Computer Security Weblog

As many of us approach a new year, we like to make resolutions that we want to do in the coming year. Nothing should be different when it comes to computer security so I thought I would help you out. First things first. Please care about computer security. In this post, I will refer back to some of my prior posts that explain why you should care. It reminds me of the old joke. Doctor Doctor! It hurts when I do this!!! The Doctor said “Don’t do that!!!”. Computer security is kind of like that. You can tell people what to avoid and behaviors to do or not do, and they choose to ignore suggestions. Or you have kids who choose not to do what you tell them. So here it goes for my computer security resolutions.

1. Care about computer security. Bad guys would love to get control of your PC. Click here to see why.

2. Steps to take in 2008. Click here to see them.

3. Get smarter! I’ll try and help teach you what steps to take to not be a victim. Click here to see how.

4. Change passwords to a more secure password. Click here to see why.

5. Be careful when going mobile. If you have a laptop and travel, take caution when connecting to wireless AP’s. Click here to see why.

6. Change your Internet behavior. Click here to see what I mean.

If you can’t tell, I am rather passionate about what I do for a living. If I can help someone not have their ID stolen or credit card information stolen, I would feel much better. Hopefully this outlet has allowed me to help you some this year. I hope you will continue to read my posts. I will try and keep them current and yes I’ll probably repeat myself on certain topics. It is because the bad guys are always looking for a way to entice you to click on some attachment or a link in an unsolicited e-mail. Please let me know if you find this information helpful. I think one of the most popular posts I have made is how to find the SSID on a wireless router.

Stay safe this New Years Eve and have fun. I talk some about my KC Chiefs and well all I can tell you is I’m glad this season is almost over. My Kansas University Jayhawks are in the Orange Bowl on January 3. We are really starting to get into the heart of the NCAA Basket ball season and my Hawks are ranked number 3 right now. They look good. I’m looking forward to another great year so stay safe while online and we’ll talk again after the New Year!

Well if you got left off the Storm Worm’s Christmas Card list, maybe you will be lucky to get their Happy New Year e-mail. Like I said, behavior is the BEST weapon you have. So if you didn’t get your Christmas e-mail, and if you are lucky enough to get the Happy New Year version. They want you to download a payload that will run exploits against several vulnerabilities and if you aren’t patched, then you are welcomed in to the Storm’s bot-net. Sometimes they even run against vulnerabilities hat are called zero day which means there are no patches. Stay safe out there and don’t fall for this social engineering tactic.

Hope you all had a great Christmas and have a safe New Year’s celebration.

Not too long ago, the Storm Bot-net has been starting a much anticipated attack that is trying to recruit more members into it’s growing bots-net.  The attack is documented in the SANS Internet Storm Center.  Here is a snippet of what is mentioned there.

Shortly after 0000 GMT 24-DEC-2007 reports came in indicating that the Storm Botnet was sending out another wave of attempts to enlist new members.  This version is a Christmas-themed stripshow directing victims to merrychristmasdude.com.

The message comes in with a number of subjects:

Subject: I love this Carol!
Subject: Santa Said, HO HO HO
Subject: Christmas Email
Subject: The Perfect Christmas
Subject: Find Some Christmas Tail
Subject: Time for a little Christmas Cheer

Once again this is just another way of tempting you to click on something thinking you are getting one thing, instead you get attacked by the infamous Storm Worm Bot-net.  As always, don’t click links or attachments in unsolicited e-mails.

My Chiefs really suck.  Even Detroit who sucks just a bit less than my KC Chiefs beat us.  Well I hope the Chiefs have been good and Santa brings them all the help they need in the offseason.  Take care and stay safe.  Happy Holidays and remember the reason for the season.

I assist my church with their computers. In the last 6 months, they purchased a couple of Vista machines. I am new to Vista. At work and home, I’m an XP guy when it comes to Windows OS. Initially, when I looked at tools that were Vista compliant, I found that one of my favorites AVG Anti-Spyware didn’t work. So I went to Spybot Search and Destroy and that worked for me. I figured it would be just a matter of time and AVG would have their spyware removal tool Vista compliant.

Not sure when it happened but it is here. So if you are a Vista user, check out the free version of AVG Spyware Removal software. It helps clean the machine of tracking cookies as well as some nasty malicious software that some run into at times. I saw a forecast that 2008 will probably be a big year for Vista patches. This last patch cycle last Tuesday found that Vista had a bunch of fixes. With more and more people going to Vista, there will be a shift to find vulnerabilities because of the numbers becoming more attractive to the malicious attacker.

Many things will keep you safe on the Internet but your behavior is probably the biggest thing that you can do to protect yourself. It takes many steps so keep reading. I’ll keep you informed as things come up so keep reading and make comments if you would like. I’m getting tired of all nasty spam comments that I just delete. Stay safe and get that Christmas shopping done!

With Christmas right around the corner, it’s a good reminder to talk about Internet Safety.  Spammers work overtime this time of year to try and trick you in to giving up your personal information.  Sometime, spammers can really look authentic.  So I ring the warming bell, to be very careful when going through your e-mail’s Inbox.

And the bad thing is, after Christmas, you will start seeing spam e-mail that appears to be from the IRS.  They’ll tell you track your refund, and all you have to do is give us some really valuable information.  Probably name, address, of course your SSN.  The IRS doesn’t have an e-mail service that tracks and tells you where your refund is.

This is just a reminder that you really need to be vigilant.  Question EVERYTHING that comes via e-mail.  Hey, be vigilant when people on the phone asks you for information.  Create your own “Need to Know” policy.  Protect your information.  It is up to you.  Little things you can do will protect you and keep from being taken advantage of.

OK, now for a little football.  I’m a KC Chiefs fan.  And it has been a REALLY long season.  I think I read it is now 7 loses in a row.  This really is defining that I am a fan.  I don’t jump the band wagon to another team.  I just hope that the KC Chiefs get what they want for Christmas.  Let’s see new offensive line would be nice.  A healthy Larry Johnson.  A new offensive coordinator.  A good YOUNG kicker.  Wow, I hope we’ve been good because our list is long.

Stay safe, and question everything.  Hope your Holiday season is a blessed one.  Talk soon.

Hi. It’s been a few days since my last post. In my part of the world, we had a pretty bad ice storm and power was knocked out and my internet connection was out for a few days. It’s snowing now so I’m really in a Winter Wonderland!

In a previous post, I mentioned that Apple’s QuickTime had a security problem that had no patch. Well late Thursday, Apple released a new version of QuickTime. So if your Apple Updater software hasn’t notified you that there is a new version, just open up QuickTime and you will be notified that there is a new version 7.3.1. Update it now. This is a vulnerability that is going around in the wild. That means that bad people are sending spam e-mail right now with malformed QuickTime files and if they trick you into clicking, they can do bad things. Anytime you hear the words remote code execution associated with a vulnerability, that means the bad people can run their bad programs and do bad stuff to your PC like add keyloggers, steal cookies, steal files, and that should scare you into patching your software. If you are an iTunes person, just grab the iTunes download because QuickTime comes with iTunes.

Just remember as the Holiday season comes in, bad people send many different types of spam e-mails from e-cards to more official things like you’ve changed your password on PayPal, to your financial institution wanting you to click on a link inside and e-mail and have you type your banking credentials so they can steal you blind.

Play it smart. Remember NEVER trust e-mails. Always question before you go and type in account numbers, passwords, pin numbers, etc.. Stay safe and if you are in the middle of the country, drive safely. That is all for now. I’ll try and post another story prior to Monday.

Well hope all is well with you this Holiday Season. It’s been a few days since posting anything so I thought I would add something here late Sunday evening. I took a trip to a popular area in the Ozark Mountains this past weekend. Ended up driving home in a storm that was highlighted on The Weather Channel. This is where this posting comes from.

Well, traveled down to the Branson area on Friday evening. Guess I missed a pretty big storm around home. Ice, snow, sleet, or a mix off all three. Anyway, of course the lodging that I stayed in offered free WiFi. Fantastic. I’m always leary of signing on these AP’s so I don’t enter any personal information. I had brought the handy dandy laptop and fired it up to get some information on Silver Dollar City, and of course look at the weather story that was starting to unfold this weekend. Well we arrived late enough Friday that I really didn’t want to call and get the sign on information from the front desk, but decided to fire up Net Stumbler to see what I could at least find.

I could see the resort’s AP’s. They were named something really obvious. To access it you had to have the credentials. However, I also noticed what looked to be an internal network the resort ran, plus an interesting AP that was named linksys. Wow, linksys. Very common name. Just happens to be the default SSID name for LinkSys wireless routers. So I closed down Net Stumbler and opened up the wireless AP’s that were broadcasting and within range of my laptop. I could see the LinkSys SSID called linksys.

Interesting thing about that AP is that it was an open network. Yep. Very risky if you ask me. The security professional in my said, I hope nobody is connecting to this SSID because you don’t know if someone is sniffing the traffic. This is a huge security risk. To you and your personal identity. So I thought this would be a great lesson since many of you probably travel with your laptops. There are times that you see an open wireless AP that you could connect to. But think of this. Do you have cookies on your hard drive that contain account numbers, passwords, pin numbers? Do you have any saved passwords for certain accounts that a hacker can steal? You don’t save your bank account information do you? Or your investment account number and password? I hope not. If so, you may have lost it in a matter of seconds.

Only use trusted AP’s. Many times, this means you own secured network you have set up at home. I stress the word SECURED! Password protect your own AP at home. When traveling, be very cautious of the networks you connect to. When using a hotel’s wireless system, I would still not enter too much personal private information. Make sure you don’t save log on credentials that browsers like to offer to do for you. That means that log on information is written to a file and it can be stolen quickly. You’d never know that it happened. When traveling, check trusted sites. Weather, your destinations web pages, possibly news, but that is about it.

I’m just glad to be home even though it is a bit of a mess, weather wise. I hear we have a bad ice event that is starting Monday night into all day Tuesday along the I-70 corridor. My poor Kansas City Chiefs lost badly in Denver today. It is hard to watch but I know that there will be major changes coming next year. Many of the guys on this team will not be here next year. Gotta hope for a great draft, a few free agent signings, and then we’ll look forward to next year. Not sure we’ll have any more wins this year.

As for my Kansas Jayhawks, they looked great on Saturday taking DePaul down in Lawrence. Love to hear you Missouri (MISERY) Tiger fans cry that they didn’t get the BCS bid. I can’t wait for Christmas, I can’t wait for BCS Bowls, I can’t wait for March Madness and I can’t wait for WARM WEATHER!!

There is a new zero day exploit out there for Apple’s Quicktime application. If you have iTunes downloaded from Apple, then you have Quicktime installed also. The vulnerability is in the RTSP (Real Time Streaming Protocol) in Quicktime. Apple has no patch currently for this vulnerability and has made no public announcement which is standard for Apple. There will be a patch coming from Apple soon so we’ll have to keep an eye out for that.

This is one of those situations where all you have to is go to a website that is hosting a malicious page and you will be attacked. It uses small iframe tag in the HTML code and that redirects the person to the exploit site where the RTSP attack is done, then installs the malicious code on the user’s system.

Symantec who monitors websites serving up this malicious code has found a porn site that is actively serving up this bad stuff. Just as a side note, what a job that must at Symantec who has to monitor that porn site. LOL! Anyway, they also note that this is probably being served up at other sites also.

So let’s repeat ourselves. Don’t surf porn. Don’t use P2P. This may not keep you safe but it will help you avoid this bad stuff. Don’t click on links in unsolicited e-mails and don’t click on attachments in unsolicited e-mails.

Stay safe and have a great rest of the week!

Updated posting relating to Reloading click here.

Sometimes, you run across a PC that has been so mucked up that trying to clean the machine would not guarantee that all the malicious bad stuff can be removed. So you decide you have to reload your machine from scratch, then update all the software. What steps should you take before you actually delete the hard drive. Here are steps I take when I reload my PC’s. It’s not a bad thing to reload. I do it at least once a year.

Here are the steps in the order that I use and then we’ll go over them .

1. Backup your files that you want. Pictures, documents, browser shortcuts, iTunes songs, etc.

2. Take an inventory of what applications you have downloaded. AOL’s Instant Messenger, Adobe Reader, etc.

3. Gather all your restore CD’s that you got when you purchased your PC.

4. Review steps 1 through 3 and double check the details of each step.

5. Start the reload process.

6. After step 5 is done, then there is the process of going out to Microsoft’s site and download all the updates. This process will take awhile depending on how far back you bought your PC. Service Pack 2 is a biggie.

7. Take the files that you backed up, transfer them to your PC. Keep this CD full of all your valuable data.

8. From step 2, you will need to go and download all those applications that you or your kids use.

9. This step is optional, but after backing up, and you either purchase imaging software, or use some of the freeware out there, you can take an image of your clean system before you release it to all the rest of the members of your family. This will save you many hours next time you want to do a reload. Instead of going all the way back to your original restore disks that came with your PC, you can just copy your image back to your hard drive and you can do it in less than an hour.

10. YOU ARE DONE!

Now let’s cover these in a little more detail.  Backing up files means any pictures, documents, favorites from browsers, and don’t forget your iTunes songs.  A good starting point is to back up your My Documents.  This should get your documents that you may have created with any Microsoft Office products, and your iTunes songs.  If you’ve saved pictures in the My Pictures folder, this is also included in your My Documents folder.  If you have other applications and they save files such as your tax preparation programs or others like that, just make sure you are getting all your files.  One easy way I save my browser Favorites this way.  I use Firefox as my browser of choice.  In Firefox, click on your Bookmarks>Organize Bookmarks and this will open up another window titled Bookmarks Manager.  From there you just click on File>Export and then you choose the location that you want to save this back up file.  I pick the Desktop so it is easy to find.  Then I open up my e-mail and attach it to an e-mail I send to myself.

Next, we’ll inventory what programs we’ve downloaded and use.  This includes your Adobe Reader, AOL’s AIM, Yahoo Messenger, and it may also include your firewall, spyware removal and anti-virus programs.  Take a look at your Add/Remove programs to see what all is installed and that could help you not miss something.  If  you want to, prior to your reload, just download all those setup programs and write them to a CD.  Then when you are all done reloading, you can install your firewall, anti-virus, and anti-spyware programs so you can get those installed before connecting to the Internet.

Step 3 we really don’t need to go over too much.  When you bought your PC, the manufacturer also gave you restore disks so if something were to happen, you could reload your PC.  Get these all gathered up and ready.  We’ll even cover step 4 in this paragraph also.  Double check steps 1 and 2 and make sure you are ready.

OK, step 5 is the actual reload.  Just follow your manufacturers instructions.  Now after that, you can run your setup programs for your firewall, anti-virus, and anti-spyware and get those installed.  Then connect your PC to the Internet and download your current signature files and then you will be ready to go through the Microsoft Update process.  This is Step  6.   This process may need to run several times.  It just depends on how long ago you bought your PC.

That leads us to Step 7.  You can now take all those files you backed up and move them back to your PC’s hard drive.  This step is pretty easy to do.  To get those browser favorites back on your PC, just open up Firefox and go to that Bookmarks Manager where you backed them up, but instead of exporting them, you will import them.  So you’ll have to go get that e-mail you sent yourself with the attached file and download it to your Desktop.  Then you can import them from there.  Pretty simple.  It is here where I would suggest that you back those favorites up every once in awhile and e-mail them to yourself.  Then you can go and get them if ever something goes wrong.

Wow, we are already on Step 8.  This is where we go get all those other applications like your Adobe Reader and any other software you may have downloaded.  If you did this prior to your restore, you can get all those setup programs that you downloaded and wrote to a CD.  Then you have all those applications installed quickly and your machine is almost ready to go.

Now Step 9, I throw you a suggestion.  From this point, your system should be about as clean as it will ever be until you reload your machine again.  So if you want to save a lot of time the next time your machine, you can purchase an imaging program like Symantec’s Ghost.  I don’t personally use it but it would allow you to restore from this point if sometime in the future your PC gets hosed again, you won’t have to go through all these steps.

Step 10….YOU DID IT!  It really isn’t hard, but it is time consuming.  This is actually a process that I go through at least once a year.  Reloading your PC shouldn’t be a huge process.  Anyone can do it but it takes some time.  So next time you have to do this, go check out the price that the Geek Squad charges, then do it yourself and take the money you save and take your family out to dinner.

Now to end this post, we’ll talk a little football and basketball.  Kansas University lost last week against Missouri so Mizery played Oklahoma in the Big XII championship game.  OU opened up a can of WHOOP ASS all over the Tiggers.  Now what will the BCS ranking look like.  KU will have one game left, then all attention turns to Basketball.  I LOVE THOSE JAYHAWKS.

My Kansas City Chiefs play San Diego tomorrow in Arrowhead.  This will be a tough one for KC.  Actually all of KC’s games they have to play will be tough.  This is going to be a long year.

That is it for tonight.  Stay safe, hope your Holiday Season is going well, and take care.  Until next time…..