GNSC Blog

Info Security Magazine recently sponsored a great online presentation addressing issues of Web 2.0 and the issues surrounding Social Network sites such as MySpace, FaceBook and LinkedIn.

If you are interested in learning about the issues surrounding Web 2.0, Generation V and Social Networking, this is a great place to start.

I work with Chris Pruetz who does the technical presentation.

You can register for it here.  Its archived so you can attend at a time that best fits your schedule.

Very informative.  Highly recommended.

If you are interested in learning more about the solution they recommend from Marshal Inc, please visit our website at www.gnscon.com

I’ve seen some interesting software error messages, some with bad English, some incorrect translations and ones that make absolutely no sense. 

Have you ever sent an error report to Microsoft from IE?  Most of the time I don’t because they tend to blame everyone but themselves for the problem.

I was tempted today because my IE has been crashing all day.  To my surprise I saw the following….

This problem was caused by Windows, which was created by Microsoft Corporation. Currently, there is no solution for the problem that you reported.

Wow.  An admission of guilt. 

If you haven’t already heard, the big IT security news over the last few weeks has been the DNS Vulnerability that was outed by Dan Kaminsky, a security researcher at IOActive in Seattle.  It’s appeared in most major publications and it was certainly one of the top talks at Black Hat last week in Las Vegas.

For more information on this, see the NY Times article here

What’s it all about and why is this so important?

The issue is that it affects the heart of the Internet.  DNS or Domain Name Service is what makes everything work.  It the thing that makes browsers work and email flow.  In very simple terms, DNS converts named domains to IP addresses.  It is the human factor of Internet routing.

The issue that Dan Kaminsky exposed, which has actually been known for years, is that with certain DNS servers (BIND), carefully crafted code could be used to “poison” the server and divert legitimate DNS requests to unauthorized servers.  What this means is that if you wanted to go to your online banking site and typed in “www.whateveryoursitenameis.com”, a compromised DNS server might take you to another site or even an official looking replica of your banking site that could be used for fraudulent purposes.  Essentially requests to go to a specific site are “hijacked”. 

The issue potentially affects everyone but it’s up to ISP’s to fix it.  Why haven’t they fixed it?  Well there are really two main reasons.  First, there is no real fix.  There’s a patch but it supposedly slows everything down.   In the consumer’s mind, IPS’s are measured by speed not security.  To most business, slowness is worse than having a potential security issue.  The second reason is that some ISP’s don’t see the risk as being that high.  Their argument is that if it’s known and there’s been no exploits, why worry.  To most ISP’s credit, they have taken either direct or indirect steps to protect their customers.  However some have not. 

Dan’s talk at Black Hat has pretty much eliminated both the above arguments.  In fact it’s been reported that several exploits have now been published and there have been a few actual attacks.  This week will prove to be a defining week.

What do you do?  Well Dan Kaminsky has a great resource on his web site that will allow you to determine if your ISP’s DNS is vulnerable.  You can find it here.  If it is, you can contact your provider and ask what they are doing to protect you. 

In Part 1, we went back to basics and started with the minimum security that every business and home computer should have.  

In this weeks article we’ll look at an equally important minimum for every small to medium sized business; knowledge, understanding and education. 

One of the most important things when approaching computer security is to remember there is no panacea.  Installing some piece of software or hardware does not make security problems go away.   The hardware or software may mitigate risk or help you manage risk but the risk never actually goes away.  Its important to remember this since our tendency is to rely on technology to solve problems. 

Take for example the firewall.  With it, intruders are knocking on our electronic door.  The firewall simply prevents intruders from walking right in.  Even so, the intruder keeps knocking and looking for other ways in.  The danger is the firewall can make us complacent.  What we don’t see or hear doesn’t bother us.  Yet, the risk never really goes away. 

A homeowner, even with locked doors and a security system,  would still wisely be on guard for the intruder if they knew the intruder was parked outside their door.   What if the intruder call’s his lock picking friend to attempt to open the locks?   Maybe he knows someone who can disable the alarm system?  Maybe he can even convince the homeowner he’s not a threat and let him in.  A wise homeowner is  always remains alert for trouble.  It should be the same for IT security. 

The first step in this process is education (assuming your are already running a good anti-virus program, supplemented with a good malware program and a properly configured firewall).  You need to know the issues, the threats and the risks. 

Here are some great places to get started.  Wade into the reputable security media on the Internet first before plunking down $$$ for classes or educational materials.

1. Security Focus – a good portal to general computer security news
2. ITSecurity – a more issue driven computer security site.
3. SANS – A leader in security information publishing, training and certifications.
4. Microsoft Security Central – Microsoft’s site for keeping you updated.

There are many more, but these will get you started.  If you want more or issue oriented ones, just contact us.  A perfect way to keep on top of issues is to subscribe to these site’s RSS feeds. 

In Part 3, we’ll define and discuss some of the current issues and terms in more detail.

I received a few emails on Part 1 and was asked why I didn’t include Patch Management as part of my article in Part 1.  Well the answer is, I could have but I chose not to.  Patch management is definitely important and it will be defined in Part 3 and discussed in Part 4.

The controversial Race to Zero contest being held during Defcon in Las Vegas rendered several common computer viruses undetectable by most popular anti-virus products.  The issue was not the fact that it was accomplished, but the speed in which it was done.  Teams of security researchers took common computer viruses and obfuscated them in just a few hours.

What this means is that it is possible TODAY, to render many destructive worms and viri undetectable.

This exercise demonstrates how the now 20+ year old technology of signature-based detection is no longer a reliable way to detect and prevent viral and worm infections on a network.

Simon Howard, the New Zealand-based security researcher who sponsored the contest said, "Behavioral recognition is the way forward, but it’s only in some of the desktop anti-virus software and not in any of the server software."

One of the true behavior based products out there is Norman Virus Control.  We have found that our Norman customers have fared better than users of other AV products, the main reason being the Norman Sandbox.

The Norman Sandbox is a real behavioral-based AV system for servers and desktops.  For more information, see our Norman page here.

We have customers who have gone years without infections with Norman.  Contact us about trying Norman Virus Control.  sales AT gnscon.com or +1 814-620-2006

Anyone with a Microsoft Server knows about Patch Tuesday.  It’s the day Microsoft announces vulnerabilities and security patches for it’s products.  Sadly, Exploit Wednesday is becoming more frequent.  More and more day-zero exploits being noted has led Microsoft to begin sharing security information ahead of time with key software partners. 

Yesterday, Microsoft announced a plan to share information in advance with key partners to ensure customer data was better protected.  This is a major change for the software giant.  This change represents a major shift in the normally secretive Microsoft.

See the press release here

From my vantage point this is a good thing.  The key in all of this now is how the software partners respond.  Will they be able to reduce or eliminate the threat of Exploit Wednesday.  If the program works, we should see the effects quickly, probably within a few months. 

Sophos demonstrated the other day how someone could find out the date of birth of a FaceBook subscriber even if it was made private.

Again the moral of the story is to never give anyone any information you wouldn’t want to be made public.

Last year, Sophos published results of a identity theft probe into Facebook which uncovered that 41% of users, would divulge personal information - such as email address, date of birth and phone number - to a complete stranger.

This week, the famous hacker group Wall of Sheep performed their regular routine of demonstrating how insecure wireless Internet connections actually are at Black Hat.

The group ‘sidejacks’ users who they find using insecure wireless connections and then posts their names and other information (minus the actual passwords of course) on a display board.  Sidejacking means to essentially connect to a wireless connection and then using a set of tools show the victims screen right on the “jacker’s” screen. This year the list contained security professionals and people from major government agencies.  It’s done as a means to demonstrate the severity of Wi-Fi’s inherent insecurity.

How do you keep your Wi-Fi safe?  Well that’s not an easy answer.  You can make Wi-Fi relatively safe if you control the environment but in public places such as hotels and hotspots, it takes some doing.

First off you need to realize that in a controlled environment like your home or business, WEP, the standard encryption for Wi-Fi will only protect against people who don’t know how to crack the algorithm.  It only takes a few minutes for someone to steal the keys and break it, rendering the encryption useless.  The upgraded version WPA, is a little better but only takes more time.   Instructions on how to do this is widely available on the Internet.

The best way to protect your wireless network is to use WPA on your access points AND use some sort of secure transport layer encryption on a your home or company LAN and WLAN.  In less technical terms, it’s using SSL on your LAN.  It’s not that that hard nor expensive to implement this. 

Open and Public WLAN’s are another story.  Basically, unless your company has an encrypted Virtual Private Network (VPN), you shouldn’t use a public WLAN for anything other than casual browsing, IF THAT. Absolutely nothing where a and ID or PW is passed to a web site or host unencrypted.  A VPN is a secure channel between the remote user and the corporate network. 

For those of us who travel, this can be a real pain.  However, since the cost installing a VPN these days is very low, every company should install one.  Most good firewalls today offer a VPN function.  You just need to take advantage of it.

If you would like to find out more about WLAN security or implementing a VPN, please contact us.  

If you use Microsoft Office Live and McAfee AV, you probably lost your Live Update program this week. The reason, McAfee AV improperly saw the Live Update program as a Trojan and deleted it.  It appears to have been an honest mistake.  Yesterday, they apologized for it.  If you didn’t notice it, you may want to check your Office Live Update to see if it works. 

False positives are rare but they do happen.  I had one this week also.  My AV software saw a file within PC Tools Spyware Doctor as a false positive.  It saw it as the Hupigon Trojan.  These things occasionally happen and are usually corrected quickly by the vendors.