Posts Tagged ‘computers’

Ghost Rats And Zombies

Monday, March 30th, 2009

For quite some time, the Internet security community has been aware of computers being compromised and taken over as part of a “Zombie Army” or “Botnet”. (See the FTC’s article)

Now, a far reaching cyber espionage networks using Ghost RAT has been uncovered. A RAT is a Remote Access Trojan that takes over the host computer.

The GhostNet RAT uncovered by a team from the University Of Toronto found 1,295 infected computers in 103 countries. What makes these RATS all the more alarming is that it appears to be a well organized network attacking high level computers in government agencies, financial institutions and defense departments.

GhostNet was originally investigated because the Dalai Lama thought his computer might be infected.

The GhostNet RAT spreads itself through Microsoft Word documents or Adobe PDF files sent in email as attachments.

Tracking GhostNet: Investigating a Cyber Espionage Network

Computer Internet Security Alerts

Monday, January 26th, 2009

Get the latest security updates.

* Apple QuickTime Updates for Multiple Vulnerabilities
Attackers may be able to exploit these vulnerabilities to execute arbitrary code or cause a denial of service.

*Microsoft Windows Does Not Disable AutoRun Properly
Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. AutoRun (and the closely related AutoPlay) can unexpectedly cause arbitrary code execution.

*Oracle Updates for Multiple Vulnerabilities
The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

*Microsoft Technical Cyber Security Alerts Multiple SMB Protocol Vulnerabilities
A remote, unauthenticated attacker could gain elevated privileges, execute arbitrary code, or cause a denial of service.

Microsoft To Lay Off 5,000 Employees

Friday, January 23rd, 2009

The price of Microsoft stock fell to a 20 year low as their proprietary opperating system, Vista, continues to have trouble.

Here is an email from the CEO:

From: Steve Ballmer
Sent: Thursday, January 22, 2009 6:07 AM
Subject: Realigning Resources and Reducing Costs

In response to the realities of a deteriorating economy, we’re taking important steps to realign Microsoft’s business. I want to tell you about what we’re doing and why.

Today we announced second quarter revenue of $16.6 billion. This number is an increase of just 2 percent compared with the second quarter of last year and it is approximately $900 million below our earlier expectations.

The fact that we are growing at all during the worst recession in two generations reflects our strong business fundamentals and is a testament to your hard work. Our products provide great value to our customers. Our financial position is solid. We have made long-term investments that continue to pay off.

But it is also clear that we are not immune to the effects of the economy. Consumers and businesses have reined in spending, which is affecting PC shipments and IT expenditures.

Our response to this environment must combine a commitment to long-term investments in innovation with prompt action to reduce our costs.

During the second quarter we started down the right path. As the economy deteriorated, we acted quickly. As a result, we reduced operating expenses during the quarter by $600 million. I appreciate the agility you have shown in enabling us to achieve this result.

Now we need to do more. We must make adjustments to ensure that our investments are tightly aligned with current and future revenue opportunities. The current environment requires that we continue to increase our efficiency.

As part of the process of adjustments, we will eliminate up to 5,000 positions in R&D, marketing, sales, finance, LCA, HR, and IT over the next 18 months, of which 1,400 will occur today. We’ll also open new positions to support key investment areas during this same period of time. Our net headcount in these functions will decline by 2,000 to 3,000 over the next 18 months. In addition, our workforce in support, consulting, operations, billing, manufacturing, and data center operations will continue to change in direct response to customer needs.

Our leaders all have specific goals to manage costs prudently and thoughtfully. They have the flexibility to adjust the size of their teams so they are appropriately matched to revenue potential, to add headcount where they need to increase investments in order to ensure future success, and to drive efficiency.

To increase efficiency, we’re taking a series of aggressive steps. We’ll cut travel expenditures 20 percent and make significant reductions in spending on vendors and contingent staff. We’ve scaled back Puget Sound campus expansion and reduced marketing budgets. We’ll also reduce costs by eliminating merit increases for FY10 that would have taken effect in September of this calendar year.

Each of these steps will be difficult. Our priority remains doing right by our customers and our employees. For employees who are directly affected, I know this will be a difficult time for you and I want to assure you that we will provide help and support during this transition. We have established an outplacement center in the Puget Sound region and we’ll provide outplacement services in many other locations to help you find new jobs. Some of you may find jobs internally. For those who don’t, we will also offer severance pay and other benefits.

The decision to eliminate jobs is a very difficult one. Our people are the foundation of everything we have achieved and we place the highest value on the commitment and hard work that you have dedicated to building this company. But we believe these job eliminations are crucial to our ability to adjust the company’s cost structure so that we have the resources to drive future profitable growth. I encourage you to attend tomorrow’s Town Hall at 9am PST in Cafe 34 or watch the Webcast.

While this is the most challenging economic climate we have ever faced, I want to reiterate my confidence in the strength of our competitive position and soundness of our approach.

With these changes in place, I feel confident that we will have the resources we need to continue to invest in long-term computing trends that offer the greatest opportunity to deliver value to our customers and shareholders, benefit to society, and growth for Microsoft.

With our approach to investing for the long term and managing our expenses, I know Microsoft will emerge an even stronger industry leader than it is today.

Thank you for your continued commitment and hard work.


Is your company keeping information secure?

Thursday, January 15th, 2009

Federal Trade Commission

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

Take stock. Know what personal information you have in your files and on your computers.
Scale down. Keep only what you need for your business.
Lock it. Protect the information in your care.
Pitch it. Properly dispose of what you no longer need.
Plan ahead. Create a plan to respond to security incidents.

Protect Your Computer

Thursday, January 15th, 2009

Microsoft Security

4 steps to protect your computer

Step 1. Keep your firewall turned on
What is a firewall?

A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.

• How to turn on your firewall

• How to choose a firewall

• Learn more about firewalls for your operating system


Step 2. Keep your operating system up-to-date
What are operating system updates?

High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.

• How to update your operating system

• Microsoft security updates: Frequently asked questions

• Learn about using Microsoft Update

• Go to Microsoft Update


Step 3. Use updated antivirus software
What is antivirus software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antivirus technology to help prevent viruses, and you need to keep it regularly updated.

• How to get antivirus software

• Get regular antivirus scanning with Windows Live OneCare

• Get a free safety scan

• Learn about viruses

• Learn more about virus protection for your operating system


Step 4. Use updated antispyware technology
What is antispyware software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help prevent spyware, and you need to keep it regularly updated.

• Get antispyware technology

• Use Windows Defender, free antispyware for Windows XP SP2

• Learn about spyware

• Learn more about spyware protection for your operating system

New in-session phishing attack could fool experienced users

Wednesday, January 14th, 2009

By Joel Hruska | Published: January 13, 2009 - 11:15AM CT

Another year, another form of phishing. This one, I have to admit, is pretty good in terms of potentially fooling a user. Unlike most phishing attack vectors, it doesn’t rely on the victim being ignorant and/or moronic. The new technique has been dubbed “in-session” phishing and it stays out of your e-mail altogether.

Related StoriesStudy: PEBKAC still a serious problem when it comes to PC security
Twishing attacks steal data in 140 characters or less
Report: Many evils lurk in the “dark corners” of the Internet
Google opens up malware blacklist API
Security researchers with Trusteer have published a report (PDF) on this new type of phishing along with a suitably vague description of how the attack works. As its name implies, in-session phishing requires that the victim first log into a secure website; Trusteer uses an online bank site as one example of a tasty target.

Here’s how the attack works: A user legitimately logs into his bank, authenticates, and then does whatever he logged in to do. Once finished, he opens another browser tab (or browser window) and leaves the bank website open. Shortly thereafter, he encounters a website that has been injected with the malicious code in question. Once run, the malware creates a pop-up (supposedly from the bank or secure site that’s still open in another tab or window. The “authentic” pop-up prompts the user to enter his login credentials again in order to resume the session. Trusteer notes that the attack could be used to present different types of lures including online surveys or mini-flash games (punch the Yeti, enter your personal data, and win a free Llama!).

In order for the attack to function, Trusteer states that two conditions must be met. First, a website must be compromised and infected—the higher traffic the better, obviously. Secondly, the downloaded malware must be able to identify whether or not the unknowing carrier is logged into a relevant website. Trusteer does not state how long the window of opportunity is open for this particular attack to execute, but does note that the malware infection is temporary.

Trusteer explains how the bug works. It is present in the JavaScript engine used by popular browsers like IE, Firefox, and Safari, as well as Chrome, and allows a site to determine whether a user is also logged into another site.

The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.

The researchers recommend that users and companies deploy appropriate web security tools (which the company happens to sell), immediately log out of any secure sites once you’ve finished your tasks (good advice), and to be extremely wary of pop-ups that randomly drop in if you haven’t clicked anything.

The JavaScript vulnerability that Trusteer has discovered obviously needs patching, but in-session phishing doesn’t appear to be a major threat. In order to function successfully, the malware requires that a user have simultaneous browser windows open to both a login/secure site and an infected site, and that the secure site is on the malware’s pregenerated list of targets. There are some rather simple ways for banks and other targeted institutions to fight back; options include rapid disconnects if a user becomes idle and prominent notifications of the company’s login policy.

Many companies (Blizzard and AOL come to mind) prominently and repeatedly inform customers that neither the company nor its representatives will ever, ever, ask a user to disclose their password. A similar warning against in-session phishing might state that the company will never ask users to log in via a pop-up or any third-party service. Between currently available solutions and inevitable patches, I think in-session phishing is going to find its nets mostly empty.

Online Verification: Who Can You Trust in the Virtual World?

Wednesday, January 14th, 2009

BusinessWeek reader and full-time law student Stephanie Dube writes that the Web offers free tools to help identify and thwart potential scammers
By Stephanie Dube

Plano (Tex.)-based reader Stephanie Dube is full-time law student and freelance writer. You can find out more about her at

Kaylee was struggling. Diagnosed with a heart condition and cancer, she was scared. So she started a blog. Soon, people across the country answered her plea, writing notes of encouragement and even trying to mail her care packages. One night, she wrote a supporter. “I’m overwhelmed right now. I’m dying.”

Brief interactions evolved into late-night, long-hour conversations. But things only got worse. And that was the problem.

In early December 2008, Kaylee added a new blog entry titled, “Coming Clean.” She didn’t have cancer. She had never been sick. In a move eerily reminiscent of the fake “Kaycee Nicole” of 2001, “Kaylee” revealed to her numerous followers that she had been lying for two years.

The news was a blow, but there had been signs. In fact, whenever anyone is revealed as an imposter, you can almost always look back and find signs.

Are You Real?
How do you know if someone online is genuine? Sometimes it’s pretty transparent. We’ve all received messages about magic bank accounts filled with rivers of cash. One of my favorites was an e-mail from a supposed FBI agent. He requested that I send money to prove I wasn’t a terrorist. (I’ve got to admit, that was pretty creative.) I also fondly remember an e-mail from “David Palmer” of the show 24. He needed money, too, because apparently TV characters are real. I’m still waiting for a message from Jack Bauer.

Alfred Adler, a psychologist who collaborated with Sigmund Freud, said: “Trust only movement. Life happens at the level of events, not of words. Trust movement.” The philosophy transfers to the online world quite well. Don’t just trust words, authenticate them. This is especially vital when the communication involves your business. You can verify someone in two ways: through technology and observation. The technical side can often be faked, but a scammer will always give off a psychological “tell.”

Technical Authentication
Here are a few tools, available free on the Web, that will help you identify who’s for real and who’s surreal (and likely up to no good, at your expense):

Run Internet background checks. Google (GOOG) is your friend. Use the popular search engine to look up a contact’s e-mail address. Is the first part used as an alias? If your contact has a Web site, run a search on it. Visit Who Is Domain Tools to see who owns the site and when it was launched. Finally, plug your contact’s phone number into Who Called Us to see if he has been identified as a scammer.

Trace the e-mail. You can use an e-mail’s header to find the sender’s location. What Is My IP Address works great for this. You’d be amazed how many times I’ve found that an e-mail came from Nigeria! This method isn’t foolproof, though. Many scammers use proxies to hide their location.

Check Web statistics. Most people have a Web tracker on their blog or site (I like StatCounter.) If a new contact says he found your Web site through a search, check your Web stats to see if a visitor from his IP address really was referred in that way.

Psychological Tells
Identifying scammers is like calling a bluff in poker. Technical observation isn’t enough. Look for subtle behavior changes that give away a person’s real intentions.

Think about whether he or she is being consistent. Creating a fake persona takes a lot of work, so pay attention to details. If the contact should be in surgery, was she online instead? Also, is the tone a little too urgent, too desperate? Fake personas create situations that demand (your) immediate attention.

As your mom no doubt always told you, trust your gut instincts. Does your new contact sound too good to be true? Is her photo too perfect? Many scammers steal photos from modeling Web sites and stories from fairy tales.

The hallmark of many fake personas is drama. The craziest things keep happening—over and over and over. Sometimes, you’re the only person in the world who can help—or so you’re told.

Finally, emotional scammers crave attention. Does he come up with a new problem when you try to end a conversation? Scammers will not respect your boundaries. Watch for signs that he is keeping an eye on you, as if you’re a fish on a line that he doesn’t want to get away.

All of this was driven home to me during the first week of this new year, when a woman on Twitter learned the hard way that people online are quite unpredictable. After a particularly rough night putting her daughter to bed, the frustrated mom “tweeted” that she wanted to smother her child so she would fall asleep. Later that night, there was a knock on her door. One of her followers had reported her to the police.

It’s best to not just be authentic, but wisely authentic. Watch who you interact with and what you say online. You never know who’s listening.

Stephanie Dube is a full-time law student and freelance writer based in Plano, Tex. You can find out more about her at