This USB battery charger from Eveready has been sold in the US and Europe since 2007. The software that comes with it includes a trojan that stays active, listening for commands on port 7777, even when the device is not connected. I aways found that cute bunny with the sunglasses to be a little suspicious.

We trust Mr. Google to find us what we are looking for, but even the venerable Mr. Google gets attacked by the bad guys. It is called search engine poisoning, and it can trap the unwary. Think before you click, and don't always assume Mr. Google is right.

Anyone can digitally sign a file. The question is whether the digital signature traces back to a trusted Certificate Authority. Virus writers are becoming more sophisticated all the time, and some are now digitally signing their poison, making it look more official to those who are not careful about examining the signature. Fake signatures are easy to spot - IF you take the time to look. Your browser / OS will usually warn you as well, IF you pay attention. Education and awareness are still the best defense. More information can be found here.

Patching is a real pain - that is no secret to any of you. I have recommended Secunia PSI on numerous occasions for keeping third-party applications up to date. Secunia is working on an update that will make these updates automatic. Easy is good.

Endpoint Security - clients need to gain control over all those portable devices (USB drives, smart phones, MP3 players, etc.) that come and go from the work place. Along with them, malware can come and sensitive data can go. Here is an article that offers more information. The GOOD NEWS is that Nerds On Site will soon be able to offer endpoint protection as part of NerdCare.

This last one is not security-related, but it is worth noting. Microsoft is pulling the plug on the Windows Essentials Business Server product.

Dennis H in West Virginia, US

March 8, 2010

DON'T press the F1 key - there is a current vulnerability in Windows XP / IE that has not been patched. If an attacker can convince the user to press the F1 (the default help key in Windows...well, you know the rest of the story. There is no definite word about when there will be a patch available.

On a positive note, Microsoft has been taking the battle against botnets to the courts. Let's hope that others follow suit. This certainly will not cure the problem, but it sure helps.

Thick clients, thin clients, and now...zero clients.. This device has no OS, no memory, no drivers. I simply connects a keyboard, mouse and display to a remote server via standard TCP/IP protocols. Now this is centralized management - and centralized security.

Have a Lenovo Thinkpad? Don't forget the supervisor password - Lenovo says the only fix is to replace the motherboard.. Ouch!

Which is more secure - open source or commercial software? According to this article, open source software is patched more quickly.

Could your use of social networking raise your insurance premiums? According to this article, it could - at least in the UK.

Microsoft Security Essentials - it's free, it's good, but is it the REAL Security Essentials? Watch out, because there is a rogue pretending to be MS Security Essentials..

Another small chink has appeared in the armor of WPA / TKIP. This protocol is still pretty secure, but best practice is now to move on to WPA2 and AES encryption.

Are two malware programs better than one? Well, of course - we knew that (but then again, we know stuff).

Spam + drive-by download + Zeus = empty bank account. Watch out for fake IRS (Revenue Canada, etc.) email messages. Zeus is a nasty password-stealing trojan that has emptied many a bank account. It is also being spread through fake AIM updates.

Want to know more about how SQL injection attacks work? Here is a good place to learn more. SQL injection attacks are among the most common web attacks.

Dennis H in West Virginia, US

March 3, 2010

Green is good, but not for security. Here is an example of why turning off computers at night can save a few dollars in power costs, but at a much higher cost. Turning off computers can prevent updates from installing correctly.

Watch out for Chuck (Norris, that is). This malware target routers, rather than computers. Make sure t default passwords are not used and that remote administration is turned off (duh). The good news is that a reboot will send Chuck packing.

Did you know that Windows 7 has a new feature that allows it to act as a wi-fi client and as a wi-fi access point at the same time? The result is a bridged network. Think about the security implicationsof that.

There is a new zero-day exploit in Firefox 3.6.

There is also an issue with Adobe Dowload Manger that yo should know about.

The Kneber botnet is major new threat that is reported to have infected more than 74,000 computers. It is a Zeus variant a may work cooperatively with Zeus.

On the other hand, this new Russian botnet tries to kill the rival botnet Zeus.

Finally, I have written about ATM fraud several times, but check out the numbers in this article.. ATM fraud is a serous problem costing banks millions. Take a close look before you put in that card!

Dennis H in West Virginia, US

February 23, 2010

Detouring your website lookups - ISP DNS Proxy

We apologize in advance that some aspects of this article contain NerdSpeak but we hope that the gist of the article is of value to you.

What is this DNS proxy all about?
DNS is fundamental to the Internet, similar to your address book or phone book. We don't want to know all the IP addresses behind websites, so DNS does the lookup for us. Internet Service Providers have always provided this lookup service as part of their service offering, but many people and companies prefer to use alternate lookup servers such as OpenDNS or Google. Some ISPs are now intercepting their customers' lookups, if they are using an alternate lookup server (in the form of a Proxy) and providing answers directly rather than allowing them to use these alternate lookup providers.

How do I know if my ISP detours or proxies my DNS?
OpenDNS has an article that describes this for you, and this was our result when we suspected the ISP had turned on DNS Proxy services and this verified it:

Why is this bad?
Proxying these DNS lookups is bad for us for the following reasons:

1. It prevents customer choice
2. It breaks DNS filtering features that are extremely useful for a number of reasons including customer-controlled filtering and botnet protection
3. It is a bit like a dictatorship on the Internet

Why might ISPs do this?
ISPs actually do have some legitimate reasons why they would want to do this:

1. Minimize technical support costs. Your computer's DNS servers may be setup with one set of servers at work and they may not work at home, or vice-versa. This is when the ISP incurs technical support costs that they would rather avoid. If they proxy your DNS, then your non-compliant settings magically work, a technical support call and downtime frustration is avoided. However, this is just a band-aid and doesn't solve the root problem.
2. Protect their customers from botnets. Although the intention is good here, having an ISP responsible for your Internet security forces them to apply a one-size-fits-all policy which has ill side effects. It's like our government dictating what kind of grass we can grow in our yard.

What should they do instead?
Opt Out. Considering that ISPs have reasonably good reasons for doing this, just offer customers an Opt-Out option. This way, all of us that have enjoyed the features of OpenDNS and Google DNS servers can continue to enjoy them and everyone is happy.

Are there any workarounds if the ISP does not offer an Opt-Out feature?
Yes, there certainly are ways to work around this.

1. TCP vs UDP - some ISPs only proxy UDP-based DNS requests but not TCP. To find out, check this arcticle: http://www.opendns.com/support/article/208 Note, however, that switching your services to use TCP only will affect your performance and each DNS lookup will take longer.
2. VPN - A VPN connection makes your type of traffic invisible by your ISP so they cannot proxy DNS. If you have an internal DNS server that you want to use OpenDNS or Google recursively, make the VPN connection only from that server and not from your desktop. That way everyone on that network gets the benefit of the one VPN connection. Alternatively, if you make your own VPN connection, choose to NOT make it your default route (an option in VPN software) but do use the VPN's DNS servers.

What obviously motivated this article is that we're huge OpenDNS fans - check out how you can take advantage of what OpenDNS has to offer both in free and commercial flavours... If you have any comments, please feel free to share. Thanks to Arthur Wiebe for his input on this article.

David R in Ontario, Canada

February 22, 2010

Let's start with this cool device I found: Imagine this scenario - you copy your client's precious data for a wipe and reload, reformat their drive, and when you begin to restore the data, your backup drive dies. Sound unlikely? It is - but this actually happened to me. I vowed to never format a client drive again unless I had at least TWO known good backups. That may be a good policy, but backing up twice would take twice as long - unless you had one of these adapters that creates a USB RAID 1 cofiguration. It will copy that precious data to two SATA drives at once.

Now for news:

This one just makes you shake your head - a rogue anti-malware vendor that actually provides live (fake) technical support. Of course, many people assume that this support indicates that the vendor is legitimate, which is, of course, why the ploy works.

The so-called "chip and pin" method of credit card authentication is used widely in Europe, and has been considered for use in the US (I am not sure about Canada). The method is considered to be a strong, two factor authentication method and banks often refuse to refund questionable charges when it is used. There have been several articles about the compromise of this system in the past couple of days, but this one from Bruce Schneier is the most informative.

It is worth noting that Adobe has some important patches available (don't delay on these), and that one of the patches issued byf Micrsoft on Tuesday resulted in a number of BSOD problems. The problem was not with the patch, but an interaction with a piece of malware that was already present on some XP computers.

I am not sure this is even news, and it surely is not good news, but ID fraud hit a new high in 2009.

We used to feel that two-factor authentication made for reasonably safe banking, but even two-factor authentication and one-time passwords do not ensure safety. Attacks against banks are becoming increasingly sophisticated. The problem is that everything is done in the browser. If the browser has been compromised, there is no guarantee of safety. How can you ensure that the browser has not been compomised? The best way is to boot from a live Linux distibution on a CD. The browser cannot be compromised when the files are read-only.

Who pays when bank accounts are compromised? That is often a question for the courts. Here is a case with more than a half-million dollars at stake. Both the bank and the bank's client would have benefitted from some good securiyt consulting and education. Both parties broke common-sense security rules. The courts will have to decide who pays for their errors.

Dennis H in West Virginia, US

February 16, 2010

Kevin O'Reilly, an eNerd with Nerds On Site in Brampton, Ontario Canada was preparing to go meet a client at 9 a.m. on the freezing –17˚C morning of the 29th of December 2009. Thinking “it sure would be nice to be sitting next to a warm fire on a day like today”

He went outside to start his diesel Volkswagen Beetle Nerdmobile, or as an eNerd may say “give it a COLD boot” but it would not start. So back inside Kevin went and gave his client a call to say he would be a little delayed, as he had to call for a boost.

Between 5-10 minutes later, Kevin heard a loud BANG! He went back outside and looked down the street to find out what the noise was, and saw nothing. Then all of a sudden, he could not believe his eyes… his Nerdmobile was engulfed in a cloud of black smoke and flames. Not exactly the warm fire to sit beside he had in mind!

Immediately he called 911. Then being the quick thinking eNerd he is, Kevin used his iPhone and took the action pictures you can see below, along with the “after” shots. Needless to say, the Nerdmobile was a write-off.

According to the Firemen and Kevin’s Mechanic, what happened is not a common occurance for diesel vehicles, yet known to happen, though not typically diesel cars.

Even though Kevin had removed the key from the ignition, there seems to have been a short still supplying power to the glow plugs (diesel’s don’t have spark plugs). When the diesel got hot enough to vaporize, it ignited setting the Nerdmobile aflame. The brunt of the damage was near the battery, or what was left of it! Talk about “firewire”!

Interestingly enough, the documents Kevin had on his front dashboard inside the Nerdmoblie at the time of the incident remained in tact and not even singed from the flames. Who knew even Nerdmobiles have such great “firewalls” to protect important documents!

After all the drama, Kevin called back his 9 a.m. client to let them know what happened, and that he would be further delayed, as he was waiting for the wreck to be towed, and a rental car delivered. At noon the rental car arrived and Kevin called his client once more to let them know he was on his way. When he finally made it to the client and showed them the pics, they asked him why he still came out to see them!

This goes to show how dedicated our Nerds On Site are and what a terrific example of an eNerd Kevin is. Just like that old saying, “Neither snow, nor rain, nor Nerdmobiles aflame, stays these Nerds On Site from the swift completion of their appointed rounds”!

Kevin is fortunate to not to have been injured from this event, his house did not catch fire, and everyone at Nerds On Site is VERY grateful for his safety. Kevin is also thankful to the members of his team who were very supportive during this emergency.

Kevin commented during the worldwide Team Meeting what a GREAT Team we have. “You know you work with a great group of people when they are there to help, know you are safe,

...then the 'much needed humour' began, even from the CEO and Founders, Kevin’s story was such a HOT topic!

Some of their comments were:

”Hey Kevin... you know there are better and less expensive ways to shovel your driveway, right?”

”I don't think that is the recommended method of defrosting your windows.”

“We are very happy no one was hurt, but the question is... Where are the pictures of the firemen???”

“Kevin, you're one HOT nerd all FIRED up for 2010 apparently! ”

“AHHHhhhhhh…. well - just like u bud - ONE IN A MILLION!! de-branded - now THAT's a goodun!!!”

Whether you’re another eNerd driving a diesel Volkswagen Beetle Nerdmobile, or anyone else for that matter who drives a diesel vehicle, keep this story in the back of your mind for when it gets really cold out.

Never in the past six years with Nerds on Site did Kevin have any serious problems with his 2000 or 2006 Volkswagen Beetle, and both cars had always been properly serviced by VW Canada. Kevin is now actively looking for another Volkswagen Beetle Nerdmobile, and diesel is still preferred.

Day by day, Nerds On Site is working to make itself a more enjoyable and effective partner of choice for traditional and emerging technology for You! We're in constant and passionate pursuit of more pleasurable, productive and profitable ways to fully leverage computers and all that's tied to 'em! We’re driven to become your PowerBrand of choice... and have FUN doing it! … even if our Nerdmobiles spontaneously combust!!!

Tomorrow is Patch Tuesday (again). This is going to be another big one - 13 patches, 5 of which are critical.

Here is another reason that access to commercial bank accounts should be limited to computers that are used for nothing else. Online bank accounts should NOT be accessed by computers used for general-purpose web surfing! Having a dedicated computer may seem like an extreme measure, but not to the City of Poughkeepsie, NY (at least not now)!! Instead of retiring that old desktop or laptop, install a hardened and restricted version of Linux and make it the only computer that has access to bank accounts.

We all love those Firefox add-ons, but watch out for the ones in the "experimental" section - user beware.

Made in China? That may be a reason to think twice when it comes to hardware.

Think banks and retailers are the biggest target for hackers? Think again - think hotels and the hospitality industry. For those of you who have hotel clients, this is worth bringing to their attention.

Why should employers invest in the technology and your services to make SURE P2P and social networking are not part of the workplace? Show them this and this.

Think the dangers of public wifi are limited to the time you are connected to them? Then you MUST read this.

This has NOTHING to do with security, and I by no means want to encourage anything you consider a bad habit, but some or you will consider this good news - beer is good for your bones (but too much of it may lead to breaking them).

Dennis H in West Virginia, US

February 09, 2010

ATM fraud continues to grow. Take a close look at that ATM machine before you feed it your card. This bank in Texas lost $200,000 to this scam.

Here is a social-networking risk you may not have considered. Hackers may attack your friends if you have access to sensitive data and visit social networking sites.

If you are a Chrome user, make sure you are up to date.

Have I mentioned the importance of keeping browser add-ons up to date? Here is an article about the exploit packs that can be purchased and installed on compromised websites. These exploit packs send barrage of attempted exploits at your browser. If one does not work, the nest one may. It is effective - many of these vulnerabilities have long-since been fixed, but there will always be some folks who are not up to date.

100% accurate spam filtering? Well, for the time being, anyway - turning the spammers dirty tricks against them.

Who pays when a bank account is compromised? There are a number of pending cases in which the account holder has filed suit against the bank for not maintaining adequate security, but this Texas bank has preemptively sued the account holder.

Dennis H in West Virginia, US

January 27, 2010

First, a couple from Micrsoft:

This one dates back no less than 17 years and is related to a virtualization technology that allows 16-bit applications to run on 32-bit Windows platforms (virtualization is NOT a new technology). 64-bit versions of Windows are only minimally affected, but 32-bit versions that have 16-bit execution enabled are vulnerable.

This vulnerability in IE is serious enough to prompt Micrsoft to issue an emergency patch today. Yes - that means it is serious.

If you are a Mac user feeling smug about those MS security woes, you should know that Apple has also issued a security update that addresses a dozen serious security issues as well.

More "stuff you should know" coming soon.....

Dennis H in West Virginia, US

January 21, 2010