Security Corner


December 2, 2010  9:26 PM

Hackers Target Holiday Trending Topics on Twitter to Spread Malware

Ken Harthun Ken Harthun Profile: Ken Harthun

PandaLabs just discovered that cyber-criminals are taking advantage of trending topics on Twitter to spread malware. Using methods similar to Black Hat SEO techniques, hackers are capitalizing on holiday-themed words and phrases to direct users to malicious websites.  From their press release:

As the holiday period has begun, topics such as “Advent calendar,” “Hanukkah” or even “Grinch,” are among the most popular subjects used by hackers to entice users.

Thousands of tweets have been launched using holiday-related phrases, such as “Nobody cares about Hanukkah,” or “Shocking video of the Grinch,” along with short URLs pointing to malicious websites. To see an example of a tweet like this, please visit:  http://www.flickr.com/photos/panda_security/5226147792/.

Here are some timely (and evergreen) tips on keeping your computer safe over the holidays, or any time, especially if you use social media like Twitter, Facebook and the myriad of other sites out there:

  1. Don’t click on links from non-trusted sources on any social media site or links you receive in email.
  2. Investigate shortened links using the tips I gave you in Shortened URLs Can Hide Malicious Sites.
  3. If you do click on a link and it arrives at a site you don’t recognize or asks you to download something, close your browser immediately. Do not accept any downloads you didn’t ask for.
  4. Patch your system and update your antivirus signatures.
  5. If you do download or install something and your computer starts acting strangely or launching pop-up messages and freezing up, check it with a free online scanner such as the one at www.activescan.com.
  6. Make sure you are protected with a good antivirus and anti-malware program.

November 30, 2010  11:50 PM

The Ultimate Security Toolkit Will Soon Be Live

Ken Harthun Ken Harthun Profile: Ken Harthun

Last year, I put together my Geek Toolkit which turned out to be very popular with readers of my Ask the Geek blog. This year, just in time for the holiday gift-giving season, I’m revising the security portion of the Geek Toolkit to include the latest versions of popular Open Source security tools as well as new arrivals where applicable.

The original Geek Toolkit is loaded with literally hundreds of security, system maintenance and productivity tools that have been part of my Geek arsenal for more than five six years. All of them are safe, proven, and malware-free. It would probably take you hundreds of hours to research and compile this collection on your own.

I’ve done all of that work for you. Here are just a few of the categories in the kit:

Web Servers
Useful Utilities
Spyware Killers
Security (major revision here!)
Disk Tools
Disaster Recovery Info
…and 11 more

The Geek Toolkit comes with lifetime updates, so you’ll always have the most current version available. (If you already have a copy, I will be giving you a new download link shortly, so you don’t have to do anything.)

I’m going to be giving away 10 copies of this compilation sometime between now and December 23, 2010, so stay tuned for details on how to register and the registration requirements.


November 30, 2010  7:43 PM

Why Will Some People Fall for Anything?

Ken Harthun Ken Harthun Profile: Ken Harthun

If you watch any amount of TV at all, you have probably seen this commercial. Microsoft set up a fake bank and then offered people $500 for opening an account. The catch? “We just need your most intimate personal information…” It’s rather amusing, but at the same time, scary.

[kml_flashembed movie="http://www.youtube.com/v/ZRbcJFe_rjA" width="425" height="350" wmode="transparent" /]

Money is a powerful incentive for many people and is the driving force behind deposit scams, 419 scams, advance fee fraud and numerous other ripoffs.

So, please, if you receive emails similar to the one below, or anything offering you money in any guise, report it. Joshua Long recommends, “…report it to the authorities and the e-mail provider of the Reply-To address…  For several major e-mail providers such as Gmail, Yahoo!, and Hotmail, the address for reporting fraudulent account activity is abuse@[provider's domain].com.  Reputable e-mail providers will suspend the offending account to ensure that nobody else can send replies to it. I also recommend forwarding such messages to depositscams@coldrain.net, operated by the anti-spam and anti-fraud organization KnujOn.”

Here’s an example email. Seems they all like that $10 million number–I see it frequently:

From: “Farouk Mohanla” {faroukmohanla @ gmail . com}
Reply-To: {faroukmohanla @ gmail . com}
Subject: Please read this message carefully.
Date: June 25, 2010
My name is Farouk Mohanla, I work as a manager for oil company here in Malaysia. I write to solicit your assistance and cooperative supports to enable us retrieve the balance of $10,000,000 which is for a contractor who executed a supply of Hi-Tec Crude Oil mini-refinery CDU Unit to my company, he passed on few months ago after completing his contract and left no beneficiary to his contract balance benefits upon completion. I need to know if you will stand as his beneficiary to receive his contract benefits.
I sincerely assure you this is absolutely risk-free and shall follow legal procedures in confirmation that there is no risk involved and with trust and understanding we would be able to collect these funds to our own mutual benefits. If you are interested reply me back.

Farouk Mohanla..


November 30, 2010  6:49 PM

Shortened URLs Can Hide Malicious Sites

Ken Harthun Ken Harthun Profile: Ken Harthun

There’s no question that URL shortening services like tinyurl.com and bit.ly are useful.  After all, it’s a lot easier for me to send “http://tinyurl.com/23gycsl”than it is to send “http://www.subscriberstronghold.com/freetraining/theanswersexposed.php?hop=jvrodger,” not to mention that it takes up less space. Using shortened links is not only convenient, it’s essential if you’re using micro-blogging services such as Twitter. But there is one big disadvantage to them: you don’t know where such a link is taking you. The destination could be a malicious site that hosts malware just waiting for you to arrive and get infected. How do you resolve that?

Almost all of the popular URL shortening services have some means of previewing the link before you actually visit it. TinyURL, for example, allows you to prepend “preview” onto the link, so the link I showed you above can be previewed by changing it to “http://preview.tinyurl.com/23gycsl.” That will take you to the TinyURL preview page and you see this message: “This TinyURL redirects to: “http://www.subscriberstronghold.com/freetraining/theanswersexposed.php?hop=jvrodger.”

Google’s URL shortener, goo.gl, allows you to add a “+” at the end of the link to preview it. Here’s a link to my other site: http://goo.gl/WXylu. Change that to “http://goo.gl/WXylu+” and you’ll see not only the long link, but statistics of how many times your shortened link has been visited.

You can also use any of the following services to get a long version of the short URL: Longurl, ExpandMyURL.com, or Long URL Please.com. You simply copy and paste the short URL and the service expands it for you.

Joshua Long, a computer security researcher from Southern California, has put together an excellent guide on his blog that takes into account how to use the preview features of all of the major URL shorteners.

So, before you blindly click on any shortened link that you’re not sure about, use one of the available preview methods to check its destination.


November 29, 2010  11:45 PM

Anti-virus Protection: It Isn’t Enough Anymore

Ken Harthun Ken Harthun Profile: Ken Harthun

If your business is still relying solely on an anti-virus program to protect you from all the bad stuff out there, then it’s vulnerable on several fronts. AV software is designed for one thing and one thing only: to protect systems from threats that are already known or those that are as yet unknown, but whose patterns mimic other threats. It isn’t intended to be used as an all-in-one solution.

Let’s say, for example, that you allow your employees to bring their laptops or other devices to the office and use them on your network. This puts you at risk in at least three ways:

  1. You have no control over whether or not the employee is current will all security updates or AV updates. They could easily bring malware with them. Keeping systems fully patched is a first line of defense. Use network access control to make sure that any computer you allow on the network is fully patched.
  2. A rogue application let loose on your network can degrade performance and cause no end of problems.
  3. An infected thumb drive or other USB device completely bypasses your firewall and other filtering. Exercise some control over what’s allow to be plugged in. It’s easy enough to do.

Sophos has released a whitepaper that outlines at least eight threats that get past conventional AV. I suggest you check it out.

High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the internet for legitimate purposes. This paper outlines eight common threats that traditional anti-virus alone won’t stop, and explains how to protect your organization using endpoint security.


November 29, 2010  4:18 PM

What the Heck are Intrusion Detection Systems?

Ken Harthun Ken Harthun Profile: Ken Harthun

A while back, a client heard some mention of Intrusion Detection Systems and naturally had to ask me, “What the heck are Intrusion Detection Systems.” (That’s where these “What the heck…” ideas all come from, you know.) I explained it as simply as I could at the time, but I like having something to point to with authority, something with some outbound links to more information; hence, this post.

CERIAS, The Center for Education and Research in Information Assurance and Security, who publishes an excellent list of IDS resources, gives this description:

The purpose of an intrusion detection system (or IDS) is to detect unauthorized access or misuse of a computer system. Intrusion detection systems are kind of like burglar alarms for computers. They sound alarms and sometimes even take corrective action when an intruder or abuser is detected. Many different intrusion detection systems have been developed but the detection schemes generally fall into one of two categories, anomaly detection or misuse detection. Anomaly detectors look for behavior that deviates from normal system use. Misuse detectors look for behavior that matches a known attack scenario. A great deal of time and effort has been invested in intrusion detection, and this list provides links to many sites that discuss some of these efforts.

There is a sub-category of intrusion detection systems called network intrusion detection systems (NIDS). These systems monitors packets on the network wire and look for suspicious activity. Network intrusion detection systems can monitor many computers at a time over a network, while other intrusion detection systems may monitor only one.

One common IDS misconception I run into all the time is that it is usually people outside your network who break into your systems and cause mayhem. The reality, especially for corporate workers, is that insiders can and usually do cause the majority of security breaches. The simplest and easiest way to break in is to let someone have physical access to a system. Despite preventive measures, it is often impossible to stop someone once they have physical access to a machine. If an attacker already has an account on a system, regardless of permission level, he can exploit security vulnerabilities to execute a privilege escalation attack. Finally, there are many ways to gain access to systems even if one is working remotely.

Open Source Intrusion Detection Systems

As you know, I’m a big advocate of Open Source. Below are a few of the open source intrusion detection systems:

AIDE (http://sourceforge.net/projects/aide) – Self-described as “AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.”

File System Saint (http://sourceforge.net/projects/fss) – Self-described as, “File System Saint is a lightweight host-based intrusion detection system with primary focus on speed and ease of use.”

Snort (www.snort.org) -  Self-described as “Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS. ”

Commercial Intrusion Detection Systems

If you are looking for Commercial Intrusion Detection Systems, here are a few of these as well:

Tripwire – http://www.tripwire.com

IBM Internet Security Systems – http://www.iss.net

eEye Digital Security – http://www.eeye.com


November 28, 2010  5:59 PM

One-Third of All Malware Created in First 10 Months of 2010

Ken Harthun Ken Harthun Profile: Ken Harthun

On Wednesday, PandaLabs, Panda Security’s anti-malware laboratory, reported that one-third of all malware in existence was created in the first 10 months of 2010. The average number of malware threats created every day, including new malware and variants of existing families, has risen from 55,000 in 2009 to 63,000 in 2010 – a rate increase of 14.5 percent. The research lab also revealed that the average lifespan of more than half of all malware has been reduced to just 24 hours, compared to a lifespan of several months that was more common in previous years.

“Since 2003, new threats have increased at a rate of 100 percent or more. Yet so far in 2010, purely new malware has increased by only 50 percent, significantly less than the historical norm,” said Luis Corrons, technical director of PandaLabs. “This doesn’t mean that there are fewer threats or that the cyber-crime market is shrinking. On the contrary, it continues to expand, and by the end of 2010 we will have logged more new threats in Collective Intelligence than in 2009. It seems hackers are applying economies of scale, reusing old malicious code or prioritizing the distribution of existing threats over the creation of new ones.”

I look for this trend to continue. All you have to do is watch the new headlines to realize that malware attacks and data loss are on the rise.


November 25, 2010  5:15 PM

Happy Thanksgiving to All My Readers Who Celebrate the Holiday!

Ken Harthun Ken Harthun Profile: Ken Harthun

Whether or not you celebrate the American holiday known as “Thanksgiving Day,” I ask you to take a moment and reflect on things that you have to be thankful for. Me, I’m almost overwhelmed this year by the blessings I reflect upon:

  • A new, healthy grandchild (who was born premature, but doing fine). Welcome, Aayla!
  • My own and my wife’s good health.
  • My family’s good health.
  • Friends that I have made worldwide (many of whom I’ve never met, but they’re friends nonetheless!)
  • My readers whose support allows me to continue publishing this blog for TechTarget.
  • My clients who stick with me and listen to my security advice (Not a single major security incident in the last four years, yeah!)

There are so many more that it’s impossible to list them all. But, I want to extend one special holiday greeting to my AWESOME friend, Stuart Stirling (whom I’ve never met in person, but whom I hope to one day), for sending me this incredible video. Happy Thanksgiving, Everyone!

[kml_flashembed movie="http://www.youtube.com/v/Ek1iIOTsiRo" width="425" height="350" wmode="transparent" /]


November 25, 2010  3:28 AM

Hey, Crackers, Spammers, and Other Assorted Idiots, Let’s See Something Original!

Ken Harthun Ken Harthun Profile: Ken Harthun

WARNING! This is not yet rated, but you don’t want young children reading it! This is a rant, and I’m not being very nice…

Hey, fools, I’m getting very bored with your useless crap. The spam isn’t even worth reporting anymore. I mean, if anyone is even falling for this junk, then they deserve everything they get. Find a new niche, you idiots, one that baby boomers really identify with (at least those that I know). I’m not going to even give you a hint about what that might be, but it would be fun to see some new and original spam for a change.

At least we wouldn’t all feel like we’re wasting our time thinking you’re a security threat. No, you’re just peddling your useless junk. At least, if you came up with something embedded in those graphic images on your porn site that gave us pause, we’d have something to do.

So, give us a break! You send spam with the subject “It’s just cool!” The “from” line reads, “EnlargePe***.Hi16@yahoo.com.” And then you tell us, “It’s just cool! Have a cool pe***!” Sheesh! we don’t want it be cool, we want it to be hot. Wrong marketing message. Makes sense, though: you Russian spammers don’t have anything better to do, I guess. And you certainly don’t have any brains (Maybe the thought process has descended into that large member you’re advertising).

It doesn’t work anymore. Try spamming gout remedies or hemorrhoid relief.


November 20, 2010  3:09 PM

Identity Exposure Index (iEi) Can Improve Over Time

Ken Harthun Ken Harthun Profile: Ken Harthun

In 2009 April, I introduced the concept of an Identity Exposure Index (iEi) in my post, What’s Your Identity Exposure Index? In 2009 May, in response to a reader’s coment, I posted Can Your iEi be Improved? I am happy to report that it is possible to improve your iEi.

When I first tried the method, my iEi was 2.8. Eighteen months later, doing what I recommended to my reader, my score is now 1.6-a significant drop. That’s a pretty good indicator to me that you do have some control. Here’s what I recommended:

I’ll give you the best solution I know, one that I’ve been using for some years now: If you are on line regularly, do everything you can to post and reveal the information that you *want* people to find. A blog is great for this. Using my blogs, over the past five years I’ve managed to push the junk well beyond the third page of most search engine results. I can live with that.

Here’s the actual sequence of searches to determine your iEi:

Use any top search engine. I used Google.

1. Search your name in the form you commonly use; e.g., Ken Harthun, not Kenny, Ken G. or other variants. Count the number of accurate hits on the first page.

2. Search your full legal name as it appears on your birth certificate. Count the number of accurate hits on the first page.

3. Search your mother’s married name, with and without her middle name and middle initial. If her maiden name shows up anywhere on the first page, count 10; if not, count 1.

4.  Search the last six digits of your Social Security number, including the dash. If your name shows up anywhere on the first page, count 10; if not, count 1.

5. Search your home phone number with area code. If your current address is shown, count 10; any former address, count 5; else, count 1.

Now, add all the scores. Maximum score is 50. Divide by 10 to get your iEi. It’s your choice whether or not to round off.

In another 2009 May post, ID Analytics Service Validates Identity Exposure Index, I mentioned the service provided by MyIDScore.com, a free public service that gives you a quick way to assess your risk of identity theft. Once again, that service validates my iEi test:

Here is your personal My ID Score calculated from the information you submitted:

Kenneth G Harthun
My ID Score: 224
Date: 11/20/2010
Report Code: [none of your business! ;-)]

A My ID Score of 224 indicates a LOW risk of identity fraud.

I just love it when I’m right! Nevertheless, I would have to recommend you use their method over mine; it’s easier, faster, and (probably) more accurate.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: