Security Corner


March 31, 2012  9:48 PM

World Backup Day 2012



Posted by: Ken Harthun

Today, March 31st, is World Backup Day 2012. The tagline reads: “Don’t be an April Fool. Backup your files. Check your restores.” You can visit the site for some great deals on backup services. They have a list of featured articles all about backup and a link to a great infographic on Pinterest. To save you time, I’ve placed the infographic below this post.

Hostgator’s monthly newsletter makes a good point: “Our whole lives are found on our hard drives. When a hard drive fails and the data isn’t backed up, it’s gone. And it’s not a question of IF your drive will fail, it’s WHEN.”

Those of us in the know, who do back up our data on a regular basis are fairly well versed in some of the scary statistics about data loss and data security. For those who aren’t as familiar with the stats, here are the main ones in favor of backups:

  • All hard drives will crash during their lifetime
  • More than 1 in 10 laptops will be stolen in their lifetime
  • A laptop is stolen every 53 seconds
  • Every year 46% of computer users lose their music, photos, and documents
  • 50% of all hard drives will crash within 5 years
  • 89.1% of PC users don’t perform regular backups
  • A recent study from Gartner, Inc., found that 90 percent of companies that experience data loss go out of business within two years.
  • 70 percent of companies go out of business after a major data loss

While it’s on your mind, go ahead and take advantage of one of the free backup offers commemorating World Backup Day 2012. I promise, you’ll rest easier tonight.

Source: facebook.com via World on Pinterest

March 31, 2012  12:31 AM

“Glory Johnson” loves me



Posted by: Ken Harthun
E-mail scam, Green card scams, Malware, marriage scams, spam
FortBendNow.com

Source: FortBendNow.com

I have been getting a deluge of spam comments to my various posts on this blog from a one Glory Johnson who goes by various nicknames. The most common nickname is “Glory39,” but the number is a moving target; “she” has posted as Glory342, Glory50, Glory34, and Glory38 among others. Well over 50 comments just today and they are still coming in. This is obviously a come-on for a scam, I’m just not sure what kind. I doubt that “Glory Johnson” is actually a female, nor does she have amorous intentions.
See what you think about the text of the comments. They are all identical, regardless of which version of “Glory” is posting them:

Hello My name is glory johnson i saw your profile today techtarget.com) and became intrested in you,i will also like to know you the more,and i want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address ( gloryjohnson001 at yahoo.com) I believe we can move from here!I am waiting for your mail to my email address above. glory. (Remeber the distance or colour does not matter but love matters alot in life) please contact me here ( gloryjohnson001 at yahoo.com)

I decided to play along and use one of my anonymous email addresses to appear to take the bait. Here’s what I sent to “her” email address:

Subject: I will like to know you the more
From:xxxxxxx
8:09 PM (16 minutes ago)
To: gloryjohnson001@yahoo.com
Hello,

You sent me this. I am wanting picture.

Hello
My name is glory johnson
i saw your profile today(techtarget.com) and
became intrested in you,i will also like to know you the more,and i
want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address (gloryjohnson001@yahoo.com)
I believe we can move from here!I am waiting for your mail to my email address above.
glory.
(Remeber the distance or colour does not matter but love matters alot in life)
please contact me here (gloryjohnson001@yahoo.com)

Unless this post has just tipped off the scammers, I’ll keep you posted on what transpires.


March 26, 2012  12:20 AM

Security Corner mentioned on Security Now!



Posted by: Ken Harthun
data security, hard drive maintenance, Security Now!, Spinrite

Part of data security is protecting the storage media from damage and maintaining a high level of data integrity. For hard drive maintenance and recovery, there is no better tool than SpinRite, developed by Steve Gibson of GRC.com. I recently had a great experience with it at Antonelli College where I am the network administrator, so I told Steve about it. While listening to Security Now! Episode 345, I was surprised and delighted to hear Steve read my story. Here’s the excerpt:

Steve: And I heard from a listener, Ken Harthun, who wrote to me on the 19th of February: “SpinRite saves a student’s laptop.” He said, “Steve, I’m a loyal listener of Security Now!, having listened to every single episode. That first episode was only 18 minutes and left me wanting more.” Well, we’ve taken care of that.

Leo: Was it that short? Wow.

Steve: Wow. And that was your original concept, Leo, was just to do sort of a check-in on the week. It’s like, okay, well, that didn’t last long. And it’s funny, too, because I remember Elaine quoting me for transcription, didn’t sound like it was going to be very expensive, either.

Leo: No, sorry about that. Whoops.

Steve: Oh, it’s been worthwhile, and I haven’t looked back.

Leo: Thank you.

Steve: So he said, “Today’s episode was a little over two hours and still left me wanting more. You are often the source and inspiration for my Security Corner blog posts over at IT Knowledge Exchange. So a big geek thank you to you and Leo. Please continue.” He says, “I first used SpinRite in 1999 – it was v5.0 – to recover a floppy disk that had been corrupted. Since that day I’ve insisted that wherever I worked, the IT department agreed to make SpinRite available to me should the need arise, and too often it has. In my private service world, I always insist that, if SpinRite recovers the drive for my client, that my client purchase a copy. Needless to say, there have been a few sales as a result.”

Leo: That’s good idea. That’s a good way to do it.

Steve: I have no problem with that, yeah. He says, “I have my own copy, of course, and last summer I insisted that my new employer, Antonelli College, where I am the network administrator, purchase a site license. Well, that’s a good thing because last week it saved one of their students’ laptops and all of her interior design coursework. Windows was throwing all kinds of errors. The wireless wouldn’t connect. She gave me a list of seemingly random errors that didn’t seem to make a whole lot of sense. But they pointed toward a hard drive failure. I was about to attempt to backup the data and restore the system when it just completely locked up, and I had to force a shutdown with the power button. On restart it just hung at the starting Windows screen and would go no further. I could hear the drive thrashing about. Not good.

“Enter SpinRite. I booted up from my thumb drive and ran it at Level 2. After a couple of hours SpinRite reported that it was finished, though no errors or bad sectors were found,” which of course is a story we’ve heard many times. And I’ve explained why that doesn’t mean SpinRite didn’t do anything. He says, “On reboot, the system came right up, faster than ever, connected to the wireless, and immediately began downloading updates. I completed the updates, ran a few tests, and pronounced the patient healthy. Needless to say, the student was ecstatic. And thanks to SpinRite, I did my part to provide a ‘superior student experience.’” He says, “Part of our vision statement for the campus.” He said, “Steve, SpinRite is absolutely the best hard drive maintenance and recovery utility on the planet, and maybe in the universe. It’s worth 10 times the price you charge for it. Thanks for all you do. Ken Harthun.”

And he said, “P.S.: I’ve never had a hard drive failure, and I attribute that to my using SpinRite on my own systems on a regular basis.” And of course we understand also why it is a good preventive maintenance utility. Running it on a drive, even a quick Level 1, shows the drive where it’s got problems developing that it’s able to correct before they get critical.


March 24, 2012  1:41 PM

Beware fake IRS tax appeal notices



Posted by: Ken Harthun
E-mail scam, IRS alert, Malware, taxes

It’s that time of the year again and while this particular fake notice has been around before, the frequency seems to peak around tax time in the U.S. It’s a wonder the ploy even works because the IRS NEVER communicates with taxpayers via email. Nevertheless, people fall for it and find themselves infected with malware. Of course, if you are not in the U.S. this one is easy to spot, since the IRS would have no business with you in the first place.

The message comes with one of these subject lines:

Rejection of your tax appeal.
Your tax return appeal is declined.
IRS notification of your tax appeal status.

I’ve seen other variations in the past, but the above are the most common ones.

The text of a typical message is shown below. Variations are common, but generally don’t stray far from this example:

Dear Business owner,
Hereby you are notified that your Income Tax Refund Appeal id#6636527 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Of course, the attachment is malware and anyone clicking the link will be immediately infected. Sophos detects is as Mal/Iframe-AE.


March 21, 2012  6:04 PM

VIDEO: Solving the RSA 2012 #sophospuzzle



Posted by: Ken Harthun
cryptographic challenge, puzzle, sophos, Video

As promised, here is the solution to the puzzle that I talked about yesterday. Thanks to Sophos, who posted the video on their blog.

So you don’t have to surf away from here, here is the video.

[kml_flashembed movie="http://www.youtube.com/v/VTLA-LSJAcc" width="425" height="350" wmode="transparent" /]


March 20, 2012  6:03 PM

RSA 2012 #sophospuzzle challenge



Posted by: Ken Harthun
cryptographic challenge, Cryptography, puzzle, sophos

I admit, I didn’t take this one on; I’m just not much of a coder. I did, however, find it extremely interesting, especially in the way the original puzzle was “encoded.” You can see the original puzzle and challenge here. It’s actually a concatenated C routine:

#include~!int~putchar(int~c);char~*m="noncen.cmh/alu/puyxs.hrhb\xd\xa";void~main(int~argc,char~**argv){if(argc>1&&strlen(argv[1])==8){int~i=0;while(*m){putchar(*m+(*m<0x41?0:argv[1][(++i>8?i=1:i)-1]-0x61));m++;};};}

Sophos promises more puzzles in the future on their nakedsecurity blog.

I’ll be watching, for sure, and stay tuned: tomorrow’s post will show the solution.


March 11, 2012  10:48 PM

Seven flaws will be fixed on Patch Tuesday



Posted by: Ken Harthun
Patch management, Patch Tuesday, Server 2008, Server Core Installation, Vulnerabilities

Microsoft will issue six security bulletins on Tuesday, March 13. The issues address seven vulnerabilities. This time, however, only one of those has been given a severity rating of critical; it addresses a remote code execution vulnerability in Windows.

Interestingly enough, there are footnotes that apply to Windows Server 2008 and Windows Server 2008 R2 detailing whether or not the Server Core installation is affected:

*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option.

**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option.

This tends to support some of the things I am hearing about Server Core being more secure than a full-blown GUI installation of the products. Here’s Microsoft’s take:

Reduced attack surface. Because Server Core has fewer system services running on it than a Full installation does, there’s less attack surface (that is, fewer possible vectors for malicious attacks on the server). This means that a Server Core installation is more secure than a similarly configured Full installation.


March 11, 2012  2:41 PM

SANS’ Conversations about Cybersecurity



Posted by: Ken Harthun
APT Attack, Chinese Hackers, Cyber-criminal, Cybersecurity, Security, Targeted attack

As you know, I’m a big fan of SANS Institute; their site, their various newsletters and their wealth of knowledge about cybersecurity are unparalleled. One day, I hope to be able to take some of their excellent training courses. In the meantime, however, I continue to peruse their newsletters and learn what I can.

The latest issue of SANS NewsBites, March 9, 2012, Vol. 14, Num. 020, beguns with this blurb written by Alan Paller, director of research for SANS:

The managing partner of a large New York law firm had a visit from the FBI in which he learned that the files of every one of his firm’s clients had been copied from the law firm’s servers and placed on servers in Asia known to be used as transfer points in APT attacks (APT translates loosely to Chinese, he learned). Nine days later, he and another partner from his firm came to my house on a Sunday morning fora conversation. They wanted to know why the intruders wanted the data, how they got in, why the firewalls and AV and other security tools their consultants told them to install didn’t stop the attacks, and how they could be stopped in the future. The conversation is posted at http://www.sans.org/security-resources/cybersecurity-conversations

This four part series is a fascinating read and I highly recommend it to anyone who is curious about the types of targeted attacks that are out there and how to protect yourself from them.


February 29, 2012  11:04 PM

And finally…give them your security question answers



Posted by: Ken Harthun
Password best practice, password succession, Security best practice
wpclipart.com

Source: wpclipart.com

I promise that this is the last password succession hint for a bit. I just think this information needs to be out there for everyone to access. It doesn’t matter if you’re 16 or 95, if you have any accounts that your loved ones need access to in the event of your untimely (or even timely) demise, these tips will help you choose the method you most favor.

Most accounts you set up these days with banks, email, credit cards, PayPal, etc. allow you (or force you) to create security questions in the event you forget your password and need to reset it. You know them; they are things like, “What was the name of your first pet,” or, “What was the model of your first car.” The variations are endless, but they all satisfy the condition of “something you know.”

Normally, these should be something that only YOU know, but you can easily tell your loved ones what questions and answers you have chosen. This is probably the simplest way of providing for account succession as it will allow your loved one to reset your account passwords to something they will be more likely to remember. Besides that, the other methods my be a bit too technical for some; good for geeks, but not so good for the gander.

Do give it some thought, will you? The responsible among us urge you to make it easy on your loved ones during what is always a very difficult time.


February 28, 2012  10:48 PM

The succession power of LastPass One-time Passwords



Posted by: Ken Harthun
LastPass, password succession, passwords

My previous two posts have dealt with the concern of what happens if you pass away without your loved ones having access to your various account passwords. What will happen if they can’t access online banking information, credit card accounts, email accounts and other critical information? The process can be a nightmare, adding even more stress on top of the grief of loss. Therefore, it’s a loving thing to do to provide a means for your family to be able to access critical online accounts in the event of your death.

There is no question that the most expedient way to insure access is by storing all of your critical account information, financial information, and any other personal information (using Secure Notes) with LastPass. With LastPass, you can securely store any critical or personal information under one password. You can, as I have shown, make a list of passwords that you will use into the future; however, there is an even simpler solution: LastPass One-time Passwords. Generate a few of those, store them in your safe deposit box or with your attorney and no matter what happens to you, your loved ones can get into your Last Pass vault. Once they do, they can change the master password.

Here’s a video on how to do that in LastPass. And, if you don’t already have LastPass, what are you waiting for?

[kml_flashembed movie="http://www.youtube.com/v/-6lO280MJ0w" width="425" height="350" wmode="transparent" /]


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: