Network Security Blog

Tracing Emails

Les Bell has done a very nice job of dissecting a couple spam emails to find out where they came from. I’m lazy and wouldn’t have gone to nearly the lengths he did in this writeup. I appreciate the effort that went into this.

JPEG Virus Facts

This article rather quickly dispells a lot of the misinformation floating around about the supposed ‘Jpeg virus’ based on MS04-048. I’ve been seeing a lot of information people are having with finding all the GDI+ software on their systems, so knowing more about the vulnerability is extremely helpful. I’m also encouraged the find out that, because of the nature of the vulnerability, all of the current anti-virus signatures should catch this exploit for the foreseeable future.

The Parasite Fight

The shear amount of information on this site is a little overwhelming. I learned about more new anti-scumware software in a 5 minute scan of this site than I had in the last several weeks. I’m going to have a send this link to several co-workers and family members.

Vmyths.com- Truth About Computer Virus Myths & Hoaxes

I’m glad that there’s a voice of reason out there, and I think it’s prudent to take an approach somewhere between screaming for panic and ignoring the situation. The JPEG buffer overflow is going to be an issue in the near future, but how big of an issue has yet to be seen. It’s worth taking note of and preparing for, but not something to take drastic measures to mitigate. Save the drastic measures for when a virus or worm actually rears it’s ugly head.

Anti-Phishing Working Group

I’ve been getting more and more obnoxious phishing email lately, and I’m starting to do some research in to a response. One of the first sites I came across for help is the Anti-Phishing Working Group. I plan on doing more looking, but I wanted to take a moment to remind you to report any phishing scams you come across.

Security Awareness for Ma, Pa & the Corporate Clueless

Greg Hoffman brought his site to my attention. Looks like he has some good stuff there, take a look and give him some feedback.

SecurityFocus HOME Infocus: Malware Analysis for Administrators

I think I’ll have to take some of the ideas from this article and set up my own lab. Now, if I can only find a little space, I might actually be able to follow up on that intent.

“Welcome to the network. Before you can go any further, we have to make sure your anti-virus and all your patches are up to date. Sorry if this causes you any inconvenience.”

I recieved this article from Security Wire Perspectives, an email newsletter I receive regularly, and I thought it to be worth your time to read. We are implementing portions of this in our corporate network, but I’m actually suprised it’s taking this long to catch on. I guess it just makes too much sense for this idea to have been implemented before.

Continue Reading »

SecurityFocus HOME Columnists: A Polluted Internet

Reading this article reminds me of a phone call from my father the other day. He and my step-mother upgraded from a 56k modem to DSL recently. I asked him if SBC had installed any hardware for him, and I realized I’d already reached the limits of his technical knowledge. Asking about his anti-virus and personal firewall were clearly out of the question.

It’s been nearly two weeks since that conversation, and I still haven’t made it down to see them. The only consolation I have is that they rarely use their computer. I know they haven’t installed Ad-aware or AVG anti-virus. I doubt they know how to update XP home edition with the latest service pack. And turning on the built in firewall is probably out of the question.

I’m the security professional in the family, and I need to help them on this, but I hate supporting computers for friends and family. My main problem is two-fold. First, it’s nearly impossible to know what you’re going to find on a home computer and how important it really is (or isn’t). Second, the expectations people have are often completely out of proportion with reality. I get very frustrated when I have to tell a friend that what they want is technically possible, but that they’d need to learn how to do more than turn on the computer and open Explorer to do it. Sometimes I even have a hard time supporting my wife’s computer; at least she understands that when I say she can’t do something, it’s because of the computer’s limitations, not mine.

I’m scared by what I expect to find when I finally arrange a time to visit my father’s house. If they’re lucky, they’ll only have one or two spybots installed. If they’re not lucky, I may have to burn down the computer and reinstall the entire OS. Wish me luck.