Security

• Scammer-Heavy U.S. ISP Grows More Isolated 3 days ago Security Fix
  Last week, Security Fix published an analysis of Atrivo, a California based Internet service provider, also known as Intercage, that has proven to be a virtual magnet for cyber-criminal operations. Since that time, Atrivo's biggest network backbone provider decided it could no longer support the company, and stopped offering it direct connectivity. I first got wind of this change while reading a post on the NANOG mailing list, which caters to professionals employed by ISPs and various network providers. Marcus Sachs, director of the SANS Internet Storm Center, had said it looked like Global Crossing had stopped handling long-haul Internet traffic for Atrivo/Intercage within hours after our story was published. I followed up with Marc, but he was unable to produce any conclusive data showing the change. Fast forward to today, and with the help of Jose Nazario at Arbor Networks, I was able to pull together a view of
• Number of Bot-Infected PCs Skyrockets 4 days ago Security Fix
  The number of PCs compromised with software that lets cyber criminals control the machines from afar has more than quadrupled over the last quarter, security experts warn. The estimates come from Shadowserver, a group of volunteers that monitor activity from robot networks or "botnets," large armies of hacked personal computers used for spam, phishing and all kinds of criminal activity. Shadowserver saw a rise from roughly 100,000 botted PCs to about 400,000 over the past three months. John Bambenek, an incident handler with the SANS Internet Storm Center, which tracks hacking trends, speculates that the spike is probably related to the massive numbers of Web sites that have been hacked by SQL attacks, and seeded with browser exploits. While those numbers might seem high, they suggest more of a recent upward trend in bot counts rather than an accurate picture of just how many compromised PCs are out there. In
• Data Encryption Would Prevent Personal Data Leak For Stolen Oakland School Computers 4 days ago Endpoint Security
  

  Twelve desktop computers were stolen from the human resource offices of the Oakland school district.  And while there were security policies in place, district spokesman Troy Flint pointed out that ?there's only so much you can do when people are determined to accomplish an objective.?  This is another case where the use of full disk encryption would have limited the damage to the loss of the hardware only, since the use of encryption services like AlertBoot ensures data security.

   

  While an official number hasn?t been announced, there are estimates that the personal information of 100 new hires is to be found in those computers.  I would assume that names, addresses, and Social Security numbers would be compromised, at least, the last one being required by federal law.  Officials are still trying to determine what information may be compromised, and want to get in touch with those affected prior to releasing the details to the media.

   

  How?d the thieves break in?  The office where the computers were located was on the second floor, so the thieves scaled a wall and used wire cutters to get through a metal screen on a window.  The alarm system was not triggered (perhaps they didn?t have one set up in the upper floor?)  Security guards are not employed to monitor the building 24/7, and there were no internal security cameras.  Makes me wonder what type of security policies these guys had in place.  Sure, there?s ?only so much you can do??but, it sounds like they had the bare minimum.  Granted, the risk of someone breaking in into their building would have seemed low, so going crazy with security details may not have been an option?in terms of energy or money?but shouldn?t the bare minimum also have included something like computer encryption?  I often allude to it being the bare minimum when it comes to data security, since I?d put it as part of the foundation of data security, along with the use of firewalls, locked doors, and what not.

   

  I mean, a screen on a window was the only barrier preventing access to the second floor.  Seems to me they would have needed something much more substantial.  Any cries of ?well, who?d have thought that?blah blah blah?? would fall on deaf ears, if it were up to me.  While there may not be a way to precisely point out when someone?s going to break in to your offices, or how, things going missing from an office are just a matter of time.  This is no different from a guy complaining that he didn?t think his laptop computer would be stolen from the trunk of his car because it never happened before.  To him, that is.  It?s happened to plenty of other people?it will probably happen to you as well, sooner or later.  Likewise with office burglaries.  In fact, that the reason why data encryption is such a formidable way of securing your data: it?s the ultimate defensive weapon.  Stolen cars; muggings; office burglaries; renegade, schizo-klepto employees; a wormhole in the space?time continuum?the loss of the computer becomes irrelevant when it comes to protecting data if it?s already encrypted.

   

  Related Articles:

  http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/09/03/MN8F12NM56.DTL

  http://www.mercurynews.com/breakingnews/ci_10372819

  
• Google Chrome Browser URL Handler Crash 5 days ago SecuriTeam.com
  An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has...
• Lost RIT Computer Presumably Does Not Have Laptop Encryption. Records Go Back To 1968 5 days ago Endpoint Security
  

  A laptop computer has gone missing from the grounds of the Rochester Institute of Technology.  While the RIT breach does not affect all at RIT, a sizable part of the New York?based institution?s populace is affected.  Anyone who, going as far back as 1968, has applied to enroll at the National Technical Institute for the Deaf is affected?approximately 12, 700 people?as well as 1,100 others of the RIT community whose information was being used as part of a control group for some kind of internal study at RIT.  While it has not alluded to, it seems pretty obvious to me that a laptop encryption solution like AlertBoot was not used to secure the contents of the now missing computer.  The information that could end up being compromised includes names, dates of birth, and Social Security numbers.

   

  Why do I think this?  Well, it seems to me that if they had full disk encryption in place, they would have mentioned it.  Since having started covering data security breaches, I?ve only found one instance where it wasn?t mentioned that a lost computer had encryption.  In most cases where encryption was used, people make an effort to point it out.

   

  There are several things ?wrong? with the RIT case, the presumed lack of encryption not withstanding.  To begin with, it seems they?re using SSNs as identifiers.  Many universities are making the switch over to privately generated student ID numbers.  This was a direct result of so many universities having been victims of hackers and lost or stolen computers with sensitive information over the last 24 months.

   

  And while this is an option for RIT going forward, what do you do when your records go back forty years?  A university can?t just randomly swap out SSNs with privately generated identifiers.  Or can they?  In which case, the other question becomes, why is RIT storing these SSNs?  I mean, it?s kind of unusual, isn?t it?  They?re not storing information for students and graduates?they?re storing the information of all applicants.  Perhaps they?re enamored of that one line in college applications that ask ?have you ever applied for admission to our particular institution in the past??

   

  Without knowing the details, it?s hard to pass judgment on whether data redaction was a possibility.  On the other hand, if data redaction is not a possibility, one would have to argue that RIT was custodian to such information and should have looked into the issue of data security quite seriously.  I think it?s safe to say that most college buildings are not bastions of security.

   

  Related Articles:

  http://www.rit.edu/news/?v=46283

  http://www.democratandchronicle.com/article/20080831/NEWS01/808310356/1002/NEWS

  
• Firefox Plug-in Offers Clarity on Web Site Security 5 days ago Security Fix
  A new security add-on for the latest version of Firefox is available to help users make better sense of a controversial new feature of Firefox 3 that blocks users from visiting a Web site when the browser detects a problem with the site's security certificate. The "Perspectives" add-on for Firefox 3, developed by researchers at Carnegie Mellon University, tries to help users make more informed decisions about what to do when the browser warns about a problem with the site's secure sockets layer (SSL) certificate. Web sites use SSL to encrypt data transmitted to and from the visitor's browser, thereby thwarting any would-be eavesdroppers. SSL certs also offer rudimentary authentication of the identity of the cert holder: Most SSL certs are third-party validated, meaning that some level of checking was done by companies like Verisign or Microsoft to verify that the entity that applied for the cert was the rightful
• AWStats Totals Multiple Vulnerabilities (Exploit) 6 days ago SecuriTeam.com
  AWStats Totals is "a simple php script to view the AWStats totals (Unique visitors, Number of visits, Pages, Hits and Bandwidth) of multiple sites. The page has a month selection input form and you...
• Safely providing anywhere, anytime network access 6 days ago Adventures in Security
  Today's business user often needs remote access to email, documents, or other business information, even when a business supplied laptop or desktop is available. This need for secure anytime, anywhere access to business information comes with its own complete set of challenges. But reasonably priced and user-friendly solutions are emerging.
• Watch Out for Hurricane Gustav Relief Scams 6 days ago TrendLabs | Malware Blog - by Trend Micro
  Figure 1. Latest satellite image from the U.S. National Weather Service shows a fading Hurricane Gustav. The SANS Internet Storm Center has recently warned online users on possible Hurricane Gustav donation scams, noting that there was a rush in the registration of domains with names related to Gustav relief efforts. The list of newly registered sites has [...]
• Version-Independent IOS Shellcode 1 week ago SecuriTeam.com
  The following is a version independent IOS shellcode, it will work on most of the Cisco's IOS operating systems and provide escalation of privileges to level 15 as well as remove the requirement to...