Security Corner


December 23, 2010  2:36 AM

I’m Giving Away Ten Copies of The Ultimate Security Toolkit

Ken Harthun Ken Harthun Profile: Ken Harthun

Last year, I put together my Geek Toolkit which turned out to be very popular with readers of my Ask the Geek blog. Now, the security portion of the Geek Toolkit has been revised to include the latest versions of popular Open Source security tools as well as links to new arrivals where applicable. I’m calling this latest revision my “Ultimate Security Toolkit” and in the spirit of the holidays, I’m giving away 10 copies between now and December 25.

The Geek Toolkit is loaded with literally hundreds of tools that have been part of my Geek arsenal for more than five six years. It would probably take you hundreds of hours to research and compile this collection on your own.

I’ve done all of that work for you. Here are just a few of the categories in the kit:

Web Servers
Useful Utilities
Spyware Killers
Security (major revision here!)
…and 13 more

Major revisions to the Security section include:

  • Addition of Forensics category for some very high-power tools
  • Latest versions of several free antivirus suites, some with 64-bit versions
  • Addtion of security gateway virtual appliance
  • New versions of Encryption tools, including 64-bit versions
  • Upgrades of secure VPN tools

The Geek Toolkit comes with lifetime updates, so you’ll always have the most current version available.

To get your free copy of the Ultimate Security Toolkit, you have to be one of the first ten people to register by sending a blank email to: seccor-gtk-ga@automateyourlist.com. If you are one of the lucky ten, you will receive a response containing the download link and pass phrase to decrypt the archive. (Be advised, the download is large, >750 MB.) [The free offer has expired. If you would like to order the Geek Toolkit, you can do so from this page.]

It’s my way of saying thank you for being a loyal Security Corner reader. I hope you will continue to follow my scribulations throughout the New Year.

December 21, 2010  8:17 PM

Anatomy of an Attack: Four must-watch videos from Sophos

Ken Harthun Ken Harthun Profile: Ken Harthun

These videos, produced by data protection firm Sophos, are very well done and give a real insight into the current state of cybersecurity. You’ll also be presented with some related resources, including a very cool “Threatsaurus,” a 120 page PDF that runs down the a-z of computer and data security threats. The videos are short and to the point, but give you a thorough understanding of the topic:

  • Fake Anti-Virus Demo
  • Stuxnet – Windows shortcut vulnerability
  • Inside the Latest Web Threats
  • Understanding the New Breed of Cybercriminals

Watch them here: http://www.sophos.com/security/anatomy-of-an-attack/


December 17, 2010  8:20 PM

Spam: This Tactic Is Just Weird

Ken Harthun Ken Harthun Profile: Ken Harthun

Lately, I’ve seen an awful lot of junk coming in with weird subject lines in an obvious attempt to fool spam filters. Here’s a recent one:

Date: Wed, 1 Dec 2010 03:34:23 -0500
Subject:  Thhis___Recessionn__is_Faar__Fromm_Oveer___-___Leaarn__Howw_tto_GGet___IIRS___
Taax___Deebt___RRelief__WWhile_You___Stilll__Can!!

Dear [delted],

Hirinng___Formerr_IIRS_Agentts__too___Solvee___TTax_Debtt__PProblems__-___G
Good__OOr_Bad??___Relieff__IRRS_OOff_Your_Bacck_SStress!

http://lixxxx.com/yO27av

Thanks,

Ronald Sloan

{%RND***********^^^^^^^^     **********^^^^^^^^^^%}

This is an even goofier tactic than the one some marketers use to attempt to fool the filters (FR’EE, m0n’ey, and other silliness).

Would anyone fall for such a message? It should be obvious (if they even see it in the inbox) that it’s spam. Nevertheless, maybe a few of these will get through and if experience tells me anything, a few clueless souls will click.


December 12, 2010  3:04 PM

InfoWar: Cyber Hactivist Group Anonymous Attacks WikiLeaks’ Founder’s Swedish Prosecutors

Ken Harthun Ken Harthun Profile: Ken Harthun

The Hacktivist group, Anonymous, has targeted WikiLeaks’ founder, Julian Assange’s Swedish prosecutors among other targets that have taken action against WikiLeaks. This is all a part of “Operation: Payback” which has now expanded into “Operation Avenge Assange.”  This poster has been being passed around the Internet:

The group’s website gives further information on what they intend to do:

  • Offer WikiLeaks an additional mirror and have it Googlebombed.
  • Create counter-propaganda, organizing attacks (DDoS) on various targets related to censorship (time, date and target will be published by that time).
  • Contact media entities, inform them that Operation:Payback has come out in support of Wikileaks, and has declared war on the entities involved in censoring there information; we will seek public support in a campaign against censorship.
  • We will find and will attack those who stand against Wikileaks and we will support WikiLeaks in everything they need.

At least one new term (at least, to me) has popped up in all of this: “voluntary botnet.” I’m going to explore this topic in a future post in more detail, but I have to assume it means joining an IRC channel voluntarily to effect DDoS attacks as a group.


December 11, 2010  3:23 PM

Walgreens Pharmacy Data Breach

Ken Harthun Ken Harthun Profile: Ken Harthun

Walgreens, the national drug store chain, reported a data breach where someone gained unauthorized access to customers’ email addresses. Since I’m a Walgreens customer, I received this message late yesterday:

Dear Valued Customer,

We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.

We want to assure you that the only information that was obtained was your email address. Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems.

As a company, we absolutely believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. Online security experts have reported an increase in attacks on email systems, and therefore we have voluntarily contacted the appropriate authorities and are working with them regarding this incident.

We encourage you to continue to be aware of increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Walgreens.

If you have any questions regarding this issue, please contact us at 1-888-980-0963. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

Sincerely,

Walgreens Customer Service Team

I am happy to report that I haven’t seen any spam that I can identify as being related to the breach.

If you are a Walgreens customer, be sure to use caution and don’t blindly assume that a message you receive from them, especially if it asks for personal information, is valid. Here are several tips from US-CERT you should put into practice for ALL of your emails:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security

Be careful out there!


December 2, 2010  9:26 PM

Hackers Target Holiday Trending Topics on Twitter to Spread Malware

Ken Harthun Ken Harthun Profile: Ken Harthun

PandaLabs just discovered that cyber-criminals are taking advantage of trending topics on Twitter to spread malware. Using methods similar to Black Hat SEO techniques, hackers are capitalizing on holiday-themed words and phrases to direct users to malicious websites.  From their press release:

As the holiday period has begun, topics such as “Advent calendar,” “Hanukkah” or even “Grinch,” are among the most popular subjects used by hackers to entice users.

Thousands of tweets have been launched using holiday-related phrases, such as “Nobody cares about Hanukkah,” or “Shocking video of the Grinch,” along with short URLs pointing to malicious websites. To see an example of a tweet like this, please visit:  http://www.flickr.com/photos/panda_security/5226147792/.

Here are some timely (and evergreen) tips on keeping your computer safe over the holidays, or any time, especially if you use social media like Twitter, Facebook and the myriad of other sites out there:

  1. Don’t click on links from non-trusted sources on any social media site or links you receive in email.
  2. Investigate shortened links using the tips I gave you in Shortened URLs Can Hide Malicious Sites.
  3. If you do click on a link and it arrives at a site you don’t recognize or asks you to download something, close your browser immediately. Do not accept any downloads you didn’t ask for.
  4. Patch your system and update your antivirus signatures.
  5. If you do download or install something and your computer starts acting strangely or launching pop-up messages and freezing up, check it with a free online scanner such as the one at www.activescan.com.
  6. Make sure you are protected with a good antivirus and anti-malware program.


November 30, 2010  11:50 PM

The Ultimate Security Toolkit Will Soon Be Live

Ken Harthun Ken Harthun Profile: Ken Harthun

Last year, I put together my Geek Toolkit which turned out to be very popular with readers of my Ask the Geek blog. This year, just in time for the holiday gift-giving season, I’m revising the security portion of the Geek Toolkit to include the latest versions of popular Open Source security tools as well as new arrivals where applicable.

The original Geek Toolkit is loaded with literally hundreds of security, system maintenance and productivity tools that have been part of my Geek arsenal for more than five six years. All of them are safe, proven, and malware-free. It would probably take you hundreds of hours to research and compile this collection on your own.

I’ve done all of that work for you. Here are just a few of the categories in the kit:

Web Servers
Useful Utilities
Spyware Killers
Security (major revision here!)
Disk Tools
Disaster Recovery Info
…and 11 more

The Geek Toolkit comes with lifetime updates, so you’ll always have the most current version available. (If you already have a copy, I will be giving you a new download link shortly, so you don’t have to do anything.)

I’m going to be giving away 10 copies of this compilation sometime between now and December 23, 2010, so stay tuned for details on how to register and the registration requirements.


November 30, 2010  7:43 PM

Why Will Some People Fall for Anything?

Ken Harthun Ken Harthun Profile: Ken Harthun

If you watch any amount of TV at all, you have probably seen this commercial. Microsoft set up a fake bank and then offered people $500 for opening an account. The catch? “We just need your most intimate personal information…” It’s rather amusing, but at the same time, scary.

[kml_flashembed movie="http://www.youtube.com/v/ZRbcJFe_rjA" width="425" height="350" wmode="transparent" /]

Money is a powerful incentive for many people and is the driving force behind deposit scams, 419 scams, advance fee fraud and numerous other ripoffs.

So, please, if you receive emails similar to the one below, or anything offering you money in any guise, report it. Joshua Long recommends, “…report it to the authorities and the e-mail provider of the Reply-To address…  For several major e-mail providers such as Gmail, Yahoo!, and Hotmail, the address for reporting fraudulent account activity is abuse@[provider's domain].com.  Reputable e-mail providers will suspend the offending account to ensure that nobody else can send replies to it. I also recommend forwarding such messages to depositscams@coldrain.net, operated by the anti-spam and anti-fraud organization KnujOn.”

Here’s an example email. Seems they all like that $10 million number–I see it frequently:

From: “Farouk Mohanla” {faroukmohanla @ gmail . com}
Reply-To: {faroukmohanla @ gmail . com}
Subject: Please read this message carefully.
Date: June 25, 2010
My name is Farouk Mohanla, I work as a manager for oil company here in Malaysia. I write to solicit your assistance and cooperative supports to enable us retrieve the balance of $10,000,000 which is for a contractor who executed a supply of Hi-Tec Crude Oil mini-refinery CDU Unit to my company, he passed on few months ago after completing his contract and left no beneficiary to his contract balance benefits upon completion. I need to know if you will stand as his beneficiary to receive his contract benefits.
I sincerely assure you this is absolutely risk-free and shall follow legal procedures in confirmation that there is no risk involved and with trust and understanding we would be able to collect these funds to our own mutual benefits. If you are interested reply me back.

Farouk Mohanla..


November 30, 2010  6:49 PM

Shortened URLs Can Hide Malicious Sites

Ken Harthun Ken Harthun Profile: Ken Harthun

There’s no question that URL shortening services like tinyurl.com and bit.ly are useful.  After all, it’s a lot easier for me to send “http://tinyurl.com/23gycsl”than it is to send “http://www.subscriberstronghold.com/freetraining/theanswersexposed.php?hop=jvrodger,” not to mention that it takes up less space. Using shortened links is not only convenient, it’s essential if you’re using micro-blogging services such as Twitter. But there is one big disadvantage to them: you don’t know where such a link is taking you. The destination could be a malicious site that hosts malware just waiting for you to arrive and get infected. How do you resolve that?

Almost all of the popular URL shortening services have some means of previewing the link before you actually visit it. TinyURL, for example, allows you to prepend “preview” onto the link, so the link I showed you above can be previewed by changing it to “http://preview.tinyurl.com/23gycsl.” That will take you to the TinyURL preview page and you see this message: “This TinyURL redirects to: “http://www.subscriberstronghold.com/freetraining/theanswersexposed.php?hop=jvrodger.”

Google’s URL shortener, goo.gl, allows you to add a “+” at the end of the link to preview it. Here’s a link to my other site: http://goo.gl/WXylu. Change that to “http://goo.gl/WXylu+” and you’ll see not only the long link, but statistics of how many times your shortened link has been visited.

You can also use any of the following services to get a long version of the short URL: Longurl, ExpandMyURL.com, or Long URL Please.com. You simply copy and paste the short URL and the service expands it for you.

Joshua Long, a computer security researcher from Southern California, has put together an excellent guide on his blog that takes into account how to use the preview features of all of the major URL shorteners.

So, before you blindly click on any shortened link that you’re not sure about, use one of the available preview methods to check its destination.


November 29, 2010  11:45 PM

Anti-virus Protection: It Isn’t Enough Anymore

Ken Harthun Ken Harthun Profile: Ken Harthun

If your business is still relying solely on an anti-virus program to protect you from all the bad stuff out there, then it’s vulnerable on several fronts. AV software is designed for one thing and one thing only: to protect systems from threats that are already known or those that are as yet unknown, but whose patterns mimic other threats. It isn’t intended to be used as an all-in-one solution.

Let’s say, for example, that you allow your employees to bring their laptops or other devices to the office and use them on your network. This puts you at risk in at least three ways:

  1. You have no control over whether or not the employee is current will all security updates or AV updates. They could easily bring malware with them. Keeping systems fully patched is a first line of defense. Use network access control to make sure that any computer you allow on the network is fully patched.
  2. A rogue application let loose on your network can degrade performance and cause no end of problems.
  3. An infected thumb drive or other USB device completely bypasses your firewall and other filtering. Exercise some control over what’s allow to be plugged in. It’s easy enough to do.

Sophos has released a whitepaper that outlines at least eight threats that get past conventional AV. I suggest you check it out.

High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the internet for legitimate purposes. This paper outlines eight common threats that traditional anti-virus alone won’t stop, and explains how to protect your organization using endpoint security.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: