Tuesday, February 5, 2013

Kaspersky update hoses Internet access for Windows XP users

A new antivirus update from Kaspersky disables Internet connectivity, forcing the company to push out a fix and a workaround.

Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update.

Released yesterday, the update causes Windows XP computers to lose their connection to the Internet.

IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline.

Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best.

Kaspersky did eventually acknowledge the problem, announcing a fix to the buggy update and offering a resolution. Kaspersky's response was posted by one of the forum users:

We apologize for the inconvenience. It does appear that there was a hiccup with an update pushed out causing Windows XP machines to lose Internet connectivity. An update was just released that should address the issue, what I will need you to do is:
To get XP users Internet connectivity (temporarily), please disable the Web AV component of your protection policy for your managed computers. After doing so;
In Security Center (or Admin Kit):
1) Go to the Repositories section >> (Right click) Updates >> All Tasks >> Clear updates repository.
2) Go to the Repositories section >> (Right click) Updates >> Download Updates
After taking this step, please run your group update task for Managed Computers. After the update has been pushed to your workstations, please re-enable your Web AV component in your protection policy. This should resolve the issue.

Some of the commenters were in the process of following Kaspersky's steps but noted delays in updating the repository. Several also had harsh words for Kaspersky for not addressing the problem more effectively.

"I just wanted to thank the good folks at Kaspersky for insuring that my hospital has either crippled or no AntiVirus," one commenter said. "The workaround of disabling A/V is outright stupid."

Another criticized Kaspersky's failure to respond to the many complaints on the forum.
"I can't believe that Kaspersky is not responding to any of these forums," the commenter said. "That is horrible. One more reason why we will be switching to a different antivirus vendor after the contract is done."

In a statement sent to CNET, Kaspersky confirmed the problem, noted the affected products, and described the lengthy steps to fix the issue.

Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST.

The problem was limited to x86 systems with the following Kaspersky Lab products installed:
- Kaspersky Anti-Virus for Windows Workstations 6.0.4 MP4
- Kaspersky Endpoint Security 8 for Windows
- Kaspersky Endpoint Security 10 for Windows
- Kaspersky Internet Security 2012 and 2013
- Kaspersky Pure 2.0

When these errors were reported, Kaspersky Lab identified an immediate workaround and recommended that customers experiencing problems disable their Web Anti-Virus or roll back the update to a previous version of the database. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers.

Customers need to perform a database update to resolve the issue. If an affected machine updates from the Administration Kit/Security Center console, then these updates will be downloaded automatically. If a machine updates directly from our servers, then the initial workaround step of disabling the Web Anti-Virus component should be applied first. Internet connectivity will then be restored and the customer will be able to download the most recent database update. The Web Anti-Virus component should be re-enabled after downloading the database update.

Kaspersky Lab would like to apologize for any inconvenience caused by this database update error. Actions have been taken to prevent such incidents from occurring in the future.

Source: http://cnet.co/XMoZnw

Federal Reserve confirms its Web site was hacked | Security & Privacy

Days after Anonymous claimed to have stolen and published private information from more than 4,000 bank executives, the Fed says its system was attacked.

The wave of high-level cyberattacks continues as the Federal Reserve confirmed that one of its internal Web sites was hacked into today, according to Reuters.

"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman told Reuters. "Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system."

Apparently the hackers accessed data associated with specific individuals, according to Reuters.
This attack comes on the heels of the hacking group Anonymous claiming on Sunday to have published login and private information from more than 4,000 U.S. bank executive accounts. The group may have gotten this data from the Federal Reserve's computers.

It's unclear if the two breaches are connected. Government officials did not say which of its Web sites were hacked. However, according to Reuters, it was most likely an internal contact database for banks to use during natural disasters.

The cyberattack on the Federal Reserve comes after a slew of continuous hacks in the U.S. The Department of Energy confirmed yesterday that its internal system was breached and employee data was stolen; and last week, hackers hit several U.S. media outlets.

The head of Homeland Security Janet Napolitano announced in January that she believes a wave of cyberattacks on U.S. infrastructure is a serious possibility. Dubbing such an event a "cyber 9/11," Napolitano warned that cyberterrorists could take down the nation's power grid, water infrastructure, transportation systems, and financial networks.

In its December report, security company McAfee said that attacks on U.S. financial institutions are only going to increase in the year to come. The firm said that this isn't only a possibility; it's a "credible threat." Anonymous has also promised to increase its activity in 2013. In a statement issued at the beginning of the year, the group said that it has no plans to fade away in the year to come.

Source: http://cnet.co/WtimJ4