New Attack Kit Targets Bag of ActiveX Bugs

Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday.

Fewer than half of the flawed ActiveX controls have been patched.

The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft, Citrix Systems and Macrovision, as well as hardware makers D-Link, Hewlett-Packard, Gateway and Sony, said a Symantec researcher.

“What’s interesting about this attack is that there are so many vulnerabilities in one attack that have not been seen in the wild previously,” said Symantec researcher Patrick Jungles, who wrote an analysis of the multistrike package for customers of the company’s DeepSight threat service.

According to Jungles, visitors to compromised Web sites are redirected by a rogue IFRAME to a malicious site serving the package. The attack pack tests the victim’s PC for each ActiveX control, detects whether a vulnerable version of a control is installed, and then launches an attack when it finds one.

Bugs in ActiveX, a Microsoft technology used most often to create add-ons for the company’s Internet Explorer browser, have always been common, but so many serious flaws have been disclosed of late that some security experts have recommended that users do without them.

The seven exploited in the package outlined by Jungles are a mix of old and brand-new flaws. For example, Microsoft’s own ActiveX vulnerability — a bug in IE’s Speech API — was disclosed in June 2007, while the vulnerability in the Citrix Presentation Server Client control harks back even further, to December 2006. Others, such as the ActiveX bugs in D-Link’s security webcams and in Sony’s ImageStation, are much more recent, having been revealed in February.

Four of the seven ActiveX flaws — those in the D-Link, Gateway, Sony and Macrovision products — have not been patched, said Jungles.

Assuming the exploit framework succeeds in compromising a PC, the hackers drop a Trojan on the machine that turns it into a spam-spewing zombie; the Trojan includes a rootkit component to mask the malware from antivirus scanners.

Symantec added that while the initial IP address that sent users to the malicious site was no longer infected with the IFRAME code, other addresses were redirecting users.

“The list of IPs involved in the exploitation is by no means comprehensive,” said Jungles, “because the nature of the exploitation indicates that several other sites are likely forwarding victims.” The IFRAME code, he continued, had been found embedded in the legitimate sites’ HTML and was at times distributed via online advertisements; DNS poisoning, he said, was also suspected.

Jungles’ report recommended that users apply patches, when they’re available, and set the “kill bit” on those ActiveX controls that have not yet been updated by their makers.

Sony Launches World’s Smallest HD Camcorder

Sony has developed what it says is the world’s smallest high-definition video camcorder. The Sony HDR-TG1 measures 32mm by 119mm by 63mm and weighs 300g.

It’s a tall and thin camcorder with a fold-out display – a design along the same lines as Sanyo’s Xacti line of high-def camcorders, but the Sony camcorder is about two-thirds the volume of Sanyo’s latest full high-def model.

Sony plans to put it on sale in Japan later this month and in the US in May.

One of the secrets of its thinness is the lack of a DV tape desk, hard-disk or optical drive. Instead the TG1 records to a Memory Stick Pro Duo or Pro-HG Duo memory card. The camera lays down AVCHD format video at 1,920 by 1,080 resolution (so-called ‘Full HD’). AVCHD is a high-def format developed by Sony and Panasonic that’s designed to provide some compatibility between camcorders and living room disc players and other entertainment hardware.

In the highest quality ‘FH’ mode, which is full HD resolution at 16Mbps, the supplied 4GB card will be able to store 25 minutes of footage. This lengthens to 55 minutes in HQ mode, which records a 1,440 by 1,080 resolution image at 9Mbps. The SP and LP modes record drop the video bit rate – and thus the quality – to 7Mbps and 5Mbps, respectively and result in 65 minutes and 85 minutes of recording time.

As with other card-based cameras, higher capacity cards mean more recording time.

In addition to video the camcorder can also take 4-megapixel resolution still images. Like some of Sony’s still cameras the TG1 has face detection and can track up to eight people in the shot.

Other features include an optical 10X zoom, 2.7-inch widescreen touch panel LCD monitor and HDMI connector.

It will be available in the US in May and will cost about $900.

Apple MacBook Air Hacked In Two Minutes

Apple’s MacBook Air was hacked in just two minutes at the CanSecWest security conference’s PWN 2 OWN hacking contest, with former National Security Agency employee Charlie Miller walking away with a $10,000 prize.

Show organizers also offered a Sony Vaio, Fujitsu U810 and the MacBook Airas prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed ’0day’ attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit websites or open email messages.

The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges today.

Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within two minutes, he directed the contest’s organizers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he’s not allowed to discuss particulars of his bug until the contest’s sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.

By late Thursday, Apple engineers were already working on patching the issue, said Aaron Portnoy, a TippingPoint researcher who is one of the contest’s judges.

Miller’s $10,000 payday may sound sweet, but it’s not the most Miller has been paid for his work. In 2005, he earned $50,000 for a Linux bug he delivered to an unnamed government agency.

Last year’s contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn’t participate in this year’s contest, saying it was time for someone else to win.

Shane Macaulay, who was Dai Zovi’s co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.

But it was all in vain.

“It’s one thing to find a vulnerability, it’s another thing to make working exploit code,” said Terri Forslof, TippingPoint’s Manager of Security Response.

Forslof said that a number of “high quality” researchers have said that they will attempt to hack the machines on Friday, the last day of the conference.

She expects both systems to be hacked on Friday, when contest rules will be further eased, and hackers will be able to attack popular third-party software that can be installed on the systems. “I don’t think we’ll have to take any home,” she said.

Sony Unveils First Internal Blu-ray Disc Drive

Sony Electronics unveiled its first internal Blu-ray disc (BD) ROM drive (BDU-X10S) for the computer. The drive offers consumers an option to upgrade their desktop to a Blu-ray player, which can also play DVDs and CDs.

The BDU-X10S now comes bundled with the CyberLink’s PowerDVD BD Edition software for playing movie titles, recorded Blu-ray disc home videos, DVD-ROMs and CD-ROMs. It also supports playback of recorded Blu-ray discs in MPEG-2 or H.264 format, standard DVD-Video discs or recorded DVDs encoded with MPEG-2 or AVCHD formats.

The internal drive allows fast and easy transfer of data or videos through its high-speed Serial ATA (SATA) interface.  Its standard 5.25-inch form factor enables easy installation in desktop PCs running Microsoft Windows Vista or Windows XP operating systems.

Other technical specifications include,  8x DVD ROM (Read Only), 24X CD-ROM (Read Only), data buffer size of 4MB, physical dimension of 5.25 x 1.63x 7.0 inch and installation angle supporting both vertical and horizontal.

Sony BDU-X10S is available through Rashi and its branches throughout India for Rs. 16,950 and enjoys one year warranty.

Windows XP SP3 Due Next Month

Microsoft will release Windows XP Service Pack 3 during the second half of April, according to a report from a Web site that has correctly predicted recent Windows ship dates.

TechARP.com, a Malaysian Web site that nailed Vista SP1′s release-to-manufacturing (RTM) date last month as well as its release to Windows Update last week, said that Microsoft will wrap up work on XP’s third and final service pack next month. The site pegged RTM for Windows XP SP3 as “second half of April 2008″ for seven languages, with a follow-on RTM of the remaining supported languages “approximately 21 days” later.

By TechARP’s account, Microsoft will first finish work on the Chinese, English, French, German, Japanese, Korean and Spanish versions of the service pack.

Microsoft declined comment, other than to repeat an earlier statement about the service pack’s timing. “We are targeting 1H [first half] 2008 for the release of XP SP3 RTM, though our timing will always be based on customer feedback as a first priority,” a spokeswoman said in an e-mail.

The last time Microsoft made a public move with Windows XP SP3 was a little over a month ago, when it posted a second release candidate to Windows Update.

About two weeks ago, however, XP SP3 caused a minor stir when what was purportedly the newest build leaked to the Internet and hit BitTorrent search sites such as The Pirate Bay. Although Microsoft initially refused comment, last week it acknowledged that the build — designated 5503 — was real and had been released to a portion of the invitation-only beta test group.

It also warned users away from any download. “This build was not intended for public release and anyone who has that build and is not part of the private beta is working with bits that Microsoft can’t verify,” a company spokeswoman said in an e-mail last week. “It’s possible the bits may have been modified with malware or other bad code that Microsoft hasn’t tested.”

Multiple versions of XP SP3 build 5503, including English- and Russian-language editions, are available via BitTorrent.

Once SP3 ships, the next major milestones for Windows XP are June 30, when the popular operating system is slated to fall off the reseller and retail availability list, and Jan. 31 2009, when it will be taken out of all distribution channels, including system builders.

Angry Vista Users Vent Over SP1 Driver Issues

Last Tuesday, Microsoft released Vista SP1 to Windows Update, giving most users their first shot at obtaining the service pack. Previously, only earlier testers, volume licensing customers, and IT professionals and developers who subscribed to TechNet or Microsoft Developer Network had access to SP1.

But as it added Vista SP1 to Windows Update, Microsoft also spelled out numerous caveats, telling users that there are as many as eight different reasons why they might not find the update in the Windows Update listing on their PC. Among those reasons: any of 31 language packs, earlier installed versions of SP1, various prerequisite updates, and a number of device drivers.

The service pack is being withheld from machines containing one or more of the listed drivers because, as Microsoft put it in a support document, “these device drivers are problematic on Windows Vista-based computers when you update to Windows Vista SP1.”
That made an industry analyst wonder about Microsoft’s driver testing process. “When Microsoft said there were problems with drivers, I assumed it was some odd scanner or camera or an ancient printer or something,” said Michael Cherry, analyst with Directions on Microsoft, a Kirkland, Wash.-based research firm. “But then I saw the list. It makes me wonder what’s going on with device driver testing.

“Microsoft keeps saying that there’s this vast ecosystem of device drivers, but it appears there’s a much smaller number of reliable, well-tested drivers. Because if these drivers [on Microsoft's list] were tested, that calls into question the testing process.”

In fact, many of the complaints posted in comments to Microsoft’s Vista blog were related to drivers. For example, one user tried to plumb the depths of his PC to determine why Windows Update suppressed the service pack, but gave up.

“I’m not being offered Vista SP1 on my new Dell XPS M1530 laptop. As far as I can tell, I have two pieces of hardware in the problem list, but the driver versions I have seem to be OK,” said “markheath,” on the Microsoft blog. “So my question is, is there any way of finding out exactly what is stopping me from being shown SP1 via Windows Update? I’m tired of looking at driver versions.”

Others were upset at being forced to root through their PCs to find out why they couldn’t update. “I have just spent 1-2 hrs figuring out that I have one of the problem drivers hence why windows update isn’t offering me SP1,” said someone pegged as “scoobie” on the same blog. “Neither is it offering me an updated new driver. In my book that is not a good customer experience and a bit of a waste of my time.”

But there were still others who, after identifying a blocking driver, wondered where to point fingers. “I have SigmaTel audio drivers that are in conflict with SP1. Therefore, SP1 is not available to me via Windows Update,” said “Fatalah” on the Vista blog. “SigmaTel was purchased by another company, and driver updates are solely in the hands of OEMs now (Gateway, Dell, HP etc.) I do not expect Gateway to update this driver any time soon. When will SP1 be fixed to work with my old SigmaTel drivers?”

Another user, simply dubbed “Russieb,” seconded the motion. “No one seems to be addressing the ‘problem’ drivers, specifically SigmaTel. As Fatalah mentioned any SigmaTel ‘driver updates are solely in the hands of OEM’s now.’  Sony don’t [sic] want to know, neither do [sic] Microsoft! This is stopping a large number of users from installing SP1. Can anyone help?”

Cherry felt their pain. “I assumed in February that the drivers would be for an obscure bunch of peripherals, not drivers with this kind of usage.”

To Microsoft’s credit, the company has offered free support to any user with Vista SP1 issues. In several messages posted to the same comment thread as user complaints, Brandon LeBlanc, who identified himself as a Microsoft employee, directed people to the free support Web site.

“You have a variety of options you can choose for support — all of which will NOT cost you any support fee,” said LeBlanc. “I repeat: support for SP1 will NOT cost you anything — as long as you choose the correct option for support.”

Sony PS3 Set To Enable Downloads

Sony announced that its PlayStation 3 is poised to take the next step in the evolution of the Blu-ray Disc format.

The firmware update, due soon, will update the PS3 to Blu-ray Disc Profile 2.0, also referred to as BD Live. BD Live enables Internet-connected activities such as multiplayer gaming, e-commerce, downloading new content, and social networking.

BD Live impressed crowds earlier this year at the Consumer Electronics Show, where Sony demonstrated downloading ring tones and new content to a BD Live player. Sony announced last October that the PlayStation 3 would support BD Live. Now, it appears that the PS3 will be the first Blu-ray Disc player to support this latest advancement in the Blu-ray format. Sony Electronics’ own forthcoming BD Live-capable players aren’t due out until this summer and fall.

Director of PlayStation Network Operations, Eric Lempel, revealed the news in his latest blog entry, ahead of the company sending out a press announcement.

The first titles to take advantage of BD Live are due out on April 8 from Sony Pictures Home Entertainment: The 6th Day and Walk Hard — The Dewey Cox Story. The extent of the BD Live features on these titles remains unknown.

Releasing this firmware update is a pretty cagey move on Sony’s part. Since the PS3′s release, frequent updates to the system have brought boatloads of needed features on-board — including the ability to upscale standard-definition DVDs.

Research and disc sales show that consumers are using the PS3 as a Blu-ray player. The PS3 played a role in the growing volume of Blu-ray disc sales, which in turn prompted Warner Brothers to back Blu-ray Disc exclusively at the start of the year. Warner’s move led to the format war with rival HD DVD.

Other multimedia additions for the upcoming release include the ability to copy PlayStation 3 Music and Photo playlists to a PSP system (previously, you could create Music and Photo playlists on the PS3, but couldn’t export them to a PSP). Another feature for PSP users: turn your PSP into a remote control, for playing back music files on your PS3 without turning on your TV. You can also play long DivX and .WMV format files (over 2 GB).

Disc playback has been enhanced, to allow resume play: You can pick up where you left off on a DVD or BD disc, even if you’ve ejected the disc and inserted a different movie or game in the interim.

Finally, Sony says the PS3′s Internet browser now displays some web pages faster. You can also save file files locally or to external storage media via the PS3 web browser.

Sony Unveils Wall-Mountable VAIO Notebook

Sony has added to another notebook in their VIAO lineup with the release of the VAIO LM notebook.

The VAIO LM features PC design reminiscent of Sony’s BRAVIA LCD TV’s with its 19-inch screen framed by a transparent bezel. The new laptop can be wall-mounted and features wireless keyboard, mouse and remote control.

Aimed at those who want the functionality of a PC in their living area, the VAIO LM is designed as an entertainment hub that doubles as a TV, with in-built TV tuner, built-in 1.3MP camera with face-tracking software, 2.1-channel speaker system and sub-woofers.

The VAIO LM features an Intel Core2 Duo Processor T7250 (2.00GHz), 2GB DDR2 SDRAM, 250GB HDD, Windows Vista Home Premium, and nVidia graphics card. The laptop comes with the latest VAIO Music Box software, it lets users define default channel capacity for music in advance, so that the system is able to automatically select signal descriptors for sound classification into 24 channels. Besides, VAIO LM new Movie Story software allows users to create and edit their own video easily.

The VAIO VGC-LM18 is available across Sony stores for Rs.1,09,900.

Sony Intros New Point-And-Shoot Digital Cameras

Sony has announced the DSC-H50 and DSC-W300, two new point-and-shoot digital cameras aimed at consumers. The DSC-H50 and DSC-W300 will be released in May for $400 and $350 respectively.

The DSC-H50 is a 9.1-megapixel camera with 15x optical zoom lens. It features optical image stabilization and 3-inch tilting LCD display covered in scratch-resistant UV hardcoat.

The camera also has an improved “advanced sports” shooting mode that supports shutter speeds up to 1/4000th of a second, user-selectable noise reduction with high, low and standard settings, exposure bracketing mode and “D-Range Optimizer,” which can help provide more picture detail in bright highlights and dark shadows. The camera also features a “NightShot” mode, five color modes, in-camera editing, slide show functions and HD component output.

The DSC-W300 features a 13.6-megapixel CCD imager paired to 3x optical zoom lens. On the back is a 2.7-inch LCD screen and eye-level viewfinder.

Features include optical image stabilization, noise reduction, “Smile Shutter” technology, which prioritizes faces so the camera will release the shutter when subjects are smiling, intelligent scene recognition, five color modes and an improved auto focus system that includes macro ranges.