ISDPodcast Episode 283 for December 21, 2010. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, and Varun Sharma.
Announcements:
SANS Community:
Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam: http://www.sans.org/mentor/details.php?nid=23493
Wednesday, February 23, 2011 – Wednesday, April 27, 2011
Use the Discount Code: isdpod15 for a 15% discount.
Appalachian Institute of Digital Evidence (AIDE):
AIDE Winter Meeting, Marshall University Forensic Science Center, Huntington, WV
When: February 17 – 18, 2011
http://aide.marshall.edu/default.htm
Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)
Stories:
News: http://www.infosecurity-us.com/view/14755/onequarter-of-consumers-have-turned-off-their-antivirus-software
http://webcache.googleusercontent.com/search?q=cache:WfMPpgH1twoJ:www.infosecurity-us.com/view/14755/onequarter-of-consumers-have-turned-off-their-antivirus-software-/+http://www.infosecurity-us.com/view/14755/onequarter-of-consumers-have-turned-off-their-antivirus-software&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a
Twenty-five percent of consumers surveyed by anti-virus software provider Avira turned off their anti-virus software because it was slowing down the computer, while 12% considered abandoning the internet because of safety concerns.
In addition, 63% of consumers have tried multiple anti-virus security products in a one-year span on the same computer, according to the survey of 9091 Avira customers worldwide.
“It’s not surprising that consumers try multiple security products each year since everyone is trying to find the right security product which can effectively balance protection and a computer’s resource usage”, said Sorin Mustaca, data security expert with Avira.
“The scary take-away from this survey is that 25% of the respondents admitted to turning off their security products because they feel that it hurt the performance of the machine. That’s not a good idea because such a practice leaves the computer totally exposed to the even simplest of viruses, allowing the bad guys to include it in a botnet used to distribute malware and phishing”, he warned.
Mustaca said that vendors need to be careful not to overload their anti-virus software with features that could have a significant effect on system performance. Anti-virus vendors should focus on offering products that provide the minimum necessary protection, rather than protection “with all the whistles and bells” that users deactivate in order to use their computers.
News: http://cybersecuritynews.org/2010/12/16/dhs-secretary-napolitano-cybersecurity-is-a-collaborative-effort/
Attaining an Internet that is both open and secure is a challenge that must be confronted, US Department of Homeland Security Secretary Janet Napolitano stated last week. Cyberspace is fundamentally a civilian space,” Napolitano said during a keynote speech before a cybersecurity forum at the National Press Club. “And government has a role to help protect it.”
But according to Napolitano, that role should extend beyond DHS and other federal agencies and into the private sector, as well, where she said new public-private partnerships are already being formed to protect control systems that operate the nation’s critical infrastructure.
Noting that teams have been deployed to work with and respond to cyber incidents, Napolitano said DHS has extended its partnerships to reach chemical plants, communications systems and systems controlling the nation’s electric, water and utilities in its latest cybersecurity efforts.
“At the same time, I recognize that much more needs to be done in this critical area,” Napolitano stated. “We need to be working together to create a national culture that provides that [Internet] users at every level know that they are part of a system and know what they need to do to help protect security… users, businesses, technology industry, government, everybody has a role.”
Napolitano also extended her cyber reach out to Congress and academia, where she said a more transparent and inclusive cybersecurity policymaking process and more higher education programs are needed, “so that we have policymakers who understand technology, but we also have technologists who understand policy.”
Including DHS’ National Cybersecurity Challenge, the “Stop. Think. Connect.” Campaign, the deployment of Einstein 2 and the launch of the National Cybersecurity and Communications Integration Center in her list of the Department’s accomplishments over the past year, Napolitano went on to add, “It is our goal to build one of the best teams that we can to tackle the cybersecurity challenge, but this has got to be a team effort. No single agency or industry, quite frankly, can manage it.”
And while reasserting that it will be a challenge to continue to build partnerships and to keep the Internet open but also secure, in her closing statement Napolitano added, “Those are the kinds challenges our country has confronted before, and by putting our best minds together, that’s how we have met those challenges. This one may be bigger, more complex and may require more of our effort than anything we’ve ever dealt with, but we’re going to have to make sure that we deal with it the right way because we’re laying the foundation for our future.”
News: http://www.pctools.com/security-news/top-cities-cybercrime
Cybercrime is not confined by city, state or national borders. Anyone with a computer and an internet connection is susceptible to online fraud. However, where you choose to surf the Web can put you at great risk for a cyberattack. A recent study by internet security company Symantec lists the US cities at the greatest risk for cybercrime. If you’re a resident of one of these vulnerable locales, you might want to watch where you click.
Symantec partnered with independent research firm Sperling’s BestPlaces to complete the study. Using their own internal research and third-party data, such as risky online behavior, number of Wi-Fi hotspots and rate of cybercrime per capita, the two companies compiled the “Norton Top 10 Riskiest Online Cities.”
Seattle received the dubious distinction of being the city most vulnerable to cybercrime. Seattleites led the way in several categories used in the study, including frequency of internet usage and the percentage of residents who check their bank accounts and pay bills online. Detroit was named the least risky US city due to factors such as low rates of cybercrime and wireless internet access.
The Norton Top 10 Riskiest Online Cities:
1. Seattle
2. Boston
3. Washington, D.C.
4. San Francisco
5. Raleigh, NC
6. Atlanta
7. Minneapolis
8. Denver
9. Austin, TX
10. Portland, OR
While their findings have been widely publicized, the authors of the study reiterated the fact that anyone using the Internet is susceptible to cybercrime. “Despite people’s familiarity with technology and the Internet, this study shows that everyone is exposed to a certain level of risk when they are online,” said Bert Sperling, founder and researcher of Sperling’s Best Places. “No matter where you live – be it Seattle or Detroit – it’s important to be vigilant in everyday online behavior in order to protect yourself against cybercrime of all types.”
News: http://googlewebmastercentral.blogspot.com/2010/12/new-hacked-site-notifications-in-search.htmlGoogle has added a new notification to our search results that helps people know when a site may have been hacked. We’ve provided notices for malware for years, which also involve a separate warning page. Now we’re expanding the search results notifications to help people avoid sites that may have been compromised and altered by a third party, typically for spam. When a user visits a site, we want her to be confident the information on that site comes from the original publisher.
Here’s what the notification looks like:
Clicking the “This site may be compromised” link brings you to an article in our Help Center which explains more about the notice. Meanwhile, clicking the result itself brings you to the target website, as expected.
We use a variety of automated tools to detect common signs of a hacked site as quickly as possible. When we detect something suspicious, we’ll add the notification to our search results. We’ll also do our best to contact the site’s webmaster via their Webmaster Tools account and any contact email addresses we can find on the webpage. We hope webmasters will also appreciate these notices, because it will help you more quickly discover when someone may be abusing your site so you can correct the problem.
Of course, we also understand that webmasters may be concerned that these notices are impacting their traffic from search. Rest assured, once the problem has been fixed, the warning label will be automatically removed from our search results, usually in a matter of days. You can also request a review of your site to accelerate removal of the notice.
News: http://www.thetechherald.com/article.php/201051/6590/Worm-forces-survey-participation-on-Facebook-usersStephen Doherty, security researcher for Symantec, has posted a warning and analysis of a new Worm that spreads via instant messaging platforms. Once a system is infected, the Worm will download a variant of itself, which in turn prevents access to Facebook unless a survey is completed.While Yahoo Instant Messenger is the messaging platform that gave rise to the Worm, dubbed Yimfoca by Symantec, it can target several others, including AOL and MSN. The Worm works by using infected systems to spam messages to the messenger application’s friends list.The messages target 44 countries, including the U.S., the U.K., Canada, Mexico, Spain, Germany, France, Russia, and more. In addition to location targets, the messages that contain the malicious URL can appear in more than 20 languages. If the host language is unknown, the Worm will default to using English.Example Messages:mira esta fotografa [MALICIOUS LINK]seen this?? [MALICIOUS LINK]pogledaj to slike [MALICIOUS LINK]guardare quest’immagine [MALICIOUS LINK]If the system is infected, Yimfoca will download additional Malware, including a variant of its own code. This variant will force users to complete surveys before they are allowed access to Facebook.The Worm uses an overlay message on the Facebook homepage, which explains that your account is suspended. “To make your account active you need to complete one of these surveys,” the message concludes.“If you fail to fill out the survey you will be locked out while W32.Yimfoca is running. So long as W32.Yimfoca is running on your computer and you haven’t completed a survey you will be blocked from accessing facebook.com. Every time the malware restarts, its state is reset and you will be prompted to fill out a survey again to gain access (for example after a reboot),” Doherty explained.If there is any good news to this Worm it could be that it is Internet Explorer centric, so other browsers will access Facebook with no problems. The down side is that most of the planet uses Internet Explorer to access the Web.“If you receive an unexpected link from a contact through an instant message you can always respond with a question about the link to verify it’s not malware spreading them. If you receive a link promoting a deal that sounds too good to be true—whether on a social network, via email or via Instant message—then usually it is,” added Doherty.Facebook surveys generate a good deal of money for scammers, and there have been countless examples of scams linked to them reported this year. Symantec says that Yimfoca is using surveys promoted by cpaleads.com, which pays up to $1.00 USD per completed survey.
News: http://techcrunch.com/2010/12/20/under-arrest-the-author-of-that-pedophilia-book-amazon-banned/
Remember that vile ebook “The Pedophile’s Guide to Love and Pleasure: A Child-Lover’s Code of Conduct” that briefly topped Amazon’s top 100 bestsellers lists, only to be pulled following massive customer and media pressure on the Internet retailer?
Well, according to Florida’s News 13, the author of the book, Phillip R. Greaves II, was arrested today for violation of obscenity laws. According to the news outlet, Polk County Sheriff’s Office, along with authorities in Pueblo, Colorado, have arrested the mentally unstable man on third-degree felony charges, which are punishable by up to 30 years in prison in the state of Florida. Polk Sheriff Grady Judd told News 13 that detectives who were investigating the case researched the book and inquired about receiving a copy, ultimately leading to the arrest.
“He wrote this book specifically to teach people how to molest and rape children,” Judd said. “You cannot engage in or depict children in a harmful light.”
Greaves could be extradited to Polk County as soon as today.
News: http://anonymousdown.wordpress.com/2010/12/21/101-ways-to-use-a-bot/
Not all bots are used for bad purposes. Unfortunately Anonymous uses bots for their Ddos LOICS Cannon, Hives and in their IRC’s alike. Did you know bots can be used for other means and purposes. Here are some really cool servers/sites that Anonymous Down has fetched.
News: http://ohmygov.com/blogs/general_news/archive/2010/12/21/us-cybersecurity-predictions-resolutions-and-wishes-for-2011.aspx
OhMyGov asked a variety of cyber experts what they predict will happen, what they wish will happen, and what they resolve to do (and think we should all resolve) to help protect the nation against our digital adversaries. Good Read!