Kaspersky

There was a great article from the Council on Foreign Relations regarding the hypocrisy surrounding Kaspersky since the U.S. government earlier this month banned federal agencies from using Kaspersky Lab software.  Best Buy is getting in on the action and will stop selling Kaspersky products because of possible(?) ties to the Russian government.  Why doesn’t Best Buy get rid of some of the other shit-for-security products on its shelves as well if it’s so concerned about security?

The U.S. House Science Committee received a classified briefing Tuesday related to Kaspersky.  I’d really wish some more details over the alleged collusion between Kaspersky and the Russian government would see the light of day.

And what would a Kaspersky post be without an RT link!?  ‘It’s crazy’: Kaspersky Lab attacked in US only for being Russian, says founder

SophosLabs Released Free Tool to Validate Microsoft Shortcut

I read this on the Internet Storm Center yesterdaySophos has released a tool that will provide detection against the Windows shortcut exploit announced last week (originally being used to exploit Siemens SCADA machines).  Be careful, this is a nasty vulnerability with a large scope — the entire Windows family of OS going back to NT as far I’m aware.  If you want to play with the vulnerability yourself it has to be added to Metasploit — thanks hd!

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.

Trend Officescan – Proof of concept

In April a Trend vulnerability was discovered.  The Trend real time scan service can be exploited by running a scan on a long directory name.  It’s surprising that this vulnerability was discovered and yet is still exploitable in the latest release of Trend — which I’ve confirmed today.  What’s neat is someone who only has user level privilege on a machine would be able to halt the Trend service and then potentially run some nasty code.

Here’s a VB project that will generate a long directory name and then attempt to run the scan: Trend POC (I’ve also compiled the source for those who don’t have VB — rename the .exe_ to .exe)

I’m running AVG Free on my Windows machine and happy with that.