Ever since the end of the election, there has been a Trojan virus that has been riding the coattails of the Obama victory speech. here is a quote from the article " Several security tool vendors -- including Cloudmark, Sophos, and Websense -- today are reporting massive amounts of spam messages that promise video clips of an "amazing" Obama speech, election news results, or interviews with Obama's advisers. These messages are carriers of malware that can compromise users' PC, researchers say. The three vendors offered differing descriptions of the attack, which suggests it may be working under different disguises. But screen shots provided by both Cloudmark and Sophos contained identical photos and text, indicating that much of the traffic is being generated by a single exploit."
here is the website with more news
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212000783&cid=nl_DR_WEEKLY_H
With every big event there are huge malware attacks reported. So my question is why aren't there more arrest made or more of an attempt to catch these people and have them made an example of. And on the other side of things, what are some techniques that are being used to hide the identity of the hackers sending out these viruses. How have these people hide their foot prints
Sunday, November 30, 2008
Virus attack on London hospitals hits patient care
During the week of November 19 three London hospitals were down because of infection of malware.
Question:
If there are Malware infection with no threat what are some other reasons for malware to be put in place if there not negative effects?
No patient data was at risk of disclosure, said William Mach, an NHS spokesman. As a precaution, computers were shut down at St Bartholomew's, the Royal London Hospital and The London Chest Hospital.
When the infection became known, ambulances were diverted to other hospitals, as it was easier to admit patients using unaffected computer systems rather than revert to a paper-based admission systems, Mach said.
The hospitals are now taking emergency patients again, he said.
Official are investigating how the infection occurred, although it did not appear to be malicious, Mach said.
Here is a site with more information:
Question:
If there are Malware infection with no threat what are some other reasons for malware to be put in place if there not negative effects?
Monday, November 24, 2008
ND Stadium Security - A Unique Case Study
One thing nearly all of us take part in during the Fall on campus is Notre Dame football. The student security at the stadium is rather simple - you hand them your ticket and show a student ID. The ID card is the chief security check that you, as a student, are entitled to be there. Your clearance is a photo and a name to match the name on the ticket. It's easy to see that a ticket booklet name could be forged and a fake ID made to match it, but is all that really necessary to get past stadium security?
A friend of mine and I wore chicken and gorilla suits to the game this weekend against Syracuse. Maybe you saw us... As you can see below, we were fully masked. You may be surprised to learn that we wore the masks all the way from his room in Morrissey up to around the end of the first quarter. We were able to walk past a number of ushers, many of whom acknowledged us, without removing the masks on our way into the stadium and our seating section. We could have been anybody. Our photo IDs certainly did not match our gameday appearance. I'm not particularly serious or worried about threats from criminals in animal costumes, but I do think it's something to think about and, if nothing else, pretty funny.
A friend of mine and I wore chicken and gorilla suits to the game this weekend against Syracuse. Maybe you saw us... As you can see below, we were fully masked. You may be surprised to learn that we wore the masks all the way from his room in Morrissey up to around the end of the first quarter. We were able to walk past a number of ushers, many of whom acknowledged us, without removing the masks on our way into the stadium and our seating section. We could have been anybody. Our photo IDs certainly did not match our gameday appearance. I'm not particularly serious or worried about threats from criminals in animal costumes, but I do think it's something to think about and, if nothing else, pretty funny.
Final Exam
The final exam for this course will be on Tuesday, December 16th from 8AM-10AM. This time and the location are set by the Registrar's Office. If you have a conflict, you need to see me as soon as possible.
The Registrar's Office has not yet announced our room assignment. Please pay careful attention to this announcement when it is made. I have had semesters where the final exam room was different from my normal classroom.
I've posted a review sheet that outlines the material covered by the exam. We will also use the last class meeting to review any questions that you may have, so please take some time to prepare in advance.
The Registrar's Office has not yet announced our room assignment. Please pay careful attention to this announcement when it is made. I have had semesters where the final exam room was different from my normal classroom.
I've posted a review sheet that outlines the material covered by the exam. We will also use the last class meeting to review any questions that you may have, so please take some time to prepare in advance.
Sunday, November 23, 2008
Pentagon Hit By Cyberattack
The original articles for the subsequent post can be found here and here.
According to two news articles from Foxnews.com, the Department of Defense--specifcally, the Pentagon--has been the target of a serious cyberattack. The cyberattack has, reportedly, affected some of the 17 million computers that store sensitive information on the Global Information Grid. According to the articles, the cyberattack came in "the form of a global virus or worm that is spreading rapidly through a number of military networks." As a result of this attack by commercial malware, use of external hardware devices such as flash drives, external hard drives, and DVD's has been banned.
As to the cause of this cyberattack, not many specifics are known. A rear admiral in the United States Navy has reportedly attributed the introduction of the global worm "to a service member with access to classified information [that] inadvertently loaded the virus onto his computer via a flash drive." This also explains why external devices such as flash drives have been banned. The authors of the malware--and the architects of the cyberattack--are as yet unknown. In fact, the cyberattack could have come "from a number of foreign countries, possibly Russia, though the military is dismissing earlier reports that China was the source of the threat."
Now that the Department of Defense has detected the virus, the next thing they need to do is follow the incident handling process described in class. Namely, they should contain the virus by removing the ways in which the virus is thought to have entered the network. I believe that the Department of Defense has done that very thing by prohibiting the use of external drives. They then must restore their systems to a "known good state," but the details of that may be difficult since we do not know the extent to which the network has been damaged by this cyberattack. In restoring their systems to a "known good state," they may have to rebuild their systems entirely or they may just have to redesign their information security environment. Finally, they must analyze how to prevent further such cyberattacks. That may require further restricting access to sensitive information, or permanently enforcing the ban on all external devices.
According to two news articles from Foxnews.com, the Department of Defense--specifcally, the Pentagon--has been the target of a serious cyberattack. The cyberattack has, reportedly, affected some of the 17 million computers that store sensitive information on the Global Information Grid. According to the articles, the cyberattack came in "the form of a global virus or worm that is spreading rapidly through a number of military networks." As a result of this attack by commercial malware, use of external hardware devices such as flash drives, external hard drives, and DVD's has been banned.
As to the cause of this cyberattack, not many specifics are known. A rear admiral in the United States Navy has reportedly attributed the introduction of the global worm "to a service member with access to classified information [that] inadvertently loaded the virus onto his computer via a flash drive." This also explains why external devices such as flash drives have been banned. The authors of the malware--and the architects of the cyberattack--are as yet unknown. In fact, the cyberattack could have come "from a number of foreign countries, possibly Russia, though the military is dismissing earlier reports that China was the source of the threat."
Now that the Department of Defense has detected the virus, the next thing they need to do is follow the incident handling process described in class. Namely, they should contain the virus by removing the ways in which the virus is thought to have entered the network. I believe that the Department of Defense has done that very thing by prohibiting the use of external drives. They then must restore their systems to a "known good state," but the details of that may be difficult since we do not know the extent to which the network has been damaged by this cyberattack. In restoring their systems to a "known good state," they may have to rebuild their systems entirely or they may just have to redesign their information security environment. Finally, they must analyze how to prevent further such cyberattacks. That may require further restricting access to sensitive information, or permanently enforcing the ban on all external devices.
Thursday, November 20, 2008
Assignment 6
Assignment 6 is now available. It is due on December 8th. The first part of the assignment involves tracking down IP addresses. The second part of the assignment is the analysis of the iPremier case, which I will distribute in class on Monday.
Tuesday, November 18, 2008
So Long, Blackberry
Obama transition officials have reported that it is very unlikely that he will continue to carry his Blackberry while in office. This is mainly due to security issues. The data contained on most PDAs can be compromised with nominal effort, e-mail can potentially be monitored, and these devices are trackable.
I don't personally own a portable e-mail device, however many will attest to how addicting (and convenient) it can become to regularly check and manage one's e-mail: "Definitely he's going to feel an electronic detoxing," said Reed Dickens, former assistant press secretary to President George W. Bush. Users have even been referred to as "crackberry addicts". Obama's attachment to his PDA is illustrated by the following: "This past summer, news cameras recorded him checking his BlackBerry while watching his daughter's soccer game, only to have Michelle Obama slap at his hands, prompting him to return the device to its holster."
The other issue, less relevant to this course, is the possibility of a president's e-mail being subpoenaed and made public record: "The president's e-mail can be subpoenaed by Congress and courts and may be subject to public records laws, so if a president doesn't want his e-mail public, he shouldn't e-mail, experts said." E-mailing is just another channel for his words and personal communications to become public record; this must be taken into consideration. On this note, Presidents Bush and Clinton set a precedent by not e-mailing in office and it will ultimately be up to Obama to follow it or not.
I find it comforting to hear that PDA security is a priority for Obama and his officials. It may be a less-pressing concern, but definitely an important one.
http://www.google.com/hostednews/ap/article/ALeqM5iw25dERohJoJUYwISzNoOsSd1VCwD94GBFTO0
I don't personally own a portable e-mail device, however many will attest to how addicting (and convenient) it can become to regularly check and manage one's e-mail: "Definitely he's going to feel an electronic detoxing," said Reed Dickens, former assistant press secretary to President George W. Bush. Users have even been referred to as "crackberry addicts". Obama's attachment to his PDA is illustrated by the following: "This past summer, news cameras recorded him checking his BlackBerry while watching his daughter's soccer game, only to have Michelle Obama slap at his hands, prompting him to return the device to its holster."
The other issue, less relevant to this course, is the possibility of a president's e-mail being subpoenaed and made public record: "The president's e-mail can be subpoenaed by Congress and courts and may be subject to public records laws, so if a president doesn't want his e-mail public, he shouldn't e-mail, experts said." E-mailing is just another channel for his words and personal communications to become public record; this must be taken into consideration. On this note, Presidents Bush and Clinton set a precedent by not e-mailing in office and it will ultimately be up to Obama to follow it or not.
I find it comforting to hear that PDA security is a priority for Obama and his officials. It may be a less-pressing concern, but definitely an important one.
http://www.google.com/hostednews/ap/article/ALeqM5iw25dERohJoJUYwISzNoOsSd1VCwD94GBFTO0
Monday, November 17, 2008
Bluetooth
Here is some information I gathered about bluetooth wireless networking.
Definition: Bluetooth is a specification for the use of low-power radio communications to wirelessly link phones, computers and other network devices over short distances. The name Bluetooth is borrowed from Harald Bluetooth, a king in Denmark more than 1,000 years ago.
Bluetooth technology was designed primarily to support simple wireless networking of personal consumer devices and peripherals, including cell phones, PDAs, and wireless headsets. Wireless signals transmitted with Bluetooth cover short distances, typically up to 30 feet (10 meters). Bluetooth devices generally communicate at less than 1 Mbps.
Bluetooth networks feature a dynamic topology called a piconet or PAN. Piconets contain a minimum of two and a maximum of eight Bluetooth peer devices. Devices communicate using protocols that are part of the Bluetooth Specification. Definitions for multiple versions of the Bluetooth specification exist including versions 1.1, 1.2 and 2.0.
Although the Bluetooth standard utilizes the same 2.4 Ghz range as 802.11b and 802.11g, Bluetooth technology is not a suitable Wi-Fi replacement. Compared to Wi-Fi, Bluetooth networking is much slower, a bit more limited in range, and supports many fewer devices.
As is true for Wi-Fi and other wireless technologies today, concerns with Bluetooth technology include security and interoperability with other networking standards. Bluetooth was ratified as IEEE 802.15.1.
I thought it was interesting that it uses a standard similar to the one we learned in class (IEEE...) and that concerns with Bluetooth include security and interoperability. So I looked up the standards and if you want to check out this super long document here it is.
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
After doing this I went to youtube... and oh buddy is it easy to hack bluetooth phones. There are a million videos and programs available to download so that you can hack someone's phone. You can make calls, send texts, and turn off their phone.
Here are two videos I found interesting:
http://www.youtube.com/watch?v=5WRLtBl-lqo
http://www.youtube.com/watch?v=XlTEIYGk3Ro
What do you guys think? I don't have bluetooth on my phone but I do have it on my computer. I never use it for anything, so I wonder if people can connect to my computer in the same way the phones are being hacked.
-Cassie
Definition: Bluetooth is a specification for the use of low-power radio communications to wirelessly link phones, computers and other network devices over short distances. The name Bluetooth is borrowed from Harald Bluetooth, a king in Denmark more than 1,000 years ago.
Bluetooth technology was designed primarily to support simple wireless networking of personal consumer devices and peripherals, including cell phones, PDAs, and wireless headsets. Wireless signals transmitted with Bluetooth cover short distances, typically up to 30 feet (10 meters). Bluetooth devices generally communicate at less than 1 Mbps.
Bluetooth networks feature a dynamic topology called a piconet or PAN. Piconets contain a minimum of two and a maximum of eight Bluetooth peer devices. Devices communicate using protocols that are part of the Bluetooth Specification. Definitions for multiple versions of the Bluetooth specification exist including versions 1.1, 1.2 and 2.0.
Although the Bluetooth standard utilizes the same 2.4 Ghz range as 802.11b and 802.11g, Bluetooth technology is not a suitable Wi-Fi replacement. Compared to Wi-Fi, Bluetooth networking is much slower, a bit more limited in range, and supports many fewer devices.
As is true for Wi-Fi and other wireless technologies today, concerns with Bluetooth technology include security and interoperability with other networking standards. Bluetooth was ratified as IEEE 802.15.1.
I thought it was interesting that it uses a standard similar to the one we learned in class (IEEE...) and that concerns with Bluetooth include security and interoperability. So I looked up the standards and if you want to check out this super long document here it is.
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
After doing this I went to youtube... and oh buddy is it easy to hack bluetooth phones. There are a million videos and programs available to download so that you can hack someone's phone. You can make calls, send texts, and turn off their phone.
Here are two videos I found interesting:
http://www.youtube.com/watch?v=5WRLtBl-lqo
http://www.youtube.com/watch?v=XlTEIYGk3Ro
What do you guys think? I don't have bluetooth on my phone but I do have it on my computer. I never use it for anything, so I wonder if people can connect to my computer in the same way the phones are being hacked.
-Cassie
Saturday, November 15, 2008
Club Security
Along the same lines as Katie's post, I wanted to examine an emerging technology (IDetect) that club bouncers have been utilizing and the effect that it has on customers. This handheld device essentially stores the club goers drivers license information (and takes a picture of the customer) while readily detecting fake IDs. The main goal of these devices is to eliminate anonymity and to cut down on underage drinking. The gadget scans an ID (with recognition from all 50 states) via the magnetic strip. The device also features a touchscreen and built-in camera.
"The scanner catches fake IDs and records a person's driver's license number, birth date, address, height, weight, eye and hair colors. It also saves a photo of what the patron was wearing that night." This information is easily downloaded to the club's computer.
"The scanner catches fake IDs and records a person's driver's license number, birth date, address, height, weight, eye and hair colors. It also saves a photo of what the patron was wearing that night." This information is easily downloaded to the club's computer.
If necessary, the machine can then search for people by name, gender, description or number of visits. Furthermore, it can provide statistics regarding the number of patrons the club has each night, their age and gender (which can then be used to influence marketing strategy).
A major benefit of this device is to deter unruly and violent behavior. "One of the main reasons people will misbehave is because they have anonymity," Carpenter said. "But when you can record their name and take their photo, they no longer have that anonymity. When problems do occur, suspects can be easily identified in the device; their personal information can then be sent to the police. Bouncers can also place a message next to the person's name in the computer, allowing for a reminder the next time they try to enter.
However it is important to remember that this is sensitive information and should be treated as such. As we have seen in class, when in the wrong hands, data as innocent as e-mail addresses can lead to finicanial woes. I believe that if this information was downloaded to a computer, access to it would have to be limited to one or two people; if necessary read-only access could be granted to others. Additionally, there should only be one bouncer with this device per club. A thorough background check would be required for the position. The club would also have to determine how long these personal records should be stored in their database, or if it is only necessary to keep information on their most active customers (defined as one who visits once a month minimum). And as with all technology, one must determine if the benefits outweigh the risks.
http://gazettextra.com/news/2008/sep/09/high-tech-gadgets-new-security-feature-bars/
"In Era of Blog Sniping, Companies Shoot First"
Last week, The New York Times published an article regarding the use of blogs by companies for announcing layoffs. With the market crisis that has been developing in the past several weeks, a number of companies have been forced to let part of their workforce go. However, information is getting leaked to the public faster and faster. Many of these layoffs reach the public before the company even has a chance to inform their employees of the layoff. Some employees are learning that they are being laid-off through reading blogs about their companies. As a result, many companies are beginning to post stories such as layoffs on company blogs so that their employees and the public are informed by the company rather than by somebody outside the company who managed to get the story.
This article clearly addresses the confidentiality and integrity of information. Many blog posts by people outside these companies are not completely accurate and accuse companies of poor management. This in turn is creating a negative image for these companies who are clearly already struggling. So, do you think that companies are addressing this problem in the best way possible? What else could they do to protect both their employees and reputation?
http://www.nytimes.com/2008/11/05/technology/start-ups/05blog.html?_r=3&ref=technology&oref=slogin&oref=slogin&oref=slogin
Thursday, November 13, 2008
Security Review: ID Scanners
After our discussion in class about skimmers, I thought about how they might be able to used to capture personal information that you may not want others to have. At many bars and liqour stores, they scan our IDs to make sure that we are of legal age. A malicious employee could easily use a skimmer and pretend it was an id scanner and capture all of the information that is stored on teh barcode of your ID. I know that several states offer the option to put your Social Security number on your IDs, which would make an easy target for identity theft. With thousands of customers coming in and out of bars and liqour stores (especially during football season), someone could collect a ton of personal data.
On the other hand, bars could use this information for 'good' by collecting information on visitors in order to market their bar towards the target customer. For example, if a bar realizes a lot of 21-one-year olds are attending the bar, they might look into having an 18+ night since 21-year-olds likely have many 20-year-old friends. The bars should though, make it voluntary to give this information, rather than just taking it without telling anyone.
There really isn't a way to stop these types of data theft, except by refusing to allow your ID to be swiped (which will most likely mean not getting into a bar or buying beer). Businesses should be responsible for ensuring employees are not misusing ID information. One way to do this would be to ensure at least 2 people are checking IDs or selling alcohol, so that 1 malicious employee couldn't take advantage of this skimming.
On the other hand, bars could use this information for 'good' by collecting information on visitors in order to market their bar towards the target customer. For example, if a bar realizes a lot of 21-one-year olds are attending the bar, they might look into having an 18+ night since 21-year-olds likely have many 20-year-old friends. The bars should though, make it voluntary to give this information, rather than just taking it without telling anyone.
There really isn't a way to stop these types of data theft, except by refusing to allow your ID to be swiped (which will most likely mean not getting into a bar or buying beer). Businesses should be responsible for ensuring employees are not misusing ID information. One way to do this would be to ensure at least 2 people are checking IDs or selling alcohol, so that 1 malicious employee couldn't take advantage of this skimming.
Sunday, November 9, 2008
Vista Security is Looking Up
The latest Security Intelligence Report from Microsoft says that vulnerabilities to the Vista operating system have gone down. Most of the threats to users now lie with third-party software. One issue, however, is that the vulnerabilities being found in Vista these days are more critical. Part of the credit for the security of Vista is due to amount of restrictive features in the operating system. On the other hand these features are blamed for user dissatisfaction with Vista (they can be bothersome - I especially find User Account Control annoying!) and subsequently hindering the increase of its popularity.
Source article:
Microsoft sees OS flaws drop, application breaches rise
By Robert Westervelt, SearchSecurity.com
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1337532,00.html
Source article:
Microsoft sees OS flaws drop, application breaches rise
By Robert Westervelt, SearchSecurity.com
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1337532,00.html
New Comprehensive Information Security Laws
I was in Boston this weekend for the game, and during my time in Massachusetts I heard about the state's attempts to curb information breaches by setting several minimum-standards for companies to put in place to ensure their clients' personal information is secure.
Although these standards are already used by many companies, Massachusetts is one of the first (behind California) to step up the standards required to secure information.
State legislators and security officials are hopeful that the new Massachusetts regulations will have a ripple effect because any company that does business with clients in Mass., regardless of where it is based or its other clients reside, will have to abide by these new standards; meaning several companies will have to enact the new safer standards for client information.
Some of the new regulations include:
-More than one employee required to operate information security program
-More/advanced training for employees on the subject of information security
-Preventing terminated employees from accessing data or records
These regulations (and others) go into effect on January 1, 2009
Thursday, November 6, 2008
Risk Management in the Digital Age
Check out Russ Banham's "Risk Management in the Digital Age" article in today's Wall Street Journal. It's pretty scary to hear the ease with which sophisticated cyber criminals are able to steal financial information and make themselves a whole lot of money.
Brendan
Brendan
Election Hacking
Maybe there was a little election-related security news this year after all. Here are two interesting news excerpts from ComputerWorld:
Report: Obama, McCain campaign computers were hacked by 'foreign entity'
Hackers leverage Obama win for massive malware campaign
Report: Obama, McCain campaign computers were hacked by 'foreign entity'
Hackers leverage Obama win for massive malware campaign
Wednesday, November 5, 2008
Countries Debate Proposals for National Firewalls
A few days ago, an article appeared in the New York Times regarding national firewalls, so I thought it fit in well with our recent class discussions. There is currently a controversy in
It’s been several years since
http://www.nytimes.com/2008/11/05/technology/start-ups/05blog.html?_r=1&ref=technology&oref=slogin
Assignment 4 Extension
As we didn't get to the firewall configuration material I had hoped to cover on Monday, I'm going to extend the due date for Assignment 4. It is now due on Monday 11/17 instead of Monday 11/10. Assignment 5 remains due on Wednesday 11/12.
Subscribe to:
Posts (Atom)
Posts
