|------------------------------------------| |- Astalavista Group Security Newsletter -| |- Issue 13 31 January 2005 -| |- http://www.astalavista.com -| |- security@astalavista.net -| |------------------------------------------| - Table of contents - [01] Introduction [02] Security News - Classified Dutch military documents found on Kazaa - Hacker penetrates T-Mobile systems - eBay to drop support for Microsoft's Passport - FBI retires its carnivore - Microsoft launches anti-spyware beta - Panix.com hijack: Aussie firm shoulders blame - Veritas CEO Explains Logic Behind Symantec Merger - Trojan Exploits Windows DRM - Air Force seeks space router - Full disclosure put on trial in France [03] Astalavista Recommends - VoIPong - VOIP Detector and Sniffer - Reverse engineering malware - Analysis of the Troj/Winser - The scrutinizer toolkit - web servers (D)DoS protection - The Future of Free Software Game Development - Skeeve - ICMP tunneling tool - DMitry - Deepmagic Information Gathering Tool - Web Services - Attacks and Defense - Attack Tool Kit 4.0 - CacheDump - A Visual Cryptography Digital Image Copyright Protection [04] Astalavista.net Advanced Member Portal - Last chance to get a lifetime membership! [05] Site of the month - http://www.slyck.com/ [06] Tool of the month - ZoneMinder - video camera security application [07] Paper of the month - Bluetooth Enabled Mobile Phones Security and Beyond [08] Geeky photo of the month - "The Basement" - these are the geeks [09] Free Security Consultation - I have a problem with spyware in my department.. - Tell me something more about the possible.. - Recently we found out that certain users.. [10] Astalavista Security Toolbox DVD v2.0 - what's inside? [11] Enterprise Security Issues - Biometrics and the obsolence of passwords - [12] Home Users Security Issues - Will my PC ever be secured? Part 2 - basic security concepts [13] Meet the Security Scene - Interview with SnakeByte http://www.snake-basket.de/ [14] Security Sites Review - Phreedom.org - Vmyths.com - Red-Library.com - Phoronix.com - Undergroundnews.com [15] Final Words 01. Introduction ------------- Hi folks, Welcome to Astalavista Security Newsletter - Issue 13, the lucky one. Since we believe more in ourselves than in fate, we've decided that issue 13 should be the longest and most comprehensive one released so far. Back in 2004, the Astalavista Security Newsletter was initiated with the idea to spread security knowledge to both novice and advanced users. All we had then was the passion to dedicate ourselves to 22,000 subscribers, who wanted to "know" and explore. According to our statistics,since the beginning of 2004, we have attracted the interest of 2000 new members,a great number of them representing global world enterprises and organizations, such as Cisco, Symantec, USAToday, The World Bank. Of course, the subscribers' rate is not the most insignificant factor of success. We set up your comments as the first one. So far we've received hundreds of feedback messages,which helped us improve our quality and learn from your valuable advice. Thank you for being a part of us! If you would like to share your remarks, recommendations or anything you might want to say concerning Astalavista.com or our security newsletter,please, write to security@astalavista.net Our "Happy New 2005" greeting message can be found at: http://www.astalavista.com/index.php?page=108 Astalavista Security Newsletter is mirrored at: http://www.packetstormsecurity.org/groups/astalavista/ If you want to know more about Astalavista.com, visit the following URL: http://www.astalavista.com/index.php?page=55 Previous issues of Astalavista Security Newsletter can be found at: http://www.astalavista.com/index.php?section=newsletter Enjoy Issue 13! Editor - Dancho Danchev dancho@astalavista.net Proofreader - Yordanka Ilieva danny@astalavista.net 02. Security News -------------- The Security World is a complex one. Every day a new vulnerability is found, new tools are released, new measures are made up and implemented etc. In such a sophisticated Scene we have decided to provide you with the most striking and up-to-date Security News during the month, a centralized section that contains our personal comments on the issues discussed. Your comments and suggestions about this section are welcome at security@astalavista.net ------------- [ CLASSIFIED DUTCH MILITARY DOCUMENTS FOUND ON P2P NETWORK KAZAA ] At least 75 pages of highly classified information about human traffickers from the Dutch Royal Marechaussee - a service of the Dutch armed forces that is responsible for guarding the Dutch borders - have been leaked to the controversial weblog Geen Stijl (No Style). The documents, which contain phone numbers and tapped conversations, were found unencrypted on a P2P site - possibly Kazaa according to Dutch newspaper reports. The likeliest explanation for their appearance is that a member of the Dutch Royal Marechaussee worked on the documents from home and unintentionally shared his entire hard drive with the rest of the world. More information can be found at: http://www.theregister.co.uk/2005/01/30/dutch_classified_info_found_on_kazaa/ Astalavista's comments: Although a bit embarrasing, it is highlighted what might eventually happen if unprotected information goes in the wrong hands, and since it's already been available on a P2P network,nobody actually knows how many people have obtained it. Even worse - the investigations might have to start from the very beginning. Someone definitely has to enforce defensive measures against storing sensitive data in an unencrypted form and the use of P2P at computers holding sensitive data. [ HACKER PENETRATES T-MOBILE SYSTEMS ] A "sophisticated" computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mails, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned. More information can be found at: http://securityfocus.com/news/10271 Astalavista's comments: Indeed, the hacker showed significant knowledge, but it didn't prevent him from revealing his personality through several serious mistakes - the passion for fame is among them. How long can you keep your breath and mouth shut when you can offer reverse lookup for a t-mobile cell phone? Eventually, you're turning into a target and you leave a trace when publicly (at a web forum) announcing these "services". Sophisticated hackers don't have problems with their egos and know what they're up to and they don't make the entire world know about it when it's so serious that it goes to monitoring the U.S Secret Service. The only way to know about these things is either to be the one doing it, to be involved in the group doing it if any, or to come across the news when it goes live. Just imagine the publicity of this story in terms of government and corporate espionage! Do you still think having a prepaid number is a bad idea? [ EBAY TO DROP SUPPORT FOR MICROSOFT'S PASSPORT ] Microsoft announced December 30, 2004 that eBay will drop support for its Passport service, intended to make Microsoft the gatekeeper for web identities, but that it will continue with Passport despite the loss. eBay said in a message to users that in late January 2005 it will stop allowing them to sign on to its marketplace through Passport, which eBay spokesman Hani Durzy said a very small percentage of customers utilized. More information can be found at: http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7225469 Astalavista's comments: A key company finally said "no" to a possible monoculture in the "web identities" sector, simply because you cannot trust a single company to take care of things it doesn't have experience with. No matter how visionary its aims or ambitions might be, the privacy and security issues possed by MS's Passport can result in another company's loss of customers and reputation, or eventually result in a complete commercialization of the service. [ FBI RETIRES ITS CARNIVORE ] FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday. Two reports to Congress obtained by the Washington-based Electronic Privacy Information Center under the Freedom of Information Act reveal that the FBI didn't use Carnivore, or its rebranded version "DCS-1000," at all during the 2002 and 2003 fiscal years. Instead, the bureau turned to unnamed commercially-available products to conduct Internet surveillance thirteen times in criminal investigations in that period. More information can be found at: http://securityfocus.com/news/10307 http://www.astalavista.com/?section=dir&act=dnd&id=2428 http://www.google.com/search?hl=en&lr=&q=echelon Astalavista's comments: What does usually happen when you retire? Naturally, someone else replaces you. Someone who's more trendy, fresh and might even have better capabilities than you do as in Carnivore's case - Carnivore is a basic sniffer, which is not enough to maintain and intercept huge flows of intelligence or crime related data. Recently the U.S and the Australian governments have favoured the use of spyware in the prosecution of criminal cases etc. Are we soon going to witness the good guys competing with the bad guys in terms of who has infected more people, or the complete hijacking of the biggest spyware vendors for intelligence purposes? But anyway, who's good and bad these days? [ MICROSOFT LAUNCHES ANTI-SPYWARE BETA ] Microsoft introduced a beta version of its Windows AntiSpyware application January 6, 2005. The application, available for download on the company’s website, was built using technology gained in the December 2004 acquisition of Giant Software. Microsoft said the software combats many known strains of spyware, and that the company will continue to research new forms of spyware and offer automatic updates to address new threats. More information can be found at: http://news.com.com/Microsoft+launches+anti-spyware+beta/2100-1029_3-5514899.html Astalavista's comments: Now that's quite hot news discussed over the Internet for the past several weeks. The security experts blamed Microsoft for the ironocal introduction of Anti-Spyware BETA, since its MS's products, especially IE, enhanced the development of the spyware industy at its very beginning. Even worse (but true), MS's patching efforts usually keep the entire industry in a "good shape". From a business point of view, Microsoft would have its brand damaged if it hadn't responded by offering a solution to the problem - in this case it didn't improve the security of IE, thus pointing out the battle is lost. [ PANIX.COM HIJACK : AUSSIE FIRM SHOULDERS BLAME ] An Australian domain registrar has admitted to its part in last weekend's domain name hijack of a New York ISP. Melbourne IT says it failed to properly confirm a transfer request for the Panix.com domain. Ed Ravin, a Panix system administrator, says the Melbourne IT error enabled fraudsters using stolen credit cards to assume control of the domain. Thousands of Panix.com customers lost email access for the duration of the occupation, and many emails will never be recovered. More information can be found at: http://www.theregister.co.uk/2005/01/19/panix_hijack_more/ http://www.icann.org/registrars/accreditation.htm Astalavista's comments: Although these attacks have been quite rare lately, the attackers are usually taking advantage of weak domain registering service.Anyway, a friend I knew back at school, the last person that has to do anything with the Internet, is now a domain registerant. It's a kind of worrying me! [ VERITAS CEO EXPLAINS LOGIC BEHIND SYMANTEC MERGER ] Veritas Software CEO Gary Bloom, who's set to become Symantec's vice chairman after the two companies' merger deal closes, has one eye on the present and the other on a promising vision of the future. This week, Veritas launched Backup Exec 10 for Windows, which allows solution providers to better help customers handle data management and compliance. In an interview with CRN Editor In Chief Michael Vizard, Bloom explains the short-term opportunities around backup for partners and expounds on the factors that drove the merger with Symantec, where he also will be responsible for all customer-facing sales activities, including the channel. More information can be found at: http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=57702191 Astalavista's comments: Although the merger has been somehow criticized by some, like any other merger it involves its costs and should not be judged by people layed off, like in Oracle/PeopleSoft's case. Oracle did it to protect their market share. Combining forces with PeopleSoft it took advantage of the increased use of open-source and cost effective databases. But Symantec has been buying startups at an amazing speed - what bothers me is not the speed, but rather the development of their long-term actual potential, since the majority of them end up providing an extension to existing products. And since the aquisition of @stake by Symantec, I've started having concerns about it. [ TROJAN EXPLOITS WINDOWS DRM ] Anti-Virus and security vendor Panda Labs is reporting the discovery of a threat that takes advantage of Windows Digital Rights Management (DRM) (define). According to the company's warning, one of two Trojans, Trj/WmvDownloader.A or Trj/WmvDownloader.B, could be placed inside Windows Media format (.wmv) video files by malicious users. It executes when the user opens the files with the latest Windows Media Player 10 update, which is part of Windows XP SP2. More information can be found at: http://www.internetnews.com/ent-news/article.php/3457451 http://news.zdnet.co.uk/internet/security/0,39020375,39184120,00.htm http://securityresponse.symantec.com/avcenter/venc/data/trojan.wimad.html http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=57265&sind=0 http://software.silicon.com/malware/0,3800003100,39127210,00.htm Astalavista's comments: Ok, we've got an enormous amount of the Internet's traffic used for P2P transfers and a trojan with the possibility to exploit movie files. On the other hand we have MS safeguarding its reputation and the usefulness of Windows XP SP2. First denying that a patch is going to be released at all, later the usual "MS will release a patch in the next 30" took place. But what was going around the Internet in terms of infected files during these 30 days? Who needs a practical and timely security strategy plus a patch management? I doubt it's the end user this time... [ AIR FORCE SEEKS SPACE ROUTER ] Northrop Grumman and Caspian Networks are collaborating to develop an Internet Protocol router that can withstand the constant barrage of solar radiation in orbit. The space-hardened IP router will be part of the Air Force's Transformational Satellite Communications System, which will provide IP-based communications to warfighters. More information can be found at: http://www.fcw.com/fcw/articles/2005/0110/web-spacerouter-01-14-05.asp Astalavista's comments: Welcome to the world of network-centric warfare, the one defined as the most successful and vital for the modernization of the U.S Army. Check out the DoD view on the concept: http://www.dod.mil/nii/NCW/ Can they really deal with the solar radiation? Since Northrop Grumman is taking care of it, I have a feeling about this one! [ FULL DISCLOSURE PUT ON TRIAL IN FRANCE ] The trial of a French security researcher last week has become a cause celebre. Its outcome will decide if interested parties can "peek under the bonnet" in testing the road-worthiness of security products without falling foul of French law. The case began more than three years ago when Guillaume Tena (AKA Guillermito) released proof of concept code to highlight security bypass and worm evasion flaws in Viguard, an antivirus product, from French company Tegam. Tena produced exploits showing that Tegam's generic anti-virus failed to stop "100 per cent of known and unknown viruses" as claimed. He posted his findings to a French usenet newsgroup in the summer of 2001 before published the research on a website in March 2002. More information can be found at: http://www.theregister.co.uk/2005/01/12/full_disclosure_french_trial/ Astalavista's comments: The highly important trial for the security community is nothing more than a pissed off company who claims 100% protection against known and unknown viruses - something I doubt even a market leader as Symantec would claim, simply because it's not possible. Although I have some reserves on full disclusure, isn't the ultimate goal to show which products you can really trust? Those who claim quality and don't actually deliver it, and those who are so aware/unaware of how their products work in order to release a working patch in a timely manner and actually distribute it to their customers??? 03. Astalavista Recommends ----------------------- This section is unique with its idea and the information included within. Its purpose is to provide you with direct links to various white papers and tools covering many aspects of Information Security. These white papers are defined as a "must read" for everyone interested in deepening his/her knowledge in the Security field. The section will keep on growing with every new issue. Your comments and suggestions about the section are welcome at security@astalavista.net " VOIPNG - VOIP DETECTOR AND SNIFFER " VoIPong is a utility that detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to separate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. http://www.astalavista.com/?section=dir&act=dnd&id=3412 " REVERSE ENGINEERING MALWARE - ANALYSIS OF THE TROJ/WINSER " A detailed analysis of Troj/Winser, good reading and overview of general reverse engineering concepts http://www.astalavista.com/index.php?section=dir&act=dnd&id=3431 " THE SCRUTINIZER TOOLKIT - WEB SERVERS (D)DOS PROTECTION " The scrutinizer toolkit is designed to protect Web servers from HTTP (D)DoS attacks. It is a toolkit consisting of an analysis engine which analyzes Web server access logfiles in almost real time, an Apache module which is able to block wrongdoers on the Web server, an extension to block offenders with netfilter firewalls, and a set of visualization tools. http://www.astalavista.com/?section=dir&act=dnd&id=3438 " THE FUTURE OF FREE SOFTWARE GAME DEVELOPMENT " Insightful article on what's the possible future of free software development for games. http://www.astalavista.com/index.php?section=dir&act=dnd&id=3432 " SKEEVE - ICMP TUNNELING TOOL " With this Proof Of Concept tool, you can simply create an ICMP tunnel between two computers, which may be located in different networks and separated by a firewall. Skeeve utilizes ICMP packets and IP address spoofing technology to create a data channel in order to redirect TCP connections inside this channel. http://www.astalavista.com/?section=dir&act=dnd&id=3467 " DMITRY - DEEPMAGIC INFORMATION GATHERING TOOL " DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. http://www.astalavista.com/?section=dir&act=dnd&id=3473 " WEB SERVICES - ATTACKS AND DEFENSE " Whitepaper discussing the scope of information gathering used against web services. http://www.astalavista.com/?section=dir&act=dnd&id=3545 " ATTACK TOOL KIT 4.0 " The Attack Tool Kit (ATK) is an open-source security scanner and exploiting framework for Microsoft Windows. http://www.astalavista.com/index.php?section=dir&act=dnd&id=3449 " CACHEDUMP " CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). http://www.astalavista.com/index.php?section=dir&act=dnd&id=3448 " A VISIAL CRYPTOGRAPHY DIGITAL IMAGE COPYRIGHT PROTECTION " The watermark method is an excellent technique to protect copyright ownership of a digital image. The proposed watermark method is build up on the concept of visual cryptography. http://www.astalavista.com/index.php?section=dir&act=dnd&id=3453 04. Astalavista.net Advanced Member Portal - Last chance to get a lifetime membership! ------------------------------------------------------------------------ Last chance to get a lifetime membership, until the end of February there will be no longer lifetime memberships available, get yours and become part of the community, not only for the rest of your life, but also in a cost-effective way. Join us! http://www.astalavista.net/new/join.php What is Astalavista.net all about? Astalavista.net is a global and highly respected Security Portal, offering an enormous database of very well-sorted and categorized Information Security resources - files, tools, white papers, e-books and many more. At your disposal are also thousands of working proxies, wargames servers where you can try your skills and discuss the alternatives with the rest of the members. Most importantly, the daily updates of the portal, makes it a valuable and up-to-date resource for all of your computer and network security needs - a lifetime investment. Among the many other features of the portal are : - Over 3.5 GByte of Security Related data, daily updates and always working links. - Access to thousands of anonymous proxies from all over the world, daily updates - Security Forums Community where thousands of individuals are ready to share their knowledge and answer your questions; replies are always received no matter of the question asked. - Several WarGames servers waiting to be hacked; information between those interested in this activity is shared through the forums or via personal messages; a growing archive of white papers containing info on previous hacks of these servers is available as well. 05. Site of the month ------------------ http://www.slyck.com Slyck.com is a site dedicated to providing its visitors with the latest P2P news and info 06. Tool of the month ------------------ ZoneMinder - video camera security application ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras you have attached to a Linux based machine. http://www.astalavista.com/?section=dir&act=dnd&id=3502 07. Paper of the month ------------------- Bluetooth Enabled Mobile Phones Security and Beyond Various Bluetooth Security attacks and defenses discussed http://www.astalavista.com/index.php?section=dir&act=dnd&id=3440 08. Geeky photo of the month - "The Basement" - these are the geeks ---------------------------------------------------------------- Every month we receive great submissions to our Geeky Photos gallery. In this issue we've decided to start featuring the best ones in terms of uniqueness and IT spirit. "The Basement" can be found at: http://www.astalavista.com/images/gallery/the_basement.jpg 09. Free Security Consultation --------------------------- Have you ever had a Security related question but you weren't sure where to direct it to? This is what the "Free Security Consultation" section was created for. Due to the high number of Security-related e-mails we keep getting on a daily basis, we have decided to initiate a service, free of charge. Whenever you have a Security related question, you are advised to direct it to us, and within 48 hours you will receive a qualified response from one of our Security experts. The questions we consider most interesting and useful will be published at the section. Neither your e-mail, nor your name will be disclosed. Direct all of your Security questions to security@astalavista.net Thanks a lot for your interest in this free security service, we are doing our best to respond as soon as possible and provide you with an accurate answer to your questions. --------- Question: I have a problem with spyware in my department. Users, simply cannot switch their browsers and don't want to use anything else besides IE, what would you recommend? --------- Answer: The situation with IE is getting very serious, and almost 99% of all phishing and malicious attacks rely on IE vulnerabilities because IE is the most popular browser used by any Internet user. Although you could fight spyware by improving the security settings of the browsers, trying to keep up to date with freeware anti-spyware solutions, it wouldn't be enough. Depending on how much you're willing to invest, I would recommend that you to either enforce them to use another browser alternative, or use service companies such as http://www.lavasoftusa.com/software/adaware/ or http://www.webroot.com/ Take a look at the following resource regarding spyware and IE: http://www.astalavista.com/index.php?section=dir&act=dnd&id=2032 http://www.astalavista.com/index.php?section=dir&act=dnd&id=3186 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2138 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2407 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2406 --------- Question: Tell me something more about the possible secure use and potential security issues for my company related to usb sticks and removable media? Thank you! --------- Answer: USB sticks indeed represent a threat to the confidentiality of your information, since they give the end user the opportunity to download sensitive information and use it outside the, at leat thought to be secure, corporate environment. Something else to consider are the possible piracy implications, or the fact that end users are often using binaries in order to bypass the installation of certain software. That's pretty common and works sometimes. Consider enforcing a policy about usb sticks - either block them completely, or make sure your employees know their usb activities(or any other) activities are monitored in coordination with the company's security policy. ---------- Question: Recently we found that certain users have installed various P2P applications at their work PCs. What should we do? We are ready take the maximum actions to make sure they don't use them again. ---------- Answer: P2P networks represent a big threat to the company's infrastructure since they easily bypass certain and often common firewall configurations. The consequences could be like the ones with which we started this issue's Security News section. Confidental and sensitive reports leaked out to the entire world, and although it doesn't necessarily mean to your competitors, it means to users who might be aware of what they've just found. Consider blocking P2P traffic, making sure that data confidentiality measures such as encryption are in place. Make sure that the installation of these should be as prohibited as possible. P2P at work wastes valuable bandwidth and hides the possibility to share an employee's hard drive with the entire world - I doubt that's what you want. Take a look at the following: http://www.farrokhi.net/blog/archives/000233.html http://ntrg.cs.tcd.ie/undergrad/4ba2.02-03/p10.html http://www.isaserver.org/articles/2004blockp2pim.html 10. Astalavista Security Toolbox DVD v2.0 - what's inside? ------------------------------------------------------- Astalavista's Security Toolbox DVD v2.0 is considered the largest and most comprehensive Information Security archive. As always, we are committed to providing you with a suitable resource for all your security and hacking interests in an interactive way! The content of the Security Toolbox DVD has been carefully selected, so that you will only browse through quality information and tools. No matter whether you are a computer enthusiast, a computer geek, a newbie looking for information on "how to hack", or an IT Security professional looking for quality and up to date information for offline use or just for convenience, we are sure that you will be satisfied, even delighted by the DVD! More information about the DVD is available at: http://www.astalavista.com/index.php?page=3 11. Enterprise Security Issues --------------------------- In today's world of high speed communications, of companies completely relying on the Internet for conducting business and increasing profitability, we have decided that there should be a special section for corporate security, where advanced and highly interesting topics will be discussed in order to provide that audience with what they are looking for - knowledge! - Biometrics and alternative authentication methods - the obsolence of passwords is on its way - What is the cheapest way to authenticate a company's staff these days? You've gussed it - passwords - we all use them for one reason or another. What we actually don't realize is that we or our organizations are falling victims in the myth of long passwords with numbers, capital or lower letters, plus the special characters. This brief article intends to summarize various security related issues to passwords, their obsolence and it suggests an alternative biometrics use. Today's workforce is flooded with passwords to remember, personal emails, online services, company networks etc., which results in waste of valuable resources and extensive costs for the help desk since the majority of users often forget their"too complex to remember" passwords. Even worse, users are often found to trick the password aging enforced by an organization, or write it down and never take the effort to actually memorize it. Why are passwords insecure? Passwords can be guessed, cracked, socially engineered, sniffed etc., which makes them extremely vulnerable in today's world of E-commerce. In the next couple of years we would see. The majority of organizations are slowly adopting various biometrics mechanisms, where the most popular one is still the fingerprint scan. But, what is it with biometrics that makes them so reliable? It's the fact that they cannot be stolen, cannot be lost, and ,of course, cannot be forgotten. The trade-off between their effectiveness lies in the costs accosiated with implementing them, which can be quite significant in a large organization. Since you need to get a better understanding and be in a possesion of more resources, the best you could do is to ensure that the access to the most critical resources is sefeguarded using biometrics or some kind of physical authentication. An alternative for the mobile workforce is the use of encryption since laptops are often stolen or simply forgotten somewhere with all of their sensitive data in plain-text, now how easy is that? As a relatively cost-effective authentication method can be considered the so called tokens that represent microprocessors, usually with the size of a credit card or smaller, whose purpose is to introduce one-time-passwords or basic physical authentication. The following resources are recommended for further reading: http://www.atstake.com/research/reports/acrobat/rr2001-04.pdf http://www.cryptocard.com/ http://www.verisign.com/products-services/security-services/unified-authentication/usb-tokens/ http://www.activcard.com/en/products/4_3_3_tokens.php http://www.rsasecurity.com/node.asp?id=1156 http://www.astalavista.com/?section=dir&act=dnd&id=993 http://biometrics.cse.msu.edu/biometricsgrandchallenge.pdf http://www.ibia.org/EverythingAboutBiometrics.PDF 12. Home Users' Security Issues ---------------------------- Due to the high number of e-mails we keep getting from novice users, we have decided that it would be a very good idea to provide them with their very special section, discussing various aspects of Information Security in an easily understandable way, while, on the other hand, improve their current level of knowledge. - Will my PC ever be secured? Part 2 - basic security concepts - In the previous issue we covered your OSs "choice", firewalls and spyware. Now we're going through spamming, phishing and software/browser vulnerabilities. How come you get so much spam? It has to do with the way you use the Internet as a whole. Right now there're probably hundreds of spam crawlers looking for mailto:someone@somewhere.com email addresses left around forums or personal web sites. Whenever you post your email, consider not doing it the way you used to so far. Instead, post it as someone AT somewhere DOT com or someone@somewhere.com where the @ is actually a small gif. Something else to consider - never use your personal email for various mailing lists or registration services. You don't want to have it abused and possibly flooded with spam, right? Another concern, when it comes to protecting from spyware, have your HTML and remote image loading turned off in your email client, and make sure you NEVER reply to a spammer or try to remove yourself from their list, because what you're actually doing in both cases is verifying that your account is indeed active. Spammers don't know if the account is active or not - they just came across it and they are doing their best to know if it's a reliable and working one, or it's a possible spam trap. Although it's getting difficult for spammers to get our emails, the level of spam is definitely not decreasing. Who is sending it, you might ask? What was a couple of people using software and looking for misconfigured mail servers, are now groups using your (infected with malware) computers and Internet connections to send all that spam. Recently, phishing attacks and Internet scams emerged and criminals from all over the world started exploiting people's trust in the Web by even sending them invoices for porn services while never actually getting back to them. Why is phishing so successful? Because people trust in their browsers or at least what they see in their URL field. There are various URL obfuscation techniques such as wwww.bank.com.au instead of www.bank.com, or even worse - host name obfuscation such as http://5435626735/ while you see visa.com in your active field. The majority of phishing attacks mainly rely on social engineering factors(trying to impersonate an organization or a bank, even a donation fund), on the lack of technical knowledge from the end-user side, on the end user's naivety as a whole, and on using various browser or email client vulnerabilities. Recently, phishing attacks started targeting important web sites as well. Events like these can really have the power to undermine the entire E-commerce. The AntiPhishing Working Group has extensive information on the latest trends: http://www.antiphishing.org/ Software and browser vulnerabilities play the most important role in today's world dominated my huge botnets (thousands of infected computers under the control of a single individual, group of individuals, or those interested in paying for using them). A couple of years ago it was easy to update your software, namely because things weren't as complex as now. How many Internet related programs are you using these days, and how many did you use to 2/3 years ago - definitely more. No software is perfect, and sooner or later bugs are found in both Microsoft and Linux based products. The question is how fast is a patch distributed, is it distributed at all, and are YOU actually patching yourself, making sure your computer is protected from the next attack waiting for you, simply because of visiting a malicious web site. Let's face it - IE is not a secure browser, or even if it is, it's the most targeted one. What you could do is switch to a less popular alternative, thus avoiding the majority of attacks around the Internet. Consider visiting the following sites to keep yourself up to date with the latest vulnerabilities, or learn more about spamming, phishing and Internet Explorer security issues. Stay secure and think twice when it comes to your $ or identity on the Internet! http://secunia.com/ http://securiteam.com/ http://www.astalavista.com/index.php?section=dir&act=dnd&id=2377 http://www.astalavista.com/index.php?section=dir&act=dnd&id=3194 http://www.astalavista.com/index.php?section=dir&act=dnd&id=3506 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2886 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2551 http://www.astalavista.com/index.php?section=dir&act=dnd&id=1943 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2005 http://www.astalavista.com/index.php?section=dir&act=dnd&id=2942 13. Meet the Security Scene ------------------------ In this section you are going to meet famous people, security experts and all personalities who in some way contribute to the growth of the community. We hope that you will enjoy these interviews and that you will learn a great deal of useful information through this section. In this issue we have interviewed SnakeByte (Eric) from http://www.snake-basket.de/ Your comments are welcome at security@astalavista.net ------------------------------------------------ Interview with SnakeByte (Eric), http://www.snake-basket.de/ Astalavista : Hi Eric, would you please introduce yourself to our readers and share your experience in the security scene? Eric : I am 24 years old, currently studying computer science in Darmstadt, Germany for quite some time now. I am mostly a lazy guy, doing whatever I am currently interested in. My interest in computer security started with viruses ( no, I never spreaded one ), which were really interesting back then, but nowadays every worm looks the same;( Astalavista : Things have changed much since the days of Webfringe, Progenic, BlackCode etc. What do you think are the main threats to security these days? Is it our dependece on technologies and the Internet the fact that it's insecure by design or you might have something else in mind? Eric : I think security itself got a lot better since then but we have more dumb users who work hard to make it worse now. Most users nowadays get flooded with viruses and just click them, also the recent rise in phishing attacks - it's not the box which gets attacked here, it's the user. Security also got a lot more commercial. Astalavista : What is your opinion on today's malware and virii scene? Do you think that groups such as the infamous A29 have been gaining too much publicity? What do you think motivates virii writers and virii groups now in comparison to a couple of years ago? Eric : It's 29a :) And they deserve the publicity they got. They did and are doing some really cool stuff. But they also were clever enough to be responsible with the stuff they created. About motivation for virii writers - it's different for each of them, have to ask them. But I think there is a new motivation - money. Nowadays you can get paid for a couple of infected computers, so spammers can abuse them. Astalavista : What do you think of Symantec ? Is too much purchasing power under one roof going to end up badly, or eventually the whole industry is going to benefit from their actions? Eric : Sure monopolies are always bad but we get them everywhere nowadays. Maybe we need another revolution... Astalavista : Is the practice of employing teen virii writers possessing what is thought to be a "know-how" a wise idea? Or it just promotes lack of law enforcement and creates ordes of source modifying or real malware coders? Eric : I dont think it is a wise idea at all, but don't tell my boss ;-) Whether one has written virii or not should not influence your decision to you hire him/her. Astalavista : Application security has gained much attention lately. Since you have significant programming experience, what do you think would be the trends in this field over the next couple of years, would software be indeed coded more securely? Eric : Maybe,if universities started to teach coding in a secure way instead of teaching us more java bullcrap. But I think the open source development is indeed helpful there. If you want to run something like a server, a quick glance at the code will tell you whether you really want to use this piece or search for another one. Astalavista : Microsoft and its efforts to fight spyware has sparckled a huge debate over the Internet. Do you think it's somehow ironic that MS's IE is the number one reason for the existence of spyware. Would we see yet another industry build on MS's insecurities? Eric : It's the only reasonable way for MS to react. Heh, they are just a company. Astalavista : The Googlemania is still pretty hot. Are you somehow concerned about their one-page privacy policy, contradictive statements, and the lack of retention policies given the fact that they process the world's searches in the most advanced way and the U.S post 9/11 Internet wiretapping initiatives? Eric : Yes I am, that's why their only product I use is the websearch function. As soon as I find another good website like google. Astalavista: Thanks for your time Eric! 14. Security Sites Review ---------------------- The idea of this section is to provide you with reviews of various highly interesting and useful security or general IT related web sites. Before we recommend a site, we make sure that it provides its visitors with quality and a unique content. - Phreedom.org - http://www.phreedom.org/ Phreedom is Bulgaria's most respected and well known h/c/p/a ezine starting in 1997 - Vmyths.com - http://www.Vmyths.com/ Vmyths.com is a site providing its visitors with virus myths $ hoaxes information - Red-Library.com - http://red-library.com/ It's indeed red and consists of nice documents archive - Phoronix.com - http://www.phoronix.com/ Are you a hardware fan? This site is for you - Undergroundnews.com - http://www.Undergroundnews.com/ The title says all, extensive news on various security or IT topics 15. Final Words ------------ Dear subscribers, Thank you for reading our newsletter, or just your favourite sections. We hope you found something rare and unique that showed you the security world from a different perspective - something we try to achieve all the time is namely make a difference, providing you with quality information . Many other surprises in terms of design, content and free services are planned in 2005. Keep the spirit and don't stop exploring! Editor - Dancho Danchev dancho@astalavista.net Proofreader - Yordanka Ilieva danny@astalavista.net