Video Screencast Help
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Ron Bowes | 22 May 2007 07:00:00 GMT | 0 comments

A few months ago, I moved out of my home town in search of greenerpastures. In doing so, I called every company I could think of whomight have my previous address. And that was a lot of calling - thesedays, it seems like changing a home address is as difficult as changingan email address!

After I arrived, I bought a lot of stuff online. I purchasedeverything from books and movies to show tickets from major onlineretailers. I made every transaction with my credit card, and everythingwas shipped to my new address. I didn't have any problems - at first -all I needed was my credit card information and everything was shippedwhere I asked it to be shipped.

Recently, however, I purchased a new hard drive from a localcomputer store. Since it's on the far side of the city, I opted to haveit shipped rather than pick it up. This morning, I received an emailsaying that they wouldn't accept the order because my shipping addressdidn't match the address on my credit card. So I...

Yazan Gable | 21 May 2007 07:00:00 GMT | 0 comments

Skimming is quite the threat to your credit card security. But everyday some of your personal information is leaked out to potentiallymalicious people without the help of skimmers. This personalinformation may be used to aid in identity theft attacks. Where doesthis information come from, and how is it leaking? Every bit ofpersonal information that we give out is stored in a databasesomewhere.

Have you ever been asked for your zip or postal code when shoppingat your favorite retail store? Have you ever registered as a regularshopper at your favorite Webstore? I know I have, and it’s little bitsof information like that, often asked for on a whim, stored in a widerange of databases, which could add up to identity theft. Not onlythat, but many of these organizations store bank and credit cardinformation, names, birth dates, and even drivers license numbers aswell.

All of the information collected about us is stored in databases.Hundreds of potentially insecure databases...

Ron Bowes | 18 May 2007 07:00:00 GMT | 0 comments

These days, awareness about identity theftis increasing. More and more people understand that they aren'tsupposed to give out personal information unless they know who they'retalking to. But no matter how much you protect yourself, you still haveto rely on others to do the same. That leads to an important question:who knows who I am?

My first thought is my family. If somebody called my mom and askedquestions about me, would she answer? What about my dad, or mygrandparents? While I may know enough to protect my own personalinformation, they may not be aware. This is even more likely if theperson digging up information pretends to be a friend or employer, orif my family thinks that I'm somehow threatened ("We need your son'ssocial security number immediately, or he's going to lose his job").

Speaking of employers, how many job applications have you filledout? And how many required your social security number? Personally, Ican think of a dozen employers in a wide...

Elia Florio | 10 May 2007 07:00:00 GMT | 0 comments

When computer programmers and OS designers introduce newfunctionalities in their products, they should always consider “Who isgoing to use this?”. Sometimes solutions created for legitimatepurposes may turn into dangerous weapons if used in a bad way.Alternate Data Streams (ADS) and Encrypted File System (EFS) are justtwo well-known examples of good technologies used by malware such asBackdoor.Rustock and Trojan.Linkoptimizer (more here about this topic).

Today the list of good technologies used for bad purposes has a new entry.

In the past week I’ve been discussing with a friend (Frank Boldewin)a curious technique used to download malicious files on a system. Frankanalyzed one of the recent Trojans spammed by e-mail in Germany duringthe end of March, 2007 and he...

Yazan Gable | 09 May 2007 07:00:00 GMT | 0 comments

In a recent article published at Baseline Security,a number of large corporations were identified to be hostingbot-infected computers. Although this created some waves of surprise,it really shouldn’t have. Sure, bot network owners tend to target homeusers but it isn’t because home users are their preferred target;they’re just an easy target. Home users’ computers are limited in theirmalicious usefulness. They tend to have low bandwidth capabilities thatlimit their ability to send spam and carry out denial of serviceattacks. Also, they are often monitored and regulated by their Internetservice providers.

Computers in large corporations, on the other hand, have a greaterrange of possibilities. These computers may be more difficult tocompromise, assuming they are behind firewalls, protected by intrusionprevention systems, and...

Yazan Gable | 08 May 2007 07:00:00 GMT | 0 comments

Or rather, has your debit or credit card been skimmed? Have you everbeen the victim of debit card or credit card fraud? Have you everwondered how fraudsters got your information in the first place? Youwere sure that you never let your debit card or credit card out of yoursight. You had made sure that the only online shopping you did was atsecure Websites when you used your credit card or bank account topurchase anything online. So how did they get your info?

There are a few ways that your information can leak through thecracks and into the hands of malicious fraudsters. But one of the mostpopular ways is skimming. Skimming is the process of recording the dataon the magnetic strip of a credit or debit card so that it can be usedlater in a fraudulent way. It isn’t the easiest way, but it producesthe most viable data for fraudsters to sell.

So how do they do it? Typically they use a card reader similar tothe ones that the bank or retail outlets use to process your...

Orla Cox | 30 Apr 2007 07:00:00 GMT | 0 comments

Commercial rootkits were first brought to the public's attention with the infamous Sony DRM case. This was followed a few months later by a rootkit component included on some KinoWelt DVDs.This rootkit was part of Alpha-DVD content-protection software,produced by Korean company Settec. Discussion surrounding commercialrootkits has died down somewhat since then, however this doesn't meanthat they've gone away.

Recently we added detection for a rootkit which is installed byKorean online shopping site, Cashmoa. In order to log onto the site,the user is required to install a software package. This packageincludes a driver called cmdriver.sys. The driver behaves like arootkit by hiding processes which use a particular name. The danger isthat a...

Yazan Gable | 26 Apr 2007 07:00:00 GMT | 0 comments

In the last six months of 2006 we saw a pretty sharp decline in thedaily number of denial of service attacks. Although there are likely anumber of factors at play here, I think there is one primary factor:denial of service extortion attacks are no longer profitable.

DoS extortion attacks are usually carried out by a bot-networkowner. Using their bots, the extortionsist has to make a successful DoSattack against a target organization. Following that they have to issuethe extortion request and hope the target organization pays it.

The thing is that DoS attacks are loud and risky. Whenever abot-network owner carries out a denial of service attack they run therisk of losing some of their bots. This could happen either because anattacking computer is identified and disinfected, or if it is simplyblocked by its ISP from accessing the network. Furthermore, if thebot-network owner isn’t careful they could lose their entire botnetwork if their command and control server is...

Symantec Security Response | 23 Apr 2007 07:00:00 GMT | 0 comments

Identity theft and phishing have become prominent issues in the lastfew years. In this time, many users have become savvy to phishingschemes and are less likely to fall for traditional phishing attacks.In order to keep the stream of revenue flowing, attackers have had tobegin using more advanced techniques. One of the more recent techniquesis called "context-aware" phishing. A context-aware phishing attackuses specific personal information about intended victims to gain theirtrust. With the right information and implementation, this type ofattack can be very effective. To get the necessary personal informationfor this attack, phishers have become more like private investigators.

In this blog, I'll talk about one of the techniques used byattackers to find the information necessary to carry out effectivecontext-aware phishing attacks. This includes identifying targets,finding which brands can be phished for a given target, and researchingpersonal information to supply the...

Ron Bowes | 18 Apr 2007 07:00:00 GMT | 0 comments

The Home and Home Office Security Report(HHOSR), a monthly report released by Symantec, provides a high-leveloverview of Internet security concerns that may be of interest to homeand home office users. March's HHOSR focused largely on Volume XI of Symantec's Internet Security Threat Report.

This HHOSR's hot topic discussed the price of a wide variety ofinformation related to personal identity. The types of information, andthe prices at which they were offered, are outlines in table 1 below.

Item Cost in US Dollars
Complete Identity $14 - $18
US Credit Card $1 - $6
UK Credit Card $2 - $12
...