Category: Palo Alto Networks

On December 26^th, the Japanese government’s National Information Security Center warned roughly 140 central government ministries, agencies, research institutions and public universities to either disable the cloud-input function of the Baidu input method editors (IMEs) or stop using Baidu IMEs. When the IME cloud-input function is enabled, data is automatically sent to the Baidu servers.

Baidu IMEs can be found on Windows platforms, often bundled with other software, or preinstalled in new PCs with the cloud-input function enabled by default.  On Android platforms, Simeji, app owned by Baidu, had been sending input information to Baidu even when the cloud-input function was disabled.

Baidu Denies Spying Activities

In response to Japan’s recommendations, Baidu pointed out that the cloud-input function helps make user’s input more accurate by constantly referring to the most current dictionary in the cloud. Personal information such as credit card numbers, passwords, addresses, phone numbers have not been sent to the servers even when cloud-input function is enabled. The IME servers are located only in Japan, and the data collected from users are securely managed.

Baidu emphasized that the cloud-input function can be found in the user agreement, but it was difficult-to-find, resulting in the inadvertent use of the Baidu IME cloud-input function. As part of their response, Baidu has made the user agreement easier read and they have also fixed a bug in the Simeji app that was sending information without cloud-input on. The bug fix was released on December 27^th for cloud-input function disabled as the default setting.  This setting applies to updated users as well.

Baidu IME App-ID is Forthcoming

We recommend that Baidu IME users check their app settings to ensure that no data is being transmitted without their knowledge. In addition, we are in the process of creating an App-ID for the Baidu IME cloud-input function for both Windows and Simeji applications. When the Baidu App-ID is available, customers will be able to control Baidu IMEs for specific users or groups, or block the use of Baidu IMEs across their entire network.

The Baidu IME App-ID will be delivered in an upcoming content update.

[Source: Palo Alto Networks Research Center]

Following his discovery of 3 critical vulnerabilities in Microsoft Internet Explorer (IE) last month, Palo Alto Networks Researcher Bo Qu has identified another new vulnerability (CVE-2013-5052) in Internet Explorer, documented in Microsoft Security Bulletin MS13-97. This new critical vulnerability impacts IE version 7, potentially exposing a large population of users without the Microsoft patches or other protections released today.

Think of this vulnerability as a silent and effective method of delivering malware with a simple click on a link, or visit to a webpage. Gone are the days where users must click “Download” or “Accept” to install software, and when exploited, vulnerabilities like this can deliver attackers malware of choice to control system and infiltrate networks. The delivery methods usually center around “Drive-by” downloads or integration with sophisticated Web Attack Toolkits.

What can you do to protect yourself or your organization? Today, Palo Alto Networks released an IPS Vulnerability Protection update that ensures our customers are safe from the potentially thousands of exploits against this vulnerability, even without downloading the Microsoft patch. Palo Alto Networks has also released protections against 6 other critical vulnerabilities covered in the December 2013 Security Bulletin from Microsoft.

These vulnerabilities were disclosed to Microsoft as part of Palo Alto Network’s commitment to responsible disclosure guidelines. Furthermore, we participate in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities as well as allowing security vendors to create protections for new vulnerabilities to ensure that customers are protected as soon as the vulnerabilities are announced publicly.

[Source: Palo Alto Networks Research Center]