Does your daily routine include deleting the entire contents of your junk folder? Missing out just one day can send them full to overflowing, and there’s no reliable way to stop them. Even e-mail spam filters can’t keep up with the surge, and I occasionally get messages mixed up with the junk.

This week Sophos released a list of the top spam-producing countries in the world. This report named the United States to be the world’s largest producer of junk e-mails, producing 21.6 percent of the total. China ranked second, though they’ve managed to lower the amount they send out by nearly seven percent. The UK managed to drop off the top twelve list, though Israel makes an entrance at the eleventh spot.

1. United States (21.6%)
2. China (inc. Hong Kong) (13.4%)
3. France (6.3%)
4. South Korea (6.3%)
5. Spain (5.8%)
6. Poland (4.8%)
7. Brazil (4.7%)
8. Italy (4.3%)
9. Germany (3.0%)
10. Taiwan (2.0%)
11. Israel (1.8%)
12. Japan (1.7%)
13. Others (24.3%)

What caused the increase? Well, there’s SpamThru which came out these past two months. SpamThru’s unique method of infecting and using an antivirus to get rid of any malware in the system guaranteed its survival in the wild. And then there’s been several variants of the Stratio worm that’s been making its way around this quarter. When you think about it, the junk mail you get is just a symptom of the bigger problem of bot infections and network vulnerability. These days they’ve added malware to their bag of tricks to gain your computer. Most junk e-mailers attack unprotected computers and control them without their users knowing. These hackers do it by using vulnerabilities in the computer’s operating system. Until they can be completely stopped, we’ll just have to include deleting spam mail in our daily activities.

[tags]spam, top twelve[/spam]

Tags: Network Security, News, Real-World Issues

Categories: Network Security, News, Real-World Issues

Comments Off

The list of sites you should avoid because of the threat of viruses and unwanted malware is almost ingrained in the mind of every person browsing the internet. Not to mention that ultimate rule of don’t click a link on the instant messenger window or e-mail even if it’s from a close friend. Banner ads might be a gateway to a site that installs keyloggers and malware. But there are a number of sites that disguise themselves as good sites to get you downloading their files on your own.

One such example is the fake codec sites. Codecs are most often associated with video and movies. These programs helps your media player translate the stream of data for viewing and editing. It may so happen that you have an old media player and the videos you want to view was encoded using a different program. It may also be that the file format is incompatible with your player, so you need that codec to make it viewable. Your first instinct would be to search for codec sites and download from the first in the list that turns up. They look legitimate, but then they work because of that. The “codec” you download will turn out to be the very files you want to avoid. And this isn’t even limited to codecs. Hackers, knowing how much anti-virus programs are popular, make fake anti-virus pages with the same purpose. So how can we avoid them? We can always check sites like Sunbelt blog that lists down fake codec and security sites on a weekly basis. Or simply download codecs and upgrades from the legitimate sources. it’s much better to be safe than sorry.

[tags]fake codec, spyware, trojans, malware
[/tags]

Tags: Real-World Issues, Spyware, Tips

Categories: Real-World Issues, Spyware, Tips

Comments Off

How do you feel about the security policies being implemented by your company? Do you think you’re secure even from the visitors that drop by? Maybe the old adage about an ounce of prevention still serves us well in these days.

I once visited a company that had what I thought was a strange security precaution at the door. At first I wondered why they didn’t allow CDs, mp3 players, and other portable devices, but then it made perfect sense when I was ushered into a section with open computers and left to my own devices. Had I come in with any sort of malicious intent I could get files off the computer.

Though the term podslurping has gotten attention because of the i-pod’s popularity as the mp3 player of choice by employees, any form of removable media device can be used. Cameras, thumb drives, and mp3 players can be used to get the data without being caught. This is actually quite easy nowadays because of the plug and play feature of most operating systems. There are already programs designed to search a network and find critical data. Simply insert the device of choice to an empty USB drive, and from there anyone can download possibly highly-sensitive data. That’s why some companies limit the use of those items at work, but it’s not the best solution. There are policies that don’t have to limit the employees’ and visitors’ use of mp3 players and cameras. One is to not allow storage devices to be mounted on any computers in the system. Another would be to use encryption on files and restrict access to confidential data.
[tags]podslurping,security policies[/tags]

Tags: Physical Security, podslurping, Security Policies

Categories: Physical Security, Security Policies

Comments Off

Often we think of security in terms of applications that can be used to safeguard our data, but there can always be different approaches to the same problem. Encrypting the data in your hard drive may be the key to keeping it safe in these days of laptop theft.

Data encryption for hard drives can come in two forms. You can either use a software to encrypt your data, or have a drive that required password identification before gaining access to the files inside. The first method can be performed with a selection of open source and licensed software. The files are protected even when the Operating System is not on. This works in different ways. Some software create a virtual drive inside the hard drive to store the data. the virtual drive will take up an allotted amount of space in the drive, but it cannot be accessed unless the password or set of passwords have been given. This type of data encryption can also be performed on drives that had no form of security encryption originally like the computer you’re currently or even thumb drives.

Hard drives with encryption has been available for the past year, most often in the form of external drives that can be brought to different places and handled by more than one user. These hard drives operate with full encryption, where the data in the whole disk is encrypted. Some of them combine password identification with biometrics to give double security to the files inside them. These drives come with a chip containing special software that does the decrypting and encrypting without taking too much time. The problem with this method is that if the password is forgotten, the data can’t be recovered. Seagate had recently announced that they will be shipping hard drives with an improved full disk encryption they call DriveTrust on January. These two methods will protect the files in the hard drive, and it’s only a matter of choosing which suits you best.

[tags]data encryption, data, security, drive encryption[/tags]

Tags: Cryptography, data, data-encryption, drive-encryption, Privacy-&-Anonymity, security, Storage

Categories: Cryptography, Privacy & Anonymity, Storage

Comments Off

Hackers are now using social engineering to spread their viruses and malware. An entry about a new version of the blaster worm in the German version of the Wikipedia gave a link to a fix for the new variant. They then sent an e-mail directing to a supposedly valid Wikipedia download, except it contained malicious code designed to infect the downloader’s computer. Sophos intercepted these e-mails and reported to the Wikipedia editors, who immediately removed the articles in question.

Wikipedia is an example of how a Web 2.0 site is - an online site composed of people sharing content, mainly unmoderated, and often social interactions. Web 2.0, a buzz word coined by Tim O’Reilly in 2004, is heavily-reliant on a trust system. But that trust system can be exploited in such a way does raise the question: is it time to implement some form of policing in these Web 2.0 sites?

This isn’t the first time Wikipedia went under fire concerning their open policy. After important current events, pages related to the event get vandalized by conflicting reports and what counts as outright fabrications. It’s just too easy to social engineer people to download malware in their belief that these sites are safe. It used to be they limited their actions to Myspace, but it seems they might be migrating to other targets. If that’s the case it may be time to have all the files scanned before they’re uploaded, just like attachments in e-mail. They’d have to rely on scanning that might prove unreliable for catching new malware and viruses. But there’s no easy way to check all of the links leading out of the site. One possible answer would be to moderate any links before they are added to a page, but that means there should be a large group of editors or volunteers willing to monitor the stream of data. But can such a group be accepted by the rest of the community?

[tags]social engineering, wikipedia, malware [/tags]

Tags: Malware, News, Real-World Issues, social-engineering, wikipedia

Categories: News, Real-World Issues

Comments Off

The nmap port scanner can be used by attackers to determine which ports are open on a remote system, and which services are running on those. Recent versions are even capable of fingerprinting the exact application and version number running, allowing an attacker to fine-tune their attack to such a system.

But nmap was not designed for this purpose, it was designed to help the network administrator prevent attacks by doing the same thing; checking their network for points of weakness.

When setting up servers, firewalls or other network-connected systems, I always run an nmap scan on the “finished” system, and then lock down anything which appears that doesn’t need to be accessed from the outside world. On a Linux system, for instance, X11 and services such as MySQL may listen on TCP ports, but there is often no need for a remote system to connect into these services. In such a situation, firewall rules allowing only localhost (127.0.0.1) to access these ports prevents them showing in any subsequent nmap scans (provided the scans are from a remote machine!).

Nmap supports many scan types, designed to obtain information about the network (ping sweep scanning, for instance), the open ports (TCP connect, UDP and half-open, or stealth, (SYN) scanning), and the operating system and services running (OS and service fingerprinting).

Each scan type provided by nmap can give the system administrator useful information, and by thinking along the same lines as an attacker, the administrator can often close off parts of the network, lock down services on accessible systems, and generally reduce the avenues of attack. Nmap is an essential tool in highlighting which of these avenues are open in the first place, allowing an administrator to block potential attackers before they become a problem.

Tags: Cryptography, IT Security Basics, Network Security, Real-World Issues, Wireless Security

Categories: Cryptography, IT Security Basics, Network Security, Real-World Issues, Wireless Security

Comments Off

At Internet Security Systems Inc. (ISS) they have discovered fatal flaws in web conferencing products. The one from WebEx included. It is the first flaw that they have shared publicly. They are closely working with vendors so that they could patch it already.

The WebEx flaw
This flaw that was discovered could be used to run unauthorized software on a computer. It has something to do with the ActiveX component it uses. As such, it is imperative that those who use it update the software as soon as possible. If you are one who does not have automatic updates on, you could download the patch from the WebEx site itself.

For those who use VoIP regularly and are concerned with their data, flaws in the software used must be checked and patched immediately, if there are available ones. The possibility of an attacker to run unauthorized software on your own computer is terrible. It could different things which might compromise the integrity of the data on your computer.

The idea that there are security flaws which are yet undiscovered in VoIP is something that makes some companies reluctant to adopting the technology. That is why some companies are still waiting for it to become more secure and stable. The convenience of communicating via such software would be nice. The thing is that it might be more costly to do damage control, in case the time when it is necessary. Hopefully, other flaws will surface and be patched immediately.

Tags: IT Security Basics, Operating Systems, Programming, Real-World Issues, Storage

Categories: IT Security Basics, Operating Systems, Programming, Real-World Issues, Storage

Comments Off

Top anti-virus software should be easy enough for a computer novice to both use and install. The software should effectively seek out and identify virus threats, as well as clean or isolate infected files. There should be understandable reporting available for each scan and plenty of help support available, so you can be well informed of the software’s activities and capabilities. Below are the criteria TopTenREVIEWS used to evaluate anti-virus software.

Ease of Use. Exceptional anti-virus software is simple to use, regardless of a person’s computer experience or knowledge of viruses.

Effective at Identifying Viruses and Worms. The best anti-virus products identify infected files quickly through real-time scanning, searching for viruses in a multitude of sources, including email, instant message applications, web browsing and so on.

Effective at Cleaning or Isolating Infected Files. Truly capable anti-virus software thoroughly cleans, deletes or quarantines infected files—keeping them from spreading throughout the hard drive or network.

Activity Reporting. Anti-virus programs should give immediate notification of viruses found by real-time scanners and should provide an easy-to-read report of scan results, including what it found and what it did with infected files.

Feature Set. A well-rounded feature set allows anti-virus software to provide absolute protection. The best programs are those that offer a wide variety of tools, from basic real-time scanning to more advanced, heuristic scanning and script blocking—when it comes to virus protection, the more options the better.

Ease of Installation and Setup. Anti-virus programs should be a breeze to install, making it easy to go from installation to initial scan in just a couple clicks of the mouse.

Help Documentation. High-end anti-virus software come with plenty of help, including support via email, online chat or over the telephone. There should also be online resources, such as knowledge bases and FAQs available for quick and conhelp.

So, no matter how serious a computer virus is or how quickly it is passed around, with today’s anti-virus software, you’ll always have a cure.

Tags: IT Security Basics, Malware, Spyware, Tips

Categories: IT Security Basics, Malware, Spyware, Tips

Comments Off

If you look on any major forum which discusses computer security, you will probably find people, or teams of people, who dedicate a large proportion of their time to helping users remove malware from their computers.

These teams typically dedicate several hours a day to going through posts on the forum and helping users locate and remove malware. This process is aided by one or more tools which scan a system for malware and optionally remove some of it. My concern is that people rely far too much on other people to fix their mistakes, than trying not to make them in the first place.

These malware-removal types have started to make documents on generic ways to detect and remove malware, which is a start, but really they need to emphasise the methods of keeping your system clean to begin with. In fact, not only that, but ISPs and IT sellers should emphasise the importance of antivirus software which is regularly updated, to their customers.

Considering that there are several free antivirus programs around, there really is no excuse for not running one! Note, here, that “I’m running Linux” still is not a valid excuse for not having virus scanners; even if Linux is itself immune to most viruses, worms, etc, it can still be used as a node along the path to infecting more users.

Especially since mail attachments sent to a Linux system without a virus scanner would not be scanned, and the Linux user may then go on to send that attachment to a Windows user, who would open it thinking it comes from a reliable source. Using a virus scanner, and educating users in prevention rather than cure, is the direction I’d like to see being taken more often.

Unfortunately, there is no accountability for ISPs or vendors, so this won’t happen.

Tags: IT Security Basics, Malware, Real-World Issues, Security Policies

Categories: IT Security Basics, Malware, Real-World Issues, Security Policies

Comments Off

Anecdotes from people are interesting all the time. There is this one person who was using a pirated copy of Microsoft Windows XP. One time, this person tried getting the security updates. Then something happened: this person had a message on the computer that the copy of Microsoft Windows XP is pirated and if the person wanted to keep on using it with security updates and stuff like that, a legal copy must be purchased. Now the thing is that everytime the computer is booted up, it shows that message. The person told me this: the moral lesson for those using pirated software is to not update!

Then again, how could one keep on using software that hasn’t been updated? There are security updates and sometimes they are critical ones. If you can’t get them for your system, you never know what you are exposing your computer to. Think of the MySpace news some time ago. Internet Explorer had a vulnerability. If you are a user who did not update, you would have probably been a victim.

Now we see from this anecdote that it is important to have legal software. We do not just have something we could use without guilt but we also get whatever updates the developers have in store. It would be bad for productivity to keep on dealing with malware and viruses because of the lack of updates.

If you are someone who can not afford legal copies of software because they are expensive, you could always download free and open source software. That way you have legal software and you could secure your system because you would have legal access to the security updates and all that.

Tags: Backups, IT Security Basics, Network Security, News, Privacy-&-Anonymity, Spyware

Categories: Backups, IT Security Basics, Network Security, News, Privacy & Anonymity, Spyware

Comments Off