Mozilla Firefox / Thunderbird / SeaMonkey – Multiple Vulnerabilities

A weakness and multiple vulnerabilities have been reported in [Mozilla Firefox], Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user’s system.

The weakness and the vulnerabilities are reported in [Firefox versions prior to 19,] Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16.

These are marked as “Highly critical”, and it’s therefore suggested that you update your software as soon as possible.
You can find the updates here:
Firefox 19: Either simply go to Help, About in your browser to download the latest version if it didn’t already auto update, or visit

Firefox 19 also contains their all new built-in PDF reader, which means that both Chrome and Firefox now has built in PDF readers. Those wanting to secure themselves from last week’s Adobe Acrobat Reader vulnerability could therefore choose Firefox as the alternative as well.

More information:

Java 7 update 15 / Java 6 update 41

A new version of Java has been released (version 7 update 15 and version 6 update 41), fixing four “Highly Critical” security vulnerabilities.
You can download the latest version here:
Those running Windows can either chose to turn on automatic updates to be sure to always have the latest version:
Remember to delete any previous installed Java versions from your system when you update. See for assistance with this.
This is the final public release of java 1.6.0 and Oracle will not provide more free security fixes for version 6.

We also suggest that users follow the guide lines in this post:

More information:

Basefarm SIRT Newsletter #3

Year – Week: 2013 – 07

Weekly Summary
Bit9, the security company that is used by many Fortune 100 firms and the U.S. Government for their software and network security was compromised last Friday. The attackers compromised Bit9’s network by gaining entry to some computers inside the Bit9 network where they had unfortunately forgot to install their own software. Said attackers then signed certain malware as “safe”, which gave them the ability to deploy malware on the target, which was protected by Bit9. It was also found out that an exploit had been sitting on one of LA Times Websites for six weeks, redirecting users to a Blackhole exploit kit. This reiterates the importance of doing continuous security and vulnerability checks on your websites.


Important Software Security updates
Adobe Flash Player:
Adobe Acrobat Reader:

Security tips
Two-factor auth means additional security in the way that you have more than one authentication factor, and you are already using it today with your bank (in order to get money out of the ATM you need to input both a Card and a PIN code). You can enable two-factor authentication on a lot of services such as Google/Gmail, Lastpass, Facebook, Dropbox, Yahoo! Mail, Amazon Web Services and WordPress, and its advised to do so. Of course, using two factor auth does not mean you’re complete safe though as you could for example become the victim of a Man In The Middle attack, so continue being careful after you have activated it.

You can find information on how to enable two-factor authentication here:

Security news
Kids ‘using coding skills to hack’ friends on games, expert says

Montana TV warns of ZOMBIE ATTACK in epic prank hack

Adobe Flash Player 0-day and HackingTeam’s Remote Control System

Japanese “cat hacker” suspect caught

iOS 6.1 Hack allows iPhone lock screen bypass

Zero-day exploit for Adobe Acrobat Reader

Adobe has aknowledged a zero-day exploit for their Adobe Acrobat Reader product, and it’s currently being exploited in the wild.
It appears that all versions of Adobe Acrobat Reader are affected by this, and there is at this time no update available that fixes the issue.

Because of this, we recommend uninstalling Adobe Acrobat Reader if you have it on your computer, as your current operating system probably have built in support for reading pdf files anyway.
There is a built in pdf viewer in Mac OS X, Windows 8 and Ubuntu. Those running Windows 7 or below could install Google Chrome and use the pdf reader that’s built into browser.

UPDATE: Since this post, Firefox 19 has been released which also has a built in PDF reader.

More information:

Security update available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player and earlier versions for Linux, Adobe Flash Player and earlier versions for Android 4.x, and Adobe Flash Player and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

The Adobe Flash version information page can be found here:

More information:

Microsoft’s Patch Tuesday solves 57 (critical) security vulnerabilities

Today is the regular Patch Tuesday for Microsoft, and this time the update will solve 57 different vulnerabilities (in 12 different packages depending on which software you’re using).
Five of these packages are listed as critical, so it’s important that you run Windows Update as soon as you can on your clients/servers.
There is always the question of “should I update now, or should I wait until others have reported that the patch works okay?”. To me, testing the patches in a non-production environment and then deploy in production as well as quickly as posible goes without saying, but those who doesn’t have that ability need to assess the risk.

This risk of patching can of course mean that you run into a bug with the patch, while the risk of Not updating means that attackers will most certain be looking into which issues were fixed and how they can be exploited – and then exploit it on the systems which haven’t been already patched. In my opinion, the risk of not patching outweighs the risk of patching.

More information:

Basefarm SIRT Newsletter #2

Basefarm SIRT weekly newsletter #2
Year – Week: 2013 – 06

Basefarm SIRT is the Security Incident Response Team of the Basefarm Group. We are posting weekly newsletters with the latest security information which we find interesting to the Basefarm Blog.

As you remember from last week, The New York Times had been severely compromised for four months before it was noticed (during which time their anti-virus software only located 1 our of 55 malwares on their servers). The New York Times believes that the hackers gained entry through a spear-phishing attack, which means employees was sent emails containing malware attachments or links to sites with malware. Since then, Wall Street Journal, Washington Post, US Federal Reserve and Twitter (where it seems the attackers gained access to information of 250 000 accounts) has also come forward that they were compromised.

So what does this show?
Amongst other things, no matter what security systems are in place, no company can with a straight face say they are never going to be compromised. There will always be some ways in, so the goal is making sure there are as few of those as possible, which is why we try to do as much proactive security work as we can.

The reality is unfortunately that the easiest way in is usually through you – a human that clicks on a phishing mail or gets a malware payload through one of your outdated plugins. Cisco released their 2013 Annual Security Report, and it shows that most malware today gets into your system through your common news or business sites, and they do so by compromising ad networks said sites are using.


Important Software Security updates

Java 7 (Update 13) / Java 6 (Update 39)

Firefox (18.0.2)

Adobe Flash (11.5.502.149 (Win and Mac), 11.3.379.14 (Windows 8) and (Linux))

For those using Firefox, you can go to the following page to see if your plugins are up-to-date:

Security tips
In the rise of the latest plugin vulnerabilities causing havoc on the web (Java and Flash), we suggest that those who have the ability to do so should enable click-to-play in their browsers. Doing this means that plugins such as Java (which should be fully disabled by default in your main browser anyway) or Adobe Flash won’t automatically load in your browser unless you click on the object.

You can find information on click-to-play for your browser at these locations:

Security news
Microsoft and Symantec hijacks the “Bamital” Botnet

Canada Joins the DNSSEC Party

China is world’s most malware-ridden nation

Where do you get malware from?

High Risk Flash Vulnerability

Unfortunately, there have been multiple zero-day exploits released for a couple of versions of Adobe Flash today. This could potentially mean that the news site you browse daily could be using ads from an ad-network which has been compromised and serves malware to your system (it’s actually one of the most common way of being compromised today, see “more information”). We advise everyone to update their Adobe Flash plugin as soon as possible to put yourself at a lesser risk of being compromised.

You can download the latest version of Adobe Flash here:
You can verify which version of Adobe Flash you have installed, as well as see the latest version available, on this url:

More information:

Java (1.7.0_13) update fixes 50 security vulnerabilities

Oracle has released another update of Java (1.7.0_13). For those who need Java, it is strongly advised to update as soon as you can.
You can download the latest version here:
Those running Windows can either chose to turn on automatic updates to be sure to always have the latest version:
Remember to delete any previous installed Java versions from your system when you update. See for assistance with this.

We’d like to remind everyone about these three points though:
If you don’t need Java at all – uninstall it:

If you need Java for stand-alone applications such as Minecraft, disable Java in your browsers:

If you need Java in your browser, disable it in your Primary browser and keep it active in a secondary browser. This way, you will only have Java activated in the secondary browser when you have the need to visit your banking site or such:

If you need it for stand-alone applications such as Minecraft, disable Java in browsers
In Firefox, select “Tools” from the main menu, then “Add-ons,” then click the “Disable” button next to any Java plug-ins.
In Safari, click “Safari” in the main menu bar, then “Preferences,” then select the “Security” tab and uncheck the button next to “Enable Java.”
In Chrome, type or copy “Chrome://Plugins” into your browser’s address bar, then click the “Disable” button below any Java plug-ins.
In Internet Explorer, follow these instructions for disabling Java in all browsers via the Control Panel. There is no way to completely disable Java specifically in IE.

More info:

Basefarm SIRT Newsletter #1

Year – Week: 2013 – 05

Welcome to the first weekly security newsletter from your Basefarm SIRT team! In this newsletter we try to collect the latest weekly security news that we find worthwhile. As always, we continue sending out flash messages for critical issues that we find, but that does not mean the information is any less important for those who want to have safe and secure systems. We’d love to get feedback, so please send thoughts, suggestions, things we should add etc. to .

For those who aren’t familiar with what a SIRT team is, you can find information here:

It’s been quite a busy week with WordPress and UPnP vulnerabilities affecting millions of servers and networks. The biggest world wide news story of the week was of course the fact that the New York Times found out that their network had been compromised by Chinese hackers who got access to email accounts of senior staff, stole passwords for the corporate network for every New York Times employee and gained direct access to 53 personal computers of The New York Time employees. This went on for four months before it got noticed. The latest report from Arbor also shows that the DDoS attacks rose quite a bit during 2012 (+20% in bandwidth, +11% higher packet rates and a +41% rise in complex (multi-vector) DDoS attacks).

Important Software Security updates
iOS 6.1 for those with an iPhone.

VLC Player 2.0.6 is available for those using VLC as their media player.

Opera 12.13 is available for those using the Opera Browser.

Security tips
Secure your passwords in Firefox
Setting a master password
Firefox: “Tools -> Options -> Security / Passwords -> Use a master password”
Thunderbird: “Tools -> Options -> Privacy -> Passwords -> Set Master Password”
Changing your master password
Firefox: “Tools -> Options -> Security / Passwords -> Change Master Password”
Thunderbird: “Tools -> Options -> Privacy -> Passwords -> Change Master Password” (not shown unless a master password is set)

Security news
Chinese hackers sit inside the network of New York Times for months without being spotted.

US Cyber Command Seeks to Quintuple Cybersecurity Force.

Israel Strengthening its Cyber Stance.

FBI Investigating Leak of US Stuxnet Involvement.