2012
By Selena Frye
January 25, 2012
Takeaway: Symantec acknowledges a breach that exposed the source code for pcAnywhere. Users are advised to disable it immediately until software updates are available to resolve vulnerabilities.
In August 2011, CNET reported the claims by Anonymous that they had breached servers of Symantec (among others) and now, Symantec has acknowledged that their own investigation reveals that the source code for pcAnywhere was stolen…in 2006! Symantec issued a technical white paper with security recommendations and a message on their website about the serious breach — surely an embarrassing situation for the maker of Internet security-related products, including the Norton suite of antivirus software. pcAnywhere is a software program from Symantec that many enterprises use to manage corporate PCs.
Here is an excerpt from the white paper (PDF):
Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
Security recommendations include:
•Symantec recommends disabling pcAnywhere until they release software updates that resolve “currently known vulnerability risks.”
•As far as the other source code exposure related to the 2006 versions of the Norton products as detailed in their statement above, Symantec says that the “code in question represents a small percentage of the pre-release source for the Symantec AntiVirus 10.2 product, accounting for less than 5% of the product.” They recommend only that customers update their AV definitions and follow general best practices.
Here is the page on Symantec’s site that they will update with further information if anything changes: Claims by Anonymous about Symantec Source Code.
Here is a further summary of the risks posed by pcAnywhere users, according to the Symantec white paper:
Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks.
So there you have it. How would you characterize this disclosure? How is it that we seem to be talking about a theft that occurred five or six years ago? The sequence of events is kind of weird. According to a report in The Register:
A hacker calling himself “Yama Tough”, acting as a spokesperson for the group, claims the source code had been pulled from insecure Indian government servers, implying that Symantec was required to supply their source code to Indian authorities. In a series of Twitter updates, Yama Tough talked about various plans to release the source code before committing to release the secret sauce of pcAnywhere.
The Yama Tough tweeting occurred on Monday.
2012
By Bob Eisenhardt
January 23, 2012
Takeaway: Bob Eisenhardt explains how the Facebook virus Ramnit works, why it’s so bad, and how it can affect much more than a Facebook account.
Ramnit is advertised as a lethal virus for attacking Facebook, having stolen 45,000 accounts and passwords. The virus itself is actually pulled from a used parts bin of older virus infestations such as the Zeus botnet. But it can now be controlled remotely for all kinds of mayhem too. According to Amit Klein, CTO of a web security services firm, last year it was just a nasty botnet. This new version has added power by being retrofitted with financial fraud capabilities. It can capture any data in any web session. Now, this writer has been a passionate HATER of cloud based computing, so in my view, having your data or (worse) sensitive client data stored through the Internet and accessed by HTML files, provides an open door for Ramnit, a truly awful threat to anything and everything web-based.
This monster begins by attaching itself to (as they always do) Windows files such as EXE, SCR and good old DLL files (when can we rid ourselves of those?) as well as Word documents. HTML files are also in this group, and it can now discover our handy pocket friend: USB cards. Once it has this new home, an autorun script ensures infection of whatever else our key is plugged into. Now resident in a system, it buries itself into the registry (nothing new there) and uses a hidden browser instance to connect to your friendly Hacker, and run scripts to find financial stuff and send it over to an eager thief. As Dr. Leonard McCoy said in STAR TREK IV: “Oh, joy.”
Ramnit leaves behind some classic symptoms of a virus. One user posted a note that his laptop was now clean (I doubt it) but he had one file named “yghaubfg.exe” and a folder “qdpnkxvp” on his system under Downloads. I am always amazed that hackers employ such obvious and fraudulent names for the files, for which we may be thankful. The latter file and directory name seem standard for Ramnit.
Cleaning up after Ramnit
Technicians love to spend hours on diagnostics and discovering how things work. While interesting, I prefer sanity to extended effort, so I endorse using a BartPE boot CD to clean your system. Better yet, maintain a GHOST image of your primary operating system drive and also have a redundant system, a secondary computer, to act as your station in case your primary fails. (A note on my preferred system configuration: my stations have two hard drives: OPSYS and STORAGE. The operating system drive contains just that and nothing else. STORAGE stores literally “everything else” inclusive of a ghost image. I highly commend this protocol).
The removal process is otherwise complex. One expert ran Avast antivirus, and a 2 hour scan revealed 4,300 infected files. Believe me that while re-installation may be the only option at this point, I commend a ghost image as discussed just above as a FAR better solution for rebuilding. This expert was also worried about .DOC and .HTML files being infected, which is another good reason for an independent backup location. Rolling back the registry to a restore point did not work either, all points having been deleted. (But Windows search still had the doggie. Go figure). Trust me, spending 30 minutes for a ghost image restore is a bargain of time utilization and keeps the stress level low.
Remedies for Facebook
All of which means that Facebook is nothing more than a really great delivery system for Ramnit to find other places to burrow into, which makes Facebook so damn dangerous. The worst of it is that people use it in their workplace. If your organization is into cloud computing, you have a really nice LEGAL exposure issue and a potential lawsuit in your future.
As for defense issues, the standard concepts of changing passwords every 30 days on Facebook is a good first, but simple step. A better step in the workplace is to lock out Facebook entirely, if it has no business use. There is an easy way to do this.
OpenDNS is a terrific web-management protocol, and has the paid program (inexpensive) has the ability to manage white and black lists. Implementing the DNS servers is simple. Once you have their DNS servers IP addresses, dig into the router or server, and replace your ISP DNS systems with their systems and voila! OpenDNS is your best friend. Dig into the Black list and add Facebook and whatever else you want. Users may scream, which is a good time to have them read not only this article but also anything describing the consequences of a lawsuit and unemployment benefits.
Danny Harris, security guru at Aon group, held a security seminar in 2003 that left the whole IT staff shaking their heads in shame. The bad guys are so good at what they do that our puny efforts seemed doomed to eternal failure. Case in point: virus code buried inside photographs that are impossible to see or detect. Same with the famous Facebook “two blondes” picture. Rule of thumb: someone sends you a picture: dump with freedom. The best rule is trust NOBODY and enjoy only your own photographs. On Facebook, this is a tall order indeed. Open a picture = hello Ramnit.
The root problem is that so we are Internet-web based for absolutely everything in life. Bill-paying is now the online way to live along with financial account access. Major banks have gotten better to a degree. If I try to access my accounts from another computer other than the one I have at home, the security protocols require a send and verify code to email, which is a great idea … unless someone hijacks my email too (from Facebook) and can get the code and impersonate me (from Ramnit) which is not farfetched idea at all. It really makes me long for my old DOS 3.2 computer in some ways.
Having scared myself to pieces, I created a GHOST image of this computer. Took 10 minutes to create = same to restore if I have to. Trust me, this is a far better, less stressful method to repair a computer.
Want to read more IT stuff? Click here for Tech Republic News
2012
Published January 18, 2012
SAN FRANCISCO – Can the world live without Wikipedia for a day?
The online encyclopedia is one of the Internet's most visited sites, and at midnight Eastern Standard Time it began a 24-hour "blackout" in protest against proposed anti-piracy legislation that many leading websites -- including Reddit, Google, Facebook, Amazon and others -- contend will make it challenging if not impossible for them to operate.
It's a dramatic response to the Protect Intellectual Property Act under consideration in the Senate and the Stop Online Piracy Act (SOPA) in the House, a pair of bills backed by the motion picture and recording industries that are intended to eliminate theft online once and for all.
Simply put, S. 968 and H.R. 3261 would require ISPs to block access to foreign websites that infringe on copyrights. Online piracy from China and elsewhere is a massive problem for the media industry, one that costs as much as $250 billion per year and costs the industry 750,000 jobs, according to a 2008 statement by Patrick Leahy (D-Vt.). But how exactly the bills would counter piracy has many up in arms.
"There are smart, targeted ways to shut down foreign rogue websites without asking American companies to censor the Internet," Google spokeswoman Samantha Smith told FoxNews.com on Tuesday. The site joined Wikipedia by presenting readers with a black bar over its logo, and other websites have prominent SOPA protest content posted. But the online encyclopedia's blackout is a line-in-the-sand action -- and it isn't sitting well with some of its volunteer editors.
"My main concern is that it puts the organization in the role of advocacy, and that's a slippery slope," said editor Robert Lawton, a Michigan computer consultant who would prefer that the encyclopedia stick to being a neutral repository of knowledge. "Before we know it, we're blacked out because we want to save the whales."
Wikipedia's English-language site shut down at midnight Eastern Standard Time Tuesday and the organization said it would stay down for 24 hours.
Instead of encyclopedia articles, visitors to the site saw a stark black-and-white page with the message: "Imagine a world without free knowledge." It carried a link to information about the two congressional bills and details about how to reach lawmakers.
The shutdown adds to a very vocal body of critics who are speaking out against the legislation. But the bill's many supporters -- including the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), the U.S. Chamber of Commerce and News Corp., the parent company of FoxNews.com -- argue that those critics simply misunderstand the bill.
“Anti-piracy legislation now before Congress finally addresses the threat of foreign piracy, and it’s unfortunate that so many opponents have resorted to inaccurate and flatly dishonest claims in an attempt to derail it," said Timothy Lee, vice president of legal and public affairs for the Center for Individual Freedom.
Chris Dodd, chairman of the MPAA, denounced the blackout as a stunt, News.com reported. "[It's] an irresponsible response and a disservice to people who rely on [the sites] for information and [who] use their services."
Indeed, some of Wikipedia's editors are so uneasy with the move that they have blacked out their own user profile pages or resigned their administrative rights on the site to protest. Some likened the site's decision to fighting censorship with censorship.
One of the site's own "five pillars" of conduct says that Wikipedia "is written from a neutral point of view." The site strives to "avoid advocacy, and we characterize information and issues rather than debate them."
Wikipedia founder Jimmy Wales argues that the site can maintain neutrality in content even as it takes public positions on issues.
"The encyclopedia will always be neutral. The community need not be, not when the encyclopedia is threatened," he tweeted.
Social news website Reddit.com is shutting down for 12 hours on Wednesday as well, but most companies are staying up. Dick Costollo, CEO of Twitter, said he opposes the legislation as well, but shutting down the service was out of the question.
"Closing a global business in reaction to single-issue national politics is foolish," Costollo tweeted.
The plans for the protest were moving forward even though the bill's prospects appeared to be dimming. On Saturday, Rep. Darrell Issa, a California Republican, said the bill would not move to the House floor for a vote unless consensus is reached. However, Lamar Smith, a Texas Republican, said work on the bill would resume next month.
The White House raised concerns over the weekend, pledging to work with Congress to battle piracy and counterfeiting while defending free expression, privacy and innovation in the Internet. The administration signaled it might use its veto power, if necessary.
The Associated Press contributed to this report.
2012
January 16, 2012
Popular online shoe retailer Zappos.com said late Sunday that hackers had accessed its network, stealing customer account information from as many as 24 million customers.
Credit card information was not stolen, company CEO Tony Hsieh said in a statement sent to users, but email addresses, billing and shipping addresses, phone numbers, the last four digits from credit cards -- and more -- may have been compromised.
"We were recently the victim of a cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," reads a statement posted on the company's blog. "We are cooperating with law enforcement to undergo an exhaustive investigation."
The company stressed that credit cards were not affected, and that it has already reset the passwords for existing customers to prevent abuse of the stolen data.
A special page on the Zappos website has been created to facilitate password changes for users: www.zappos.com/passwordchange.
The company is well regarded for its customer service; Hsieh expressed concerns that the security breach might affect the time spent burnishing the company's image.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," he wrote.
2011
By Toni Bowers
December 20, 2011
Takeaway: Yes, it’s here: a mobile app that is built to keep you from drunkenly embarrassing yourself at the company holiday party.
Now that Twitter offers us yet another way to embarrass ourselves to a potentially large group of people, it only makes sense that there would be a need for a mobile app that might help us curb that tendency.
And there is: TDA and Webroot launched the Holiday Party Sobriety Test, a free mobile app for Android and iPhone devices, designed to save us all from our inebriated selves. They claim that the app was created to keep us out of trouble, and “provides a series of sobriety tests that can be taken right at the party. Failure of any of the tests triggers a warning to dial it down for the rest of the evening.”
Readers of this blog know how I feel about mobile apps attempting to replace common sense, but if something like this keeps you from drunkenly posting on Facebook a picture of you doing shots on the boss’s desk at the office party, then, by all means, download it.
Happy Holidays! For more at TechRepublic, click here.
Random photo
 |