Category Archives: Uncategorized

  • 0

Avoiding the Botnet Snare

Category:Information Security,Infosec Communicator,Uncategorized Tags : 

“Why would anyone attack my computer? I don’t have anything of value on it.”

Is this your mindset? Although the goal of many attacks may be identity theft or financial gain, there are other reasons for someone to attack your computer.

Of the many types of malware (malicious software) attacks, one of the most serious is someone installing remote control software that allows them to install and run automated programs, making your computer into a bot or zombie computer. Your computer then becomes part of a bot network controlled by a bot herder. The bot herder will use your computer to conduct distributed-denial-of-service (DDoS) attacks, send spam and phishing email, and attack other computers.

Trends

Several years ago, 2006 was described unofficially as the “Year of the Bot.” Millions of computers were members of botnets—4.7 million according to the 2006 Symantec Internet Threat Report. Other estimates ranged as high as 7% of all computers (approx. 47 million.) Typically, bot networks may contain as many as 80,000 computers. (There were even reports of a Dutch botnet of 1.5 million computers!) The problem is not any better today.

How does it work?

Although bot methodology is evolving, the classic bot scenario is shown below:

How a botnet works: 1. A botnet operator sends...

Image via Wikipedia

IRC (Internet Relay Chat) has been the classic means of communications in bot networks. In this type of network, it is easier to shutdown the bot controller because communications would be easier to track back to their source. Most recently, there are examples of bots using P2P (peer-to-peer) communications—“bots talking to bots.” This creates a decentralized structure which is much harder to shutdown.

How do I know if my computer is part of a bot network?

Unfortunately, there is no easy way to tell. You may notice unusual activity if you leave your computer on, you may be contacted by your Internet service provider (ISP), or you may find that your computer is quarantined/blocked from the campus network. If you are following the requirements of the Desktop Standard and you have run a virus scan and a spyware scan with no reported infections, it is likely that your computer is not part of a botnet. Follow the steps below to make sure you don’t become part of a botnet.

Protection

The key to preventing your computer from becoming a bot is to use a combination of technical and process protections. You’ll need to make sure you’ve got the right software enabled and you may need to change the account you use to check email or browse the Internet.

Protecting Yourself from Bots

If you’re running Windows XP or older, don’t use your administrative account for daily activities, use a “limited” account instead. A limited user account doesn’t allow the user to install software or make system configuration changes. If you browse the web using a limited user account and accidentally visit a malicious web site, normally, no software can be installed without your permission because your user account is not capable of installing software.

Create defense in depth to protect your computer against a variety of attacks. Install antivirus software, keep it up to date, and set up regular system scans. Make sure the Operating System (Windows, Macintosh, Linux, etc.) is up to date with its patches and has auto-update turned on. Way back in 2006, the average time between the discovery of a vulnerability and the availability of instructions to exploit was less than seven days.

Use a personal firewall. Firewalls protect you from outside intruders and also can prevent programs on your computer from inappropriately connecting to the Internet For Windows computers, check the list at https://personal-firewall-software-review.toptenreviews.com/. Macintosh users can use the built-in firewall in the OS, but make sure it’s enabled. Linux users should choose an appropriate firewall. A hardware firewall can also be used to protect desktop computers.

Use anti-spyware (where available). Spyware sends personal information to other people without your knowledge. For Windows, Spybot Search & Destroy (www.safer-networking.org) and Ad‑Aware (www.lavasoft.de) (free for personal use only) have been traditional choices. You may find that it is best to use more than one product, but be sure to read any information about compatibility with other software. Check out the reviews at https://anti-spyware-review.toptenreviews.com/ for some suggestions. (Be careful of downloading other anti‑spyware products. Some of them actually install spyware on your computer.) Researchers have estimated that as many as 89 percent of home computers are infected with multiple instances of spyware, averaging about 30 spyware components each.

Enhanced by Zemanta

  • 1

Announcing the RIT Cyber Self Defense Student Blog

Category:Higher Education,Information Security,Infosec Communicator,Uncategorized
The Golisano College of Computing and Informat...

Image via Wikipedia

I teach a section of Cyber Self Defense, a security awareness course at the Rochester Institute of Technology. We always have a number of interesting discussions about current infosec issues. I believe these discussions would be of interest to a wider audience, and especially to readers of the Infosec Communicator blog.

This fall, we’ve created a blog for the students to share their thoughts on various information security topics. We’re requiring the students to blog weekly, so we’re hoping to generate a good amount of traffic to and discussion on the site. (The students will be blogging in lieu of a term paper.)

I’m expecting this activity to be quite a challenge for many of the students. Most of them are first-year Information Technology, Information Security/Forensics, and Networking, Security, and Systems Administration majors. They are very much techies who can easily grasp the nuances of a highly technical field. However, most of them aren’t used to communicating technical concepts to general audiences and many of them do not appreciate the value of blogs written by professionals. So we’re providing an opportunity that addresses both issues.

The blog launches the week of September 5th and should run through the end of November. I invite you to visit and comment on the posts.(Your comments will be held for moderation.)

I think it will be an interesting exercise.

What do you think?

RIT Cyber Self Defense Blog

Enhanced by Zemanta

  • 3

Top Ten Tips for Safe(r) Social Networking

Category:Information Security,Infosec Communicator,Internet Safety,Privacy,Social Networking,Uncategorized Tags : 

No lifeguard on dutyDid you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.)

Tip #1: Use strong passwords/passphrases.

It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters and numbers. Many websites also allow the use of longer passwords and special characters. Incorporating special characters into your password will make them more difficult to crack. You’ll also want to use different passwords on different accounts. Using a password safe such as LastPass will help you manage these passwords by generating strong passwords and then supplying them when needed.

Tip #2: Keep up to date.

Attackers take advantage of vulnerabilities in software to place malware on your computers. Keeping up to date with patches/updates helps thwart attackers from using “exploits” to attack known vulnerabilities. It’s important to keep both your Operating System (Windows, Mac OS, linux, etc.) and your applications (Microsoft Office, Adobe, QuickTime) patched.

Tip #3: Use security software.

It’s a good practice to follow the requirements of the RIT Desktop and Portable Computer Security Standard on personally-owned computers. Among other elements, the standard requires use of a firewall, antivirus, and anti-spyware programs. Many security suites contain all of the elements needed to protect your computer. (Your Internet Service Provider may also provide security software.)

Tip #4: Learn to recognize phishing attacks.

You’ve all seen phishing attacks. They’re typically emails that appear to come from a financial institution that ask you to verify information by providing your username and password. Never respond to these requests. Your financial institution should not need your password.

Tip #5: Think before you post.

Don’t post personal information (contact info, class schedule, residence, etc.) A talented hacker can see this, even if you’ve restricted your privacy settings! Don’t post potentially embarrassing or compromising photos. Be aware of what photos you’re being “tagged” in—don’t hesitate to ask others to remove photographs of you from their pages.

Tip #6: Remember who else is online.

Did you know that most employers “Google” prospective employees? Have you seen the stories of people’s homes being burglarized because they’ve posted their vacation plans online? Many people other than your friends use these sites.

Tip #7: Be wary of others.

You can’t really tell who’s using a social network account. If you use Facebook, you’ve certainly seen posts by your “friends” whose accounts have been compromised. Don’t feel like you have to accept every friend request, especially if you don’t know the person.

Tip #8: Search for your name.

Have you ever done a “vanity search?” Put your name in a search engine and see what it finds. Did you know that Google allows you to set up an Alert that will monitor when your name appears online? Setting this up with daily notifications will help you see where your name appears.

Tip #9: Guard your personal information.

Identity thieves can put together information you share to develop a profile to help them impersonate you. Be especially careful of Facebook applications. They may collect information that they sell to marketing companies or their databases could be compromised. Do they really need the information they’re requesting?

Tip #10: Use privacy settings.

Default settings in most social networks are set to sharing all information. Adjust the social network’s privacy settings to help protect your identity. Show “limited friends” a cut-down version of your profile. Choose the strongest privacy settings and then “open” them only if needed.

Enhanced by ZemantaAdd me to your circle on Google+

  • 2

Updated: Choosing the Safest Browser, Part One

Category:Information Security,Infosec Communicator,Internet Safety,Uncategorized Tags : 

Swim safe!

This post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010.

Browsers

Last year, we looked at the following browsers to discuss which would be the safest:

Number of Vulnerabilities

How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer.

In Spring 2010, my Cyber Self Defense class ranked the browsers in the order below according to which ones they thought had the most vulnerabilities:

  1. Internet Explorer
  2. Safari
  3. Opera
  4. Firefox
  5. Chrome

According to the  Symantec 2008 Internet Threat Report, here’s the list of browsers ranked from most reported vulnerabilities to the least:

  1. Firefox
  2. Internet Explorer
  3. Safari
  4. Opera
  5. Chrome

The class was really surprised by this ranking.

June 2011

Let’s see how the rankings look from the Symantec 2010 Internet Threat Report. Here’s the 2010 list of browsers and number of vulnerabilities:

  1. Google Chrome–191 vulnerabilities
  2. Apple Safari–119
  3. Mozilla Firefox–100
  4. Microsoft Internet Explorer–59
  5. Opera–31

I was surprised by this order. Ranking browsers by vulnerabilities reported, Chrome appears to be the worst and Opera the best. (In the 2008 report, Chrome had the fewest vulnerabilities!)

Average Time to Fix a Vulnerability

Another way to look at browser safety is how long it takes for a reported vulnerability to be fixed. How would you rank these same five browsers from shortest to longest patch time?

In the 2010 report, Internet Explorer had an average patch time of 4 days. Opera, Safari, and Chrome were each one day or less. (In the 2008 report, Safari had an average “exposure” time of nine days, compared to the “best,” Firefox, which normally took only one day to patch.)

Patch time alone doesn’t appear to be a factor when choosing the worst browser.

Safe browsing is important because the majority of attacks are web-based, peaking at  almost 40 million per day in September 2010.

Does Your Browser Choice Really Matter?

In my opinion, not so much. Internet Explorer vulnerabilities are targeted more because it’s the biggest target. However, all of the browsers mentioned have vulnerabilities and all are patched relatively quickly. Many attacks actually target applications such as Adobe Flash, QuickTime, and the like. Malicious PDFs have also become a huge problem in the last year. What matters are safe practices!

Enhanced by Zemanta

  • 3

Avoiding Phishing

Category:Information Security,Infosec Communicator,Social Networking,Uncategorized Tags : 

phishing

What’s the easiest way to break into a computer account?

Cracking the password? Putting a trojan on the computer? Hacking? Unfortunately, it’s simply tricking you into giving up your password through a technique known as phishing.

Computers have vulnerabilities that can be exploited by attackers using different types of malware. However, your attacker is as likely to come after you through “social engineering” as they are through malware. Just as our computers have vulnerabilities, we too are susceptible to attack!

Social Engineering Attacks

Social engineering attacks are attempts to trick you into revealing private information. Successful attacks may result in identity theft and loss of funds. Social engineering attacks take a number of different forms, including phishing attempts, work at home scams, and Nigerian 419 schemes. Attackers often take advantage of current events, such as the tsunami that hit Japan.

Phishing

This article deals with one type of online scam—phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and web sites are designed to capture personal information, such as bank account passwords, social security numbers and credit card numbers. Losses to phishing attempts are estimated to be as high as $500M every year.

How Phishing Works

  1. Phishers send out millions of emails disguised as official correspondence from a financial institution, e-tailer, ISP, etc.
  2. You receive the phishing attempt in your email.
  3. After opening the email, you click on the link to access your financial account.
  4. Clicking on the link takes you to a web site that looks just like a legitimate site.
  5. At this point, you enter your account and password information, which is captured by the person who sent out the phishing attempt.

Phishing emails used to be easy to recognize because of their poor spelling and grammar. Now, phishing emails are often indistinguishable from official correspondence. Anyone can put together a phishing attack using resources (or kits) purchased on the Internet.

Practice Safe Computing

Safe computing practices are the best defense against phishing. Here are a few safety tips:

  • Never click on links directly from an email. Type the address into the address bar or go to the institution’s web site and navigate to the correct location.
  • Use File/Properties to find out which website you’re really on. You can check the properties from the file menu or by right-clicking on the web page and selecting Properties.
  • Look for the proper symbol to indicate you’re on a secure web site. Secure web sites use a technique called SSL (Secure Socket Layer) that ensures the connection between you and the web site is private. This is indicated by “https://” instead of “https://” at the beginning of the address AND by a padlock icon which must be found either at the right end of the address bar or in the bottom right-hand corner of your browser window. A padlock appearing anywhere else on the page does not represent a secure site.

Browser Helpers and other Software Solutions

Although avoiding phishing attempts is typically a matter of following safe practices, there are a number of browser helpers available to help warn you of suspicious web sites. Browser helpers normally work as another toolbar in your browser. Use one or more for your protection:

  • The Netcraft Toolbar displays information about a web site including whether it is a new site (typical of phishing) and which country hosts it. If you’re visiting a United States banking site and the Netcraft Toolbar displays a Russian flag, you’re probably at a phishing site. The Netcraft Toolbar also works like a neighborhood watch community, blocking access to member-reported phishing sites.
  • McAfee Site Advisor adds icons to your search results indicating the relative safety of sites you’re visiting.
  • Internet Explorer and Firefox also provide limited protection by denying access to many known phishing sites. Firefox and Chrome integrate Google Safe Browsing technology.
Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner