Bookmark and Share

December 5, 2011

Google Chrome Security

Filed under: General Ramblings,Security Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: , , — PeterWallace @ 9:18 am

Some of the information below can also be applied to other browsers also:

I made a comment about me not trusting Chrome for security reasons.  One of my big concerns is how much of my data can Google see and collect?  It leads me deep into Google’s r Privacy Notice (http://www.google.com/intl/en/privacy/) to see what they have to say.  At the writing of this Chrome’s Section was last modified October 25, 2011 and in viewing the archived versions it appears they up date it about 3 times a year since 2009.

Google does not require personally identifying information to down load the Chrome software or to use it.  When you use Chrome, Google only receives “standard Log Information” which has IP Address and cookie information.  Like most Web sites, Google servers automatically record the page requests made when you visit their sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser/computer.

Here is an example of a typical log entry where the search is for “security”, :

###.###.###.### – 28/Nov/2011 10:15:32 -

http://www.google.com/search?q=security -

Firefox 8.0.1; Windows NT 5.1 – 740674ce2123e969

  • ###.###.###.### is the Internet Protocol address assigned to the user by the user’s ISP; depending on the user’s service, a different address may be assigned to the user by their service provider each time they connect to the Internet or it could be the same if you have a static IP address;
  • 28/Nov/2011 10:15:32 is the date and time of the query;
  • http://www.google.com/search?q=security is the requested URL, including the search query;
  • Firefox 8.0.1; Windows NT 5.1 is the browser and operating system being used; and
  • 740674ce2123a969 is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).

Wow that is some information they store and they can start to match up information based on the unique cookie ID and IP Address if users don’t delete the cookies.  So big deal, I’m behind a corporate firewall and there are a hundred computers on that connection but if you look at that information the cookie data will be directly related to MY machine, so they can pin it down to one machine.  Ok so how long will Google keep the data for?  “We (Google) strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance.”  That’s a long time to keep that information.

In addition to the above information if you are using Chrome as a browser some other interesting things happen (this is just a short list of what’s happening)

  • As you’re typing the address the letters that you are typing are sent to your default search engine and if the engines auto complete feature is turned on it will give you recommendations. If you have set Google to be the default they are now tracking your keystrokes.
  • If you type in a bad address that is nonexistent Chrome will send that information to Google to try to suggest the correct site.
  • Chrome includes Google’s Safe Browsing feature and will scan Google’s database for reports of malware or phishing and will let you know if it finds something.  This is over and above any virus / malware scanning you are doing outside the browser.
  • Synchronization feature – will store your bookmarks, history and chrome settings on their servers but you need to setup a Google Account to do this.
  • Location Feature will send local network information to Google to try to get an estimated location of where you are located.  This will look at the IP Address you are connected, signal strength of your connection and some other information.

Things you can do to limit the information sent:

  • Disable Chrome’s Auto complete Feature (Under the wrench Icon, select options, under the hood tab, privacy section, deselect the “Use a prediction service to help complete searches and URLs typed in the address bar” checkbox.)
  • Disable suggestions on Navigation errors (Under the wrench Icon, select options, under the hood tab, privacy section, Deselect the “Use a web service to help resolve navigation errors” checkbox to disable the feature.)
  • Check the other settings that are under the privacy section to see what you think about them.  One of them that comes unchecked by default is “Automatically send usage statistics and crash reports to Google “
  • Disable Synchronization feature – (Under the wrench Icon, select options, personal stuff, sync section has your information)
  • If the box is NOT Checked that item is disabled.

Chrome does send a lot of information but in Today’s world any server we are connecting to or through is keeping logs with as much information as they can collect so I guess I really need to look into what extensions can be run to help me control what information is “leaked” out.

November 25, 2011

Social Engineering – A Matter of Trust

Filed under: General Ramblings,Security Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: , — Jaron H. @ 9:19 am

In the world of cyber security, there is one very dangerous exploit that no anti-virus can ever detect, that no firewall can block, and that no complex password can ever protect a person from.  This one catastrophic flaw in security is enough to bring down large corporations and government agencies in mere seconds.  So what kind of security threat could possibly be that big?  Social Engineering.

Social Engineering is the art of manipulating people – usually through blind trust, habit, or curiosity – to either divulge what is seemingly innocent information or perform a rudimentary task.  Most of the time, people don’t realize they have even fallen victim to a Social Engineering attack until it is too late (assuming they ever find out!).

Most people are familiar with the popular forms of Social Engineering attacks.  For example, an email or phone call from your “bank” asking you to provide information they should already have or the ever-popular Nigerian Prince scam.  Just about any get-rich-quick plan that has been floating around in emails or even the “smilingly-innocent” Facebook games can be boiled down to a form of Social Engineering (Random fact: Did you know that all you need to pull a person’s credit report is their name and address?  Keep that in mind the next time you go to let a Facebook app access your personal information!).

A few days ago, I received a call from a man named “Tom” who works at the company that we will call “XYZ”.  I’ve never worked with Tom directly before this but he knew all of the people whom I’ve worked with and he knew many details about the project our business was doing for company “XYZ.”  The purpose of Tom’s call was to ask about a credit report that our business had processed for company “XYZ.”  Now, one of my job requirements is to help our customers with any problems so my instinct was to immediately help Tom out.  But here’s the problem: How do I know Tom really works for company “XYZ?”  Does Tom even have permission within company “XYZ” to discuss confidential credit information?

As much as I wanted to trust Tom, I couldn’t.  Caller ID’s can be faked and the information he had about the project could have been obtained through questionable means (namely, insecure emails).  As far as I knew, Tom could be trying to using a form of Social Engineering known as pretexting (the practice of getting your personal information under false pretenses ) to squeeze information out of me that could be used against either the individual whose credit report he was asking for, against company “XYZ,” or against our business.

The good news is that I was able to call my contact at company “XYZ” and verify that Tom was indeed in a position to request help from me (more on this later).  However, let’s assume Tom was trying to exploit me and look into areas where he would have been trying to exploit me through:

1)      Helpfulness:  He would have been trying to use my desire to help out a customer to gather confidential data!

2)      Trust: He would have been looking for me to trust that he really did work for company “XYZ” and that he had their best interest in mind.

Notice something?  The very things that make a good employee and support person – or just a nice person in general – can also be that person’s biggest weaknesses!  Let’s look at a few more, simpler cases of Social Engineering:

-          Holding the door:  You’re assuming that the person you are holding the door for is actually allowed in the building.

-          Piggybacking:  Letting someone who “locked themselves out” or “forgot their ID” inside the building.

-          Dumpster Diving:  If you don’t shred documents or destroy hard drives properly, anyone can get your confidential data out of the trash.

-          Curiosity/Learning (AKA Baiting):  “Let’s see what’s on this CD…”, “Let me try this application…”, “I’ll open this document/url…” – All of these are famous last words before unknowingly installing a virus or malware!

-          Diversion:  Persuading a person responsible for a legitimate delivery that the package they are delivering (data or physical) is to be delivered to an alternate location through a last minute decision the company had made.

-          Email: Most people don’t realize that all of their emails bounce from server-to-server in plain text and can be easily snooped.

Notice that all of the above examples do require an element of trust or false sense of security.  So, how do we get around this?  Simple: Don’t blindly trust anyone.  Now this solution sounds easy but how can you do this practically in the real world?

In IT, one of the most reliable forms of security is a process known as Pretty Good Privacy (PGP).  It is a complex security protocol that essentially requires a form of trust in order to allow a recipient to access its encrypted payload.  Prior to exchanging any secure data, the two parties involved will exchange what are known as “keys.”  The purpose of this is so that two key’s are required to “open” (decrypt) any secure file exchanged between the two parties.  Those key’s are:

1)      The sender’s public key (we’ll call the sender “George”):  This is the key that George presents to the individuals who are authorized to decrypt his encrypted data.  This way, since George’s private key was used to “lock” the file, his public key is required to “unlock” it.

2)       The recipient’s private key (we’ll call the recipient “Sam”):  This is the key that only Sam will possess, which will unlock anything that was locked by his public key.

As a result, George knows that Sam is the only one who can unlock the file since Sam is the only one who has the matching private key.  Likewise, Sam knows the file is from George because the file can only be unlocked using George’s public key (and only George has the matching private key required lock the file in the first place).

Why did I mention this?  Because the basic principle behind this security is also the best way to establish trust and therefore minimize the chance of being exploited through Social Engineering.  This is because your trust is based on:

-           Something you have (i.e. George’s public key)

-          Something you know (i.e.  Sam’s private key)

Going back to my case with Tom, before I could help him, I had to be sure he was who he claimed to be.  My processes of authenticating Tom went like this:

1)      Something I know:  I called up my contact at company “XYZ” and verified that Tom worked for them and that he was authorized to look into this case.

2)      Something I have:  I then asked my contact for Tom’s contact information so that *I* could call him.

The last step is just as important as the first one.  Why?  Because even though Tom (the one who worked for company XYZ) passed step one, there is no guarantee that the person I talked to was that Tom.  However, since I was the one calling him, I knew that I was talking to the correct Tom.  Therefore, I was able to address his problem and work with him in confidence.

 

Further reading:  http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/1  This details how the hacking group Anonymous used simpl attacks and social engineering to take down the entire Federal branch of the computer security company HBGary.

November 11, 2011

Are you pwned?

Filed under: Computer Ramblings,General Ramblings,Security Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: , , , , — PeterWallace @ 7:16 am

PWN (verb)

1. An act of dominating an opponent.

2. Great, ingenious; applied to methods and objects.

Originally dates back to the days of WarCraft, when a map designer misspelled “Own” as “Pwn”. What was originally supposed to be “player has been owned.” was “player has been pwned”.

Pwn eventually grew from there and is now used throughout the online world, especially in online games.

  1. “I pwn these guys on battlenet”
  2.  ”This strategy pwns!” or “This game pwn.”

 

About 50,000 breached records appear online every week.  Do any of them include your usernames and passwords?  A free website – http://www.pwnedlist.com – has been created that lets you easily check if your information has been compromised.  I sure would not want to be the one that sees the following message after inputting their information:

 

 As of November 4, 2011 almost 5 Million e-mail and user names were recorded in the system. PwnedList introduces itself as

“…a tool that allows an average person to check if their accounts have been compromised. No passwords are stored in our database. You can read more about where our data comes from here. Just enter an email address or username associated with any of your accounts to see if it’s on our list. Data entered is not stored, re-used, or given to any third parties. Don’t trust us? You can also use a SHA-512 hash of your email/username as input. Just don’t forget to lowercase all characters first.”

Now this will sound like great news to a lot of people. A team of security experts are doing some good work to help the folks on the internet find out whether or not they have been compromised. That’s great but how many of you know how to do a SHA-512 Hash?  Let alone what is? (You can find more information about the SHA-512 algorithm at The SHA-512 algorithm) SHA512 is a hashing algorithm that cannot be decrypted so the information they have stored may be safe.

My worry about sites like this is what is stopping a hacker from putting up a site like this to collect information?  Sure the site looks good but if you’re worried that your user name or password may have been hacked it’s time to go change them.  Also you’re not using the same user name and password on different sites are you?  Are your passwords dictionary words?  Time to change that around and create secure passwords and different ones for the different sites you are using.

Think about it is it real safe or is it fakes just trying to get your information?

November 5, 2011

Passwords? Pass the Cracker please…….

Filed under: Computer Ramblings,Security Ramblings,The Great Tech Blog-Off — Tags: , , , , , — PeterWallace @ 9:59 am

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.”  -Clifford Stoll

Why are strong passwords needed?
Good computer security includes the use of strong passwords for all your accounts. Passwords can be the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful. Network passwords that once took weeks to break can now be broken in hours.

Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password.

For a password to be strong and hard to break, it should:

  • Contain 6 or more characters
  • Contain characters from each of the following three groups:
    1. Letters (uppercase and lowercase) A, B, C,…; a, b, c,…
    2. Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    3. Symbols (all characters not defined as letters or numerals) ` ~ ! @ # $ % ^ & * ( ) _ + – = { } | [ ] \ : ” ; ‘ < > ? , . /
  • Have at least one symbol character in the second through sixth positions.
  • Be significantly different from prior passwords.
  • If there is only one letter or special character, it should not be either the first or last character in the password

Do NOT use:

  • Your username or any part thereof
  • Name(s) of yourself, family, friends, pets, or co-workers
  • Computer terms and names, commands, sites, companies, hardware, or software
  • Birthdays or other personal information such as addresses or phone numbers
  • A set of characters in alphabetic or numeric order (ex. abcdef), in a row on a keyboard
    (ex. qwerty), or a simple pattern (ex. 123123)
  • Words that can be found in a dictionary
  • Your UCLA ID number, a bank account PIN, credit card number, etc.
  • Any of the above spelled backwards
  • Any of the above preceded or followed by a digit (ex. qwerty1, 1qwerty)

Try to change your password(s) frequently.

When typing in your password, make sure no one is watching you type. Ask anyone around you to kindly look away.

Also the top 20 most common password are as follow. Is yours among them?

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. websitename (the name of the site example Microsoft or yahoo)
  8. 1234567
  9. 12345678
  10. abc123
  11. Nicole
  12. Daniel
  13. babygirl
  14. monkey
  15. Jessica
  16. Lovely
  17. michael
  18. Ashley
  19. 654321
  20. Qwerty

You will notice how many people have apparently used their first names as passwords.  Number 7 the password is simply the name of the site.

I  advise users to choose a strong password for sites you care for the privacy of the information you store.  If you’re concerned about being able to remember the code, here’s a little memory-jogging trick: Take a sentence and turn it into a password. Something like ‘This little piggy went to market’ might become ‘tlpWENT2m.’”

November 2, 2011

What can I do to stay safer online?

Filed under: Computer Ramblings,General Ramblings,Security Ramblings,The Great Tech Blog-Off — Tags: , , , , , , — PeterWallace @ 6:56 am

When you cross the street, you look both ways to make sure it’s safe.  Staying safe on the internet is just as important.  What are some of the ways you can stay safe?

1)      Use Secured connections.  Make sure you are opening secured connections to the pages.  You do this by typing in https at the beginning of a URL.  IE9 shows a lock in the address bar.

Check your address bar for an "https" connection whenever you are entering personal data online

2)      Use your best judgment.  You should be aware of scams that try to steal your personal information (Birth Date, Social Security Number, and Address), your money (Bank account or Credit Card) or both.  This is called “phishing” because they “fish” for your information.  Look for the signs that the e-mails or the website is pushing to get your private information.  Is the spelling and grammar what you expect?  Is the e-mail from a person you know and does it seem correct?  Before giving out information or money verify that it is legit.  You will not get money for little or no effort, that bank account you never knew you had is really not going to get locked, or the deals that sound too good to be true.

3)      Is your Operating system secure. Your browser is only a secure as the operating system it runs on.  When is the last time your computer was updated?  Microsoft releases security patches on Patch Tuesday which is usually the second Tuesday of each month.  Starting with Windows 98 Windows Update was released that would check for patches to windows and its components.  You can set this for auto update but it is still good to check manually every so often. http://windowsupdate.microsoft.com is the address just in case you would like to check your machine.

4)      Download a modern browser.  In addition to patches make sure you are running the most up to date browser.  Older browsers will have security holes. Do you have add-ons to your browsers?  Make sure they are current.   Also while you’re checking on your software how current is your Anti-virus and security software?  When was the last time it updated signature files?  Is it current or is it expired?

5)      Help spread the word The more information we can get out to family, friends, co-workers, and others the safer we will stay.

Just remember before you use the Internet, take time to understand the risks and learn to spot problems.  Take a moment to be certain that the site is clean.  Watch for warning signs and consider how your actions online could impact your safety or your family’s.  Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.  Protect yourself and help keep the web a safer place for everyone.

January 17, 2011

Why Complex Passwords are Crucial to maintaining security

Filed under: Computer Ramblings,General Ramblings,Security Ramblings — Tags: , , , , , — Kordel Eberly @ 10:26 am

This past week I found myself conducting an Audit on some IT resources for a client. I was asked to attempt password recovery on some essential equipment, as well as to audit the security setup of the same equipment to determine the level of resistance to different Network threats.

The project, in addition to being enjoyable, was also highly enlightening. I find that whenever I “dig a little deeper” in to a Security topic, I always uncover very interesting (and sometimes terrifying) tidbits about the security, or lack of security, of the different systems and measures that most of us take for granted on a daily basis.

Exhibit A: Client X
Client X required password recovery (for reasons that are not relevant) on a piece of equipment that was extremely crucial to daily operations. What I discovered during this process was terrifying, and speaks in detail to the dangers of slack security measures on the part of IT Professionals!

In processing this recovery (which was successful, by the way), I discovered that the carelessness of the personnel responsible for original configuration of this equipment allowed this critical piece of equipment to be unlocked in a matter of only a few hours (without previous experience on this type of equipment on my part). A seasoned “Hacker” or Security Expert could no doubt have performed the same procedure in under an hour.

The key weaknesses that contributed to the ease of entry included:

  • Lack of Access Control Lists or Access Restrictions
  • No mechanism to prevent or limit access to “Recovery” modes
  • Lack of attention to critical security flaws inherit in the equipment

And, most importantly,

  • Simple administrative account passwords (i.e. a single real-word password, without numbers, case change or symbols of any kind)

That’s a problem….

Before I proceed, let me establish a few things:

  • In the defense of the parties responsible for this equipment, some amount of Physical Access (though VERY BRIEF) is required to carry out the exact method that I utilized to breach this equipment. HOWEVER – a skilled attacker could “probably” manipulate a few other protocol, design OR environment restrictions to bypass the need for physical access
  • Eberly Systems maintains a VERY STRICT standard in regards to Security Auditing and Unauthorized Access of any kind – we will NEVER, under ANY CIRCUMSTANCES perform an Unauthorized attack or access attempt on any device or network.

Now to the good stuff…

Bypassing established security measures is sometimes as simple as finding a “loophole” in equipment or protocals that allows you to bypass Username and Passwords on a given piece of equipment. Other types of attacks require the procurement of “Password Hashes”.

Password hashes are passwords that have been encrypted and stored on equipment, and it is what allows your password to be verified when you enter it into any screen on your computer. Hashes utilize highly specialized Encryption Algorithms (such as MD5, SHA-1, DES, etc) to encrypt your original password, making it unreadable. In some cases, Passwords are processed through either Multiple Algorithms, or the same algorithm Hundreds (or even thousands) of time. The resulting “Hash” cannot be “unscrambled” – the only way to confirm a passwords accuracy is to do the process all over again – enter a password, the system runs the password through the same encryption process (using whatever established Algorithm and process it utilizes), and the resulting Hash is compared against the original. If it’s a match, access is granted. If it does not match, access is denied.

While this is very secure (again, Hashes cannot be “Unscrambled”), it is possible to “crack” Hashes if you can obtain the password hash. Utilizing special software, potential passwords are run through the same algorithm(s) that your target system utilizes, but at very high speeds – hundreds, thousands, or more per second.

The two types of Password Cracking attacks are “Dictionary” and “Brute Force”. Dictionary attacks utilize a pre-built “Dictionary List”, or list of common words in a given language. They will process this list at whatever speed the attacking system is capable of (based on Processor speed and other factors), until a match is found. More advanced Dictionary attacks allow the Dictionary words to be “mangled”, changing the case of some or all letters, adding numbers or symbols before or after the word, and other such things.

Brute Force attacks tend to be much lengthier. They involve specifying a “set” of characters (such as the letters a-z, A-Z, numbers 0-9, or Keyboard Symbols) and, starting at “a”, running through every possible combination of letters, numbers, cases, etc. Brute Force attacks on complex passwords are not viable on most systems – with todays sophisticated hash algorithms and a good password, a standard computer would take hundreds (or thousands) of years to go through EVERY possible combination of symbols, and find a matching Hash output. Obviously, by the time the system would complete this process, the password would have probably changed or become irrelevant.

However, if you have a simple password (let’s say, “password”), and an attacker gains access to your stored “Hash”, and , utilizing  a standard Dictionary file of the English language on a modern Desktop PC, he could (theoretically) uncover your password (i.e. match the hash value) in as little as a half hour (depending on his Dictionary file, program of choice, and other factors). Scary, huh?

If you were to make even a few changes – for example, capitalize the “a”, and add a symbol (let’s choose “#”) at the end, your attackers dictionary attack would fail, and he would have to resort to either a Brute Force attack (which, for such a password and no further information, WOULD take quite a few years), OR a much more sophisticated Mangled Dictionary attack, which could still take a year or more.

If you go even further, and, ditching your original password, create a new “random” password (let’s make one up, say “R5&lk#fw”), the attacker would be 100% unable to crack the hash with a Dictionary attack, and would HAVE to resort to a brute force attack. On a modern Desktop computer, such an attack would likely take Thousands of years (which makes it “impossible” to crack for all intents and purposes).

Hmm… suddenly, it makes a bit more sense when your IT department or favorite Email Provider makes you change your password and add a few extra Symbols or numbers, doesn’t it?

The wrench in all of this is that some Hackers have a lot more “horsepower” behind them then a simple Desktop computer. If you are targeted by a Government or Organized Hacking Group, your Hash may become the target of the combined power of hundreds, thousands (or more) of Computers (CPU’s) – which means that the time to crack your password could go from 1000 years (using round numbers for example), to:

  • 10 years on 100 Processors
  • 1 year on 1000 Processors
  • 1 month on 12,000 Processors

As you can see, you DON’T want to run cross ways of someone with the money or resources to leverage a Server Farm against your Password hash.

Now that you are thoroughly terrified, go change your passwords – and let me leave you with one last tidbit from a recent attack against “Gawker Media”, in which their entire database of User accounts and hashes was obtained and cracked by an organized hacking ring. The following data is provided thanks to DuoSecurity.com.

“As with any password dump, one of the most interesting outcomes is the most popular/common passwords chosen by users.  The top 25 most common passwords from our cracking results were:

   2516 123456
   2188 password
   1205 12345678
    696 qwerty
    498 abc123
    459 12345
    441 monkey
    413 111111
    385 consumer
    376 letmein
    351 1234
    318 dragon
    307 trustno1
    303 baseball
    302 gizmodo
    300 whatever
    297 superman
    276 1234567
    266 sunshine
    266 iloveyou
    262 f***you
    256 starwars
    255 shadow
    241 princess
    234 cheese

The vast majority (99.45%) of the cracked passwords were alphanumeric and did not contain any special characters or symbols.”

How many of my readers will be changing their passwords in the next week because of this information? I’m curious – let me know!

August 16, 2010

Hottest July Virii

Filed under: Computer Ramblings,Security Ramblings,Technical Ramblings — Tags: , , , , , , , , — Kordel Eberly @ 8:53 am

For all my readers who care (that should be everyone) about Computer Security, the Jury is In on July’s most active Virii, Spyware and Malware infections. Following is a list of the top 5, with brief descriptions. My #1 Recommendation?? When there’s Sharks in the water, Surf Scared!!!

1. Trojan-Downloader.JS.Pegel.bp

Secretly downloads malicious script from a remote server, installs and redirects users to further malicious websites.

2. Exploit.Java.CVE-2010-0886.a

Allows attackers to download and execute arbitrary Java on vulnerable systems by luring victims to malicious sites.

3. Trojan-Downloader.VBS.Agent.zs

Downloads and installs new versions of malicious programs, including Trojans and AdWare, on victim PCs.

4. AdWare.Win32.FunWeb.q

Displays unsolicited pop-up ads which do not appear to be relevant or associated with the user’s browser sessions.

5.Exploit.JS.Agent.bab

Uses a Microsoft Internet Explorer vulnerability to silently install malicious software onto the user’s computer.

July 9, 2010

Is that Public Network really Safe?

Filed under: Security Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: , , , , , , — PeterWallace @ 10:34 pm

I just got back from being away for a few days and noticed something alarming! I got to the hotel that had open wireless internet access and connected my netbook to the network. Almost immediately my firewall software started to kick off alerts! There were all kinds of port scans to my netbook. Port scans are used by hackers to see what ports may be open on your pc. Once they know of open ports then the start to attack you from there. My virus/firewall program (eEye Blink Professional edition www.eeye.com) did what it was meant to do and stopped it from reaching. Being a Network Engineer I started to look at some of the information in the logs. I noticed the same ip address was hitting the firewall and kept hitting it. Doing a bit more digging I found the name of the computer and had a hunch what I was looking at. At that point I disconnected from the network.

Well it was then time to go try out the Hotels 2 shared business computers. I walked into the room that they were in and noticed both were Windows Xp Professional Boxes. Went to shut down to see what user was logged in and saw administrator! Yes shared computers that had administrator rights. The second item I looked into was what they were named and Ip address of them. Strange one of them just happened to have the same ip and address that kept attacking my PC. Next I looked for Antivirus software and found none (kind of figured that) and looked at the patch level and found service pack 1. (Note should have been service pack 3). I knew what I was going to find. I tried to go out to several online virus scanning services to scan the pc and was blocked. Tried to go to several sites to down load Antivirus and was blocked by that. Tried to download spyware detection software and same thing. Got my Jump drive out that I carry the current free version of AVG antivirus with current virus definitions (free.avg.com) and installed it to the pc. Did a scan to find over 60 Virus. Cleaned them up and rebooted the pc. Next I installed Malwarebytes and current signatures (www.malwarebytes.org/mbam.php) and started the scan to find over 400 hits from that program. Cleaned everything up and rebooted the pc. Now the system was at clean but still missing many patches. Connected my netbook to the network and did not get all the firewall hits so at least that is now clean.

I went to go find the Manager to talk with him but only got the Assistant Manager to let him know what I found. I found out they allowed the Administrator access on both machines as too many people complained they could not download or run programs they wanted to but did not realize they were putting themselves and everyone that used the pc’s and networks in danger. Had I more time I would have cleaned the other machine and patched them both but the hotel was getting their IT people in to repair and secure the PC’s. Maybe next time I’m out that way I’ll swing in and check to see if they really are secure. If not, time for me to get out my Business Card and see if I can get some billable business out of the deal.

The Hotel name and location will stay with me as not to destroy and reputations.

Privacy Policy | Terms & Conditions | Related Sites | SpyderMap | Web Portal | Exchange Links | Affiliates