Find more Phishing Funda....

Loading

Friday, May 30, 2008

Top Ten Spyware and Adware Threats Identified

On December 8, 2004 Webroot, an award winning anti-spyware solution provider, released a press release identifying the ten most significant emerging spyware and adware threats. Most of these you probably haven’t heard of and a few may surprise you.

It is estimated that 9 out of 10 computers are infected with spyware, also known as, adware, scumware, malware and many others.

Here’s the top 10.

• PurtyScan – popup ads that trick users into installing by claiming to find and delete pornographic images.

• n-CASE - adware program that delivers targeted popup adds. This program is usually bundled with freeware.

• Gator - adware program that displays banner ads based on your Web surfing habits. This program is usually bundled with the Kazaa file-sharing program, as well as other free software programs.

• CoolWebSearch – hijacks home page, Internet Explorer settings, and Web searches.

• Transponder - monitors sites visited and any data entered into online forms, and then delivers targeted ads.

• ISTbar/AUpdate – spyware posing as a toolbar. Has been reported to display porn, pop-ups, and to hijack homepage and Internet searches.

• KeenValue – an adware program that collects personal information and delivers advertisements.

• Internet Optimizer – hijacks error pages and redirects them to its own site.

• Perfect Keylogger – records all keystrokes (including personal information, passwords, etc), clicks and web sites visited.

• TIBS Dialer – hijacks phone modem and redirects to pornography pay by the minute phone sites.

The following precautions are recommended in the fight against spyware: install Microsoft security patches, avoid downloading and using freeware; and disable ActiveX downloads in Internet Explorer. In addition, install at least one anti-spyware program, some experts actually recommend that you have two installed. For starters you can download one of the free spyware removal programs such as Spybot Search & Destroy or Ad-aware. There are also a few good anti-spyware programs on the market that proactively protect your computer (alert you before the spyware is installed). When purchasing an anti-spyware program you need to be sure it is from a reputable company as many of the anti-spyware programs available actually place spyware on your computer. They do this by offering a free scan, which places the spyware on your computer as it is scanning. Then they entice you to purchase the product to remove the spyware.

In conclusion, if you take a few precautions and install anti-spyware software on your system you should be well protected in the fight against spyware.

Wednesday, May 28, 2008

Phishing: A Scary Way of Life

The Federal Bureau of Investigation has identified “phishing” as the “hottest and most troubling new scam on the Internet.”

What is Phishing?

Phishing is a scam initiated via e-mail. Messages are “fishing” for personal and financial information. Most often, e-mails appear to be from reputable companies (internet service providers, telephone companies, etc), banks, and other financial organizations. The e-mail message often gives a story of the bank needing to update its personal information database or a financial institution claiming your personal data had been lost.

Who Phishes?

Hackers and Scammers looking for personal and financial information use phishing as an effective method of gathering information. Phishers imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include:

• Bank of America
• Best Buy
• America Online
• eBay
• PayPal
• Washington Mutual
• MSN (Microsoft Network)

History of Phishing

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

Avoid Phishing

Fortunately, common sense can save you from giving away your personal information. For example, be aware for the company requesting information. I have received e-mails from banks I have never had business with. Know that your bank or ISP will never ask for your information out of the blue. Banks do not update their databases and misplace information.

Tips To Avoid Phishing

• If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.

• Look for words misspelled or other grammatical mistakes.

• Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.

• If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

• If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.

• Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.

Monday, May 26, 2008

A New Era of Computer Security

Computer security for most can be described in 2 words, firewall and antivirus.

Until recently could one install a firewall and an antivirus program and feel quite secure. The risk of something “bad” succeeding with infecting your computer or a hacker to breach your firewall was not likely.

This as internet was filled with computer completely without protection. Easier to attack or infect the completely open computer then fight all installed counter measurements. The viruses spread quickly and if you had protection, you where protected.

The new era has come.

But look around. Read about all new versions of spam control software, software firewalls, antivirus software and similar products.

Of course are they still a good protection against all the normal threats on internet, but the new main focus is the protection they offer against new threats.

Yes, they actually all try to come up with more and more cleaver ways of protecting you from threats not even present!

And how can they do this?

The answer is quite simple.

Most attacks and viruses use variations of known methods to attack or infect. And the new technologies that are being invented all search for “how things are done” instead of “exactly this or that”.

How to find viruses.

The old way, a known virus can be found by using a signature, a known piece of code inside.

The new way, now they look for known actions certain viruses use to accomplish an infection or spreading.

How to recognize an attack.

The old way. Someone connecting to your computer in any way at all (stop them).

The new way, someone connecting via this protocol, to this port, more then 3 times per second and so on.

A couple of examples.

Norton Antivirus 2005 ™ has, Internet Worm Protection. Panda Antivirus ™ has, Trueprevent.

Other companies will follow and this will expand into other areas like firewalls and spam protection.

What’s in it for you?

New protection will catch more virus, more attacks but they will most probably require more configuration from your side as well as a better understanding of how they work. And as always, a more complex system is more likely to give you problems.

So here you are, probably a bit more secure and with a bit more technical problems.

Saturday, May 24, 2008

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet. It's about cookies on your computer - what they are, why they are there, and what to do about them. Computer cookies actually have quite a bit in common with their baked counterparts - some are good, some are bad, and they have expiration dates.

Cookies are small text files that a server places onto your hard drive whenever you access a given domain. Cookies typically contain information that the website uses to either customize the page you are viewing or otherwise make your web browsing experience more convenient and enjoyable. The information is stored on your hard drive and accessed whenever you go back to the website that originally gave you the cookie. They usually include an expiration date at which point they will be erased from your computer - it could be when you close your browser; or hours, days, months, or years after it is placed. Some don't expire at all. At the time of this writing I had a cookie stored on my computer that wasn't set to expire until Wednesday, February 25th, 2195 at 3:45:13 am - I deleted it.

Before you run out to your browser's options and delete and block all cookies, let me mention a few common uses of cookies:

* Cookies store information for 'shopping carts' at online stores. When you select an item and place it in the shopping cart, a cookie is created to remember the item and the price so that you can keep shopping. When you are done shopping you simply click the button to check out and the site accesses the information stored in the cookies to complete your order.

* Cookies can be used to remember logins and passwords. While this initially sounds a little disheartening, the purpose is really to save you time. Sites will remember the information for you so you don't have to type it in each time you want to access information.

* Cookies help websites customize their content and layout for you. If you are a diehard fan of the local college's basketball team, and you always access the stats and score from the game at a website, that site might use a cookie to send you straight to your team's page.

* Cookies help identify whether you have already visited a site. They can also count how many times you have visited the site in a given period of time.

* Cookies remember the last page or position you were on at the site. Like a virtual bookmark, this is especially helpful if you are reading online or accessing several pages of information.

There are many other ways cookies can be used, and there is obvious potential for abuse. You probably wouldn't eat a cookie given to you by a complete stranger, especially if you didn't know what was in it. The same common-sense principle holds true while you're online, and exercising a little caution can save you from a lot of heartache later on. Blocking any and all cookies will guarantee no personal information is leaked through the cookies, but many sites will either not be able to or will choose not to interact with you.

The trick, then, is to let the good cookies through while screening out the bad ones, not at all dissimilar to what you do when you hover over the cookie tray at a party - you take the ones you want and leave the rest behind. This can be accomplished in a few different ways.

First, you can periodically delete all the cookies on your hard drive. This will systematically wipe out all unwanted cookies that have made their way to your computer. Unfortunately, it will also take care of all the good cookies too. If you only use the internet occasionally (i.e. a few minutes a week), this option might work for you.

Second, you can try to go about it manually. Many browsers that allow you to block cookies also include a feature that allows you to include a list of sites from which you will allow cookies. The advantage of this method is it places virtually complete control over cookies into your hands, allowing only those that you want to be placed on your hard drive. The disadvantage is that it can become very burdensome (at times downright annoying) having to constantly update the list of allowed sites.

Third, you can call in some third-party software to help out. The best programs will scan your computer to find all the cookies and put them into a table or list. This saves you the trouble of having to dig around your hard drive to find the files yourself (try looking for a folder named "Cookies"). Many programs will also indicate with some degree of confidence whether a given cookie is wanted or unwanted, and provide a convenient way to delete the ones that you decide you don't want.

Thursday, May 22, 2008

Don't Become An Identity Fraud Statistic!

“You’ve just won a fabulous vacation or prize package! Now, if you’ll kindly give me your credit card information and social security number for verification purposes, you will receive this awesome gift!”

Now why would they need my credit card or social security number to send me a freebie? Can you say, “identity theft?”

Although there are legitimate reasons for people to need that information, such as a purchase or job application, thieves need it to steal your life and money from you!

Crime officials are reporting that this kind of theft is becoming quite common. Don’t be a victim! Follow a few common-sense suggestions to avoid finding out someone else has taken over your life-along with your bank account!

-Do not allow anyone to borrow your credit cards! Your best friend may be trustworthy, but her boyfriend may not be!

-Don’t provide personal information such as date of birth, credit card numbers, your pin number, mom’s maiden name, or social security number over the telephone unless you initiate the call.Don’t leave mail lying around for strangers to pry into. How well do you really know your teen’s friends?

-Destroy all bills, pre-approved credit card applications, credit card receipts, and other financial information when you no longer need such items.

-Don’t keep private information like pin numbers and such in your purse or wallet. It’s just too risky. We humans are much too forgetful. Be honest, how many times have YOU had to return to a restaurant or friend’s home to retrieve your purse? Is there anything in there that could harm you if it was stolen or lost? Time to check.

-Check your credit reports regularly. To order your report, call the three major credit bureaus at these toll-free numbers: Equifax at (800) 685-1111, Experian at (888) 397-3742, or Trans Union at (800) 888-4213. By law, the most you can be charged for a copy of your report is $8.50. To be safe, consider getting a copy from each of the three companies. If after reviewing your report you spot signs of a possible fraud, report it immediately!

-Keep your passwords and pins confidential and secure. Avoid passwords and pin numbers that will be easy for a thief to figure out. For example, don't use your name, street address or birth date. Also, change your passwords every once in awhile, just to be safe.

- Get Identity Fraud Insurance. It's just plain smart.

The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. Report suspected Internet-based fraud to the Federal Trade Commission or the IFCC (www.ifccfbi.gov/Default.asp), a new joint project of the FBI and the National White Collar Crime.

Tuesday, May 20, 2008

Temporary Internet Files - the Good, the Bad, and the Ugly

A little bit of time invested into learning about internet security can go a long way in preventing mishaps on your computer. Temporary internet files are not something we should be afraid of, but we should certainly be careful in how much we trust them and how we deal with them.

Temporary internet files are image, text, and formatting files that are stored on your hard drive by the websites that you visit. They are placed there by the websites without your having to do anything. The files are stored on your computer the first time you visit the site so that the next time you go to that webpage you only have to load new information or files that have changed since the last time you visited - files that have not changed are loaded from the temporary internet files folder at a much faster speed than over the internet.

This seems like an incredibly appealing option, especially to those of us still working at home on dial-up connections (my teenage brother-in-law insists I'm "old school" because I don't have DSL - I think he may be right). Storing the temporary internet files on the hard drive significantly cuts down the amount of time it takes to completely load and view a website.

There are a few question areas, however, that need to be considered in any discussion about temporary internet files. First, and arguably the most trivial of the concerns, is that you may miss out on all of the updated information the website has to offer. If your browser loads the files from your temporary internet files folder rather than the updated material from the website, you may miss out on an updated football score, or you may get a different image than the one others are viewing. The system is designed so that things like that don't happen, but the possibility is out there.

Second, storing huge numbers of files can bog down your computer, slowing down its ability to do even the simplest of tasks, such as word processing (a deadly one-two combination if you're working with dial-up!). Fortunately, you can control the number or size of the files that are being stored on your hard drive. Typically under the Tools>Options menu of your browser you'll be able to set the amount of your hard drive you're willing to dedicate to temporary internet files. You may want to set this high or low, depending on your browsing habits and need for speed.

Third, the temporary internet files folder may contain files that contain viruses, inappropriate images or text, and files that could leak personal information to websites. This is obviously a huge concern any time you allow someone virtually unregulated access to your hard drive. Images from an inappropriate website you accidentally stumbled across (it has happened to all of us) may be stored on your hard drive. Corrupted files may be placed there by an unfamiliar website you only visited once. Cookies and other files may potentially spawn popups that cover your screen in a matter of seconds.

Before you grab your pitch fork and storm the beast's castle, let me mention a few things you can do to bring a little control to your temporary internet files folder without destroying it completely.

I already mentioned limiting the amount of your hard drive dedicated to holding files from visited websites. This is the best option for those who may be less concerned about corrupted or inappropriate files being stored and more concerned about the ability of their Jurassic-era computer to perform at a decent speed. Some versions of the popular browsers won't allow you to completely eliminate storing files, but you can limit the resources to 1% of your hard drive or a small number of megabytes.

Some opt to regularly clean out their temporary internet files folder - obviously this will eliminate malignant files and free up some space for your computer; but it will also eliminate files you may want. A quick note about the files that begin with "Cookie:" - cleaning out the folder will not actually delete the cookies. The cookie files in the temporary internet files folder are simple files that point the browser to the actual cookie in the "Cookies" folder on your hard drive. If you are interested in truly purging your system of internet files, you'll need to clean out that folder as well.

In my view, the most judicious option is to utilize available software to manage the content of your temporary internet files. Some files you want because they make your life easier. Some files you don't want because it bogs down your computer and makes your grandmother blush. Software is available that scans your computer and finds all the internet files (including cookies). The software makes recommendations as to whether the file in question is good, bad, or ugly - all you have to do is decide to keep or trash it, then click the appropriate button.

Temporary internet files can make our internet browsing time a quick and convenient experience. Unfortunately, they may also pose a risk to the security of our hard drives. With a little hands-on management we can keep ourselves, our loved ones, and our computers happy, safe, and protected.

Sunday, May 18, 2008

Reducing Fraudulent Transations - 5 Simple Ways To Protect Yourself

The money being spent online is steadily growing. With billions of dollars being spent each year online, the opportunity to make money on the internet has never been bigger. Unfortunately, with that opportunity come people who want to make money in less than honest ways. We're going to look at some concrete ways you can identify fraudulent transactions and save yourself a lot of chargeback fees, money and grief.

Get more information from prospective customers.

The more information you have to work with, the better your chances are that you will be able to positively identify fraudulent transactions. At the very least, you need to make sure you get a customer's name, credit card billing address, phone number and the IP address of the computer currently accessing the order form. You should also get a valid email address. This email address should not be one that comes from a free email service.

Fraudulent transactions occur more frequently from certain countries.

The first thing you should know is that certain countries are more prone to fraudulent transactions than others. If you get an order originating from one of the following countries, you should be suspicious and do more digging. Some of these countries include: Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Morocco, Vietnam, Russia, Pakistan, Malaysia, Nigeria, Israel, Iran, Cameroon, Gambia, and Ghana. This doesn't mean that every transaction from any of these countries is definitely fraudulent. But you should be very suspicious.

Confirm the address of the customer.

The first thing I do when I get an online order is to check the phone number of the customer against a reverse phone number directory. The majority of my orders come from the United States and Canada. Phone numbers from these countries can usually be entered into reverse directories to find out the address that phone number belongs to. If I can't get a match for the phone number it servers as a red flag and warrants more investigation.

Lookup the customer's country and city of origin

I've already outlined a long list of countries that should be suspicous to you. How do you determine if your customer placed the order from within one of these banned countries? Simple. You cross reference their IP address with an IP lookup database that can tell you what country they are in. The city they are from and sometimes even ISP they use! If you handle only a few orders a day, you can use an excellent free service at IP2Location.com. If you do handle more volume, IP2Location.com also offers subscription packages at various prices.

Once you determine the country of origin, if it doesn't match the country the customer listed with their billing information be very careful. Yes, it is possible that your customer could be travelling away from home. It is much more likely that their credit card information has been stolen and it is being used fraudulently. A mismatch between the country reported by IP and the billing address is a big red flag.

Don't let customers use free email addresses.

A free email address is so easy to setup at most free email services. The odds of your being able to track down the person that registered that free email address are next to none. If at all possible, block all known free email services. The most common include Hotmail, Yahoo, Mail.com, and Gmail. If you can't block free email addresses in advance, consider a free email address a red flag. A utility you can use to determine if an email address is a known free email is dnsstuff.com. Look towards the bottom left of the page that comes up.

Don't ship a product until you are sure.

If two or more red flags go up, beware. If you ship a product from a fraudulent transaction, you will very likely be slapped with a chargeback from your credit card company and lose the money from the good. Be skeptical of all orders until everything checks out to your satisfaction. If in doubt, refund the purchase. Too many chargebacks will result in the cancellation of your merchant account. Who needs that?

A little diligence can go a long way to helping you prevent loses from fraudulent transactions. With a little knowledge, you can greatly reduce lost profits due to fraud.

Sunday, May 4, 2008

Fishing for Fortunes. Scam!

Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash.

To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. The issue, though, is the pretence of such mail.

You may not even have such an account as referenced.

It doesn’t come from the account provider.

It can use false S.S.L. references, to present an illusion of trust and security.

It can prompt for immediate action on your part, alleging false log-in’s by persons unknown, and from countries unknown. If action is not taken, they can impress on you, that the account will be suspended or closed. Indeed, anything likely to work can be fabricated, to get you to the webpage suggested in the link or hyperlink. Note the word “suggested”. Likenesses to company logos are used to re-enforce “credibility”.

In fact, these phishing attempts actually look pretty good or realistic. So much so that any qualms of guilt or stupidity, experienced by a “conned party” are groundless.

Experience, specific education or forewarning, is all that prevents this type of charade from widening its base of “victims”.

The goal is to get you to type in your details, complete with credit card number and the rest can be guessed.

Some damage is also absorbed by the organisation or company being misrepresented and they can do little about it but warn their customers what to watch out for, and issue security instructions. Indeed, it is from accounts at reputable companies that most passing trade learn the correct or most secure procedures. It is therefore important to read any material that they offer.

Generally though, reputable companies with a mind to preserve their integrity will tell you to log-in at their main page and proceed from there. Not through a link specific to your account!

Hyperlinks can mask the true domain that you’ll be brought to, with the text linked to www.anydomaindotcom (example, only), a replica or fake page. Only going to secure pages where one believes that “https” will do it, will always help but wholly unreliable. The “s” is an indication of a secure page, but are you at the right domain?

Place your mouse over the link and the domain attached to such a link, should show itself. Viewing the source code is another way but some knowledge of it is necessary.

Another ploy, sometimes deliberate and sometimes “convenient”, is inserting a reference to the “legitimate company” anywhere after the domain name. Ex. https://www.anydomaindotcom/ebay/aagle/. Unwary victims may overlook the fact that “ebay” is not the domain, but see it anyway as a directory or file name. Anyone, anywhere can have a file or directory named like that of a company.

To make matters somewhat worse from an “easy to identify” viewpoint, the source code of the link can be represented as an I.P. address rather than its named counterpart. There are some tools that you can use at http://centralops.net/co/ which you can use to type in the I.P. address and cross reference it with the official account domain presented in the e-mail, or web page for that matter. Opening a second window for investigative purposes and re-sizing both to be side by side can be revealing, and comparisons be made between the alleged source and that of the source code.

www.ebay.com can be put in one window and www.suspiciouslyspurious.com can be put in the other. NOTE; you should be checking domains and ignoring everything that comes after the forward slash at the end of the domain. A similar test can be done for email viruses, where suspicious email addresses can be searched for some degree of authenticity.

If you are phished, try to learn as much as possible about it as phishing attempts and email viruses have some aspects in common. Incorrect spelling is one of them. You must understand that the authors can be from anywhere and not necessarily have degrees in English. Legitimate companies can also be from anywhere, with different primary languages, but do perfect their spellings and general grammar.

Attention to upper and lower case can be another giveaway. This is especially true where particular portions of the text are the design of the author, and not just copied and pasted. Typically, these portions are customised to be customer specific in a general sense, and fonts may even be different or out of place. Such “special” additions are to strengthen the sense of urgency and call to action.

Should you be the recipient of “phishy mail”, you can forward it to spam@uce.gov

Saturday, May 3, 2008

DOS Attacks: Instigation and Mitigation

During the release of a new software product specialized to track spam, ACME Software Inc notice that there was not as much traffic as they hoped to receive. During further investigation, they found that they could not view their own website. At that moment, the VP of sales received a call from the company's broker stating that ACME Software Inc stock fell 4 point due to lack of confidence. Several states away, spammers didn't like the idea of lower profit margins do to an easy to install spam blocking software so they thought they would fight back. Earlier that day, they took control of hundreds of compromised computers and used them as DoS zombies to attack ACME Software Inc's Internet servers in a vicious act of cyber assault. During an emergency press conference the next morning, ACME Software Inc's CIO announced his resignation as a result of a several million dollar corporate loss.

Scenarios like the one above happen a more then people think and are more costly then most will admit. Denial of Service (DoS) attacks are designed to deplete the resources of a target computer system in an attempt to take a node off line by crashing or overloading it. Distributed Denial of Service (DDoS) is a DoS attack that is engaged by many different locations. The most common DDoS attacks are instigated through viruses or zombie machines. There are many reasons that DoS attacks are executed, and most of them are out of malicious intent. DoS attacks are almost impossible to prevent if you are singled out as a target. It's difficult to distinguish the difference between a legitimate packet and one used for a DoS attack.

The purpose of this article is to give the reader with basic network knowledge a better understanding of the challenges presented by Denial of Service attacks, how they work, and ways to protect systems and networks from them.

Instigation:

Spoofing - Falsifying an Internet address (know as spoofing) is the method an attacker uses to fake an IP address. This is used to reroute traffic to a target network node or used to deceive a server into identifying the attacker as a legitimate node. When most of us think of this approach of hacking, we think of someone in another city essentially becoming you. The way TCP/IP is designed, the only way a criminal hacker or cracker can take over your Internet identity in this fashion is to blind spoof. This means that the impostor knows exactly what responses to send to a port, but will not get the corresponding response since the traffic is routed to the original system. If the spoofing is designed around a DoS attack, the internal address becomes the victim. Spoofing is used in most of the well-known DoS attacks. Many attackers will start a DoS attack to drop a node from the network so they can take over the IP address of that device. IP Hijacking is the main method used when attacking a secured network or attempting other attacks like the Man in the Middle attack.

SYN Flood - Attackers send a series of SYN requests to a target (victim). The target sends a SYN ACK in response and waits for an ACK to come back to complete the session set up. Instead of responding with an ACK, the attacker responds with another SYN to open up a new connection. This causes the connection queues and memory buffer to fill up, thereby denying service to legitimate TCP users. At this time, the attacker can hijack the system's IP address if that is the end goal. Spoofing the "source" IP address when sending a SYN flood will not only cover the offender's tracks, but is also a method of attack in itself. SYN Floods are the most commonly used DoS in viruses and are easy to write. See http://www.infosecprofessionals.com/code/synflood.c.txt

Smurf Attack- Smurf and Fraggle attacks are the easiest to prevent. A perpetrator sends a large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source address. The "source" or spoofed address will be flooded with simultaneous replies (See CERT Advisory: CA-1998-01). This can be prevented by simply blocking broadcast traffic from remote network sources using access control lists.

Fraggle Attack - This types of attack is the same as a Smurf attack except using UDP instead if TCP. By sending an UDP echo (ping) traffic to IP broadcast addresses, the systems on the network will all respond to the spoofed address and affect the target system. This is a simple rewrite of the Smurf code. This can be prevented by simply blocking broadcast traffic from remote IP address.

Ping of Death - An attacker sends illegitimate ICMP (ping) packets larger than 65,536 bytes to a system with the intention of crashing it. These attacks have been outdated since the days of NT4 and Win95.

Teardrop - Otherwise known as an IP fragmentation attack, this DoS attack targets systems that are running Windows NT 4.0, Win95 , Linux up to 2.0.32. Like the Ping of Death, the Teardrop is no longer effective.

Application Attack - Thess are DoS attacks that involve exploiting an application vulnerability causing the target program to crash or restart the system.

Kazaa and Morpheus have a known flaw that will allow an attacker to consume all available bandwidth without being logged. See http://www.infosecprofessionals.com/code/kazaa.pl.txt

Microsoft's IIS 5 SSL also has an easy way to exploit vulnerability. Most exploits like these are easy to find on the Internet and can be copied and pasted as working code. There are thousands of exploits that can be used to DoS a target system/application. See http://www.infosecprofessionals.com/code/IIS5SSL.c.txt

Viruses, Worms, and Antivirus - Yes, Antivirus. Too many cases where the antivirus configuration is wrong or the wrong edition is installed. This lack of foresight causes an unintentional DDoS attack on the network by taking up valuable CPU resources and bandwidth. Viruses and worms also cause DDoS attacks by the nature of how they spread. Some purposefully attack an individual target after a system has been infected. The Blaster worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135 is a great example of this. The Blaster targeted Microsoft's windows update site by initiating a SYN FLOOD. Because of this, Microsoft decided to no longer resolve the DNS for 'windowsupdate.com'.

DoS attacks are impossible to stop. However, there are things you can do to mitigate potential damages they may cause to your environment. The main thing to remember is that you always need to keep up-to-date on the newest threats.

Mitigation:

Antivirus software - Installing an antivirus software with the latest virus definitions will help prevent your system from becoming a DoS zombie. Now, more then ever, this is an important feature that you must have. With lawsuits so prevalent, not having the proper protection can leave you open for downstream liability.

Software updates - Keep your software up to date at all times. This includes antivirus, email clients, and network servers. You also need to keep all network Operating Systems installed with the latest security patches. Microsoft has done a great job with making these patches available for their Windows distributions. Linux has been said to be more secure, but the patches are far more scarce. RedHat is planning on incorporating the NSA's SE Linux kernel into future releases. This will give Mandatory Access Control (MAC) capabilities to the Linux community.

Network protection - Using a combination of firewalls and Intrusion Detection Systems (IDS) can cut down on suspicious traffic and can make the difference between logged annoyance and your job. Firewalls should be set to deny all traffic that is not specifically designed to pass through. Integrating an IDS will warn you when strange traffic is present on your network. This will assist you in finding and stopping attacks.

Network device configuration - Configuring perimeter devices like routers can detect and in some cases prevent DoS attacks. Cisco routers can be configured to actively prevent SYN attacks starting in Cisco IOS 11.3 and higher using the TCP intercept command in global configuration mode.

Access-list number {deny | permit} tcp any destination destination-wildcard ip tcp intercept list access-list-number ip tcp intercept ? (will give you a good list of other options.)

Cisco routers can prevent Smurf and Fraggle attacks by blocking broadcast traffic. Since Cisco IOS 12.0, this is the default configuration. ACLs or access control lists should also be configured on all interfaces.

No ip directed-broadcast

The Cisco router can also be used to prevent IP spoofing. ip access-group list in interface access-list number deny icmp any any redirect access-list number deny ip 127.0.0.0 0.255.255.255 any access-list number deny ip 224.0.0.0 31.255.255.255 any access-list number deny ip host 0.0.0.0 any See Improving Security on Cisco Routers - www.cisco.com/warp/public/707/21.html

Old Cisco IOS versions are vulnerable to several DoS attacks. The "Black Angels" wrote a program called Cisco Global Exploiter. This is a great software to use when testing the security of your Cisco router version and configuration and can be found at http://www.blackangels.it/Projects/cge.htm

Security is not as mystical as people believe. DoS attacks come in many different types and can be devastating if you don't take the proper precautions. Keep up to date and take steps to secure network nodes. Keeping security in mind can minimize damages, downtime, and save your career.

Security Resources:
Black Angels: http://www.blackangels.it/
Cisco: http://www.cisco.com
Microsoft: http://www.microsoft.com/technet/security/current.aspx
Forum of Incident Response and Security Teams: http://www.first.org/
SANS Institute: http://www.sans.org/resources/

Friday, May 2, 2008

Avoid Internet Theft, Fraud and Phishing

Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Online services such as Internet banking save time and money. However, from the depths of its vast expanse have come the dregs of society intent on preying on the new, the naïve, and the less informed.

Phishing is one of the main scams in the present moment. People set up phoney websites and email addresses. Then they spam Email inboxes with official-looking messages explaining that your account with Company X has encountered a problem and that they need you to login and confirm some details. The email addresses are masked to appear official and the links provided in the email all seem to check out. If you click on the link provided then you will usually be taken to a site that looks for all intents and purposes to be official. When you click 'submit' your details will be sent to a criminal somewhere who will do as they please with your information, such as withdrawing money from a bank account or purchasing things in your name.

The scam has been labelled 'Phishing' because the criminals engaging in the activity behave similarly to a fisherman throwing bait out in the hope that they'll receive just one bite from the millions of people that receive the email.

So how do you avoid these online scams? First and foremost, it is important to realise that no legitimate organisation should be sending you a request to fill out your personal details because of some server error or for any other reason. Your bank will never send you an email with content along the lines of "We've lost your bank account number and password... please supply them again for our records". You should also know that no bank is going to require your social security number, bank account number, and PIN number just to log in to your account or retrieve your password. Other sites such as Ebay, PayPal, and the like will not email you asking for these details either.

If you're a little unsure as to whether or not an email is official, scroll down a bit until you find the link that they are requesting you to click and simply hold your mouse pointer over the link text without clicking. Now take a look at the bottom left-hand corner of your browser window. The link text is often the address that the phisher wants you to think you will be heading to but the real address will be revealed in the bottom of the browser. This address will most likely not have anything whatsoever to do with the company that the email is attempting to imitate. It could be a dodgy web site or even just a page on someone's personal computer. If the address doesn't appear in the bottom left-hand corner then you can right-click on the link, select 'properties' from the pop-up menu and then read the address listed in the information box.

To avoid further scams make sure that you have updated firewall and anti-virus software active on your system at all times. This will make it harder for anyone to install key loggers, Trojans, spyware, or other similar devices intended to retrieve your information. Keep your operating system up to date with the latest security patches and updates and be careful where you enter your details. Always look into the reputability of the site that is requesting your details and keep an eye on the lower right-hand corner of your browser. If the page you are viewing has a little padlock symbol appear in the corner, then it means that your details are being secured by some encryption method. You can double click on the icon to get more details if you wish. Sites without the padlock icon don't have encryption, which means that your details are a lot easier for malicious crooks to get a hold of.

Even if you're sure the website is legitimate, it's not a good idea to send your details over an unsecured connection. By the way, email does not count as a secure connection, and neither does any instant messaging program, (such as MSN, ICQ, Yahoo Messenger, AIM etc.) so don't give out personal details that way either.

Another common scam very similar to phishing involves the emailing of promises of great wealth. Seriously, what do you think your chances are of winning the lottery, let alone one that you never even entered? Or of some obscure yet ridiculously rich person in Africa dying and you being legally allowed to pick up their money? Or of a foreign prince wishing to smuggle money out of his country using your account? These emails are all scams. I wish it were true that I won three different lotteries every single day, but if you get in contact with the people sending these messages they're going to do their utmost to clean out your pockets. Unfortunate as it may sound, the 'Please Donate to Charity' emails sent are usually also scams.

If you really want to donate money to a charity, look them up and send it the usual way, don't respond to a multi-recipient email that may or may not be real. You also shouldn't donate to some random charity that no one has ever heard of before. Some of the Internet lowlifes have started up fake charities, 'dedicated to helping Tsunami victims' or similar and are simply pocketing the donations.

Everything in this world can be used for either good or evil purposes and the Internet is no exception. Staying alert and having just a little bit of Internet know-how can keep you out of harm's way for the majority of the time, and allow you access to the wonderful online services available with relative safety.

Thursday, May 1, 2008

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.

Corporate Security: Information

Information is the commodity that makes companies unique. That information could be a process your company does better than others; or it could be how to make the unique product you sell; or it could be a collection of information that you have that others want access to. In any case, protecting the information that makes your company viable could mean financial life or death for your venture. There are three simple corporate security solutions you can implement to decrease the likelihood that your information will be leaked or lost.

Make back ups often. If you are like 90% of computer users out there who use Windows, pressing [ctrl] + S is a habit well worth forming. Besides information, time is one of your most valuable resources, so you can’t afford to lose hours of work every time the system crashes. Save your work as often as you stop typing. Making additional copies of master files in other places beside your hard drive will mean you won’t lose everything if your hard drive becomes corrupted. Keep these discs in a safe place where you can easily access them if you need to.

Keep secret passwords secret. This may seem like a no-brainer, but too often we think of passwords as annoyances slowing us down. Systems are password-protected to ensure that only those persons who should be allowed access are granted access. If you are working out of a home office and have little face-to-face interaction with clients or customers, you may be tempted to leave your system unlocked or pin a list of your user names and passwords near the computer. Remember that children are both curious and smart, and in only a few clicks of the mouse they can accidentally erase important files. Do yourself the favor of memorizing your passwords and changing them on occasion.

Maintain an up-to-date computer system. Computers that run slower also have the terrible tendency of getting overloaded and shutting down. The internet is one of the biggest culprits of bogging down your processing speed, but running several programs at the same time will also do it. Keeping your processor and memory up-to-date will help ensure that you are able to perform all the tasks that are required of you without having to spend a lot of time waiting for your computer to catch up.

Corporate Security: Hardware

Chances are good that IBM’s annual technology budget is quite a bit larger than your home business’s budget. Between putting food on the table and covering the operating costs of your business, purchasing new equipment might seem like a luxury you’ll never have. Protecting your computer system from viruses, spy ware, and malicious software is one of the most cost-effective ways to ensure your computer will last as long as you need it to.

Know what is on your computer. Viruses can come through email, discs, or the internet, and are typically well-hidden on your hard drive. Perform systematic checks of the temporary internet files, cookies folder, and the rest of your hard drive to ensure that you have not accidentally picked up a virus. Software can be purchased that filters spam and helps you manage the internet files and cookies that are downloaded automatically on your computer. A proactive approach in combating viruses and spy ware is usually the most effective way to make sure your hardware stays protected.

Though corporate security solutions may seem like a luxury your home business can not afford, protecting information and hardware are priorities that all companies should have. Following these simple, inexpensive solutions to common security concerns your company may have will go a long way in helping you succeed.

 
Copyright 2009 Phishing : A Online Robbery.. Powered by Blogger Blogger Templates designed by Deluxe Templates