Here’s the reason that you should use a strong password for your webmail account. You may think those who may have personal reasons to want to get into your email account don’t have the sophistication to hack it, but they don’t need any hacking skills at all – they just need $100. Think about it – sooner or later someone is going to want to hurt you or see what is in your mailbox. $100 is and your password are the only things standing in their way.

Months after we have stopped talking about Conficker, it is still costing some folks a lot of money. Perimeter defenses notwithstanding, one employee with an infected computer at HOME, and a USB flash drive used to transfer files, was all it took to cause this London (UK, not Ontario) council a lot of money. An internal vulnerability scan, endpoint security, or locking down USB ports could have averted this.

Most of us are Firefox users – because there are so many great add-ons and features. Here is one more, and it doesn’t even require an add-on. Future versions of Firefox will automatically check for vulnerable versions of Flash. Flash vulnerabilities are one of the most common ways of infecting unsuspecting web-surfers.

Dennis H in West Virginia, US

September 8, 2009

Click on the image to enlarge

While starting my own business, I was struggling for weeks setting up our new IT system. Eventually, on Christmas Eve 2003, I gave in and Googled those guys who drive around in red VWs. Much to my relief (and surprise), I received a response the same day and my problem was sorted out in minutes!
Since then, the business has grown, as has our ICT needs.
It has been gratifying to have Nerds On Site with us every step of the way. Werdus (Our Nerd), has introduced many improvements over this time and provided unparalleled support – even when he’s been away on leave, we’ve always had competent Nerds to fill the gap.
Possibly the greatest benefit to joining the Nerds On Site family has been the assurance I have (day and night) that our ICT systems are ticking away perfectly, thereby allowing us to maximize the leverage we have enjoyed with competitive systems compared to that of our competition.
We would wholeheartedly recommend Nerds On Site to anyone who has an ICT need – from their home PC through to virtualized servers, VOIP solutions and the like … ask us, we’ve experienced it all – they Know Stuff!

TREVOR WILLIAMS
for Trevor Williams Consulting Engineers

For a little over a year I have been working with a client, Sherry, who publishes a local magazine, AirdrieLIFE.  I first met Sherry at a Chamber of Commerce event.  I was very fortunate to be included in an article about local entrepreneurs last fall.  The article was a great source of PR for my business and definitely increased the community awareness of Nerds On Site.

This summer she approached me about writing a tech column for the magazine.   Now, I have never written anything that was published before.  Needless to say, I was a little nervous about it but realized what a great opportunity I had been offered. After much thought and consideration, and rewriting, I sent in my column.

Yesterday the magazine arrived on the news stands.  I was like a little kid opening the Christmas catalogue!  I quickly found my column and read it at least three times.

This morning I was attending a local business group breakfast that I belong to and as soon as I entered the room I had people commenting on the column.

Now the hard part …. what to write for the next issue.

AirdrieLIFE TechLIFE Column PDF
AirdrieLIFE Magazine Web Site

Brad R in Alberta, Canada

Spyware comes in many forms, and spyware writers are always looking for new ways to take advantage of the unwary. This one masquerades as a plugin for Firefox. This is not malware of the botnet or password-stealing variety, but is does capture search data – and that is definitely spying.

There are still quite a few websites running on IIS 6 and IIS 5, especially small company sites. There is a newly discovered flaw that has not yet been patched by MS, but for which there is exploit code available on the internet. The vulnerability is in the FTP code, so FTP anonymous access should be turned off if it is not needed (or FTP disabled completely). IIS 5 is definitely vulnerable, and later versions may also be vulnerable, although less so. Locking down the directly structure is another way to mitigate this risk, since the exploit requires the ability to create a directly.

There is not much we more can do at the moment, except be aware of it and keep an eye on any sites that we know are running on these versions of IIS. More details can be found here and here.

Dennis H in West Virginia, US

September 2, 2009

Thanks to Alex Brown, who was the first to point this out to me. I also see that Jeremy Laughlin picked up on the story and sent out an email.

It appears that a couple of Japanese researchers have taken previous attacks on WPA and applied them to a MITM (Man In The Middle) technique that will make it possible to crack a WPA-encrypted wireless connection in as little as a minute. Bear in mind that this is still a theoretical attack, and that it has not been demonstrated to actually work as claimed.

In any case, we should all be implementing WPA2 in any new installations. Almost all devices have supported it since 2006. Of course, there are still a LOT of networks still running on WPA (not to mention WEP), and quite a few older computers and routers still in use that do not support WPA2. This can often be remedied through firmware driver updates.

We should note that WPA implementations that offer AES encryption are not affected by this latest development. It is the TKIP (Temporal Key Integrity Protocol) that is vulnerable. WPA was always seen as an interim solution, but it will be a long time before we get everyone off WEP, let alone WPA.

The take-away is that we now have one more addition to our list of things the we should check when servicing clients – especially our SME clients.

If you want to really nerd it up and want the details, here is a link to the paper presented at the2009 Joint Workshop on Information Security

Dennis H in West Virginia, US

August 29, 2009

I am often asked by clients about the economics of viruses, spyware, and botnets, so here are a couple articles that may help us all understand the financial incentives of getting malware onto computers:

This article provides a little insight into the wold of botmasters. Cisco researchers managed to infiltrate this world by going undercover. These guys are not interested in identity theft – they just take over machines, organize them into botnets, and sell or rent these botnets to others. Some claim to be raking in $5000-10,000 per week and they acquire most of their machines through simple phishing scams. They only need 1 percent of recipients to open malicious attachments in order to build their botnets.

Only 20 percent of these botmasters even understand the code they are using to control these machines – you don’t have to be a computer genius to run a botnet. You can purchase the code fairly openly on the internet (that is another article).

You don’t have to be a genius to employ SQL injection attacks either. Again, the tools are readily available and you don’t have to know how they work to use them. According to this article,SQL injection attacks are the top attack technique on the web. Older versions of MS SQL are particularly susceptible. SQL injection works by simply injecting SQL commands into forms or other input areas. If the input is not checked and “sanitized” before it is passed on to the SQL engine, these commands can be executed to steal data. Some of the biggest data thefts in recent years were pulled off this way.

As the internet matures, “real time” communications become possible. This allows us to have phone conversations via VOIP, allows musicians to play together, and allows gamers to play with others in real time. As always, there are malicious uses as well. This article explains how hackers can use key loggers that send data in real time to bypass one-time password devices, which have always been one of the most effective security tools available. The key, of course, is to keep these keyloggers off of computers in the first place.

This has always been a battle of “ordinance vs. armor”, and that is not going to change. New security techniques spawn new attacks, which spawn new defenses. As business consultants, all we can do is try to stay on the cutting edge and make sure are clients are current with their defenses.

Dennis H in West Virginia, US

August 25, 2009

This is an issue that affects pretty much all Linux distribution released since 2001 (2.4 and 2.6 kernels). It allows local users with limited privileges to escalate their privileges to root level by initializing a socket or by invoking certain protocols. Exploits are publicly available. This exploit requires local console access and does NOT allow remote code execution.

This is considered a critical vulnerability because it can be used to acquire root access.

Updates are available for Debian and Ubunto and should be available soon for Red Hat Enterprise and CentOS.

Issues like this raise an interesting point with regard to cloud services. One cannot simply install an updated version of the kernel on a virtual server in the cloud. Typically, one must rely on the provider for such updates. In addition, the actual version of the kernel running on a hosted cloud server may not even be easily determined. An expanded discussion of this topic can be found

Dennis H in West Virginia, US

August 21, 2009

Beware the “clampi” virus: Some malware, such as “scareware” steals money in small amounts from a lot of people, but the most pernicious malware is capable of stealing a lot of money from one victim – as in emptying a bank account. The clampi virus is an example. It is very stealthy and seems to be operated by organized crime gangs who can be very patient. This virus sometime quietly gathers information for many months before the operators make their move. This is a good reason to do internal scans on systems that handle financial data. Other defenses are to limit the amount of money in accounts accessible electronically and to isolate computers used for financial transactions from the rest of the network (perhaps using a virtual machine).

Those with Linux systems should pay attention to this null pointer vulnerability in Linux because it allegedly affects all versions of the 2.4 and 2.6 Linux kernels.

Pornography is not funny, but you have to at least award points for creativity to these guys. We have seen adware and ransomware scams in the past that encrypt data and charge a ransom to decrypt it, but this attack involves placing nasty pornographic ads on your browser and charging a ransom to remove them. Fortunately, removing the malware is about the same as removing other adware. Nevertheless, innocent victims have to pay someone like us to remove it and we would all rather spend our time performing other services. Hopefully, few folks pay the ransom, which is likely to result in more extortion in the future.

Dennis H in West Virginia, US

August 15, 2009