MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Tuesday
Mar292011

Condition Remains GREEN

We are currently aware of a mass SQL-Injection attack being reported by Websense. At this time only catalog pages for 2 Podcast display evidence of the attack. iTunes uses RSS/XML feeds to get a list of Podcast, however it will have no effect via iTunes. The attack at this time does not affect the most recent version of iTunes accounts or compromise them in anyway. The attack acts as an intermediary to serve up malware that is Windows centric. 

Consider the following actions

  • Block domain lizamoon(dot)com (91_213_29_182).
  • If you do not do business consider blocking Lithuania and Russia.
  • Block domain scansystonline(dot)uni(dot)cc.
  • Block the country vanity ccTLD for Turkish Republic of Northern Cyprus (.cc) and Cocos (Keeling) Islands (.cc) Australia. (Consider blocking all vanity ccTLD.)
  • Consider changing you iTunes/AppleID Password.
  • Do not store your password and log out if you are not making purchases.
  • De-Authorize a device or computer and remove your iTunes credentials along with other critical credentials before service.
  • Only use Apple Authorize Service Providers. 

At this time this mass SQL-Injection does not compromise the latest version of iTunes in anyway. We will provide updates as we monitor the situation.

Wednesday
Mar092011

Condition Remains GREEN

A 0day for Adobe Acrobat is being used in the wild. Currently the exploit focuses on Windows systems, the exploit is being delivered within an Excel document. Reader X is unaffected using protected mode. 

Users should take the following action:

  • Download and install Click to Flash Extension for Safari or Firefox.
  • Remove Flash, if you have not done so already, from MacOSX Server.
  • Consider using Google Chrome with Flash Block, especially of PC Virtual Machines.