Your hardware is well secured. You’ve got agood perimeter firewall in place that only allows communication onauthorized ports, an IDS to scan for suspicious activity, WPA2encryption set on wireless devices, and so on. Your software is secureas well. Patches up to date, good password policy enforcement, etc.
So where is the weak point in your network? I think there’s a commonexpression used to describe it – the problem exists between keyboardand chair.
Lately, more attacks have relied upon social engineering to infectusers rather than automated exploitation of vulnerabilities in networkservices. Social engineering is nothing new, but the sophistication ofsome of these attacks has been increasing. Three prime examples of thiscome to mind.
Earlier this year, there was a large-scale attack using the MPack kitin...
It’s tax time once again – that time of year when those who owe aresweating while those getting refunds are gloating. Many people whoprepare their own returns use one of the many software packages on themarket to help them out. One thing that I’ve noticed is that many ofthe makers of these packages are beginning to offer Web-based tools toprepare and file their returns.
Honestly, the security of these Web applications worries me. In therecently published Symantec Internet Security Threat Report it wasfound that 66 percent of the 2,526 vulnerabilities in the second halfof 2006 affected Web applications. To highlight this fact, someonerecently reported that she was able to access other peoples’ returns through the TurboTax Web site. This is likely the result of a simple input validation flaw in the Web application.
Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.
In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...
Being a fan of novels in the “cyberpunk” genre, the concept ofvirtual online worlds intrigues me. Standard massively multiplayeronline games (MMOGs) seem boring in comparison to the flexibility of aworld that allows participants to create their own objects within thevirtual environment. These creations are really only limited by theuser’s imagination and the boundaries of the coding language.
Recently, I read an article about residents of Second Life stagingin-world protests against a political party that opened an office inthe world (I won’t get into the details here because this space isn’tabout politics). What really caught my eye were some of the forms theseprotests took, including users strafing the offices with virtualmachine guns and exploding pigs.
So what does any of this have to do with computer security? Well, acouple of things about Second Life are noteworthy. One is that somemiscreants were successful in creating self-replicating code (like avirus) in...
Happy (belated) New Year! It’s safe to say that most people are backinto the full swing of things by now. Although the first week ofJanuary may have been a short one for some, there are many of us whowere kept on our toes in the fledgling days of 2007. We are stillwitnessing the aftermath of some annoying holiday-themed emailscontaining a mass-mailing worm, and even more recently we have beendealing with a cross-site scripting (XSS) problem involving AdobeAcrobat files.
Sadly, given these examples, it seems that the more things changefrom year to year, the more they stay the same (I know it’s a cliché).And in that regard, we have recently published the December 2006version of the Symantec Home and Home Office Security Report. Thereport discusses some of the top security news items in December aswell as a roundup of noteworthy Internet security trends for 2006. Lastmonth, there was a worm discovered to be propagating because ofmalicious URLs being sent as links in instant...
‘Tis the season to spend money. As theholiday season approaches, people tend to loosen their purse strings inthe desperate search for the perfect gift for that special someone.Unfortunately, scammers and criminals are well aware of this fact anddo what they can to take advantage of it. Two common ways of doing thisare through “second chance” auction scams and “overpayment” scams.
If someone on your list wants that hot new gaming console that’ssold out in all the stores, you may turn to online auction sites tofind one. Because so many people are after these hot items, the auctionprices can get quite high. This is where the scammer steps in.Frequently, the winner of an auction may drop out or be unable to makegood on their bid for whatever reason. Most online auction sites allowthe seller to contact the next-highest bidder and offer the item tothem rather than re-listing it. As a result, scammers are checkingauctions for these items a day or two after the...
As regular readers of this blog site willbe aware, I attended the Virus Bulletin 2006 conference in Montreal,Quebec last week. On my flight home to Calgary (aboard a major Canadiancarrier) they had something new for me. On the back of each seat therewas a touch-screen display for people to watch movies, television, andso on. Ok, so this may not be anything new (I probably just don’t getout enough) or all that interesting at first glance. However, a coupleof things relevant to computer security struck me about these screens.
Almost right after looking at the screen for the first time, my eyeswere drawn to a socket just to the left of it—a USB port. There weren’tany keyboards distributed during the flight, but I suspect the portsare there for a future video game option (when I tried selecting thisoption on the touch screen, I was greeted with a “This feature iscurrently unavailable” message). Now, there’s also a distinctpossibility that the operating system...
It’s that time of year when the kids goback to school and the leaves start changing colors. In some parts ofthe world (like where I live) the air starts to get cool and the sky isgray in anticipation of snow and freezing temperatures. The thought ofthis approaching cold front might be enough to send some people to seekout an alternate reality online.
One of these online alternate reality worlds, Second Life,reported a data breach in September. Apparently, one of their databasescontaining customer information was breached. The attackers managed toget users’ names and addresses, as well as encrypted credit cardnumbers. While the unencrypted data may not be too much to worry about,users should still make sure to change their passwords. Hopefully, thecredit card numbers were encrypted using a strong algorithm.
Maybe you’ve already been playing around in one of the variousonline worlds, but you feel...
The end of summer is upon us—everyone isback from their holidays and the kids are headed back to school. Itseems that we were given a bit of a jolt in August to wake us all upfrom our relaxation, though. There were plenty of security headlines tokeep us all on our toes.
In early August, AOL publicly posted 20 million search keywords thathad been entered by its users. The data was supposed to be used byresearchers and was listed using numerical identifiers in order togroup specific keywords per user, instead of identifying the actualusers’ names. Unfortunately, some of the AOL users had entered searchterms that personally identified them, such as their own names or namesof family members. AOL pulled the keyword lists offline, but the listshad already been copied and posted in other forums. While those of usin the security industry have told people for years to be careful ofentering personal information into questionable Web sites, I don’tthink search...
Typosquatting has been around for a while.For those not familiar with the term, it refers to the practice ofregistering a domain name similar to that of a legitimate Web site (forexample, symantc.com instead of symantec.com). The idea is that whenyou type the name of a site into your Web browser, there’s a chanceyou’ll make a typo, which results in you being taken to the squatter’ssite instead of the legitimate site. The squatter’s site may be a pageloaded with ads that generate revenue for them, a page that exploits abrowser vulnerability to load malicious code, adware, or spyware ontoyour computer, or a phishing site designed to look like the site youmeant to go to.
To fight typosquatting, many companieshave begun registering domain names based on common typos in theiractual names. For example, if you type gooogle.com into your browser,you’ll be redirected to google.com. Now, this works for typos withinthe domain name itself, but what if you leave the ‘o...
