Network Security Blog

At least if you live in the United States.

I spent two days this weekend on a woodworking project that had absolutely no connection at all to computers. It felt really good to balance some of the mental work I do with something with a more direct result on the physical world. And best of all, there was no bloodshed invovled. (I’m a bit accident prone with power tools, which is why I’m only allowed to use them with an adult present)

Now back to your regularly scheduled programming.

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis

I haven’t read all of the articles associated with this incident yet, but this Internet Storm Center article does a good job of covering all the bases. I’m finding out through personal experience exactly how hard the after action reporting can be.

I have been suffering through a number of comment spam attacks the last few days. In my own defense, I’ve shut down comments on all except the more recent posts on the web site. The best way for me to combat these floods would probably be to update MovableType, but I’m just not ready for the headaches involved. They say it’s an easy upgrade, but I know there’s got to be something that would break in the process.

Bofra exploit hits our ad serving supplier

It wasn’t that The Register was hit directly with this virus, but rather a third party who WAS acting as a ad service managed to get themselves infected. The people at The Register won’t be using that company for a while.

MailFrontier Phishing IQ Test II

Would you recognize a phishing scam if you saw it? I’m not talking about the simple ones, like “Buy Vi@gr* from us!”, I’m talking about the ones that look like they came from a profesional. I took the test, and I got a 90%. The one example I got wrong, I would have deleted as phish if it had come from an institution I do business with. And I’d be seriously considering if I still wanted to do business with them.

Take the test yourself and let me know how you did. A few of the scams are very obvious, but most of them actually look like they are legitimate.

Frozen Tech List of Linux Live CD’s

For the last couple of weeks I’ve been playing with the BitDefender Live!CD distro, and so far I’ve been pleasantly suprised at exactly how much I’ve been able to do with it. One thing I have not been able to do so far is to access the CD-RW on the system I’m trying to rescue. I can access it as a CD-ROM drive, but I haven’t been able to write to the disk. So I went back to the net for some more information.

I was a little taken back by the sheer volume of LiveCD’s out there. It seems that everyone who is anyone is creating their own LiveCD. Looking at how easy it is, I’m even tempted to create my own distro, but common sense (and a wife who already thinks I spend too much time on the computer) told me I already have enough projects (three computers waiting to built/re-build in the garage right now). So I just reviewed the web pages of a number of the ‘rescue’ distro’s listed on Frozen Tech. And by ‘review’ I mean I checked out their web pages.

Edit: Back to the drawing board. I didn’t read the part where it says Freepia for Via Epia-m motherboards
I’m going to give Freepia a try first. I’ve already played with BitDefender, and if it has the programs for using a CD-RW built in, I’ve been unable to find it. Freepia has cd burning software listed as one of their selling points, and the documentation to make it happen. At least I hope it will work. There are number of notes on how to get a CD-RW running under Linux, but I haven’t been able to find a reference to doing it on a LiveCD version yet.

Wish me luck.

The Worst Case Scenario

An IT insurance policy is going to be just like any other insurance policy out there; it’s designed to be unreadable and setup with so many loopholes that it’s going to leave you with your pants down when you most need it. While I have no direct experience with any of the various IT insurances running around, I was Life and Health Insurance licensed at one time (something I’m still paying penance for). Insurance laws are generally written by the insurance company, for the insurance company. Any laws on the books that appear to protect you, the customer, are only there for appearances sake. Not that I’m cynical or anything.

I have to say that I find it comical that the company had 5 different backups of their data, but only one of them, the printout, was in a non-volitale format. Why didn’t they have a copy on CD or something else that could be read from but not written too? I hope they learned a lesson and that any important information they have is a more securely backed up now.

IT insurance of any type is still too new of a field for anyone to feel comfortable with. The insurance companies don’t have enough of a history on the IT field to create a real actuarial table, but they do have enough information to craft a contract that has exclusions for most real world issues. A contact of mine recently asked me about ‘hacking insurance’ for his company. We talked about it and agreed that unless your part of a company that does the majority of business online, the insurance isn’t going to be a good investment. The list of exclusions and requirements on the policy was long, complex and full of escape clauses for the insurance company. I think that IT insurance is still a field for the hucksters, companies trying to make a name for themselves, and businesses who are willing to (or need to) play the luck of the dice. If you’re a main stream company, you’re probably better off taking the money from your insurance policy and investing it in tighter security at your company. Of course, IT security usually doesn’t look as good to a C-level officer.

Trial Shows How Spammers Operate

This guy was pulling in $400,000 to $750,000 a month and only spending about $50,000 to make it. No wonder someone with questionable ethics might be drawn to that kind of return. Of course, the penalty for getting caught is 9 years in in jail. Given good behaviour, he’ll probably be out in 4 years. His net worth is thought to be around $24 million, so he may still be ahead overall when he gets out. Hopefully the IRS and other government agencies can help alleviate any headaches managing such a large sum of would cause.

Thanks to members of the CISSP mailing list for this link.

I’m in the process of trying to recover a computer for a family member. Another computer savvy member of the family got a cable modem and connected the computer directly to the Internet without any protection (anti-virus, anti-spyware, personal firewall). The system is so infected it won’t boot properly to Windows ME (no jokes please), and in Safe Mode, it can’t read the CD drives. Without the ability to read CD’s, no software installation.

I found the BitDefender LiveCD while looking for a bootable Linux image that included the ability to scan a Windows partition for viruses. While my search was not exhaustive, I didn’t find any other alternatives. If you know of one, please let me know.

I tried booting to this LiveCD on my personal system first. It identified most of the major hardware without any major hiccups and in very little time. The first problem I ran into was reading the system s NTFS partitions. BitDefender does apparently have provisions for reading a NTFS partition, but it requires additional software that did not appear to be on the CD. I have some more research to do on this point.

On the WindowsME system, boot up was much slower and the USB keyboard seemed to give the image a bit of a headache. Once the system was fully up, mounting the hard drives was very simple. Using BitDefender’s Linux virus scan didn’t turn out well though. Two attempts to scan the hard drive ended with the computer hung and in need of a reboot. On a positive note, the kernel recognized both CD drives, allowing the contents of a security CD to be moved to the hard drive of the computer.

Rebooting to WindowsME Safe Mode allowed me to install Spybot S&D and AVG Antivirus, from the folder copied while in Linux. Both programs installed successfully, albiet with slightly outdated databases. Spybot found in the neighborhood of 60 instances of scumware, and AVG found over 20 instances of viruses. Rebooting allowed both programs to finish their cleanup, but the system still isn’t booting properly.

I’m not sure what the next step is, but I think it will involve recovering any valuable files off the computer and re-installing Windows. If the BitDefender LiveCD will allow me to use the CD-RW on the computer great, otherwise I might have to slave the HD in another computer. It would probably be less work to backup everything to a DVD and re-image. And this time I can add all the security software before it ever comes close to the Internet.

I’m looking for a linux LiveCD distribution that will allow me to boot a system off of the CD and then scan a Windows ME partition for viruses and trojans. So far I’ve found one product that fits the bill: BitDefender Antivirus. This is a LiveCD called LinuxDefender. I’m hoping that this will allow me to remove the worst of the infections from the computer so that I can boot it and install additional anti-virus and anti-scumware programs such as AdawareSE, Spybot S&D, and Outpost firewall.

If you have any information on this or similar products, I’m all ears. I want to see how much of the drek on this computer I can clean off before I boot it into Windows ME again.