Jedi Star

Its that time of the year when Cybercriminals play the part of the “Grinch” and make some profit using your Christmas Money.

This trend is not new, has been happening for many years but its just that there are a few things that have changed in the last few years.

For instance the latest released web malware exploitation kit comes with 9 kinds of exploits and 3 licences. Cyber Criminals are exchanging thier gifts this way.

The Kit which is available shares its scripts with competing expoitation kits.

Now that what I call Open Source Malwares and sharing. I think this is one thing big firms like Microsoft, Apple and others can learn “Sharing.”

The following are the Expoits which are used by these Kits:

• modified MDAC and IE Snapshot: Affects both IE6 and IE7 users.
• FF Embed: Affects All Firefox Versions.
• Opera Old&new.
• Old PDF and New PDF.
• XLS: Exploits Excel.
• SWF: Targets all Browsers.

Also the Malwares in these exploits has low detection rate, only 6 out of 37 AVs detect it – 16.22%.

Hope this alerts most users and they find ways to secure their Third Party tools and more.

Posted under Latest News, Network and Security

Recently an update for the AVG 8 antivirus software for Windows XP, Vista, and 2000 has caused the System files to be deleted in the above Operating systems.

The update warned that the user32.dll system file was a Trojan Horse and caused the deletion of the same.

The problem has affected the Dutch, French, Italian, Portuguese and Spanish versions of the AVG Antivirus.

As soon as the system file was deleted it caused the Windows OS to reboot endlessly or not reboot at all.

The Fix for the problem is to disable the AVG Antivirus and then replace the user32.dll file from the Windows installation CD. But this works only if the PC is not rebooted after the file been deleted.

The company has also reported that the Updates on the AVG 7.5 and AVG 8 version both have the same problem for certain language packages.

However this issue might be resolved soon but what i believe is that the main issue is with Windows itself and for us to have hassle free computing experience more and more people should move to Linux.

Posted under Latest News, Network and Security

Described as the most advanced piece of Crimeware the Sinowal Trojan has stolen about 500,000 online bank accounts all over the world.

RSA which helps to secure networks in Fortune 500 companies tracked the Trojan which has compromised over 2000 domains.

Sean Brady of RSA’s security division said “This is a serious incident on a very noticeable scale and we have seen an increase in the number of trojans and their variants, particularly in the States and Canada”

The Sinowal Trojan was detected first in Feb 2006 and since then it has compromised 240,000 credit and debit cards and 270,000 banking accounts. However RSA also reported that Sinowal has not affected any Russian accounts.

Sinowal has also been decribed as one of the most serious threats to people using internet as it works behind scenes and is driven by the most common drive-by downloads method.

Also Sinowal has been constantly updated over the years which is the reason it has been still working for so long. The Trojan is also known as Torpig and Mebroot.

It seems that the group which runs the Trojan have invested a lot of time and infrastructure in it as it takes a lot of costs a lot to maintain and to store the information it is gathering. But again the kind of returns they have received is quite large.

Sinowal infects victims’ computers without leaving any trace.

As per RSA the Attacks are on the increase everyday. But its very easy to protect your Data using security softwares.

First thing that you need to do is ‘think before you link’.

Be aware of what you click on anything in a high traffic site like social networks.

Also do not provide any personal information in mails to your bank.

Also do not Click on Pop Up’s as they are very dangerous in terms of drive-by downloads method.

Posted under Network and Security

The latest in offering from your computer criminals is a way to analyze the keyboard strokes using the electromagnetic signals which are produced from every key stroke from your keyboards.

Swiss researchers were exactly able to reproduce what a user had typed using the electromagnetic signals generated from the keyboard.

Now this has just been found out by security researchers but it might have been used by cyber criminals since a long time. The researchers have come up with four attacks that can work on a wide variety of keyboards.

So now according to researchers Keyboards are not considered safe to transmit sensitive information.

The attacks were effective on different types of keyboard including USB and PS/2 socket keyboards. Also laptop keyboards were also vulnerable to these attacks.

The attacks were effective up to a distance for 20 meters. The researchers used radio antennas to partially or completely detect the electromagnetic radiations.

The researchers in their web posting added “no doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments.”

The same research has been previously tried by Markus Kuhn of the University of Cambridge who had used electromagnetic waves generated to eavesdrop to steal useful information.

Posted under Latest News, Network and Security

Now i am not going to go ahead and write another post telling you what you need to do in terms of checking your online safety. But i would share what i do regularly to keep it up-to-date.

The most important thing that I do is to not keep my information right upfront for someone to grab it and use it.

The best example is if you search for the following phrase in Google “for internal distribution only” you would find with information which is supposed to be circulated only internally within an organization and not be public.

Second and most important check that I perform is to check for my online data on free storage websites and keep it safe and protected. Data stored on these websites such as family photos and even financial documents or contact lists are most vulnerable.

Then I make sure that the firewall is “on” because if you are not using one you are just acting dumb.

Also I make sure that the license for my Anti-virus is updated and i update it regularly. Anti-Virus softwares provided by Norton, Zone Alarm, McAfee and Trend Micro also come with their very own firewall.

Also I go to www.grc.com/lt/leaktest.htm and check if my computer is safe enough.

Then the last thing you need to check is the router and its security specially if you have a wireless router.

Also the last thing i Make sure is that i change my passwords frequently and keep them as random as possible. I also make sure that my passwords have nothing to do with my name, DOB, or any thing personal. Also i try and use as many symbols in my password.

Posted under Network and Security

Mozilla the open-source company as always has done its bit in providing users with the safest way to surf the internet. Mozilla is offering a new plug-in that would for the Firefox Browser that blocks clickjacking which security researchers are calling on of the dangerous problem on the Web.

Clickjacking occurs when a user a user accidently clicks on a invisible link which leads the person to a malicious site without their knowledge. This is possible due to the design feature in HTML which lets websites embed content from other sites. This means that every website is vulnerable.

The Firefox add-on NoScript is a very well known security Plug-in which is used to block all types of content in a webpage. However it is not a security scanner as it does not scan content with reference to a specific signature database to search for specific threats. It is a tool to block certain type of content. Firefox now comes with a added feature in this plug-in called ClearClick to fight Clickjacking.

Clickjacking is also known as user-interface redress attacks which should be blocked by NoScript plug-in, however there are a few downsides for the same.

But again the plug-in can only save users who have Firefox, the rest 70% who use other browsers are still at risk.

To combat clickjacking other browsers will come up with a fix soon. The only thing is that Mozilla realized the dangers and the others are still not concerned about the same.

However clickjacking is just not limited to websites, it can also be harmful for applications. A Live example of clickjacking was when a concept called “the clicking game” where people were told to click on a link on the right places to reconfigure the settings for the security for their webcams and microphone and in turn the victims gave access to their webcams and microphones.

More insights into Clickjacking:

In clickjacking, iframes and web page layers are used in DHTML in such as way that illegitimate buttons are overlaid on the existing legitimate buttons. The user when comes to a particular website thinks that he or she is clicking on a genuine link but they are instead clicking on something that’s harmful.

It really an interesting thing actually as very little is known about it and that leads to no tools to detect if a particular website is affected. We also don’t know how widespread clickjacking is. To develop a tool for the same what we need is more incidents where people are affected to study and find all the things that are possible with clickjacking. But the only problem with that is that by the time we learn all that it is too late and it has done all the harm that it could do. It’s just like installing a burglar alarm after the burglar has cleaned up your house.

How to disable Clickjacking?

The best way is to disable Flash. In Firefox however you have the plug-in now to protect you but you also have the option of extension called Flashblock which disables Flash scripts. It leaves a blank placeholder where you had a flash script which can be enabled by clicking on it. For Microsoft Internet Explorer you have to make changes in the Windows Registry.

Posted under Network and Security

Apple has come out with a patch to fix the top 40 most vulnerabilities for it Mac OS X ecosystem. The security update which is available for Apple Leopard and Tiger covers most of the third party application flaws and also covers the Mac OS X flaws.

The major risk in the flaws was from risk of remote code executions attacks.

The top most vulnerability documented is as follows:

• Apache: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364) Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery.  Note: Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default.

• ClamAV: (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914) Multiple vulnerabilities exist in ClamAV 0.93.3, the most serious of which may lead to arbitrary code execution.

• ColorSync CVE-2008-3642) A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution.

• CUPS (CVE-2008-3641) A range checking issue exists in the Hewlett-Packard Graphics Language (HPGL) filter, which may cause arbitrary memory to be overwritten with controlled data. If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution with the privileges of the ‘lp’ user. If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges.

• libxslt (CVE-2008-1767)  A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution.

• MySQL Server (CVE-2007-2691, CVE-2007-5969, CVE-2008-0226, CVE-2008-0227, CVE-2008-2079) MySQL is updated to version 5.0.67 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution.

• PHP (CVE-2007-4850, CVE-2008-0674, CVE-2008-2371) PHP is updated to  version 4.4.9 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.

• PSNormalizer (CVE-2008-3647) A buffer overflow exists in PSNormalizer’s handling of the bounding box comment in PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution.

• QuickLook (CVE-2008-4211) A signedness issue exists in QuickLook’s handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution.

This will definitely make using Apple much safer and increase the faith of people who want to go for MacBook’s and Mac’s.

Posted under Latest News, Network and Security

The latest in Network Security is the World’s first computer network protected by Quantum Encryption which is unbreakable according to Perfect secrecy.

Quantum Encryption is completely different form any of the security used currently on networks.

Normally the Networks security used are based on complex mathematical calculations which are hard to crack but with the right resources and time it is not impossible to crack.

On the other hand Quantum systems use the laws of quantum physics which is almost unbreakable.

The Idea of Quantum Encryption however is not new its 25 years old first suggested by Charles Bennett of IBM and Gilles Brassard of Montreal University.

Charles Bennett said that “All quantum security schemes are based on the Heisenberg Uncertainty Principle, on the fact that you cannot measure quantum information without disturbing it”

He also explained how it works “One can have a communications channel between two users on which it’s impossible to eavesdrop without creating a disturbance. An eavesdropper would create a mark on it. That was the key idea”

For practical use the ultimate quantum object is used photons, the “atoms of light”.

How does it work:

The detected Photons can generates a totally secret numerical Key, and the advantage to that is no onne can know what the key is untill they revealing themselves.

In an experiment it was documented that as soon as an intruder did try to listen in on the quantum exchange, the beam was scrambled and a rise in the error rate at the node detectors signalled the attackand thesyatem was shut down without the Network been compromised.

As soon as the connection breaks it can be rerouted through other nodes as its done in telecoms network and only  two users on the network can remain in continuous secure network contact.

there are different ways a photon light can encrypt a numerical key; through the direction they’re polarised or the precise timing of their arrival.

Albert Einstein, who discovered the quantum properties of photons of light – indeed, discovered the very concept of the photon – always resisted quantum theory’s spooky behaviour, “God does not play dice”, being among his oft-quoted objections.

Now we have one more way of practically using quantum science which will make the fathers of the science proud and surprise them as well.

Posted under Latest News, Network and Security

Many people now days depend on Virtualization of Servers to increase their efficiencies and increase their Management Flexibility. Though it decreases the Total cost it increase the security risks.By 2009 60% of Virtual Private Servers will be subjected to Security Risks than their physical counterparts.

Now lets see what are the Security challenges that we have lookout for:

* Dependency on IP Address: This effects because the IP addresses keep on changing due to migration, creation or cancellation of Virtual Private Servers. This does not help the Traditional Protection Mechanisms.

* Sprawl in Virtual Private Servers: VPS can be easily created from the previous images which are available on the old servers. But the only risk in that is, many of the VPS are not maintained properly and have many security vulnerabilities. These vulnerable VPS serve as a launch pad for attacks on other VPs on the same server.

* Incapability to monitor intrahost traffic: VPS have the concept of “soft switch” which allows VPs to communicate with other VPS on the same hosting server. To monitor these communications we require special tools and also there is limit in availability of these tools.

* Silo approach to security policy: Now what is Silo approach, silo approach is “recommending different diverse solutions with different Kinds of management requirements”. Neil MacDonald an analyst at Gartner has this to say “Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes. The fact that we use different tools in the physical world than the virtual world compounds that problem.”

Now that we know what the limitations that we have with VPS are, we need a completely different approach towards securing VPS. We need a cross-platform which will help us secure both VPS and Physical servers. A cross-platform Security tool for VPS can help to impose direct Security Policies across all the Data Centers and eliminate the Security Benefits that we have with Virtualization.

We also need anywhere deployment of cross-platform virtual security tools anywhere on the network and that to with delegated authority to maximize flexibility. Now what to these virtual security tools do, they write detailed log data to syslog and Windows events log and enable easy integration of the tools with existing management controls.

By eliminating the IP address dependency of exiting security policies, the cross-platform virtual security policies can be enforced regardless of location or platform of the VPS. This helps eliminate the Operating expenses that come with rule changes faced by the Security Administrators. The existing policies enforce and persist on variety of Situations:

1) While moving servers and endpoints within different locations on the network.

2) When Physical servers and Endpoints are converted to VPS.

3) When VPs are migrated from one physical host to another.

The Cross-platform virtual security allocates separate spaces for Physical and VPS into logical security zones and helps protect VPS against Sprawling. It ensures that VPS which are not a member of the security zone cannot communicate with the VPS in the Security Zone and reduces the platform for attacks on VPS.

The cross-platform is based on a P2P architecture that increases scalability to hundreds of thousands of instances. Policy management can be completed by just a few mouse clicks.

The Other Benefits which come with the cross-platform include;

• Elimination of complex situations, that comes with the Silo Approach. It enables protection of hosts through a single console for Data centers.
• Satisfaction of the regulatory body with no reconfiguration of the network.
• Operational costs that come with firewalls and Virtual LAN’s are eliminated.
• It eliminates bottlenecks and single points of failure within the architecture.

The following are the points that you need to consider while considering a cross-platform virtual security solution for Data centers;

• Most of the solutions will support x86 operating systems which are common in VPS environments as well as the less used Solaris, AIX, HP-UX, RedHat, Windows and IP-based non-server devices.

• The solution should be able to enforce security regardless of the IP address of the Server or VPS; this enables security even in case of migrations.
• It should be able to eliminate communication between VPS which are not a member of the same security zone but are on the same physical host.
• It should be able to cope up with growth without introducing bottlenecks.
• Always look out for a Single point security management to increase efficiencies.
• Always look out for solution hat can be enforced at the Host level.
• Always look out for a solution that uses X.509 v3 certificates to ensure that the operator credentials cannot be spoofed.
• The solution should be able to create detailed logs for activity data and should be able to create an audit trail for servers and endpoints as well as administration consoles.

Posted under Network and Security, Virtual Private Server

The latest Mobile unveiled is the T-Mobile G1 handset with the Google Android Software.

T-Mobile G1 handset

This is the first mobile to be launched with the Google Android Software.

It will be available in UK well on time for Christmas.

Features:

It comes with a Touch Screen and also a Qwerty Keyboard.

It comes free with T-Mobile tariffs of £40 a month and includes unlimited net browsing.

Its also include a 3 Megapixel Camera.

It include a  ‘one click’ contextual search.

It Includes a browser that users can zoom in on by tapping the screen.

It is also Wi-Fi Enabled.

And also comes with support for YouTube.

User Also get add-ons such as access to Android Market, where they will be able to download a variety of applications.

Google Android was announced by goggle in Nov 2007 with the aim to help users have easy access to web while on the move. Google Android will be developed with the help of Open Handset Alliance – a partnership of more than 30 firms that would work to make phone software easier to work with.

Open Handset Alliance Includes Handset Companies like HTC and Motorola, Providers like Telefonica, chip makers such as Intel and Qualcomm.

Many Prototypes have been unveiled companies based on Google Android.

Google Android was developed with the idea of having what PC’s have had with the open source Linux Software.

Developers can get most of the core elements of Google Android software to help them write better Applications for Mobiles.

Competition for Google Android comes from big players such as Nokia with its Symbian software and Microsoft with its Mobile operating system

And most recently Apple with its Iphone is the latest and biggest competition so far.

Google Android is aimed at smartphones segment and recent estimates say only 12-13% of the all handsets can be considered smartphones.

Posted under Latest News, Network and Security