Wednesday, May 03, 2006
Thursday, March 23, 2006
Internet Security Bad Day
- Internet Explorer exploit on the loose (what's new?) that allows for arbitrary code execution (not good). Microsoft's original response was to disable active scripting and only surf to safe sites (to their defense, they have put out an advisory), which is not the easiest advice.
- Sendmail has put out a patch and is strongly urging users to patch their mail systems.
- Mambo/Joomla software has a worm out created to take advantages in the 1.0.7 version (the 1.0.8 patch resolves this and has been out for 3 weeks).
Windows users - keep a real eye on this. Today's proof of concept is fairly benign, but can be morphed to a more vicious exploit.
Saturday, March 11, 2006
Citibank uncovers debit card fraud
Looks like Citibank has had many fraudulent losses due to lax security at some PIN based retailer or processing company. The fraudulent debit cards are being used in U.K., Canada, and Russia.
This really is not an unusual location for the transactions to occur. There is a great deal of fraud, stolen credit cards, and debit cards where either the cards get located in Eastern Europe or Central Asia.
Thursday, February 23, 2006
Botnet Operator "Interview"
Brian Krebs from the Washington Post has posted a great interview with a hacker that operates a botnet and takes a look at the darker sides of the internet.
Steal data, get prison time
The price for stealing personal data from the Axciom Corp - 8 yrs.
The scary part of the article is that this may not have been the first time it has happened to Axciom.
419 scammers caught
Finally, 12 Nigerian 419 scammers have been arrested in Amsterdam. Supposedly, they have scammed people for over $2.4 million dollars.
What should be done with those dregs of society?
What is the liability of Financial institutions
How much protection must be taken to protect personal data by different types of financial institutions? This is an article about unencrypted data on a stolen laptop from a student loan firm.
Saturday, February 04, 2006
Postage Is Due for Companies Sending E-Mail - New York Times
AOL and Yahoo apparently are looking to send out their "heavys". These two companies are proposing to have a preferred message system where the sender spends .25 to 1 cent per message to bypass the spam filters of their users. Between this and phone companies like AT&T (formerly SBC) and BellSouth which are looking for multitiered bandwidth solutions both from the end users, but also from the web providers.
All of these models go against the initial concept of the internet and the freedom of information. The internet was created to share information between universities, government entities, and other individuals. Let's hope that people react and let these providers know that this tiering and preferential treatment for those that will pay the "protection" system that this will not be acceptable on the Internet.
Thursday, January 19, 2006
Illusions of Security
In the January 18th diary entry, Swa Frantzen gives a great diatribe about the illusion (or disillusions) that some people in the industry have about security on the Internet.
You never can be 100% assured of security. The best you can do is layer your security posture so that if one level is breached, you have several layers of protection to protect your personal data.
Friday, January 13, 2006
WMF "flaw" intentional?
Steve Gibson, in his Security Now podcast with Leo Laporte, is explaining the WMF flaw and the possibility that this was an intentional backdoor put into the system.
Update (1/20/2006) - In his episode 23, Steve Gibson backs off some of the backdoor talk and further expands on the issues (or lack thereof) in the Windows 9X line of OS.
Monday, January 09, 2006
Is WMF Vulnerabilities dead yet?
Announced over Bugtraq this weekend (published today), two more functions may be vulnerable to Metafile issues.
Internet Free Speech at Risk
Could your first amendment rights be at risk on the internet? See this article about changes in federal law about "annoying" someone on the internet, you cannot do so anonymously.
I wonder if what might be the first test case and the legality could be.
Thursday, January 05, 2006
Microsoft Out of Cycle Patch
Microsoft is releasing (GASP Out of Cycle) MS06-001, it's fix for the WMF file issues announced last week. It is supposed to be available after 5pm ET.
DOWNLOAD IT ASAP, even if you load Ilfak's patch.
Thank you Microsoft for releasing it when testing was done, not in the regular cycle.
Sunday, January 01, 2006
MetaFile Problems Continue..
There is a temporary patch that is being recommended by the ISC written by Ilfak Guilfanov that will mitigate the problem. The patch can be downloaded at http://handlers.sans.org/tliston/wmffix_hexblog14.exe.
You are still HIGHLY recommended to unregister the dll I listed on December 28th in addition to this patch.
SECURE YOUR COMPUTER. I will be testing it at home and will let post if there are any problems noticed.
Update - 1/3/06 - I have had no issue with the patch so far. Microsoft is scheduled to release their patch on 1/10/06, depending on the results of their testing. The patch put out by Ilfak can be easily uninstalled and should be when Microsoft releases their patch.
Wednesday, December 28, 2005
WMF File Exploits
What can it do to your computer? See this link to open a Windows Movie about what happens to your computer. From what I understand, the only real way to irradicate this intrusion is to rebuild your machine.
The SANS Institute has moved their infocon level to yellow, indicating an increased vulnerability level on the internet. See the daily diary for more information.
One workaround being passed around the internet is as follows:
---
According to iDefense, Windows users can disable the rendering of WMF files using the following hack:
1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32
Monday, December 26, 2005
RED HERRING | The Business of Technology
Red Herring Magazine has their top security trends for 2006. Highlights include phishing at lower levels, worms targeting businesses, and wireless security focus.
Friday, December 23, 2005
MSNBC - Let's see some ID, please
This is an article about the possible release to consumer PC that is called the Trusted Platform Module (that will be integrated with the chipset). I have mixed feelings about this, as does the article.
However, security expert Bruce Schneier has much concern in a recent blog entry.
Monday, December 12, 2005
spyaxe removal
Spyaxe removal - Tech Support Guy
Geeks to Go SpyAxe Removal
CastleCops Spyaxe Removal
Monday, November 14, 2005
Pay up or lose out
Consumers are now beginning to be willing to pay extra for more security on important web sites, like home banking.
Wednesday, October 12, 2005
Microsoft Patch Cycle
Wednesday, October 05, 2005
National Cyber Security Awareness Month.
Stay Safe Online. National Cyber Security Alliance
California phish fighting
California Enacts Nation’s First Anti-Phishing Law
California Governor,
The bill is the first of its kind in the
Phishing is the practice of getting people to divulge personal information via email by representing oneself as a business without the approval or authority of the business. Phishing usually involves the use of legitimate banks, retailers, and financial institutions to convince recipients of bogus emails to respond.
Under the new law, victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater
Monday, September 26, 2005
Consumers Insist Financial Institutions Remain Vigilant In Protecting Their Privacy | eds.com
A recent study put out by EDS shows likely implications if financial institutions are cavalier with their security and safety of private information.
GonzoBanker - Article
From the Cornerstone Advisor, how one bank was able to fight and bring down a phishing site within 1 day.
Friday, September 02, 2005
PhishFighting.com - Fight back and take down the Phishers.
This is an interesting site that is trying to feed as much false information to phishers. I'm going to give it a try for the next phishing email I get.
CastleCops - New Research Reveals Men More Likely to Fall Prey to Online Scams
Thursday, September 01, 2005
TIME.com Print Page: TIME Magazine -- The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)
Wednesday, August 17, 2005
CNN.com - Worm strikes down Windows 2000 systems - Aug 16, 2005
The sad part about this is that the patch to help prevent this had been out a week. And a simple router change would prevent much of the traffic.
One minor part - SANS is not based in Jacksonville, FL, just Johannes. It would be nice to get most of the information right, but this is CNN.
Friday, August 12, 2005
User Education Sites
US-CERT - The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. This partnership has allowed a furthering of computer security both within the federal government and with home users as they publish threats, best practices, and other education materials. Two pages within the site have great links for educating yourself about the internet in general and the threats that have materialized. These sites are http://www.us-cert.gov/cas/tips/index.html and http://www.us-cert.gov/nav/nt01/.
SANS Institute - This computer security think tank has a philosophy of educating both the technical and non-technical with securing the internet. The Ouch! newsletter is a security awareness document that shows you how to avoid phishing, viruses, and other malware (bad programs).
Knowledge is power. The more you educate yourself online, the better (and safer) your internet experience will be.
Wednesday, August 10, 2005
Security still underfunded
Why is computer security still a challenge in the world. One of the leading reasons still happens to be user education (which is always a driving factor). In addition, it is still a struggle for IT departments to convince the CXO's of companies of the real ROI of computer security.
Tuesday, August 09, 2005
Antispyware firm warns of massive ID theft ring - Computerworld
Sunbelt software happens to stumble on a site that had accounts for at least 50 financial institutions. Spyware had been installed on various PC's around the world and reported back to this web site.
Thursday, August 04, 2005
Worm hole found in Windows 2000 | CNET News.com
Eeye has announced a second Microsoft Vulnerability this week (not much information), this one being "wormable" and at the core of the TCP/IP implementation (from what I understand).
Worth keeping an eye on it.
Friday, July 29, 2005
Cisco Silencing former ISS employee about possible problems with internet routers
Lynn's Cat is Out of The Bag
While Black Hat may have torn out paper pages, the PDF of Michael Lynn's presentation, "The Holy Grail: Cisco IOS Shellcode and Exploitation Techniques," lives on. Given the amount of attention this thing has gotten, mirrors and links to it are now all over the place.Shame on Cisco and ISS for their conduct to a security researcher that was discussing a possible issue that he had discovered in working for ISS that can affect much of the core of the internet. There was to be nothing in there to tell the black hats that might be attending the conference before DEFCON 2005 how to exploit it (basically, they would have to do the same research that Lynn did). Many top proponents of full disclosure (like Bruce Schneier) have railed on these companies for the way they handled the situation.
What is Cisco trying to hide...
Thursday, July 21, 2005
What may happen if you don't keep up your server patches
Scary Stuff.
Friday, July 15, 2005
A Chronology of Data Breaches Since the ChoicePoint Incident
This is a very interesting list of all the reported security breaches since the announcement of Choice Point's problems this Feburary.
Tuesday, June 21, 2005
Security headache for CVS customers?
According to this blog, CVS is currently pulling access to their customer loyalty card (ExtraCare) via the internet because of a security hole. CVS has 50 million of these cards out all over.
Not anything like credit cards, but still an issue none the less.
Lost Credit Data Improperly Kept, Company Admits - New York Times
Apparently, there is more information about the CardSystems had not followed Visa and MasterCard Regulation in storing the data that was exposed. This included names, account numbers, expiration dates, and security codes. It also appears that a trojan program entered CardSystem's network.
Saturday, June 18, 2005
MasterCard: 68,000 Customers at High Risk - Yahoo! News
An update to the story...of the 40 million cards exposed by CardSystems Solutions, about 13.9 million accounts were MasterCard. The rest are Visa, Discover, and Amex (even though Amex says this is to a lesser extent). MasterCard says that of these 13.9 cards, about 68,000 are a higher risk. A quick calculation (assuming the rate of the 1st third of the cards) yields about 200k cards being higher risk. I wonder what they consider a higher level of risk.
The card compromise affects both credit and debit cards, so I can forsee a great problem with people's checking accounts.
From what I also understand, the compromise occured when a trojan was installed on the internal network. For sensitive data, one would think they would be more diligent in preventing this situation from occurring.
Friday, June 17, 2005
MasterCard Cites Security Breach
Apparently, one of MasterCard's processors had a security breach, exposing 40 million credit and debit cards. Many financial institutions will have a lot of effort replacing these cards. The need for data security is quite evident these days as various companys are playing a very bad game of can you top this.
Another write up can be found at SecurityFocus.com
Saturday, June 11, 2005
Threatchaos.com Gartner presentation
Threatchaos.com: "Latest ThreatChaos Presentation
Monday, May 23, 2005
Data at Bank of America, Wachovia, others compromised - May. 23, 2005
Apparently, 4 Banks sold information to a collection fraudster and at least 670,000 customer infomation was stolen. Not good for the banks.
Friday, May 06, 2005
NewsFactor Network - Tech Trends - Blogs: The Next Hot CRM Strategy
This article discusses how people might be using blogs to help maintain better customer service. Not necessarily a security issue, but an interesting trend.
Thursday, May 05, 2005
TSA
USATODAY.com - U.S. asks for more data on travelers
AP Report on TSA Request
Monday, April 11, 2005
InfoWorld: Holy Father on rootkit writing for fun, profit: March 16, 2005: By : APPLICATION_DEVELOPMENT : NETWORKING : SECURITY
InfoWorld: Holy Father on rootkit writing for fun, profit: March 16, 2005: By : APPLICATION_DEVELOPMENT : NETWORKING : SECURITY
Friday, February 18, 2005
Interesting Security Issues to watch
The other article comes from the "You have to be kidding me file." A man in South Florida is suing Bank of America for the $90,000 in losses he incurred because of a trojan program on his computer. The trojan had a keystroke component, which allowed the program creator to gain passwords and to wire monies to Latvia. The core of the case is that B of A did not inform customers about the possibilities that this trojan may affect them. At what point is a company doing business with you responsible for disclosing the possibility that a security threat (worm, virus, or trojan) can put your data at risk, especially if the threat lives on your computer. Businesses have plenty of threats to combat without making sure that you are running anti-spyware, anti-virus, and a firewall on your personal computer. A loss by B of A in this matter might limit businesses interest in using the internet as a mode of commerce, as no one will want to accept the risk of some moron who can't keep malware off of his computer suing them for not telling him/her he should be running personal computer security software.
Tuesday, February 15, 2005
Gates talking about the Security Future at RSA Conference
Some of the interesting notes:
- Microsoft will keep the personal edition of its Microsoft Antispyware free.
- Internet Explorer 7 will be in beta later this summer and will be available for XP SP2 and Longhorn (when it comes out) users with a valid Microsoft License.
- Windows Update will become much more (Microsoft Update), which will incorporate a wider group of Microsoft products
- More training programs.
Thursday, February 10, 2005
Friday, February 04, 2005
Busy Microsoft Patching Month
Friday, January 14, 2005
A reason to be aggressive against computer security threats
Thursday, January 06, 2005
Microsoft Announces Beta for Anti-Spyware program
Microsoft Windows AntiSpyware (Beta) Home
4. Click ok when the change dialog appears.
iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.
---
There still may be metafiles not associated with this dll, so YMMV.
Update - 2200 ET - Microsoft has confirmed much of this information with the following advisory: http://www.microsoft.com/technet/security/advisory/912840.mspx