Qualys BrowserCheck Business Edition
I have a huge respect for security company Qualys – and a great love of free security tools. The two come together in BrowserCheck. Keeping your browser up-to-date with all the latest security patches is hard enough; but making sure that all the add-ons and plug-ins are similarly controlled is a real headache. BrowserCheck can help; and it’s free.
Now I consider myself to be fairly security-conscious; but of course my daily work is different to maintaining my security posture. It’s always worth checking. So I checked my browser with BrowserCheck; and I was insecure. Both Flash and Silverlight were old versions.
And as a security commentator I was well aware that Steven Adair of ShadowServer is currently urging people to make sure that their Flash is up-to-date, because:
From a simple point of view, what you need to know about the exploit is that it’s pretty nasty in that it will happen seamlessly in the background and not crash your browser. If you are visiting a compromised website that is exploiting this vulnerability, you aren’t likely to notice a thing. Of course if you are running NoScript or other similar plugins, you may notice attempts to load flash files or requests from third party websites, but that aside you won’t see anything going on…
The malicious code works by loading a flash file that has as parameter fed to it in the URI via a parameter called “info” that contains an encoded path to the trojan file to be downloaded. The value feed into the “info” parameter is a hexadecimal strings that in reality is text that has been zlib compressed and had an XOR applied to it. If the exploit is successful the text will be XOR’d and zlib decompressed to reveal a filename or full URL, this will be downloaded, and it will then be executed. Note that in the wild thus far the files to be downloaded have also all been observed to have been zlib compressed with XORs applied to them as well. As a result, these files will not flag or match any standard executable download signatures.
Flash Exploits on the Loose: Update Now
Despite this warning I find myself vulnerable (apart from the fact that I do at least run NoScript). But it took Qualys BrowserCheck less than a minute to warn me. Notice the blue Fix It bottoms. Click those and you’re guided through effortlessly updating your browser, until:
So, if you use a browser, bookmark the Qualys BrowserCheck page and use it regularly.
And if you’re a corporate IT Admin, fear not. Today Qualys is launching a business version – equally free.
Secure web browsing is a growing concern for IT security. As employees increasingly access important information and use applications through their web browsers, malicious users are targeting their attacks on security vulnerabilities in out-of-date browsers and their plug-ins. Providing a way for IT administrators to assess browser security across an organisation, and tools for users to keep their browsers and browser plug-ins up-to-date can help protect company data from malicious activity.
Avivah Litan, vice president and distinguished analyst at Gartner
Qualys BrowserCheck Business Edition not only helps you make sure your users are up-to-date, it gives you a detailed analysis of who is using what on your network:
If knowledge is strength, and knowledge is free, you have no excuse to be weak.