Cybercriminals had a phishing Attack on .gov and .mil
Posted by Mourad Ben Lakhoua in Cybercrime, News on February 8, 2010
Criminals are conducting spam attacks on email addresses related to .gov and .mil domain name. According to Brian Krebs Blog post the fake messages includes a link leads to a Trojan Zeus which helps to steal Banking system passwords.
The reason of success of such attacks that the phishing message looks quit legitimate, Recipients are invited to download a report 2020 Project which exist and recently published by the National Intelligence Council of the United States.
At the same time after investigating the email headers the real sender is nobody@sh16.ruskyhost.ru which is a Russian email address.
16 out of 39 Antiviruses detected the malicious software as a dangerous Trojan. Because Cybercriminals are upgrading their Bot Network to cheat on different AV products (F-Secure detected the Trojan as Suspicious:W32/Riskware!Online).
make sure you subscribe to my RSS feed!
Microsoft prepares 13 patches for Next Tuesday
Posted by Mourad Ben Lakhoua in Operating System, Software Security, Vulnerabilities on February 5, 2010
Microsoft announce that they are about to release a 13 security updates on next Tuesday, these new security patches are issued to fix 26 security vulnerabilities in windows operating system and Microsoft office suite.
According to the Advanced Notification five updates are critical and the 8 others are important. While we can find 11 of 13 patches are issued to fix vulnerabilities in one or more operating systems, and the remaining two patches are for Office XP and Office 2003 for windows and Office 2004 for Mac.
Among the patches we can find a fix for a 17 year old Bug in 32-bit windows version, and will close the loophole that involves the venerable DOS operating system. Internet Explorer two recent critical vulnerabilities will not be patched for this Tuesday updates.
You can find Microsoft Security Bulletin Advance Notification for February 2010 Here.
make sure you subscribe to my RSS feed!
F-Secure: Innovating to Protect the Irreplaceable in 2010
Posted by Mourad Ben Lakhoua in Anti-Viruses on February 4, 2010
In addition to an array of threats F-Secure’s Labs predict that there will be more attacks on social networks such as Facebook, Twitter, Myspace, Linkedln, etc. The 350 million people on Facebook, for instance, obviously represent a concentration of people, data and trust far too tempting for cyber-criminals to ignore. And these networks invite users to blur the lines between business and pleasure, creating new risks for PCs both at work and at home.
Meanwhile, hackers are looking to exploit new technologies—such as real-time and location-based search—and scammers are figuring out even craftier ways to exploit the information we reveal in our Tweets, updates and profiles.
F-Secure is dedicated to creating products that protect your irreplaceable data, content and time, so you don’t have to worry about all of these endlessly evolving threats on the web.
We want to thank Mourad for this chance to lay out some of the security solutions we’re offering for 2010.
F-Secure Internet Security 2010 includes comprehensive anti-virus, anti-spyware and firewall along with several breakthrough technologies. DeepGuard 2.0 uses “in-the-cloud” computing to provide instant protection against new threats. Browsing Protection reveals dangerous and corrupted sites while Exploit Shield blocks suspected malicious activity. The Exploit Shield technology in Internet Security 2010 would have helped Google block the recent Aurora attacks . Internet Security is available for Windows XP, Windows Vista and Windows 7 operating systems.
Anti-Virus 2010 is based on same technologies as F-Secure Internet Security. It offers enhanced protection against viruses, spyware, infected e-mail attachments, and other malware. F-Secure Anti-Virus is also available on Windows XP, Windows Vista and Windows 7 operating systems.
Data that exists inside only one internet-connected PC is always at risk—especially as new threats threats like ransomware emerge. F-Secure Online Backup creates unlimited online copies of the important files on your computer. F-Secure Online Backup gives you safe and easy access to your backed-up pictures, documents and other digital content anywhere over the Internet. It’s available Windows XP, Windows Vista, Windows 7 and Mac OS X operating systems.
In addition to our premium personal and business tools, F-Secure will update many of the free technologies we’ve created to protect users and minimize the spread of threats.
Health Check is a free browser-based solution that can be used to check that your computer has up-to-date internet security product and that your applications doesn’t contain any known vulnerabilities. It will also assist the customer to solve any problems it might find. F-Secure Health Check works on Windows XP and Vista machines with Microsoft Internet Explorer 6/7 or Mozilla Firefox 3.0.
Online Scanner is a free browser based solution that can be used to scan your computer for malware. Online Scanner works on Windows XP and Vista machines with Microsoft Internet Explorer 6/7 or Mozilla Firefox 3.0.
The links posted on social networks create the greatest threat to users’ safety. Our newest free tool, Browsing Protection is a way to check if a website is dangerous so you can protect your identity as you visit new sites. It’s available though any web-connected browser.
In just a few years, more people will access the web from mobile devices than from conventional PCs. F-Secure is dedicated to securing smartphones as they become more connected, smarter and contain crucial more business and financial data.
Our newest mobile product protects against the most immediate threat to your phone—theft or loss. With Anti-Theft for Mobile, you can remotely lock the phone and protect the information it contains with a single SMS message. Even if a thief changes the SIM card, the Theft Control feature locks the phone and informs you of the new number. As an ultimate safety measure, you can erase all the data on the phone with Remote Wipe.
Mobile Security includes anti-virus, anti-spyware, a firewall along with anti-theft. It operates seamlessly with automatic updates keep the phone constantly protected. F-Secure released its first mobile security product ten years ago this February.
For information about our business solutions, please check out our site. We also invite you to follow our regular updates @FSecure on Twitter and Facebook.
make sure you subscribe to my RSS feed!
Apache SpamAssassin New Release
Posted by Mourad Ben Lakhoua in News, Software Security, Tools on January 27, 2010
New version of the anti-spam filter SpamAssassin Today has been released, the free anti spam solution is widely used by hundreds of thousands organization around the globe.
Apache SpamAssassin 3.3.0 offers a new way of updating rules for spam filtering. Now the rules database are separated from the main product and loaded through the automatic updates. This approach has been provided as an option in the previous versions.
SpamAssassin supports a huge number of filtration mechanisms, including text analysis, Bayesian filtering, DNS blocklists, collaborative filtering databases and much more. All these methods will help in the spam identification and reduce the false positive (ham incorrectly marked as spam).
You can download Apache SpamAssassin 3.3.0 here.
Hackers Target Internet Forum Database
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Internet, News on January 22, 2010
A popular Irish discussion forum, Boards.ie has been today forced to change all users’ passwords this is due to a security breach where hackers compromised a part of users database on the server.
Tom Murphy one of the portal founders has made an official statement that the site is “regularly the target for disruption and take continual actions to proactively protect data”.
During this attack hackers have gained access to part of the main Database server that stores usernames, email addresses and encrypted passwords for registered users. So as a security measure they started to change all users’ login and password and recommend all subscribers to not use the same accounts credentials on other websites to prevent any identity theft.
The site started life as a forum for the computer game Quake in 1998 and has more than 500 forums on a range of topics.
According to the most recent ABC internet traffic statistics in November, Boards.ie had more than 20m page views, averaging more than 1.1m page views a day.
make sure you subscribe to my RSS feed!
Quick Tips on Secure Shell
Posted by Mourad Ben Lakhoua in Best Practices, Cloud Computing Security on January 17, 2010
SSH is a perfect security alternative to Telnet and has been used by system administrators and IT managers to configure and implement servers and network devices, here I wanted to list manual on Secure Shell usage.
First let’s start by choosing SSH client here we will find no problem because generally there are two accepted solutions PuTTY and SecureCRT, both are really good. But while SecureCRT is not a free solution we find that many IT Technician prefer to use PuTTY.
With using PuTTY you can connect to your server via: Raw,Telnet,Rlogin,FTP(SFTP),SSH1,SSH2. In addition to supporting all these protocols you can find more TOOLS:
- Puttygen – generator Rsa / Dsa keys used for authentication.
- Pagent – authentication agent helps to store the keys in memory.
- Plink – command line interface.
- Pscp – utility that provides safe files copying.
- Psftp – secure ftp-client for copying, viewing, renaming files…
Despite all these functionality, working with SecureCRT is more comfortable for one useful option which is using the tabs for different sessions. If you are working on five servers or even more for example with putty you will find some difficulties in switching between them, but to handle this French group released PuTTY Connection Manager. PuTTY Connection Manager is free PuTTY Client Add-on for Windows platforms which goal is to provide a solution for managing multiple PuTTY instances. So PuTTY Connection Manager will only combine the open windows in a user-friendly interface, and also provides an advanced interface for the connection settings.
Well to implement the server side SSH you can use the standard OpenSSH it is by default installed on any UNIX distribution for other system you can setup DropBear. It is an opensource software useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers. For Windows 2000, XP, 2003, Vista, 2008, and 7 you can use WinSSHD or MobaSSH and all that you need is to press install button and the system will immediately adds the new service.
MobaSSH is basically an OpenSSH that is compiled with Cygwin. And you will have a number of useful commands:
- MobaHwInfo: provides information about the OS and Hardware.
- MobaSwInfo: list the software installed on the system
- MobaTaskList, MobaKillTask: a list the processes running on the system and kill the desired processes.
- TCPCapture: Monitor the Network
- Scp, sftp: transmit data in an Encrypted form over ssh-connection
- Rsync, wget: synchronizing local folders to network resources.
If we are talking about SSH we cannot miss the secure file transfer, when you connect to server via SSH client can perform all basic operations: upload file to the server, rename files and folders, change files properties, and create links and shortcuts. One of the most famous utility here on windows is WinSCP.
Now it is very important to keep your system up to date and mitigate the risk but there is a very important thing to do is to protect your system against brute force attack. Authorization using login and password considered not secure so in most cases it is recommended to disable it on server. But if we really need it you should implement intrusion prevention system. For example Sshguard.Sshguard will help to monitor logs, detect attacks and block the attacker with a firewall rule. the logs are collected from (syslog, syslog-ng, metalog, multilog, raw) and it calculate the suspicious activity such as passwords guessing attempts and block IP addresses by using the local packet filtering (pf, ipfw, netfilter / iptables, or hosts.allow file). There is also some similar projects such as Fail2ban and Sshdfilter 1.5.5.
Finally for mobile devices SSH client you can use the following:
- Symbian: PuTTY for Symbian OS
- Windows Mobile: PocketPuTTY
- Java: MidpSSH
- iPhone: iSSH
And for SSH Brute force you can use the following:
- SSH Brute Forcer
- SSHatter
- SSH BruteForcer
- THC Hydra
As you can see it is possible to do your tasks in a fast and secure way regardless the environment implemented using Secure Shell.
make sure you subscribe to my RSS feed!
Hacker steals 8K customer logins
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Vulnerabilities & attacks on January 13, 2010
Hackers managed to steal authentication credentials for more than eight thousand New York based bank customers. The incident happened after by passing Internet security measures for an online banking system server.
According to early this week press release, the attack on Suffolk County National Bank (SCNB) started on the 18th of November last year and spent about six days while IT team has been aware of the incident only on the 24th of December during an internal audit mission. As a result 8378 online accounts were compromised, this is approximately less than 10% of the total customers number.
Once the problem has been identified, they immediately took down the server to start the investigation. And the bank confirmed to the customers that there is no evidence for unauthorized accounts access or any suspicious activity.
The most interesting is that for the last quarter of the last year the bank invested about 351 thousand dollar to protect their system and this incident proved that this amount of money is not enough to secure customers.
make sure you subscribe to my RSS feed!
BackTrack 4 Final Edition
Posted by Mourad Ben Lakhoua in Pentesting on January 11, 2010
After approximately one year since the first beta version of BackTrack 4 has been released, today the Team has made the BackTrack 4 Final Release available for download. The Beta version was firstly introduced on February 2009 and we already listed the new features on SecTechno.
BackTrack is an excellent collection of security tools for penetration testing it includes more than 300 most recent pentesting tools the system is based on Debian distribution and gives all what security testing needs.
make sure you subscribe to my RSS feed!
Secure Live-CD Ubuntu Privacy Remix 9.04r3 is Out!
Posted by Mourad Ben Lakhoua in News, Operating System, Privacy & data protection on January 11, 2010
Ubuntu Privacy Remix (UPR) developers released a new modified version of the Linux Ubuntu operating system and now are available for download online.
UPR is a Live CD Destro that aims to provide users with an environment that allows to safely handling personal information, the system installed on the computer running UPR remains untouched.
The risk of theft of such private data arises not only from “conventional” criminals, trojans. rootkits, keyloggers etc. Ubuntu Privacy Remix is a tool to protect your data against unsolicited access.
To mitigate the risks Ubuntu Privacy Remix tries to create such a working environment on any PC with the following measures:
• The system resides on a read-only CD, Spyware and other malicious software cannot be installed permanently.
• The system completely ignores any potentially compromised local (S-)ATA hard disks.
• The system kernel is modified so that it cannot activate any network hardware. No LAN/WLAN/Bleutooth/Infrared etc.
• The system is based on free software which can be verified in source code.
• To ease working with a non-modifiable system, UPR introduces “extended TrueCrypt-Volumes”, which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume.
The OS software component, including the system kernel, has been updated to the latest versions and as a result the creators managed to get rid of some bugs and vulnerabilities. In addition to the CD version there is a special utility to create bootable USB-drive directly from the protected environment.
you can download Ubuntu Privacy Remix 9.04r3 here.
make sure you subscribe to my RSS feed!
Software Failure or 2010 Problem!
Posted by Mourad Ben Lakhoua in News, Software Security on January 7, 2010
The New Year 2010 starts with a no good surprise not only for system administrators but also for many European Banks customers. Many cardholders were not able to use cash machines or make payments via terminals. The problem was caused by vulnerability in the software chips installed with ATMs.
Bugs corrupted not only ATM software but also a different number of software vendors, the first error was noticed in the spam filtering program SpamAssassin. This is due to a default rule FH_DATE_PAST_20XX which made all messages marked as spam and been stored in the junk folder.
Security software company Symantec has faced also some problems in 2010 and released a bulletin that reports a bug in the Symantec Endpoint Protection Manager (SEPM) server. This error in the system does not allow customer to install updates that were released after 31/12/2009 so users were defenseless against new malwares. On a Blog post Symantec stated that they are working on a solution and will update customers when a solution becomes available.
make sure you subscribe to my RSS feed!
SUBSCRIBE
