The hijack process comes in stages and all the while the misguided clicks always execute a piece of JavaScript which re-directs the user to a page that seems to be the MySpace site but actually isn’t. The problem has seemingly dropped traffic due to the shutting down by the phishing site. Websense has informed the MySpace people regarding the matter and they are surely taking action to provide measures to ensure the privacy (which may be next to impossible to such open sites) of their subscribers. Symantec has also raised the alarm and has released information that can help users avert the disclosure of personal information to the said phishing site. MySpace has also identified several individuals who might be involved in the attack and have suspended their accounts as they continue to investigate the actions of these errant users and what part they had with the attach on the social networking site.

Unless there is a real outbreak that possesses quite a threat towards every computer, people will not be aware or concerned about technology security today. While the religious practice of keeping track of these threats cannot be readily instilled, it would be best to exhaust all means in being able to do so. Besides, people know for a fact that neglecting such efforts will be at their own risk and network and computer security is something that many would realize when the harm has already been done.

[tags]newspapers, magazines, e-zine, websites[/tags]

It is best to proceed with caution before totally unzipping the contents to any directory of your computer. It is the executable files such as the setup.exe that may garner much doubt. Once executable files are double clicked, it will immediate process and try to install itself on the machine. Once finished, there is no telling what effects it may do or create, thus the need for people to think twice before clicking on the files.

[tags]filename extensions, filenames, zipped, scanning, virus scan, spyware, trojans[/tags]

Such was forthcoming. In its initial introduction to the market, a lot of people were hesitant due to the astronomical price that it was pegged at. But like all competing products, once the competition sets in, the need to adjust the price to be competitive in the market is a must. Thus, such a trend can be seen with the large drop in the price of LCD monitors such as Samsung and LG Collins, two players who are not really tagged to be in the line of Viewsonic and AOC.

As it stands, the final decision would be left on the price and the screen resolution as required. For people who are simply wanting to get in with the times, this is certainly welcome news for the lower costing manufacturers who aim to satisfy the need for LCD monitors, regardless if this is just for personal satisfaction or not.

[tags]lcd monitors, samsung, lg collins, crt monitors, desktops[/tags]

Day-in and Day-out, people surf the web for possible downloads in the form of drivers, security stand alone cleaners, and free programs that will help them in their specific needs. One drawback is the potent threats and reliability of such sites since everyone is aware that such malicious Spyware or Trojans may be present in these programs which are usually compressed in zip files prior to free downloading.

Majorgeeks.com is one site that contains a lot of the helpful tools to aid computer users in their everyday issues and improvements for their overall operating system and performance. One notable thing that most users are aware about is that of intrusions in their system from the usual cookies and attachments that people get from the Internet. With the mischief going around, no one really knows how safe their computer is and what files are needed and not on their hard drives.

Many people I speak to think that simply because they are on a switched network, they are immune to packet sniffing, a process whereby a computer listens for packets not intended for that address, and logs them, potentially gathering usernames, passwords, and other useful information within network traffic. For example, every time you log into a website which does not use SSL (Secure Sockets Layer), your username and password are transmitted in plain text as part of the HTTP (HyperText Transfer Protocol) request. If another user is running packet sniffing software, this request will get logged for later analysis, which could lead to that user gaining access to the website you visited, under your account.

Packet sniffing was easy on networks connected using hubs, as a hub is a device which sends every packet it receives to every computer connected. This is bad for a number of reasons, including reducing transfer rates due to collisions and unnecessary transmission; if data is not destined for a computer, it would still be sent there. It does, however, also allow for easy packet sniffing; simply set a network card to pass every packet up to the application layer, instead of only those addressed to the specific computer. These can be logged for later analysis.

On a switched network, packets usually go only to the computer to which they are addressed, based on MAC address resolution of the IP. The switch then sends packets to the port hosting that MAC address, and only that port.

So, how is it that switched networks are still vulnerable to packet sniffing, if packets only get transmitted to their destination?

This is where ARP Poisoning comes in. ARP is the Address Resolution Protocol, and maps IP addresses to MAC addresses. In an ARP Poisoning attack, a system sends out faked ARP responses claiming to be the MAC associated with an IP. As such, packets destined for that IP will be sent to the computer doing the ARP poisoning, as they traverse the switch, instead of the real destination.

Using this mechanism, it is possible to redirect packets between a computer on the network to the border router, forcing them to be delivered to a system running a packet sniffer, instead. From here, they can be logged and then sent on to the real MAC address of the router. This is known as a man-in-the-middle ARP Poisoning based network sniffing attack, and is effective against switched networks.

Because this attack is based on ARP requests and responses, which are a local network mechanism, this attack cannot traverse routers or any other level 3 or higher device.

Torpack on the other hand came from Hacktivismo, a group of computer security experts and human rights workers, and is based on Mozilla’s Firefox. No installation is required to run the browser, though the two folders generated from the free download have to be kept together for it to run. This browser encrypts the data passing from the user’s computer and the TOR network, and causes the IP address seen by the website to change every few minutes. Torpack does have limitations; browsing speeds will be slower and it’s suggested not to log-in sites which cannot offer secure log-ins.

Both of these applications are not meant to replace the current browsers you’re using in your computer. It’s interesting to note that they both have privacy and secure browsing as their main selling points. These features are useful for users who are leery of going online in public access locations like schools and Internet cafés, where a secure connection cannot be guaranteed. So far both of these are available for free download, and you might want to see which one will stand the test of continuous use.

This year has seen a steady increase in the number of books being published on security-related topics. Since the year is about to end, I thought I’d round up a few of the best I’ve read, seen, or heard about, and comment briefly on each one!

Apache Security
O’Reilly
Published March 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596007248/

This book covers installing a secure Apache web server, discusses a variety of attack techniques, and looks at securing a multi-user hosting environment. All round, an excellent book for webhosts or anyone running Apache on an Internet-accessible system!

SSH, The Secure Shell: The Definitive Guide, Second Edition
O’Reilly
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008953/

This book takes a look at the SSH program, a replacement for telnet or rsh, providing an encrypted link over which programs can be run. SSH also contains programs for file copy, replacing rcp and perhaps even FTP! The book looks at the latest developments in OpenSSH and other SSH implementations, and includes some powerful examples including setting up SSH tunnels and forwarding systems.

Security And Usability
O’Reilly
Published February 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008279/

This book reaches a compromise between the two design goals of security and usability. I haven’t actually read this one, but everyone I speak to that has thinks its worthwhile!

Extrusion Detection
Addison-Wesley
Published June 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321349962/

One of the few books in publication which covers the important topic of internal attacks! Again, I haven’t read this, but it is an important topic, and its nice to see books finally starting to appear to bridge the gap between the generic security books and the knowledge that network administrators need!

Cryptography In The Database
Addison-Wesley
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321320735/

This book approaches security from the opposite end to many; from the innermost structure in many applications. Databases are often left open to attack because it is assumed that the outer layers of a program protect any database access against exploitation. Using cryptography in the database helps to prevent attacks which take advantage of most peoples false sense of local security! Once again, this book is a much-needed addition to the stores!

If I’ve left out your favourite security book of the year, or, if you’re one of the lucky few, the book you wrote this year, don’t be offended! I just chose a few of the ones that stood out most to me. There were, as I said, a large number of books dealing specifically with security this year, from VPNs to SSH, rootkits to software vulnerabilities, Apache to IIS, and PHP to SQL. In each case, the books have contributed new and fresh ideas, shown the latest attack patterns, and offered advice for prevention, or, failing that, cure.

As the threat from malware, malicious hackers and even corporate software with unintentional (or intentional) security issues grows, books like these serve not only to educate the developer and system administrator in prevention, but also to alert the user to the threat. Most technical users cannot fail to notice the distinct rise in security related books this year, and should easily be able to correlate this to the ever-increasing threat as our world becomes ever more connected!

Since its release in 2003, Windows Server has accumulated a total of 74 Secunia Advisories.

Now let us take a look at Redhat Enterprise Linux

Since its release in 2005, Enterprise Linux 4 has accumulated a total of 128 advisories.

Wait, what? There must be some mistake. Well ok, perhaps the Enterprise Linux 4 vulnerabilities are a lot less severe than Windows Server 2003. A local vulnerability is a lot less severe than a remote vulnerability.

So let’s look at RedHat Enterprise Linux 4 first.

Ok so 83 percent of all the vulnerabilities are able to be exploited remotely. That’s a pretty high number. Let’s take a look at Windows.

59 percent of all Windows Server 2003 Secunia Advisories are remotely exploitable.

Well now, this is fairly interesting. So far, dare I say, Windows is leading in terms of security.

Ah but wait, it’s not over yet. We have yet to see the type of impact most of these vulnerabilities have, and most importantly, the impact they have at the system level.

So let’s take a look at RedHat Enterprise Linux 4 first.

We see here that 30 percent of the vulnerabilities allow system access.

Now let’s take a look at Windows Server 2003.

We see here that Windows Server 2003 is a bit more severe in that 53 percent of their vulnerabilities allowed system access. That’s a fairly high percentage that is dangerous, especially in an enterprise environment.
Secunia also keeps track of vulnerabilities that they have discovered and are unpatched as of yet by the vendor, which gives us an idea of the rate at which each vendor responds to security.

The Secunia database currently contains 0 Secunia advisories marked as “Unpatched“, which affects RedHat Enterprise Linux AS 4.

That’s pretty decent, so we know that RedHat responds very quickly to any discovered security threats. Let’s have a look at Microsoft.

Currently, 8 out of 74 Secunia advisories, is marked as “Unpatched” in the Secunia database.

A much more dangerous number than zero. Although, to their credit, all of the “unpatched” vulnerabilities are not too critical. However, this still shows us how seriously Microsoft lags behind in their patching efforts. One could only attribute this to the massive complexity of the Windows system that Microsoft engineers must go through in contrast to the modular nature of Linux itself.

In conclusion, what we have here is a very interesting set of differences between the two platforms and neither comes out as a clear winner. (I know, you are disappointed!) However, we did uncover the fact that Windows Server 2003 is not nearly as bad as the general tech community paints it out to be and would be a fairly solid choice in an enterprise environment despite all the FUD.