Archive for the ‘Security Tips’ Category

User Awareness Alert: IE Exploit Strikes, Installs Spyware

Saturday, March 25th, 2006

“The unpatched CreateTextRange vulnerability in Internet Explorer is already being used by at least one Web site to install spyware on users’ machines, a security organization said Friday.

“‘We just received a report that a particular site uses the vulnerability to install a spybot variant,’ the SANS Institute’s Internet Storm Center (ISC) warned Friday in an alert. ‘It is a minor site with insignificant visitor numbers according to Netcraft’s ‘Site rank.’”

 Read the whole Story

 

Listen to our Podcasts –> add to my PodNova

Free security training available at http://adventuresinsecurity.com/SCourses

 

DNS Cache Poisoning: Definition and Prevention

Thursday, March 16th, 2006

The Internet would grind to a halt – would not be possible – without a Domain Name System (DNS).  As you’ll see in this paper, the proper operation of DNS is fundamental to the maintenance and distribution of the addresses for the vast number of nodes around the globe.  So it would be too much to hope for crackers (malicious hackers) to ignore DNS as they continuously look for new ways to circumvent your security.  There are several facets to DNS security. 

In this paper we focus on one of the most dangerous types of attack – DNS cache poisoning.  To provide a complete picture of this threat, we’ll explore how DNS works, two ways crackers facilitate cache poisoning, what impact this type of attack can have on your organization, and steps you can take to protect your information assets.

Download this paper

Author:  Tom Olzak 

Listen to our Podcasts –> add to my PodNova

Free security training available at http://adventuresinsecurity.com/SCourses

 

CipherTrust Toolbar to Protect Email Users

Sunday, March 12th, 2006

Last week, I wrote a blog article about the growth of SPF and Sender ID technology in the fight against unwanted email (spam, phishing, etc.).  It appears that CipherTrust is taking advantage of its own implementation of these standards to help make the Internet a safer place – at no cost.

On Monday, March 13, CipherTrust plans to make available for download a free toolbar for Outlook and Lotus Notes email users.  The toolbar will be available from the CipherTrust Research Portal, which will also launch Monday.

This is the way it works:

  1. The user clicks on an email
  2. The CipherTrust toolbar program sends the IP address of the sender to a CipherTrust hosted server running the TrustedSource reputation engine for analysis
  3. The results of the analysis are returned to the user’s desktop causing the toolbar to flash:
    1. Green with a happy-face when the email is from a reputable sender
    2. Yellow for questionable trustworthiness
    3. Red when the user should probably just delete the message

The data used for analysis come from CipherTrust’s global network of more than 4,000 sensors installed in business and government networks.  They’re collected on TrustedSource servers where the trustworthiness of the source is assessed to a very granular level.  The assessment is based on the following criteria:

  1. Is this the first time the sender has been seen?  According to CipherTrust, about 30% of IP addresses analyzed fall into this category.  Of those, about 95% are spam, viruses, etc.
  2. How much email is the sender responsible for?
  3. Does the sender send and receive email, or just send?
  4. Does the sender’s behavior seem “bursty” or is it more continuous?

This is one more step in the right direction.  Although not perfect, it goes quite a distance down the path toward a world in which the Internet is a safe place to travel the globe. 

Author:  Tom Olzak

Listen to our Podcast –> add to my PodNova

Free Security training available at http://www.adventuresinsecurity.com/SCourses.html

 

BIOS Rootkit Attacks: What’s the Real Risk?

Wednesday, February 1st, 2006

As I’ve written in previous articles, the frequency of malicious rootkit installations is increasing.  Now it seems that even the BIOS is a potential target.  John Heasman, principle security consultant for Next-Generation Security Software, announced this week that a collection of functions known as the Advanced Configuration and Power Interface (ACPI) could be used to deposit a rootkit in the BIOS in flash memory.  This is rather easy to do, said Heasman, because the ACPI has a high level programming language that’s easy to learn and easy to use.

When I read this story, which was covered on almost every security web site, I was initially concerned.  Who wouldn’t be?  The BIOS is the most fundmental layer of functionality in any PC.  But the more I thought about it, the more I wondered about how much risk a BIOS rootkit actually presents to a business network.  After some research, I concluded that the risk is very low for businesses that take normal precautions.

In this article, we’ll look at rootkit technology, how engineers or programmers flash the BIOS, the typical safeguards protecting BIOS access, and what you can do to protect your business from BIOS rootkit issues.

(more…)

Peer-to-Peer IP Telephony Security Challenges

Monday, January 30th, 2006

Peer-to-peer VoIP phone services provide an inexpensive alternative to traditional switched services.  So many businesses are looking at ways to implement this Internet-based functionality.  Before you make a decision to toss out the old and bring in the new, it’s important to understand the risks associated with Internet phone service. 

Since Skype is the unquestioned leader in this space, I’ll use it as an example provider to examine how these services work, the potential risks they pose for your business, and possible ways to reduce that risk. 

(more…)

The Fundamentals of Keystroke Logging

Saturday, January 28th, 2006

This month, hackers in China attempted to place keystroke loggers onto UK Parliament systems via email messages.  Phishing attacks in which keystroke loggers are installed on PCs are becoming more frequent.  Keystroke loggers are also popular among hackers whose attack vector of choice is instant messaging.  Because of the growth in the rate of keystroke logger attacks, I thought it might be a good idea to take a look at what a keystroke logger is, why this technology is a serious threat to your organization, and what you can do to protect your information assets.

(more…)

Deleted Data Files Aren’t…

Friday, January 27th, 2006

Deleted files on retired hard drives might be a law suit waiting to happen.  Deleting a file from a disk isn’t enough to wipe the actual information.  In Windows, deleting a file simply tells the operating system it can reallocate the space the file currently occupies.  The file no longer shows up in a folder listing, but the data is still there.  The only way to be sure the information is actually gone is to overwrite all writable areas of the disk.

Organizations that dispose of old PCs or servers without taking special precautions to ensure sensitive information is actually removed from storage are failing to safeguard data that might be covered by regulations like HIPAA, or might reveal enough information about employees and customers to enable identity theft.  There are many utilities available to help with this challenge.  SDelete from Sysinternals, available at the link in Resources below, is a free program you can use to remove the data from one or all files on a disk.

But improper disposition of PCs and servers isn’t the only problem facing many companies.  PDAs and smartphones also present a risk.  Although these devices might store sensitive company information, they are often reassigned or turned in to the wireless vendor without first wiping their storage.

Every organization must have policies and processes in place to ensure the proper handling and disposal of data in its care.  A company that collects consumer and employee information has an obligation to protect it until the data is properly destroyed. 

Author:  Tom Olzak 

Sources:

Don’t leave information on old hard drives

The hidden threat: Residual data security risks of PDAs and smartphones

Resource:

Sysinternals SDelete Data Erase Program – Free Tool

Your email:  
subscribe unsubscribe