Windows Steady State

If you use Window XP or Windows Vista, Microsoft has a tool that could be useful to some people. It’s meant more for shared computers, or for any PC that’s at greater risk of infection.

tools What it does is fairly simple. Every time you reboot the PC, Steady State will restore it to how it was before. So no matter how many viruses, spyware and adware you end up accidentally installing. it becomes fresh and anew.

You need to install it and set it up correctly, and for most people it might be a good idea to get some advice from someone who’s IT savvy, just to make sure you take full advantage of this great tool.

Best of all is that it’s free, as long as you have a genuine Windows XP or Vista license.

While you should still be responsible with how you use a computer, what you download and which web sites you visit, this tool is great tool for certain people.

More info and a download link here.

July 5, 2008 | Filed Under Backups, Security, Software | Leave a Comment 

Bluetooth Patching

blue background Microsoft has just released June’s lot of Windows patches for XP and Vista. Among the latest patches is one to fix a vulnerability in the Bluetooth stack.

If your computer uses Windows XP or Vista and it has Bluetooth then you need this patch. If your computer doesn’t automatically download and install patches you’ll need to go to Internet Explorer, go to the Tools menu and select Windows Update. Until then you should turn off Bluetooth, otherwise someone could take control of your computer.

Bluetooth has always had security problems from the start. There have been a few fixes along the way but overall it’s an insecure technology.

Technical details about this patch here.

June 11, 2008 | Filed Under Security, Software | Leave a Comment 

Malware in Resumes

cubicles Recruitment companies receive a lot of resumes in Word format, as you’d expect. But it seems that there’s a growing trend of these Word files being infected with some type of malware. Often there is automated software at recruitment companies to forward the resumes to their clients without scanning them for malware.

Hackers have caught onto this and are targeting these companies. They’ve been sending resumes (probably not their own) with backdoor trojans embedded in the document. This gives them a chance to gain access to these networks.

If your work involves receiving many Word documents from the general public put in place a plan to screen these for known malware, and to limit the damage they can do if a new (unknown) trojan gets through. Most security specialists can help with this.

June 5, 2008 | Filed Under General, Malware, Security | Leave a Comment 

Adobe Flash Flaw

newspapers This week everyone’s been talking about a new flaw in Flash that can be exploited to run malicious code on your computer. After a few days of media frenzy Adobe has released a fix for it.

If you use Windows then download the update (this includes users of FireFox, Opera and Internet Explorer). Link here.

The fixed version is 9.0.124.0. If you’re keen you can read more about the vulnerability here.

May 30, 2008 | Filed Under News/Media, Security, Software | Leave a Comment 

Orphaned Accounts

An interesting study on orphaned accounts has found some serious security holes.

An orphaned account is when someone leaves an organisation and their network account remains active, instead of being disabled (locked). In a lot of cases those people who have left could still log onto their previous employer’s network and access files and services.

3 wise monkeysThe study found that 27 percent of people reported that they had more than 20 orphaned accounts on their system. If everyone did their job well ideally it would be 0.

38 percent of people said they had no way of knowing if a terminated employee had logged into their system. Security auditing is very important and not very difficult, without it IT managers won’t know who’s doing what on their network.

In other words, in about 27% of companies if someone left they could still log in from home, copy files, send emails, and otherwise use the system the same as when they were officially employed. And in 38% of cases nobody would ever find out.

So how long should it take to terminate an account? Accounts should be disabled at the end of the employee’s last day and not a moment later. In some companies there’s so much bureaucratic admin that, according to the above article, it ends up taking 3 days to a month to do this. Shocking.

It’ an organisation it should be everybody’s responsibility to protect the network and all private data. If your organisation is slacking in this area say something about it.

May 22, 2008 | Filed Under General, Security | Leave a Comment 

SSH Brute Force Attacks

SSH is used to establish secure connections across the internet. For example a lot of people use SSH to connect to their servers because of the good security it provides. Lots of people trust it and rely on it.

In the past week there has been a large increase in the number of brute force attacks against SSH. What’s a brute force attack? It’s when someone writes a program that starts guessing passwords. It’ll keep trying to guess passwords all day and all night without rest until it finds something that works. The smarter brute force attacks do this slowly so that servers don’t lock the account in defense.

To increase a hacker’s chances of finding the right password these brute force programs use a dictionary and try to guess common words first. Then they try combinations such as replacing o’s with zeros, or putting a 1 at the end (have you ever done this with passwords?). So if your password is based on a word found in the dictionary it’ll be amongst the first ones tried.

The best defence against brute force attacks is to use a complicated password. Complicated passwords can take years to guess, simple passwords can take seconds to guess. Read here about how to evaluate the complexity of a password. And if remembering complicated passwords is a challenge then you might need a password safe.

So back to SSH. If you manage a server and use SSH to connect to it, have a look at the logs. Other people have reported a 5-10 times increase in the number of SSH attempts on their servers. Make sure your passwords are complicated enough to resist brute force attacks. Consider editing firewall rules to limit the entry points into your network. And make sure everything is patched including routers and firewalls. See this article for further information on these attacks.

And for everything that’s still wondering what SSH is, don’t worry about the jargon. Just realise that people can and do try to guess passwords.

May 19, 2008 | Filed Under General, News/Media, Security | Leave a Comment 

Phishing Audits

Some companies have started testing their employees on how they respond to phishing attacks.

Trapped man A company called Intrepidus Group has a system whereby they basically send your company’s staff spam, testing them on how they respond to it. The system can even concentrate spam on people who are ore susceptible to clicking on links.

The system sends results back to the tester on who clicked on the emails, what data they entered in (e.g., their name, credit card numbers, etc).

So the next time you see an email that doesn’t look quite right, and has links to external sites, think hard whether it’s real, spam, or this new kind of "ethical" spam.

The company’s web site explains it better, http://phishme.com/

May 13, 2008 | Filed Under General, Security | Leave a Comment 

Password Safes

rusty key lost in sand Password safes are programs that store your passwords. In general they’re a good idea because:

Below are some examples of good password safes:

And this is an example of something that looks good but still isn’t a good idea:

If you use a hosted service like this you’d be giving your passwords away to another organisation. They promise not to look at them. How comfortable would you be trusting someone you haven’t met to hold the password to your online banking?

This comes from their own web site and it should give you an idea (it’s in their FAQ page):

While we take every security precaution, we do not recomnmend storing sensitive information such as bank account passwords.

In summary:

Side Note: The 3rd of May was the 30th anniversary of spam.

May 6, 2008 | Filed Under General, Security | 1 Comment 

Update: HP Software Update Tool

Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.

A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 4.0.9.2 or earlier is vulnerable. The problem has been resolved in the latest update, version 4.0.10.8.

So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.

printerThe risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.

Note that this only affects Windows users.

April 29, 2008 | Filed Under Malware, Security, Software | 1 Comment 

AVG 8.0 Released

AVG Anti VirusAVG has released a new version of their anti virus program. It comes in three versions:

8.0 was just released, the main new features are:

The difference between the three prices are the features included. See this chart for details.

April 25, 2008 | Filed Under Antivirus, Security, Software | Leave a Comment 

BT Home Hub Wireless Networks

Wireless networks can be made safe but it’s so common to find networks that haven’t been secured properly. It’s even worse to see ISPs giving their customers routers that have been configured with weak security.

BT Broadband in the UK has been supplying wireless routers to their customers, called BT Home Hub, setup to use a very weak security system called WEP.

old rusty padlockIn fact it’s so weak that anyone sitting within wireless range (which can include a few of your neighbours) can just guess the wireless password in 80 attempts. And you wouldn’t even know someone’s trying to guess your password.

WEP is an old security system made for wireless routers, it’s been cracked before and it’s really no safer than an old rusty padlock with the key hidden in a pot plant. As the old saying goes, it keeps out honest people. WEP is practically useless. And BT Home Hub leaves it setup this way for their customers.

What everyone with a wireless network should do is change WEP to WPA. WPA is considered safe at the moment. And it’s best used with a long password (20 characters long).

To learn more about securing a wireless network read here. And to understand why it’s important to secure a wireless network read our article here.

Just remember, WEP = useless, WPA = secure.

April 19, 2008 | Filed Under General, Security | Leave a Comment 

FireFox and Safari Updates

The FireFox and Safari browsers have been updated. If you use either of these then you should upgrade today. The new version numbers are:

This applies to Windows, Mac and Linux users. The updates fix vulnerabilities and hence are important security updates.

April 19, 2008 | Filed Under Security, Software | Leave a Comment 

ActiveX Flaw in Symantec Products

Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.

The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).

Two ways to fix this problem are:

Earlier we wrote about problems with ActiveX and suggested you disable it.

April 14, 2008 | Filed Under Antivirus, Malware, Security, Software | Leave a Comment 

2Wire Modems

2Wire is a DSL modem manufacturer. Earlier we reported that a Mexican ISP offers 2Wire modems to their customers and that there was a vulnerability in them affecting their customers. The vulnerability is called DNS poisoning.

Many other ISPs also offer this modem to their customers including AT&T. AT&T has taken some positive action to fix the issue, so if you’re an AT&T customer using a 2Wire modem then have a talk to them and see if your modem needs patching.

An AT&T spokesman, Seth Bloom, responded to a Slashdot article and had the following to say:

“The majority of our customers did not have gateways affected by this vulnerability. For those that did, as soon as we became aware of the issue, we expeditiously implemented a permanent solution to close the vulnerability. In fact, we’ve already updated the majority of affected 2Wire gateways, and we’re nearing completion of the process. We’ve received no reports of any significant threats targeting our customers.”

April 13, 2008 | Filed Under General, Security | Leave a Comment 

Malware Statistics

Symantec, a  large security company, have reported that there are now more malware writers than legitimate software writers.

They state that 65% of the 54,609 Windows applications released to the public in the past 6 months were malicious.

Another interesting statistic from this report is the percentage of browser plug-in vulnerabilities:

What this means is that by disabling ActiveX from your web browser (Internet Explorer) you can avoid 79% of web browser plug-in attacks. Here’s an article on how to disable ActiveX.

As for the other types of plug-ins, keep them patched and up to date to reduce the risk of infecting your computer.

Here is Symantec’s internet security report.

April 11, 2008 | Filed Under General, Security, Software, Statistics | 1 Comment 

HP Flash Drives Ship With Malware

Hp flash drives were found to contain malware. These devices were sent as promotional items with new Proliant Servers.

usb Both 256MB and 1GB USB drives were infected with worms (W32.Fakerecy and W32.SillyFDC), and the worm can copy itself to all other mapped drives on your network.

This is particularly bad because IT technicians generally install these servers and generally have access to quite a few network drives.

HP’s software security response team admitted to the fault and has issued the following list of servers that shipped with the infected USB drive:

ProLiant BL20pG4; ProLiant BL25pG2
ProLiant BL45pG2
ProLiant BL260c
ProLiant BL460c; ProLiant BL465c; ProLiant BL465cG5; ProLiant BL480c
ProLiant BL680cG5; ProLiant BL685c; ProLiant BL685cG5
ProLiant DL120G5; ProLiant DL140G3; ProLiant DL145G3; ProLiant DL160G5;
ProLiant DL165G5; ProLiant DL180; ProLiant DL180G5; ProLiant DL185G5
ProLiant DL320G5; ProLiant DL320G5p; ProLiant DL320s; ProLiant DL360G5;
ProLiant DL365; ProLiant DL365G5; ProLiant DL380G5; ProLiant DL385G2;
ProLiant DL385G5
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5;
ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB

This kind of threat isn’t limited to HP customers. Any device you plug into a USB port can potentially carry malware. Therefore you should always have a good antivirus program running on your computers.

A while back we reported on similar incidents: Digital Picture Frames with malware, MP3 players sold with malware

April 11, 2008 | Filed Under Antivirus, Malware, Security | Leave a Comment 

Next Page →