IT Security Blog

Managing Your Passwords

By

passwordmanagerscreen.jpgAre you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Windows 7 Hit By Zero-Day Exploit

By

windows_7_previewWindows 7 fans were rejoicing when Microsoft released a patch on Tuesday because their system was not affected in any way by the six security issues. The rejoicing was short-lived, however, as news has been released that there IS a bug that can crash a Windows 7 system. The bug has been named Zero-Day Exploit and was discovered by Laurent Gaffie.

PC World provides further details:

The issue is in the SMB (Server Message Block) protocol that forms the backbone of Windows file sharing. When triggered, the flaw results in an infinite loop which renders the computer useless.

Tyler Reguly, Lead Security Research Engineer with nCircle, explains “Exploitation of this vulnerability occurs when a user attempts to browse to Windows Share hosted on the malicious server. On Windows 7, the DoS (denial of service) will occur as soon as you type ‘\\\’ in the search box. ” The vulnerability actually impacts both Windows 7 and Windows Server 2008 R2.

While the threat is very much real, experts say that the chances of the bug being exploited are quite low:

There are currently a couple different proof-of-concept exploits circulating, but there are no reported attacks in the wild at this point. Because the flaw only enables an attacker to crash the system, and doesn’t provide any unauthorized remote access that could lead to compromising information or performing other malicious activities, the odds of the exploit being actively used by attackers is fairly slim.

So what are Windows 7 users supposed to do now? Currently, Microsoft has not yet released a patch to deal with the threat. I suppose the only sensible thing to do is to be more careful with regard to visiting web sites, especially if you are unsure of its legitimacy.

Photo courtesy of Megaleecher

The Vulnerable Internet Explorer Browser

By

By default, Internet Explorer is usually installed simultaneously with new installation of Microsoft Windows operating systems. This allows users to immediately access the web and browse websites or check their e-mail online.

Windows Updates

However, it is recommended that the required patch updates for windows components, Internet Explorer included, to ensure that versions are updated and secured to avoid any exposure of vulnerable exploits and issues that unpatched versions would be prone to. Unpatched versions are sure to be lacking in security issues known today, hence the need to acquire such updates and patches a definite must for people using the Microsoft Windows software today.

The patches and updates help ensure the overall safety of the workstation and the network it is connected to. With the rampant amount of exploits and issues that technology has been open to, it would be best to keep software and applications up to date, starting with the operating system in use.

[tags]operating systems, microsoft windows, microsoft vista, patches, updates[/tags]

What are Intrusion Detection Systems?

By

It has been a given that there are a lot of things that networks and workstations would be vulnerable to. At the top of the list are harmful files and sudden intrusions that are obviously up to no good. While resorting to firewalls may be seen as something that would prevent such attacks, intrusion detection systems cater more towards the inner system igniters, usually providing warnings prior to required action on the part of network administrators on the issue at hand.

Intrusion Detection Systems

Also, IDS monitors the behavior of the internal system since attacks of any sort may occur from files that can be initiated at any time or have already passed through the firewall for some reason beyond the set security policies.

It is a good practice to always check the network communications and identify possible security breaches. While intrusion detection systems can be able to apprehend abnormal processes, the presence of such intrusions within the internal system only proves that system and network security should be re-evaluated for stricter measures.

[tags]intrusion detection systems, network security, operating systems[/tags]

Despising the Dreaded Blue Screen

By

Blue screen errors

For most computer owners, experiencing that sudden blue screen in their workstations may be a sign of worse things to come. Programming conflicts, missing or corrupt files or infected system resources are sure to be the immediate thoughts that would come into mind.

No system is full-proof. Everything would indeed come to a point where the need to address such situations is evident. Formatting, re-programming and re-installations are alternative courses of action. There may be some good ways to refrain from a total wipe-out and clean installation of operating systems and programs but this would entail the expertise of seasoned technicians as well as broader understanding of why blue screens occur.

Taken into consideration, a need to check on the problem persists. Users will not be productive every time this would appear. The best way is to identify the problem through the web or by testing hardware and software functions part by part. Tracing it will evidently lead to feasible solutions for the workstation concerned.

[tags]blue screen, computer errors, operating systems, system errors, conflicts, configurations[/tags]

Firewalls and Wide Area Network (WAN ) Intrusions

By

Experiencing connection problems and slow transfer of data may occur at any given time for most networks. While most would immediately identify the network cards, computers, cabling or network configuration at first, the presence of unknown processes of the operating system or possible intrusions such as DOS or Ping attacks can also be considered as possible factors for the deteriorating speed issues for network administrators.

Firewalls

Such instances are only normal, especially for wide area networks, or networks exposed to the Internet. The mischief caused by such people can be expected, especially for people who love to try their talent in hacking and network intrusions. The prize of which is that of creating discomfort and headaches for companies that thrive on networks for business and profit.

While there are network monitors available, it would be best to get the best firewall software there is today. Some do not value the firewalls and their use until such issues arise, but just like the war on terrorism, it would be best to take on security measures before they occur to avoid bigger problems once their mischief succeeds.