Looking for a quick read? Then this is the perfect post for you. Jennifer Jabbusch walks us through four must-have SMB security tools. I encourage you to check it out here.
Posted under Information/Advisories, community
This post was written by Aaron on August 24, 2010
Jennifer Jabbusch wrote a nice article on choosing the right firewall. It’s posted over at darkreading.com
Without futher delay here is the link :
Choosing the right Firewall
Posted under Podcasts
This post was written by tkrabec on August 23, 2010
Recently I’ve seen an increase in the infections of computer by Fake Anti-Virus Programs. These are horrible programs, which are tested by their creators to bypass your Valid Anti-Virus program. Not only are they created to get past your Anti-Virus, but they also created to fool the people using the computers, into installing this Malware.
I came across a great list of these Fake Anti-Virus programs
Via Technibble.com If one of these Rogue programs is installed call your IT department or contact your Computer Consultant.
– Tim Krabec
Posted under Podcasts
This post was written by tkrabec on April 29, 2010
Interview With Chris Nickerson part3
The last part of the interview where Chris talks business with the crew.
Posted under Podcasts
This post was written by admin on March 1, 2010
Our post today comes from Tim Mugherini of Security Braindump. Tim currently works for a BioTech firm as their network and security guy. Take it away, Tim!
During the last decade, many Information Security practitioners have predicted the rise of mobile phone malware. The predictions thus far have fallen short, however, there have been the occasional incidents of malware infections but to date nothing has occurred on a mass scale. I cannot predict when such malware becomes lucrative enough to develop, but I do believe that the transformation of a mobile phone to a fully functional computing system with a robust browser may signal that the day is coming soon. With the recent increase in mobile phone functionality there is an increase in sensitive data stored on the device, thus making it a valued target.
Those of us who supported and used corporate computer systems during the early part of the millennium, remember the chaos caused by virus and worm outbreaks. Being a desktop support tech at the time, it was not unusual to spend several days chasing a worm around the corporate network while frantically locking and patching systems as you went. The users were not happy, management was not happy, customers were not happy, and I can personally tell you none of us in IT were happy.
At the time, patch management was not centralized at many small to mid-sized organization; servers were installed with the default settings; users ran with local administrative rights; code reviews were non-existent; and wireless, if encrypted at all, used WEP. Over time, many organizations became conscious of the value of securing their systems. Well, some organizations did anyway.
There is a lesson to be learned in the history of computing. The mobile platform that we all use today is, for all essential purposes, the PC of 1999 all over again. The aforementioned problems of the PC during the late 90′s still exist now on the mobile phone. Moreover, what limited security features that do exist on this platform are often not enabled or configured.
During 2009 we began to see the emergence of malicious software on the mobile phones. In July 2009, the BBC reported about mass distribution of spyware on Blackberry devices in the United Arab Emirates. In November, two iPhone worms were making the rounds (http://www.f-secure.com/weblog/archives/00001822.html and http://www.f-secure.com/weblog/archives/00001814.html). Several credit unions reported malicious applications in the Android Marketplace targeting banking credentials in December (http://www.bayportcu.org/site/mobilesecurityupdates.html and http://www.firsttechcu.com/home/security/fraud/security_fraud.html).
At ShmooCon 2010, I watched a talk presented by Tyler Shield of Veracode entitled “Blackberry Mobile Spyware – The Monkey Steals the Berries” (watch the presentation at http://shmoocon.org/2010/videos/BlackberryMobile-Shields.m4v). During the talk he demonstrated proof of concept malicious code for the Blackberry platform. Veracode has posted numerous blogs about the presentation and issues demonstrated but I think Chris Wysopal formerly of L0pht and @stake summarizes the situation facing mobile phone users the best:
“We need to leave the “detect and revoke” mentality of the PC world behind as we move to new platforms. Attackers are able to game the PC antivirus model by continuously flooding the software ecosystem with new unknown malware. The attackers will win in the mobile world too if we don’t change it. The mobile app store is a form of whitelisting that can assure the security of an entire platform if the whitelisting means something. That is if the apps are tested for security before being published.”
I could not agree more. The unfortunate truth is RIM, Google, and Apple are not performing any detailed code review and security testing right now. Moreover, the only mobile solution that provides any measure of centralized security is RIM’s Blackberry Enterprise Server and many companies are not leveraging those features and settings. The title of this post is a well known quote from George Santayana and is sometimes referred to as the Santayana’s Law of Repetitive Consequences. I fear the security failures of the past apply to the mobile platform of today. Let’s hope we take heed and act. I think everyone could agree that the thought of chasing malware around on a platform that knows no physical bounds would be counterproductive to any organizations’ goals.
~ Tim M.
Posted under Information/Advisories, Mobile, community
This post was written by Aaron on March 1, 2010
Some of you may have received an email similar to the one below:
**************
Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:
http://photobank.********.****.*****/id1073bv/get.php?email={Your Email is here}
{SOME NAME}
**************
Newsflash folks, they haven’t. Well, at least not the people purporting to have done so in this email!
Educate your users, don’t click on the link. We’ve had a user actually do so and managed to infect their machine. To most, it seems more of a pain to clean it than anything. But let’s put it this way: Your technical company (or your internal technical person) has to go clean this up. Say your outsourcing firm charges $100 per hour. Something like this takes at least 2 to 3 hours to clean let alone ensure it has been eradicated. I’m not counting the checks of ALL your other systems on the network. Now we’re talking more along the lines of 5 or 6 hours. Now factor in the cost of the downtime to the user who has been infected. Now you’re looking at $1,000 or more in real money that has been lost. Now factor in there is the very real possibility this user has had documents lost or destroyed by this virus.
User education doesn’t seem so expensive any more.
Posted under Information/Advisories, Podcasts
This post was written by Aaron on February 3, 2010
I’ve been seeing more email trying to get me to install patches which are not from Microsoft.
Subject: “Update for Microsoft Outlook / Outlook Express (KB910721)”
Now unless you’ve signed up with Microsoft to receive notifications via email you’re not going to get them. And most certainly the WILL NOT be sending patches via email, except possibly if you’re on an active support call. So once again don’t open attachments, when you’re not expecting them.
Posted under Podcasts
This post was written by admin on February 3, 2010
http://media.libsyn.com/media/tkrabec/OSMBMinute-nickerson-SMB_part_2.mp3
Sorry about the audio in part 1.
Posted under Podcasts
This post was written by admin on February 1, 2010
Finally after a long Hiatus we’re back
http://media.libsyn.com/media/tkrabec/SMBMinute-nickerson-SMB_part_1.mp3
– Tkrabec
Posted under Podcasts
This post was written by admin on February 1, 2010
Yesterday I was called to one of my clients to remove a fake antivirus program. So I stopped by and cleaned the machine, manually then it was scanned with malware bytes which removed a few more traces. Completely normal. Until this morning when I got a call back saying it’s back. So I stopped by and there was a website with fake popup from us-scann(dot)com. Google has nothing on them, yet. So I’m blacklisting the domain in their dns and running another scan then another manual look.
It has been my observation over the past few weeks that thee has been a sharp increase in these fake av’s. So be on the lookout and make sure you and your employees KNOW what programs are on your machine.
Posted under Information/Advisories
This post was written by admin on January 21, 2010
