Computer Security Weblog

In the corporate world, companies can force you to follow certain rules. Some rules like making you use letters, both upper and lower case, special characters, and numbers, as well as the length of the password. When I ask people when was the last time they changed their passwords at home, the normal answer is they haven’t changed it for a long time or never.

Using passwords that are in the dictionary can be cracked very quickly. You must use strong passwords even at home. Think of all the web sites you have accounts set up and what the user ID and the passwords are. Is your e-mail ID and password the same on several of your accounts you have set up? The answer is probably yes. Attackers know this too and once they can obtain your e-mail and password, they may have the keys to bank accounts, PayPal credentials, stock accounts, and many others. Most of the time, the settings on browsers ask if you would like to save your sign on credentials. Never save your ID and passwords. When a PC can be hacked, attackers like to harvest files and these saved ID and password files is a favorite because they can lead the attacker to some financial gain at your expense.

Think about your ID and passwords and change them to a stronger password and make your ID something other than your e-mail address. Stay safe! Have a happy Halloween!!!

I’m reading that the ‘Storm Worm’ is at it again.  A new way to disguise the same attack method.  Try and get you to open a document that downloads things you REALLY don’t want.  Don’t be tempted to download the dancing skeleton.  Security companies who monitor this says they started seeing this spam attack beginning  Tuesday morning.  This will definitely be a trick and not a treat if you fall for yet another ‘Storm’ tactic.

And expect to see some IRS spam e-mails soon.  Think before you open an e-mail with a link or a document they want you to download.  Your behavior is your best weapon against social engineering tactics.  Think before you click anything in e-mails.

It was great seeing Denver losing last night.  My KC Chiefs are tied with San Diego who has started playing like everyone thought they would ever since KC put a smack down on them in SD a few weeks ago.  Brett Favre comes to Arrowhead this Sunday.  Man I hope KC comes out swinging.  Our offense has a lot of work to do so hopefully this bye week has done us good.

My Jayhawks put a hurt on the Texas A&M Aggies last Saturday night.  Next in line is Nebraska and we will kick them while they are down.  We are still undefeated and I keep hearing how great the Mizzou Tigers are and I hope to keep hearing that.  They need to know they are better than anyone in the Big 12 and they need to overlook someone.  They have a few road tests and I’m hoping to see them slip and fall prior to the big game at Arrowhead.  Then we can punch them again.

That is it for now.  I’ll probably be posting as new tactics are coming up so you can be forewarned.  Be careful out there and have a great Halloween.

I just thought we could review the steps you can take to stay protected today. Several of these have been covered in more detail in other posts so this will be high level. If you see one on this list and it hasn’t been covered, we’ll just post a future article on the specific step.

1. Patch all software. This includes Microsoft as well as all others such as Apple, WinZip, WinAmp, RealPlayer, Macromedia, Adobe, and any other software you may have. Many of the patches companies issue are security patches.

2. Install anti-viurs and anti-spyware software, and keep the signatures current by downloading them daily and running them at least once a day if not multiple times.

3. If you have wireless, log onto your wireless access point and change the SSID from the default name, change the default user name if allowed and change the default password. Also do not broadcast your SSID, review the logs periodically on the router, use WPA2 for encryption, and use the MAC filtering option on the wireless AP.

4. Use an alternative browser instead of Microsoft Internet Explorer. I personally use Firefox.

5. If needed, change your Internet behavior. This includes knowing what types of social engineering tactics are being used and know how to avoid them. A useful resource for this is the link I have in my blogroll called the Internet Storm Center.

6. If you have kids, teach them the basics of Internet safety. Random clicking and trusting everyone is not safe and they must be told. Too much information on social networking sites is dangerous too so YOU the parent should audit what is being posted on Facebook, MySpace, and many of the other sites out there.

7. Instant messaging is used by kids and adults alike. Know you must patch these applications also and don’t reply to strangers. Don’t trust links from ‘friends’ all the time also. Sometimes friends get hacked and attackers send out either a malicious link to a web site that the attacker controls or may be an invite to view their webcam, or to view a picture. This is one of those social engineering tactics used by attackers.

8. At least once a year, especially if you have a college student with a PC connected to the college network, have a professional wipe the hard drive and reload the software, then download all the patches needed to get you caught up to current on patches. I recommend this for the family PC also.

9. If you have kids, purchase filtering software so you can limit what your kids can see. This can keep your kids from going to bad sites. (Porn)

10. Download and use a firewall. Pay attention to the alerts given and make sure you know what you are allowing.

11. Don’t surf porn or use Peer to Peer downloading sites to get movies and MP3 files for free. You may get more than you bargained for. This is a known avenue attackers use to spread their malware. It is also illegal to download copyrighted material.

12. Windows and other browsers allow you to ‘remember’ passwords. Think about it from an attackers point of view. These password files are stored on the hard drive and attackers know what they are called. If you get malicious software on your machine, attackers like to look for files of interest and the password files could contain financial account user id and passwords that they can use to gain access to your bank, investment account, etc.

13. Backup your files periodically. This includes your files you’ve purchased from iTunes as well as documents and family pictures you may have loaded on your PC’s hard drive.

14. Use strong passwords. Passwords from the dictionary can be cracked VERY quickly by password cracking programs. Use more than 8 characters and mix in upper and lower case, numbers, and special characters. A pass phrase is always good to use.

15. Set up and administrator account that you use for maintaining the PC, then create accounts that don’t have administrator privileges to use when surfing the net. Attackers trick you into installing their software and if you don’t have rights to do it, then this is another layer of protection.

16. Use the Finjan Firefox plugin so when you do searches, this can tell you if the site is safe or not.

This is a pretty good list. If there are any that I may have left off, I’ll add those to this list so you can review this posting or I’ll just add them to future postings. If we haven’t covered these steps yet in postings, I’ll cover them soon. If you ever have a question, don’t hesitate to ask and I’ll try and answer it to the best of my ability. Have a great weekend and ROCK CHALK JAYHAWK GO KU! Big game tonight in College Station.

Well happy TGIF!! I live for weekends. I’ve been talking about PDF issues over the last few postings, but there is another vulnerability that is being exploited also. Watch out for RealPlayer files. It all comes back to behavior. Don’t click on files in spam e-mails. Trust me, attackers are smart. They some how come up with ideas to get people to click on files that exploit these vulnerabilities.

Don’t click on files or links in spam e-mail’s and you’ll be happier. The weekend is upon us and my Jayhawks try and stay undefeated. They go down to Texas A and M which will be tough. I don’t think KU has won down there so we’ll have a tough game. My Chiefs have a bye weekend so we will stay atop the hill of mediocrity called the AFC West. We may get some company joining us depending on how the Broncos come out.

Alright, that is it for now. Remember, don’t click randomly, patch patch patch, use an alternative browser instead of Microsoft Internet Explorer, keep your antivirus and antispyware programs up to date and run them regularly. We’ll talk more wireless soon also. Have a safe weekend.

Well Adobe patched at least version 8.X of the Adobe Reader and Acrobat.  This patch was released Monday night.  I advise you to patch immediately.  If you open up Adobe Reader, go to the Help on the action bar and select Check for Updates.  It will find the update and you can then install this patch.  If you have an older version of reader, the patch for 7.X  will be coming soon Adobe has said.

Almost as soon as the patch is released, security companies started seeing the exploit being sent out in spam e-mail.  Here is what happens when a company releases a patch.  The attacker many times reverse engineers that patch and finds what the company fixed, then they can write an exploit that takes advantage of the vulnerability.  They are sending out millions of spam e-mails in hopes that many people have not patched the application.  If you are seeing e-mail in your inbox from someone you don’t know, it is best to trash it.  Don’t open it.  They are trying to get you to open these documents by saying they are a Bill or some official document from say, Better Business Bureau or some other official organization.

This is pretty much standard procedure for attackers.  A vendor patches a problem and the attacker sends out millions of spam e-mails exploiting the vulnerability.  They reverse engineer the patches and then hope they get people who don’t patch their applications.  Since most people don’t patch regularly if at all, then they can get you to click on these and take control of your PC and use it for sending out spam e-mails, scanning IP ranges, or hosting malicious files, or possibly even storing illegal files such as child pornography on your machine.

Take a stand against these attackers.   Taking steps like patching applications ASAP, your Internet behavior, and many other steps, you can stop being one of those people who unknowingly help out the attackers spread their evil ways.  If you have Adobe Reader 8.X, patch now.  If you have an older version watch Adobe for additional patches.  If you have a really old version, uninstall it and download the 8.X version of reader to keep safe.  Happy computing and stay safe.

Well the Storm Worm changes again.  This is one thing that has been consistent.  Now you may be seeing spam e-mail with MP3 attachments.  These MP3 files won’t actually infect your computer, but they will suggest a penny stock you should invest in.  These scams are called Pump and Dump attacks.  The attacker purchases a penny stock then sends millions of e-mails out promoting the stock.  As the stock rises, the attacker dumps his or her own shares at a higher price.  As we have mentioned before, don’t even open these e-mails you get.

Another thing that security researchers are seeing is that the Storm Worm seems to be breaking up the large botnet into smaller pieces and selling them off.  The one thing that the Storm Worm has done so successful is to actually recruit more and more bots in the attackers network.  Your behavior is one of your biggest defenses you have when surfing the Internet.

My Chiefs play the Raiders in a couple of hours.  Big Sunday so I’m very excited about that.  GO CHIEFS!!  The Raiders have improved themselves this year but we’ll see if they have enough to overcome the Chiefs.  We’ve had their number for that last several years.  And what about those Jayhawks!!  Still undefeated and a big game against A and M next Saturday.

Stay safe and have a great week!

Which browser do you use when surfing the internet?  Are you like most folks out there who use Microsoft Internet Explorer?  The largest percentage of the population uses MSIE.  I prefer to use Firefox.  Firefox has gained in popularity over the past few years.  Here are the reasons I use Firefox and not Internet Explorer.

Think about what the bad guy attacker thinks.  If I write an exploit that takes advantage of a vulnerability, I want to hit the most largest possible target base.  Simple math (I hated math by the way) and you go to the masses.  I want the most targets so I write my exploit for MSIE.  Simple.  This is one reason why I use Firefox.  I don’t have that Apple mentality to think that there are no exploits written for Firefox.  Trust me when I say this, there is no “safe” browser when it comes right down to it.  Browsers are software and when software is written, it has bugs.  So this is reason number one.

Reason number two.  When bugs are discovered, Firefox has a smaller window from the time a vulnerability is discovered, to the time an update is deployed.  Nothing against MSIE.  I think Microsoft has come a long way from the days of old.  It just seems that it takes longer for MSIE has a longer window from the time a vulnerability is discovered to the time it is patched.

Reason number three.  If you are a user of MSIE, then you know with MSIE 7, you got tabbed browsing.  I’ve been using Firefox for several years and it has had tabbed browsing for quite some time.  I think there are many things that Firefox does that MSIE has moved in that same direction.  Plus there are many plug ins that are awesome also.  Many for security reasons.

Those are enough reasons for me to use Firefox.  You ought to try it if you have never tried it.  After downloading it and setting it as your default browser, browse the plug ins and see what is out there.  I’ll admit there are many I don’t use.  I have mentioned in previous posts that I do use a plug in from www.finjan.com.  Be brave, try it for a couple of weeks.  See if you can make yourself a smaller target out there in the wild wild west called the Internet.

OK, now I must say something about my KC Chiefs.  Last weekend, the won against the Bengals.  I must admit, I didn’t think we had much of a chance.  This week, we have the hated Raiders.  We haven’t lost to the Raiders in…..I don’t know how long it has been.  And, lets talk University of Kansas football.  Yes I said football.  They have a big road game this Saturday in Boulder Colorado.  What a beautiful state Colorado is.  I’ve been there many times and the Rockies are just beautiful.  But I’m really pulling for my Hawks to pull this road game out.  So far, KU is undefeated.  They are contending for the Big 12 north title.  MU looks pretty tough this year but if we keep winning, the game against MU at Arrowhead stadium looks huge.  Really huge.  That is all I have to say about my favorite teams this time.

If you are an Internet Explorer user, I say try Firefox and see how you like it.  I believe as many in the Computer Security field do, that a change to Firefox browser will keep you safer because you are now not wearing such a big target on your back.  Take care and stay safe.

The ‘Storm Worm’ is the worst computer outbreak in history so far. It started earlier in January of this year in spam e-mails that contained the subject line ‘230 dead as storm batters Europe’, hence the name ‘Storm Worm’. One of the ways Storm has spread so successful is taking advantage of vulnerabilities found in the Adobe Reader as well as other applications. A couple of weeks ago, a security researcher disclosed that there was a serious vulnerability in the Adobe Reader. Today, more information is leaking out about where the vulnerability is located. Adobe has posted a security alert on their web site stating that they will not have a security patch ready until late October. This is an attackers dream to have a zero day vulnerability (No patch exists).

Spam e-mail exploiting the human weakness is being used to spread Storm even more. There are two ways attackers try to exploit this weakness. First, they try and get you to click on an attached PDF file that has been set up to exploit the current vulnerability in Adobe Reader. These can come in the form of e-cards, BBB complaints, FTC complaints, etc.. The second is adding a link within spam e-mail that directs you to a web site that has an embedded PDF document within the web site. All it takes is for you to visit the malicious page and then it runs the exploit on your machine without any other intervention by you.

You can have hardware devices and software applications that protect the you against malicious attacks, but social engineering attacks like spam e-mail attack the human side. Take special care when viewing your e-mails and do not click on links or attachments that are from unknown sources. Spam changes constantly to evade spam filters so we can’t stop it totally. Here is a current example of the latest Storm e-mail tactics being used as documented by Websense.

Click here too see screen shots on the Websense web site.

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=807

Well a couple of weeks ago, a security researcher Petko Petkov announced that Adobe had a security vulnerability that was bad.  Really bad.  Now Adobe has announced that they are working on fixing this problem that affects both the Adobe Reader and Acrobat software applications.  So, here is your warning.  Beware of e-mails that have PDF attachments.  If you don’t know who is sending you these attachments, don’t open them.  If you do know who is sending a PDF to you, think twice before you open it.  Your friend may have been compromised.  Even going to a web site with an embedded PDF document can get you pwned.  So spammers will be sending e-mails either with PDF attachments or trying to entice you into clicking on a link that the attacker has set up with one of these malformed PDF documents.

You have been warned!  Be careful out there and I’ll keep you up to date when Adobe gets there security update out hopefully sooner than later.  Then it is up to you to go download this update and install it.  Take care and we’ll talk again soon.

Today is Microsoft’s Patch Tuesday.  We’ve stressed in previous postings that patching is one of those very important things you must do to.  Check to see if you have your Windows set to download your updates automatically.  Go to Start|Control Panel|Security Center, then open it up.  Check to see that you have Windows set to automatically download your updates.  Then once they are downloaded, install those updates.

In today’s update, there are several considered critical.  Protect yourself and have a great rest of the week.  We’ll talk again soon.