• The dumbest malware attack I've seen this week

    Updated: 2010-03-19 17:14:10
    When you've been working any length of time in the computer security business, you get pretty used to hearing from folks that the guys who write the viruses must be "evil geniuses". Well, not all of them are that smart. Take this attack, for instance, which I just spotted in one of our spam traps. It wins [...]

  • 2010 RSA Conference Day 2-4 Keynotes

    Updated: 2010-03-18 18:43:41
    As I mentioned in an earlier post, the 2010 RSA Conference Keynote addresses have been posted online and I’m linking some of my favorites from the 2010 conference. You can view an interactive webcast, view the video, or even listen/download audio-only podcasts of the keynote presentations. It is often hard to follow the keynotes in [...]

  • Clickjacking

    Updated: 2010-03-18 11:00:45
    Clickjacking is a relatively new term in the web hacking area. Although, the original paper by Robert Hansen and Jeremiah Grossman was published in September of 2008, clickjacking has become fairly “normal” and common. It’s a visual trick that gets users to click on something they weren’t intending to click on – like [...]

  • ‘March Madness’ Malware Spreading via Search Results

    Updated: 2010-03-18 02:55:54
    This is the time of year when basketball fans go online to fill out their bracket selections. While fans are playing with their brackets, hackers are also playing their own game of “spamdexing”-–manipulating search results to promote, in this case, malware-infected sites. At the time of this posting, top search results for terms such as ncaa [...]

  • Now you're getting it

    Updated: 2010-03-18 01:53:28
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Now you're getting it By Roger on March 17, 2010 8:53 PM 2 Comments No TrackBacks In December I set up a rule on our outbound email to let me know when people are sending Social Security Numbers in outbound email . Once I was satisfied with the accuracy of the rules , we set up some education for our physical security and HR Recruiters so they would understand why its a bad idea to send SSNs and what some alternative choices are Once our big offenders had been notified I enabled a notification to the sender to let them know why emailing SSNs in plaintext is a bad idea . After about a month of that I reconfigured the rule so it blocked the email and notifies the . sender One person who I believe is a finance manager got blocked while attempting to email papers for a personal mortgage refinance . A hilarious rant was sent to the

  • Facebook Suffers ‘Password Reset’ Scam

    Updated: 2010-03-17 23:09:00
    Today has been quite a busy day for scammers. We at McAfee Labs have been tracking a global scam/spam run that targets Facebook users. The lure used in the run is a familiar one: Facebook Password Reset Confirmation! Customer Support. The email looks like the following: The activity on this particular scam run has been global from the [...]

  • Resources for Learning to Pentest

    Updated: 2010-03-17 19:36:02
    So you think penetration testing might be a fun and valuable skill to pick up. You read some books on the subject and spend a good few evenings poring over the man pages of some common tools, what now? Chances are you set up a couple of unpatched or otherwise vulnerable machines and [...]

  • New Security Horizons with Geolocation

    Updated: 2010-03-16 15:57:31
    Last weekend, people from all corners of the technology converged on Austin, Texas for the 2010 South By Southwest Interactive (SXSWi) conference. Much of the coverage has echoed the focus of an old real estate mantra: Location, location, location. In a rivalry dubbed the “geolocation wars,” mobile start-ups Foursquare and Gowalla competed for attention as [...]

  • 2010 RSA Conference Day 1 Keynotes

    Updated: 2010-03-16 00:13:48
    I know this post is a bit delayed, but this is a good opportunity to take advantage of the fact that the 2010 RSA Conference Keynote addresses have been posted online.  You can view an interactive webcast, view the video, or even listen/download audio-only podcasts of the keynote presentations.  Some of my favorites from this [...]

  • ‘Scareware’ Poses Danger to Consumers

    Updated: 2010-03-15 13:46:19
    On March 9 McAfee warned consumers that “scareware,” or fake anti-virus software, may be the most costly online scam in 2010, causing significant monetary loss and damage to users’ computers. In this blog, I’ll give you some additional details about the figures we cited last week in McAfee’s new Consumer Threat Alert program. Apart from the [...]

  • Say that Again

    Updated: 2010-03-15 10:21:19
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Say that Again By Roger on March 15, 2010 5:21 AM 2 Comments No TrackBacks In an episode of Community a couple of week ago Brita was laughed at for pronouncing bagel with with two Gs . bag- gle As in , rhymes with haggle . I found it hard to believe that anyone could possibly pronounce it that way and think it was right . although I've sense read a NY Mag recap of the episode and that actually happens in New York . Read more : Community Recap : Pool Party Vulture http : nymag.com daily entertainment 2010 03 community_recap.html ixzz0iDAkjftM Bringing this post back to Information Security , over the years I've found that I have words that I can't say right . But when you generally only see a word on paper you can easily make up your own pronunciation . Then later get embarrassed at the trade . shows Retina . You'd think since the

  • The Mentalist and Iris Readers

    Updated: 2010-03-14 05:20:39
    Eric Cole he told a story of an engagement where a security bigwig was showing off on a tour of their facility. The bigwig was very proud of his biometric iris readers that protected access to the data center. That is until Eric put his eye up to the reader and was provided access. It seems the Iris readers had a troubleshooting mode where any eye was accepted. In their implementation, no one had ever verified that the Iris reader correctly denied access. If they had they would have investigated this problem and turned off the troubleshooting mode. I was reminded of this story this week as I watched CBS' The Mentalist. A bored Jane put his eye in front of the reader and suddently the door that shouldn't be opened was opened.

  • Grade Hacking

    Updated: 2010-03-13 01:46:58
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Grade Hacking By Roger on March 12, 2010 8:46 PM 1 Comment No TrackBacks There is a grade changing scandal over at Walt Whitman High School locally in Montgomery County Maryland . A teacher noticed that the grades in the system did not match what he or she entered . Investigation has found 54 . changes Montgomery County Schools CTO Sherwin Collette said they believe teacher's passwords were obtained through the use of hardware keystroke . logging Hardware keystroke loggers are readily available online . Check out this video from irongeek if you aren't familiar with hardware keystroke loggers . Basically its just like it sounds . A transparent USB or PS2 device that sits between the keyboard and the computer port . Remember Microsoft's Immutable Laws of Security number 3. If a bad guy has unrestricted physical access to your

  • Facebook Users Suffer From ‘Fram’

    Updated: 2010-03-12 17:57:36
    About a year or so ago one of the “McMarketeers” decided it would be fun to run a campaign against “fram”–spam that friends send you. As you might guess, we in the Labs have no friends, so it was no problem for us to ridicule the idea. However, around the coffee machine the other [...]

  • Malicious Web Attack Using Executable With facebook.com in Name

    Updated: 2010-03-11 16:20:50
    As we were working through URLs identified as suspicious due to our GTI technology, one of the URLs that presented itself was an average “.com” site that loaded a php. As we processed this – it was interesting to see that this php actually reached out to download a file that ended with the string [...]

  • CVE-2010-0188 Adobe Exploit

    Updated: 2010-03-11 05:21:06
    The Microsoft Malware Protection Center reported earlier this week a sighting of a malicious PDF file exploiting CVE-2010-0188. Adobe released 9.2.1 and 8.2.1 in February. Users can pull down the 'help' menu and click on 'check for updates' to ensure that they're running the latest version. One lesson learned here is don't skip deploying a patch just because no exploits are out for it. it will leave you scrambling later. Adobe's next scheduled Reader and Acrobat update is due April 13.

  • Zscaler protects against IE Zero Day

    Updated: 2010-03-11 04:20:30
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Zscaler protects against IE Zero Day By Roger on March 10, 2010 11:20 PM 2 Comments No TrackBacks On Tuesday , as seems to be the custom , Microsoft released patches and announced a new zero day in Internet . Explorer MSKB 981374 is a remote code execution in IE6 and IE7. Who know that being on IE5 could ever be a good thing . The KB says Microsoft released details to venders in their Microsoft Active Protections Program MAPP and Microsoft Security Response Alliance MSRA programs in order to provide protection to . customers Within one hour Zscaler had protection in place for its . customers Zscaler offers web security company in a SaaS model . I would see them competing with Scansafe , Purewire and MessageLabs as well as any company trying to get you to put security appliances on your network for web security bluecoat Strangely

  • McAfee Labs Publishes ‘March Spam Report’

    Updated: 2010-03-10 22:23:56
    McAfee Labs today published its March Spam Report. This month authors Adam Wosotowsky and Elan Winkler discuss a possible charity scam in France that takes advantage of sympathy for the victims of the Haitian earthquake, examine a “ham campaign” regarding events in Haiti, and look at another fraudulent attempt to connect “lonely women” with victims’ [...]

  • Chilean Earthquake Spawns Malware

    Updated: 2010-03-10 19:27:42
    Most of us are familiar with how high profile news events are used for malware distribution. We’ve seen it many times such as with Tiger Woods’ scandal and the earthquake in Haiti. Now the recent earthquake in Chile is used to prey upon unsuspecting folks interested in what’s going on with the post-quake and tsunami. [...]

  • Targeted Internet Explorer Zero-Day Attack Announced (CVE-2010-0806)

    Updated: 2010-03-10 01:30:11
    Earlier today, Microsoft released Security Advisory (981374). This advisory covers CVE-2010-0806, an unpatched vulnerability affecting Internet Explorer versions 6 and 7. This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out. McAfee Labs is aware of [...]

  • Apple Announces iPad Availability: Watch Out for Scams!

    Updated: 2010-03-09 01:00:11
    Last week Apple formally announced the launch date for the Wi-Fi version of its much anticipated new tablet computer, the iPad. As with most events that generate a lot of media and consumer interest, this one also generated curiosity from the spammer community. They wonder how they can leverage this event to steal your sensitive information.  Scams [...]

  • Wiseguys Botnet First in Line for Concert, Sports Tickets

    Updated: 2010-03-05 19:01:39
    We frequently read stories about spammers who can circumvent CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) authentication. Using bot-infected machines, they can create a vast number of random e-mail accounts for spamming purposes. This week, a federal judge in Newark, New Jersey, revealed the latest use of a botnet-like network with [...]

  • RSA Conference Teaser

    Updated: 2010-03-03 17:45:02
    As you may already know, I’m attending the 2010 RSA Conference in San Francisco, CA.  I’ve been spending so much time talking with vendors, going to keynote talks and going to track sessions I haven’t had much time to finish writing and editing any full blog posts yet.  Rather than rush to publish, I want [...]

  • Learning from others’ mistakes

    Updated: 2010-03-02 21:49:12
    Let’s face it. There are a lot of broken web apps and software out there. These web apps and software can oftentimes lead to major security holes being opened up due to their vulnerabilities. You don’t want to be the guy/girl responsible for the next major security breach just because you forgot to sanitize some [...]

  • Woman steals WiFi, demands Leo Laporte return it to her

    Updated: 2010-03-01 04:04:14
    People's sense of entitlement about things they are stealing.

  • Software, All the Way Down

    Updated: 2010-02-25 22:50:31
    In general, Windows does a decent enough job with securing software keys in CAPI. Sure, you can open up Windows Explorer, browse to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, and take a look at your private key files. These bare files, of course, are not exactly plain text. The RSA Machine Keys (which include private keys corresponding [...]

  • Return of the MAC

    Updated: 2010-02-24 03:14:20
    Message Authentication Codes (MACs) are special pieces of data used to prove the authenticity and integrity of a message– to show that the message originated from a certain source and that it has not been modified. Consider a scenario in which Alice wants to send Bob an email. Upon receiving the email, Bob would like [...]

  • Dumb Ideas in Pentesting

    Updated: 2010-02-22 05:22:18
    Today's SANS Diary reminded me of something that happened a while back. The SANS entry New Risks in Penetration Testing was concerned that reputational scoring for an IP could be effected by pen testing from that IP address. I guess someone is taking the old Senderbase concept and applying it to all traffic. The helpdesk received an issue a while back about an inability to communicate with a government website. After checking it out, it looked like they were blocking our external IP. We communicated with the government people and confirmed that their ISS IPS appliance had automatically blocked our IP because we were attacking them. I checked the logs and found that one of our people that pentests for a living had done some probing of XSS on a Wordpress blog hosted on the government site. I turned that over to someone else to find out if he had authorization to be doing such. Probing other companies from your companies main IP address is not such a good idea.

Current Feed Items | Previous Months Items

Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009