Buffer overflow vulnerabilities are a significant threat to computer security and have caused some of the most high-profile security incidents in recent years. The aim of this article is to provide readers with a comprehensive understanding of what buffer overflow vulnerabilities are, how they occur, and the potential impact of exploitation.

Microsoft has taken several measures to enhance the security of Windows over the years. To combat the ever-increasing dangers of cybercrime, the tech giant has implemented new security features to the operating system and introduced patches and updates to fix vulnerabilities and reduce security risks.

On top of that, Microsoft has also developed various security tools and software, including Windows Defender, Microsoft Security Essentials, and Microsoft Safety Scanner, to help users protect their devices from potential threats. In fact, Microsoft subsequently released a patch that removes a security vulnerability found in an optional service that comes with Microsoft Windows NT 4.0 and Windows 2000 Servers. This vulnerability, if left unaddressed, could allow a malicious user to execute malicious code on a server running the service remotely.

These security measures can help prevent data breaches, identity theft, and other malicious activities. However, despite these efforts, Windows vulnerabilities and security threats remain significant. Hackers always discover novel methods to exploit system vulnerabilities and bypass security measures. That's why staying informed and regularly updating your device with the latest security patches and updates is crucial to safeguarding against new threats and vulnerabilities constantly emerging from cybercriminals.

The following are the most significant vulnerabilities that plagued the early versions of Windows:

When you transfer data from one location to another, you use temporary storage regions called buffers. But when the data you're transferring exceeds the buffer's capacity, the program writing the data to the buffer can overwrite adjacent memory locations, resulting in a buffer overflow. This issue is not limited to specific software types and often occurs due to malformed inputs or inadequate buffer allocation.

The Phone Buffer Service vulnerability, discovered by security research firms CORE-SDI and Stake back in 2000, is an excellent example of the buffer overflow vulnerability. This type of vulnerability occurs when attackers can exploit an unchecked buffer in a program by introducing malformed inputs. This was the case with the Phone Buffer Service, an optional component included with Microsoft Windows NT 4.0 and Windows 2000 Servers that could be used with Dial-Up Networking clients to provide a pre-populated list of dial-up networking servers. However, a particular type of malformed URL could trigger an unchecked buffer and allow attackers to gain unauthorized access to the system.

Several recent examples of buffer overflow vulnerabilities have demonstrated the ongoing threat they pose. The Phone Buffer Service vulnerability discovered in 2000 is just one of them. Other examples include Heartbleed, which allowed attackers to read sensitive information from affected systems; Shellshock, which allowed arbitrary code execution; Dirty COW (Copy-On-Write), which allowed attackers to gain root access; Struts2, which allowed arbitrary code execution; and EternalBlue, which allowed malware propagation. These vulnerabilities emphasize the significance of addressing buffer overflow vulnerabilities as soon as they are discovered.

One of Windows's most notable early vulnerabilities was the 'Ping of Death' attack, which emerged in the early 1990s. This attack exploited a flaw in how the Windows operating system handled large ICMP (Internet Control Message Protocol) packets. Hackers could send oversized ICMP packets to a target system, causing it to crash or freeze.

The 'Ping of Death' attack was particularly effective because it could be carried out remotely without physical access to the target system. In some cases, a single 'Ping of Death' packet could bring down an entire network. This vulnerability affected various versions of Windows, including Windows 95 and Windows NT.

Microsoft eventually addressed the 'Ping of Death' vulnerability by releasing a patch that fixed the issue. However, this attack served as a wake-up call for more robust security measures in the Windows operating system. It highlighted the potential risks of remote attacks and the importance of regularly updating systems with the latest security patches and updates.

Despite the patch, some hackers exploited the 'Ping of Death' vulnerability for years. It remained a significant threat to Windows systems until the early 2000s, when new security measures, such as firewalls and network intrusion detection systems, became more widely used.

Another notable early vulnerability that affected Windows was the 'Back Orifice' trojan. Developed by the hacker group Cult of the Dead Cow, this trojan was first released in 1998 and was designed to give hackers remote access to Windows systems. The trojan could be hidden within other files, making it difficult to detect and remove.

Once installed on a system, the 'Back Orifice' trojan could allow a hacker to access and control the system remotely. The trojan could perform various malicious activities, including stealing data, modifying files, and launching denial-of-service attacks. This vulnerability was particularly concerning because it was difficult to detect and allowed hackers to bypass traditional security measures, such as firewalls and antivirus software. The trojan could target Windows systems running various operating system versions, including Windows 95, 98, and NT.

Microsoft responded to the 'Back Orifice' trojan by releasing several security patches and updates to address its exploited vulnerability. The company also introduced new security measures in later versions of Windows, such as improved firewall protection and enhanced user account control. The exposure highlighted the growing sophistication of cyber-attacks and the need for stronger security measures in the Windows operating system.

As the number of Windows vulnerabilities increased, Microsoft began to take security more seriously. In 2002, Microsoft released Windows XP, which included several new security features, including the following:

Firewall: Windows XP included a built-in firewall that could help protect against network-based attacks. The firewall was turned on by default and could be configured to block incoming traffic from the internet or other networks.

Automatic updates: Windows XP introduced automatic updates, which allowed users to receive security patches and updates automatically. This feature helped ensure that systems were always up-to-date with the latest security fixes.

User Account Control: Windows XP introduced user account control (UAC), designed to prevent unauthorized changes to the system. UAC would prompt the user for permission before allowing changes that could affect the system.

Since then, Microsoft has continued improving Windows security with each new operating system version. Windows Vista, released in 2006, introduced the User Account Control (UAC) feature, which prompts users for permission before allowing applications to make system changes. Windows 7, released in 2009, included improvements to the built-in firewall and introduced a new feature called Action Center, which provides users with alerts and notifications about potential security issues.

Windows has come a long way since its early days when security was not a top priority. Today, its one of the most secure operating systems available, thanks to Microsoft's many security improvements over the years. While Windows vulnerabilities and malware attacks are still a concern, Microsoft's ongoing commitment to security means that users can feel confident that their devices are protected against the latest threats.

Read this article:
A Brief History of Windows Vulnerabilities: The Evolution of Threats ... - Infosecurity Magazine

Apples decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers saycould let attackers hijack network traffic. iOS, Linux, and Android devices may be vulnerable.

The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.

The attack exploits an inherent vulnerability in the data containers (network frames) routers rely on to move information across the network and how access points handle devices that enter power-saving mode.

To achieve the attack, miscreants must forcibly disconnect the victim device before it properly connects to the network, spoof the MAC address of the device to connect to the network using the attackers credentials, then grab the response. The vulnerability exploits on-device power-save behavior within the Wi-Fi standard to force data to be shared in unencrypted form.

The researchers have published an open source tool calledMacStealerto test Wi-Fi networks for the vulnerability.

Cisco downplayed the report, saying information gained by the attacker would be of minimal value in a securely configured network."

The company does, however, recommend that network admins take action: To reduce the probability that the attacks that are outlined in the paper will succeed, Cisco recommends using policy enforcement mechanisms through a system like Cisco Identity Services Engine (ISE), which can restrict network access by implementing Cisco TrustSec or Software Defined Access (SDA) technologies.

"Cisco also recommends implementing transport layer security to encrypt data in transit whenever possible because it would render the acquired data unusable by the attacker, the company said.

The security researchers point out that denial-of-service attacks against Wi-Fi access points have been around forever, arguing that the 802.11 standard needs to be upgraded to meet new security threats. Altogether, our work highlights the need for the standard to consider queuing mechanisms under a changing security context,they wrote.

Apple recently extended its MAC Address Randomization feature across iPhones, iPads, Macs, and the Apple Watch. This additional layer of security helps mask devices by using randomly generated MAC addresses to connect to networks.

The MAC address is a device specific 12-character number that can reveal information concerning the device and is used as an intrinsic part of the Wi-Fi standard. The router will use this to ensure requested data goes to the correct machine, as without that address it would not recognize which machine to send information to.

As explained here, MAC Address Randomization helps mask the exact device on the network in a way that also makes data transmitted over that network a little more complex to decode. Security experts agree that, in a broad sense, it might help make the form of attack identified by the researchers a little harder to pull off. It isnt foolproof protection, in part because it can be disabled by network providers who might insist on an actual address for use of the service.

MAC Address Randomization is also not enforced when a device connects to a preferred wireless network, and if an attacker is able to identify the random address and connect it to the device they could still mount an attack.

Every step you take to protect your devices, particularly when using Wi-Fi hotspots, is becoming more essential, rather than less.

Watchguards latest Internet Security Report confirms that while there has been some decline in the frequency of network-based attacks, many Wi-Fi networks might be vulnerable to the exploit.The report also reveals that endpointransomware increaseda startling627%,whilemalware associated with phishing campaignscontinues to bea persistent threat.

A continuingand concerningtrend in ourdata andresearch showsthatencryption or, more accurately, the lack of decryption at the network perimeter is hiding the full picture ofmalwareattack trends,said Corey Nachreiner,chiefsecurityofficer at WatchGuard.It is critical for security professionals to enableHTTPS inspectionto ensure these threats areidentified and addressed before they can do damage.

Please follow me onMastodon, or join me in theAppleHolics bar & grillandAppleDiscussionsgroups on MeWe.

Follow this link:
Researchers warn of Wi-Fi security flaw affecting iOS, Android, Linux - Computerworld

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.

A seizure notice left on the FlyHosting domains.

A statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating an internet service since mid-2021. The German authorities did not name the suspects or the Internet service in question.

Previously unknown perpetrators used the Internet service provided by the suspects in particular for so-called DDoS attacks, i.e. the simultaneous sending of a large number of data packets via the Internet for the purpose of disrupting other data processing systems, the statement reads.

News of a raid on FlyHosting first surfaced Thursday in a Telegram chat channel that is frequented by people interested or involved in the DDoS-for-hire industry, where a user by the name Dstatcc broke the news to FlyHosting customers:

So Flyhosting made a migration with it[s] systems to new rooms of the police ;), the warning read. Police says: They support ddos attacks, C&C/C2 and stresser a bit too much. We expect the police will take a deeper look into the files, payment logs and IPs. If you had a server from them and they could find bad things connected with you (payed with private paypal) you may ask a lawyer.

An ad for FlyHosting posted by the the user bnt on the now-defunct cybercrime forum BreachForums. Image: Ke-la.com.

The German authorities said that as a result of the DDoS attacks facilitated by the defendants, the websites of various companies as well as those of the Hesse police have been overloaded in several cases since mid-2021, so that they could only be operated to a limited extent or no longer at times.

The statement says police seized mobile phones, laptops, tablets, storage media and handwritten notes from the unnamed defendants, and confiscated servers operated by the suspects in Germany, Finland and the Netherlands.

In response to questions from KrebsOnSecurity, Germanys Hessen Police confirmed that the seizures were executed against FlyHosting.

The apparent raids on FlyHosting come amid a broader law enforcement crackdown on DDoS-for-hire services internationally. The U.K.s National Crime Agency announced last week that its been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

In mid-December 2022, the U.S. Department of Justice (DOJ) announced Operation Power Off, which seized four-dozen DDoS-for-hire domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services.

Update, April 3, 9:30 a.m. ET: Added confirmation from Hesse Police.

More here:
German Police Raid DDoS-Friendly Host 'FlyHosting' Krebs on ... - Krebs on Security

Jacksonville, Florida, March 28, 2023 (GLOBE NEWSWIRE) -- Everything Blockchain Inc., (OTCMKTS: EBZT), a technology company that is blending blockchain, DBMS and Zero Trust to deliver disruptive new ways to store, manage and protect data, today announced a partnership with the Center for Internet Security, Inc. (CIS®) in the CIS CyberMarket®. CIS is a non-profit cybersecurity organization committed to keeping the connected world a safer place.

Everything Blockchain, Inc. delivers novel solutions to the market that protect and securely store intellectual property. The company’s EB Control application safeguards data on the owner's local device by creating a secure vault which can be stored, transported or shared; allowing the owner to maintain complete control for the life of the data. With EB Control, data and files can be geo-fenced, time-fenced and data rights management invoked so that data can be confidently shared and controlled outside of your secure domain.

We are excited to be working with CIS and proud to be recognized by them for inclusion into the CyberMarket,” said Toney Jennings, CEO, EBI. By making our solutions available through the CyberMarket, important and critical State, Local, Tribal and Territorial organizations will have easy access to tools that will protect them and their communities. We look forward to a productive partnership.”

CIS CyberMarket is a collaborative purchasing program that serves U.S. State, Local, Tribal and Territorial (SLTT) government organizations, nonprofit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement. By leveraging the collective purchasing power of participating public and nonprofit organizations, CIS CyberMarket works with industry-leading cybersecurity providers to secure significant group purchasing opportunities to meet the ever-evolving cybersecurity needs of customer organizations.

It is a distinct pleasure to welcome EBI to the CIS CyberMarket community,” said Cat Werbeck-Marczan, CIS VP of Cybersecurity Services Program Office. This partnership will provide U.S. State, Local, Tribal, and Territorial government organizations with access to EBI’s innovative cybersecurity solutions to protect their digital assets against a constantly evolving cyber threat landscape.”

For more information about the Center for Internet Security and CIS CyberMarket, contact CIS Media Relations Manager Kelly Wyland at kelly.wyland@cisecurity.org or 518-256-6978.

For more information about EBI, visit everything blockchain.io.

About CIS:

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit CIS or follow us on Twitter: @CISecurity.

About Everything Blockchain Inc. Everything Blockchain, Inc. (OTCMKTS: EBZT) envisions a future where every transaction is trusted and blockchain is used to meet ESG goals, support cities of the future, build and control the transparency of supply chains and ensure the rights of data ownership sustain forever. The company’s patent-pending advances in blockchain engineering deliver the essential elements needed for real-world business use: speed, security, and energy efficiency. Current sub-brands include: EB Advise, EB Build and EB Control. For more information, please visit https://www.everythingblockchain.io/

Forward Looking Statements This news release contains forward-looking statements” which are not purely historical and may include any statements regarding beliefs, plans, expectations or intentions regarding the future. Such forward-looking statements include, among other things, the development, costs and results of new business opportunities and words such as anticipate”, seek”, intend”, believe”, estimate”, expect”, project”, plan” or similar phrases may be deemed forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Actual results could differ from those projected in any forward-looking statements due to numerous factors. Such factors include, among others, the inherent uncertainties associated with new projects, the future U.S. and global economies, the impact of competition, and the Company’s reliance on existing regulations regarding the use and development of blockchain and zero trust- based products. These forward-looking statements are made as of the date of this news release, and we assume no obligation to update the forward-looking statements, or to update the reasons why actual results could differ from those projected in the forward-looking statements. Although we believe that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that any such beliefs, plans, expectations or intentions will prove to be accurate.

Continued here:
2023-03-28 | OTCPK:EBZT | Press Release | Everything Blockchain ... - Stockhouse

A news conference held by content creators and some legislators at the U.S. Capitol Wednesday shined the light on internet security once again. Weeks ago, the Biden administration ordered all government employees to delete TikTok, an app known for its short videos, from all devices.

The employees were given 30 days to comply, and that month is coming to an end next week. TikTok is owned by Chinese company ByteDance, whose CEO Shou Chew testified before the U.S. House Committee on Energy and Commerce today.

Garrett Culver, a local IT consultant, broke down the situation.

Concern over TikTok seems to be in two camps, he said. The first is the obvious data collecting that apps can do based on your interests, your location and many other pieces of information that might be stored in or around your phone.

This is almost mundane these days, as almost everyone with a smart phone expects to give up a certain level of privacy. Is it worse when the data collected goes to a Chinese company instead of an American one? Some people believe so.

He said the second school of thought, and the often larger concernis that ByteDance could be forced by the Chinese government to alter the algorithm for users in the U.S., to show them heavily biased videos around elections.

The concern is that this could influence public opinion in favor of Chinese positions on political issues, Culver said.

These arguments come as President Biden has endorsed the RESTRICT Act, which authorizes the secretary of commerce to review and prohibit certain transactions between people in the United States and foreign adversaries. That bill has been gaining bipartisan support after The New York Times confirmed ByteDances security investigation uncovered four employees at TikTok were collecting the data of a journalist at the Times.

In his testimony today, Chew said data collected from the app has never been shared with the Chinese government. He also highlighted some security measures TikTok is working to implement to make the app safer.

Many TikTok users have said this is a ban on free speech as it prohibits them from using the platform.

In a press conference on March 1, White House Deputy Press Secretary Karine Jean-Pierre said the White House has concerns about TikTok being a national security concern.

We have been clear about our concerns about TikTok, apps like TikTok, and, certainly, our concerns with countries, including China, as they seek to leverage digital technologies and Americans data in ways that can harm and risk our national security, she said.

Culver said there are ways people can make sure their privacy settings are secure.

On many phones, you can go to Settings, then Apps, then select TikTok itself, then Permissions and see what permissions you have granted to the app, he said. If you are not recording your own TikToks, for instance, you can probably take away permission for it to access your camera and microphone.

The White House has also said an easy remedy to keep TikTok is for ByteDance to sell TikTok to an American company who can safely control the data.

Questions have been raised about how selling the app or heightening security could alter the effectiveness of the algorithm the one thing that sets TikTok apart from other apps. Made of many short videos, TikTokis able to gather data to recommend videos as users continue to scroll through the app.

It seems that these privacy permissions have less impact on TikTok's algorithm, as it is mostly designed for optimizing engagement, Culver said. It pays attention to how long you watch a video before you swipe, how many times you let a video loop and if you scroll past a video then scroll back to it.

Likes, comments and subscriptions are practically like fireworks for the algorithm, as well. Data like that is how they learn to feed you a steady stream of content they know you will watch, and that is how the app is designed to work, there isn't much you can do in your privacy settings to counteract that.

Hearings and testimonies are expected to continue this week and in coming weeks.

The rest is here:
Questions of TikTok privacy fuel concern over internet safety - thecorryjournal.com