Is nothing safe?

Ok, if you haven’t read the news or seen the TV then you should know that you need to patch Internet Explorer urgently. In the meantime the reports indicate that you shouldn’t use Internet Explorer to browse the web.

No problems you say, I’ll use FireFox instead. Ahh, wait on there. Apparently Firefox tops the list of the 12 most vulnerable applications on Windows according to this report.

So no more web browsing until the patch gets applied. Will you are downloading the patch consider this story that a company involved with the new frontrunner’s bid for Australia’s national broadband network has links with the Chinese military.

Man. Why would anyone ever use the Internet? Problem is, they are still going to aren’t they? And many won’t be updating their systems, so it makes the Internet an even more dangerous place even if YOU do the right thing.

It’s a real double edged sword isn’t it? So, please update your systems and get others to update theirs as well because we’re all in this together.

Security videos

Have a look at these security videos from Watchguard. Down the bottom of the page you’ll also find some videos that may help ‘non-IT’ people understand some simple security principles.

The good thing is that you can download the videos and use them offline.

Here’s a pretty cool site

Just came across this really nice offering from Trend Micro. I think the site tries too hard to be all glitzy and Web 2.0 and may be a little slow at time but it is a great resource once you get it running. The entry page is:

http://itw.trendmicro.com

You’ll see that I’ve clicked on the Trend Tracker to get a load of interesting statistics.

You can navigate by clicking on the little page icons (looks a bit like the aero interface) in the top left of the window. Down the right hand side you’ll find a whole heap of handy links.

When you click on the TrendIQ section you’ll also find on the left a number of videos which aren’t too bad. They maybe something worth showing your customers to give them a better idea of the security threats faced and why Internet security is important.

I haven’t seen any advertising of this site by Trend which is strange because I think it is a great resource.

Login errors after Trend upgrade

Recently, I did an upgrade from Trend CSM Suite for SMB 3.6 to Trend Worry Free Business Security v5.0 on an SBS 2003 R2 Premium system using ISA 2004 as the firewall. The update went fine and no errors were encountered. That was until I received the server report logs the following day.

I got thousands of failed logins and the login process appears to be random junk as you can see above. Turns out that when you do an upgrade to the latest version of Trend, which includes a new feature called Web Reputation, you don’t get prompted for the proxy details for that component.

So previously with SBS 2003 Premium you probably had the proxy settings working under Preferences > Global Settings, problem is, with the new version of Trend you also need proxy settings for the Web Reputation and Behaviour monitoring. Once I had entered the same proxy login settings as I had for the Product updates area above I expected to see no more failed logins.

Oh how wrong I was! I now started seeing tens of thousands of failed login attempts instead of just thousands. What the hell? When I called Trend support they pointed the finger at Microsoft. Ahhhh no, the Trend update was the only thing that has been done to the server. Trend’s response? Sorry, we can’t help, have a nice day.

So after discovering some other SBS people who had the same issue I worked out (through the shared error experience) that the username and password fields for the Web Reputation proxy setting MUST BE less than 14 characters each! Yes, you read right, less than 14 characters for the login name AND the password. Anything over that and there will proxy login failures. In my case I actually had to create a new server user and remove the login domain\username and change it to simply username. The login for the product update area can remain as domain\username and be longer than 14 character but the details for the Web Reputation can’t.

Now really how can this sort of issue happen in this day and age? Clearly it does and it is us poor IT support people who are left to sort the crap out, in my case WITHOUT assistance from Trend. So if you experience the same issue, this solution worked for me and I hope it also works for you. Roll on Trend Worry Free Business Security 5.1.

Another DNS checker

I’ve found an even better site that can check your DNS for recent vulnerability issues.

https://www.dns-oarc.net/oarc/services/dnsentropy

Will produce results like:

Which provide plenty of information in a nice to understand graphics nature. You should run this test to see whether the DNS servers you are using (usually from your ISP) have been patched to overcome a recent DNS vulnerability.

However, I would strongly suggest you consider using www.opendns.com as an alternative DNS resolver for so many other reasons as well.

Do you trust your bank?

No? Neither would I, however they are still out there doing stupid things. Such as? This story from the Sydney Morning Herald details how a server the bank sold on Ebay still had confidential client information. Um, like how is that supposed to happen? An “honest error” and an “isolated incident” according to the bank. Yeah, right.

Being involved in recycling technology myself for worthy causes I can’t tell you how much “interesting” data I have found on machines individuals and businesses have donated. Now I make sure that every machine that I recycle has its information thoroughly wiped to military standards before it is resold, so if I can do that why can’t the bank? It is simply a matter of booting to a CD and allowing to run an erase program. Still, it amazes me how little people value their information.

The problem is, think of all the establishments that have information about you stored somewhere on computer. What do they do with their old systems? Do they have a data destruction policy? What about your home PC’s? What happens after they have served their dues? Do you just throw them out? Ah, what about the data? It doesn’t suddenly become unreadable just because the PC is a little slow.

Value your data. If you want to keep it private – encrypt it. When you are finished with it – wipe it for once information escapes your control all it wants to be is free and like a genie, it doesn’t care who its master is! The real worry is those businesses who “look” after your data. What do they do? If you feel uneasy I’d ask them.

ISP DNS vulnerability checker

If you aren’t aware there has recently been an issue with DNS servers that may allow an attacker to redirect you to a malicious web site. If you interested in some more information about the issues see a recent story in the Sydney Morning Herald.

Unfortunately, this issue needs to be resolved at an ISP level, which basically means your ISP has to patch their DNS servers otherwise all their subscribers could be vulnerable. How can you tell whether your ISP has patched their servers?

DoxPara has been setup to do just that. Go to the site and click on the Test my DNS button of the right hand side. This will then return the results of a DNS query, if the ports are random (i.e. :42039, :54311, :34597, etc) then your ISP has patched. However, if the ports are following an obvious pattern (i.e :1001. :1002, :1003, or :30000, :30020, :30100) then you ISP probably hasn’t patched and you need to ask them why.

The bad guys win again!

Seems like a few people have been fleeced of their money via a bogus Olympic ticketing web site.

As you can see www.beijingticketing.com looks very professional and there really isn’t much to give it away as being a scam. A story in the Sydney Morning Herald gives you some of the dollar figures for people who have been fleeced, and it ain’t small money!

This again demonstrates how sophisticated the bad guys are becoming in the quest to part you from your money. There is no simply solution to overcoming this issue because if you can fool the human at the keyboard you are well on your way to payday.

I know hindsight is 20/20 but if you read the About us page you do find some grammar issues like:

“We are special for providing sold out event tickets in very economical prices.”

and

“For being in the ticket market since a long time we have become very popular in football fans and music lovers”

Now I admit that bad grammar on a sophisticated web site does warrant concern but I don’t think it would have mattered in this case. Simply because most people would have been taken in by the professional look of the web site and secondly most would not have bothered to check the About page. Finally, grammar issues could have been put down to the site being converted from Chinese (maybe).

So all in all a very hard one for even the most vigilant computer user to pick. I suppose the only adage that can be applied is “if it seems to good to be true, then chances are it is”.

Bad guys 2 – Internet users 0