A startup firm named iSekurity has former agents from the various US Federal agencies in their roster is to begin offering Identity theft protection service which may become the start of a new chapter or rather business in the world of industrial espionage and identity theft. These former agents are no strangers to the growing problems associated with identity theft and it is costing money for many US businesses and the people who work for them. From petty credit card fraud to more serious crimes, they’ll tackle them all and they would do it with the same precision and tenacity as they have learned in the service. The President and founder of the company promises to get people who steal identities or give their clients a sum of $11,000 as remuneration for any cases they fail to resolve.
This is in response to growing frustration among people with crimes that have resulted from identity thefts and the company’s crews of over 100 former agents are well versed in the art of surveillance and apprehension.
Private businesses like these, hope to fill in the gap between law enforcement and the public where they can do little to stifle these crimes that often have links to organized crime syndicates. From drug running to many other gang related activities, these guys have done it all. The president of the company was a former Presidential detail to former presidents and has taken the role of leading the Secret Service’s elite CAT or Counter Assault Team. With impeccable records in their former federal duties, criminals have one more group of people to overcome in their endless pursuit of identity theft.
Half a Million IIS Servers Infected with Malware
Panda software, a developer of security systems and anti-virus software has raised the alarm regarding a massive cyber attack on vulnerable IIS Server based web pages. The malware once it gets in re-directs users to malicious sites from totally legitimate web sites. The infection grew from less than half a million infected servers to almost double that which is quite fast for a specific type of malware. Most developers who employ “code scrubbing”, which is removing information as it is saved into an SQL database are easy prey and are the intended target of the massive attack that is still taking place. An I frame is inserted to redirect users to malicious sites that can lead to identity thefts even with the users not knowing about it.
The attack is centered on Microsoft’s IIS web Server in particular ASP pages that have very strong ties to SQL databases. Panda and Fsecure have both identified the hidden code (“) that can be deep in their web pages and advises them to look for the string that re-directs people to other sites. Users and Site Administrators are advised to get all updates from Microsoft to remedy the problem and to halt the spread of this attack once and for all.
All this to bug people who use the web all over the world, in the never ending battle between hackers and those who are up to take them head on.
Unified Communications under Attack…. So Soon!
The move to shift from multi-level communications and incorporating Unified communications such as VoIP and other unified platforms has become the prime targets of hackers who are now turning to IM attacks as their targets. Offices have de-centralized communications and other systems combining them into one system that is capable of handling communications eliminating the need for maintaining several systems each with its specific function. IM or Internet Messaging is cheaper and allows office workers in the field to communicate cheaply with the office and VoIP allows them to communicate cheaply over vast distances.
Unified communications is the next step towards virtualization which is currently being developed and tested by various developers. IM is one of the most convenient means of communications which has the capability to receive mail from all over just as SMS or Text messaging has done in the Mobile Industry. Every user who uses the internet may have one or more IM accounts with the many free mail providers or through their company hosting service. Using the IM allows hackers to send malware, unload their payloads and go on to propagate through the networked system, which if looked at from a business perspective crippling one of the vital communications links. There are still mobile phones and other means communications but being ever present at every desktop, any unsuspecting user can download malware without proper intrusion prevention and detection systems in place. Mobile phones have also suffered attacks from malware that is designed to attack stripped down versions of popular Operating systems, the forays of hackers into unified communications may mean they are keeping pace with the development of new technologies as fast as businesses adopt them and accept them as just part of the game.
Bottom Up IT Security not being taught to Students
As it turns out, students in the many fields of IT such as software development are still being taught the lessons of old and not being taught how to pro-actively design software to defend itself from attack. This is the result of a recent survey which shows that many programmers and developers to be are not getting ample courses in integrating security into their systems. They are left to fend for themselves and have to rely on patches to overcome development bugs that could have been fixed before they became problems in the first place.
I started out as a programmer in the glory days of FoxPro and C++ and such events that we have now are non-existent or are not as malicious as they are now. Back then, they simply messed up the display of garbled the contents of a floppy with no bearing on Phishing or Vishing and the myriad of stuff today’s malware do. Security has become such an issue with development that people today have to rely on anti-viruses and other intrusion prevention systems for their systems to remain reliable. Incorporating more security into applications would prevent weaknesses even if bugs are present in the program for no system is totally fool-proof. We would still need these intrusion protection systems yet not as highly dependent on them for basic security needs.
Most companies rely on million dollar contracts with software developers who design software to protect their software, McAfee, Symantec and many other security software developers have shifted focus more on intrusion prevention and less on anti-viruses for today’s malware have gotten to a level of sophistication that they can self-modify themselves to elude anti-virus programs of the past. Integrating encryption and other security provisions into the software itself may take longer but it would provide a level of security that hackers would not find easy to break. Education is the key and knowledge is power, so giving the next generation of developers the knowledge to incorporate security greatly increases the level of power over these malicious programs and the hackers who make them.
Open Sourced Developer Reveals a Secret
The secret he has forgotten for 25 years way back when he was a developer for BSD which is the forerunner of today’s open sourced programming languages. The length of time the said bug has remained in the system so to speak is so critical that he has warned people of the problem as it came to him. He investigates further and finds that all the derivatives of BSD still carried the same bug that he forgot to correct way back in the early days of the open source drive. Why is this so significant, the error though a quarter of a century old still exists in Operating systems like the Mac OSX which is a BSD derivative. From FreeBSD, NetBSD and Dragonfly BSD, they all carry the same old bug that Marc Balmer had to affect all of the changes immediately so no further problems arise.
Open sourced advocates claim that they are faster when it comes to fixing bugs which they do so when a member of the community reports one, the concession is reached and a subsequent patch is issued with mail sent to all those concerned. This incident highlights the need for better analysis of the tools used for our internet use. Imagine a vulnerability that has existed for 25 years and the solution was provided for by the original developer? If he had passed away then who would have realized such weaknesses? This may be the explanation for some of the biggest security threats we have been encountering all this time with malware. So the lesson would be not to totally rely on technology for it is still the man who makes the machine (computer) and tells it what and when to do it.
Microsoft’s To and Fro
The news that Microsoft was going to drop everything that has to do with Windows XP came as a shocker to all for not everybody was ready to jump onto the Vista Bandwagon which has nothing to show in the area of reliability and stability that XP has shown. As with their move when they pulled out the plug on Windows 98, many went up and many took up arms to show their disgust. Many saw it as a move to force people to upgrade to a newer operating system even when the old one was still working just fine. Windows XP has reached a level of stability which has exceeded that of Windows 98′ but the company initially saying they were pulling the plug irked quite a lot of people that they decided to have support for it till 2009. They also said that the selling of OEM and packaged XP’s were to be stopped and that they were only to be available to Ultra-portable sellers.
The Up’s and Down’s of their decisions may show that the company is feeling the pressure form the open-sourced community and that it is trying to keep hold of their piece of the pie in the IT market may be in danger of being lessened. Their failed bid to acquire Yahoo as a move to go against Google shows the failure of their company to realize the significance of advertising. They were hoping to acquire Yahoo to use as their internet marketing branch and to get a bite of the search engine market at the same time. They have extended support for XP till 2009, but the problems with XP SP-3 have been so much they had to hold release a week or so back. The update is now available for automatic or manual download from Microsoft’s TechNet and through AutoUpdate.