Online & Offline Security News, Reviews & Product Information For Industry Experts...

Underground cyber crime is growing

On February 21, 2008   /   Crime   /   Leave a comment

crime-scene.jpgHackers are intensifying their attacks on legitimate Web sites. It debunks the adage to “not visit questionable sites” – just because a user visits a gambling or adult-content site doesn’t necessarily mean Web threats are lurking in the shadows; the site with the latest sports news or links in a search engine result, however, could potentially infect visitors with malware.

An underground malware industry has carved itself a thriving market by exploiting the trust and confidence of Web users. The Russian Business Network, for example, was notorious all year for hosting illegal businesses including child pornography, phishing and malware distribution sites. This underground industry excludes no one. In 2007, Apple had to contend with the ZLOB gang, proving that even alternative operating systems are not safe havens for the online user. The Italian Gromozon, a malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007.

This past year, the NUWAR (Storm) botnet expanded in scope when Trend Micro researchers found proof that the Storm botnet is renting its services to host fly-by-night online pharmacies, dabble in stock pump-and-dump scams, and even portions of its backend botnet infrastructure. During 2007, the most popular communication protocol among botnet owners was still Internet Relay Chat possibly because software to create IRC bots is widely available and easily implemented and at the same time movement to encrypted P2P is being used and tested in the field.

Security threats are no longer limited to PCs. Mobile devices, as they become more sophisticated and powerful, are at risk for the same types of threats as PCs (viruses, spam, Trojans, malware, etc.) Gadgets with wireless capabilities such as Wi-Fi and Bluetooth, as well as storage capability have become major sources of data leaks, as well as carriers of infections through security perimeters.

Other notable findings from the report:

- The Windows Animated Cursor exploit (EXPL_ANICMOO) encompassed over 50 percent of all exploit codes to hit the Internet computing population. 74 percent of its infections this year came from Asia. The same holds true for TROJ_ANICMOO.AX, a related threat which embedded the exploit. 64 percent of computers infected with this were from China.

- The top malware finding was WORM_SPYBOT.IS and WORM_GAOBOT.DF. Both created botnets and worms that infected USB-connected devices.

- Nearly 50 percent of all threat infections come from North America, but Asian countries are also experiencing a growth — 40 percent of infections stem from that region.

-Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying Web 2.0 technologies, particularly cross-site scripting and streaming technologies.

- Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons as an opportunity to send spam or deploy spyware while users are shopping online.

- In 2007, the number one online commerce site attacked by phishers was still global auction site eBay and sister company PayPal. Financial institutions, especially those based in North America, also experienced a high volume of phising attacks.

Read more
Back to Top

Aperture VISTA’s new handheld data capture device

On February 20, 2008   /   Mobile Security   /   Leave a comment

data_capture_handheld1.jpgAperture has announced a handheld data capture device for its market-leading data centre management system, Aperture VISTA®. The new solution enables a data centre management to cost effectively, accurately and predictably collect detailed information about the equipment and resources within. The new tool will enable data centre management to cut the time and cost required to achieve return on investment for their VISTA solution by up to 50%.

Data centre management often struggles to accurately capture details of the equipment the organisation owns, where it is located and what it is connected to. Where organisations do try to capture data, they often send staff into the data centre to manually write notes on clipboards and then re-key them later. That makes errors likely, increases the uncertainty of the process and dramatically increases the time required to capture data. Because of the difficulty of capturing accurate information, organisations will often deploy a new data centre management solution using unvalidated data, which risks perpetuating errors and makes reporting and analysis suspect. In security-sensitive sectors, such as financial services or government, it is often impossible for outside contractors to enter the data centre to collect data.

data_capture_handheld2.jpgWith this new product, Aperture is providing a comprehensive solution that enables organisations to ensure their data centre infrastructure and equipment is recorded accurately. The Aperture VISTA Data Capture Handheld is a Windows Mobile device with the VISTA Data Capture Application installed. This hardware and software combination is fully supported by best practice processes. Organisations can allow Aperture Certified Partners to collect data in their data centres for seamless uploading into Aperture VISTA, or can receive training and certification from Aperture if they prefer to capture data themselves. Aperture’s Data Services organisation performs final validation in either case.

Aperture VISTA Data Capture Handheld has been designed to be easy to use and to virtually eliminate data entry errors. During the data capture process, the handheld can read existing barcode asset tags or can help with the configuration of new ones. The handheld is supported by Aperture’s extensive reference library of vendor equipment, which is used to validate data as it is entered. Data is also validated against other equipment in the vicinity and against other devices connected to the same power infrastructure.

Bill Clifford, CEO, Aperture, said: “Data Center Management often struggles to capture accurate information about what is in the data centre, where it is and what it’s connected to. The problem is not just a lack of technology, but also a lack of process. Aperture has implemented over 300 data centre management solutions. Aperture VISTA Data Capture Handheld, and its user certification process, delivers all our experience and best practice advice into the hands of the data centre staff.”

He adds: “Data centre management will be able to capture data more accurately, using whatever combination of internal or external staff is consistent with the organisation’s strategy and security policy. As a result, organisations will be able to more quickly realise the benefits of Aperture VISTA for data centre management, and will be able to manage and plan capacity with much greater confidence.”

Read more
Back to Top

Taking a stance on VoIP security

On February 20, 2008   /   IT security   /   Leave a comment

davegladl2.jpgWe got a great piece in today from Dave Gladwin a 25 year veteran of the telecoms industry, the past ten involved in VoIP. Dave is an expert on VoIP security, having authored a number of articles on subjects including network security, lawful interception over IP networks and emergency call handling in VoIP networks. Dave has provided us with a good overview of the security side of VoIP… enjoy.

Voice calls over the internet (VoIP) are great. They are cheap, easy to use, and often all you need is a computer and internet access. VoIP has become increasingly popular among consumers because of its low price and the business market has started to reap the benefits of its flexibility as well. But as subscriber levels continue to rise at a rapid rate, have security implications taken a back seat?

Barriers to security
While VoIP security should be primarily the responsibility of the carrier, for it to be as secure as possible all individuals involved need to take care to protect themselves from threats.

For the next generation of internet users used to buying music online, and using free communication tools such as Instant Messaging and social networking sites, VoIP is a natural extension of their online lives. But the fact that it’s cheap and internet-based ought to be a red light for users regarding security.

VoIP vs. internet security
VoIP calls are set up using a protocol called Session Initiation Protocol, or SIP. It can easily integrate with other applications running over the IP network, and run from end to end of the call. But its openness also means that it is more susceptible to attacks compared with a traditional phone line which is in effect a closed system.

Because VoIP phones or clients are ‘intelligent’ they are more powerful and flexible compared with a normal phone. But this can pose a serious problem for service providers. The malicious VoIP user has direct access to the end-to-end protocol and therefore has the opportunity to manipulate the call.

Types of threats
There are many types of threats, but two in particular worth mentioning – vishing and phreaking. Vishing targets consumers and refers to a hacker using a voice service to “phish” for personal details such as credit card details over an IP connection. The target will receive caller identity details which have been spoofed, or will be played a recording asking them to ring a bogus number where credit card details will be harvested.

Phreaking targets the service providers network and involves hacking into network equipment to make free phone calls. This was once the province of specialist hackers, but with more phone calls moving into the IP world, phreaking is evermore prevalent for the mainstream Internet hacker. Therefore, VoIP is susceptible to the same types of security threats as any communication via the internet.

A good example of exploiting weaknesses in the IP networks is the 23 year-old Miami resident, Edwin Andres Pena who caught the headlines in 2006 with his arrest and subsequent prosecution by the US federal government. The case had little to do with ‘cracking VoIP’ and a lot more to do with Pena’s exploitation of the service providers’ failure to provide basic IT security. Pena was caught in the act of selling discounted phone services by hacking into internet phone service providers and piggybacking connections over their networks. This was a case of weak or default passwords allowing hacking, rather than a result of inherent faults in the VoIP network. This should be a lesson to us all.

VoIP hacking is nothing new, but rather an extension of traditional PC hacking. To protect an IP network from security breaches, the telecoms industry will need to learn from the early mistakes made by internet providers. Security measures on the internet such as firewalls and intrusion detection systems have their voice and multi-media equivalents and need to be applied by VoIP service providers.

Are we ready for VoIP?
At a recent telecoms interconnection conference the message was clear – there is no doubt that VoIP is big business. So security between IP interconnections must be equally rigorous.

The good news is that many service providers have already planned to add the required security to their networks, however, as with the case of internet security there will be good and bad implementations. But some responsibility will have to lie with the consumer. Choosing your VoIP service provider may be just like choosing your bank – a good security record is a unique selling point.

Read more
Back to Top

Self destructing laptops – get yours today

On February 20, 2008   /   Mobile Security   /   Leave a comment

laptopexplode.jpgVirtuity has developed an intelligent security technology that can block access and even destroy data if a laptop is moved from its designated space. Backstopp constantly monitors the electronic “heartbeat” of a laptop to determine its location. If the laptop is moved from its allowed zone the software steps in to remove sensitive data.

The development, which is designed to be used in conjunction with encryption software, will allow easier access to data for authorised personnel whilst providing another layer of protection from data theft. The comprehensive system can provide an at-a-glance report of which laptops contain what data, and their level of security.

Backstopp can utilise any wireless communication, such as WiFi, to locate laptops. The PCs can also be tagged with RFID chips to monitor movement when switched off – companies may wish to limit a laptop’s movement to one desk, one floor or one building within a facility, for example.

If a laptop owner reports it missing to the control centre, or the control centre concludes that the machine is “at risk”, such as being moved through a stairwell, the system seeks out the digital heartbeat and sends the “self destruct” message. Meanwhile the software on the laptop can use any in-built webcam to start taking a series of photographs to help with identification of the culprit, uploading the images as soon as any network becomes available. The system is completely invisible to the thief.

With prices starting at £10 a laptop per month, the new system is set to become an essential add-on security measure for companies and government departments. Data should continue to be encrypted in any case, says Virtuity, with BackStopp being used to bring a firm conclusion to any laptop loss.

“There are millions of laptops out there that contain valuable data,” commented Dean Bates, CTO of Virtuity. “The vast majority are not stolen for their data, but the ultimate recipient will often come across the data and use it for criminal purposes. This solution prevents that illicit use.”

Read more
Back to Top

25-year-old mega-spammer arrested by Japanese police

On February 19, 2008   /   Crime   /   Leave a comment

IT security and control firm Sophos is warning companies to abide by anti-spam laws following the arrest of a man suspected of sending over 2 billion unwanted commercial emails.

According to media reports, police in Tokyo, Japan, have arrested 25-year-old Yuki Shiina following a complaint last year by an internet service provider (ISP) that he was sending huge amount of spam emails advertising gambling and dating websites. Police believe that Shiina bought 600,000 email addresses off the internet for 100,000 yen (USD 927) and earned over 2 million yen (USD 18,540) through the spam campaign.

It is claimed that Shiina faked the sender information on the emails in an attempt to avoid detection, breaking Japanese laws.

“Spammers believe they can escape the long arm of the law by hiding on the internet, but increasingly the authorities are cracking down on this kind of net abuse. No-one who hears about a single person believed to have sent 2.2 billion spam emails can be in any doubt as to the scale of the problem, and it’s essential for the police to send out a clear message that they are serious about catching the criminals responsible,” said Graham Cluley, senior technology consultant for Sophos. “Legitimate businesses need to make sure that they are abiding by the law, and be careful not to hire firms and third-party individuals to market their websites or goods via junk email.”

Last month, in a separate case, Sophos reported on the first arrest in Japan of a malware author. Kyoto police uncovered a plot to infect users of the P2P file-sharing network Winny with a Trojan horse that displayed images of popular anime characters while wiping music and movie files.

Read more
Back to Top
Page 72 of 76« First...102030...7071727374...Last »

Extra Security

FREE Security Updates

Enter your email address:

Delivered by FeedBurner

Best Security Sites

Computers Business Directory - BTS Local TopOfBlogs