Greenwald, the civil liberties writer who recently exposed the National Security Agency's vast data-collection programs, wasn't quick to jump on the e-mail encryption wagon either.

According to recent articles in The New York Times and The Huffington Post, Greenwald first heard from National Security Agency (NSA) whistleblower Edward Snowden in either January or February. Snowden said he had information that would be of "great interest" and said he wanted to communicate securely using PGP encryption. According to accounts by both publications, the request was a nonstarter.

"Mr. Greenwald wrote back that he did not have such software," the NYT reported. "Mr. Snowden later sent him a homemade video with step-by-step instructions for installing it, which Mr. Greenwald watched but never completed." Greenwald then brought the same request to documentary filmmaker Laura Poitras. Given her experience covering surveillance and working with sensitive sources, she was more comfortable encrypting her communications.

Read 4 remaining paragraphs | Comments

Microsoft Patch Tuesday – June 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jun

The following is a breakdown of the issues being addressed this month:

  1. MS13-047 Cumulative Security Update for Internet Explorer (2838727)

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3110) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3111) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3112) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3113) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3114) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3116) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3117) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3118) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3119) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3120) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3121) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3122) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3123) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-3124) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-3125) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Script Debug Vulnerability (CVE-2013-3126) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly processes script while debugging a webpage. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3139) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3141) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3142) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)

    Kernel Information Disclosure Vulnerability (CVE-2013-3136) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could disclose information from kernel addresses.

  3. MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)

    TCP/IP Integer Overflow Vulnerability (CVE-2013-3138) MS Rating: Important

    A denial of service vulnerability exists in the way that the Windows TCP/IP driver improperly handles packets during TCP connection. An attacker who successfully exploited this vulnerability could cause the target system to stop responding.

  4. MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)

    Print Spooler Vulnerability (CVE-2013-1339) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Microsoft Windows Print Spooler handles memory when a printer is deleted.

  5. MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)

    Office Buffer Overflow Vulnerability (CVE-2013-1331) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Office parses specially crafted Office files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Linux Kernel Exploit Ported to Android

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for Linux (PCL)—currently being exploited on various platforms—has now been modified to work on the Android operating system.  

For anyone unfamiliar with the Android operating system, it is based off the open source Linux operating system. This means that many of the discovered Linux kernel based vulnerabilities have the possibility of being exploited in Android devices. However, with different Android devices using different versions of the Linux kernel, only certain devices may be affected by a particular exploit.

Privilege escalation exploits are particularly dangerous as they can allow cybercriminals to gain complete control over the compromised device. The Android operating system normally sandboxes every application so they cannot perform sensitive system operations or interfere with other installed applications. In the past, we have seen malware use privilege escalation exploits to access data from other applications, prevent uninstall, hide themselves, and also bypass the Android permissions model to enable behaviors such as sending premium SMS messages without user authorization.

As we noted in a 2011 blog on Android.Rootcager, privilege escalation exploits are quickly incorporated into malware, so we expect to see Android malware incorporating this new privilege escalation exploit before too long.

Symantec will continue to monitor the threat landscape for the use of any exploits. Until a patch is made available for all Android devices affected by this exploit, and to avoid becoming a victim of malicious applications, we recommend that you only use reputable marketplaces for downloading and installing applications.

If you suspect that your Android device has been compromised in any way, be sure to download the latest update to Norton Mobile Security and perform a full scan.

Microsoft Releases June 2013 Security Bulletin

Original release date: June 11, 2013

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for June 2013. These vulnerabilities could allow remote code execution, information disclosure, denial of service, or elevation of privilege.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.


This product is provided subject to this Notification and this Privacy & Use policy.