Computer Security Weblog

With the latest JavaScript attacks that we’ve been seeing, it now is very important that you take steps that will protect you from all the criminal attackers that try to take advantage of you.  You had the uc8010 attacks, then you had the webservers that were being compromised and any website hosted on that webserver was spreading their crimeware to all who visited.  I’ve written about both attacks.

So what to do?   It sometimes is like a broken record but I’ll repeat it hear.  Patching your software is important.  Very important.  What tools can you use?  Well try Shavliks Google Gadget.  Click here to get this great tool.  Many of the attacks are against known vulnerabilities.  Knowing what applications you have that need patching is one of the most important things you can do.  You can’t defend yourself against 0-Day attacks (there is no patch for the vulnerability) but this will go along way to protect yourself.

Up to date anti-virus and an up to date anti-malware applications.  I use AVG’s AV and anti-malware.  Keep the updates current.  Run these tools on your system so you can keep things clean.  Click here for these downloads.  Also install a more robust firewall.  I use the free version of Comodo Firewall.  Click here for your free download.

Be VERY careful when opening e-mails.  They may seem to be from someone you know, but you really need to be very careful about unsolicited e-mails asking for personal information.  Never give this private information out.  Don’t click on those links either.  They are already seeing Valentines malware, along with Super Bowl sites that are really malicious sites.  Then tax time is right around the corner and then comes Easter, and so on, and so on.  You get the point.  And be VERY careful when e-mails are sent telling you about recent world events like storms, assassinations, or current tragedies, don’t click on these types of links.

While we are at it, lets talk strong passwords.  You really ought to secure any of your financial sites with strong passwords where you use upper and lower case letters, numbers, and special characters.  A password of more than 8 characters would be a good idea too.

Use an alternative browser to Microsoft’s Internet Explorer.  I use the Firefox browser.  I added the NoScript addon as a defense against these latest attacks.  You have to actually do some work but in the long run, you’ll be safer.  This is no guarantee that you will stay safe but it goes a lot farther than not doing anything at all.

These are just a few things you can do.  Do them all and you will be safer.  I used to say stay away from porn and peer 2 peer downloading sites where you download music or movies illegally, and you will stay fairly safe.  With the latest JavaScript attacks, you can’t say that anymore.  So take these extra steps and it will keep you safer.

Stay safe, and take steps to protect yourself!

First things first.  Universal Plug and Play (UPnP) is a set of computer network protocols.  The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home and some corporate environments.  This is used for data sharing, communications, and entertainment.  I won’t go any further trying to explain it.  To be honest, I didn’t know much about it until I started reading about the problem with UPnP.  The problem is there is no authentication with UPnP.  OK, that isn’t good at all.  Why should you be concerned with this?  Well total pwnage is what we are talking about.  Some bad people can get control of your router which has horrible ramifications.  If you want to more on this subject,  Google UPnP and Computer Security to read additional information on this topic.

So here is what we have to do.  First things first.  How can we shut this off?  Well you probably have purchased a router that you use in your home.  One of the more popular devices is the Linksys WRT54G.  Netgear sells them as well as many others.  If you have never logged into your router, let me tell you how to do this.  Open up Microsoft’s Internet Explorer and type in the IP address assigned to your router.  Let’s say that you own a WRT54G from Linksys.  Linksys routers use 192.168.1.1 for their internal IP address. Enter the address ‘http://192.168.1.1′.  What you should be presented by is something like login screen that has a user name and password.  If you have never changed the default password on your router, this will be a good time to do that as well as turning off UPnP.  If you don’t know the default password, go here to find the default user name and password for your router.  This is great router resource.

Once you have logged on successfully, you will be presented with a web interface.  Normally on the left hand side of the page, you will see different areas you can check and change.  If you still have the default name and password, then change this immediately.  Then find where UPnP is turned on, and turn that bad boy off.  Then you can click on log off, remember your password that you set and don’t set it to a word in the dictionary.

Gnucitizen (A computer security researcher) has several postings since the first of the year on UPnP.  Check his blog out where he really breaks down the issues with UPnP.  His point is, TURN IT OFF!

Stay safe and stay warm.  I’m freezing where I am!  Rock Chalk Jayhawk GO KU!!

What is vishing? Well if you are familiar with the e-mail cousin Phishing, then this is just a different form of trying to get personal information out of you so they can gain financially from you. These types of attacks have actually been around for a few years now, but last week the FBI’s IC3 warned that they are seeing an increase in these types of attacks.

The attack goes something like this. You get a phone call with a recorded message saying “Welcome to the bank of…..” and then says there has been a security problem and requests you enter your account number and PIN number on the phone in order to resolve the issue. In the past few years, inexpensive VoIP technology and open-source call center software has made it cheap for the bad guys to set up their own “call center”, giving them a different approach to get you to give them personal information that they can rob you blind.

A vishing scam also can involve sending text messages to cell phones, instructing victims to contact the fake online bank to renew their accounts. If you are unsure whether you have been targeted by this scam should look up the bank’s phone number and call the bank directly. This is another one of those common sense suggestion, when was the last time the bank sends you a text message? I don’t think that will be the way a bank will try to get in contact with you the customer.

Here is a suggestion that you should start using from this day forward. You should start your own “need to know” policy. Question why people need your personal information. Talk to your kids about this too. Facebook and Myspace is full of details that really don’t need to be broadcast to the masses. If your kids are on Facebook and Myspace, maybe you too need to create a page yourself so you can review what your kids are sharing. There are enough crazy people out there in this world who prey on kids so make sure your kids don’t share what shouldn’t be.

Take care and stay safe. Rock Chalk Jayhawk!!

I wrote about the 94,000 sites that were legitimate sites and had JavaScript added to their pages so that these sites would now direct folks to a couple of servers in China. Not a good deal so I thought how can one defend themselves against this type of attack.

If you’ve been reading my blog, then you know I’m a user of the Firefox browser. I document reasons why it is a safer browser to use. If you haven’t read, look back and find those postings. This injecting of JavaScript is not going to go away so one way of defending yourself is to go and download the NoScript add-on for the Firefox browser. If you are currently a user of Firefox, then click here to install this handy little addon. What it does for you is it allows JavaScript, Java, and other executable content to run only if you allow it. You set up these trusted zones that allow you to run what you want. This is a fantastic tool in your arsenal to fight the bad guys. Install it today and feel better when browsing the Internet.

Stay safe out there and be careful.

My previous post, I gave a quick review of this story, but due to some things in my professional life as a computer security professional, I’ve dug deeper and will try and explain in plain language.

On or around 4 January, there was an automated attack on thousands of websites. Initial reports were that 70,000 legitimate sites had been compromised, but now the number is estimated at 94,000 sites. These included Fortune 500 corporations, state government agencies, and schools. These sites were infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations.

Here is a short list of sites that were known to be compromised. At this writing, some have been fixed. When talking about smaller organizations without dedicated staff to maintain their web applications, these probably remain compromised.

Computer Associates
United Nations
City of Cleveland
State of Virginia
Boston University

Additional sites that are found currently using a Google search:

webdeveloper-dot-com

bbc-dot-org

livingbeyondbreastcancer-dot-org

livingbeyondbreastcancer-dot-net

Not sure if you’ve heard this or not but it going around in computer security circles. In the past few days, there was a mass automated hacking of thousands and thousands of web applications. Many of these sites may be ones you visit. There were many .com, .edu, and .org sites that fell prey to this Microsoft SQL attack. It appears that most sites have cleaned up their applications but if you visit sites such as Computer Associates, the city of Cleveland, the Governor of Virginia, the National Hot Rod Assoc., Findlaw.com and the United Nations, you may want to take a close look at your PC.

What the attacker was able to do was to inject SQL into these applications that redirected them to a couple of sites in China. These sites served up the exploits. Another good reason to patch. Speaking of patch, yesterday was Patch Tuesday so your machine should have downloaded them for you if you’ve turned your settings on. The domains were uc8010dotcom and ucmaldotcom. I purposely misspelled the sites. Anyway, a couple of malicious sites in China.

So if you are a regular visitor to any of the sites mentioned above, you may want to take a closer look at your computer. This is a small list though. I’ve seen one article mentioning that some 70,000 sites were compromised. Dang!!! Some times even good Internet behavior can get you in trouble.

The important lesson here is to patch your applications. PATCH PATCH PATCH. Verify your Microsoft updates have been downloaded and install them. Be good and stay safe!

A vulnerability in Realplayer was discovered this week which could allow a bad guy attacker to execute code on victim computers. This is the worst kind. Many times it is also written that remote code execution is possible. To make things worse, it is a 0-day which means that there is no patch available. Sucks doesn’t it. I would recommend that you not view anything through Realplayer until the patch becomes available.

MySpace has been found to have a few links that are exploiting this vulnerability now so just be VERY careful if you see a link on a friends page, it may not be a very nice one. If MySpace has been found, figure other social networking sites are hosting some of these malicious links. Be careful on FaceBook also. I’ll admit that I am not up to date on all the social networking sites out there but there are plenty so be careful out there.

Stay safe out there. Be good while you are at it.

All of us know who have a blog hosted on WordPress, that many times, we find comments posted that are created by bots. Some are pretty generic rambling words. Other times, it is blatant links to what appears to be porn sites. Well I can tell you that I’m not clicking on any of them. More than likely, you would find a site that would be considered malicious. For example, it probably hosts a malformed .pdf file, flash file, or the vulnerability of the that Microsoft has. Or possibly it could be a site set up to share actual porn videos that you could click on to see. If you click, it may pop up a message that says that you need to download a new codec file to actually view the porn, and you click the OK or Download button and what you’ve really installed is a trojan downloader that will then download additional malicious files such as a keylogger, or a program that would search your hard drive for cookies that would have valuable information or if you use Turbo Tax, it would send the bad guy your tax file that contains a wealth of information.

The reason that bad guy attackers try and post to blogs is to then get their rating on Google to be higher. Then they can get more people to download a malicious file or just visit a web site that will serve up your current exploit of the day. WordPress is good because it allows the owner of the blog to determine if comments are from actual people and the author can determine to post it or just delete them. I will admit as probably most others who are writing on WordPress that you delete more than 90 percent of the comments. It may be closer to 95 percent.

Lesson learned? Well it is possible that bad people try and post comments is to prey on people who do not patch their applications. So my message? PATCH PATCH PATCH. I’ve written about the Shavlik Google gadget to help you with this. I have found this to be a great application for home users to use to create their own patch management schedule. Visit the Shavlik site. I’ve provided a link in my Blogroll on the right side of my page. You’ll be glad you did.

OK, on Thursday night, the Orange Bowl was played. I’m so proud of my Kansas Jayhawks. They put it to the Hokies of VaTech. Rock Chalk Jayhawk go KU!!! No all attention turns to basketball. Make me proud Coach Self and my Kansas Jayhawks of the hardwood!

Stay safe and patch yourself, you filthy animal. JK.