VirusScan Enterprise 8.5i Patch 6.1 & Engine 5300

SuperDat Engine v.5300
The v.5300 engine has been released for elective download from 2008-JUL-30 via Download Engine Updates

VirusScan 8.5i Patch 6.1
A slight problem – Install Patch 6.1 rather than Patch 6, if you are running the 5300 Engine.

PATCH 6.1 RESOLVED ISSUES

1. ISSUE:
An issue can occur when the 5300 engine is installed prior to installing VirusScan 8.5i Patch 6. The scanner engine files are partially overwritten with the previous 5200 version that is stored in the MSI cache. This mismatch causes the scanner engine to fail to initialize.

RESOLUTION:
The Patch installation package has been updated to correct this issue, and does not overwrite the engine files.

[1] Download Engine Updates [McAfee]
[2] When is the new 5300 Scan Engine being released [McAfee]
[3] Virusscan Enterprise 8.5i Patch 6.1 [McAfee]
[4] Release Notes for VirusScan Enterprise 8.5i Patch 6.1 [McAfee]

Uncensor – Amnesty’s campaign to end Internet Censorship in China

China operates a sophisticated internet censorship regime and it is difficult to know exactly what information Chinese citizens can and can’t access. The lead-up to the 2008 Beijing Olympics has seen some previously inaccessible websites in China become wholly or partly accessible.

We have developed a method to test, monitor and report on changes in levels of censorship, to assist in pressuring the Chinese Government to not revert old ways once the Games are over. If you are travelling to China during 2008 you can register to become a Chinese Internet Censorship Index (CICI) tester. This simply involves testing access to specific websites. The sites chosen for testing are ones that a tourist or journalist might access, such as BBC news and flickr. We believe that participating in these tests presents no risk to visitors to China. – Amnesty International Australia

Nu Wa 怒娃 – the Uncensor China campaign mascot

The IOC are complicit in this censorship!
In spite of a public promise made in September 2006 that foreign media would enjoy uncensored internet access during the Olympics, China has continued to block internet information or websites that are not sanctioned. Sites that have been blocked include the BBC’s Chinese-language news, Germany’s Deutsche Welle, Radio Free Asia, several Hong Kong newspapers, Amnesty International and sites run by the banned sect Falun Gong.

IOC negotiated web censorship
MEMBERS of the International Olympic Committee had negotiated with Chinese authorities to allow censorship of the internet.
IOC Press Commission head Kevan Gosper has apologised for misleading the media by promising journalists that internet access during the Beijing Olympics would be unfettered.
Mr Gosper, an Australian, told the South China Morning Post that the IOC knew some sites would be blocked. …
- (2008-Jul-31) [The Australian]

The agreement between the IOC and the Beijing Olympic organising committee (BOCOG) commited China to provide the same access to reporters as in the previous Games in Athens and Sydney – the IOC has clearly lost control of the host city.

[Malware] Braviax (braviax/cru629/beep.sys)

Braviax.exe is Trojan/Backdoor program.

Note the spelling of “prevent” as “pervent” in the pop-up.

Be very careful downloading clean up applications for this malware as many of the programs on offer are also malware! You can scan any tool you download by using the VirusTotal online sacnner.
It is best to stay with products released by the mainstream AV vendors.

Braviax is rather hard to clean up from an infected system, you need to follow manual removal instructions and modify them for the variant that you are trying to deal with.

* Disables existing anti-virus and anti-spyware programs
* Downloads other Trojan files
* Will recreate itself if only C:\WINDOWS\SYSTEM32\braviax.exe is removed

Clean up details:
[1] Bleeping Crapware [CM2 Consulting]
[2] True Removal of Braviax (2008-Feb-24) [BigDadGib.net]
[3] malware braviax.exe installing malware winreanimator.exe [MajorGeeks]

E-mail Alert [phishing]

More of the “send me you login details” style fishing emails this morning. Please don’t respond to these emails – the email is a scam to gain access to your account. Please note that IT account managers will never ask for passwords or other sensitive information by email.

If you have replied to the email with your password(s) you should immediately change your password(s).

From: david stern [mailto:david@startnow.co.il]
Sent: Tuesday, 29 July 2008 3:19 AM
To: undisclosed-recipients
Subject: E-mail Alert

Dear Organisation User,

To complete your Organisation account, you must reply with your login details.
username: (*********)
password here (*********)

Failure to do this will immediately render your email address
deactivated from our database.

We apologise for the inconvenience that this will cause you during this
period, but trust you understand that our primary concern is for our
customers and for the security of their data.
our customers are totally secure
Regards

Organisation Support Team

This weeks links (2008-07-28)

Stop operating under a Principle of Most Privilege for the desktops

Stop operating under a Principle of Most Privilege for the desktops. In a corporate environment this is far easier. A little more difficult in an academic environment (I’ve been party to debates in academia on why we can’t do information security because it impedes academic freedom… luckily much of this has subsided, but still a problem). It is a very difficult problem at home, but there are still some things that we can do and some things that operating systems shouldn’t allow.
- John Bambenek [SANS]

Is Anti-Virus Dead? (2008-Jul-31) [SANS]

Proving that we have already lost …
(Previously discussed as You can’t do ‘that’ research in the UK!)

Academics have no “right” to research terrorist materials and they risk being prosecuted for doing so, the vice-chancellor of the University of Nottingham has told his staff.

Researchers have no ‘right’ to study terrorist materials
(2008-Jul-17) [Times Higher Education]

VMware ESXi Hypervisor Now Free

PALO ALTO, Calif., July 28, 2008 – VMware, Inc., (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced its stand-alone ESXi hypervisor will be available at no cost to help companies of all sizes experience the benefits of virtualization. Since 2001, VMware has provided the industry’s most popular and reliable hypervisor, which is now used by more than 120,000 customers. In December 2007, VMware announced significant improvements with ESXi – its third-generation stand-alone hypervisor. With the industry’s smallest footprint and OS-independence, ESXi sets a new bar for security and reliability. ESXi 3.5 update 2, available today, meets the criteria for mass distribution: (1) ease of use and (2) maturity and stability now having been ‘battle tested’ for six months with customers. The leading server manufacturers have all embedded VMware ESXi, including Dell, Fujitsu-Siemens, HP, IBM, and NEC. ESXi can be downloaded now from http://www.vmware.com/products/esxi/

VMware ESXi Hypervisor Now Free ( 2008-Jul-28 ) [VMware]

The real lesson is that the patch treadmill doesn’t work, and it hasn’t for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won’t prevent every vulnerability, but it’s much more secure — and cheaper — than the patch treadmill we’re all on now.

– Security Matters: Lesson From the DNS Bug: Patching Isn’t Enough
(2008-Jul-23) [Wired]

Windows rootkit detection/removal tools

A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. — wikipedia

Sophos Anti-Rootkit
Using Sophos Anti-Rootkit is easy. Whether you use its simple graphical user interface or run it from the command line, you can easily detect and remove any rootkits on your computer.
Sophos Anti-Rootkit

McAfee Rootkit Detective
McAfee Rootkit Detective is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.
McAfee Threat Center

Trend Micro RootkitBuster
Trend Micro RootkitBuster is a rootkit scanner that scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. In addition, RootkitBuster can also clean hidden files and registry entries.
Trend Micro

Panda Anti-Rootkit
Panda Anti-Rootkit shows hidden system resources, identifying known and unknown rootkits. It analizes hidden drivers, processes, modules, files, registry entries, SDT modifications, EAT hooks, modification to the IDT, non standard INT2E and SYSENTER, IRP hooks. Unlike other anti-rootkit utilities which merely “reveal” hidden objects, Panda Anti-Rootkit positively identifies known and unknown rootkits and gives the option of removing them, including their associated registry entries, processes and files.
download.com

[1] List of Free Anti-Rootkit/Rootkit detection software for Windows ( ) [www.windowsreference.com]

Tour de France 2008 – Stage XXI

Tonight is stage 21 (Étampes to Paris Champs-Élysées) 143 km

Stage Details:

• stage 21 – Étampes > Paris Champs-Élysées 143 km [www.letour.fr]
• Stage 20 – Cérilly > Saint-Amand-Montrond [SBS]
• Stage 21 – Sunday, July 27: Étampes – Paris/Champs Élysées, 143km [CyclingNews]
• Stage 21 • ÉTAMPES > PARIS CHAMPS-ÉLYSÉES • 143 km [EuroSport]
• Race wrap-up and Stage 21 preview: Étampes → Paris (Champs-Élysees), 143k (flat) [SteepHill]
• Route Tour de France 08, Étape 21: Etampes – Paris Champs-Élysées [bikemap.net]

Climbs:
Cat 4 – at:48.0 km – Côte de Saint-Rémy-les-Chevreuse – h:182m
Cat 4 – at:51.5 km – Côte de Châteaufort – h:186m

Le parcours 2008 : découvrez l’étape 21
(Tour de France YouTube Channel)

Live:
Live Race Data [Polar]
Live Telemetry [SRM]
Current local time in Paris (World Clock)
Live Audio|AudioPlayer [EuroSport]
Tour de France – Live Tracker [UBI Labs]
stage 21 – Étampes > Paris Champs-Élysées 143 km live [www.letour.fr]
Stage 21 – Sunday, July 27: Étampes – Paris/Champs Élysées, 143km Complete live report [CyclingNews]
Tour de France – *Etampes – Paris Champs-Elysées “live match” [Eurosport Yahoo!]
Live commentary (flash) [SBS]
TdFblog (Frank Steele’s) [Twitter]
Boulder Report Live Blog [bicycling.com]
SBS: Tour de France 2008 Forum [SBS]

Results:

17:44 – Steegmans Wins The Stage!
Gert Steegmans has won his second stage of the Tour de France. He held off a late charge from Gerald Ciolek and Oscar Freire.
– www.letour.fr

Places for stage 21:
01 Gert Steegmans (Bel) Quick Step 3.51.38
02 Gerald Ciolek (Ger) Team Columbia
03 Oscar Freire Gomez (Spa) Rabobank
04 Robbie McEwen (Aus) Silence – Lotto
05 Thor Hushovd (Nor) Crédit Agricole
06 Julian Dean (NZl) Team Garmin-Chipotle p/b H30
07 Stefan Schumacher (Ger) Gerolsteiner
08 Robert Förster (Ger) Gerolsteiner
09 Leonardo Duque (Col) Cofidis – Le Crédit par Téléphone
10 Robert Hunter (RSA) Barloworld

17:59 – Sastre Wins By 58 Seconds
The CSC team had controlled the peloton all day but in the final run to the line, the yellow jersey found himself in a group that finished 14″ behind the stage winner. Cadel Evans was seven seconds ahead. It means that, for the second successive year, the runner-up is less than a minute behind a Spanish winner.
The top 10 of the 2008 Tour de France is:
1. Carlos Sastre (ESP) CSC – 3,559.5km in 87h52’52″ (40.490km/h)
2. Cadel Evans (AUS) SIL at 58″
3. Bernhard Kohl (AUT) GST at 1’13″
4. Denis Menchov (RUS) RAB at 2’10″
5. Christian Vande Velde (USA) TSL at 3’05″
6. Frank Schleck (LUX) CSC at 4’28″
7. Samuel Sanchez (ESP) EUS at 6’25″
8. Kim Kirchen (LUX) THR at 6’55″
9. Alejandro Valverde (ESP) GCE at 7’12″
10. Tadej Valjavec (SLO) ALM at 9’05″
– www.letour.fr

Tour de Web:
(What others have to say about this stage)
[1] Stage 21 – Sunday, July 27: Étampes – Paris/Champs Élysées, 143km [Cycling News]
[2] RESULTS:Stage 21 – Sunday, July 27: Étampes – Paris/Champs Élysées, 143km [Cycling News]
[3] SBS Tour de France 2008: Stage 21 – Étampes > Paris Champs-Élysées [SBS]
[4] Stage 21 Photos [Graham Watson]
[5] — [TDF Blog]
[6] Stage 21 result: Gert Steegmans saves the Tour for his QuickStep team by claiming the sprint finish on the last day [Steephill.tv]
[7] — [The Tour de France for the Rest of Us]
[8] Stage 21 as it happened [BBC]
[9] Sastre wins Tour de France crown [BBC]
[10] Stage 21: (delay) [Spare Cycles]
[11] Tour de France ’08 Stage 21 Link Roundup [Spare Cycles]
[12] — [Tour de France Lanterne Rouge]
[13] France, with a Spanish accent [VeloNews]
[14] Stage 21 • ÉTAMPES > PARIS CHAMPS-ÉLYSÉES • 143 km [EuroSport]
[15] Daily Video – Stage 21 [Versus]

New DNS exploit now in the wild

Dan Kaminsky’s DNS vulnerability exploit is now in the wild. Ensure that all your DNS clients, name-servers and the namesevers have been patched.

Impact
An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver’s clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker’s control. — US-CERT

How to check your DNS?
i.) DoxPara Research DNS Checker
ii.) DNS-OARC’s Web-based DNS Randomness Test

Apple still have not released a patch!

Apple Punts, Doesn’t Patch Yet — Apple has yet to patch this vulnerability, which affects both Mac OS X and Mac OS X Server. While individual computers that look up DNS are vulnerable, servers are far more at risk due to the nature and scope of the attack. — TidBits

Resources
[1] Vulnerability Note VU#800113 Multiple DNS implementations vulnerable to cache poisoning (2008-Jul-08 ) [US-CERT]
[2] Recursive DNS Cache Auditing Resource (2008-Jul-25) [SANS]
[3] DNS bug – observations (2008-Jul-25) [SANS]
[4] Apple Fails to Patch Critical Exploited DNS Flaw (2008-Jul-24) [TidBits]
[5] New DNS exploit now in the wild and having a blast (2008-Jul-26) [ars technica]
[6] Kerfuffle erupts as DNS flaw described (2008-Jul-22) [SecurityFocus]
[7] Metasploit releases double-whammy for DNS (2008-Jul-24) [SecurityFocus]
[8] Increased Threat for DNS Spoofing Vulnerability (2008-Jul-25) [MSRC]
[9] Lesson From the DNS Bug: Patching Isn’t Enough (2008-Jul-23) [WIRED]

Tour de France 2008 – Stage XX

Tonight is Stage 20 (Cérilly > Saint-Amand-Montrond) 53 km
Individual time trial. Can Cadel Evans get the 1’34″?

Stage Details:

• stage 20 – Cérilly > Saint-Amand-Montrond 53 km [www.letour.fr]
• Stage 20 – Cérilly > Saint-Amand-Montrond [SBS]
• Stage 20 – Saturday, July 26: Cérilly – Saint Amand Montrond (ITT), 53km [CyclingNews]
• Stage 20 • CÉRILLY > SAINT-AMAND-MONTROND • 53 km (clm ind.) [EuroSport]
• Stage 20 preview: Saint-Amand-Montrond → Cérilly, 53k (TT) [SteepHill]
• Route Tour de France 08, Étape 20: Cérilly – Saint-Amand-Montrond [bikemap.net]

Le parcours 2008 : découvrez l’étape 20
(Tour de France YouTube Channel)

Live:
Live Race Data [Polar]
Live Telemetry [SRM]
Current local time in Paris (World Clock)
Live Audio|AudioPlayer [EuroSport]
Tour de France – Live Tracker [UBI Labs]
stage 20 – Cérilly > Saint-Amand-Montrond 53 km live [www.letour.fr]
Stage 20 – Saturday, July 26: Cérilly – Saint Amand Montrond (ITT), 53km Complete live report [CyclingNews]
Tour de France – *Cérilly – Saint-Amand Montrond “live match” [Eurosport Yahoo!]
Live commentary (flash) [SBS]
TdFblog (Frank Steele’s) [Twitter]
Boulder Report Live Blog [bicycling.com]
SBS: Tour de France 2008 Forum [SBS]

Results:

17:34 – Sastre: 2’34″ Behind Schumacher
Carlos Sastre may have lost 2’34″ to the stage winner today but the CSC team has finally claimed the yellow jersey. The Spaniard will win the Tour de France by 1’05″ over last year’s runner-up Cadel Evans. — www.letour.fr

Places for stage 20:
01 Stefan Schumacher (Ger) Gerolsteiner 1.03.50 (49.817 km/h)
02 Fabian Cancellara (Swi) Team CSC – Saxo Bank 0.22
03 Kim Kirchen (Lux) Team Columbia 1.01
04 Christian Vande Velde (USA) Team Garmin-Chipotle p/b H30 1.05
05 David Millar (GBr) Team Garmin-Chipotle p/b H30 1.37
06 Denis Menchov (Rus) Rabobank 1.55
07 Cadel Evans (Aus) Silence – Lotto 2.06
08 Sebastian Lang (Ger) Gerolsteiner 2.19
09 Bernhard Kohl (Aut) Gerolsteiner 2.21
10 George Hincapie (USA) Team Columbia 2.29

Tour de Web:
(What others have to say about this stage)
[1] Stage 20 – Saturday, July 26: Cérilly – Saint Amand Montrond (ITT), 53km [Cycling News]
[2] RESULTS:Stage 20 – Saturday, July 26: Cérilly – Saint Amand Montrond (ITT), 53km [Cycling News]
[3] SBS Tour de France 2008: Stage 20 – Cérilly > Saint-Amand-Montrond [SBS]
[4] Stage 20 Photos [Graham Watson]
[5] Schumacher takes 2nd TT as Sastre holds yellow [TDF Blog]
[6] Stage 20 results: Schumacher’s win is overshadowed by Sastre’s great defense of the Yellow Jersey [Steephill.tv]
[7] — [The Tour de France for the Rest of Us]
[8] Stage 20 as it happened [BBC]
[9] Sastre set to win Tour de France [BBC]
[10] Stage 20: (delay) [Spare Cycles]
[11] Tour de France ’08 Stage 20 Link Roundup [Spare Cycles]
[12] Stage Twenty: The decisive ITT [Tour de France Lanterne Rouge]
[13] Sastre holds it! [VeloNews]
[14] Stage 20 • CÉRILLY > SAINT-AMAND-MONTROND • 53 km (clm ind.) [EuroSport]
[15] Daily Video – Stage 20 [Versus]

ABC TV online – ABC iView

What is ABC iView? [1]
ABC iView is a new way to watch TV – a free internet broadcasting service that lets you watch ABC programs on your computer. We’ve created iView for the growing number of people with high speed internet connections (ADSL2, 1.1Mbps connection speeds), who want good quality pictures and great content to watch on their computer or web-enabled TV.

ABC internet television

The free service includes a channel featuring the ABC’s flagship news and current affairs programs as well as a children’s channel and “catch-up” service, which shows a range of programs currently screening on ABC1 and ABC2. [2]

The 6 channels:

1. ABC Catch up – The best weekly shows from ABC1 and ABC2
2. ABC Kazam – Kids’ action, adventure and animation
3. ABC News – The latest in news and current affairs
4. ABC Arts – Arts from Australia and beyond
5. ABC Docs – Natural history, social documentaries and factual series
6. ABC Shop – Previews programs from the ABC Shop

[1] ABC iView [ABC]
[2] ABC expands online presence with iView (2008-Jul-24) [ABC]
[3] Aunty puts five new channels online (2008-Jul-24) [The AGE]