GNSC Blog

A UK IT Administrator last week purchased what he thought was a simple NAS server on eBay for about $ 75.  However he discovered that it contained the information of millions of personal identifies of American Express, Royal Bank of Scotland and NatWest customers, including security questions to gain access to data in case of lost passwords and actual scans of people’s signatures.

The UK government is investigating the breach.

Again this is a reminder of why it so important to be careful who you give your personal information to.  If your company handles personal information, there should be audited policies and procedures for the handling of information.

From Cnet News – August 28, 2008

A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.

Basically, clicking emergency call and double-clicking the "home" button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to private information in a favorite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on "send a text message" in a contact gives full access to the text messages.

The report suggests using the "home" setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.

Engadget reports that a fix for the hole will be included in the next firmware update, but it’s not known when that update will come.

Representatives from Apple did not respond to e-mails seeking comment.

GNSC announced today that it is adding new PostX encryption functionality to Marshal’s MailMarshal SMTP product. 

“Our ability to integrate PostX with our existing  suite of secure email products that integrate with MailMarshal provides customers with even greater choice” said Art Costigan of GNSC. “We now have the ability to offer our MailMarshal customers 4 forms of encryption to secure their emails.  What we have found is that customers need B-2-C solutions more than B-2-B.  That makes S/MIME less of a contender.  The addition of a “push” technology that complements Marshal’s TLS and S/MIME along with GNSC’s exclusive Secure Mail Web product , customers have another choice.”

The new product tentatively named Secure Mail Delivery for MailMarshal will be available in early September.

Well I can’t help you if you like the mystery meat(??) kind…However if you’re still being served up spam in your inbox, here are a few pieces of advice. 

Anti-spam technology today is so good that even the most rudimentary forms of filtering should be about 96% effective.  The better providers are upwards of 99% effective.

If you’re still seeing too much of it, here are some suggestions…

1) If you’re a home user try changing your email account to GMAIL.  You’ll definitely get less spam. 

2) If you don’t want to change your email account and you use Outlook or Outlook Express, try installing SpamBayes or PopFile.  They’re  free and they do a good job.  The downside is you have to install and train them before they will work for you.

3) Another option is to use Thunderbird as your email client.  It has an excellent built-in spam filter.

4) If you’re a business user, your company can install a simple spam filtering system at your gateway.  In this way, all the company email is filtered before it is delivered.  There literally dozens of vendors who offer solutions that do a good job and in most cases won’t break the budget.  If your company is pinched for money but they are willing to tinker, Spam Assassin is a good choice.  It’s free, very light on resources and it works fairly well. 

5) Another option is to use a service that filters mail before it arrives at your mail server.  It’s a bit more expensive up-front but it saves you the investment of hardware, software and maintenance.  It involves some simple changes from your ISP so you’ll need to get them involved if that’s your solution.

We offer several anti-spam solutions that are scalable from 10 users up to tens of thousands of users.  Our choice of vendors is based on their reputation and longevity in the market.  If you would like some more information, please contact us at sales@gnscon.com or 814-620-2006

The rumors of a Facebook exploit have been around for a few weeks now.  However it was rumor, until now.  A proof of concept was posted on Facebook that shows how it works.  Try it.

Log into your Facebook account and then click on this this URL

Facebook Exploit

Well when I did it, it showed how this works however upon writing this post it now shows this…

Looks like it might be fixed.

We’ll see what the blogs say today.

From the BBC

A contractor working for the Home Office has lost a computer memory stick containing personal details about tens of thousands of criminals.

The Home Office was first told by private firm PA Consulting on Monday that the data might be missing.

The lost data includes details about 10,000 prolific offenders as well as information on all 84,000 prisoners in England and Wales.

The Home Office said a full investigation was being conducted.

Again, from our perspective there are only two ways memory sticks or USB drives should be used…either encrypted or not at all.  Our endpoint security can’t prevent your employees from losing USB drives but it can prevent company data being copied to them or falling into the wrong hands.

According to Australian Blogger Long Zheng, it appears Microsoft is looking to patent a security feature similar to what Apple uses in it’s Safari Browser.

Web browsers store history and cookies that can be used to track where users have been.  This information can be read by web sites a user visits to provide some information about who they are.  Microsoft is looking to provide easier ways for this information to be deleted or prevent its collection.

Look for this feature in Internet Explorer 8.0 which will probably be released sometime in 2009.

I found this post on a blog this AM.  This demonstrates the power and danger of Google.

http://strydehax.blogspot.com/2008/08/hack-olympics.html

Just remember, if you are going to store something online or share a folder in a way that makes it accessible through a web query, realize Google probably will find it and make it accessible to the world. 

Want a good scare? Visit Johnny Long’s web site here and see what he found on Google.

Most of the media coverage and corporate focus related to digital threats is geared towards high-profile, externally-oriented ones.  Vulnerabilities, exploits, worms, etc.  are the main drivers for vendor solutions.  However internal threats pose an equally and arguably greater threat because of low awareness. 

Recently, insider threats, which have always been there, have been more widely reported, most recently with Countrywide’s disclosure related to the millions of stolen and compromised mortgage applicant records. 

In response to this, PromiSEC, a leader in clientless solutions to enforce the security, compliance and integrity of endpoints and servers, has introduced a publicly available Internal Threat Encyclopedia. 

This is a great idea! 

Now there is a place to get reliable and up- to-date information on the many commonly used programs that create holes in your security or compliance environment.

What I like most about the PromiSEC product is that it is so easy to use and configure.  Since it’s clientless, there’s no installs on PC’s.  I’ve seen this product scan, identify and lock down hundreds of computers in less than 10 minutes.  The ease in which it does this is amazing. 

For more information about PromiSEC visit our web site www.gnscon.com

No I am not talking about visiting caves.  Splunking is the process of using a product called Splunk.  It’s a security search engine that allows you to view log information from various sources such as firewalls, servers, and other network devices and report on them.  Think of it as as Google for IT stuff.  Beyond the functionality, which is excellent, the really nice thing about this product is that it’s open source meaning it’s essentially free to use, if you don’t want any professional advice or support and you are not pumping tons of data into it.

This 2 minute video give you all the information you need to get started.

How does it work?

Splunk like Google needs data to work.  Google’s strength is that it can not only search through tons of data but it can correlate it, making some assumptions in terms of what should be displayed and in what order.  Splunk works much the same way.  It uses data generated from virtually any networked computer device and then allows you to search for things that are important, such as signs of potential or known problems.  By default it can gather information from Event Logs automatically, syslogs, file shares and with a growing list of plug-in’s can read data from other sources.

So how does it benefit the average company?

Splunk is a framework that can make sense of data.  In it’s simplest form, it can show you on one page the condition of a system, security information, change controls, web page stats, etc. 

If you’re looking for a way to easily report on the IT log data you already have you should look at Splunk.