Showing posts with label technology news. Show all posts
Showing posts with label technology news. Show all posts

March 17, 2009

Will the Internet survive Conficker?

The Conficker worm - also known as Downandup, Kido, and Downup - has become a serious threat on the Internet in the last several months. Microsoft is offering a reward of $250,000 if you find the creator, and Internet security professionals have been scrambling to keep up. Conficker.A was pretty bad, then Conficker.B infected over 1 million computers in 24 hours. Now there is a third, even more robust version, called Conficker.C, which does not focus as much on spreading itself, but significantly increases the worm's hold on an infected system.
Here is what the Internet security community knows about what Conficker does and how it interacts:
  • Conficker supposedly does not spread through downloading or email, but installs itself when you plug in a USB drive or insert a CD, and it can even hack your whole network using brute force password cracking (especially if you have weak passwords). So if one system on your network is missing security updates, all networked computers could be compromised.

  • Conficker disables system services and antivirus, and adds services to listen for traffic.

  • Conficker pings common sites to test for Internet connectivity, gets the date from search engines, and gets your IP address using online tools.

  • Conficker can lockout accounts, change user settings, and send user information out over the Internet.

  • Conficker.B and Conficker.C can also block access to Windows Updates, antivirus websites, and many removal tools

  • Conficker has the ability to download new code and update itself.
Conficker's signature move is downloading updated code - not the first worm to do this, sure, but certainly the most effective so far. The worm randomly connects to one of several domains and tries to receive instructions. Conficker.B could connect to 32 domains out of a list of 500. Now we have Conficker.C that can connect to 500 random domains out of a list of millions. Conficker's download dates that I've seen referenced are March 8, March 13, March 18, and March 31. Supposedly, Conficker.C will initiate another attack sequence on April 1 - please ensure you are patched by that date.

Conficker Cleaning and Removal

Download the Microsoft patch at http://support.microsoft.com/kb/962007 and then do the steps here

Bitdefender has released a removal tool that can remove Conficker versions Conficker.A and Conficker.B, but may not remove Conficker.C. Download and run BitDefender's removal tool to check for and try to remove Conficker.

Symptoms of a machine or network infected with Conficker*:
*Please note you may be infected even if no symptoms appear.
  • 1. You are unable to install Windows Updates

  • 2. You are unable to view security websites or download antivirus and anti-malware products

  • 3. It takes a long time to log in to your computer.

  • 4. You see strange popups or programs running.

  • 5. Unusual entries in Task Manager, Services, Event Viewer, %Windir%\System32, or the registry

  • 6. Strange network traffic, especially relating to network logins by administrator accounts

Conficker may be a decoy?

In case the existence of this worm is not bad enough for sysadmins and IT professionals everywhere, some Internet security professionals think that this whole mess might just be a distraction for a much more serious attack. Until recently, most security professionals assumed that the end-game for Conficker was just another botnet - a network of computers under a hacker's control. However, “We think this is a wide-scale distraction to hide data breaches,” said Ryan Sherstobitoff, chief corporate evangelist for Panda Security. “It does not appear in the variants of Conficker that they are building a botnet, but that wouldn’t surprise us, either. This is an attack we have not seen in some time and is certainly a warning sign for something more to come.”

I agree that this is likely a distraction for a major Internet attack - think about the possibilities. It's April fool's day, they could even send out a link that says "This is a virus" to everyone's contact list and they would still get a bunch of clicks. Network admins would be slow to react to the flood of "server down" notices also. And your customers might not feel the need to let you know that your website now just displays Lolcats (and spreads malware).

Please get the word out about this problem - share this article (using ShareThis below), blog or write about this on your website, talk about it in forums, and tell your friends. Update Windows systems (or switch to Linux), update your Antivirus and anti-malware (you do have both, right?), use strong passwords, and read Internet security news sites regularly.


What do you think - will the Internet survive Conficker?
"Will the Internet survive Conficker?" continued here...
at 13:44 1 comments
Labels: , , , , , , , , , , , ,

March 15, 2009

Internet Security: Are we losing to "Malware 2.0"?

Have you noticed an increase in Internet threats and "noise" lately? It seems like there has been a surge of malicious activity on the web in recent months. Since I wrote the post about the AdSense DoubleClick tracking cookie a few days ago, I have come across quite a bit of recent unusual activity related to malware and Internet security - the Google DoubleClick network itself has recently shown malware on multiple publisher sites.

Google responded by blocking the sites - not just the ads - and displaying a blatant "This site contains malware" warning to visitors. This decreases the publisher's reputation and costs the publisher time, money, and customers - but keeps Google looking like the hero that responded quickly to an outside threat...

A Google spokesman said: "Our scanners have found a few instances of these malware ads in the DoubleClick network. As such, we've added these domains to our malware list and are in the process of removing any offending ads from our ad network."
- From The Register - DoubleClick distributes malware (emphasis mine)

It seems to me that many recent hacks and threats exploit the things we all like about Web 2.0:
  • it's connected
  • it's fast
  • it's everywhere
  • it's personal, and
  • it's always on
This is troublesome, because it is practically impossible to continuously monitor all of the data aggregated, repeated, mashed up, linked, regurgitated, and spewed into the massive expanse that is the Internet through new applications and websites by new people and robots every hour.
Here are just a few examples of recent web 2.0 threats and other Internet incidents:
I think the scariest part is this:

"...no new malware variants introduced in the Top 10 for two consecutive months."
- Pro Security Zone, based on Fortinet threatscape report. Super-Worm emerges in Fortinet threatscape report for February

combined with this:

"BitDefender’s list of top threats for February dominated by the drive-by variant of malware activated during website visits"
- Pro Security, based on BitDefender's threat list: Auto-downloads dominate February threat list

Basically, in addition to the usual email, file, download, and popup malware you now must watch out for auto-download attacks and malware that "activates" when you visit a reputable site, look at AdSense or Doubleclick ads, Twitter, Facebook, or simply open your browser.

It might be time to slow down, Internet (especially Web 2.0). We are developing applications too fast. We are neglecting Internet security and online privacy to a point that it is getting difficult to tune out the Internet "background noise" and focus on productivity. We would rather give the users the fully connected always-logged-in remember-me target-my-ads ooh-thats-pretty just-tell-me-where-to-click Internet.

I think we should step back, re-examine user goals, and clean up the junk floating around in the World Wide Web.

How to (hopefully, maybe, sometimes) stop popups, trojans, worms, and other malware while surfing:
  • Get a good virus scanner and spyware blocker
  • Run full scans regularly
  • Keep your operating system, browser, and all other programs up to date
  • Turn your computer off regularly
  • Never allow sites to keep you logged in, remember your password, or log you in to any other site
  • Clean up your temporary files, and remove as many unused programs and links as possible
  • Check your system files and folders, as well as running processes regularly. Know what should be there so you will quickly see when something is wrong
  • Do not assume https is safe
  • Avoid typing your Bank account, Routing, Credit Card, Driver License, Social Security Number, or any other "severly identifying" information into a text box, form, widget, email, chat, or any other application online or even on your computer as much as possible
  • Use safe surfing browser extensions like AdBlock Plus for Firefox
  • Observe symptoms and get help if your computer or browser does something suspicious or unusual
  • Regularly check security sites such as those linked in this post for threats
  • Use Scroogle to search
  • Use Privacy Choice to opt out of all ad networks
  • Clear your cache and cookies when you close your browser, and manually after you see ads
  • Consider disabling cookies altogether, along with JavaScript and all popups.
  • Block ads using your hosts file. Doing this sets the "location" of each ad network in the list to your local computer, so you will only see errors instead of ads from those providers, and never connect to them (note: some malware modifies the hosts file, circumventing this protection). This technique allows you to allow some ads if you choose. Here is a regularly updated ad-blocking hosts file in plain text. Try to avoid the ones that want you to download a .bat file or other executable. Your hosts file is usually in C:\Windows\System32\drivers\etc in Windows XP and has no extension. Back it up before changing or overwriting!
  • In general, never ever ever download files with funny names, lots of special characters, and never run a program from the Internet
  • Similarly, never ever pass things on to your whole contact list, reply to chain letters or forwarded mail, or click anything even slightly suspicious
  • Most importantly, think before you click!


Please add your thoughts, ideas, questions, or comments below.
"Internet Security: Are we losing to "Malware 2.0"?" continued here...
at 00:13 2 comments
Labels: , , , , , , , , , , , , ,

March 7, 2009

State of The Internet: 3.7.09

Here's what happened behind the scenes of The Internet recently, while you weren't looking. Yes, it's important.



IBM not so sure about open source anymore. Nobody has any money, of course they won't take our free products! Hope this doesn't keep up, or tech might have a "financial-style" rude awakening about the importance of customers vs. profit.


Microsoft will let you disable IE (only if you're absolutely sure) - no word on whether one day we can also disable "Slow", "Blue Screen" or Vista's trick of pinging the Department of Homeland Security. Move along, no glaring irony to see here.


Facebook a little red in the face after realizing that people aren't quite as dumb as they thought. Time to get a smarter lawyer. Or dumber customers.


Foreclosure scams on the rise. In other news, you probably won the lottery at least 4 times this week - go check your email! Make sure to write the tracking code "ID10T" legibly on the envelope containing all of your assets.


Britain printing paper money - good thing nobody remembers the time when money had to have something of value to back it



Managers buy out company instead of letting it go bankrupt. If only there were a group of people at GM, Bank of America, or Circuit City that had enough cash laying around to do something similar.... But clearly large companies haven't been paying their top people enough over the last several decades.


Company gives $9 million to its employees. Wait, I thought "The Economy" had all the money and that's why we can't have any? It really is just the scumbags at the top?


Schwarzenegger is still very sensible and intelligent - it's too bad everyone thinks he's just a big dumb jock.


We might have a shot at efficient solar cells after all. Realistically, the military will get exclusive use this technology so we can have invisible killing machines instead.


Microsoft is a little slow.That's ok, they have a lot of money, and it's their free country we live in so we all need to adjust to the lowest common denominator. Seems to be the norm these days.


These "scientists" are going to try to make a real live dinosaur. Want to guess who's money their using? And we all wonder why "The Economy" has collapsed (here's a hint - it's NOT the banks fault people can't read, make decisions, or do math)...


Please visit Fark if you want to survive the chaos. Remember - information is more powerful than greed, now we just need more people to have the first than the latter!
"State of The Internet: 3.7.09" continued here...
at 17:31 1 comments
Labels: , , , ,

March 6, 2009

V12’s Dual Touchscreen Canova Laptop Coming from Estari

V12’s Dual Touchscreen Canova Laptop Coming from Estari

Posted using ShareThis
"V12’s Dual Touchscreen Canova Laptop Coming from Estari" continued here...
at 22:55 0 comments
Labels: , , ,

March 4, 2009

IT can't see through the Cloud

I try to stay out of politi-technical discussions, but I have to say my piece on this whole "cloud" thing that everyone seems to be so excited about. In case you have somehow managed to avoid getting roped into these discussions, they are usually centered around the fact that could computing is "new" "cool" and "might save you money..." Unfortunately, this whole concept has created quite a disagreement between IT departments and "everyone else".

"Cloud Computing" is a generic term used to describe "Infrastructure-as-a-Service", such as Amazon Web Services (EC2), Microsoft Azure, Google App Engine, and many others. The basic idea is that you can move your entire network - servers, routers, firewalls, load balancers, all of it - into a virtual "bucket" or buckets and just let it run forever and ever without any attention to the underlying technical stuff. You just develop your application, pay for "server uptime" by the hour, and ignore all of the fine print and the additional charges on your bill. What could possibly go wrong?

First, let me say that I have no vendetta against any cloud company or technology, nor do I object to the idea of reducing IT bandwidth spent on physical hardware replacement, auditing, and configuring new server instances. And I don't think cloud computing is a horrible technology that is bound to fail.

What I do think is that people are extremely confused about how this all works, and cloud vendors are all too willing to say "Sure, we can do that." before consulting the tech team or extensively testing the product/service/code/whatever. Add to that the fact that anyone can run and even distribute code on the cloud, and we're in for a bumpy ride.

My main point is that cloud computing is amazing new technology that works extremely well when it is used for its intended purpose - highly parallel multi-threaded applications, such as video encoding or scientific modeling. Remember: cloud computing was originally just a way to rent CPU time in convenient blocks.

So what's the difference between that and what we are all trying to do now on the cloud? Lots:

  • We screamed so loud for "disks" that Amazon gave us exactly what we wanted - and other companies followed. Think of the difference - if I hack a single thread (even 100 threads) running arbitrary analysis on a protein sequence, or encoding single frames of video, not only will I have an extremely limited and practically useless piece of your data, you will likely catch and auto-correct the problem when you put the responses back together in your own datacenter.
  • Now, however, we are putting our end-to-end request/response cycle entirely in the "cloud" - which seems to me like doing your taxes on Wikipedia just so you don't have to store a copy of the forms. Think about it - what IT principal responsible for the complete, end-to-end cycle of your application would allow 100% of that application to be outside of their control?
  • In the aforementioned CPU-only model, there is very little additional action required to incorporate the process into your existing security infrastructure - your data itself is visible and controlled inside of your datacenter. Worst case - total compromise of EC2 - and all you've lost is some processing time, and you can quickly prevent the spread of damage and move processes to available local nodes.
  • When your whole cycle is in the cloud, there are many potential issues that others have presented adequately (see the included links for extensive treatments of security and stability in the cloud), so I won't rehash them here. The main point is that you are no longer losing CPU cycles in the event of [failure|downtime|hacking|natural disaster|humans] - you are losing data.

Even Amazon's "official position" on security is not convincing. Within their Overview of Security Processes they make several obvious contradictions that will be (have been) duly noted. Within the same page they maintain that essentially [your data is safe, we don't touch it] and [we audit everything, so our data is safe]. Do you see the problem? How do I know what's "my data" and what's "Amazon's data" - the virtual disk? the binary JSON/AJP/AMF3 requests I make between "zones"? And so on...

Bottom line:

Cloud computing is a cool up-and-coming technology, but until these companies provide visibility, control, traceability, and maintainability, (possibly liability? support?) don't bet - or put - the "farm" on this technology.

There may be more to come on this, feel free to ask questions and I'll call Amazon (oh, wait, I can't do that...) or use my hackerly Googling skills to come up with some data.

**Note: I am not singling out Amazon because of any personal or political reason - this is simply the most prominent cloud platform available today. I am hopeful that all of the recent security/stability discussions will result in Amazon fixing these issues and creating the first "IT-department-friendly" cloud platform.
"IT can't see through the Cloud" continued here...
at 14:08 2 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)