Archive for October, 2009

Windows users who have been unimpressed by the features (and problems) offered by Vista have been rushing out and buying Windows 7.  The reviews, so far, have been largely favourable but, as is the case with any brand-new version of the software, a large number of vulnerabilities were discovered – 34 to be exact.

In order to address the issues, Microsoft released a record number of patches earlier this month, including the first critical update for the program.

Some of the more serious problems included an SMB (Server Message Block) flaw that allowed attackers to remotely take control over the computer.  That’s pretty serious!

Fortunately, the patches were released before the October 22, 2009 release date for consumers (although, some large businesses have been using Windows 7 since this summer).

If you are concerned or are interested in learning more about the patches, there is a great article on CNet News outlining the vulnerabilities and fixes.  Otherwise, Windows 7 users are advised to visit the Microsoft website to ensure that they have the most recent updates.

image: Best Buy

PC World recently wrote a story about Wi-Fi cable modem routers and how a security hole left thousands of Time Warner customers vulnerable to hackers.  Incredibly, the company isn’t responsible for uncovering the problem.

A customer needed help with his Wi-Fi network and asked a friend for help with the configuration.  His friend, David Chen who writes the Chenosaurus blog, was surprised to discover the issue and wrote: “from within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks.  Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.”

That’s a very scary thought!  Most subscribers trust the equipment installed by their service providers and would never imagine that a router they have been given could leave them open to attack.  Time Warner has implemented a temporary patch but prior to Chen’s discovery, administrative access to the routers was allowed and attackers were free to run programs against them.

A permanent fix for the SMC 8014 wireless router and cable modem is expected sometime in the near future.

image: SMC.com

Absolute Software co-hosts free webinar on how one K-12 school district
simplified IT asset management and reduced computer loss by 95%

Join Absolute for a FREE webinar on October 27, 2009 featuring the first-hand laptop management and theft deterrence experiences of one of the largest school systems in the U.S., Prince Georges County Public Schools (PGCPS).

Schools with computing programs need to combat computer theft or loss, comply with regulations, and find ways to efficiently and easily track and maintain a large fleet of computers. Learn why PGCPS chose to implement state-of-the-art laptop management technology and outsource key operations to Absolute Software professional services – in order to reduce costs.

When: Tuesday, October 27, 2009; 2:00pm ET/ 11:00 am PT; 60 minutes

What: Learn how PCGPS:

• Increased use of laptops in the classroom, benefiting teachers, students, and the community
• Implemented a paperless, more efficient asset tracking system, allowing IT techs to see the location of over 40,000 laptops, desktops and mobile computers county-wide
• Saved over $47,000 annually on teacher laptop hand-out/take-back tasks, representing a 30% increase in efficiency
• Reduced computer losses by approximately 95% per year, saving an estimated $93,000 in capital expenses

Who: This webinar will feature

• Chantelle Folkes, Network Engineer, Prince George County Public Schools
• Richard Fuhr, Director of Professional Services, Absolute Software

>>Register Now

Twitter has become a great way for friends and family to keep in touch throughout the day.  It’s become so popular that even celebrities provide daily updates so that they can keep track of each other and connect with their fans.

As is the case with many social networking sites, predators have been trying to capitalize on the weaknesses associated with using Twitter.  Whether someone has created an account for the sole purpose of befriending potential identity theft victims or the profile just pumps out spam, not everything on the popular site is as it seems (read about how scammers are abusing Twitter).

Twitter has decided to take action by adding a “report as spam” feature which can be found under the “Actions” section of a profile’s sidebar.

Once a user has been reported, Twitter’s Trust and Safety team investigates the situation and makes decisions regarding what action, if any, should be taken.  Users who click the “report as spam” button will automatically have the profile blocked from following or replying to them.

I think this is a step in the right direction and, hopefully, will help deter spammers and scammers from using Twitter as a way of hurting others.  It’s important since cybercrime on social networking sites is on the rise.

A Blue Cross and Blue Shield Association employee broke protocol by transferring the names, addresses, Social Security numbers and provider identification numbers of about 800,000 doctors to his personal laptop.

Unfortunately, his computer was stolen from his car this past August but, as of yet, there haven’t been any signs of identity theft.

The affected physicians have been informed and, thankfully, no patient information was included in the database.

A representative for the health insurance company was quoted in the Chicago Tribune as saying: “At this point, we have no evidence that the data was misused.  We think this was a random criminal act. Regardless, we take these kinds of breaches extremely seriously and so we are alerting all doctors in the database.”

In an attempt to offset any negative consequences associated with the theft of the laptop, the Blue Cross association is offering crediting monitoring services to the individuals whose Social Security information was exposed.

It goes without saying that this is really a worst-case scenario, since so many could be affected by this breach and the laptop hasn’t been recovered.  This is an unfortunate example of how the mistakes of a single person could after thousands of people. 

In a situation like this, using a program like Computrace would be helpful since sensitive data can be deleted remotely and the Theft Recovery Team will work with local police to try to find the stolen laptop – and the thief who stole it. And once the they have the laptop back, Computrace can be used to help determine if files were accessed post-theft. While it would still be important to be vigilant for signs of identity theft, the risk would be considerably lower.

A woman in Jacksonville, Florida was the victim of a home invasion which, in itself, is a scary thing to go through.  The thieves made off with jewellery and electronics, including the woman’s laptop, but they didn’t know that she had installed Computrace LoJack for Laptops on her computer.  “Within 24 hours of it being reported stolen, they already had one hit on it,” said Shannon Mercer.

While her laptop was sold several times before being returned to her, she felt that she got her revenge in the end.  “When someone breaks into your house, you feel violated. To get a piece of it back is pretty neat,” said Mercer.

You can get more information on LoJack for Laptops here.  In the meantime, watch the video of Mercer’s fascinating story!

Most Recoveries by One Investigator

Location: CA, USA
Scenario: Computrace lead this investigator to a desktop computer after it was stolen from an elementary school. One knock-and-talk later, and the investigator was able to successfully retrieve the stolen desktop – marking his 274th computer recovery facilitated by Computrace technology.
Most Collateral Recovered

Biggest Bust

Location: ON, Canada
Scenario: Absolute’s investigation of a laptop stolen in a recent break-and-enter lead to a long chain of criminal activity. In the process of using Computrace intel to track down the machine’s unauthorized user, police uncovered multiple other stolen items, including credit cards, wallets, weapons and bikes. In addition, a sizable quantity of narcotics was discovered, along with evidence of a fraud operation. Several arrests were made and over 10 charges laid. Not bad for a day’s work… 

Most Unlikely Thief

Location: MA, USA
Scenario: A terminated employee was the suspect in question after a company was left minus one laptop. A surprising thief of sorts, this suspect also happened to be a part-time police officer. Perhaps this is why he knew not to lie to the investigator who confronted him – he admitted that he had stolen the laptop out of spite for his former employer, and sheepishly handed over the machine.

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.

Learn more about the Absolute Theft Recovery Process.

The University of California at Berkeley is taking the protection of their students’ personal data very seriously and have implemented data-masking techniques in an effort to thwart identity theft and security breaches. 

The school understands the importance of this after hackers broke into the health-services database earlier this year and gained access to the personal records of about 160,000 individuals.

The data-masking technology is incredibly interesting since it hides data in plain sight so that a students first and last name could be right there on the computer screen but, because the lettering has been moved around, it camouflages the true information.  The same technique is being used to conceal student identification numbers and other sensitive data.

Since a master copy of the real information is kept in a separate database it is still important for educational institutions to make sure that their network is properly protected with up-to-date security software.

Students can take the extra step of making sure that their personal computers are protected with products like Computrace LoJack for Laptops.

image: sxc.hu/svilen001

If you want to protect your Mac and save money, now is the time to check out the Mac Security Bundle.  Macintosh security specialist, Intego, has paired up with top-of-the-line security software partners to create this incredible deal which is available until October 31, 2009. 

The savings are amazing – at $49.99 the price of this bundle has been slashed by 90% (off the total price of the programs if purchased individually). 

The Mac Security Bundle contains the following programs:

• Intego VirusBarrier X5
• Micromat TechTool Pro 5
• Absolute Software Computrace LoJack for Laptops 
• Macware WebGhost
• Intego ContentBarrier X5
• Intego NetBarrier X5 
• Smith Micro Spring Cleaning 
• JoeSoft Klix
• Intego Personal Antispam X5 
• Intego FileGuard X5
• Intego Personal Backup X5
• MOApp MyWallet

All of the programs included in the bundle are compatible with Mac OS X 10.6, Snow Leopard, as well as Mac OS X 10.4, Tiger, and Mac OS X 10.5, Leopard.

To learn more about how you can get the bundle which includes Absolute’s Computrace LoJack for Laptops, visit the MacPromo site.

image: Apple.com

According to a 3-month study of 600 botnets which have infiltrated enterprise networks, bot infections are on the rise in the corporate environment. The research, done by Damballa, indicates that it is small botnets, not large ones, that are the most prevalent in the enterprise environment:

As you can see from the graph above, 57% of the botnets infecting enterprises are considered “small”, which is defined as a botnet with 1-100 active members. However, despite being less well-known, these botnets are potentially more dangerous:

While many people focus on the biggest botnets circulating around the Internet, it appears that the smaller botnets are not only more prevalent within real-life enterprise environments, but that they’re also doing different things. And, in most cases, those “different things” are more dangerous since they’re more specific to the enterprise environment they’re operating within.

The study indicates that many of these small botnets have been created with low-cost or free DIY kits that can be downloaded from the Internet. In most cases, these small botnets are described as “highly-targeted at particular enterprises”, sometimes requiring a degree of familiarity of the breached enterprise. This could indicate an insider threat issue that we previously haven’t seen or talked about. The target data in these small botnets is often professionally managed with financial controller authentication details (for money transfers), customer database and source code being the top targets.

The problem with these small botnets, aside from their very targeted attacks, is that they often evade detection. Though they are small, these botnets are very dangerous! Damballa puts out a product to detect botnets, but I know very little about it. You can do some independent research on your own to determine how your enterprise will try to detect such intrusions.

Via dark reading