GNSC Blog

The official Malaysian Kaspersky Antivirus’s website has been hacked yesterday by a Turkish cracker going by the handle of “m0sted”.  Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains. 

The attacker reported “patriotism” as the reason behind the attack and “SQL Injection” as the technical way the intrusion was performed. Now possibly thousands of user records and credit cards are at risk of being sold for fraudulent purposes.

This is the reason why if you do frequent online stores, you should never save your online data with them.  If they have it, it can be stolen.  Most places give you the option.  NEVER say YES to this option. 

IBM’s X-Force security division reported that more than 90% of all  browser-related exploits occurred within 24 hours of an official vulnerability disclosure, and that most botnets were created using this flaw.  

What this means is that within one day of a vulnerability being announced, cyber-criminals are deploying code that can take control of an uppatched or unprotected computer user’s PC and use the PC as part of their botnets.  Botnets are computers that are controlled by a rogue user that when grouped with thousands, even millions of other similar computers, can be used for the delivery of spam or denial of service attacks.   

This demonstrates the need for three main things:

1. Good patch managment
2. Updated anti-malware software that goes beyond your standard AV program
3. Good security awareness training for your employees

These three things give you an effective defense against the botnet masters, not a 100% defense but one they don’t typically factor in.  Like any criminal looking for a easy steal, they’ll look for the unlocked and undefended places first.

If you have any questions about how to establish any of these three layers of protection, please contact us.  Your blog questions are welcome.   

The Third Circuit Court of Appeals ruled that the Child Online Protection Act, or COPA, is unconstitutional. The Act violates the First Amendment and is too broad, the court said. Free speech groups that worked to fight COPA, including the ACLU and EPIC, applauded the decision.

“For years, the government has been trying to thwart freedom of speech on the Internet, and for years the courts have been finding the attempts unconstitutional,” said Chris Hansen, senior staff attorney with the ACLU First Amendment Working Group. “The government has no more right to censor the Internet than it does books and magazines.”

This law is the one that required all schools to provide safeguards to prevent pornographic and other adult material from being viewed by minors.  While this decision may have some impact on libraries, it probably won’t have much impact on school districts who have for years installed filters on their computers.  I think the thing to remember here is that as parents and concerned citizens, you should ask your school district or library what their position is on this an take the appropriate action you see fit.

In the last couple of years, I’ve seen my share of crazy things happen.  Anyone who has spent as many years in IT as I have will have accumulated a load of “stories” that become part of your base of knowledge, and eventually be transformed into IT security wisdom.  Here are a few of my more recent ones. 

The “Know it All Director.”  Nothing is more frustrating than meeting an IT Director who thinks he knows everything.  The danger here is that if they are in Stage 1 of the “4 phases of learning”, that company is in big trouble.  Solution:  Suck it up.  Admit you don’t know everything and get some help.  You can still take all the credit.

The “Office Power User” This is the guy who helps everyone and always brings in his special “Windows 98 utilities” from home.  Solution:  Don’t plug anything into your computer at work.  No USB drives, no iPods, no Cameras, NOTHING.  99% of problems start by cross contaminating PC’s

The “Download King” This is the guy who is the local challenger to Shareware.com.  He’s got just about everything in the world on his PC and knows how to use it.  However he never get’s his work done.  Solution:  If it’s free software, you probably shouldn’t download it.  Free works great for social engineering.  If there is a security breach, always start at this guy’s computer first.

The “I Need a Patch Guy”.  This is the IT administrator who when the network cord is too short, plugs the Windows server directly into the WAN firewall jack, “just for a minute”.  The result is a compromised Windows server and an infected network.  Solution: Don’t ever plug a patched or unpatched server into a WAN interface.  The average time to infect an unpatched Microsoft computer is 4 minutes.  With a simple firewall it’s 16 hours. 

The “I Have a Firewall Guy”.  This is the manager who runs his business operation with a Net Gear or Linksys firewall and complains to his ISP about performance.  Solution:  Don’t use a $50 firewall, not even at home.  Get something good and pay someone to set it up. 

The “Spam King or Queen.”  This is the man or woman who gets 25 times more spam than any one else and is always complaining.  A simple look at their internet activity will show they spend more time surfing than working.  Solution:  Never give out your email to anyone you don’t know.  Treat it like your SSN.  Assume the other person you are giving it to will lose it or abuse it.  One time I even told a customer the best thing to do is give them a new email address and charge them for new business cards.

The “I Have the Best IT Guy in the World, Guy.”  This is the manager who hires his cousin or nephew because he “builds computers” at home.  Question:  Would you hire a CEO just because he knows the difference between a Quarter and a Dollar Bill?  Solution:  Vet your network staff.  You’re handing them the keys to the kingdom.

Cybercrooks have released a custom-built Trojan, dubbed Limbo 2, “guaranteed” by its shady creators to continually evade the top ten anti-virus products on the market.

The Limbo 2 Trojan is touted as being able to bypass products from Symantec, McAfee, AVG and others to steal login credentials from online banking sessions. Crackers hawking tailored versions of the Trojan on underground forums are selling licences for up to $1,300, net security firm PrevX reports. The “guarantee” of non-detection represents a new level of sophistication in the underground malware business, which is borrowing more and more business models from the legitimate software industry.

This is why downloading unknown software off the Internet is so dangerous since these types of programs are commonly “joined” to other products.  Users unknowingly install them and then operate undetected.  If it looks dubioius, don’t download it.

Being a former Philadelphia resident, I found this one very interesting.

Former Philadelphia news anchor Larry Mendte on Monday was charged with hacking into the e-mail accounts of Alycia Lane, his co-anchor at CBS affiliate KYW-TV and reported rival, hundreds of times over the course of two years.

During this time, Mendte allegedly leaked privileged legal information about Lane’s personal life to the press “in an attempt to undermine his colleague’s ongoing legal cases,” said Acting U.S. Attorney Laurie Magid at a press conference on Monday. (as reported in Information Week)

This type of activity is very common today.  People are always looking for an advantage over the competition.  And it’s not only email but personal files on people’s computers at home and at work. 

While nothing is 100%, it’s always important to remember the three rules of passwords; never share them with anyone, make sure they are strong (at least 6 characters, with mixed Alphanumeric and Chars) and change them on some regular basis.  It also helps to add some sort of token-based security as well. 

What’s great about this publication is that it is just as valid in the commercial world.  In reality, your government just wrote you an excellent book on how to address information security in your company.  Security is not just about putting stuff in, it’s about measuring effectiveness as well.