Security software giant Symantec admits source code for several of their security offerings as well as pcAnywhere were stolen from their network in 2006. Symantec initially claimed the loss was through a 3rd party.
This is now coming to light because Saturday a hacker going by “Yama Tough” threatened to release the source code for Norton Antivirus. On Monday he also threatened to release the source code for pcAnywhere, Symantec’s remote access application.
Should we be concerned six year old source code may be soon floating around the internet? Here’s what Symantec says; pcAnywhere customers may face “a slightly increased security risk” as a result of the exposure. And that, “Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”
Our suggestion? “A slightly increased security risk” is too much of a risk.
Sources: http://www.csoonline.com/article/698195/symantec-backtracks-admits-own-network-hacked?source=rss_data_protection and http://www.reuters.com/article/2012/01/17/us-symantec-hackers-idUSTRE80G1DX20120117
What do the following have in common?
They are all typos for popular websites; in this case Twitter and YouTube. These are special because they are fraudulent sites for tricking you into completing bogus on-line surveys. Surveys offering a chance to win “exclusive” prizes. Fun stuff as long as your idea of “exclusive” prizes are opportunities for divulging personal information and downloading malware.
The perpetrators have done a good job of co-opting the legitimate site’s look and feel. If you are not paying attention you may not recognize you aren’t exactly where you think you are. Here is an example of one of the twitter redirects.
How popular is this type of attack, known as typosquatting? When formulating these attacks the perpetrators will register a number of the “typo” sites and link them all to a single “survey” page. At times in the recent past, the aggregated hits on the single survey page reached Alexa’s top 250 list.
What can you do about this type of attack?
- Pay more attention when you are entering a web address
- If a well known site suddenly asks you to complete a survey, double check the url to make sure you’ve not been redirected.
- Don’t take online surveys
Sources: http://community.websense.com/blogs/securitylabs/archive/2012/01/11/what-makes-a-high-alexa-rank-spam-website.aspx and http://labs.m86security.com/2011/09/typosquatters-exploit-misspelled-variations-of-youtube-com-domain-name/
Apologies to: William Shakespeare
You’re returning from a business trip abroad and when coming through customs here in the States someone from Homeland Security says, “I’d like to look through your computer to see if you have information about terrorists, drug smugglers, and other criminals trying to enter the country.” An interesting article in the Boston Globe suggest this happens more than you might think, claiming over 5,000 electronic devices were seized last year.
But they need to have a pretty darn good reason, right? Well, in a word, no. “Barring invasive techniques such as strip seizures, government agents are free to disregard Fourth Amendment protection against unreasonable search and seizure. They don’t need reasonable suspicion or probable cause, and they can take what they like, be it laptops or smart phones.”
In a survey conducted by the Association of Corporate Travel Executives last month, nearly half the participating companies did not know customs agents could inspect, copy, or even seize travelers’ laptops.
A number of companies are considering amending their IT / Travel policies to possibly include the following:
1. Employees upload files to the cloud and retrieve them later via the internet.
2. Download data onto a flash drive that can be mailed to a traveler’s final destination.
3. Create hidden drives on which to store the information.
Source: Boston Globe / online here: http://articles.boston.com/2012-01-08/business/30601167_1_laptops-search-and-seizure-strip-searches
Is that smoke coming from your HP LaserJet printer? If you believe a group of researchers from Colombia University it could happen and it may not only be smoke escaping. The researchers discovered some HP printers are not all that discriminating when it comes to the updates they allow to their firmware. Firmware is a fixed, usually small, program that internally controls a device like a printer.
The researchers were able to take advantage of the remote firmware update feature of the printers and load malicious software allowing them to then take control. What can someone do once they have control of your printer? The researchers were able to send copies of items being printed to remote computers, disable the printer and even continuously heat up its ink-drying component until it started to catch fire. HP denies the “catch fire” part but not the “ send your private info all over the world” part.
HP released a number of firmware updates which require patches be digitally signed by HP so not just any old “researcher” can send updates. Unfortunately, HP has not released a list of the printers needing this fix, stating it will be “communicating this proactively to customers and partners”, whatever that means.
We cross referenced all the printers in the offices for which we provide security monitoring services and found these to have Firmware patches released on the 23rd: HP Color LaserJet CP4020 and HP Color LaserJet CP1510.
If you have these printers be sure to get the firmware updated from here: http://www8.hp.com/us/en/support-drivers.html
Also, it is imperative your printer be on the “clean” side of your firewall to insure not just anyone can try and push it updates. If you are unsure of this or have no clue as to what this means, have it verified by an IT/Security professional.
Sources: TheHackerNews.com and MercuryNews.com
You are responsible for all sensitive data to the very end of its life. It may seem like the job of protecting the information ends when you retire the equipment or take the tape out of service but it does not. You need to make sure the media is destroyed or rendered useless in an appropriate manner. The easiest way to do this is to leave it to media destruction professional.
Unfortunately, a number of media “destruction professionals” are actually commodity recyclers. These organizations make their money by selling your electronic media to other recyclers or recycle it themselves. A number of these “recyclers” tend to pop-up when commodity prices are high such as they are now.
Your job is to make sure the company to which you are entrusting the safe disposal of your equipment is suitably qualified for the task. A good place to start is the National Association for Information Destruction (NAID) http://www.naidonline.org/ . The NAID has a certification program which establishes standards for a secure destruction process including such areas as operational security, employee hiring and screening, the destruction process, responsible disposal and insurance. The NAID also performs unannounced audits which assures you that certified companies aren’t just compliant once a year.
The NAID web site has a handy search feature that lets you search for certified members. It’s a great place to begin your search for a happy ending.