The RDV Group InfoSec Blog

Great Cloud Article in today's NY Times

2010-04-19T10:01:00.000-04:00

Brad Stone and Ashlee Vance have a must-read piece in today's (Monday 4/19/10) New York Times Business section about how companies, in particular Netflix, are moving to a full cloud computing . As Dr. Ronald Krutz and I are finalizing our most recent text for John S. Wiley and Sons: Cloud Security: A Comprehensive Guide to Secure Cloud Computing (due out this August), it's heartening to see such a clear and direct description of the drivers for an organization's adoption of cloud computing in the popular press.

One section is especially succinct, as it describes Netflix's seemingly incongruous adoption of a rival's technology:

"Kevin McEntee, Netflix's vice president of engineering, said Netflix switched in order to 'focus our innovation around finding movies, rather than building larger and larger data centers.' As for tethering Netflix's future to a rival, Mr. McEntee said, 'It's in their interest to make us successful in the cloud. That's why we felt comfortable."

Cloud computing will make for some strange bedfellows, but the assurance of the preservation of the three tenets of information systems security (confidentiality, integrity and availability) will have to be continually addressed in a manner that makes more companies comfortable about the move.

Software Flaws Let Xmas Bomber Through

2010-01-08T12:49:00.002-05:00

Wired's consistently excellent "Danger Room" has a must-read piece: Software Flaws Let Christmas Bomber Get Through. In the article they follow up on the Administration's recent review of the intelligence failure, and describe how "Crappy government software -- and failure to use that software right -- almost got 289 people killed in the botched Christmas day bombing."

These problems include search engine failures, data correlation inabilities, and user incompetence. The commercial sector tackled these problems years ago with more success; maybe it's time to take air safety as seriously as on-line Christmas shopping.

Fundraising efforts for pianist Diane Moser to continue with special concert event Sunday afternoon, June 14 in Montclair, NJ

2009-06-01T10:54:00.000-04:00

Composer, pianist and bandleader Diane Moser has been a leading light in jazz and new music in the New York-New Jersey Area for nearly 20 years. As a writer the Montclair, NJ resident has received acclaim for her compositions, including a prestigious composition grant by Chamber Music America and a fellowship with the MacDowell Artists Colony. As a pianist, she has appeared with numerous top-flight musicians, such as Charles McPherson, Mark Dresser, Gerry Hemmingway among others, always lending her singular voice to the music. As a bandleader she has led numerous groups, most notably her Composer’s Big Band. Now she faces a new challenge, as she recovers from a rare form of cancer, in form of a gastrointestinal stromal tumor (GIST) and faces tremendous medical costs. In April her Composers Big band held the first of several fundraisers to help defray her medical expenses. A special concert benefit involving members of her local community as well as artists of international stature will be held on Sunday afternoon, June 14 at the Central Presbyterian Church in Montclair, NJ from 2:00-6:00 PM. There will be live auctions and a host of other activities that day to raise funds for Diane Moser.

Performers will include legendary jazz pianist George Cables, Double Bass Virtuoso and new music titan Mark Dresser, as well as several stalwarts of the NY-NJ Jazz scene (see below for full list) Additionally, several of Diane’s piano students will perform as well. Such a wide range of performers reflects Moser’s gifts as a performer, composer, and educator-in all these guises she has shared her love and enthusiasm for music.

A Celebration and Fundraiser for Diane Moser

Sunday June 14 2:00-6:00 PM

Central Presbyterian Church

46 Park Street Montclair, NJ 07042

There is no admission, but donations are encouraged

Guest artists will include: George Cables, Mark Dresser, Anton and Nicki Denner, the Mike Kaplan Nonet, the Diane Moser Quintet, the Erick Storckman Septet, and piano students of Diane Moser

For information, call 201-259-5865

For directions to Central Presbyterian Church, visit www.centralpresbyterian.net/contacts.html or call (973) 744-5340

Donations to cover Diane Moser’s medical costs can also be made online at

http://d-mo-zone.blogspot.com/. Just click on the “Donate” button in upper right hand corner to start the process.

Jazz Fundraisers for Pianist Diane Moser

2009-05-07T09:30:00.001-04:00

If you're in the Montclair New Jersey area May 11th, or the San Diego area May 12th, you might be interested in attending a special jazz event that's being held in each of those cities The band leader Diane Moser is recovering from a rare form of cancer, and since Moser has always been the first to help out artists who need help in paying onerous medical expenses, the music community gets to return the favor, with two special benefit concerts. The performances will reflect the many sides of Diane Moser, most notably the joy that is a trademark of her music and life.

Club/Date Info:

Monday, May 11, 8:00 PM
$10 cover, no minimum (full menu)
Trumpets
6 Depot Square
Montclair, New Jersey 07042
973.744.2600
Guest artists will include: Jim McNeely, Howard Johnson, Nicki Denner, Oliver Lake, Mike Kaplan, Russ Vines and others.

Tuesday, May 12, 7:00 PM
$20 cover
Dizzy's
San Diego Wine & Culinary Center
Harbor Club Towers ground floor
2nd & J Street
San Diego, CA 92169-1990
858.270.7467
Guest artists will include: Charles McPherson, Daniel Jackson, Mark Dresser, ESP Quintet, Rob Thorsen, Dave Millard, Mitch Manker, Duncan Moore, Yale Strom, Tripp Sprague, Gunnar Biggs, & more.

About Diane:
Composer, pianist and bandleader Diane Moser has been a leading light in jazz and new music in the New York-New Jersey Area for nearly 20 years. As a writer, she has received acclaim for her compositions, including a prestigious grant by Chamber Music America and a fellowship with the MacDowell Artists Colony. As a pianist, she has appeared with numerous top-flight musicians, such as Charles McPherson, Mark Dresser, and Gerry Hemmingway among others, always lending her singular voice to the music.

As a bandleader she has led numerous groups, most notably her Composers Big Band. Diane Moser’s Composers Big Band is a 17-piece big band formed for the purpose of developing and presenting new music for large ensembles. Presenting monthly concerts since January 1997, the CBB features the music of its resident composers along with guest composers and performers. The range of the featured artists collaborating with the band has been astonishing: Jim McNeely, Oliver Lake, Howard Johnson, Sy Johnson, Matt Wilson, Jackie Cain and Mark Dresser are but of few of the dozens to share the stage with the group. This breadth reflects the musical attitude of Diane Moser, whom the New York Times called “unfazable booster for improvised music.”

More about Diane:
http://www.myspace.com/dianemoserscomposersbigband
http://www.jazz.com/encyclopedia/moser-diane

If you can't make the concert, you can donate here: Flipped Kitty in the City

Hope to see you there!

April 1st Virus Attack

2009-03-31T13:23:00.005-04:00

I wrote a short piece for my company's newsletter about the Conficker virus, which is scheduled to go active 4/1/09:

Conficker

On April 1, the Conficker worm (aka Downadup) will expand its infection of Windows systems. Although exactly what payload this worm will execute is not known, it’s expected that, at the least, it will start taking more steps to protect itself. After 4/1, machines infected with the “C” variant of the worm may not be able to get security updates or patches from Microsoft and from many other vendors. The creators of the worm will also start using a communications system that is more difficult for security researchers to interrupt.

Security researchers don’t know the exact purpose of the Conficker worm. Today the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. Most likely, the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs, and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service; deletes previous restore points; disables many security services; blocks access to a number of security web sites; and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

Various versions of the software have spread widely around the globe since October, mostly outside the United States because there are more computers overseas running unpatched, pirated Windows. (The program does not infect Macintosh or Linux-based computers.)

It is possible to detect and remove Conficker using commercial antivirus tools offered by many companies. However, the most recent version of the program has a significantly improved capacity to remove commercial antivirus software and to turn off Microsoft’s security update service. It can also block communications with Web services provided by security companies to update their products. It even systematically opens holes in firewalls in an effort to improve its communication with other infected computers.

Be sure that all systems (workstations. laptops, servers, perimeter devices) are patched and scanned with the latest signatures.

Links:

A good backgrounder on Conficker (aka Downadup) from Symantec: http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm

Continual updates on Conficker via SANS: http://isc.sans.org/diary.html?storyid=6043&rss

Checkpoint Smart Defense Services offers a mitigating protection against this for when you don’t have time to patch: http://www.checkpoint.com/defense/advisories/public/announcement/012209-downadup-confiker-worm.html

More technical info from McAfee, http://vil.nai.com/vil/content/v_153464.htm, and McAfee’s latest AVERT Stinger app runs a quick scan: http://vil.nai.com/vil/conficker_stinger/Stinger_Coficker.exe

MS Security bulletin: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Also, a $250K reward offered by MS for arrest and conviction of the virus authors: http://blogs.msdn.com/wael/archive/2009/02/14/conficker.aspx

Germans Shut Down The Ohm Project

2008-07-10T12:57:00.003-04:00

In a move reminiscent of the recent ACLU revealing of the abuse of FBI "national security letters", The Ohm Project (ohmproject.org) was knocked off the Internet yesterday. Both The Ohm Project and E-Tunnels went dark on Wednesday about midday Central European time. Like the FBI letters, this creates a remarkable Catch-22 for the site's provider E-Tunnels:

"When an inquiry was made to the service provider, he said that "the German police" had made three complaints beginning about a month ago about unspecified "abuse" originating from one of the IP addresses assigned to E-Tunnels. The service provider, welcome2inter.net, claimed that he had been prohibited by the authorities from relaying the complaints to E-Tunnels even though they were the only party able to respond to the situation or correct it."

The Ohm Project is a highly recommended site providing information about threats to Internet privacy and freedom along with advice and tips about how to fight back against these encroachments.

This follows on the heels of last years strict German hacking law, that rules that even possessing computer security testing tools can be proof of intent to hack systems, which make Certified Ethical Hacking (the good guys) more difficult.

Boris Vilde has started "The Ohm Project in Exile" on blogger here. Please help him any way you can.

Can you get reimbursed when you purchase spyware?

2008-05-30T12:08:00.007-04:00

I thought it would be useful to see this back and forth I recently had with a reader. His question was:

"In your opinion, does being victimized by such intruders as "Antispywaremaster" constitute fraud if in fact you authorize a debit of your account? I am in the process of disputing my purchase of their spoof antispyware program which infected my computer & would like your opinion on what the likelihood is of recovering my losses. Thanks."

This was my response:

"Let me preface my answer by stating that I am not a lawyer, and my opinion carries no weight in a court of law. But I believe that your credit card company should reverse the charge, as most cards have a provision to contest services or products that do not perform as promised, and this is as clear a case of non-performance as you can find.

As far as continuing a charge of fraud, in an effort to recoup damages over and above the initial charge for the software, I'm not sure how good your chances would be. A large portion of these malware writers are overseas, and law enforcement types are reluctant to go after groups unless they have rung up large losses.

BTW: Two good anti-spyware programs I use are: Spybot S&D http://www.safer-networking.org/en/download/index.html and Lavasoft's Ad-Aware http://lavasoft.com/single/trialpay.php both are free. I have great dislike for programs that pretend to be spyware, then infect your computer."

His response was:

"Your reply will not be used to bolster a law suit as I do not intend to pursue one but rather aid me in my resolve to recover MC charges & fees to my account."

This is good news, as the credit card company should reimburse for the faulty software, but it would be nearly impossible to collect damages from a virus maker. And be sure to always check AV sites, like Symantec or McAfee, or other info sites, before you download software.

And you can keep up with security news and info on the RDV Group news feed, at:
http://www.rdvgroup.com/rdv1/pages/Headlines/Default.aspx

Bill Glennon has passed away

2008-02-12T17:21:00.000-05:00

My friend, Bill Glennon, passed unexpectedly this last Friday. He was a great friend, and a real person in every sense of the word. The world will be a lesser place without him.

Am I the Laziest Blogger Alive?

2007-06-08T10:59:00.000-04:00

Bill Glennon has shamed me into posting, as it' s been a year since my last post. And what a year it was!

I've just finished (with Dr. Ronald L. Krutz) my 10th book for John S. Wiley and Sons, the Certified Ethical Hacking Prep Guide, to be published this fall.

I've just started my next book, Composing Digital Music For Dummies, which should hit the bookstores in February. It's the first general audience guide to making your own digital music.

I'm an Ask The Experts for SearchSecurityChannel.com, answering questions related to Information Security Threats and Countermeasures, and I just finished a six-part piece on Penetration Testing techniques for consultants and VARs.

I'm continuing writing on a host of subjects for James Cramer's thestreet.com, varying from luxury automobiles to a video series on small business travel technology.

I've been interviewed and contributed pieces for many periodicals, web sites, podcasts and webcasts, like the Wall Street Journal, and SearchCIO.com.

So I've been busy, but I know that's no excuse. So I'll get back to work!

My Article on Traveling Security

2006-06-06T10:48:00.000-04:00

... was recently posted on the "Good Life" department of James Cramer's thestreet.com. Titled "Protect Your PC on the Road," it covers basic steps you can take to minimize your chance of exposing your or your company's data to bad guys.

From the article: "Staying connected while on the road is essential for many travelers, business or otherwise. However, it's hard to hold on to the good life when you pick up a computer virus on your journey. Using a computer at the airport, in coffee shops, hotels or other public places can complicate your life, not save it, if unprotected wireless computing gets you or your business in hot water."

Check it out ....

"Stephen Harper Eats Babies" ...

2006-05-08T10:49:00.000-04:00

... is what the scrolling reader board in the suburban Toronto commuter train said. Normally it reports on train schedules or public events, but this time it was referring to the recently elected prime minister of Canada. The problem was that this was not an authorized message, and the New York Times reports today that the Greater Toronto Transit Authority had received five other sightings of the bizarre notice.

Evidently the seven-year old transit reader signs had been hacked by an infrared hand-held, and the software was never configured to require a password. And it's not clear that the software has the capability to use passwords. The GTTA has since turned off the signs, and is installing password software.

And friends of Mr. Harper say he's never eaten a single baby that they know of.

House Passes Bill To Protect Phone Numbers

2006-04-26T19:20:00.000-04:00

In the "this is really needed and I'm surprised they're actually doing something about it" department, the National Journal describes a new House bill to restrict those web sites that buy and sell personal phone information: "... The House yesterday passed a bill designed to protect the privacy of telephone numbers. The measure, H.R. 4709, would make it illegal for online brokers to buy and sell individuals' monthly phone records. It would empower both the FCC and FTC to enforce new rules banning 'pretexting,' the practice of obtaining customers' personal information under false pretenses."

An interesting feature about the history of this bill is that the legislation that was introduced early this year after publicity generated by a blogger, John Aravosis of Americablog: " ... After he read an article about the issue, he decided to make cell-phone privacy a pet cause. Aravosis first bought his own records to prove a point, then he bought the records of someone who mattered: 2004 Democratic presidential candidate Wesley Clark . That ploy generated lots of publicity and jumpstarted the issue in Congress."

Here's a tip of the hat to the on-going, often losing. battle for personal privacy. And a great reminder of the power of the Internet!

Campaign Leaks Social Security Numbers

2006-04-26T19:18:00.000-04:00

I'm constantly amazed at how poorly privacy is protected by those who have access to personal information. Add this to the continuing litany of lost social security numbers. WBNS channel 10 from Ohio says that "... Millions of Social Security numbers are now in the hands of people who aren't supposed to have them...The private records were mistakenly released by the Secretary of State's office."

"Voter lists are crucial to political parties. They give campaign workers an efficient way to target potential supporters. The lists usually consist of the names of registered voters, their addresses, their party affiliation, and whether that person voted in the last election. Social security numbers aren't supposed to be revealed. But they have been because of a mistake by Secretary of State Ken Blackwell's campaign."

And it's not the first time: "... This is the second time this year private information has been compromised by Mr. Blackwell's office. In March, a link on the Secretary of State's website revealed hundreds of Social Security numbers listed on public documents."

Funny thing, Blackwell handily won his GOP primary for governor this week. Well, maybe not so funny...

I recently gave testimony ...

2006-04-26T08:41:00.000-04:00

.. to the Westchester County Board of Leglislators about the proposed "Public Internet Protection Act" which promotes wireless security in public places like hotels and cafes. While it's obviously not a complete solution, it's a good first step in helping protect data on the wired LAN.

A CNN posted a good AP article about the act, "N.Y. county mandates wireless security."

An interesting nugget from the piece is this: "Norman Jacknis, the county's chief information officer, said that when the law was being considered officials detected 248 wireless networks during a 20-minute drive through downtown White Plains. Nearly half had no visible security."

This is not uncommon stats for wireless nets. It's important for all wireless users, especially businesses using wireless routers, to aware of the threats and vulnerabilities to private data.

There are several good books out about Wi-Fi security, and one of them is my book: "Wireless Security Essentials."

Safe computing!

Sorry For Being So Behind ...

2006-04-24T10:37:00.000-04:00

... in my posting. Ron Krutz and I are just finishing up our CISSP Prep guide 3rd Edition (which is going to be a MONSTER book!) I did a long article for State Tech Magazine on Instant Message hacking (it'll be a couple of months before it's published,) finalizing other book proposals, and working on our information systems security training products.

I promise that I have several posts in the works that will get up this week. April has been a busy month for hacking!

Workers accused of fudging ’04 recount

2006-04-08T11:36:00.000-04:00

I occasionally post pieces about voting irregularities and issues with verified voting, because I feel that it's one of the biggest challenges we face as a democracy today. Avi Rubin has done a lot of good work in this area and has testified frequently before congressional panels about electronic voting problems. With many states rushing to implement HAVA requirements, reliable, verifiable, open-sourced and transparent voting systems are sorely needed.

So my interest was piqued when I read this item in the Cleveland Plain Dealer. A special prosecutor has charged that Cuyahoga County Ohio election workers secretly skirted rules designed to make sure all votes were counted correctly immediately following the 2004 presidential election, to prevent a recount from automatically kicking in.

At this time there isn't any proof that they were trying to sway the election one way or another, but rather were trying to save money: " ... While there is no evidence of vote fraud, the prosecutor said their efforts were aimed at avoiding an expensive - and very public - hand recount of all votes cast. Three top county elections officials have been indicted, and Erie County Prosecutor Kevin Baxter says more indictments are possible."

Evidently they were supposed to take a random sampling of 3% of the ballots and compare with the related machine totals: " ... If the hand and machine counts match, the other 97 percent of the votes are recounted by machine. If the numbers don't match, workers repeat the effort. If they still don't match exactly, the workers must complete the recount by hand, a tedious process that could take weeks and cost hundreds of thousands of dollars."

But they prepared the sample ahead of time, by opening ballots and eliminating any that didn't match the machine, to prevent a manual hand recount: " ... Kathleen Dreamer, manager of the board's ballot department, Rosie Grier assistant manager, and Jacqueline Maiden, Elections Division director and its third-highest-ranking employee, have been charged with misdemeanor and felony counts of failing to follow the state elections law. A May 8 trial date has been set."

It's going to be interesting to see what happens, and if this leads to bigger fish.

Phisher Kings Court Your Trust

2006-04-05T10:07:00.000-04:00

Brian Grow has another piece in Business Week that's worth a look. This is a fairly extensive article that quotes a lot of sources and makes some good points. He references some of the more busy worms, like Bagle, and some of the newer, less well-known Trojans, like Hearse: "... The attachment -- labeled lawsuit.exe -- is a new variant of a computer worm called Bagle. When worried victims open the attachment, malicious code embedded in its text downloads onto their PCs, and then swiftly harvests all their e-mail addresses to send out even more spam. That second wave uses the victim's personal e-mail address to send malicious code disguised as, say, a Paris Hilton sex video, to friends and associates."

There isn't a lot new and earth-shaking in the article, but he does hit the major point, that although more users are getting savvy to the basic email schemes, $ losses are increasing, as fraudsters get more sophisticated and mercenary: "... A 2005 survey by Gartner found that just 2.5% of phish recipients responded with personal or financial information, down from 3% in 2004. But fraud losses connected to the theft of such information off the Web still rose from $690 million in 2004 to $1.5 billion last year."

I tried to make the same point on Business Week TV on April 02, that phishers have progressed from badly spelled emails, to well-funded criminal enterprises, sometimes even operating with the blessing of their governments.

My Appearance on Business Week TV Today

2006-04-02T22:29:00.000-04:00

Brian Grow's piece about the rootkit Hearse was the lead story, and they used about 20 secs of my comments. You can stream the video at the Business Week Weekend TV site here.

One issue I have with these pieces is that they always explain the nuts and bolts of what’s happening very well, but never get into real info you can use to combat the threat.

For example, when Brian was asked what can a regular person do about protecting themselves from these threats, he said “Be more vigilant”.

Sounds like a Homeland Security recommendation, maybe we should duct tape our computer...

New Trojan Named rootkit.hearse

2006-03-30T09:37:00.000-05:00

Sana security was apparently the first to discover a new Trojan rootkit, which they named "Hearse", that sends financial info back to a central server. You can read about it on their site here (pdf).

Evidently the "... malware components work together to capture user information by discovering passwords previously used on the machine. The Trojan communicates with a server where the stolen information is stored. The Trojan is hidden through the rootkit technology and survives reboot, meaning it remains on the machine indefinitely. Types of information that can be compromised include bank accounts, email logins, and insurance information. "

Sana has some great screen shots of the bug. It's not a keylogger, but works a little differently: "... The Trojan does not rely on capturing keystrokes. Instead, it finds previously used account and password information, in particular through the Internet Explorer autocomplete feature. The types of information include any transaction that requires an account: banking, online auctions, insurance, airlines, etc."

The potential for big losses is great, as Sana says: " ... Rootkit.hearse has been active since March 16th, ... The logs contain almost 40,000 records of user account information, spanning 6,500 sites... Sana Labs estimates the number of unique accounts at 20,000."

This is the face of phishes to come. On this blog I've referred to how sophisticated the malware writes/distributors are becoming. While regular virus vandals and spoofed web pages are slowing down, the phishers are getting smarter and more mercenary.

For more info on Sana Security Advisories, look here. And for the latest security news, always go to the RDV Group's RSS Security News Reader.

My interview on BusinessWeek TV

2006-03-30T08:52:00.001-05:00

... will be broadcast this weekend (4/1-4/2), on BusinessWeek Weekend. I was interviewed about a phishing exploit that's just staring to hit some major financial institutions and costing in the millions. Next week's BusinessWeek magazine will have an article about the phish, but the TV show will have an advance piece.

Here in the NYC metro area, BusinessWeek TV airs Sunday AM at 11:30 on channel 7, WABC. To find out the times in your area, Business Week has a zip code finder on the web that locates stations that nationally syndicate the program.

I haven't seen it yet, and some of you will see it before I can, so I can't promise how much of me will be on the air vs. the cutting room floor. Although the NYC air time is fine, BWTV airs at some pretty odd times in other markets, owing to its syndicated nature. You might want to tape or TIVO it.

I'll have more later about this interesting exploit...

IRS warns taxpayers to beware ID theft scams

2006-03-28T10:41:00.000-05:00

It's that time of year, and the AP reports on the latest IRS warning to avoid tax-related phishing scams. A variation in the old email phish, these e-mails are "... purporting to come from the IRS (and) often tell taxpayers they're due a refund and direct them to a false IRS Web site. The e-mail address may include "irs.gov," such as tax-refunds@irs.gov or admin@irs.gov."

If you practice safe computing these phishes aren't too dangerous. Like much real financial email communication, "... The IRS does not communicate with taxpayers via e-mail, nor does the IRS ask people for passwords, personal identification numbers or other secret information about financial accounts."

But with all the problems with privacy violations by tax return preparers, exorbitant interest rates on "instant refunds", and re-sale of your personal information to third parties by the IRS, this is another in a long list of irritants that make April 15 even a bigger pain.

Illinois Man Fined For Piggybacking On Wi-Fi Service

2006-03-25T11:52:00.000-05:00

It's getting tougher to piggyback on Wi-Fi.

Yahoo recently noted that "...David M. Kauchak, 32, pleaded guilty this week in Winnebago County to remotely accessing someone else's computer system without permission ... a judge fined Kauchak $250 and sentenced him to one year of court supervision."

Evidently it's a precedent: "... Kauchak has the dubious distinction of being the first person to face the charge in Winnebago County, and prosecutors say they're taking the crime seriously. "We just want to get the word out that it is a crime. We are prosecuting it, and people need to take precautions," Assistant State's Attorney Tom Wartowski told the newspaper."

The bust is interesting ..."A police officer arrested Kauchak in January after spotting him sitting in a parked car with a computer. A chat with the suspect led to the arrest, Wartowski said."

I know piggybacking can be problematic, as I mentioned here, but I think this is kind of crazy.

Good Article on Phishing

2006-03-20T11:20:00.000-05:00

Crystal Ferraro recently posted this article on Searchsecurity.com about recent Phishing targets. It was originally a white paper she presented at the RSA conference last month, and posted this excerpt on 3/17. I have a short quote in the article, which is intended to convey the extent to which phishers are getting more sophisticated and efficient.

Ed Skoudis does a great job of explaining some of the latest trends: "[Attackers are] getting better at making the keystroke loggers difficult to find," Skoudis said. Some are embedded with rootkits, or they attack antivirus and antispyware tools. Some spyware and other malcode purposely try to foil their own analysis to buy time..."

I have more on keyloggers here and here...

Keylogging Basics Part II

2006-03-15T16:45:00.000-05:00

We looked at keylogging a little bit in Part I, let's continue (excerpted from "Phishing: Cutting the Identity Theft Line.")

"Once installed on the target machine, either direct through interaction with the user, or through a more stealthy means, the keylogger program runs continually in the background. After the keystrokes are logged, they can be hidden in the machine for later retrieval or transmitted to the attacker via the Internet. The attacker then examines the reports for passwords or information that can be used to compromise the system or engineer an attack. A keylogger may reveal the contents of emails composed by the victim."

"Some rare keyloggers include routines that secretly turn on video or audio recorders, and transmit what they capture over your Internet connection. Other products capture screens, rather than keystrokes. However, most criminal keyloggers are hoping to steal bank account numbers or other financial data."

“A software keystroke logger program does not require physical access to the user's computer. It can be installed intentionally by someone who wants to monitor activity on a particular computer or downloaded unwittingly as spyware and executed as part of a rootkit or a RAT.”

“A rootkit is a collection of software tools that a cracker uses to obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. The rootkit then collects userids and passwords to other machines on the network, thus giving the hacker root or privileged access. A rootkit may consist of utilities that also monitor traffic and keystrokes, create a "backdoor" into the system for the hacker's use, alter log files, attack other machines on the network, and alter existing system tools to circumvent detection.

I'll bring more later...

PINs Aren't a Magic Bullet

2006-03-09T15:15:00.000-05:00

Bob Sullivan, a top expert on Identity theft, has a dead-on piece in today's (03/09) MSNBC's Tech & Sci Security area. There's some interesting exploits afoot using what was previously thought to be a secure technology, pairing your ATM with it's PIN.

He and I have discussed this issue, and think there's interesting ramifications re: what I call "residual data". That is, all the little places personal data (in this case the PINs) can hide and resist scrubbing. Commonly called "data remanance" (you CISSP'ers know this term), it's like owning a home. Water is getting in somewhere and it's not obviously coming in from where it looks like it is.

Your CISSP'ers also know the drill: two-factor authentication is a combination of "something you have", the ATM card with "something you know", a password, or a PIN. But the PINs are supposed to be sacrosanct, and now we know they're not.

From Bob's article: "... The incident calls into question the security of the four-digit code that for years has made PIN-based transactions less subject to fraud than signature-based credit card transactions. 'This is the absolute worst hack that has happened, the biggest scam to date," said Gartner analyst Avivah Litan'"

Maybe it's from one source: "... In each case, the banks have blamed a third-party company — in some cases, more specifically identified as a merchant or retailer. Speculation has been rampant that the source of the stolen data is office supply store OfficeMax, starting with an article last month in the San Francisco Chronicle indicating 200,000 account numbers had been stolen from the firm. OfficeMax denies it's to blame."

But it's beginning to look like it's not: "... many merchants incorrectly store PIN information they should be destroying after customers enter the secret code on PIN pads in stores around the country. While the information is often encrypted into something called a PIN block, the keys necessary to decrypt the information are often stored on the same network, she said. That makes stealing the PINs as easy as breaking into an office computer using a password a careless employee has taped to the screen."

And here's where the data remanance comes in: " ...The software is storing PINS just because it can. No one is paying attention to this stuff, it's deep in the software... "

My wife knows this exploit, because she was a victim over the holidays. Her credit card and ATM card were stolen, and to her surprise, it was no problem to drain the $ out of her checking. The PIN was absolutely no barrier to the thief.

UPDATE: Bob was on NBC Nightly News tonight (03/09) to discuss this problem further. We definitely haven't heard the last of this yet.

Porn Billing Leak Exposes Buyers

2006-03-09T13:06:00.000-05:00

Quinn Norton of Wired has a post today (03/09) that probably sends shudders down the spine of many of my friends: "Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it's been bought and sold in a black market made up of fraud artists and spammers ..."

Norton goes on to say that the compromised information was intentionally stolen, not lost through incompetence, and Wired got a look at it: "... The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included."

If credit card #s are not included, as Wired says, that's good. But the troubling thing about this loss is that it may have been perpetrated by the foundering company (or someone in the company) that was custodian of the data: " ... the company's troubles may have left them vulnerable to information embezzlement: The breach, they say, has all the markings of an inside job. The files appear to have been generated by exporting an SQL database into a CSV format -- a procedure that would be unusually extravagant for a quick, furtive hack attack.

"Moreover, at 4.5 gigabytes in size, the larger file would have been tough to download unnoticed over iBill's internet connection. Thomas speculates that an employee or other insider may have simply walked out of iBill with the transaction records to sell on the data black market."

The list is being used by spammers, and may be used for identity theft.

Be careful where you leave your personal info! And don't expect integrity from porn sites!

UPDATE: Keith Olbermann referred to this story as the #1 article on "Countdown" tonight (03/09), and made a funny: "Remember to keep it in your pants. ..Your credit card, that is."

The Danger of Wireless Piggybacking

2006-03-09T09:03:00.000-05:00

Michel Marriott had an excellent article in the NY Times on Sunday (03/05) about the growing phenomenon of "wireless piggybacking", using someone else's wireless router to jump on the Internet: "... Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture"

The hacker magazine 2600 frequently has pieces about wireless hacking, and one writer says that he often changes the default admin password after attaching to the router to prevent the real owner from disconnecting him later. Although this is easy to remedy through resetting the router to its default state and applying MAC address filtering, it shows how the proliferation of these devices has outstripped the ability of the common owner to control them. The admin password is easily found on the web, say by downloading a pdf of the manual for the router, and is the first thing the owner of the router should change when installing.

I admit I'll jump on my neighbor's Linksys when I'm having trouble with my router; the signal is weak but usable (remind me to tell him how to configure filtering on it some day). And there is a movement to allow free wireless access, not just in coffee shops, but in whole cities, like Cambridge and Philadelphia (I'll have a post about how to protect yourself while using public Wi-Fi later). Wififreespot.com even provides a directory of free wireless "hot spots": " ...The Wi-Fi-FreeSpot Directory is a listing of Wi-Fi enabled locations that offer Free Wireless High Speed Internet Access. USA State-by-State listings come first with Europe and other regions of the World listed further down the page.."

But a larger, more problematic issue arises from wireless piggybacking. Mr. Marriott briefly touches upon the issue in one paragraph: " ... savvy users could piggyback into unprotected computers to peer into files containing sensitive financial and personal information, release malicious viruses and worms that could do irreparable damage, or use the computer as a launching pad for identity theft or the uploading and downloading of child pornography."

But this needs to be really emphasized, because here's the rub: there is no way to convince the government that it wasn't you who accessed the pornography or terrorist site. Or the RIAA that it wasn't you downloading the latest hit music or video.

And especially that the Justice Department want to know what you're Googling, you really can't legally afford to let unknown parties surf the web through your router.

If determined hackers wanted to use your router, they'll be able to no matter what you do. A $89 Wi-Fi router from CompUSA is not going to have strong security, but please at least change the admin password and set up MAC filtering.

My PC is slow!

2006-03-06T12:25:00.000-05:00

I just got an email from a friend who works for a major metropolitan newspaper. Her boss is having PC problems, and asks for a bit of help:

"... My new boss mentioned this morning that his old computer is all clogged up and moving very slowly. So he's going to get a new, updated computer. In the past when he has switched computers, he has just had system support move all his stuff onto the new computer. But this time he is wondering if that will simply clog up and slow down his new computer. Do you have any general advice I could pass along to him? For example, I wondered if he should just put all the old stuff on CD's. Or are there any tricks to get the important documents to switch over without the viruses and spyware?..."

I thought I'd post my response, because I think it has useful info:

" ... Above all, anything he does with the PC needs to be okayed by systems. The company owns the PC and the data on it, and if he does anything I recommend here and the data goes poof, he might be in violation of employee computer-use compliance policies. These policies may seem counter-productive, but they are usually there for a reason.

If, on the other hand (and this is more likely), systems doesn't really care what he does with the PC as long as it doesn't result in more work for them, or they don't have any kind of policy about this, he should think about a couple of things. PCs slow down primarily for just a few reasons:

1) The PC has spyware or viruses intercepting processes and hogging resources;
2) The amount of data stored on the PC is growing, especially large email attachments can do this (video/music);
3) The file allocation links are fragmented throughout the hard drive, slowing performance by making the drive work harder to find all the related pieces of data on the drive.

The solutions to these three is:
1) Virus and spyware removers. Systems must have recommendations to make. You probably have decent email virus scanning and virus protection included in the company's standard PC build. If not, the usual Symantec or McAfee work fine. A good, free spyware remover is Ad-Aware Personal

2) You make a good suggestion to clear off old data. If he has a CDR or CDRW burner he should clear off as much old junk before the move, by burning to the CD then erasing from the PC (empty the trash, too). He needs to be careful, however, to be sure he knows what files he's removing and not Windows systems files or the like.

3) Symantec System Works has a good Disk Optimizer that should be run occasionally (monthly). Microsoft has a defragmenter built-in to the OS also, which isn't very good but is free. Caveat: don't turn off or lose power during the defrag process; you may lose everything.

One important point about #3: if systems is backing up and restoring his old data to a new PC, the disk will be optimized anyway by the nature of the migration, and probably won't need it on the new PC anytime soon.

Another point is that we eventually get used to the newer, faster machine, and if the slow-down isn't dramatic, we're probably just jaded..."

Now I know there's a lot of back and forth about which virus scanner or spyware detector is better. The point is that any of these are better than not having any at all, and corporate systems will most likely have a standard to follow.

Republican Spyware?

2006-03-02T12:23:00.000-05:00

Minnesota Public Radio had an eye-opening piece yesterday (03/01) about a GOP informational CD being distributed: "On Monday, the Minnesota Republican Party announced that it will send out CD videos on Friday to inform voters about the importance of a constitutional amendment to ban gay marriage."

So far so good. But it appears that there's an element to the CD that users may not know about: "It turns out the CD is also being used to add to the GOP voter database. Officials with the Republican Party say certain voter data is being collected by the party...At the CD's unveiling, he (Republican Party Chair Ron Carey) never mentioned that the party is also using the video to collect information about those who view the video...It's not clear on the Republican CD that the data is being transmitted back to the Republicans, or even what other data about the user is being extracted and sent."

The CD is now coming under fire from privacy advocates: "Internet privacy experts say they're concerned that the party isn't telling the viewer that it's collecting the data and worry where the information will end up...They argue that someone who submits a survey on those sites is actively providing information."

EPIC also has something to say: "Lillie Coney, the associate director of the Electronic Privacy Information Center in Washington, says the GOP CD should clearly indicate that the packet is not only a video on gay marriage, but a tool to collect voter data."

Spyware is often defined as software that: "... that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else."

Although the information gleaned may be used innocuously, it still qualifies as spyware.

Keylogger Basics - Part 1

2006-02-28T07:28:00.000-05:00

Keyloggers are really hot in the news now. I'm going to post several overview pieces about how they work (excerpted from "Phishing: Cutting the Identity Theft Line.")

”Keyloggers are a form of spyware that records user keystrokes. They can be either hardware devices or software programs. They record every key typed on a computer, sending this information to the person who installed it or saving it to be read later.The software versions may be delivered by Trojan horse email attachments or installed directly to the PC. The hardware version must be physically installed on the target machine, usually without the user’s knowledge. Although keyloggers are sometimes used in the payloads of viruses, they are more commonly delivered by a trojan-horse program or remote administration trojan (RAT)."

“Some hardware keystroke loggers consist of a small AA battery-sized plug that connects between the victim's keyboard and computer. The device collects each keystroke as it is typed and saves it as a text file on its own tiny hard drive. Later, the keystroke logger owner returns, removes the device, and downloads and reads the keystroke information. These devices have memory capacities between 8KB and 2MB, which, according to manufacturer's claims, is enough memory to capture a year's worth of typing.”

“The only way to detect hardware keyloggers is through physical inspection. Because the device resembles an ordinary keyboard plug, it’s easy for the victim to overlook. The fact that most workstation keyboards plug into the back of the computer makes them even harder to detect.”

Stay tuned for Part 2 of Keylogging Basics ...

Spyware Is Real

2006-02-27T10:07:00.000-05:00

An article by Tom Zeller Jr. on the front page of the NY Times today (2/27) clearly shows how the spyware and keylogger threat has morphed over the last year. He also has a sidebar with some helpful hints.

My most recent book, "Phishing: Cutting the Identity Theft Line", is the first text to offer a thorough description of phishing, spyware and keyloggers. It also presents a clear plan of action for corporations as well as home Internet surfers.

You can read an excerpt (provided by SearchSecurity) her e, and Tony Bradley posted a five-star review on netsecurity.about.com: "...an enjoyable and educational book...Phishing covers the information that readers need to know to protect themselves as well as providing information that companies can use to prevent their servers from being used in phishing attacks...This is an excellent book that just about anyone who uses computers should read".

But if there was any doubt that spyware is today's #1 threat to Internet users, the NY Times just dispelled it.

Laptops Have Legs!

2006-02-24T14:49:00.000-05:00

An article in the Westchester Journal News Friday (2/24) by Jorge Fitz-Gibbon reports on a missing laptop, with some very interesting data on it: "New York City police and Department of Environmental Protection officials are searching for a stolen laptop computer that includes diagrams of the city water supply system."

Although DEP officials don't believe the info was of a serious security nature, they're looking into the possibility that the employee losing the laptop was in violation of their computer use policy: "Michaels also said the computer was stolen from a DEP vehicle on Monday night. He said investigators from the city Department of Investigation and the New York City Police Department believe it was a random crime." The laptop was left in a car, which was vandalized with other cars in the same lot.

Laptops have legs!

Goodbye to a Jazz Master

2006-02-24T14:25:00.000-05:00

If you're into Latin jazz, you probably know that percussionist Ray Barretto died last Friday (2/17) at the age of 76. He was honored last month as a Jazz Master by the NEA at the International Association of Jazz Educators annual conference in NYC, which I attended. He fell ill on the way home from the event, and never recovered.

His life was more than the history of Latin jazz in America, in one way or another he was there during the major milestones of jazz. He was originally from the Bronx and was self-taught on the drums. "... After four years with Puente, he was one of the most sought-after percussionists in New York, attending jam sessions with artists including Max Roach and Art Blakey and recording with Sonny Stitt, Lou Donaldson, Red Garland, Gene Ammons, Eddie "Lockjaw" Davis, Cannonball Adderley, Freddie Hubbard (JM), Cal Tjader, and Dizzy Gillespie. Barretto was so much in demand that in 1960, he was a house musician for the Prestige, Blue Note, and Riverside record labels".

The Times has nice piece on his wake last Tuesday (2/22): "... I'm here because Ray Barretto was the best congero in the world," said Eddie Karimbo, 68, referring in Spanish to Mr. Barretto's mastery of the conga drum...There was the jazz pianist Randy Weston and Latin music stars like the percussionist Bobby Sanabria. There were other Latin men in sharp suits carrying instrument cases... Mr. Weston recalled hanging out with Mr. Barretto together with Max Roach and Charlie Parker".

As the old guard disappears, and the young lions grow up, it's important to take the time and consider where we've come from, and what we owe.

IrDA Protocol Can Compromise Diebold Voting Machines

2006-02-23T16:22:00.000-05:00

Bill Glennon pointed me to this article from The Brad Blog: "IrDA Protocol Can 'Totally Compromise Systems Without Detection, Warns Federal Voting Standards Website. So far, no state or federal authority -- to our knowledge -- has dealt with this alarming security threat". He posts a photograph from the side of a Diebold AccuVote TSx touch-screen voting machine, which clearly shows an Infrared port.

Now for those who aren't acquainted with this little guy, Brad goes on to elaborate: "Now we have no idea what that "IrDA" port is meant to be used for with a touch-screen voting machine, but we do know that the IrDA (Infrared Data Association) is an Infrared port used for wireless connection between two devices. We used to have one on the back of our notebook and desktop computers which we used to keep the two systems synched up via wireless data transfers over that Infrared port."

According to NIST (National Institute of Standards and Technology) this is a big no-no. Brad goes on: "They issued a warning [PDF] about the Infrared ports on voting machines in a report which warned "The use of short range optical wireless," like infrared, "particularly on Election Day should not be allowed." Also, VotersUnite.org issued an alert mentioning it, with a photograph, back on October 26, 2004."

I don't know what the IrDA is used for, but as I explained in my book "Wireless Security Essentials: Defending Mobile Systems from Data Piracy ", just its existence destroys any guarantee of data integrity. Another comment posted to NIST's voting website [PDF] by James C. Johnson on October 5, 2005 states that "...the use of the IrDA protocols could be used at any time, even after final "Logic and Accuracy" tests have been performed, and thus "totally compromising the system."

Especially with the security and accountability issues with Diebold machines, this is a no-brainer. How much longer can Diebold foist off an insecure, unaccountable system on the American voter? And how much longer will the Secretaries of State allow this?

Smokin Dutch Cleanser

2006-02-23T16:15:00.000-05:00

An item for the Obscure Phrases Dept:

I was surprised when I saw the headline of Maureen Dowd’s Feb 11 NYTimes column: “Smoking Dutch Cleanser.” She was referring to a remark by Arlen Specter about Albert Gonzales' testimony last week re: NSA wiretapping: “...When Gonzales argues that the Constitution gives the president undisputable powers to conduct warrantless surveillance despite a statute aimed at requiring him to seek court approval, such an interpretation "is not sound," Specter said in the interview. ". . . He's smoking Dutch Cleanser."

But this is what surprised me: my friend Patricia Farrell from Philadelphia who now resides in Virginia, asked me last year if I had heard of the phrase “Smoking Dutch Cleaner”. I had never heard it before. Evidently it implies that the subject is under the influence and hallucinating, and probably dates from the 60’s, a dope-smoking reference. Although Specter grew up in Kansas, he went to U of Penn and was the Philadelphia DA and Asst. DA.; maybe there’s the link. Although my wife is also from Philly, she’s never heard it.

This is a new one. I think it needs more investigation ...

Update II on Google Desktop

2006-02-23T16:00:00.000-05:00

Google has admitted that it's Desktop Beta could pose a security risk after Gartner reported the risk. CNET reports that: "Gartner said in a report on Thursday that the "mere transport (of data) outside the enterprise will represent an unacceptable security risk to many enterprises," as intellectual property could be transported out of the business."

Evidently Google's response was "... it recognized the risk, and recommended that companies take action. "We recognize that this is a big issue for enterprise. Yes, it's a risk, and we understand that businesses may be concerned," said Andy Ku, European marketing manager for Google. Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as e-mail does."

But mature procedures for securing email exist, and most users/business realize there is some risk. This is new technology, and as such hasn't been subjected to the rigors of testing or has the awareness of it's vulnerability sunk in.

"Google said that security was the concern of individual businesses. "The burden falls on enterprises to look after security issues," Ku said. "Companies can disable the Search Across Computers facility."

Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled."

Update on Google Desktop

2006-02-13T11:50:00.000-05:00

Someone I know read my previous post, about Google's "Search Across Computers" feature of its Desktop Beta 3, and flipped out. She works from home using very sensitive documents, and had to sign intellectual property non-disclosure letters. With this feature on, the documents (Microsoft PowerPoint) she was working on could be stored on Google's servers and would technically constitute a violation of her non-disclosure agreement.

Although Google says it would delete them, any of us working in computer forensics know nothing every really goes away. I wonder if this feature will be enabled inside of business networks inadvertently?

Bad news ...

Don't Use Google Desktop?

2006-02-11T12:29:00.000-05:00

The Electronic Frontier Foundation posted this week its response to Google's release of a new feature of its Google Desktop Software 3 Beta: "... greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password."

The New Zealand "National Business Review" also weighs in: "At the core of the criticisms being raised is a powerfully useful optional feature that allows users to search across the contents of multiple computers -- even when those other computers are offline. And that's the catch: the data is stored on Google servers ... several recent events have severely eroded that trust and warnings that might once have fallen on deaf ears are very likely to resonate deeply in the user community."

"Good Morning Silicon Valley" has a strong reaction, calling it a "security catastrophe. To be fair, "Search Across Computers" is an optional feature and, should you choose to enable it, the company allows you to manually erase your stored files from its servers at any time. Still, the idea of Google storing such user data, even for a limited period of time, turns my gut."

Be very careful of how you use this feature; it sounds like its usefulness is pretty limited compared to the exposure it creates. As Kevin Bankston, staff attorney to EFF says:"...Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files."

Oh oh ... and we all know how much the current government values personal privacy.

Is your game hiding malware?

2006-02-02T08:51:00.000-05:00

What’s game copy protection and what’s malware? Cory over at BoingBoing has been having a run-in with StarForce, a company that supplies copy protection routines for PC games. Also, Glop is organizing a StarForce boycott, with a list of the games using it and tips on removing it: “StarForce is a software copy protection tool installed by PC game publishers, which is designed to prevent the casual copying of retail CDROM applications. It installs as a hidden device driver, without the end-user's knowledge or consent.”

However, it isn’t readily apparent if the software crosses over into the next threshold of malware-ism: that is, intentional damage vs. ancillary damage due to incompetent design. Avi at Browian Emotion has been looking into it:“The claim I've heard (many times) is that StarForce is malware, that it infects your computer with low-level drivers that could easily be compromised by virus writers, it prevents you from running things like debuggers (some claim it's only while the game is running, some claim it's all the time) and it may decelerate the performance of--or accelerate the death of--your CD/DVD drives due to how they force CD errors to detect original disks.”

This would seem to be verified by my friend Bill Glennon. He installed “Splinter Cell: Chaos Theory” and, sure enough, the StarForce software had landed on his machine. He noticed a change in his CD/DVD drives and, after logging on to his user account, his bootup sequence noticeably slowed down. He has since removed the game and software and everything’s back to normal.

But the controversy is now starting to gain serious traction, and even hit John Aravosis’s heavily traveled Americablog yesterday. And StarForce has been in full-court press mode to stop the discussion of this, by posting a reply to a negative CNET post (which compared this issue to the Sony ‘rootkit’ debacle that left serious egg on Sony’s face), and threatening BoingBoing with legal action.

So this isn’t going away anytime soon, and while StarForce may have some points, their heavy-handed attempts to instill fear isn’t going to win them many converts. While the legality of StarForce’s protection scheme is not in question, skirting with the tenets of malware by installing itself without the knowledge or the choice of the user may not be the best policy. It appears that the only option open to the consumer now is to not buy/play these games.

As Sony learned, it’s time to get another scheme.

Here we go again...

2006-02-01T09:07:00.000-05:00

Robert Gavin of the Boston Globe reported yesterday that as many a quarter million subscribers of The Boston Globe and Worcester Telegram & Gazette had their private credit card and bank routing information distributed with their morning paper. Evidently the “confidential information was on the back of paper used in wrapping newspaper bundles for distribution to carriers and retailers.”

Although it’s not know whether any of this info will be used for identity theft in the future, it points out hard it is to maintain any real level of financial privacy these days. A little more info, with the company’s reaction is in today's post: “The Telegram & Gazette has stopped recycling paper that includes customer data, officials said. The company has notified American Express, Discover, MasterCard, Visa and any banks whose customers may be affected.”

File this under boneheaded slipups, rather than intentional data theft.

Don't click that banner!

2006-01-31T12:40:00.000-05:00

We see them all the time: big flashing banner ads at the top of a web site we're visiting. It says something very scary about spyware or bad stuff on our PC, and we should click the ad and find out more.

Don't do it! Last week a company named Secure Computer LLC (not to be confused with Secure Computing) , was the first company charged with violation of the 2005 Computer Spyware Act for excuting pop-ups to lure consumers into downloading fake repair software that did more harm than good.

I'm especially interested in this case because, although the charge was filed by the Washington State AG, the company resides in my hometown, White Plains, NY. According to Julie Moran Alterio of the Westchester Journal News: "Consumers were tricked into downloading the software, called "Spyware Cleaner," by pop-up and pop-under ads that mimicked Microsoft Windows system messages as well as through e-mail and Google ads that implied Microsoft Corp. was affiliated with the product, the lawsuit alleges. Microsoft has filed a similar lawsuit."

As I detailed in my most recent book: "Phishing: Cutting the Identity Theft Line", every PC has to have spyware protection, and often you need software from more than one vendor. But beware of third party pop-ups or other intrusions with dire warnings. If someone you don't know wants you to click and install something unfamilar, it's probably not for your benefit.

FYI: For more information about current computer security news and vulnerabilites, check out the RDV Group Security News.

The RDV Group InfoSec Blog

2006-01-21T13:41:00.000-05:00

Welcome to the RDV Group InfoSec blog! We hope to have some lively and informative discussions here about current topics and trends in the field of information systems and computer security.

Please stop by often.

RDV