Category: Computer Security

Posted on
by

Last week I received a message offering a 30% discount on Norton Internet Security 2006. It claimed to be from Symantec, but the email address was at digitalriver.com, and all the links—including the ones that claimed to be at symantec.com—went to bluehornet.com.

Now 5 minutes of research turns up the facts that Symantec does work with Digital River and Digital River owns Blue Hornet. And it did go to the address I used to register Norton Antivirus last year. So it’s probably a legit offer.

But let’s think about this for a minute.

Assuming it’s legit, Symantec—a company that deals in internet security—is deliberately sending out offers via third-party domains, email and web servers. Depending on how security-conscious you are, they are either making their messages look suspicious or training users to ignore warning signs.

Or have you never seen spam offering enormous discounts on Norton products? Which generally turn out to be pirated. And I seem to recall—though I can’t find an article to back it up—that the bootleg copies are often infected themselves, or crippled in some way.

Given how many shady operators are out there, taking advantage of the big guys’ name recognition, you’d think the big guys would at least make some effort to make their own offerings look less, well, shady.

Posted on
by

The BBC has posted an interesting article on the US Military’s plans for Internet operations. But that’s not what I want to write about here. What I want to write about is this accompanying photo of Secretary of Defense Donald Rumsfeld:

AFP photo of Donald Rumsfeld holding his hands out.

The article mentions that messages put out for psychological operations in foreign markets are making their way back to American audiences. I’m not sure this photo qualifies as PsyOps, but I think it does qualify for a caption contest.*

Please post your suggestions in the comments.

(via Slashdot)

*OK, you won’t win anything, but with luck the other entries will make you laugh.

Posted on
by

Remember when the web was young, and email was just gaining popularity in the mainstream, and there was a slew of virus hoaxes like the Good Times Virus, or It Takes Guts to Say Jesus, or Elf Bowling?

Remember painstakingly explaining to people that no, your computer couldn’t get a virus just by reading an email, you had to click on an attachment? That images were safe to open? Remember when the worst people had to worry about from web pages was unwanted cookies? Getting a virus just from looking at a web page? Preposterous! And a virus that ran up your credit card? Ridiculous!

It’s sad to think that all those “ridiculous” things are now possible—in fact, they’re commonplace. Look back at that link up there. It’s Snopes’ page on computer virus warnings. Way back when, they were all bogus. These days, most of them are real.

So what’s next? Well, they keep talking about Internet-aware appliances, so a future virus probably could “recalibrate your refrigerator’s coolness setting so all your ice cream goes melty.”

Posted on
by

Worms of the future: someone on MySpace *ptui!* came up with an actual JavaScript worm using cross-site scripting exploits and XMLHTTPRequest. In 24 hours, the worm had forced 1 million users to add him to their friends lists.

Personally, MySpace bugs the heck out of me because it seems to have a culture that encourages embedding images from other sites. 18% of hits to hyperborea.org from other websites are from myspace. Admittedly that’s inflated by the fact that attempts to embed images from my Flash site redirect to the actual articles, so it’s probably more like 10%, but it’s still insane. Earlier this week I started blocking hits from MySpace to images posted on this blog, and I plan to do the same with the Flash images over the weekend. You like my photos? Great, link to my actual site! You like the scan I have of some movie logo? Great, copy it and upload it to your own site!

(via Slashdot)

Posted on
by

If you’ve been paying attention to computer security, you already know that spam, viruses, and organized crime have been in bed together for at least a year. The recently-discovered theft of 40 million credit card numbers [edit: originally linked to Yahoo News] illustrates this point clearly:

CardSystems was hit by a virus-like computer script that captured customer data for the purpose of fraud, [MasterCard spokeswoman] Gamsin said. She said she did not know how the script got into the system. The FBI was investigating. (emphasis added)

Given the current porous state of many networks and operating systems, and the general public’s attitude that catching a computer virus is as inevitable as catching a cold, I’d guess it got into the system the same way most spyware does. An email attachment squeaked by the filters. Someone installed a tool that claimed it would make their web access faster. Someone got a well-designed phish, followed the link, and got infected by a backdoor because their browser was behind on security patches. Someone brought a laptop home, plugged it into their insecure home network, and brought back a virus.

Sadly, I expect we’ll be seeing a lot more of this.

Update June 20: Netcraft is reporting that it was indeed lax computer security that did them in:

MasterCard International said it “worked with CardSystems to remediate the security vulnerabilities in the processor’s systems. These vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data.” Officials at affected institutions were not specifying the vulnerability and exploit used to breach CardSystems’ security. (emphasis added)

Netcraft seems to think it was likely their website, which runs on Windows 2000 and IIS 5, and they go on to promote their own security consulting services. So it’s not entirely an unbiased look at the incident.

Posted on
by

Over the last few days, one of the viruses going around (probably a Mytob variant) has been trying to send its “Your account is being suspended! Open this file now!” come-ons. It forges the return address as support@example.net, admin@example.net, etc. We block any incoming mail using these addresses before it even gets to our virus scanner.

Now here’s the weird part. We’re also getting bounces sent to another domain we manage, let’s say another-example.com. Both sets are coming from someserver.another-example.com.br!

I think that the virus is finding itself on another-example.com.br and not recognizing the country-specific domain name, misreading it as just another-example.com. It then looks up the mail server, finds our domain, and targets both.
Continue reading

Posted on
by

We finally replaced our 4-year-old Windows Me computer with a new Dell (I’d had enough of building computers a few weeks ago) and it arrived yesterday. Katie had already asked me to upgrade her Mac while she made pizza for an office party. I had planned to finish installing Tiger first, but once you get past a couple of options and the EULA it’s all a matter of waiting for it to finish.

There’s something oddly exhilarating about simultaneously setting up both a Mac and a PC.

Of course I spent the next few hours registering the pre-installed software and updating everything. Run Windows Update. Reboot. Run LiveUpdate for Norton Internet Security. Reboot. Run Office Update (twice). It’s nice that Dell will pre-install stuff for you, but given that the computer is built to order, you’d think they could apply the updates before shipping.

With today’s hostile internet, it would greatly benefit not just new computer owners but the world at large if Microsoft (and Apple and Red Hat, while we’re at it) would take a cue from SuSE and Mandrake and tie their update systems into the setup process.

To Microsoft’s credit, Windows XP setup gives you a chance to turn on automatic updates, and recommends it to the point of “Well, if you really want to turn it off, you can, but you’ll be sorry!” And I’m reasonably certain Windows Firewall was turned on by default (i.e. it’s on now, and I don’t remember turning it on), though Norton supersedes a lot of its functionality. Depending on the default firewall rules, that should mitigate the impact of any worms that happen to pick your IP address before you run Windows Update.

Correction: It seems Windows Firewall wasn’t on as I thought. Norton Personal Firewall kept asking me whether I wanted to disable redundant rules (makes sense) or disable Windows Firewall entirely (I told it no—twice), so I assumed it was running. I hope it was only off because Norton was pre-installed.

ยปAll pages site-wide with this tag