4 - Mark Ciampa's Blog (Security+ 3e)

    • 5 Aug 2011

    Shady Rat

    On Tuesday (Aug 2 2011) the security firm McAfee released a report on "Operation Shady Rat". McAfee describes an operation that has been ongoing since 2006, which has infected 72 U.S. and foreign government agencies, defense contractors and international organizations (such as the U.N., the U.S. International Trade Organization and the World Anti-Doping Agency, but most organizations were not named by McAfee...
    • 28 Jul 2011

    Apple Patches Serious 2002 Vulnerability For Some Devices

    A vulnerability that dates back nine years was patched by Apple on Monday (Jul 25 2011). Apple devices that use the iOS operating system (such as iPhone 4 and 3GS along with the third and fourth generation iPod Touch) are vulnerable to an attacker who can intercept and then decrypt secure SSL communications {Chapter 12 Security+ 3ed} using a man-in-the-middle attack {Chapter 4 Security+ 3ed}. The updated attack tool "sslsniff"...
    • 23 Jul 2011

    Rustock Reward

    Need some extra pocket money to finish out your summer plans? Well, here's your chance--and in the process you can help reduce worldwide spam. Ever since the Rustock botnet {Chapter 2 Security+ 3ed} was crippled by Microsoft and others using the courts instead of technology (see Mar 19 2011 blog) the amount of spam coming from its zombies has decreased significantly. Yet because there are still hundreds of thousands...
    • 19 Jul 2011

    Shocking Attacks Through Wireless LAN

    One of the most shocking attacks using a wireless network has finally come to an end, with the perpetrator being sentenced last Tuesday (Jul 12 2011). Was it a corporate wireless network attack that had company secrets stolen? Was it a breach that allowed attackers to steal credit card information from customers and use it, like the famous TJX heist (see Jun 24 2009 and Feb 8 2010 blog postings)? No, it was none of these...
    • 14 Jul 2011

    Windows Bluetooth Vulnerability Patched

    On Tuesday (Jul 12 2011) Microsoft's July Patch Tuesday {Chapter 4 Security+ 3ed} addressed 22 Windows and Office vulnerabilities. One of these was a Bluetooth vulerability in Windows 7 and Vista devices (Windows XP is not affected because it uses an older Bluetooth implementation). Bluetooth {Chapter 4 Security+ 3ed}, although originally designed as a way to replace wires with radio-based technology, has become very...
    • 13 Jul 2011

    Gmail Phishing Protection

    Google recently updated its Gmail product to provide additional information that may protect against phishing {Chapter 14 Security+ 3ed}. Gmail now automatically displays more information about the origin of e-mail messages so users can make informed decisions regarding the sender's identity and decide if the message is from a legitimate source. When Gmail users receive a message from a sender who is not already...
    • 12 Jul 2011

    Preinstalled Malware

    Anyone who has purchased a new computer in the last 20 years has faced the same annoyance: tons of preinstalled software that comes with the system. Most users find themselves spending the first few hours with their new computer deleting this software (or even reformatting the hard drive to install a clean version of the operating system). Now even more devices come preinstalled with something even worse: malware. ...
    • 8 Jul 2011

    Office XP and Vista SP1 Support Update

    If you're a user of older Microsoft products, next Tuesday (Jul 12 2011) support for Microsoft Office XP and Windows Vista Service Pack 1 (SP1) is being changed. For Vista SP1 Microsoft will no longer provide public patches {Chapter 3 Security+ 3ed}, including security updates. This means that any automatic updates that normally are available each month on Patch Tuesday will be discontinued. Office XP, which has not...
    • 28 Jun 2011

    50 Days of LulzSec Hactivism Now Over

    The most intriguing security event in 2011 (so far) has been the emergence of a coordinated series of attacks against major large enterprises and government agencies by LulzSec. This may herald a major change in the types of attackers to expect in the future. The backstory from what we know is this: Lulz (a play on LOL or laugh out loud) Security (aka LulzSec) appears to be a small (6 person) group that split off from...
    • 26 Jun 2011

    Apple Patches 36 Security Vulnerabilities

    This past Thursday (Jun 23 2011) Apple released patches {Chapter 3 Security+ 3ed} for its Mac OS X Snow Leopard operating system that fixed 36 security vulnerabilities. In this update Apple pushed out 12 more MacDefender signatures to protect against "scareware" fake antivirus warnings (see May 23 2011 blog posting). Another fix was for the Mac OS X font renderer to the open-source database MySQL that comes...
    • 25 Jun 2011

    Firefox To Enterprises: We're Not Friends

    How long after software is retired should the developer continue to patch {Chapter 3 Security+ 3ed} it by fixing security vulnerabilities? Microsoft, for example, provides security support for at least 10 years after their software is retired or replaced with a newer version. Yet a decision by Mozilla this week to drop support for its just-retired Firefox 4 has many enterprise users upset. And Mozilla says that's...
    • 20 Jun 2011

    Rampant Password Reuse

    "Rampant (Adjective) - Profuse, unbounded, widespread, everywhere, epidemic, prevalent, unrestrained, unchecked, running wild, uninhibited, wild, uncontrolled, predominant". These are some of the synonyms for the word "rampant". That may be a good word to use in regard to the latest information data about password reuse. The group LulzSec may be responsible for stealing from Sony the user information...
    • 16 Jun 2011

    No AutoRun Is Working

    USB flash drives have long been a vector by which attackers spread their malware {Chapter 1 Security+ 3ed}. Panda Software has reported that 1 out of every 4 worms were designed to replicate through USB flash drives, and this is in line with other data regarding how attacks are spread through USB flash drives (see Dec 7 2010 blog). One of the means that made this so easy was Microsoft Window's AuoRun feature. When...
    • 15 Jun 2011

    More Adobe Patches

    Security experts have warned for some time now that as the process for patching operating systems {Chapter 3 Security+ 3ed} has become more mature, attackers will focus more of their attention to applications instead. If there's any doubt about that prediction, just look at Adobe, which is struggling to keep its Flash, Reader and other products secure. Yesterday (Jun 14 2011) Adobe issued an "out-of-band"...
    • 14 Jun 2011

    Severe Token Damage

    You may recall that RSA, who sells SecureID tokens {Chapter 8 Security+ 3ed} that generate time-synchronized one-time passwords (OTP), revealed back in March that it was the victim of an attack (see Mar 30 2011 blog). Yet at the time RSA only said that that attack occurred "recently" and "certain information" was stolen. Now it appears that the damage resulting from the successful attack is very severe...
    • 6 Jun 2011

    Apple to Leopard Users: Too Bad For You

    Imagine the uproar that would occur if a Windows vulnerability were uncovered that impacted all versions of Windows, yet Microsoft only provided a patch {Chapter 3 Security+ 3ed} for Windows 7. Users of all previous versions--Vista, XP, and even Windows 2000--would be still vulnerable but had no protection. I would suspect that the technology community would be irate over Microsoft's actions, and with good reason...
    • 4 Jun 2011

    Letter to Sony

    Dear Sony, It's been a rough spring for you, hasn't it? First, back on April 19 attackers broke into your online PlayStation Network and Sony Online Entertainment network and took the personal information and credit card numbers of 100 million of your customers. So you had to shut down these networks to try to fix the issues, and just now they're starting to come back online. Yet you didn't tell anyone...
    • 3 Jun 2011

    Tablets and Security

    It's no surprise: tablet computers are incredibly popular. Since Apple released the iPad in April 2010 it has sold almost 15 million units. A recent study released by Cisco estimates that in four years 6% of all Internet traffic will be generated by tablets. That is more than all Internet traffic combined for the entire year of 2006. Some industry thinkers predict that the tablet will soon become our primary computing...
    • 31 May 2011

    Heed the Warnings

    Web browsers have significantly improved their ability to protect users from attackers, particularly when it comes to downloading Trojans {Chapter 2 Security+ 3ed} and similar malware. Recently Microsoft published statistics regarding its Internet Explorer (IE) browser protections. IE7 and IE8 use what is called the SmartScreen filter, which looks at the URL to determine if the file comes from a suspicious source....
    • 26 May 2011

    Apple Turning Point?

    The fake security software scams (called "scareware") that is infecting Apple computers (see May 23 2011 blog) has now prompted Apple to take action after it was criticized for not publicly responding to the threat. Apple has stated that there will be an update to the Mac OS X that will not only dig out and remove any fake security software that has infected a Mac, but it will also warn uninfected users if they...
    • 23 May 2011

    Long Week for Apple

    We sometimes have bad days, or even a bad week (we won't talk about anything longer than that). Last week (May 16-20) was one of those really long weeks for Apple in terms of security. First, it was revealed that there is now an attacker "construction crime kit" available for creating Trojans {Chapter 2 Security+ 3ed} for the Mac OS X operating system. The kit, which is being sold to attackers, is called...
    • 16 May 2011

    Flash Cookies Now Managed Locally

    Adobe Flash cookies, aka "local shared objects" (LSOs), have come under fire in recent months. Although almost all cookies {Chapter 3 Security+ 3ed} can be managed through the configuration settings of the local Web browser, that has not been the case with Flash Cookies. And trying to delete them manually can be a real headache: not only are they buried deep on your computer in several different locations, they...
    • 14 May 2011

    Schools Are Open

    As the spring semester at most schools wind down, a recent survey reveals that schools are too open when it comes to security. According to WhiteHat Security's 11th Annual Web Site Security Statistics Report, educational institutions are the worst at leaving their Web sites exposed to known vulnerabilities. Over 7 out of 10 schools have unpatched software vulnerabilities on their Web servers, followed by 58% of social...
    • 11 May 2011

    Worries Over DDoS Attacks

    There are plenty of things to worry about in this world. For many organizations distributed denial-of-service attacks {Chapter 4 Security+ 3ed} are one of the worries that are topping their list. There have been a host of high-profile DDoS attacks over the last dozen or so years, dating back to 2000 when attacks on Yahoo!, eBay, eTrade, Amazon.com and CNN were launched from UNIX computers that were remotely controlled...
    • 7 May 2011

    LastPass Sets The Bar

    The only way (IMHO) today to have multiple unique strong passwords is to use a password management application {Chapter 7 Security+ 3ed}. One of my favorite is LastPass, which is a cloud-based service for storing usernames and passwords online. When you visit a site that asks you to login LastPass will automatically fill in the information through your browser (there's both a free and a fee-based service). On Wednesday...