Are BlackBerry’s a Security Risk as the UAE claim?

The United Arab Emirates (UAE) is calling BlackBerry devices a security risk. The UAE telecom regulator has stated, “BlackBerry operates beyond the jurisdiction of national legislation.”  BlackBerrys are the only devices used in the country that have data managed by a foreign, commercial agency and stored outside of the UAE. This conflicts with UAE law.

The real issue here is who has access to email sent via a Blackberry.  While there is certainly a legitimate concern for countries wanting to monitor data traffic, there is also the issue of personal privacy. Such a debate is now brewing in the US and abroad. One such case has already made it to the Supreme Court as the court was asked to review the issue of personal messages sent by an employee’s cell phone over an employer’s network.

What makes this announcement even more interesting is that this is not the first time the UAE has tried to access Blackberry user data. In July 2009, BlackBerry users in the UAE were enticed via a fake update to download cell phone malware to their phone that would enable third parties to access private information on their phones.  This hacking attempt was only discovered as the malware (bugs and kisses) was poorly written which drained batteries quickly.

It’s time people start realizing that smart phones are becoming mini hand held computers and there is an array of individuals wanting access to this data including hackers, identity thieves, and government entities.  If you would like to hear more about this topic, check out the news segment Mr. Michael Gregg did with the Business News Network at http://watch.bnn.ca/after-hours/july-2010/after-hours-july-27-2010/#clip329618.

Posted in Smart Phone Hacking | Tagged , , , , , | Leave a comment

Ethical Hacking Cloud Computing Concerns

Cloud computing is something that continues to grow in popularity. While cloud computing offers many benefits, there are significant security concerns when considering moving critical applications and sensitive data to public and shared cloud environments.  Some items to consider include:

1.    Where’s the data?
2.    Who has access?
3.    Do you have the right to audit?
4.    What are the service level agreement (SLA) terms?
5.    What is the long term viability of the provider?

As more companies move to cloud computing, look for cyber criminals and hackers to target these systems.  While there are many potential threats a few to consider include:

1. Denial of Service (DoS) attacks
2. Authentication attacks
3. Man in the middle attacks

Just as there are advantages to cloud computing there are also several key security issues to keep in mind. One big issue is that cloud computing moves portions of the organizations data outside the company’s natural perimeter and places data outside the company’s controls.  You should perform a risk assessment and closely review the types of protection the cloud based service provider is offering.

Posted in IT and Computer Security | Tagged , , , , | Leave a comment

Web Cam Hacking

While web cameras make it easy to keep in touch with friends and family it is possible for these devices to be hacked. If you have a web cam on your laptop or home computer, hackers may target these devices.  The attacks known as Ghostnet discussed how web cams and key loggers were used to spy on targeted individuals and these same techniques could be used against anyone using a vulnerable computer or laptop.

Web Cam Hacking

The techniques used for webcam hacking were recently discussed with KWGN news in Denver, Colorado. During the interview, Mr. Michael Gregg stated, “right now, hackers are spying on innocent users via their web cam and microphones. It starts with a simple email, link or program sent to you. The bad guys go out there and find vulnerabilities in different applications and programs. Exploits in PDFs and clickjacking are but two of the ways hackers can gain access to a system”  To read more about this issue check out the video webcam hacking.

Posted in Ethical Hacking | Tagged , , , , | Leave a comment

IT Security Certifications and the Importance of Continued Security Training

One of greatest challenges that America is facing today is to help its adults gain marketable IT security skills and postsecondary training credentials the workforce will need to ensure continued prosperity for our country in the 21st century global economy. There is an increasing demand for CISSP, CISA, CISM, CEH, and Cyber Security certified professionals. Training for these areas of IT security is on the rise. Each of these security certifications offers value for the individual seeking training in hardware security, software security, or even in skills such as cyber security.

Posted in Training and Education | Tagged , | Leave a comment

Wireless Vulnerabilities are a Tempting Target for Cyber Criminals and Hackers

Wireless continues to be a big security concern as it is a primary attack vector for hackers.  It is also something that needs to be closely examined during a security assessment.   Even if your not part of a ethical hacking or penetration testing team you will want to ensure wireless networks are secure.

Wireless remains a real problem as most of the protocols and applications used send information in clear text.  Services such as email, web, FTP, and others were not designed with security in mind and send information as clear text.  If you are not using a Virtual Private Networks (VPN) or strong encryption your information can potentially be exposed to any hacker, cracker, or criminal that is nearby. The top five wireless concerns and attacks include:

1. Evil twin – A fake access point that appears to be a valid access point.  Attackers seek to trick the user into connecting so that all data can be sniffed.

2. Promiscuous client – Laptops tend to connect to the strongest signal.  In this attack the hacker presents a strong signal to lure the victim in.

3. Targeted wardriving – Today’s war drivers look for specific targets.  These might be a competitor or other entity the attacker would like to garner information from.

4. Mobile device attacks – These attacks are targeted against point of sale (POS) systems and other devices containing credit card information or sensitive data.

5. Wireless driver attacks – This new category of attack leverages vulnerabilities in wireless device drivers and exploits layer two vulnerabilities.

The common misperception is that wireless network controls have advanced to the point that the attacks discussed above are no longer a threat.  While there are many controls to prevent these problems the issue is that they are not always deployed.

As an example of how most people do not lock down wireless consider the DEFCON event known as the “Wall of Sheep.” The Wall of Sheep event is really just an exercise in passively sniffing traffic on the DEFCON wireless network. Any clear text traffic that is sniffed is posted on a large screen in a public area. Over the years, this experiment has been running, the Wall of Sheep has witnessed everything from email addresses, passwords, sensitive information, and even someone filing a tax return with their accountant.

If you are responsible for your organizations wireless security make sure it is locked down. Train your users on good security practices. Make sure employees understand the importance of encryption and make the use of VPN’s mandatory for mobile users.  By starting with basic controls you can make it much harder for a hacker to use a wireless system to gain access to your network.

Posted in Ethical Hacking | Tagged , , , , | Leave a comment

Assessing Malware Found During a Network Security Assessment

If there is anything to be learned from the continued security breaches and cyber attacks that we’ve witnessed this year is that companies must have a good incident response plan in place and be prepared to deal with advanced threats and malware.During a network security assessment, you may discover malware or other suspected code. You should have an incident response plan that addresses how you will handle these situations. If you’re only using one antivirus such as McAfee to scan for malware, you may be missing a lot.One quick way to get a better idea of what you’re dealing with is by using several public antivirus scanners.Public antivirus scanners allow you to submit the suspected malware to many different antivirus services. One such service is offered by VirusTotal.com. The VirusTotal website permits you to upload files via clear text, SSL, or you can upload files via Windows explorer. Submitted files are scanned by 40 different anti-virus products. If you’re looking for a second opinion, you can also submit the potentially malicious code or application to Jotti.org; their services scan against 20 antivirus programs.

If you decide to execute the program in a safe environment, your best option is a sandbox.  A sandbox is a stand-alone environment that allows you to safely view or execute the program while keeping it contained. A good example of one such sandbox service is ThreatExpert.

Ethical Hacking

ThreatExpert executes files in a virtual environment much like VMware and Virtual PC.  This great tool tracks changes made to the file system, registry, memory, and network. ThreatExpert even uses API hooks that intercept the malware’s interactions in real-time.

While many corporations are worried about the flawed MacAfee update killing Windows XP computers worldwide, I would suggest anyone interested in cyber security start looking closer at the suspected programs they find running on their computer systems.  Analyze these files by submitting them to more than one virus scanner and learn more about them by using a sandbox. Don’t execute the program on an unprotected system!

Posted in Ethical Hacking | Tagged , , , , , | Leave a comment

Are You Getting a Charge Out of Hacking?

You may be getting a charge out of hacking if you are using the Energizer DUO USB Battery Charger.  This battery charger comes with software to allow Windows users to monitor the status of the batteries while they are charging.  The problem is that hackers and cyber criminals can use this software as a backdoor to your computer.

The file in question is “Arucer.dll” and is created during the installation process of the USB charger software. This file is placed in Windows/System 32 and is also added to the registry.  As the Arucer.dll file is added to the run key the Trojan starts each time the system reboots. Once running the Trojan listens for commands from anyone who connects.  Any hacker that identifies the malware can take control of the compromised computer and perform various actions as:

  • Uploading files
  • Downloading files
  • Executing files
  • Copying directories to the remote hacker
  • Send files to the remote hacker
  • Modifying the system in any way

The malware opens a listener on port 7777.  If that port looks familiar it should as it is the same one used by Tini.  Tini.exe is a well know Trojan that has been around for ten years or so and that works as both command line server and client.

Cyber Security Threat

If you have the Energizer DUO USB Battery Charger have installed the software at a minimum you will want to remove it. You must also remove the Windows registry value that executes the Trojan each time Windows starts. Go to the Windows/System32 directory and delete the file “Arucer.dll.”

What is interesting about this incident is that Energizer has not stated how this malware ended up in the software and why so must time when by before this vulnerability was released and the software removed form their website.

Posted in Ethical Hacking | Tagged | Leave a comment

Hackers Plan to Cash in During Last Minute Rush of Tax Filing Season

While many of us may be thinking of ways to spend our tax returns, hackers are busing thinking of ways to steal our money. The possibilities are endless:

  • Identity theft – Someone else filing your return using your social security number.
  • Fake web sites – These sites are designed to lure victims in and tricking them into giving up sensitive information.
  • Fake software – Over the last few years, there has been a rise in fake software that simply does not work or further infects your computer.
  • Phishing and fake emails from the IRS – Fake emails supposedly from the IRS (which are not) that seek to have you open an attachment or install a program. An example of such an email is shown below:

Fake IRS Email

This phishing technique has become even easier as hackers can now download prepacked phishing kits that allow them to do everything needed to setup a scam. These Do-it-Yourself (DIY) phishing kits can be found on many hacker sites.

Here are some helpful tips:

  • If you suspect fraud with your social security number, you can call at (800) 772-1213.
  • Avoid suspicious emails as the IRS does not directly send notices of tax refunds.
  • If you have opened such emails or attachments, run a current version of anti-virus against your computer or at least, run the Microsoft Windows Malicious Software Removal Tool; it is free and available at: http://www.microsoft.com/security/malwareremove/default.aspx
  • Purchase only name brand tax filing software
  • For any tax filing you do online, make sure that the URL begins with https (for example, https://www.irs.gov/) and check to see is a tiny padlock appears at the bottom right of the screen.
Posted in IT and Computer Security | Tagged , , , , | Leave a comment