Security Corner

August 7, 2011  4:14 PM

From Spam to No Spam in Minutes

Ken Harthun Ken Harthun Profile: Ken Harthun

In my June 18, 2011 post, “Reduce Unwanted Email,” I mentioned a couple of temporary email addresses that you can use when signing up for information. I wrote that post to prevent others from experiencing the spam nightmare I have been having (which I also described in that post).

Unfortunately, using a disposable or temporary email address doesn’t help when you’re already being spammed in volume. Before I took some corrective measures and blacklisted some domains and addresses, I was getting upwards of 100 pieces of spam every day. My mail provider’s spam filtering was somewhat effective, but some spam still got through while there were quite a few false-positives. I quickly realized that wasn’t the solution.

As an avid listener of the podcast “Security Now!,” I have heard Leo Laporte speak very highly of I decided to give it a try and signed up for their 15-day free trial last week. As required by the service, I changed my MX record to point to’s servers. I then turned off my host’s spam filtering. Within minutes, the spam started trailing off and there were no false positives. I’m definitely going to spring for the yearly subscription when the trial ends.

Just today, I noticed one false positive–an email from a client’s backup software–but that was easy to fix. I just selected the message and told MailRoute to “Recover and whitelist sender.” The message appeared in my mailbox instantly.

Check it out.

July 31, 2011  3:44 AM

Is Information Security a Viable Career Choice?

Ken Harthun Ken Harthun Profile: Ken Harthun

Working in an educational environment is an interesting experience. Young people seeking the knowledge they need to start their careers have a different viewpoint than those of us who are working in our fields. We tend to know where we are headed with our careers; the youngsters have questions about where they are headed. One student asked me recently is Information Security a viable career choice? I answered that it is.

The student was concerned that information security measures are getting better all the time and that it may not be necessary to have information security professionals in the future if things keep improving. I pointed out that we still have physical security professionals employed virtually everywhere even though physical security technology is more advanced than it has ever been. Criminals still manage to circumvent physical security measures even in the face of advanced technologies. It is no different with information security.

I assured the student that she couldn’t go wrong in pursuing an information security certification. Crackers will always be there trying to breach the walls that we security professionals erect to keep them out of our networks. Sure, the technology will evolve and the skill sets needed today will be irrelevant tomorrow, but information security will always be a concern and there will always been a demand for qualified people who understand it.

Every information technology professional from the desktop support technician to the CIO has some responsibility for the security of their organization’s data. The Network Administrator’s role is probably the most critical since he is the one with his feet on the ground dealing with the day to day issues.

Physical security has evolved with technology; information security is doing the same. Despite advances, there is still a need for physical security personnel; likewise, there will always be a need for information security personnel. If information security is what interests you as a career path, I say go for it.

July 30, 2011  2:52 AM

(Humor) I Couldn’t Resist Replying to This

Ken Harthun Ken Harthun Profile: Ken Harthun

I get these scams all the time and I just couldn’t resist answering this one. Here’s the exchange:

Dear Mr. Hendrik:

God bless you, sir! This grant could not have come at a better time. You see, I had a dog for many years that I truly considered my friend and I had to put her to sleep recently. This devastated me so much that I went on a bender for six weeks and woke up in the hospital missing both of my legs. I have no idea what happened, but one of the nurses said I passed out on the railroad tracks. I don’t remember, but I guess I have to believe her.

They tell me that I have been here (in hospital) for almost a month now and the bill is approaching $500,000.00, so I really need this grant and it couldn’t have come at a better time. I will be able to pay off my hospital bills and have enough left over to re-build my life, such as it has become. Perhaps with the remaining money, I will be able to afford (barely) a pair of bionic legs.

However, your letter has left me with a dilemma: I have no money to pay your processing fee. Since I am to be granted $950,000.00 USD, I can certainly afford to pay you back should you be so kind as to lend me the $560.00 processing fee. In fact, I would be happy to pay you back $1,120.00 in exchange for your generosity.

Mr. Hendrik, I truly appreciate your contacting me in my time of need and look forward to receiving your loan of the processing fee via Western Union immediately upon receipt of this email. You can well imagine how desperate I am and your benevolence at helping a fellow human being in need will certainly be rewarded in whatever afterlife you find yourself.

On 7/24/2011 3:04 PM, Mr. Franklin Hendrik wrote:

International Monetary Fund (IMF)
Independent Corrupt Practices and Other Related Offenses Commission
Wuse Zone 5, Garki
Your International Monetary fund (IMF) grant  of $950,000.00 USD  has been approved by the International Monetary fund (IMF) board of directors during their last meeting. The amount to be transfered to your nominated bank account is to be carried out by one of our partner banks
owing to the fact that the International Monetary fund(IMF) does not directly remit funds into the bank account of its beneficiaries .
The last hurdle you would have to scale to have your pending funds transfer transferred to your nominated bank account is the International Monetary fund (IMF) grant processing fee of $560.00 USD.
Once this fee is paid! The necessary documents the bank will require from you will be presented to you by us to enable you have access to your $950,000 USD.
This transaction can and should be concluded within 48 or at most 72 working hours after you have made payment of the International Monetary fund (IMF) grant processing fee of $560.00 USD.
Do respond swiftly, So that we can conclude this transaction as soon as possible.
Once again congratulations on your just approved grant of $950,000.00 USD.
Mr. Franklin Hendrik

July 29, 2011  2:46 AM

An Unusual Password Generator

Ken Harthun Ken Harthun Profile: Ken Harthun

I was playing around on the web the other day and found a rather cool tool called “l33t-sp34k g3n3r4t0r.” For the unenlightened among you, that’s “leet-speak generator.” Leet speak originated back in the 1980’s when dial-up bulletin board systems (BBSs) were popular. You can read the Wikipedia entry for more detailed information and history. The leet alphabet is a specialized form of symbolic writing that may also be considered a substitution cipher; however, it is also a fine way to generate passwords.

Now, before you start throwing rotten tomatoes at me, let me explain. Yes, hackers know leet and may try to test such patterns; however, there is no “standard” leet alphabet, so one person’s variations will be different from another person’s. This makes the tool I found a very useful password generator for three reasons:

  1. The password will be unguessable; and,
  2. You can use something easy to remember; and,
  3. If you forget the actual password, you have a tool to translate your phrase.

I downloaded the app, which is just a small .exe file. You enter the normal text in one window and click the Tr4n$L4+E button; out comes l33t spe4k. If you enter l33t sp34k and click the  Translate button, you get the normal text. Very cool. I chose “ILoveLucy” as my pass-phrase. In leet, that translates to “IL0VeLUCy.” That’s not particularly strong, but it would do for a non-critical website login. It actually works better if you put spaces in the phrase: “I Love Lucy” becomes “1 L0V3 lucy.” You can then run the characters together if you want.

Try it out and have some fun with it!

July 24, 2011  1:05 PM

Amusing 419 Scam Tactic

Ken Harthun Ken Harthun Profile: Ken Harthun


Ever heard of the “Anti-Cyber Crime Unit?” Neither have I, but when I got an email the other day with the subject line “Email from: The Anti-Cyber Crime Unit,” it piqued my curiosity. I found it clever and amusing, but read for yourself and see what you think:

The UNITED NATIONS, FBI, LOTTERY OFFICES, COMPENSATION OFFICES AND BANKS recently discussed at a congressional hearing conducted this week just how its special anti-cyber crime taskforce worked when it came to combating cyber crime and the nefarious digital machinations of web rapscallions, hacker hooligans, cyber criminals, and virtual villains. They outlined its latest accomplishments in the IT security front, which included the capture of million-dollar scammers via a synchronized raid on a thousand ATM machines a few months back.

However, truth be told, no one thinks that the U.k. Government and other goverment is fully equipped and ready to stop a really bad hacker attack against its physical or financial networks.

The Decision has been taken, and they have decided to instruct the Anti-Cyber Crime Unit to see and investigate your funds Transfer and why you are yet to get your funds.

You are now to provide Us with the following information below;

YOUR NAME; ………………..
ADDRESS; ……………….
SEX; ………………..
OCCUPATION; …………………..

Immidiately you provide us with the information above, we will investigate your transaction and get back to you with the full details of your funds WITHIN 24HRS.

This is to Fight the Cyber Crime and also inform you if you dealing with the right Person or not.

After the investigation we will instruct you on how to get your funds.

Anti-Cyber Crime Unit
Mr. Thomas Lifson

You’d think by now that the crooks would give up, so why don’t they? The answer is: people still fall for this ruse and as long as people keep falling for it, crooks will keep running the scam.

July 23, 2011  4:06 PM

Microsoft is Finally Starting to Listen to Me…

Ken Harthun Ken Harthun Profile: Ken Harthun

Well, maybe not me, but over the past couple of years, Microsoft is finally starting to get their security practices in order.

The college I work for has just switched all email for students and staff over to Microsoft’s Live@Edu hosted Exchange offering. While we administrators set pretty secure default passwords when configuring the accounts, people will be people and usually change them to something they can remember, meaning completely guessable and insecure. So, Microsoft is going to enforce strong passwords going forward:

Dear IT Administrator,
Thank you for your continued participation in the Live@edu program. We would like to make you aware of a Windows Live service update that will bring new improvements to the end user experience. You should also be aware of some minor changes to the administrator capabilities brought about by this update. This email provides a summary of these changes along with the timeframe for the update.
Changes in the Password Policy for Windows Live ID
As part of an effort to increase security, the password policy for the Windows Live ID will be strengthened. These changes will come into effect on September 1st, and will only affect those users that change their password or create a new password after the update. Under this updated policy, the new password must meet the following requirements:
Must be at least seven characters long and not longer than sixteen characters.
Cannot be reset to any of the previously used 10 passwords.
Must contain characters from all of the following three categories:
Uppercase letters (A through Z)
Numbers (0 through 9)
Special symbols such as:!, $, #, % etc.
Current Live@edu users will not be required to change their existing password as a result of this change in policy. However if you try to change or reset it, then the new password must meet the above mentioned requirements. If a password is among previously used 10 passwords, you will see an error message “A password match is found in the history.”

All I have to say is, Bravo!

July 23, 2011  12:59 AM

Video: Security News Roundup

Ken Harthun Ken Harthun Profile: Ken Harthun

An interesting roundup of stories from Sophos.

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

July 17, 2011  2:14 PM

Update on Security Nightmares

Ken Harthun Ken Harthun Profile: Ken Harthun

Recall my June 30, 2011 post where I talked about the security nightmares I walked into on my new job:

In this case, it’s a nightmare on Seventh Street! These are the types of things that give me nightmares and I walked into a total nightmare factory:

Wiring closets are open on every floor and every floor has a managed switch and/or router sitting in the closet.

Servers behind unlocked and open doors because shutting the door makes the room too hot and the servers shut down.

Contractors putting in new floors in the server closet and I have no access control.

Backups to external USB drives that anyone in the unlocked closets could walk off with and backups have been intermittent.

Staff laptops are not using encryption.

The good news is that I have corrected some of these things, so I now sleep much better at night!

  • The wiring closets are now locked.
  • Core switch and servers are now behind locked door and cooling has been installed.
  • Barracuda backup server installed and all servers are being backed up with critical data backed up every two hours and sent to the cloud.
  • Data structure standardization initiative in progress which includes backup/encryption for staff laptops.

I have to say that the organization is now probably more secure than they have ever been, thanks to my efforts and the efforts of the IT staff at the other locations. Good thing is, we have corporate backing on these efforts. It’s nice to know you have the power to make a difference and get things done.

July 7, 2011  2:20 AM

Cryptogram Contest Solution

Ken Harthun Ken Harthun Profile: Ken Harthun

Better late than never, I guess. I promised this would be published on June 30. Well, I got a new job and I got really, incredibly, insanely busy. But, here we go. Recall this:

The ciphertext is below. Hint: The key to solving this cipher is to figure out the shift and the variation. The very first letter of the cryptogram is the actual first letter of the first word and all punctuation is preserved. Please note that this is NOT a simple substitution cipher. There is no guarantee the letters will be the same throughout, though you may notice repeating patterns.


Two readers solved the puzzle, one by conventional means and one by rather unconventional, but ingenious means. Here are there results:

Brian: “Confession time – I cheated. I eventually tracked the quotation down >> > on the basis of the word count. I quite understand if this disqualifies me. If it doesn’t, then I would choose the download.”

When I told him he won based on his approach, he wrote back with this:

I had verified my solution using the shifting Caesar Cipher, but I’m hoping your blog will have something about the approach taken by the other solver. I only came to the “words” approach when I had to admit to defeat using more orthodox methods!

Fact is, Brian made the effort to solve the cryptogram and his unconventional method was successful. This shows very analytical thinking worthy of any cryptanalyst. Well done, Brian!

John provides the conventional solution to the cryptogram:

I think I figured the puzzle out. It is referencing a very old science fiction quote from a short story “Mimsy Were the Borogoves” by Lewis Padgett published in February 1943. I also think there were a couple spelling errors in the pattern.

‘Twas Brillig and the slithy toves did gyre and gimble in the wabe:
All mimsy were the Borogoves, and the mome raths outgrabe.

The pattern, outside of the first “T”, was -1 then +1 then -1 then +1, and so on…

Two winners, two different approaches.

And, by the way, the poem is called “Jabberwocky” and was written by Lewis Carol of “Alice in Wonderland” fame.

Congratulations, winners!

June 30, 2011  3:08 AM

Security Nightmares

Ken Harthun Ken Harthun Profile: Ken Harthun

In this case, it’s a nightmare on Seventh Street! These are the types of things that give me nightmares and I walked into a total nightmare factory:

Wiring closets are open on every floor and every floor has a managed switch and/or router sitting in the closet.

Servers behind unlocked and open doors because shutting the door makes the room too hot and the servers shut down.

Contractors putting in new floors in the server closet and I have no access control.

Backups to external USB drives that anyone in the unlocked closets could walk off with and backups have been intermittent.

Staff laptops are not using encryption.

Insecure and obsolete (Win 2000) servers on the network.

Still some floater laptops that have NO antivirus protection (just had to re-image one that got infected with a really nasty rootkit).

No security policy exists.

This is like a game show: “Hey, Mr. Hacker, COME ON IN!”

But don’t try it: I’m on the scene. “Drunk hacking – You WILL get caught, and you WILL be arrested!” LOL

Another week or so and those nightmares are history!

Believe me.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: