Archive for the 'Computer Security' Category

One Man’s Way Of Beating an eBay Scammer

Thursday, June 15th, 2006

Computer Security

He tracked down the scammer and called his (the scammer’s) mother.

http://wuvt.blogspot.com/…
(via The Consumerist)

Hacking a Bank Via Social Engineering

Thursday, June 8th, 2006

Computer Security

Many successful hackers rely on social engineering. Here’s an example that reminds me of the movie Sneakers.

http://www.darkreading.com/…
(via Digg)

Spyware Baffles Microsoft Engineers

Tuesday, June 6th, 2006

Computer Security

It’s pretty bad when top Microsoft engineers can’t remove malware from a Windows computer. My favorite part of the article, though, is where a Microsoft vice president says “This really opened our eyes to what goes on in the real world.”

http://australianit.news.com.au/…
(via digg)

Getting Rid Of Old Hard Drives

Saturday, June 3rd, 2006

Hard Drive

Back when I was in the Air Force, the only approved method of wiping data from a hard drive was to disassemble it and break the platters with a hammer. But if you do as this couple did, and give your computer up to be recycled, I’d suggest at least making a boot disk and reformatting the drive. A better level of security, however, can be found by using Eraser. For certain private information, I go that extra step and use encryption. And for the über-paranoid, there’s whole-disk encryption. (Windows Vista is supposed to have built-in disk encryption, but I wouldn’t trust it to not have a back door.)

http://news.yahoo.com/…
(via The Consumerist and Slashdot)

MS Word Security Vulnerability

Thursday, May 25th, 2006

Computer Security

There is a new security threat, this time in specially-crafted Microsoft Word documents. If you have Office 2002/2003/XP or Word 2002/2003, be careful about opening untrusted Word documents that you receive via the internet. The good news is that it isn’t a virus, i.e., it doesn’t progagate itself. The bad news is that infected Word documents allow the author to take control of your system.

http://www.tgdaily.com/…

Keystroke Logging and Physical Security

Sunday, April 23rd, 2006

Computer Security

Keystroke logging has become more of a concern in recent years, as more and more spyware programs install a software-based logger and send the results back to the creator—who then takes advantage of the password, bank account, and credit card information that may have been captured. In addition, there’s the problem with loggers installed on public computers (never enter sensitive information on a public computer—you’ve been warned).

With all this emphasis on software, however, it’s easy to forget about the hardware-based loggers. ThinkGeek has one for sale, at a mere $99. Simply unplug the keyboard, attach the Key Katcher, and plug it back in. Remove it later and you can browse up to 130,000 keystrokes. Very useful for checking up on a potentially-cheating significant other, or monitoring a child’s internet use. Or, for the creative, posing as cleaning staff and installing them on a bank’s computers. (The bank in question now super-glues keyboard cables to the computer, although there are other, less-expensive solutions.)

The gist of it all is that physical security is just as important as firewalls, anti-virus/spyware software, and network/internet security. Did you know, for example, that it’s quite easy to reset Windows passwords provided you have physical access to the computer? (Via the Linux disk or the login.scr trick.) And you can usually access the files themselves just by moving the hard drive to another machine that already has Windows installed—which is why really sensitive files should be encrypted.

It’s a dangerous world out there, in the land of computers, but knowing the potential risks is the first line of defense. I’m sure I haven’t covered them all, so feel free to leave comments with any additional information.

How Not To Design Web Site Security

Tuesday, April 4th, 2006

Computer Security

This one’s a bit technical, but it goes something like this: A company designed a web site such that if you (1) disable javascript, (2) disable cookies, and (3) visit every link on the site… then you will delete all content on the site.

Unfortunately for the site owners, the Google web crawler meets all three of the criteria. And the site content was deleted.

http://www.thedailywtf.com/…

Sony Rootkit Settlement

Monday, March 13th, 2006

If you bought one of the CDs associated with the Sony rootkit fiasco, then you are eligible to take part in the settlement.

http://www.eff.org/…

http://arstechnica.com/…

Virus Anniversary

Tuesday, January 24th, 2006

Computer Security

A short read about the origin of computer viruses, on the 20th anniversary of the first one.

http://news.bbc.co.uk/…

Why Wireless Security Matters

Saturday, December 17th, 2005

Computer Security

Paramount is suing Russell Lee for more than $100,000, alleging that he obtained an illegal copy of a movie and subsequently uploaded it to a filesharing network. In defense, Mr. Lee claims the real perpetrator hijacked his (then unsecured) wireless network. The evidence is weak, and while Mr. Lee will probably be exonerated he will still have to pay legal costs and deal with the stress of a court case. This just underscores why wireless security is so important.

If you have a wifi network, here are the basic things you should do to secure it:

  • Change the router’s default admin password.
  • Change the SSID and disable SSID broadcast.
  • Enable WPA2 security. If your wireless router does not support WPA2, then get a router that does. WEP security is easily cracked, and WPA, although better, is still vulnerable.
  • Use MAC filtering.

These steps will not keep out a determined expert hacker, but the goal is to make it difficult enough that he/she will hijack someone else’s network.

The Sony DRM Fiasco: What You Need To Know

Sunday, November 27th, 2005

Disc

Sony BMG recently implemented a copy-protection scheme on some of its music CDs that has the tech community up in arms and has even managed to make the popular press. Here’s what you need to know about it.

The music CDs play without problem on standard CD players, but require special software to play on a computer. When you insert the disc into your CD drive, you get a license agreement. After clicking on the “Agree” button, DRM software is installed from the CD allowing you to play the music. So far, so good. Maybe a bit annoying, but not newsworthy.

The problem is that, on Windows systems, Sony utilizes a rootkit to help prevent people from disabling the DRM software. A rootkit is a set of programs and tools that enables a (typically malicious) program to hide its presence on a system. This fact was discovered by Mark Russinovich when he ran his Rootkit Revealer program and got an unexpected positive. (By the way, if you’ve never checked out the SysInternals web site, I heartily recommend it. They have some useful freeware utilities that you can’t find anywhere else.)

Mark posted the discovery on his blog, and it didn’t take very long for the tech community to go ballistic. They called it an infection, a trojan, spyware, etc. But the real problem was that the Sony rootkit hides “any file, directory, registry key, or process whose name begins with ‘$sys$’”. It was thus theoretically possible for malicious hackers, upon gaining access to a system, to utilize the rootkit for their own purposes. And it wasn’t long before that theoretical possibility became a reality.

Sony slowly began to realize they had a problem. First they gave difficult and convoluted instructions on how to remove the rootkit. After complaints from the tech community, they came up with a better method. As publicity mounted, Sony finally decided to recall the copy-protected CDs. Then the lawsuits began. The EFF filed a class-action lawsuit, and the state of Texas filed a civil lawsuit claiming the DRM software violated its spyware laws. Finally, as the tech community dug further into the DRM software, they discovered that Sony had illegally copied some LGPL-licensed software.

This was an expensive public-relations fiasco for Sony. The funniest part is that it’s possible to circumvent the copy protection using a piece of tape, holding the Shift key while the CD is loading, or disabling autoplay. (Note that the tape method is old news—it seems that sometimes they never learn.)

So that’s the whole thing in a nutshell. Here are some links with more details:

http://www.tgdaily.com/…

http://www.schneier.com/…

Watch Your Metadata

Sunday, November 20th, 2005

Computer Security

Every so often the tech news community lights up about a gaffe related to document metadata. Some years ago Apple was running a fairly successful switch campaign where people gave testimonials about why they switched to a Mac. Microsoft responded with its own anti-switch campaign. The name of the person in the Microsoft testimonial was not given but was included in the document’s metadata. An AP reporter was able to track her down and discovered that, much to Microsoft’s embarrassment, she worked for a PR firm employed by Microsoft. To add further damage, the picture in the testimonial was a fake, taken from stock footage. Microsoft quickly pulled the ad from its site and pretty much abandoned the anti-switch campaign.

More recently, the United Nations prepared a report on the murder of Rafik Hariri, the former Lebanese Prime Minister. Some of the more damaging allegations were removed just prior to the report’s release, but they remained in the document as metadata. These politically-sensitive deleted portions were quickly discovered and publicized, to the UN’s embarrassment.

For most practical purposes, “metadata” refers to hidden information kept by Microsoft Word as part of a saved *.doc file. The most common type of metadata is information on the people who created/edited the document. Just pull up a Word document and go to File | Properties. You should be able to quickly find the name and company of the author. This is the type of metadata that caught Microsoft.

The UN situation was a bit different. They had enabled Word’s abililty to track revisions, because the document was being edited by multiple people. The author forgot to accept the changes, thus making the original draft and the full revision history available to those “in the know.”

Anyone in a business or professional environment needs to be aware of document metadata—the potential for damage is just too high. The following are some ways to properly deal with metadata:

  • Use the Office add-in provided by Microsoft, or (recommended) purchase a commercial “scrubber”. There is also a free utility, Doc Scrubber™, that works pretty well.
  • Save the file in the RTF format and then convert it to PDF for distribution. (You should be doing this anyway—distributing non-draft versions of *.doc files can bite you.) Be aware that Adobe Acrobat also retains some metadata, so just converting to PDF may not be enough.
  • Turning off the “track changes” feature and/or selecting “accept changes” are not sufficient to remove your metadata.

Additional/Reference Links: