On Monday August 23, 2010 Microsoft released a security advisory regarding insecure library loading also known as “DLL preloading or “binary planting,” MS security advisory 2269637. DLLs or dynamic link libraries are modules of computer code that act as building block for many computer programs. According to Microsoft, poorly written programs allow hackers to disguise malware as a legitimate DLL that is loaded and executed when an unsuspecting user opens a file from an untrustworthy site.
Microsoft cautions that this problem only affects programs that do not load DLLs securely. In addition, users must visit an untrusted site and execute a file to initiate the attack.
Remote servers using Server Message Block (SMB) or web distributed authoring and versioning, WebDAV are vulnerable. Microsoft has a tool for IT pros that disables library loading from WebDAV shares, see KB2264107. Network Security Administrators should check that SMB is blocked at the firewall by default. TCP ports 139 and 445 can also be blocked, however; this should be tested first as some network functionality may be lost.
This alert is important because it points out a new vector for the type of malware that steals personal information such as credit card account numbers and passwords and contributes to identify theft. The extent of the problem is still not known and may affect not only third party programs but Microsoft applications as well. However, Microsoft has not been forthcoming with information in this regard.
One way to combat spam is at the source, as was done in the Pushdo case. According to a recent Network World story, researchers hope to use this case to gather valuable data that will help in this effort. Half of the offending servers were located with one hosting company that wisely chose to shut them down. The article pointed out, however; two ISPs in China did not respond to requests to turn off Pushdo servers.
Botnets use these command and control servers to send instructions to thousands of infected PCs around the World. Many of these PCs are in India and other third world countries. Perhaps it is the socio-economic conditions in those places that limit the ability of users there to purchase up to date anti-malware and antivirus software.
From a user standpoint, a well patched machine with up to date anti-malware and antivirus software is the best protection. Additionally, a corporate network should employ a good security appliance at the perimeter that blocks spam and viruses and with security policies that require that outgoing simplified mail transfer protocol (SMPT) is limited to port 25 and the internal IP address of the corporate mail server. This will limit any rouge mail servers from spewing out spam from the corporate network.
Unauthorized usage of the Internet by employees is a very big problem for most organizations and they may not even realize it. According to a study by Palo Alto Networks, more than half of the application traffic on the 60 large organizations surveyed can bypass the traditional security infrastructure. Consequentially, more than half of the bandwidth at these organizations is being consumed by online shopping, social media, and peer to peer file sharing.
Blocking port 80 and 443 is not an option for most businesses as the Internet is a key business tool. However, it is essential to have a firm Internet usage policy in place stating what is and what is not allowed. Additionally, it is important to keep an eye on bandwidth usage and employee productivity. With Cisco NetFlow and a tool such as Orion NetFlow traffic analyzer from Solar Winds, organizations can compile employee bandwidth usage reports.
By correlating high bandwidth usage and low productivity, the abusers can be identified and weeded out.
The processor technology for 64-bit computing has been available from Intel and AMD for several years but consumer acceptance has been slow due to hardware issues and a lack of 64-bit application software. Microsoft has had a 64 bit desktop OS starting with XP Pro but it saw little success. That is rapidly changing as software developers and manufacturers are coming out with a flood of 64-bit applications. The new Windows 7 operating system comes in a 64-bit version that is becoming the choice among the early adopters of the OS over the 32-bit version.
Microsoft 64 bit technology offers 32 bit compatibility but DOS and 16 bit support are no longer available. Several Microsoft application servers have 64 bit versions with 64 bit Office applications expected by 2010. Manufactures such as Adobe and Apple are offering or have in the works 64-bit versions of their popular software.
One of the main advantages of the 64-bit operating system is memory addressing. A 32-bit OS is limited to 4GB of RAM. However, the amount of memory a 64-bit OS can access is exponentially greater, potentially up to several million gigabytes of RAM.
As more 64 bit applications are written and as the cost of memory comes down, the 64-bit revolution will be just around the corner.
One of the most exciting new technologies to evolve from the Internet, intranets and extranets is cloud computing. Business enterprises are now beginning to implement the concept despite initial concerns. With cloud computing databases, applications, and services can be accessed and shared by researchers and strategic partners across multiple platforms.
Hybrid clouds may be the next step in cloud computing for business. A hybrid cloud combines a company’s internal cloud with a public cloud service provider. Higher utilization rates, lower costs and better security can be achieved by keeping sensitive and frequently accessed data in the enterprise’s private cloud and “cloud bursting” or sending the extra load to the public cloud when demand is peaking.
At this time, cloud computing and hybrid clouds are mainly of interest to large enterprises. Amazon, Google and Microsoft are rushing into the cloud space as well as dozens of other lesser known tech firms. Software companies are increasing their investment in virtualization and enhanced security to overcome earlier concerns and meet the demands of cloud computing.
The building and maintaining of a hybrid cloud computing infrastructure is not an inexpensive undertaking. However, as the cost and availability comes into line, small to medium sized business will begin to embrace the concept.
Apple released the latest version of its OS software, Snow Leopard and early indications are that it is no big deal. The $29 price tag may be the first clue, rather than the $129 Apple has charged for the previous version of the OS. Users report that it doesn’t look much different than the previous version, OS X.
During his weekend radio show, Leo LaPorte, a devoted Apple user, called Snow Leopard “a snow job”. He observed that aside form accessibility enhancements and support for Microsoft Exchange 2007, nothing on the surface has changed. “We don’t know what exactly has changed under the hood” LaPorte commented.
Why release Snow Leopard at this time? Maybe Apple wanted to upstage its old rival Microsoft, now in the process of rolling out Windows 7. After the initial sales spike from Apple devotees, it will be interesting to see if there is a general acceptance or if any new users are persuaded into the Apple camp by Snow Leopard. Time will tell if this is a worthwhile upgrade.
The feds indicted Albert Gonzales and two unnamed Russians on Monday; breaking what according to a press release by acting U.S. Attorney Ralph J. Marra, Jr. “is believed to be the largest hacking and identity theft case ever prosecuted by the U.S. Department of Justice”. The case involves the theft of over a 130 million credit card and debit card numbers along with account information stolen from Heartland Payment Systems, 7 Eleven, Hannaford Brothers Co., and two other companies that have not made their breaches public.
An unindicted co-conspirator also emerged in this case, PT, obviously an alias to protect someone who is co-operating with the authorities. These cases are difficult to prosecute without an insider spilling the beans. However, will the Feds make the same mistake that they made with Gonzales back in 2003? He was arrested on ATM and debit card fraud charges but apparently not prosecuted because he co-operated with the authorities. He was allowed to move to Miami and when nobody was looking, he formulated and launched his latest attacks.
A Scarface like hacker from Miami, two Russian mobsters and a snitch named PT hack into corporate America and steal millions of credit card numbers. This has all the elements of a cult movie.
Just when it looked like smooth sailing for Windows 7, reports of a bug began popping up on blogs earlier this week. InfoWorld’s Randall Kennedy wrote today that the RTM build 7600.16385 is reported to have a bug that causes a potentially fatal memory leak when running chkdsk.exe (not something that the average user would do very often).
I have been testing Windows 7 RC with various business apps and have found no problems so far. In fact, I rather like it. Whether this is a “show stopper” remains to be seen. Steven Sinofsky, Microsoft Windows division president blogged that Microsoft does not consider it “one of those issues” but he says that they are trying to reproduce what was reported.
Stand by, as this could get interesting.
I was finally able to finish my new Windows 7 test computer, in spite of the mountain of projects that I am currently facing. I didn’t set out to build a hot rod gamer but rather something that would be a good business PC platform for Windows 7 with some flexibility for testing various software applications and hardware components.
After reviewing the Windows 7 system requirements from Microsoft for a second time I went back to a previous post of mine in Business Intelligence back on June 5, 2009: Windows 7 Release Candidate ready for testing – part 2 to put together a shopping list.
I wanted a processor that supported the 64 bit OS and Intel Virtualization Technology for compatibility with legacy apps. The Intel Processor Spec Finder was a big help in making my choice. A matching mother board that would support lots of DDR3 dual channel memory was also on my list. AMD has some very good processors that should run Windows 7 without a problem. However, I lean toward Intel from habit more than anything.
Poking around the local CompUSA store, I came up with an Intel CoreTM 2 Duo E8200 2.66 GHz processor and an Intel DP45SG mother board. I wanted the flexibility to experiment with different video cards and of course the DDR3 dual channel memory support. I could have gotten a less expensive board but I prefer to run Intel on Intel. I found a cheap case and added a 400 Watt power supply just to be on the safe side. In my next post, I will discuss the Windows 7 RC installation and what I found running both new and old software apps.