Tom Olzak

Archive for April, 2010|Monthly archive page

But Congress hasn’t stuck its collective finger in it yet…

In Business Continuity, Cyber Espionage, Cyber Terrorism, Cyber-warfare, Cybercrime, Government on April 15, 2010 at 12:24

In a recent article, U S Cyber Command Nominee Discusses Policies, an army three-star general commented on cyber-war preparation.  While I agree with the military’s approach–what they will discuss, given the classified nature of their planning–I don’t believe Congress will be able to keep their hands out of this.  By the time our elected officials finish debating, filibustering, or holding hearings, our electricity, water supply, and financial institutions  will all have converted to Chinese as their official language…

And by the way, who taught the alleged soldier int the photo how to salute?  And what’s with the strap hanging down from his helmet?  Ok, Ok.  I know.  I was a sergeant way too long…  I’ll let it go.

Blank SQL Password? Are you kidding me!?

In Data Leak Prevention, Data Security, Hacking, Insider risk, Risk Management on April 14, 2010 at 10:22

Ok.  Maybe the properly validating input would cost the brokerage more than the $375K settlement and the loss of business due to loss of customer confidence.  I doubt, but who knows.  And the cost of an intrusion/extrusion prevention system might be outside their budgetary constraints, while encryption is not always practical.

But actually assigning a strong default password is FREE.  Simple negligence?  Lack of proper change management processes?  Security team on vacation?

Brokerage coughs up $375,000 for website breach • The Register.

Not all Windows XP security solutions meet expectations

In malware on April 14, 2010 at 08:03

This is one more example of why home users and organizations must assess the effectiveness of a solution before relying on it to protect against legacy and emerging threats.

See:  A third of Windows XP security solutions failed independent tests.

Microsoft Deals with Patch-killing Rootkits

In Uncategorized on April 14, 2010 at 07:46

Microsoft learns its lesson about the affects of rootkits on patch application.  It now detects issues during patch installation and provides users with options.

Microsoft counters Windows XP blue screen of death repeat –

Trojan Defense: Configuring Your SOHO or Personal Infrastructure

In Business Continuity, malware, Patching, Security Management on April 10, 2010 at 08:46
Trojans continue to be a serious Internet threat and arguably the most insidious. As with any malware defense, making the right choices—and teaching users to do the same—is the only effective control. Further, continuous vigilance is required to detect and react to Trojan polymorphism.

The Challenge

Typically, Trojans gain access to a computer to collect data. The data collected are used by the Trojan’s distributor, directly or indirectly, to make money or for other gainful purposes. To achieve fiscal objectives, black hats go to great lengths to surreptitiously deliver their code and keep it secret.

To prevent anti-malware (AM) software from detecting and eliminating Trojans during delivery or implementation, developers are going as far as encrypting questionable payloads. According to a recent Kaspersky Labs Threat Post:

Once the malware is on the machine, anti-malware products may detect it as a malicious file. But this process is much more difficult if the Trojan itself is encrypted. Dmitry Bestuzhev, a malware analyst for Kaspersky Lab in Latin America, has been following the evolution of Brazilian banker Trojans, and has noted a recent change in their sophistication

A new (for Brazil) concept takes place between second and third stages when the Trojan.Downloader downloads and installs the Banker. On the one hand Brazilian coders obfuscate the download links using several techniques and on the other hand now they also crypt the Banker to be downloaded to the system.

It’s a crypted (specially packed) PE file. The coders from Brazil use this technique to prevent an automated malware analysis and monitoring mode by AV companies. This sample downloaded as it is on the server won’t be functional on the user machine unless it’s decrypted. The decryption mechanism in this case is included into the initial Trojan.Downloader, which first downloads malware, and then decrypts it to be able to infect the user machine (Fisher, 2010).

Once a Trojan successfully takes up residence on a computer, it begins collecting banking and other sensitive information for later transmission to its home server. And even if it is detected, cleaning steps short of a complete wipe and replace of all content will likely fail.

%d bloggers like this: