Dealing with Fake Tech Support & Phone Scams
On this blog, we’ve discussed the ways that scammers can attack your PC, through malicious software, rogue security alerts, phishing attacks and more. But the bad guys have now devised a new vector: the phone. I first learned about this when I heard my parents had received a call that they had been identified as having rogue software on their PC. The caller, who said he was from Microsoft, needed to remote access their PC to resolve the issue. Turns out scammers like these were simply taking the time to prey on potential victims by calling them and masquerading as a representative from a trusted institution to trick them into giving up valuable and personal information. Sometimes, as in my parents’ case and others, they even advise installing a remote access code so scammers will have full access to the PC…….
Whats in a Firewall?
We continue to hear reports of companies, government agencies, and systems being hacked into by the “Bad Boys” of the Internet. Most recently it was confirmed that the US Pentagon systems were hacked into and thousands of files were copied from the systems that were hacked. When I heard this report I thought “How in the world does an organization like the Pentagon with all of the resources they have get penetrated???” If organizations like the Pentagon have lowered defenses, how do we, the average system owner with a whole lot less resources protect ourselves?
As I thought about it I realized that there are just too many possible “holes” that can allow the “Bad Boys” in. Once an attacker penetrates the perimeter the internal systems are unprotected. Worms have penetrated many corporate networks through email systems, careless users, and the use of USB devices. Once they are in they spread quickly.
Today’s worms and viruses initiate a large percentage of the attacks that take place. Today’s hackers have become more and more sophisticated and continue to develop new methods to hack and avoid detection. You think you have the door closed and voila, you turn around and there they are. Once in, they start looking for other victims inside the network that they can infect. They can also use the infected computer to attack other computers both inside and outside your network. Besides wasting your resources (Bandwidth and other resources) they can get you or your company in a world of legal trouble. If your “network” is being used to perform a Denial of Service (DOS)attack or network reconnaissance scan against another companies network you have a responsibility to get the attack stopped immediately. Failure to do so can have devastating consequences…..
Attackers Love Your Organizations HR Department
With all the available talent on the market, companies use every available resource in their recruiting practices.They hire third party recruiters, post job listings on LinkedIn, Dice, Monster and numerous other places. While this will bring in a plethora of qualified candidates, this practice also provides attackers a wealth of information in their reconnaissance efforts………
Time to disable WebGL ?
How to disable WebGL
Update: how to disable webgl in firefox 4.0.1:
Type about:config in the address bar. And toggle the webgl.disabled variable to true.
I can confirm this stops webgl from working on demo sites that explain how to use webgl such as http://www.webkit.org/blog-files/webgl/SpiritBox.html. Shows a spinning box if you have webgl, and a rectangle if you don’t.
Update: how to disable webgl in chrome:
It needs the –disable-webgl argument on the command line
Update: we will from now on need to keep a much more careful eye on the security issues of graphic card drivers, and get these updated if and when they fix security issues.
Update: if you’re using derived browsers from one of the affected browsers, it’s a good idea to check if they support WebGL and then contact the makers in order to figure out how to disable it.
http://isc.sans.edu/diary/Time+to+disable+WebGL+/10867
Is Your Computer Listed “For Rent”?
Is Your Computer Listed “For Rent”?
When it’s time to book a vacation or a quick getaway, many of us turn to travel reservation sites like Expedia, Travelocity and other comparison services. But there’s a cybercrime-friendly booking service that is not well-known. When cyber crooks want to get away — with a crime — increasingly they are turning to underground online booking services that make it easy for crooks to rent hacked PCs that can help them ply their trade anonymously.
We often hear about hacked, remote-controlled PCs or “bots” being used to send spam or to host malicious Web sites, but seldom do security researchers delve into the mechanics behind one of the most basic uses for a bot: To serve as a node in an anonymization service that allows paying customers to proxy their Internet connections through one or more compromised systems…..
IPv6 MITM via fake router advertisements
A recent article [1] describes a rather neat variation on how fake router advertisements can be used with IPv6 capable hosts to intercept traffic, including tricking hosts to use IPv6 to connect to systems that normally are not reachable via IPv6.
First lets start with the “old” part of this attack:
Fake router advertisements. IPv6 relies a lot more on auto configuration then IPv4. While techniques like “zero configuration” can be used in IPv4, we usually find DHCP used to configure IPv4 networks.
In IPv6, routers are typically used to configure a network via “router advertisements”. A router advertises which network it is willing to route, and hosts connected to the router will pick an address within this network.
In short, router advertisements can be considered a “DHCP lite” for IPv6. If I introduce a fake router, I get the same effect as I would get from a fake DHCP server in IPv4. However, as only few networks implement IPv6, a fake IPv6 router is likely to be the only IPv6 router. Hosts which so far had no connectivity to the IPv6 internet will now use this fake router to connect. Fake router advertisement tools are very common, we actually play with one in my IPv6 class (fake_router6 from the THC kit) ….
SANS Internet Storm Center; Cooperative Network Security Community – Internet Security.
Limiting Exploit Capabilities by Using Windows Integrity Levels
What Are Windows Integrity Levels?
Microsoft designed Windows integrity levels as a mechanism for enforcing mandatory access controls, which apply even when access would be granted according to the traditional discretionary controls that we’re accustomed to. According to Microsoft:
“The integrity level is a representation of the trustworthiness of running application processes and objects, such as files created by the application. The integrity mechanism provides the ability for resource managers, such as the file system, to use pre-defined policies that block processes of lower integrity, or lower trustworthiness, from reading or modifying objects of higher integrity. The integrity mechanism allows the Windows security model to enforce new access control restrictions that cannot be defined by granting user or group permissions in access control lists (ACLs).”
This means that integrity levels can restrict one process from interacting with another process even if both processes are running under the same user account and even if the user has administrative privileges.
via Limiting Exploit Capabilities by Using Windows Integrity Levels.
“Stranger Danger” – Introducing SmartScreen® Application Reputation – IEBlog
What is SmartScreen application reputation?
In the course of daily browsing, many consumers see warnings that say “This type of file may harm your computer” when downloading files. This warning may be accurate in some sense, but it is not helpful or relevant for the vast majority of internet downloads. Most consumers are accustomed to just ignoring this warning since it is shown when downloading almost any file from the web.
With IE9 we looked at ways to improve our malware protection overall and the experience consumers have with downloads. We had two primary goals in mind to help consumers make better trust decisions when downloading programs from the web:
- Show more useful warnings when a program is a higher risk
- Reduce the number of generic, unhelpful warnings consumers see when downloading programs
In analyzing software downloads actively in use on the internet today, we found that most have an established download footprint and no history of malware. This was the genesis of SmartScreen application reputation. By removing unnecessary warnings, the remaining warnings become relevant.
Cleaning house
There are times as a security professional you have to roll up the sleeves and get your hands dirty to make sure some of the basics are applied to the environment we’re looking after. As a common example, most of us have had to patch the odd Windows machine, or three, to help out a friend to make sure they’re safe and up to date from the various nasties out there.
What happens when you’re presented with forty seven Windows XP computers: all networked, in a Windows workgroup, have varying levels of patches installed, hardly any internet connectivity and a limited time frame to get them to a current patch level? Now throw in every machine is infected and the infections is causing embarrassing and crippling problems to the users.
Here’s my solution; if you have a better one, or helpful pointers, feel free to
comment.
Flash drives dangerously hard to purge of sensitive data
When secure wiping isn’t
In research that has important findings for banks, businesses and security buffs everywhere, scientists have found that computer files stored on solid state drives are sometimes impossible to delete using traditional disk-erasure techniques.
Even when the next-generation storage devices show that files have been deleted, as much as 75 percent of the data contained in them may still reside on the flash-based drives, according to the research, which is being presented this week at the Usenix FAST 11 conference in California. In some cases, the SSDs, or sold-state drives, incorrectly indicate the files have been “securely erased” even though duplicate files remain in secondary locations.
via Flash drives dangerously hard to purge of sensitive data • The Register.