Those interested in learning a bit more about national cyber warfare and vulnerabilities that the US has in this regard should watch the CBS program, 60 Minutes, where they discussed this. Most of their sources are very credible and I heard very little that wasn’t a current reality.
Posts Tagged ‘managed services providers’
Apple isn’t more or less secure than other operating systems
Friday, July 9th, 2010I am not saying that Apple isn’t more or less secure than another operating system. But I do run across those that feel Apple can do no wrong and that the Apple operating system and other software that Apple creates is nearly bug free and vulnerability free. All software has bugs and vulnerabilities and Apple is no different. For example, a couple weeks ago, Apple issued an updated version of its Safari web browser that fixes AT LEAST 48 security flaws. All software has vulnerabilities and all software needs to be patched. Don’t get in the mindset that you are using something that is exempt.
Malicious websites continue to be hackers’ weapon of choice
Wednesday, July 7th, 2010For a couple of years now I have been explaining how the weapon of choice for hackers is to use malicious websites. It is exponentially easier for them to exploit systems and these methods completely bypass traditional network firewall and intrusion detection and prevention systems. Take for example, the series of attacks that were reported June 9, 2010. Tens of thousands of webpages were found to be infected with malware. So the hackers discovered a vulnerability in Microsoft IIS that they could exploit in an automated way. They then infected the website to redirect visitors to malicious servers where malware is installed to the users desktop. A redirection is very easy to do and takes only a single line of code. There were more than 100,000 web pages that were compromised in this attack alone. These aren’t just unknown sites either, it includes The Wall Street Journal and many other sites that many of your users access every day. Organizations need to think beyond the network-based intrusion detection system if they really want to protect their networks.
Guide to Malware and Attack Methods
Wednesday, June 30th, 2010Many of you will remember the whitepaper I wrote just before 2010 was ushered in called the “Top 10 Information Security Threats of 2010.” I have done this for several years; Top 9 in 2009, Top 8 in 2008 and so forth. This year, the top threat I felt organizations were going to have to deal with was malware and it sure looks like that is coming to pass. As I look back on my blog posts for this month alone, more than one half of them deal with the issue of malware. A few months ago I wrote an article on malware. It is somewhat of a beginners guide but it has gotten some good reviews because I break down the methods that cyber criminals use to perpetuate malware. I know some organizations have used it for internal trainings. If you didn’t get a chance to see it, I would suggest taking a look. I hope it helps keep your organizations a bit safer. Click here to view the guide.
Patch for zero-day Adobe flaws will be available on June 29
Friday, June 18th, 2010There are still many people that do not believe that malware can be installed on their computer unless they perform some action that enables it. For example, they think they have to click on a link, or open a file attachment before they are infected. This simply isn’t the case anymore. Take for example the recent Adobe Flash vulnerability. Specially crafted PDF documents can trigger this malware being installed on your system just by visiting a website. This vulnerability is so critical that Adobe had to accelerate their scheduled quarterly update to reduce the risk since this exploit is being actively seen in the wild. The vulnerability in Flash was available June 10 and the fixes for Reader and Acrobat will be available on June 29.
Malware Found in Windows Mobile-based Smartphone Applications
Wednesday, June 16th, 2010
There have been several times when I talk about users downloading software from the Internet which contains malware. What I have told people is that hackers will download the legitimate versions of these programs, repackage them with malware and then post them back to the Internet where people will download them. This happened recently for Windows Mobile-based smartphone applications where scammers copied and repackaged the applications with malware and posted them on at least nine legitimate download sites. In this case, the malware was designed to make calls to premium rate numbers around the world. So if your phone is infected, you would be hit with what could be a very large phone bill.
Security Alert for Windows XP and Server 2003 Users
Tuesday, June 15th, 2010Perimeter E-Security customers should be aware of a Microsoft Windows XP and Server 2003 exploit. Exploit code has been posted online that shows attackers exactly how to compromise Windows XP and Server 2003 operating systems remotely. This is possible due to a newly discovered security flaw in the way Windows Help and Support Center process links. These systems are supposed to work based on a fixed “whitelist” (a list of approved and authorized URLs), however a security researcher at Google has shown how cyber criminals can add URLs to that whitelist. As a result, an attacker could trick a user into following a link which could download any file the hacker would like. The link and downloaded files can use the same permissions as the systems current user. Many systems are configured by default with the user having administrative privileges.
Microsoft said “Given the public disclosure of the details of the vulnerability, and how to exploit it, customers should be aware that broad attacks are likely,” this includes worms and a host of other malware that can automatically exploit this code through a variety of methods.
This is worse than most vulnerabilities we see. Most vulnerabilities allow the system to be compromised in a specific way that may allow limited access or flexibility to the hacker. This vulnerability makes it very easy for the cyber criminal to install any software they want as if they are the system administrator.
The solution?
- There is no automated fix from Microsoft at this time. However, there is a manual ”work around.”
The manual “work around” involves editing the Registry. Note – only experienced system administrators should manually edit the registry. One wrong move can cause major stability and bootup problems. The details for the registry edit can be found in the Microsoft Security Advisory (2219475).
Beware that Microsoft says that this may break links that you are trying to use in the Help and Support Center. Microsoft has also posted a knowledge base article with a “fixit” here.
- Stay tuned for more details from Microsoft
Microsoft is working on a patch. The Google researcher who discovered the flaw has released a fix; however, Microsoft says that this fix is easily bypassed and that users should not rely on the Google fix to resolve the problem.
While Microsoft is working on a patch, Perimeter E-Security continues to encourage users (especially those using XP) to create a limited user account for everyday computing. Read more on this here. This will go a long way to protect systems from this exploit as well as many others we have seen in the past and will likely see in the future.
Contact us today at 800.234.2175 to talk with a security expert if you have further questions.
Tags: Windows XP exploit, Server 2003 exploit, vulnerability assessment tools, IT security, application penetration testing, managed service providers, intrusion detection system, security penetration testing
Qualified IT Professionals Come With High Compensation and Risk
Wednesday, September 23rd, 2009There is a very interesting report that was just released (PDF) regarding IT professionals’ salaries and how they relate to certifications. As most of you know, many IT folks proudly publicize the various certifications they have received because it often positively impacts their compensation. Even during this economy…while IT compensation even with certifications is down by 4%, security professionals with certifications have increased 2%. This tells us several things. First, companies are seeing more and more value in security professionals and are willing to pay more for it. They are looking for highly technical individuals, specifically those that have a lot of experience with deep forensic and analysis. The report also shows a movement towards vendor or device specific certifications like those offered by Cisco and Checkpoint rather than other more generic security certifications (like the CISSP).
Good security professionals are expensive and difficult to find. When they are found, they are usually snatched up by large organizations leaving a security expertise shortfall for small and medium sized businesses. Even some enterprises find these individuals, get them certified and trained, and then they leave for greener pastures leaving the company holding the bill and no security resource. This is one of the key reasons we have seen a massive migration towards the use of managed security service providers. Even some large organizations that have security staff have decided to outsource some of the more mundane elements of their security to save money and keep their resources dedicated to specific “high value” projects. The good thing for companies is that it is very reasonable (from a cost perspective) to outsource elements or all of their security.
Now is the Time To Outsource Your Network Security
Tuesday, April 14th, 2009In a DarkReading article, it sites information from two different studies regarding the movement towards outsourcing. I thought it articulated well the incredible momentum towards outsourcing. Here were a few of the highlights…
Symantec reports that 61 percent of enterprises are now using third-party security services or are planning to employ them in the next 12 months.
The amount of unique malware out on the Web has grown 571 percent since 2006.
About half of the companies say they’re understaffed in security.
26 percent say they don’t have the funds they need to hire appropriately.
19 percent said they’ve been affected by layoffs [in IT].
Forrester found that third-party security services was one of only a few line items where spending was expected to increase among enterprises this year.
The majority of businesses said they use third-party services for email security and content filtering, and almost half outsource their firewall monitoring.
The two top drivers among firms for using a managed security service provider are the demand for a specialized skill set (29 percent) and the need to reduce costs (28 percent), Forrester says in its report.
Symantec’s study found similar results. In that study, the need to offer 24/7 security coverage was the top reason for using third-party services (55 percent), followed by the need for access to skilled expertise (48 percent), and the need to lower overall costs (45 percent).
While compliance is still a driver, other factors have trumped this as the number one reason for security outsourcing.
Email security — including encryption, archiving, and/or content inspection — is the most popular form of security outsourcing in the enterprise, experts agree. Web security, including firewall management and filtering for malicious or inappropriate content, is generally considered to be the second-most popular service.
They summarize the situation in this way….”The threat is growing exponentially at a time when budgets are being reduced and skills are harder to find.”
