When thinking about security, one of the things that are hardest to grasp is the way things are linked together, and of course, the ingenuity of criminals. One small thing can lead to disasterous results in ways a normal person could not even imagine.
For example, a well known story is about a family that went to a public event, and parked their car in the parking lot, like everybody else. The car was a piece of junk, so there was no reason to steal it, and therefore, the owners didn’t install any protection. When thieves broke into it, they weren’t even interested in the car itself, but instead, they stole the GPS that was in it. No…they didn’t want the $50 they could hawk it for, but instead, they just put it in their own vehicle, and pressed “go home”. Thirty minutes later, they were in the driveway of the car’s owner, and entered the house using the remote they also found in the car. I guess there’s no need to detail the resulting mess.
There are several preventative measures to prevent this kind of thing (the simplest would be to set the HOME location on the GPS at a point that’s actually a mile or two from home, or not at all), but the point is that everything can be used for bad deeds, even if it is worthless in itself. Knowing where you work, for example, will allow a clever social engineering hacker to squeeze some info from your co-workers. For example, when you are going on vacation (which would be a good time to hit your house) or what days you stay late at the office.
What can you do about this? Unfortunately, not enough. The criminal mind thinks differently than us, normal people, and even amongst the crooks, there are the more devious kind. A good practice is simply to pretend to be a bad guy for a day. Sit in your car outside your home or office, and try to come up with a way to break in. Sit at your computer, and think how YOU can bust into your boss’s computer, and then try to figure out how you would block him from doing the same to you. Some of us just can’t do it – too old to think outside the box, but you might also try having your kids suggest thoughts.
Monday, October 19, 2009
Thursday, August 20, 2009
Cloudy weather
There’s been a lot of talk in the industry recently about software-as-a-service, hosted services and cloud computing. Getting rid of the burden of managing servers and messing around with hardware seem charming, and has a lot of financial and administrative advantages, but is it SAFE?
Well, most of the stuff I write about here warns people that this or that is more dangerous than it appears, but this time, it’s quite the opposite. Cloud technology is actually is safer than the alternative in most configurations.
The thing about hosting services is that it takes away the hardest thing to control – physical security. I discussed this in my blog about thin clients – a physical computer or storage container is a sensitive thing. Cell phones and laptop theft is pretty obvious, but standard servers are also sensitive to some abuse. Even though most companies keep the servers in a secure room, not everyone can afford proper security, and even when a company can, the design is often imperfect because IT personnel are rarely trained in physical security. They might think a cardkey lock is secure, forgetting that the glass door or windows can be easily broken. They might setup alarms, but not be able to afford an onsite guard that can react fast enough in case of burglary. They might install smoke detectors, but miss out on proper fire extinguishers or water drainage infrastructure.
Also, having your own servers require some serious maintenance. AV updates need to be monitored, software updates installed, and security hardening needs to be done, and kept up regularly. Even though technologies like SMS are easily available, many companies don’t get them because of costs, and even with them, the massive resources on servers are a major honey pot. Many sysadmins are tempted to put some of their MP3s or movies “temporarily” on the file server, simply because it’s an easy plug until they come up with the cash to expand their own HD. Having this type of data would often be overlooked, but it may also expose the company to legal challenges or a virus infection.
While cloud technology is not yet perfect, and certainly does not fit every client or every scenario, it can have an important boost for the company’s security. Naturally, attention has to be given here as well, as a small or Startup Company that delivers hosted solutions might be riddled with the same problems, but with some major players entering the market in recent months, this is a great opportunity to get secure while reducing costs.
Well, most of the stuff I write about here warns people that this or that is more dangerous than it appears, but this time, it’s quite the opposite. Cloud technology is actually is safer than the alternative in most configurations.
The thing about hosting services is that it takes away the hardest thing to control – physical security. I discussed this in my blog about thin clients – a physical computer or storage container is a sensitive thing. Cell phones and laptop theft is pretty obvious, but standard servers are also sensitive to some abuse. Even though most companies keep the servers in a secure room, not everyone can afford proper security, and even when a company can, the design is often imperfect because IT personnel are rarely trained in physical security. They might think a cardkey lock is secure, forgetting that the glass door or windows can be easily broken. They might setup alarms, but not be able to afford an onsite guard that can react fast enough in case of burglary. They might install smoke detectors, but miss out on proper fire extinguishers or water drainage infrastructure.
Also, having your own servers require some serious maintenance. AV updates need to be monitored, software updates installed, and security hardening needs to be done, and kept up regularly. Even though technologies like SMS are easily available, many companies don’t get them because of costs, and even with them, the massive resources on servers are a major honey pot. Many sysadmins are tempted to put some of their MP3s or movies “temporarily” on the file server, simply because it’s an easy plug until they come up with the cash to expand their own HD. Having this type of data would often be overlooked, but it may also expose the company to legal challenges or a virus infection.
While cloud technology is not yet perfect, and certainly does not fit every client or every scenario, it can have an important boost for the company’s security. Naturally, attention has to be given here as well, as a small or Startup Company that delivers hosted solutions might be riddled with the same problems, but with some major players entering the market in recent months, this is a great opportunity to get secure while reducing costs.
Friday, July 31, 2009
Is it safe to talk?
the short answer is NO, but the longer one depends a lot on you. Voice mail systems are pretty much standard all around, but few people realize what a security risk they can pose. On the surface, a phone seems pretty harmless. What are they going to do? Leave me a threatening message? Well, maybe, but that's not the danger.
Most people choose to leave a custom voice message on their voice mailbox. Something like "Hi, you've reached James Voca, IT manager for Pirulo systems. Please leave your message and I'll call you back" seems pretty ordinary, doesn't it? Well, for an employee giving you a call, it is, but if someone outside calls in, you just informed him or her which company it is, what's the name of the IT Manager, and how he sounds like. In the wrong hands, this data is very valuable. A type of hacking known as "Social Engineering" focuses on using peoples tendency to behave socially can use exactly that. A social engineering hacker would typically call employees of the company on the phone, and try to get them to give out sensitive data or access. With the info from this mailbox, the hacker can pretend to be the IT Manager, and influence others. Many users will recognize the high ranking position holder and tell/do anything he wants. They would give him their passwords, let him take over their computer remotely and more. Here's a scenario:
Hacker: Hi Jane. This is James from IT. I'm at home and late for meeting - do you mind if I log into your machine to get a PPT I really need?
Jane: Sure, James
Hacker: Cool. I'm sending you an Email with a link - just click it and I'll be in and out in a minute.
Outcome: Hacker can implant a backdoor on Jane's computer, or just use it to get access to some sensitive internal servers.
How about another scenario:
Hacker: Hi Scott. This is James from IT. A guy from HB is coming in to pick up my laptop for repair - be sure to let him through, OK?
Scott (security guard): Sure thing, James.
Outcome: The hacker can waltz in the building, grab some laptop and disappear with it, causing both financial damage and possibly stealing important data from the computer.
This is not the only danger, of course. Most modern voice mail systems let people access them remotely. You would typically call yourself, punch in some PIN and can listen to your messages. Many people don't want to remember complicated numbers, and set the PIN at 0000, 1234 or the default (which is often one of these too). When this happens, anyone else can call into the voice mail, guess that number and listen to your messages. These would usually be just some nagging from your Bank, but they could also contain sensitive info. For example, it could be a message from your doctor about your blood work, a message from a vendor talking about things you purchased or worse. A hacker that knows how you sound like, and that you've just ordered 10 servers from Deck.com can call them, quote back some "secret" info from the message, and divert the goods to his house. He can also call you, pretend to be the vendor and get you to let him in the building with the "servers", and a good opportunity to do some damage.
The lesson here is simple - don't think that the voicemail system is safe, just because it's not connected to your computer. In fact, your own answering machine at home could expose you personally to some dangerous elements. Does your message sound like "Hi, you've reached the Smith family at 2245 lake drive"? You're just inviting people to come over and clean up your house. I recommend taking four measures:
1) Have your PIN secure - no simple numbers, but ones that are chosen carefully, changed frequently and aren't easy to guess
2) Have your message give as little info as possible. A good one could be "Hi, you've reached Jack - please leave a message". Same thing at home - "You've reached the Cole residents, please leave a message".
3) Listen to your messages frequently, and delete them. right away. Don't leave messages to linger on your phone from Friday afternoon to Sunday noon.
4) When you are leaving messages to others, whether you are a vendor, a client, a boss or a subordinate, keep in mind that you can never know the level of security the other side keeps. Treat a message left like a note left on the door - others may read it. Keep sensitive info out of the message, and just call back later.
Most people choose to leave a custom voice message on their voice mailbox. Something like "Hi, you've reached James Voca, IT manager for Pirulo systems. Please leave your message and I'll call you back" seems pretty ordinary, doesn't it? Well, for an employee giving you a call, it is, but if someone outside calls in, you just informed him or her which company it is, what's the name of the IT Manager, and how he sounds like. In the wrong hands, this data is very valuable. A type of hacking known as "Social Engineering" focuses on using peoples tendency to behave socially can use exactly that. A social engineering hacker would typically call employees of the company on the phone, and try to get them to give out sensitive data or access. With the info from this mailbox, the hacker can pretend to be the IT Manager, and influence others. Many users will recognize the high ranking position holder and tell/do anything he wants. They would give him their passwords, let him take over their computer remotely and more. Here's a scenario:
Hacker: Hi Jane. This is James from IT. I'm at home and late for meeting - do you mind if I log into your machine to get a PPT I really need?
Jane: Sure, James
Hacker: Cool. I'm sending you an Email with a link - just click it and I'll be in and out in a minute.
Outcome: Hacker can implant a backdoor on Jane's computer, or just use it to get access to some sensitive internal servers.
How about another scenario:
Hacker: Hi Scott. This is James from IT. A guy from HB is coming in to pick up my laptop for repair - be sure to let him through, OK?
Scott (security guard): Sure thing, James.
Outcome: The hacker can waltz in the building, grab some laptop and disappear with it, causing both financial damage and possibly stealing important data from the computer.
This is not the only danger, of course. Most modern voice mail systems let people access them remotely. You would typically call yourself, punch in some PIN and can listen to your messages. Many people don't want to remember complicated numbers, and set the PIN at 0000, 1234 or the default (which is often one of these too). When this happens, anyone else can call into the voice mail, guess that number and listen to your messages. These would usually be just some nagging from your Bank, but they could also contain sensitive info. For example, it could be a message from your doctor about your blood work, a message from a vendor talking about things you purchased or worse. A hacker that knows how you sound like, and that you've just ordered 10 servers from Deck.com can call them, quote back some "secret" info from the message, and divert the goods to his house. He can also call you, pretend to be the vendor and get you to let him in the building with the "servers", and a good opportunity to do some damage.
The lesson here is simple - don't think that the voicemail system is safe, just because it's not connected to your computer. In fact, your own answering machine at home could expose you personally to some dangerous elements. Does your message sound like "Hi, you've reached the Smith family at 2245 lake drive"? You're just inviting people to come over and clean up your house. I recommend taking four measures:
1) Have your PIN secure - no simple numbers, but ones that are chosen carefully, changed frequently and aren't easy to guess
2) Have your message give as little info as possible. A good one could be "Hi, you've reached Jack - please leave a message". Same thing at home - "You've reached the Cole residents, please leave a message".
3) Listen to your messages frequently, and delete them. right away. Don't leave messages to linger on your phone from Friday afternoon to Sunday noon.
4) When you are leaving messages to others, whether you are a vendor, a client, a boss or a subordinate, keep in mind that you can never know the level of security the other side keeps. Treat a message left like a note left on the door - others may read it. Keep sensitive info out of the message, and just call back later.
Tuesday, June 23, 2009
The ups and downs of backing up
My experience is that any and every user appreciates the importance of backing up your stuff, but when it comes to actually doing it, almost nobody does it, and even some large organizations are failing at it. Backup failure isn't necessarily "not doing it at all", but can also mean that it's done improperly. A proper backup is such that a person or organization will never, under any circumstances, lose more than a day's worth of work. Before we even go there, I should stress one important fact - many users, and even experienced system engineers often confuse between backup and archive. Backup is when you copy your current data to another storage medium, so that if something happens to the original, you can restore it and not lose anything. Archiving is similar, but opposite - you copy your data to another storage medium, and then delete the original.
For example, many people burn DVDs with their older files and delete the originals, and most of them consider this a backup. This is, in fact, an archive, but few people are aware that a recordable DVD has a limited lifespan, and is very sensitive to physical harm. Putting your photos on a DVD and stowing it in the closet is not safer than storing food in the trunk of your car. Often, we discover this only in hind-site, when trying to recover a file from a disc burned 3 years ago, only to discover that it's partially or completely unreadable.
I believe network engineers won't need to read this, so I'm addressing this to the home user, mostly. For a backup to be worth anything, it has to meet some basic principles:
1) It has to be done to a media with at least SOME reliability.
2) It has to be done frequently.
3) It has to be stored in a place that is safe, but not too unreachable.
4) It has to be tested routinely.
What does all this mean? Well, 1st, this means you should not use a media that's unreliable. A writeable DVD, for example, has a low reliability rating, while a hard drive has more. That's not to say that a hard drive is bulletproof, but it's usually more reliable, and also easier to detect if it fails. This is because if it dies, you would usually be able to hear it, and respond by replacing it, while if a DVD stops being readable, you'll only find out when you put it in the drive. A high level tape drive, like an LTO or DLT is also very reliable, although these babies start at a few hundred dollars, so would be off the table even for some business customers.
A frequent backup is also important. Many users start this with full intentions of going all the way, but after a while, they kind'a give it up, and forget to backup for weeks or even months. Typically, you remember to do it right after your hard drive crashes, of course. A good way to avoid this pothole is to setup some automatic backup mechanism. If you use an external drive, for example, this can be done rather easily, and many external drives even come with the software. If not, Windows has a built in backup mechanism which is quite effective (especially the one that's in Windows 7!).
3rdly, if a lightning strikes your house, or a fire breaks out, the backup won't do you much good if you leave the DVDs next to the computer or leave the external drive connected. One should strive to keep the backup as far away as possible from the computer, although not too far. If you store it across town, you might have a good excuse to forget to backup. Also, if it's that far, you might become too lazy to drive over and get a file if you need it. A good solution could be to have a reciprocal agreement with a neighbor - you hold their drive during the week, and they hold yours. If you have an detached garage or storage shed, this could be good too (although, take care to prevent the drive from freezing or getting too much humidity).
Lastly, a backup that's untested will often fail you at the worst possible moment. You might discover that it hasn't actually run for over a month, or that some files are unreadable. A good practice is to test the backup around once a month. If you have a calendar like Outlook, you can use it to remind yourself to check it now and then.
One more thing - many people feel that buying a large drive just to store backup on is wasteful. In a way, that's true, but if you want to save some money there, you might consider getting a refurbished drive. These are inherently less reliable, but since you can easily detect if it stops working, it could be a suitable solution anyway. Also, keep in mind that you can activate folder-compression on it, as performance is less of an issue, and so use a drive smaller than your main one.
For example, many people burn DVDs with their older files and delete the originals, and most of them consider this a backup. This is, in fact, an archive, but few people are aware that a recordable DVD has a limited lifespan, and is very sensitive to physical harm. Putting your photos on a DVD and stowing it in the closet is not safer than storing food in the trunk of your car. Often, we discover this only in hind-site, when trying to recover a file from a disc burned 3 years ago, only to discover that it's partially or completely unreadable.
I believe network engineers won't need to read this, so I'm addressing this to the home user, mostly. For a backup to be worth anything, it has to meet some basic principles:
1) It has to be done to a media with at least SOME reliability.
2) It has to be done frequently.
3) It has to be stored in a place that is safe, but not too unreachable.
4) It has to be tested routinely.
What does all this mean? Well, 1st, this means you should not use a media that's unreliable. A writeable DVD, for example, has a low reliability rating, while a hard drive has more. That's not to say that a hard drive is bulletproof, but it's usually more reliable, and also easier to detect if it fails. This is because if it dies, you would usually be able to hear it, and respond by replacing it, while if a DVD stops being readable, you'll only find out when you put it in the drive. A high level tape drive, like an LTO or DLT is also very reliable, although these babies start at a few hundred dollars, so would be off the table even for some business customers.
A frequent backup is also important. Many users start this with full intentions of going all the way, but after a while, they kind'a give it up, and forget to backup for weeks or even months. Typically, you remember to do it right after your hard drive crashes, of course. A good way to avoid this pothole is to setup some automatic backup mechanism. If you use an external drive, for example, this can be done rather easily, and many external drives even come with the software. If not, Windows has a built in backup mechanism which is quite effective (especially the one that's in Windows 7!).
3rdly, if a lightning strikes your house, or a fire breaks out, the backup won't do you much good if you leave the DVDs next to the computer or leave the external drive connected. One should strive to keep the backup as far away as possible from the computer, although not too far. If you store it across town, you might have a good excuse to forget to backup. Also, if it's that far, you might become too lazy to drive over and get a file if you need it. A good solution could be to have a reciprocal agreement with a neighbor - you hold their drive during the week, and they hold yours. If you have an detached garage or storage shed, this could be good too (although, take care to prevent the drive from freezing or getting too much humidity).
Lastly, a backup that's untested will often fail you at the worst possible moment. You might discover that it hasn't actually run for over a month, or that some files are unreadable. A good practice is to test the backup around once a month. If you have a calendar like Outlook, you can use it to remind yourself to check it now and then.
One more thing - many people feel that buying a large drive just to store backup on is wasteful. In a way, that's true, but if you want to save some money there, you might consider getting a refurbished drive. These are inherently less reliable, but since you can easily detect if it stops working, it could be a suitable solution anyway. Also, keep in mind that you can activate folder-compression on it, as performance is less of an issue, and so use a drive smaller than your main one.
Monday, June 8, 2009
This car has more than 9 Lives
Most of us obsess about retaining our data - we buy large hard drives, burn countless DVDs and protect it all with RAID controllers and UPS devices. What many people care much less about is making sure that discarded data is really gone. How many times have you thrown a dead hard disk in the trash, wiping a tear for your lost files? Did you consider that a person with sufficient technical skill may grab it from the trash, recover the data and make some coins off it?
Well, the issue of data destruction has been the center of much debate. Most people are already aware that deleting a file doesn't really erase it - it simply deletes the reference to the file in the disks directory (I'm talking about actually deleting, not moving it to the trash, which doesn't delete anything), while the data is still there, untouched. A file that has been deleted can be re-created simply by finding it's 1st sector, and creating a file entry that points to it. Once you delete a file, it can be overwritten by windows, as it the system creates new files. the new files might overwrite some or all of the file's original sectors, which are now marked as free, but these sectors can also remain untouched for years.
Some people will go the distance, and actually format the hard drive before throwing it away, but this too is not sufficient. Restoring a formatted drive is more time consuming, but certainly possible. The US Department of defense probed this issue in the past, and produced a standard, known as DOD standard 5220.22, that instructs exactly what to do to erase data properly. Later on, there was some debate as to this was safe enough. Some expert claimed that you would need to overwrite the data over a dozen times, and that has been misquoted repeatedly in the press since then.
Security experts are very much concerned about erasing data securely. A company cannot risk it's commercial data falling into the wrong hands simply because somebody was too lazy and took a shortcut with the disk. Same goes for other types of media - DVDs, backup tapes etc. Even a lost cell phone could present a serious security breach, as it could include phone numbers of sensitive customers, sensitive emails or meetings etc. I would like to take this opportunity to debunk some myths about data destruction.
1) Hard drive demolition derby.
• A common method of destroying disks, by punching a hold through them, or banging them strongly with a hammer is far from secure. It's not easy to recover in this condition, but it's certainly possible.
• With modern IDE and SATA disks, using a 5220.22 secure erase software is very safe. there's no need to overwrite everything dozens of times. The need for that kind of rewrites referred to some very old MFM drives.
• Using software erasure is pretty slow, but it can be done unattended, so setting up some dedicated old computer for that is pretty easy. Just make sure no one tries to steal the old drives from that station.
• A very effective way to destroy a disk is to take it apart, and separate the plates from the other components. Dumping the plates in a different trash facility makes it pretty much impossible to recover.
• There is a technique that allows data recovery off a drive in almost any condition, but that process is so lengthy and expensive, that most experts would consider it irrelevant. Recovering data from a disk that was physically destroyed would cost so much time and money, that even government agencies don't bother with it.
• Take care to monitor old computers - many times people upgrade the disk and don't think of giving the old disk back to the IT group for sanitation. Some even take the old disks home, thereby exposing the company to huge risks. This also goes for computers that are being retired - don't sell them to 3rd party companies without either sanitizing them, or making sure that the buying company commits with a contract to do this to ALL disks.
2) Other media types:
• Recovering data off other media types, such as tapes, CDs, floppy's etc is rather easy, but these media types are also much easier to destroy. Even a little heat can totally kill an optical disc, and a strong magnet can kill a tape almost instantly. I would, however, recommend a process is used for this - don't just break a CD, and don't pop it in the oven - use a CD shredder, which costs very little these days.
• Users often overlook CDs as a potential security risk, and often throw them in the trash. A security officer would be wise to issue a recurring reminder to all employees to collect discarded CDs and DVDs and have the IT or security department dispose of them securely. This goes not only for data disks, but also software - if someone finds and uses an old copy of windows for illegal purposes, with the company's serial number, it could lead back to the company and carry legal repercussions.
• Many people carry around USB drives to take a file or two back-and-forth from/to home. This is a big risk as these drives rarely get formatted, and often are lost. I would recommend any organization introduce a security mechanism to block such devices altogether, or at least control them with a policy (for example, require to have them signed by corporate security before they are allowed in)
Well, the issue of data destruction has been the center of much debate. Most people are already aware that deleting a file doesn't really erase it - it simply deletes the reference to the file in the disks directory (I'm talking about actually deleting, not moving it to the trash, which doesn't delete anything), while the data is still there, untouched. A file that has been deleted can be re-created simply by finding it's 1st sector, and creating a file entry that points to it. Once you delete a file, it can be overwritten by windows, as it the system creates new files. the new files might overwrite some or all of the file's original sectors, which are now marked as free, but these sectors can also remain untouched for years.
Some people will go the distance, and actually format the hard drive before throwing it away, but this too is not sufficient. Restoring a formatted drive is more time consuming, but certainly possible. The US Department of defense probed this issue in the past, and produced a standard, known as DOD standard 5220.22, that instructs exactly what to do to erase data properly. Later on, there was some debate as to this was safe enough. Some expert claimed that you would need to overwrite the data over a dozen times, and that has been misquoted repeatedly in the press since then.
Security experts are very much concerned about erasing data securely. A company cannot risk it's commercial data falling into the wrong hands simply because somebody was too lazy and took a shortcut with the disk. Same goes for other types of media - DVDs, backup tapes etc. Even a lost cell phone could present a serious security breach, as it could include phone numbers of sensitive customers, sensitive emails or meetings etc. I would like to take this opportunity to debunk some myths about data destruction.
1) Hard drive demolition derby.
• A common method of destroying disks, by punching a hold through them, or banging them strongly with a hammer is far from secure. It's not easy to recover in this condition, but it's certainly possible.
• With modern IDE and SATA disks, using a 5220.22 secure erase software is very safe. there's no need to overwrite everything dozens of times. The need for that kind of rewrites referred to some very old MFM drives.
• Using software erasure is pretty slow, but it can be done unattended, so setting up some dedicated old computer for that is pretty easy. Just make sure no one tries to steal the old drives from that station.
• A very effective way to destroy a disk is to take it apart, and separate the plates from the other components. Dumping the plates in a different trash facility makes it pretty much impossible to recover.
• There is a technique that allows data recovery off a drive in almost any condition, but that process is so lengthy and expensive, that most experts would consider it irrelevant. Recovering data from a disk that was physically destroyed would cost so much time and money, that even government agencies don't bother with it.
• Take care to monitor old computers - many times people upgrade the disk and don't think of giving the old disk back to the IT group for sanitation. Some even take the old disks home, thereby exposing the company to huge risks. This also goes for computers that are being retired - don't sell them to 3rd party companies without either sanitizing them, or making sure that the buying company commits with a contract to do this to ALL disks.
2) Other media types:
• Recovering data off other media types, such as tapes, CDs, floppy's etc is rather easy, but these media types are also much easier to destroy. Even a little heat can totally kill an optical disc, and a strong magnet can kill a tape almost instantly. I would, however, recommend a process is used for this - don't just break a CD, and don't pop it in the oven - use a CD shredder, which costs very little these days.
• Users often overlook CDs as a potential security risk, and often throw them in the trash. A security officer would be wise to issue a recurring reminder to all employees to collect discarded CDs and DVDs and have the IT or security department dispose of them securely. This goes not only for data disks, but also software - if someone finds and uses an old copy of windows for illegal purposes, with the company's serial number, it could lead back to the company and carry legal repercussions.
• Many people carry around USB drives to take a file or two back-and-forth from/to home. This is a big risk as these drives rarely get formatted, and often are lost. I would recommend any organization introduce a security mechanism to block such devices altogether, or at least control them with a policy (for example, require to have them signed by corporate security before they are allowed in)
Tuesday, June 2, 2009
Click YES/NO to format hard drive
One of the problems we are still facing in the world of information security is that people still have a built in tendency to trust authority figures. If it looks "official" enough, most people will trust it and follow, like lambs to the slaughter. This caused the infamous "MS Antivirus" nag ware to be so effective - it's made to look like it was made by Microsoft, and most people just trust it and believe it's real.
A more interesting, and frightening case of being fooled by software is illustrated by the tale of G-Archiver. This free utility is designed to allow the user to backup his Gmail account to his local computer. Generally, this is a good idea, as one never knows when his account might be frozen or accidentally deleted. In this case, however, it has been discovered that the program works in a way that's insecure, to say the least, and borderline identity-theft. Apparently, the software is coded to send an Email back to its creator, with the credentials of any user who uses it (you are required to give it our credentials, so it can download all your message for backup). A programmer who investigated it discovered that the developer's Gmail account was full of user+password info for thousands who downloaded the used the program. Even worse, it also turned out that the developer embedded the credentials of this account (where the passwords are being sent to) in his code, so anyone with the right skills can access it and harvest all these users-names and passwords.
If you are one of those who used this software, now would be a good time to change your Gmail password. In fact, it's a good idea to change it once a month anyway, although I don't fool myself into thinking that any normal person will actually do that. Well, I hope that you at least change your PayPal password now-and-then. What's frightening here is that most of us, even experienced Sysadmins and security experts, trust programs we download to do what they say. Few, if any of us, check if a program contains spyware, and few have the skills to check for the kind of behavior mentioned above. Your credentials or private files could be circulating all over the net without you even suspecting it. On a similar note, many people install file sharing applications and share their entire drive, without realizing that all their personal documents are readily available for everyone. Want proof? Open up some file sharing program and run a search for "my cv.doc" - you will find many!
Some organizations have configured domain-enforced policies that prevent installation or even downloading of unknown software, but that's only been done within a handful of companies. If your org considered it, it was most likely rejected for political reasons - it's not easy telling everyone that they can't install anything on their computers anymore - it sounds fascist, doesn't it? If you ask me, this is already a necessary step right now, and it's only a matter of time before more security administrators or CEOs realize it and make it happen. At home, it's even worse as there are no mandatory settings. We have the technology to sign software by a trusted publisher, but hardly anyone uses it. Perhaps it's time, before the next wave of a Conficker-like worm hits all of us?
A more interesting, and frightening case of being fooled by software is illustrated by the tale of G-Archiver. This free utility is designed to allow the user to backup his Gmail account to his local computer. Generally, this is a good idea, as one never knows when his account might be frozen or accidentally deleted. In this case, however, it has been discovered that the program works in a way that's insecure, to say the least, and borderline identity-theft. Apparently, the software is coded to send an Email back to its creator, with the credentials of any user who uses it (you are required to give it our credentials, so it can download all your message for backup). A programmer who investigated it discovered that the developer's Gmail account was full of user+password info for thousands who downloaded the used the program. Even worse, it also turned out that the developer embedded the credentials of this account (where the passwords are being sent to) in his code, so anyone with the right skills can access it and harvest all these users-names and passwords.
If you are one of those who used this software, now would be a good time to change your Gmail password. In fact, it's a good idea to change it once a month anyway, although I don't fool myself into thinking that any normal person will actually do that. Well, I hope that you at least change your PayPal password now-and-then. What's frightening here is that most of us, even experienced Sysadmins and security experts, trust programs we download to do what they say. Few, if any of us, check if a program contains spyware, and few have the skills to check for the kind of behavior mentioned above. Your credentials or private files could be circulating all over the net without you even suspecting it. On a similar note, many people install file sharing applications and share their entire drive, without realizing that all their personal documents are readily available for everyone. Want proof? Open up some file sharing program and run a search for "my cv.doc" - you will find many!
Some organizations have configured domain-enforced policies that prevent installation or even downloading of unknown software, but that's only been done within a handful of companies. If your org considered it, it was most likely rejected for political reasons - it's not easy telling everyone that they can't install anything on their computers anymore - it sounds fascist, doesn't it? If you ask me, this is already a necessary step right now, and it's only a matter of time before more security administrators or CEOs realize it and make it happen. At home, it's even worse as there are no mandatory settings. We have the technology to sign software by a trusted publisher, but hardly anyone uses it. Perhaps it's time, before the next wave of a Conficker-like worm hits all of us?
Tuesday, May 12, 2009
May I have your life, please?
Identity theft is far from new, but with the growing popularity of online accessibility, this has become a major risk that affects pretty much everybody. While most Americans are well aware of this risk and are taking several measures to prevent it, for others this is not so simple.
For Americans, the most common type of identity theft is a stolen password to an online service. If someone was clever enough to get you to hand over your password (with Phishing, for example), he can login to your account and if it's a bank account or PayPal, steal all your money. Another type of identity theft is stealing a person's Social Security Number. With that, a thief can gain access directly into things like medical records, bank accounts and much more. Most people are aware of this, and safeguard their SSN closely, but in other countries, this is not the case.
In Israel, for example, the equivalent of a SSN is the Identity Number, which is a 9 digit number assigned to each person when he/she is born. This number is unique, and will follow that person to the grave. It's printed on each citizen's Identity Card and drivers license and is the primary means of authenticating a person's identity. Unfortunately, the national identity card is notoriously easy to forge, which is why the Israeli government has been working on a smart-card based replacement. What's even more unfortunate is that the entire database of the Israeli population has been leaked to the public, and is freely available to anyone who knows how to download pirated music. In fact, this database, known as "Hipuson", "Shimoshon" or "Mirsham", has been going around for many years now. It's available on the Emule network, as well as many file hosting services, although the plethora of versions in the wild make it a little hard to find the most updated version. This database contains not only the full names and ID number of every living citizen in the state, but also their full address, birth date and parents name. With simple correlation, one can locate his parents, siblings, children and even his neighbors, and some versions of the database even have this function built in. Politicians, singers and other celebrities are not exempt, and their info is also included even if it was specifically redacted from the national phone directory. Using this database, anybody can choose a random person, or his enemies, and create a fake ID with their details and his/her picture. As I said, it is rather easy, and anyone with color laser printer, bitmap editor and laminating machine can do this. Once you have an ID card, you can access the targets bank account, his medical records and even sell his/her house and disappear with the money.
What can the Israeli citizen do? Basically, nothing. No one knows exactly how the database is leaked, but there are many parties who have access to it. When the Israeli Police started investigated this issue in March 2008, multiple breaches were detected, from unpatched servers to server-rooms left unlocked and unsupervised. Changing your ID number is not possible for a citizen, and this has been done only in rare cases where serious damage has been done to a person. In the recent report filed by the Auditor General exposes this outrageous conduct, but like most of these reports, it is likely to be completely buried or acted-upon very slowly. Perhaps the best solution is to keep your cash under the mattress?
For Americans, the most common type of identity theft is a stolen password to an online service. If someone was clever enough to get you to hand over your password (with Phishing, for example), he can login to your account and if it's a bank account or PayPal, steal all your money. Another type of identity theft is stealing a person's Social Security Number. With that, a thief can gain access directly into things like medical records, bank accounts and much more. Most people are aware of this, and safeguard their SSN closely, but in other countries, this is not the case.
In Israel, for example, the equivalent of a SSN is the Identity Number, which is a 9 digit number assigned to each person when he/she is born. This number is unique, and will follow that person to the grave. It's printed on each citizen's Identity Card and drivers license and is the primary means of authenticating a person's identity. Unfortunately, the national identity card is notoriously easy to forge, which is why the Israeli government has been working on a smart-card based replacement. What's even more unfortunate is that the entire database of the Israeli population has been leaked to the public, and is freely available to anyone who knows how to download pirated music. In fact, this database, known as "Hipuson", "Shimoshon" or "Mirsham", has been going around for many years now. It's available on the Emule network, as well as many file hosting services, although the plethora of versions in the wild make it a little hard to find the most updated version. This database contains not only the full names and ID number of every living citizen in the state, but also their full address, birth date and parents name. With simple correlation, one can locate his parents, siblings, children and even his neighbors, and some versions of the database even have this function built in. Politicians, singers and other celebrities are not exempt, and their info is also included even if it was specifically redacted from the national phone directory. Using this database, anybody can choose a random person, or his enemies, and create a fake ID with their details and his/her picture. As I said, it is rather easy, and anyone with color laser printer, bitmap editor and laminating machine can do this. Once you have an ID card, you can access the targets bank account, his medical records and even sell his/her house and disappear with the money.
What can the Israeli citizen do? Basically, nothing. No one knows exactly how the database is leaked, but there are many parties who have access to it. When the Israeli Police started investigated this issue in March 2008, multiple breaches were detected, from unpatched servers to server-rooms left unlocked and unsupervised. Changing your ID number is not possible for a citizen, and this has been done only in rare cases where serious damage has been done to a person. In the recent report filed by the Auditor General exposes this outrageous conduct, but like most of these reports, it is likely to be completely buried or acted-upon very slowly. Perhaps the best solution is to keep your cash under the mattress?
Subscribe to:
Posts (Atom)
Posts
