Tag: Security

Another dud

Well April 1 has come and gone and the Conflicker worm didn’t destroy humanity. As “Worm chaos fails to strike” noted:

 

“there was no evidence it was doing anything other than modifying itself to be harder to exterminate.”

 

Like, duh! Why would it do anything else? As I noted in previous posts (here and here), the media does nothing to help the cause of IT security by using inflammatory articles. Why? Because they get ‘average’ users all apprehensive as to what will happen to their machines and then when nothing does (in this case again), users believe that it is all simply a case of ‘crying wolf’ and don’t change their online behaviour. This means their systems continue to remain unpatched and unsecured making it easier again for the bad guys.

 

There seems little doubt that the Conflicker worm is real and that it has many systems in its grasp but in the end it is all about money not about some sort of security statement or proof of concept attack.

 

The disjoint between informed IT security and the ‘average’ user simply grows when incidents like this occur. The lack of understanding and drive for sensationalism by the media simply makes the situation worse. In the end the only solution I can see is to force people to update their systems. You’re not allowed on the road with an unsafe car are you? Why are you allowed on the Information Superhighway with an unsafe PC? In the end regulation is the only way we can overcome this issue as I see it.

 

Till then, the bad guys just keep kicking goals.

Conflicker

Here’s some more media mania about Conflicker. “Defences bolstered ahead of Conflicker April Fools’ offensive”  claims that:

 

The US Department of Homeland Security released a tool on Monday to detect whether a computer is infected by the Conficker worm.

When you go to the US-Cert site you only find the following “tool” (which isn’t really a tool):

 

Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers.  The presence of a Conficker/Downadup infection MAY [my emphasis] be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:

http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx http://www.mcafee.com

If a user is unable to reach any of these websites, it MAY [my emphasis] indicate a Conficker/Downadup infection.  The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them.  If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet – in the case for home users.

 

So if you can, or cannot surf to those web sites you may, or may not have Conflicker. So in other words you still not going to have any idea! As I keep saying, the bad guys are winning.

 

The Symantec site does have a nice video from 60 minutes in the US about Conflicker. It is well worth watching because it again highlights how the bad guys are beating the good guys hands down.

 

http://www.cbsnews.com/video/watch/?id=4901282n

 

Watch CBS Videos Online

In the video you’ll get an understanding of how much information the virus captures about your PC sessions (basically everything – browsing, keystrokes, passwords and so on). You’ll also see how CBS (the makers of 60 Minutes thought they were safe as it turned out they weren’t. Even worse, they still can’t be 100% sure they are clean because Conflicker could simply be lurking somewhere ready to re-infect. Again, bad guys win.

 

Interesting to see what tomorrow does bring.

Media hysteria

The media appears to be prepping us for the next Y2K technology disaster with the Conflicker worm on the first of April. Headlines like “Conficker worm threatens April Fools’ chaos” are not designed to be informative simply inflammatory. The media hasn’t been in the business of providing balanced reporting for a long time now. If you actually read the article you’ll find the following:

 

“But researchers who have been tracking Conficker say the date will probably come and go quietly.”

 

which doesn’t make for a very exciting headline does it? That certainly isn’t going to get people reading your paper is it now?

 

If you were a bad guy who controlled a whole swag of machines via the Conflicker worm why the hell would you want anyone to know? Simply put, it would spoil your revenue stream because cybercrime these days is much like any commercial business, it is all about making money!

 

It does however illustrate an interesting issue, where does the average PC user go to get information about keeping their technology secure? The prevalence of Conflicker worm seems to demonstrate that not many understand the need to update their system regularly, given that the patch to prevent Conflicker has been available since October. So where do they turn? The article fails to provide any links or explicit instructions as to what a user can do to even check their systems.

 

This again plays into the hands of the bad guys, more or less ensuring that their infections will continue to spread. I often wonder what sort of drag the effects of cybercrime have on the economy? The cost of lost time and productivity, the cost of cleaning up infections and potential cost of lost or compromised information. Pro-active security is always cheaper than reactive measures yet judging by the number of Conflicker infections that is the minority opinion.

 

Why? Where is the system failing? Why aren’t more people being made aware of the potential threats to their systems? Are people, in fact, choosing to ignore these warnings in the belief that it can never happen to them? Why has it become so difficult to protect even the most basic PC installation? Honestly, I don’t know the reasons but the potential end results of this ignorance are clearer everyday yet it seems the world become less and less secure with every machine that is connected to the Internet.

 

As I have said before, it’s a brave new world and you are the only one responsible for your security, because few out there, media included, are going to provide you with any meaningful or helpful information. Isn’t that nice to know when you’re swimming with the sharks? The only solution I can provide is knowledge. If you don’t understand the threat, learn. If you want to protect yourself and your information, learn. Luckily, that’s is one thing the Internet is good for – information.

Digital footprints

I am utterly amazed at how ignorant most people are of the fact that all their wonderful technology can provide excellent information of exactly who you are and what you are doing at any time.

 

In this story “Digital dabs: how Einfeld was tracked with a mobile, credit card and e-tag” it shows how the police used digital evidence like that from electronic tolls, mobile phone and credit cards to prove the guilt of Marcus Einfeld. It goes to show that convenience has a price and that price is usually reduced privacy.

 

In many respects the lust for technology has made the job of tracking individuals much easier than it ever used to be. Stop and think about every email you send, every internet search you do, every login to Facebook, and so on – they’re all trackable. The more you use technology the more ‘digital evidence’ begins to stack up against you. The unfortunate thing about this is that digital evidence is firstly much easier to store and secondly much easier to search.

 

As I have lamented here before, so many people have no concept of the value of their privacy and are surrendering it without a second thought. We happily proclaim the wonders of technology but we seem to remain oblivious to dangers it also brings. Read the story and then stop and think how much information are you giving away about yourself without even thinking?

 

We perhaps wrongly believe that technology has given us greater freedom, mobility and convenience and yet the reality may be that it has enslaved us as never before.

Does nobody care?

A couple of posts ago I wrote about Facebook follies and the fact that some scammers were using Facebook as way to attract potential victims. Part of this involved a picture of a man standing next to a bright red sports car. In fact it turns out these pictures are taken from someone’s online photo album as detailed in “Facebook scam: Ferrari man’s true identity revealed”.

Now I don’t use Facebook that often but when I logged in recent I saw the following ad:

Now where have I seen that before? (Firstly, I gotta say if you think he’s standing next to a Lamborghini then you deserve everything you get, it’s a Ferrari Enzo). I clicked on the ad and up came the web site:

with a lovely photo of ‘Tom’ and the pitch about how much money I can make if I just sign up now.

It would seem clear by now that this offer is a scam, so why is it still running on Facebook?  As the article says:

“There are numerous reports of people who fell for the scam and were charged hundreds of thousands of dollars after handing over their credit card details.”
So where’s the protection for the Facebook user? It certainly doesn’t appear that there is much. I always used to say that the stock market was the perfect vehicle for transferring wealth from the stupid to the intelligent but now I’m going to have to revise that to being the Internet.

The continuation of these sort of ads again confirm my belief that we are losing the battle against the bad guys. Some may say that what is happening here is not against any law, and that people should always be aware when purchasing ANYTHING from the Internet and I agree. However, the reason that our systems are constantly under threat from viruses and trojans is that most Internet users are totally unaware of how they should be protecting themselves and look at the global problems that has caused. It seems that when it comes to using the Internet, common sense goes right out the window.

Now scams like this are nothing new and they happen on other sites like Ebay and what not but it seems to me that technology is making this easier in so many ways. Every day technology makes it both easier to perpetrate crime and confuse the average user. It amazes me in this so called world of ‘Web 2.0’ interconnectivity that most people are being left to fend for themselves in a pool of sharks. The more connected we think we are the more isolated we become perhaps?

The moral is clearly, every person for themselves and if it seems too good to be true then generally it is.

Peeved

I know that I need to update my anti-virus to stay secure and I understand that it is a critical component of my computer security but I can tell you that it is really pissing me off at the moment.

It seems like every time I turn on my PC and at least once during the day I get this message to update my signatures. By default you don’t usually get these messages as it all happens in the background but because it was happened so often I changed the default to prompt me so I could keep track of what as going on.

So when I booted up this morning I get another update message like so:

As I said initially, I know this is necessary and I’m not picking on any vendor, since I all believe they have the same issues to some extent but it just goes to show how bad things must be out there on the Internet if I’m constantly getting these updates.

Now getting the updates is fine but the way that it bogs down my machine when it applies the updates is infuriating! It isn’t a short period of time while that happens either. It seems to be getting longer and longer. As you can see from the latest update, that’s 2.3MB to be downloaded and installed. What happens to the poor people on slower Internet connections?

It all goes back to my contention that we are losing the battle against the bad guys on the Internet. How many years has it been now and yet it seems that number of vulnerabilities, viruses, trojans, compromises, spam, etc is not only increasing but increasing exponentially. We are building our future on a platform that was never designed to incorporate security, it has simply been ‘tacked on’ later as an after thought. Given that PC’s are now in the hands of people with absolutely no idea about how to stay secure we are increasing our vulnerability everyday. We are creating a larger and large playground for the criminal underworld to flourish.

Articles like “1 in 3 Windows PCs vulnerable to worm attack” and “Downadup worm now infects 1 in 16 PCs says Panda security” further highlight the problems. This doesn’t help either:

The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003 and Server 2008.
since it clearly highlights that no matter how much “security” is taken into account with software it is still created by humans (usually under commercial restrains) and can never be perfect. Don’t be under the illusion that vulnerabilities solely exist in Windows, they potentially exist in every piece of software every written. We hear more about their effect on Windows machines because they are most popular. Software developers do create and release patches but not very many people actually apply them, so we have the worst of both worlds.

I must admit that I think it is almost getting to the point where vulnerable machines need to be denied access to the Internet or automatically fixed. That again opens up a whole can or worms in regards to accessing people’s private machine and other software compatibility issues but I think we need to consider what is the greater evil here. If people don’t patch and protect their machines they make the eWorld so much more dangerous and less friendly for everyone.

We live in a strange world where on one hand you need a license to drive a car yet on the other you don’t need one to create another human life. Maybe it is something that is just going to be a fact of life forever now but I can tell you that at the moment it is really pissing me off!

BotNet video

Here’s an interesting video from the BBC Click program about BotNets. It shows how BotNets are used to send spam emails as well as Distributed Denial Of Server (DDOS) attacks.

 

Also on Click you’ll find “Cyber crime attack from the east” which gives you an idea of the business behind cyber crime.

 

It is interesting to consider that we are building our ‘new world order’ on technologies that were never designed with security in mind. Likewise, there are so many users out there who have no idea their machines are infected and being controlled by someone else. It is amazing to think that many vulnerabilities used by Botnets exploit bugs that have a patch or update available from the vendor. The problem is too many people are using computers connected to the Internet without understanding the basics. Given the world wide reach of the Internet this causes a huge problem when the power of these infected machines is harnessed into a BotNet.

 

Interestingly, the BBC seems to have gotten itself into some trouble about what actions it took while performing the demonstrations in its show as detailed in “BBC cyber crime probe backfires”. This relates to the fact that the BBC used user’s computers without their knowledge and also made modifications to their systems, even if it was to warn the use that their PC was infected. This again illustrates why cyber criminals are always going to win. When someone like the BBC does a expose on BotNets it runs the risk of running foul of authorities, yet users who haven’t maintained or secured their systems and connect them to the Internet face no ramifications! In many cases the only way that some people will know they are infected with a trojan acting as part of BotNet if is they are told. While we debate the ethics of alerting users, cyber criminals simply go about their business and infect more machines.

 

So, watch the video. Make sure you machine is patched and scanned for viruses and spyware. Then make sure you tell other people to do the same, because knowledge is really the only defence we have against BotNets.

Mobile security

Almost everyone these days has a mobile phone. A significant number know what a problem it is if you lose your mobile. Some of these people only now understand how expensive it can also be if someone gets hold of your mobile and starts placing calls to Tibet and Greenland. But consider this, with more and more of our personal information on our mobile devices what security do we have in place to protect that?

 

Do your emails get delivered to your mobile? Do you have other sensitive information on there (i.e. PIN numbers, passwords)? What about customer information? Stop and have a think about what information your mobile would divulge if it fell into someone else’s hands. Now think about how much damage that information could do both personally and commercially.

 

Worried? Well you should be. Even the bosses at Telstra get their mobiles stolen and like this story highlights it can represent a huge commercial risk. Not only to you personally but also your customers. If you have a mobile device that holds data that you want to remain private then make sure you secure it. Make sure you know how to prevent it falling into the wrong hands. Many devices these days have the ability to be remotely wiped if needed but also look at things like encryption to protect sensitive data.

 

As more and more data ends up on mobile devices that get smaller and smaller (read easier to steal), then they become just like the PC on your desk. Now, you wouldn’t want that to fall into the wrong hands would you? So maybe it’s time to look at how secure that little computer you carry around with you everywhere is!