Windows Sysinternals is updating PsExec, ProcessExplorer, and PsPing
Psexec runs on port 445 and 139 which means it runs with other Microsoft programs and can hide itself within the normal funcitons of the computer.
The problem with this? hackers look for tools like this to see how they can develop a next generation malware attacks.
In the coming months we will see new and novel methods. So as a security professional one must make sure that unless your systems need this process it is wiser not to have it on your servers especially (maybe a test platform is ok).
Microsoft is always making more and easier methods to use their software, but do not give enough thought of the security implications.
This sentence is interesting:
“Specify a valid user name in the Domain\User syntax if the remote process requires access to network resources or to run in a different account. Note that the password is transmitted in clear text to the remote system.”
so basically if you want to run some commands remotely then the password will be transmitted in clear text and easily captured.
My recommendation: do not use this useful tool until you test it for security it’s implications.
The Storm center announces patch Tuesday with a typical list of new vulnerabilities
And a big reminder – Windows XP will have its last update in April
But also Office 2003 will have its last update in April as well. So please update our operating systems and Office versions in case you have not yet.
(even to the old machine in the back that should just be retired.) It is not a good idea to reuse computers and not watch them. reusing a computer has too many risks.
When PHP says new software is available: http://www.php.net/downloads.php
Then it is a good idea to perform the updates, as security enhancements are done for a reason.
You dont want to end up in the headlines.
Our more advanced service: Sigma (Σ) is the one to check if you have old software running
another post by Internet Storm Center
The Port 5000 (tcp) scans/attacks, are showing in logs again.
Almost 70000 scans/attacks in the last few days in the logs that the storm center captures.
Check your systems – have they been scanned?
Alpha scan them to see what the evil hacker is seeing.
RFGlobalnet has an article about a possible Wifi virus which propagates from one AP (access point) to another.
The University of Liverpool has set up a theoretical infection from one Wifi to another.
If a wifi system (AP) does not have good enough encryption setup, with a sophisticated password this attack could occur.
And Anti-virus programs will not protect.
The problem is that the danger has only been discovered, which means the nefarious methods are not even devised yet.
Keep you Wifi router correctly configured. Contact us for a remote Alpha scan.