DNS Changer: 9th July 2012: Will you lose connectivity?

2012/07/06


IMPORTANT:


In 2011 viruses were distributed globally that forced computers to use a network of DNS servers run by a malicious organisation going by the name of Rove Digital.
Although the organisation and its infrastructure was taken down by law enforcement authorities, the DNS system they set up had to be temporarily replaced with a safe alternative to prevent (potentially) millions of users effectively losing the ability to use the internet.
That temporary replacement is being switched off on Monday, 9th July 2012.
You should check your systems this weekend to see if you are affected. The number of potentially infected systems seen was last reported 11/Jun/2012 and was just over 300,000. That makes it unlikely you are infected but still worth checking.
The website DCWG has been setup to help and advise on what to do if you are worried or want to check your system.
The DNS Changer World Group is there to help. Read the rest of this entry »

Leave a Comment » | IT, Security | Tagged: , , , | Permalink
Posted by harlekwinblog

Facebook: Security updates

2011/10/10

Last week Websense and Facebook announced a partnership in order to protect users from malicious links in the popular social media site.
But Facebook have a pretty good page dedicated to security issues of all sorts.


Websense Partnership:
Firstly, I’ll cover this new enterprise. This looks like an excellent deal. Obviously the end user should benefit from more trustworthy results from Facebook. Facebook benefits via significant PR. Lastly, Websense dramatically improve their malicious site DB credentials with another mainstream, popular and massive client. They also service Bit.Ly.
The idea is to scan the accessed URLs using the Websense™ ThreatSeeker™ Cloud and if deemed appropriate prompt the user with a warning, where they can elect to continue or ask for more information on the threat detected.
This is the kind of technology that we should now be expecting built into open/social forum/media. It is yet to be implemented and I am sure someone will engineer a bypass but I welcome this.


Facebook Security Page:
Now this is very much worth a look. I was impressed to find that some of my friends’ children had already found the page for themselves and liked the page. Very, very cool. {sic}


I won’t go through every item available but you should visit the Blog, Security Guide and Tips. Obviously the Blog needs to be visited regularly to be effective.
An innovative item is the White Hats section. Here Ethical Hackers can register issues they have found with Facebook Security. Pretty clear and concise and a nice little run down of those that have helped make Facebook safer too. If you’re up to it you can get a $500 reward for being the first to report a problem.
All users shoud have a good look around the Security page, read thorough, and then have a go at the Security Quiz!
References:
Facebook
Facebook Security Page
Websense
Websense Facebook Announcement
Facebook Websense Announcement
Bit.Ly
Bit.Ly Security Announcement

- Posted using BlogPress

Leave a Comment » | Security, Social | Tagged: , , , , , , , , , , , | Permalink
Posted by harlekwinblog

Certified Security Professional

2011/08/23

EC Council && C|EH, Cisco && CCNA Sec, (ISC)2 && CISSP:
Earlier this year I was able to take and pass C|EH, Certified Ethical Hacker, from EC Council.
The insight this course, thank you Sean Hanna, and certification gave me is invaluable in my career.
Although I have been working in many small elements of Information Security for some years I have only just started directing my career that way. Read the rest of this entry »

4 Comments | Security | Tagged: , , , , , , , , , , , | Permalink
Posted by harlekwinblog

Conficker Worm

2011/05/20

This is by far the most common worm I see on Windows systems at the moment.
If you are watching the network traffic the symptom you will see is that there are calls to the website http://Trafficconverter.biz
The worm utilises a flaw in Windows dating back to 2008. This is a classic example of poor patching and incomplete security. Of course, also some clever programming from the worm authors.
MS08-067 basically describes a mechanism where a vulnerable system will run arbitrary code (of the assailants choice) when received from the network in a particular fashion (“carefully crafted RPC requests”). A long list of Windows (2000 SP4, XP SP2, XP SP3, XP Pro, 2003 SP1, 2003 SP2, Vista, 2008 plus x64 variants of all these) versions are vulnerable and that was the secret of the initial run of infections.
But the worm is capable of creating hooks on the system that allow it to reinstall itself and occasionally install copies on systems that are not vulnerable to the original flaw.
The only way I have so far found that is 100% effective is:

  1. Take every PC/Server/LapTop machine that may have been exposed off the network.

  2. Scan every system thoroughly through a recent Conficker Scanner.
  3. Run the most recent removal tool available on all infected systems.
  4. Do not allow any system onto that clean network unless it has been scanned/cleaned.
  5. Patch every single machine.
  6. Update antivirus on all system.
  7. Disable AutoRun on every system.
  8. Scan for unusual HTTP ports on PCs (another symptom of infection).
  9. Ban LapTop users from connecting to untrusted networks, including their home network.

If this isn’t done then the worm, unfortunately, keeps reappearing.
Massively disruptive beast.
On the positive side, the Russian website mentioned above is currently live but no longer serving malicious code. It is also detected by most antivirus and antimalware tools.
References:
MS08-067
Wikipedia: Conficker
Sophos: Conficker removal tool
Kaspersky: Conficker removal tool

- Posted using BlogPress

Leave a Comment » | Security | Tagged: , , , | Permalink
Posted by harlekwinblog

Follow

Get every new post delivered to your Inbox.

Join 94 other followers

%d bloggers like this: