Search This Blog

Monday, April 25, 2011

(U) Microsoft's new Security Tool launched

Microsoft has released another FREE security tool that will scan and clean your system from known viruses, spyware, and other malicious software and other bad stuff. 'Microsoft Safety Scanner' is a self expiring tool that you run and it is magically removed/disabled by Microsoft after 10 days. Just visit the URL below,select 32bit or 64bit and download the 70Meg payload and launch. It runs just like the MSRT tool so just select Quick, Full or Custom and away you go.

It expires so that you keep getting the latest from Microsoft. look for MS to add this to their FREE Windows Security Essentials Anti-Virus tool and replace The Microsoft Malware Removal Tool (MSRT) in the near future.

Do I need to say IF the tool finds anything, Format your computer and reinstall your Operating System and then change all your Internet passwords to be 100% sure you are clean and safe and follow my Top Ten recommendations from my 'Dont Click on That!!!' presentation you can find on my website HERE:

'Don't Click on That' presentation

MS Safety Scanner

#InfoSec #MicrosoftSafetyScanner

Monday, April 11, 2011

(W) Warning all Facebook users - Don't Click on That!!!

Facebook users are being warned of a scam to cut and paste info from a message into your URL... If you do this you will be done all right.. done for is more like it.. Re-install Windows if you have fallen for this...

Generally speaking NEVER act upon a message asking you to paste anything into your browsers URL or click on any URL without using something like No Script for FireFox and Not Script for Chrome to block that bad script shtuff that will infect you.

Remember.. Your behavior will protect you, not your Anti-Virus software!

#InfoSec #Facebook

Thursday, April 7, 2011

RSA & Epsilon could use this hardware security

Recently two companies, EMC via RSA who makes hardware two factor authentication tokens (used to be the defacto standard) and Epsilon a huge email marketing firm have lost data from a database that should have been better protected. Better yet, never this obtainable.

Breaches occur all the time and usually because extremely valuable and or confidential data is stored in some database or file that contains info you just can't and should not lose. Why do they lose it? Well, they don't think through how to protect it with existing technology and they don't segment the 'keys to the castle' as we say allowing typical user systems to access networks and systems they should not even see, let alone have the ability to interact with.

Why? Because if I can see everything on a flat network, a user clicking on something they should not have, in the RSA case an Excel spreadsheet with a flash exploit inside the spreadsheet infected a system that spread malware that allowed the bad guys to see, touch and exploit the RSA database of super secret sauce.

This system or system(s) should. Have been completely isolated with only a jump server or highly restricted access control lists with serious authentication to obtain any kind of access. This was not in place.

If these companies, and many others had used something like the Yubico Hardware Security Module (HSM) that locked the keys and data in such way that stealing the data would have been worthless, they would have been protected. Yubico has taken what used to cost $15k entry point for HSM down to $500!!! Yup $500 dollars for a USB device that uses diode noise to calculate a truly random key that you could never crack unless you steal the USB device, that hopefully is physically secure in a data center. If the key or USB key is somehow stolen by some dumb luck or dumb employee, the application would fail and you would know immediately.

So if companies don't wake up and start using real isolation, segmentation and HSM to protect truly valuable and reputation related data, then they deserve the stock price hit, the firing of people and the lack of trust we now all have of these companies that REALLY should know better and know how to secure data of this magnitude.

Yubico website

#InfoSec #Yubico #RSA #Epsilon #Breach

When is 64 updates considered a patch? Damn Microsoft...

If you were making a quilt that had 64 pieces of fabric, you would be half way to having a blanket.

Microsoft is issuing 64 updates for Patch Tuesday.. 64???? WTF.. That is not a patch, it is a serious upgrade of the product. If you have 64 fixes for a product, you have a piece of crap for a product, not to mention adding all the other so called patches M$ has released this year thus far.

If you have ever rebuilt your Windoz based PC, which I recommend yearly as standard Windoz practice by the way, then you have come to realize that if you installed Windoz XP or Win 7 from DVD with the latest service pack and then install all your apps, then Office, your security software of choice... Then finally start the Windows Update nightmare, you will come to realize that patching your system takes twice as long as installation of everything just mentioned." whew.. What a sentence.. Sort of like the Windows Update process.

This is not patching, it is a constant significant upgrade of your product. A patch is something you do occasionally... Sew onto a pair of jeans. Patching this much stuff means your product is just terribly designed and you should seriously consider re-designing the solution so that a user would not have to patch, or at least not so often.

Wake up M$.. Apple is passing you buy.. They too have patches, but not as painful as Windoz.

Oh bother... And the reboots.. Don't get me started...

#InfoSec #patchTuesday

Wednesday, April 6, 2011

Google Chrome browser to protect users from malicious downloads

Google is adding protections Chrome browser users where Google knows a site has malware to warn the user that they are visiting a malicious site.

This is good because users like to click, click, click, click and do not really pay attention or are aware that their behavior is why they get infected and because they think Anti-Virus actually protects them against everything bad.. Silly users...

Google is joining FireFox in implementing this type of protection so users don't have to worry about what they click on while surfing the InterWebbings and why I created the presentation "DON'T CLICK ON THAT !!!" available on the link under 'articles and presentations'.

Darknet article

#InfoSec #Chrome

Monday, April 4, 2011

(W) Epsilon breach leaks several big retailers customer emails

Epsilon, a leading marketing firm used by several large retailers and financial institutions was breached loosing tons of customer email addresses last week.

Amoung the retailers and financial institutions, JPMorgan Chase, Citi, US Bank, Kroger, BestBuy and US College Board have lost their client email addresses.

At this point it is just valid email addresses, which at worst will lead to targeted Phishing attacks that look like valid emails from these retails and financial institutions, so watch out and 'DON'T CLICK ON THAT' url in emails from these institutions, or others for that matter. Read my preso on the subject linked on the right bar under Articles and Presentations.

Open your browser directly and visit your retailer or financial institution directly, avoid quick URL links in emails!!!

You might consider using a junk or second email address for retailers separate from your personal email, or a email specific for Internet business to keep emails like this from mixing with your personal email.

I use a junk email for any retailer I buy something from on the Internet that I never open URL's unless I know I just got something from them and want to check ship status or print an invoice, the rest I just ignore 9 times out of 10. My financial institutions on the other hand I do send to my personal account, but after this... I might setup an other Internet email address account for these Internet business to protect against SPAM and accidental quick open and launch. I am pretty paranoid about any URl in an email and tend to not to click on that... You should too... ignore any link in an email.

Engadget article on the Epsilon breach

#InfoSec #Epsilon #Breach