A not-so-new vulnerability hit the headlines again. UPnP (Universal Plug N Play) has been misused and reported as a major security problem since about 2001. But now, the Department of Homeland is suggesting people disable it.

About 2001 is the time when I started seriously studying security and I remember wondering how someone could not see it as a threat. Being able to remotely discover the capabilities of a firewall/router/switch was bad enough, but you could actually use UPnP to turn on or alter certain capabilities.

RIP to lite weight utilities to monitor your system.

FileMon and RegMon have now been retired from SysInternals.

Two issues I keep reading about a lot lately are that Snow Leopard's and IE8's malware detection. I wish people were making more of a deal about- WPA TKIP being broken.

SA-2008-072
The storm project allows users with access to the storm project to enter data that has not been properly sanitized.

Versions Affected

• Drupal 5; anything prior to 5.x-1.14
• Drupal 6; anything prior to 6.x-1.18

SA-2008-073
There is a CSRF int the Drupal core which may allow someone to rerun old updates which will impact the database.
Also note that the robots.txt and .htaccess files have changed and need to be replaced with the new kernel.

The GPCODE.AK (also known as GPGCODE variation AK) holds the infected computers for ransom. It encrypts all the data files on a computer and tells the owner that they can get their files back with $100-$200. It is an improvement on a virus that the AV industry has been fighting for years. Now instead of a flawed 660 bit key, they are using a much more secure 1,024 bit RSA key and no flaws have been found yet.

SA-2008-070 - COMMENT MAIL
There is a CSRF (cross-site-request-forgery) in Comment Mail for Drupal 5.x prior to 5.x-1.1 that allows end-users to administer permissions and ban IP addresses, deny a comment, or approve one.

In another blog entry, "VMware leaks and directory transversal", I got a comment that made me do some research. I came to the conclusion that the site was a rogue/fake spyware site and shouldn't be visited.

BTW; I'm not going to link there since it seems kind of hypocritical of me. After all, I am saying not to click links in comments so it is a good exercise to look the article up and go there yourself.

The program he mentions, spybot search and destroy (spybotSD), is a good one and has been on the scene for a long time.

October 2008 has not been a kind month for Drupal. In addition to a 3rd party module needing to be updated, there have been modules banned because of multiple vulnerabilities, many problems with people updating modules wrong in Drupal 6, and several problems with the core that requires the Drupal core to be updated itself.