Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security remove filter
Showing posts by Ron Bowes remove filter
How Secure is your Email?
Ron Bowes | 24 Oct 2007 | 0 comments

These days, many people take it for grantedthat their email is secure. People (and companies) send all kinds ofcritical information through email, expecting it to make it to thecorrect person and only that person.

That's a bad assumption.

Email is often used by Web applications to reset passwords, byfinancial sites to provide updates to profiles, and by friends andfamily with personal information. Any of this data, in the wrong hands,could be dangerous to a person. It could lead to all the usualproblems: identity theft, information exposure, and the exposure oftrade secrets.

Email passes through several servers in much the same way astraditional mail travels through several people. The sender sends anemail directly to an SMTP (or similar) server, which is often run bythe sender's Internet service provider (ISP). That server typicallyforwards the email to the recipient's mail server (which can be run bythe recipient's ISP, the recipient's...

Read more
The Opportunistic Nature of Economy Servers
Ron Bowes | 18 Oct 2007 | 0 comments

Economy servers are typically IRC serverswhere criminals and so-called "black hats" congregate to sell theirillegally obtained merchandise. They can be thought of much like abazaar of old, where the sellers announce their wares and their pricesin the hopes that buyers will choose them. These wares typicallyinclude stolen credit cards, identities, online gaming accounts, Website logins (such as Paypal and eBay), and other illegal goods. Becausethese servers are frequently tracked by law enforcement, the people whodo the trading have to be careful.

It has been observed that these servers rarely have a single fixedaddress. Commonly, the server migrates to a new address on a regularbasis, as frequently as every week. Presumably there is somepre-arranged pattern or a central source that tells loyal users wherethe current server is. It's not uncommon for a researcher to connect toan active economy server only to find it completely empty. This forceslaw...

Read more
Rogue Access Points: Back doors into your Network
Ron Bowes | 15 Oct 2007 | 0 comments

Let's say that an employee in your company gets a new laptop. He's excited about the laptop's WiFi capabilities, but the company he works for doesn't have wireless capabilities. What's he do?

One option is to bring in his own wireless router. He goes down to the local computer store, picks up a router for $39.95, and brings it to work. He plugs it in, boots up his laptop, connects to the network called "default," and is happy to use his laptop from anywhere in the building.

Another possibility is that he opens up the "wireless connections" panel of the laptop and sees a list of possible networks to join. He may not realize that the access points are on networks belonging to other individuals or companies. In the unlikely scenario of a targeted attack, he may even see an official-looking access point named after his company. In either case, he connects to somebody else's wireless work, finds that he can access the Internet, and...

Read more
Implicit Trust in DNS Servers
Ron Bowes | 11 Oct 2007 | 0 comments

When you visit a Web site, you typicallytype the URL into the browser or click on a bookmark. In either case,the domain name (for example, "www.symantec.com") is sent to yourdomain name system (DNS) server. This server takes the domain name andsends back the server's address. This structure can lead to someinteresting consequences.

How many people actually know which DNS server they're using? And,if they know which server they're using, how much do they trust theperson or company running the server? The majority of networks areconfigured with dynamic host configuration protocol (DHCP). DHCP is aprotocol that allows computers to broadcast a generic "configure me"message to the local network. Any server on the network can respond tothe message, telling the computer which DNS server to use (among otherthings). This problem is two-fold: first, there is no guarantee thatthe response is coming from the expected server. And second, even if itcomes from the...

Read more
What Are You Sharing?
Ron Bowes | 30 Sep 2007 | 0 comments

Over the past few years, file-sharing programs have grown inpopularity. Many people use them to share their music and games. Theyalso provide attackers with a convenient medium for infecting userswith Trojans or worms by offering tantalizing files. This kind of riskis well known to users and attackers alike; in Volume XII of Symantec'sInternet Security Threat Report, we noted that six of the top ten new malicious code families spread through file-sharing applications.

Another risk with file sharing, which many people are unaware of, isthe accidental exposure of confidential information. With nothing morethan a misplaced click, a user can unintentionally share the entirecontents of their hard drive, which could include their browserhistory, their personal documents, or their email messages.

Some file-sharing servers, such as certain Direct Connect servers,require a minimum...

Read more
Future Watch: ISTR XII
Ron Bowes | 20 Sep 2007 | 0 comments

The Future Watch section of the latest Symantec Internet Security Threat Reportdiscusses the changing threat landscape, and presents some issues thatSymantec believes will emerge in the next six to eighteen months. Fourkey points were made this time: malicious activity in virtual worlds,evasion processes used by malicious code, hiding the origin of attacks,and new uses for bots.

Massively multiplayer online games (MMOGs) are becoming increasinglypopular. Originally, these types of games were mainly populated by moreexperienced computer users, but as they grow in popularity, more andmore casual users are beginning to participate. These types of usersare more likely to be exploited by scammers due to their lack ofexperience. As more of these kinds of players participate in MMOGs,scammers may increasingly target them.

Moreover, some online games allow "real money...

Read more
Phishing and Spam in 2007: ISTR XII
Ron Bowes | 19 Sep 2007 | 0 comments

Volume XII of Symantec's Internet Security Threat Reportlooks at a variety of trends that were seen in phishing and spam.Although spammers' and phishers' techniques and targets constantlyvary, one thing remains the same: they're trying to make money – andthey're getting better at it.

Phishing attacks targeting financial services remained the mostpopular target than any other sector, making up 79 percent of uniquebrands phished, and 72 percent of all phishing Web sites. The reasonfor this is obvious: phishers want money, and stealing bank account orcredit card information is one of the quickest ways to make it. Andwith credit cards commonly selling for less than ten dollars on theblack market, and bulk rates offered on credit card sales, the phishersneed a lot of them to turn a profit.

In an attempt to get more bang for their buck, phishers have starteddeveloping...

Read more
Doing the Impossible… For $37.99
Ron Bowes | 21 Jun 2007 | 0 comments

I recently stumbled upon a site that advertised an impossibleservice for Web sites: protecting a site's content from being copied,or "stolen." It's a service that is impossible. I know it's impossible,and that every Web developer knows is impossible. However, for only$37.99, this man offers to do it. At $37.99, it's a deal! And he hasall kinds of testimonials, not to mention snazzy clip-art on his site.

Of course, his solution, much like whitewashing over dirt, appearsto work. That is, until the paint starts peeling, or, in this case,until a user with any kind of experience realizes how easy it is tobypass these restrictions. I can think of a half-dozen waysimmediately, and none of them are difficult. Before long, the whitewashpeels off and the site administrator is left in the same situation theystarted in, only with $37.99 less.

Of course, there are no guarantees. You read the agreement, right?This type of service gives the site administrator a false sense...

Read more
"Cheaters" Banned from World of Warcraft
Ron Bowes | 13 Jun 2007 | 0 comments

In my recent article about Spam in Multiplayer Online Games(smog), I talk about how spammers sell resources such as gold. Theseresources can be obtained with minimal user interaction, by using anautomated program to control characters and play the game. By doingthis, gold can be collected and either used or sold for real money.

As a massively multiplayer online game develops, an economydevelops. The value of rare items tends to emerge, and people will makefair trades or purchases from each other. People who play the game fora reasonable amount of time are able to purchase the same items asothers, by collecting gold (or whatever currency is used). Ideally, theeconomy will balance and end up at a fair point.

However, automated programs can be used to for this collection. Aprogram can run 24/7, doing nothing but harvesting gold. This gold...

Read more
Where Is Your Personal Data?
Ron Bowes | 11 Jun 2007 | 0 comments

In today's computerized world, loss of confidential information is far too common. If you look at a good list of personal information data breaches , you will quickly see that a breach occurs almost every day, and that's just in the United States!

Almost everybody knows that databases get hacked and laptops getstolen, both of which can expose all kinds of information aboutcustomers and employees. Information is frequently lost due tomalicious intentions. So security is audited, laptops are encrypted,and a lot of companies take steps to ensure that this type of exposuredoesn't happen. Data is still exposed, but many companies actively tryto prevent it.

I'll start with a story. I know a company that sells acustomer-management solution that once had a demo site, with demo data,which potential customers could play with. After a software upgrade,the demo database was no longer valid...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,915