pcAnywhere = dataEverywhere?

Security software giant Symantec admits source code for several of their security offerings as well as pcAnywhere were stolen from their network in 2006. Symantec initially claimed the loss was through a 3rd party.

This is now coming to light because Saturday a hacker going by “Yama Tough” threatened to release the source code for Norton Antivirus. On Monday he also threatened to release the source code for pcAnywhere, Symantec’s remote access application.

Should we be concerned six year old source code may be soon floating around the internet? Here’s what Symantec says; pcAnywhere customers may face “a slightly increased security risk” as a result of the exposure. And that, “Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Our suggestion? “A slightly increased security risk” is too much of a risk.

Sources: http://www.csoonline.com/article/698195/symantec-backtracks-admits-own-network-hacked?source=rss_data_protection and http://www.reuters.com/article/2012/01/17/us-symantec-hackers-idUSTRE80G1DX20120117

Posted in AV Software, Current Threat | Leave a comment

Would a twitter by any other name tweet as sweet?

What do the following have in common?

ttwitter.com twitterr.com
twwitter.com twutter.com
twiitter.com twiter.com
twittter.com youtude.com
youttube.com Yotube.com
yutube.com Youube.com

They are all typos for popular websites; in this case Twitter and YouTube. These are special because they are fraudulent sites for tricking you into completing bogus on-line surveys.  Surveys offering a chance to win “exclusive” prizes.  Fun stuff as long as your idea of “exclusive” prizes are opportunities for divulging personal information and downloading malware.

The perpetrators have done a good job of co-opting the legitimate site’s look and feel. If you are not paying attention you may not recognize you aren’t exactly where you think you are. Here is an example of one of the twitter redirects.

How popular is this type of attack, known as typosquatting? When formulating these attacks the perpetrators will register a number of the “typo” sites and link them all to a single “survey” page. At times in the recent past, the aggregated hits on the single survey page reached Alexa’s top 250 list.

What can you do about this type of attack?

  1. Pay more attention when you are entering a web address
  2. If a well known site suddenly asks you to complete a survey, double check the url to make sure you’ve not been redirected.
  3. Don’t take online surveys


Sources: http://community.websense.com/blogs/securitylabs/archive/2012/01/11/what-makes-a-high-alexa-rank-spam-website.aspx and http://labs.m86security.com/2011/09/typosquatters-exploit-misspelled-variations-of-youtube-com-domain-name/

Apologies to: William Shakespeare

Posted in Current Threat, Scams, Twitter | Leave a comment

Security Security

You’re returning from a business trip abroad and when coming through customs here in the States someone from Homeland Security says, “I’d like to look through your computer to see if you have information about terrorists, drug smugglers, and other criminals trying to enter the country.” An interesting article in the Boston Globe suggest this happens more than you might think, claiming over 5,000 electronic devices were seized last year.

But they need to have a pretty darn good reason, right? Well, in a word, no. “Barring invasive techniques such as strip seizures, government agents are free to disregard Fourth Amendment protection against unreasonable search and seizure. They don’t need reasonable suspicion or probable cause, and they can take what they like, be it laptops or smart phones.”

In a survey conducted by the Association of Corporate Travel Executives last month, nearly half the participating companies did not know customs agents could inspect, copy, or even seize travelers’ laptops.

A number of companies are considering amending their IT / Travel policies to possibly include the following:
1. Employees upload files to the cloud and retrieve them later via the internet.
2. Download data onto a flash drive that can be mailed to a traveler’s final destination.
3. Create hidden drives on which to store the information.

Source: Boston Globe / online here: http://articles.boston.com/2012-01-08/business/30601167_1_laptops-search-and-seizure-strip-searches

Posted in Digital Privacy | Leave a comment

Hot printer you’ve got there.

Is that smoke coming from your HP LaserJet printer? If you believe a group of researchers from Colombia University it could happen and it may not only be smoke escaping. The researchers discovered some HP printers are not all that discriminating when it comes to the updates they allow to their firmware. Firmware is a fixed, usually small, program that internally controls a device like a printer.

The researchers were able to take advantage of the remote firmware update feature of the printers and load malicious software allowing them to then take control. What can someone do once they have control of your printer? The researchers were able to send copies of items being printed to remote computers, disable the printer and even continuously heat up its ink-drying component until it started to catch fire. HP denies the “catch fire” part but not the “ send your private info all over the world” part.

HP released a number of firmware updates which require patches be digitally signed by HP so not just any old “researcher” can send updates. Unfortunately, HP has not released a list of the printers needing this fix, stating it will be “communicating this proactively to customers and partners”, whatever that means.

We cross referenced all the printers in the offices for which we provide security monitoring services and found these to have Firmware patches released on the 23rd: HP Color LaserJet CP4020 and HP Color LaserJet CP1510.

If you have these printers be sure to get the firmware updated from here: http://www8.hp.com/us/en/support-drivers.html

Also, it is imperative your printer be on the “clean” side of your firewall to insure not just anyone can try and push it updates. If you are unsure of this or have no clue as to what this means, have it verified by an IT/Security professional.

Sources: TheHackerNews.com and MercuryNews.com

Posted in Small Business Security Tips, Software Patches | Leave a comment

Sure I remember you…. don’t I?

We’ve all had it happen, right? You’re asked to accept an invitation from LinkedIn or some other social networking site and their name doesn’t ring a bell. You think maybe their name’s changed through marriage or “Is that Joe, the guy down in accounting from 12 years ago?”. You don’t want to seem a jerk so you accept and proceed to forget all about it.

So what’s really going on here? Well, it could really be Joe from accounting or it could be someone pushing into your circle of trust so they can mine for information. Often people post far more information about themselves on social networking sites than is prudent.

“When people make trust decisions with social networks, they don’t always understand the ramifications. Today, you are far more knowable by someone who doesn’t know you than ever before.” says Dr. Hugh Thompson, program chair of RSA Conferences, Founder and Chief Security Strategist at People Security. “Password reset questions are so easy to guess now, and tools like Ancestry.com, while not created for this purpose, provide hackers with a war chest of useful information.”

Also, it may not just be all about you. More cases are coming to light where the bad guys target not only the executives of a major corporation, a method known as “whaling” but also their spouses. The hope here is the shared home PC is not well protected and could provide an entry point for compromising the executive and gaining access to the target company.

The take away here? Be very careful who’s in your social networking circle of trust and be sure to limit the information you make available which might be used in ways you never anticipated.

Posted in Current Threat, Phishing, Scams, Social Media | Leave a comment

To the Bitter End

You are responsible for all sensitive data to the very end of its life. It may seem like the job of protecting the information ends when you retire the equipment or take the tape out of service but it does not. You need to make sure the media is destroyed or rendered useless in an appropriate manner. The easiest way to do this is to leave it to media destruction professional.

Unfortunately, a number of media “destruction professionals” are actually commodity recyclers. These organizations make their money by selling your electronic media to other recyclers or recycle it themselves. A number of these “recyclers” tend to pop-up when commodity prices are high such as they are now.

Your job is to make sure the company to which you are entrusting the safe disposal of your equipment is suitably qualified for the task. A good place to start is the National Association for Information Destruction (NAID) http://www.naidonline.org/ . The NAID has a certification program which establishes standards for a secure destruction process including such areas as operational security, employee hiring and screening, the destruction process, responsible disposal and insurance. The NAID also performs unannounced audits which assures you that certified companies aren’t just compliant once a year.

The NAID web site has a handy search feature that lets you search for certified members. It’s a great place to begin your search for a happy ending.

Posted in IT Contractors, Small Business Security Tips | Leave a comment

Blocked Credit Card Ploy

There are a number of emails going out notifying people their credit cards are being blocked. The problem with these emails? They are not from the credit card companies but from enterprising criminals trying to get the unsuspecting to open email attachments containing malware.

The recipients of this email are baited with statements about large sums being applied to the card and to see additional information to open the attached file. If you do try to open the file you are actually launching a malware attack on your computer.

Anytime you receive an email notification about a credit card do not trust any attachments, links or phone numbers contained in the email. Dial the phone number listed on the back of the card or from your statement and verify the email is a legitimate correspondence from your card provider.

Posted in Current Threat, eMail Attachment, Scams | Leave a comment