12 total posts
Cyber Security Awareness Month
From SAN's Handler's Diary:
October is Cyber Security Awareness Month, and as we have done the past two years we plan to use our handler diaries throughout the month to conduct a deep dive into various security issues. In 2007 we covered a large range of subjects based on what our readers submitted as ideas. In 2008 we took a closer look at the six steps of incident handling. This year we are going to examine 31 different ports/services/protocols/applications and discuss some of the major security issues plus pass along reader comments on tips and tricks for securing it.
We're still working on our list but here are some examples of what we will be discussing on different days in October:
- telnet (port 23)
- SMB over tcp (port 445)
- ssh (port 22)
- Microsoft Terminal Services (port 3389)
- dns (port 53)
Read more in http://isc.sans.org/diary.html?storyid=7198
Australian Education Department Seeks To Build...
'Unhackable' Netbook Network
ITNews, an Australian business publication, is reporting that the Department of Education of the state of New South Wales is using a variety of management software and techniques 'to roll out 240,000 netbook computers into what CIO Stephen Wilson calls "the most hostile environment you can roll computers into" - the local high school.' Students are offered a netbook in 9th grade through 12th and can keep them if they graduate.
The reason for the Department's optimism is Windows 7 and a highly-managed network using Microsoft's System Centre (that's Anglo for "Center") Configuration Manager, Remedy suite for asset management, Active Directory for authentication, and Aruba's Airwave for wireless network management. Tracking software is embedded at the BIOS level and each unit is password-protected. Embedded RFID tags will make the units individually identifiable even if they are completely non-functional.
More on the above in http://blogs.pcmag.com/securitywatch/2009/09/australian_education_departmen.php
StarCraft 2 beta scammers on the loose
Some phishing sites are reportedly taking advantage of having hordes upon hordes of wanna-be participants by offering fake StarCraft 2 beta keys or downloadable betas.
If you come across any such offer, these are all FAKE. What this does indeed is that if you activate said keys, your computer will be infected with keyloggers, trojans and the likes. These phishing sites are so determined, they've turned to using YouTube, MySpace, blogging networks, and websites that are dedicated specifically for StarCraft 2.
Reddit Attacked by XSS Exploit
28 September 2009, 13:23
Continued here: http://www.h-online.com/security/Reddit-Attacked-by-XSS-Exploit--/news/114337
Microsoft?s New Tool in the Fight Against Malware Free to
Microsoft Security Essentials, Microsoft Corp.?s new no-cost, core anti-malware service that helps protect consumers against viruses, spyware and other malicious software, will be available tomorrow, Tuesday, Sept. 29. Microsoft Security Essentials, independently certified by West Coast Labs, is backed by the company?s global security response team and is built on the same award-winning core security technology found in the company?s security solutions for businesses. It requires no registration, trials or renewals and will be available for download directly from Microsoft at http://www.microsoft.com/security_essentials.
?Consumers have told us that they want the protection of real-time security software but we know that too many are either unwilling or unable to pay for it, and so end up unprotected,? said Amy Barzdukas, general manager for consumer security at Microsoft. ?With Microsoft Security Essentials, consumers can get high-quality protection that is easy to get and easy to use ? and it won?t get in their way.?
Read more on the above in http://www.microsoft.com/Presspass/press/2009/sep09/09-28SecurityEssentialsPR.mspx
Botnet Reported Loose in Fortune 100
Last week Canadian security vendor Defence Intelligence reported that half the Fortune 100 companies have been compromised by a botnet they dubbed Mariposa. Discovered in May, Mariposa appears to have been built using the readily available butterfly bot kit. While the afflicted among the Fortune 100 haven't stepped forward to corroborate this claim, the threat is definitely real.
Mikko Hypponen, Chief Research Officer for the Finnish security firm F-Secure, says F-Secure has been tracking this threat for many months. "Nobody just detects it as Mariposa", says Hypponen. "Depending on the variant, we detect these as Palevo or Vaklik". F-Secure has received hundreds of these samples in the last 18 months.
Google shuts down bank snafu Gmail account
Court order snuffs innocent bystander
Google has resolved a lawsuit from a US bank that accidentally sent 1,300 confidential tax IDs to an innocent Gmail account, but not before the web giant complied with a court order to shutdown the account and disclose certain account info.
It's unclear what information was disclosed.
In mid-August, according to court documents, an employee with the Wyoming-based Rocky Mountain Bank was asked by a customer to send a group of loan documents to a Gmail account used by a third party. The bank employee then proceeded to send the documents to the wrong Gmail address - alongside another file that included the names, addresses, tax IDs, and loan info for 1,325 of the bank's customers.
When Google refused to release the identity of the person behind the Gmail account, the bank sued. Last week, Google told The Reg it would not release the users identity unless it receives a subpoena or court order, and such an order soon arrived.
Verizon Extends Antivirus, Storage Support to Macs
Verizon on Monday announced that it is offering a Mac version of its Internet security suite and online backup service.
Customers can order the services independently or as part of a Verizon FIoS phone, Internet, and video bundle.
Verizon Internet Security Suite (VISS) offers virus protection, a firewall, and parental controls, while Verizon Online Backup and Sharing (VOBS) offers between 5 Gbytes and 250 GB of storage for a monthly fee.
"Mac users are an important and growing segment of the broadband community and Verizon is becoming more and more focused on providing them with services that enhance their online experiences," Susan Retta, Verizon vice president of consumer product management, said in a statement. "We want Mac fans to know they can turn to Verizon for online security they can't get from cable."
Customers who sign up for a Verizon Internet, TV, and voice bundle can also subscribe to VISS and VOBS for $8.99 per month, which will provide security coverage for up to three computers and 25GB of online backup and storage.
New customers will get VISS and VOBS free for 30 days.
Pressure on Microsoft, as Windows attack now public
Hackers have publicly released new attack code that exploits a critical bug in the Windows operating system, putting pressure on Microsoft to fix the flaw before it leads to a worm outbreak.
The vulnerability has been known since Sept. 7, but until today the publicly available programs that leverage it to attack PCs haven't been able to do more than crash the operating system. A new attack, developed by Harmony Security Senior Researcher Stephen Fewer, lets the attacker run unauthorized software on the computer, in theory making it a much more serious problem. Fewer's code was added to the open-source Metasploit penetration testing kit on Monday.
Two weeks ago, a small software company called Immunity developed its own attack code for the bug, but that code is available only to the company's paying subscribers. Metasploit, by contrast, can be downloaded by anyone, meaning the attack code is now much more widely available.
School boards hit with cash-stealing Trojan
The U.S. Federal Bureau of Investigation is probing a rash of reported online computer intrusions that have resulted in hundreds of thousands of dollars being stolen from school districts in Illinois.
FBI investigators are working on a computer intrusion case at the Crystal Lake School District in Crystal Lake, Illinois, said Ross Rice, a spokesman with the FBI's Chicago office. But several other school districts also believe that they have been hit by the same malicious software, Rice said.
The FBI believes that the Clampi virus, already associated with a rash of banking thefts throughout the U.S., may be to blame, Rice said.
Rice declined to provide more information on the case because it is still under investigation, but local reports say that as much as US$350,000 may have been taken from the Crystal Lake District alone.
In Security, Reputation Is Key
Trend Micro posted a blog entry about AntiVirus test done by NSS. See related news on Sept. 22
Trend Micro wrote:
In Security, Reputation Is Key
That appears to be the conclusion of a pair of independent tests recently released by NSS Labs.
Back in June of 2008 you may remember there was some noise in the IT press, as Trend Micro was declining to participate in some of the well known anti-malware tests, such as VB100. Our argument at the time, and this still stands today, was that those tests simply do not accurately reflect the threat as our customers encounter it, and as such the results may offer a false sense of security.
The internet has emerged as the most abused attack vector, attacks are multi-variant, multi-protocol, distributed in source (botnets), often targeted in nature and can no longer be defeated by the pattern-matching techniques that have been at the core of security software for so long.
Independent and importantly unsponsored testing, from NSS Labs, has just been released that underlines the importance of this new approach. In July and August of this year NSS Labs performed 17 days of 24