Microsoft has not yet patched the .lnk vulnerability I wrote about last week. In the meantime, though, AV vendor Sophos has released a free tool that they claim will fix the problem.

This has been a serious issue. A number of malware writers have already released exploits targeting this flaw. Everyone should exercise even more caution than usual and avoid opening documents or clicking on links in email messages. Simply opening an infected MS Office document can lead to infection. Once computer is infected, it will infect any USB drives that are mounted and hide the infected files, using rootkit technology. This is a HUGE risk for businesses that allow users to transfer files back and forth between office and home computers.

Another word of caution involves a new rogue anti-virus - this time masquerading as a Firefox / Flash update. Check it out here. We are (and should be) always encouraging Clients to keep their brower plugins up to date - especially Flash, so you can see why this ruse would be effective.

Anyone who is tricked into purchasing one of the fake anti-virus programs can usually have the credit card charges reversed. Surprisingly, most do not. As long as people don't bother to fight back, the fake anti-virus game will continue to generate profits, and as long as it is profitable, the bad guys will continue to find new and better ways to trick users into installing the rogues.

Dennis H in West Virginia, US

July 29, 2010

Several folks responded to the previous post with the same question regarding the CVV code on credit cards. This is the three-digit code stamped on the back of the card. Actually, Visa calls it a CVV. It is also referred to as a CVC, CVC2, CVV2, or CID by other card issuers.

It often appears that this information is being stored when you enter information into a web form. NerdsBackup is a good example. When information is entered, there is a field for this information. You will note, though, that when you go back to a client record, the card number is partially masked and this field is always blank.

This number is NOT stored by any processing company that is operating in accordance with the PCI-DSS (Payment Card Industry Digitial Security Standard). It is used for the initial authorization, but it is NOT stored permanently on the system. Subsequent charges are sent through without this information. Use of this code is not required to process a transaction - it is simply an additional fraud-prevention control. The very fact that PCI-DSS standards prohibit storing the code in association with the card number in any form (written, encrypted, etc.) is why it has value. A hacker that manages to compromise other credit card date cannot only obtain this through physical possession of the card.

This code is NOT recorded on the magnetic strip. "Swiped" transactions ensure physical possession of the card and to not use this code. Some processing companies require it for "non-swiped" or "keyed" transactions as verification that the person keying the transaction has physical possession.

I hope this clears things up.

Dennis H in West Virginia, US

July 28, 2010

We hear about compromises of credit card information all the time. The biggest headlines seem to be precipitated when financial indstitutions or large retailers are attacked. According to a study released eariler this year by the data-security consulting company Trustwave, though, the industry that sees the most compromises is actually hotels. According to the study - 38% of breaches involve hotels, 19% financial institutions, 14.2% retailing, and 13% restaruants and bars.

Why hotels? There are many possible explanations. Like car rental companies, hotels have a legitimate need to be able to add charges to your card after you leave (to cover damage or theft). This means their transaction systems must be able to store credit card information. The hospitality industry has been hit hard by the recession, resulting in budget cuts in security and delays in adopting newer and more secure technology. Employee turnover is this sector is high, making it difficult to ensure all employees are properly trained. Even within major chains, the security practices can vary widely. Consistent policies and policy eforcement are as important as the technology used to secure data.

What can travelers do to protect themselves? Here are some tips to help lower the risk.

1. The most important measure for preventing credit card fraud is vigilance. Check your statement as soon as you receive it. Do not ignore small charges that you do not recognize. Criminals will often test the waters with small charges to see if they go through before attempting large ones. If you see something suspicious, follow up immediately. Generally, you will not be held liable for fraudulent charges, AS LONG AS YOU NOTIFY THE CREDIT CARD COMPANY PROMPTLY.

2. Keep separate credit cards for business and personal expenses. If possible maintain a card with a low credit limted for routine travel expenses.

3. Keep your card in your possession as much as possible. If you must give up possesion of the card, try to keep an eye on it and watch for suspicious activity. "Card skimmers" are small, easily hidden devices that can be used to capture the data from the magnetic stripe on the card.

4. Don't be afraid to ask about security practices. The CVV code (the last three digits of the number on the signature line on the back of the credit card) should NEVER be written down or stored with other credit card information (even in encrypted form). Make sure your full credit card number does not appear on any bills or invoices.

Dennis H in West Virginia, US

July 27, 2010

Update to the most recent Windows vunerability: I wrote about this earlier in the week and wanted to add some updates. This vulnerability, which exploits a flaw in the way .lnk (all those shortcut files in windows that point to a file in another location, including desktop and browser shortcuts) are displayed, originally targeted software that controls large power installations and manufacturing facilities and was spread via infected USB drives. As I suspected, this has become a much generalized attack vector. Here are some points worth noting:

- All versions of Windows from 2000 on are affected (and possibly even older versions)

- Windows 2000 and XP SP2 will not be patched - these are officially no longer supported by Microsoft. There are quite a few devices out there still using XP SP2 because of compatibility issues with SP3

- This vulnerability can also be be exploited via Windows Office documents, file shares, WebDAV (used in Sharepoint) and anything else that can accommodate embedded .lnk files

- There speculation that the favicons used on websites might also be able to exploit this vulnerability, according to Steve Gibson in this week's episode of Security Now!

- There is no "fix" yet - Microsoft has a registry modification that is a "workaround". It disables the rendering of all icons (that will change the look of your desktop!).

For all those Macintosh users out there who are feeling a little smug - don't. If you are using Safari, here is something you should know. Both versions 4 and 5 have a feature enabled by default that could allow a malicious website to exploit the auto-fill feature of Safari to extract personal information from your address book. Fortunately, you can disable this feature. Thanks to Jay Holtslander for bringing this to our attention. Apple is reportedly working on a fix.

Dennis H in West Virginia, US

July 26, 2010

There is a new Window attack against Windows that exploits a vulnerability Windows .lnk files (all those shortcuts on the desktop, in the start menu, and elsewhere are .lnk (link) files). Currently, this attack is being spread via USB drives, and is not a network attack. In theory, though, it could also be spead via network shares or WebDAV. All versions of Windows are vulnerable, including fully patched versions of Windows 7 and Server 2008.

Current versions of the attack utilize a rootkit to hide the malicious files on both the USB drive and on infections machines. Simply inserting an infected USB drive into a Windows computer ahd viewing its contents is generally all it takes to spread the infection. Any other USB drive that is inserted will also be infected. Initial samples of this "worm" (so classified because it can spread without any specific user action) are targeted attacks - looking specifically for software that is used to manage large distributed systems, such as power plants and manufacturing facilities. Broader attacks are almost sure to follow.

USB "drives" (which can incude other devices, such as smart phones, which incorporate solid state drives) are an increasingly dangerous vector for the spread of malware. "Thumb drives" or "USB sticks" have become a cheap, compact, and easy means of moving large amounts of data between computers. Smart phones are becoming ubiquitous and are commonly plugged into multiple computers to sync email, contact lists, and calendars.

One of the drivers that the rootkit installs is as signed driver - signed by Realtek Semiconductor Corp., a legitimate company. This is a good example of why it is so important to protect certificate private keys. Verisign has since revoked the compromised certificate. AV vendors are also scrambling to add this to the list of threats their products will detect.

We will have to wait to see how widespread the attacks which exploit this vulnerability become. Microsoft has not released any date for a fix. There are workarounds, but some of them will preclude the use of Sharepoint, a service upon which many organizations depend. The best solution is to implement some form of endpoint security. Endpoint security is used to lock down USB and other devices by limiting their ability to write files. Endpoint security can also limiting what can be written to external devices as part of a Datat Loss Prevention program.

One additional note - any systems running on Windows 2000 or Window XP without SP3 will NOT receive updates to patch this flaw - ever. Microsoft has officially ended support for those operating system.

Want to read more?
krebsonsecurity.com
www.computerworld.com

Dennis H in West Virginia, US

July 20, 2010

- Old school phone fraud meets modern cyber-crime. How can I steal from thee? Let me count the ways. If the scammers can't trick you into installing fake antivirus software by flashing warnings on your screen, well, then they will call you on the phone instead. This is cold-calling at its worst - REALLY cold. (Spread the word.)

- Be careful where you get those plug-ins! Both Chrome and Firefox have lots of cool plug-ins to extend the functionality of their browsers, but beware. This hacker wrote one to steal passwords. At least he told us about it. One would hope that a plug-in this malicious would not last long, but it is an open community, and there have been some bad apples in the plug-in barrel from time to time - just none quite so pernicious as this one.

- Credit Card skimming - it's not just for ATMs any more. This article brings an interesting problem to light - all those self-service credit card devices and who has access to them. 180 pay-at-the-pump gasoline (petrol for some of you) pumps were compromised by skimmers and bluetooth transmitters because access to these pumps is not securely managed. How would you spot one? You wouldn't and you couldn't, because the skimmers were inside. Your only defense is to watch those credit card statements (well, or use cash - of course, thieves can steal that as well).

Dennis H in West Virginia, US

July 13, 2010

A good question was recently posed by Twitter user, Keenan Wellar of Ottawa (@KeenanWellar), regarding our requirement for clients who host their domain with us to also transfer their domain name to our registrar. I would like to explain why this is the case.

Any customer who has their own domain, such as ABCcompany.com, can have as many as four different providers and are often frustrated because they don't know whom to call when a question or issue arises. Confusion and irritation occur for the customer when the different providers point fingers at one another as to who’s responsible.

The (possible) four distinct providers involved as follows:

1. Registrar - think of this company as the bank that holds your mortgage or lease - you pay them monthly or annually for your Internet "real estate"
2. DNS services - just like a directory listing such as a phonebook, this is essential so computers know where to find your website and where to send your email to
3. Web host - When you publish your website, this is where the files actually "live" and are served up to browsers that try to get to your website
4. E-Mail host - Your e-mail host or provider is your company's "post office" where you collect and send your email

Nerds On Site does not require that all of the above four are with us, but only the domain and DNS services. We point the WWW and MX records for many of our clients to other points of the globe.

Having been in IT, domain registrations and hosting for 14+ years, we recognize the challenges and obstacles customers face in the barrage of keeping up with the annual registrations, licenses, renewals and the like. At our customers' request, they wanted to run their business with fewer of these headaches, and a single point of contact for everything.

In our past experience, the #1 reason for websites to go down or for email to stop functioning, is that clients forget to renew the domain. Since our policy changed to require migration to our registrar, this has not happened to a single client of ours.

Unlike the incident which happened this past May in Tennessee, USA, when the Bluff City Police Department had their domain name, emails and entire website taken over by an upset member of the community.

While web hosting company, GoDaddy, sent many notices to the Police Department informing them that their domain would soon expire and thus become available for anyone in the public to register and own, the Bluff City Police did not get the message and thus their domain expired, allowing disgruntled citizen, Brian McCary, to register it and setup his own website in opposition to the Department's use of speed traps. 

For more on this story: click here

We, at Nerds On Site, recognize that these services appeal to our target client base (SMEs worldwide who do not want to be concerned about IT), but to the IT-savvy person may not be a fit. If you're already technically inclined, I have two thoughts:

1. How do we get you on our team? Seriously. Contact us.

http://www.iwanttobeanerd.com

2. You could get a cloud instance running on Amazon or Rack Space, keep your own registrar, and manage the entire website, DNS and email quite easily at almost the same cost, maybe even lower

So thank you for the question, twitter, and we hope this answers it for you.

In September, 2009, St. Clair College, marketing professor, Nicole Rourke, and president of Tactical Marketing Solutions, Kevin Booker, collaborated to create an assignment which would be presented to the third year marketing students at St. Clair College.  The major assignment was to develop a Strategic Marketing Plan for the technology solutions provider, Nerds On Site.

Charlie Regan, CEO (Capability Expansion Orchestrator) of Nerds On Site, met with students and gave an inspirational presentation about Nerds On Site and what they have to offer.  It was then determined which student groups would tackle which markets in order to help Nerds On Site expand, both their services as well as recruiting new EntrepreNerds, internationally.

At the end of the semester, students presented their final marketing plans to Booker and Regan.  As a reward for their hard work and effort, Nerds On Site very generously donated $1000 to the Marketing Club which would help send the students to Toronto for a variety of marketing seminars at the end of the school year.

In December, the St. Clair College Marketing department implemented a new internship program for the 2010 graduating class.  Rourke discussed with Booker the potential of having interns work at Tactical Marketing Solutions.  The idea went over very well and in early February, Tactical Marketing Solutions chose the students they wanted for the internship based on impressions from the marketing presentation.  Of the class, six students were chosen to intern for the month of April.  Presently, two students have extended the internship till the end of July and are still with Tactical Marketing Solutions.

“Tactical Marketing Solutions and Nerds On Site were fortunate enough to have had the opportunity to work closely with St Clair College, located in Windsor, ON, first by providing a project for their Marketing Class and second by hand selecting six interns to work with us during the month of April. While we wish we could have kept all six students (and one day we may), we were able to add two of them to our team right away - Veronica Bulmer and Matt Vilamarim. And if you haven't heard from them yet, you will soon!

We remain very confident in our decision; however that has been reinforced by the college, the faculty and their classmates. Matt was awarded the Bob Jershy award for academic strength and athletic involvement. Veronica was awarded the Faculty Academic Award, the Student Leadership Award and the Board of Governors Medal - a clean SWEEP!

Congratulations Veronica and Matt - happy to have you on our team!” Kevin Booker, President, Tactical Marketing Solutions.

“It’s always great when education and industry can partner together on a project.  Students benefit from hands on experience and feedback from a real client.  Having a diploma is no longer enough in this day and age.  Graduating students have to demonstrate that they have real world marketing experience.  Partnering with Kevin Booker was refreshing because of his commitment to student development and success.”   Nicole Rourke, Professor, St. Clair College

Veronica and Matt both work closely with Nerds On Site, helping to promote and grow the EntrepreNerd family.  The result of this internship has been incredibly valuable to the students as they are now able to enhance their real world marketing skills to round out their educational experiences.  A special thank you goes out to all who were involved in creating this opportunity for the students; Tactical Marketing Solutions, St. Clair College and Nerds On Site.

Veronica Bulmer in Windsor Ontario, CA

June 28, 2010

Major companies do not house IT services internally anymore and anyone who does is living in the past. Hewlett Packard prepares to cut 9,000 IT employees, as outsourcing IT is becoming the way companies solve their tech problems.

London, Ontario.

As fast as technology is changing, so are the capabilities of companies to maintain in-house technology departments.  Outsourcing these services has become increasingly less expensive, less complicated and more efficient.  Global powerhouse companies, such as Hewlett-Packard Co., are moving forward with this trend as they have recently announced that they will be gradually cutting 9,000 in-house IT positions globally.

International IT Solutions provider Nerd On Site views their way of doing business as the NEW way!

Change is inevitable and necessary as companies continually try to keep costs low and efficiency high.  Nerds On Site views this as a positive opportunity.  They have not only been servicing businesses all over the globe by making it easy and affordable to outsource IT since 1995, but have also created entrepreneurial opportunities for talented IT professionals.  Nerds On Site is quickly growing as the concept of ‘cloud computing’ increases in popularity.  Companies no longer need to be concerned with housing and maintaining large servers and the stress and worry of network ‘down time’ is drastically cut.

Nerds On Site is proud to announce they can offer a new start for those employees who will be out of a job by recruiting them to become EntrepreNerds.  Nerds On Site prides themselves on encouraging Nerds to be their own boss while providing a global network of support.

Eliminate the threat of layoff by becoming your own boss.  Become an EntrepreNerd!

For more on this story, click here.   

To become an EntrepreNerd, click here.

Veronica Bulmer in Windsor Ontario, CA

June 28, 2010

There is a major security vulnerability in Adobe Flash / Reader that is being actively exploited. Hmmm, that sounds familiar. Sorry to have to say - there is another one which was announced on Friday. You can find out more here.

Here is another announcement that will seem familiar - this Tuesday's patch cycle from Microsoft will be a BIG one - 34 vulnerabilities fixed - at least three of which are critical. Make sure everyone gets updated.

Here is some more news that's not new. Smartphones are about to become the next frontier for malware. There's an app for that!

In keeping with this theme, here is something that is (not) news - Internal fraud is a problem that continues to grow. Small businesses are especially vulnerable because they often do not have anti-fraud controls in place. Look for an upcoming article on preventing fraud in small businesses.

Well, that's the recycled old news / new news. Why do we keep treading in the same circles? Because the bad guys are still bad and we just don't pay enough attention to protecting ourselves. The next time you are face-to-face with an SME client, spend a little time talking about security.

Dennis H in West Virginia, US

June 7, 2010