Security Watch

Win7 UAC Debate Nipped With Fix

Plus, Microsoft revamps security portal; printer flaws get fixed; drivers get spammed.

• By Jabulani Leffall
• 02/09/2009

The brouhaha stemmed from blogs early last week by independent researchers Rafael Rivera and Long Zheng saying they had indentified noticeable holes in the new Windows OS that allow elevation of privilege exploits to either turn off the UAC feature or automatically elevate administrative privileges remotely without knowledge of the PC's primary user.

After several exchanges, where representatives of the software giant related differences in opinion with the bloggers, Redmond nipped the situation in the bud by coming up with two planned changes to the UAC in response to user feedback. Those changes will be seen in the upcoming Release Candidate (RC) version of Windows 7, explained Microsoft executives Jon DeVaan and Steven Sinofsky in the "Engineering Windows 7" blog.

Redmond's Security Portal Redesigned
Microsoft takes security seriously. These aren't my words, but they are the opening statement of an announcement last week touting the redesign of Redmond's security information portal. The revamp will be focused on supporting IT Pros and addressing their unique security needs. Chief among the subject matter that can be found on the rejiggered site are what type of vulnerabilities potentially exist in a given enterprise environment, how administrators can manage identity preservation and access controls and how to stay abreast on evolving security issues. Additionally, there are compliance blogs, briefings on the upcoming Blue Hat Conference and different experts chiming in on developer, consumer and enterprise-wide security trends. Stay tuned!

Even Printers Need Patching
Toward the end of last week, PC and tech hardware concern Hewlett-Packard released a security advisory saying certain HP LaserJet printers, Color LaserJet printers as well as HP Digital senders were all vulnerable to remote code execution exploits that could give hackers unauthorized access to sensitive files. Of course it doesn't involve a physical break in or an on-site programming of the hardware. Rather, it's the firmware application that sits on the Windows OS and helps the PC communicate with the applicable printers. The RCE exploit forges an incursion that gives the hacker a foray into a printers' application or Web-based control interface to "read arbitrary system configuration files, cached documents and printer queue lists." The advisory comes after security shop Digital Defense Inc. indentified the issue and reported it to HP in October 2008.

Parking Violation = Malware?
Firewalls. Ccorrupted files. Spam with bad code. Those were the traditional vectors hackers used to plant malware on a system or gain access to a workstation. Now they just give you a parking ticket. Last week the SANS Internet Storm Center discovered a case in Grand Forks, North Dakota where yellow card-like fliers presumed to be tickets were found on cars in a parking lot. The would-be tickets read: "PARKING VIOLATION: This vehicle is in violation of standard parking regulations."

The card then instructs the ticket recipient to visit a specified Web Site. From this point, hackers count on law-abiding users to go home and log on where, strangely enough, they'll see a picture the parking lot where their car was. A few clicks later, a fake Internet Explorer security alert pops up asking the user if they'd like to do a quick antivirus scan. The infection starts from there. The combination of parking tickets and malware makes public transportation look that much better.