Archive Page 2

Fighting Viruses

Published by
Bridgitt
June 6, 2007 in Beginner. Comments

Virus During our last discussion, we talked about worms and the havoc that they can create on unsuspecting victims. Now, let’s focus our attention on another area of self-replicating code, which, unlike worms, requires us, humans, to take some sort of action, like opening that email attachment that you have no business opening. Here, we’re referring to viruses and the damage that can be inflicted.

From movies such as Alien (remember that great table scene?), as well as our own experience of shaking hands with someone who has a cold, we know that viruses find a host and attach themselves. Viruses in the world of computers work in similar ways by spreading via removable storage, email, or web downloads – just to name a few transfer methods. And while the outcome may not be as devastating as in the Alien movie, viruses are capable of wreaking their own havoc.

One way to fight these viruses is to have updated antirvirus software. However, we must note that there’s some nasty software that’s capable of even attacking our antivirus software, thereby rendering its security measures inoperable. Yet, don’t be discouraged, antivirus software is still an effective tool and you should be sure that yours is running and up-to-date.

Another way to combat these virus writers is to educate people about how viruses spread. By not opening executable files, or downloading unknown programs, we might be able to fight some of these viruses. In addition, by understanding how viruses can affect our systems, either by crashes or sluggish performance, we can recognize signs of a virus infection.

As we know, unfortunately there are some purdy nasty ways that our computers can be harmed. By making sure that our antivirus software is up-to-date and taking a little time to educate ourselves about some of the signs of virusinfection, we might be able to mitigate the damage that can be done.

Nastier Evolution- Superworms!

Published by
Bridgitt
June 5, 2007 in Beginner. Comments

SuperwormDuring our last meeting, we discussed worms…and not those of the Mother Nature variety. Our
discussion took us on a short journey into the dark side of those who use their technical know-how in more Sithian ways to create a whole new class of worms – destructive ones not created by Mother Nature.

Ed Skoudis, one of the best security consultants in the field of information security, informs us of potentially worse things to come in the form of superworms.

What, you ask, is a superworm? Well, these critters are particularly destructive and very nasty. It’s suggested that some of their nastiness will come to us via attacks on multiple operating systems, versus past attacks that focused on one type of operating system. So, these worms might infect Microsoft and Linux and a host of other operating systems, all at the same time. While some of these have already been released on a small scale, thankfully, they haven’t made themselves too well-known.

Another way that havoc will be wreaked will be via attacks that exploit multiple vulnerabilities instead of a single one. In other words, these superworms will exploit multiple security holes. Interestingly enough, Nimda fell into this category.

Should these superworms evolve, we’ll probably be faced with a worm that will be so new that we won’t be able to patch our systems because the patches won’t be available. These are called zero-day exploits and this won’t be a good day for us should they grace us with their presence.

There are other ways that these worms will make our lives challenging, but for now, just note that the potential for chaos is all to real.

The good news is that so far these worms haven’t brought about the end of days. We’re still here able to carry on with our lives. However, should trends towards the creation of nastier worms continue, particularly with the anticipation of superworms, we might be in for some very interesting challenges ahead.

With that….have a great day!

Nasty Evolution!

Published by
Bridgitt
June 2, 2007 in Beginner. Comments

WormsLast time we met, I mentioned that since 9/11, companies have stepped up their security measures. While that’s good, we should also note that hackers and attackers have also looked to increase their skill set. One way they do this is by creating worms. And as a result, they’ve managed to slander the reputation of Mother Nature’s squishy little innocent creatures, some of which have been around for more than 100 million years. How unfair is that? Call a lawyer!

So, what are worms? In short, Worms are self-replicating code, which means that it spreads itself via the network.

No need for human intervention (even though for some of the smaller ones, user intervention is necessary). Nevertheless, worms can and have wreaked havoc on our computer systems and predictions suggest that they may wreak even more havoc in the future.

As the 9/11 attacks unsettled the nerves of everyone, we can’t forget the Nimda (cryptically ‘admin’ spelled backwards) worm that was released one week after those attacks. Spreading in 12 different ways (or exploits, meaning attacking systems in multiple ways), and targeting Windows Internet Explorer and Microsoft Outlook, just to name a few platforms, this worm was one of the fastest expanding worms ever released.

This means that when you came to a website infected with the Nimda worm, your browser retrieved the Nimda code and you were among the unlucky ones to have this worm installed on your machine. Then, as if that wasn’t enough, this worm found its way into your e-mail addresses and sent copies of itself to all of your friends, family and everyone in between. So, think of it like shaking someone’s hand who has a cold and now you’ve got it and because you’re the sharing type, you decide to share your germs with everyone you come into contact with. Okay, maybe not the best analogy, but you get it.

Unfortunately, the news about worms doesn’t get much better. Some experts in the field have suggested that a superworm could possibly conquer the Internet in about one hour. YIKES! Yes, a superworm!

What in the world is that? Well, I’ll give you that upbeat news tomorrow.

Until then…toodles!

Hackers and Attackers

Published by
Bridgitt
May 31, 2007 in Beginner. Comments

Hackers and AttackersLast week, I alluded to the suggestions by some that hackers were responsible for the 2003 blackout. This week, I’d like to pick up on that hacker and attacker theme a little more and look at some of their nasty tricks, many of which are aimed to separate you from your hard earned cash.

Back in the Stone Age (ok, not that far back, but you get my point) hackers knew a lot about computers. In fact, if you were called one, you probably wouldn’t have been too upset. They would dig deep to find out how computers worked. In fact, during that time they weren’t considered “evildoers.” They were the ones contacted when something went wrong with computers. And even today, some suggest that we should be careful not to malign all hackers because without them poking around and finding security loopholes, products might not become more secure. You can ponder this last statement and note that I report, you decide.

But let’s get back to those hackers who have crossed over to the dark side. Nowadays, these hackers and attackers are engaging in the same crimes committed in the offline world. Perhaps what’s even more unsettling is that many of today’s attackers and hackers don’t need to know much about computers. By using certain tools, these folks can carry out dangerous and sophisticated attacks and perhaps not even know the consequences of such attacks. But of course, there are those particularly dangerous ones who do know a lot about computers and put their knowledge to work in more Sithian ways.

So yes, hackers and attackers are busy. Consider this: 6 out of 10 American companies and government agencies have already been hacked. Yes, you read that correctly. Any company that accepts credit cards, allows us to view our bank accounts and/or offers products and services is vulnerable to hackers and attackers. But this isn’t just an American problem. Amazingly enough, in the pre-9/11 world, one survey found that an Australian company was spending more on its coffee needs than on information security. Say what? Hope that company isn’t holding any of my information! And that had better be some darn goooooooood coffee.

Since 9/11, companies have stepped up their security measures. As hackers and attackers are hunting for new victims, we must be ready to combat them.

Critical What?

Published by
Bridgitt
May 25, 2007 in Beginner. Comments

Critical InfrastructureLast time we met, we looked at how millions of people in 2003 were impacted by a major disruption in our nation’s computer systems that resulted in a blackout.

But perhaps what you didn’t know was that just seven years earlier, on July 15, 1996, the President’s Commission on Critical Infrastructure Protection (PCCIP) was established by President Bill Clinton. The purpose of this commission was to investigate the types of attacks that were occurring, study how attacks could impact the nation’s computer infrastructure and to determine the vulnerability of the nation’s computer systems.

So what happened? Well, their findings weren’t pretty. They determined that there were serious security vulnerabilities and that the federal government and the private sector would have to work together to combat the potential harm that could be done to the nation’s critical infrastructure, which includes: telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services, energy, financial services and continuity of government.

In response to the attacks of 9/11, President Bush created the Office of Homeland Security. The Homeland Security Act of 2002 defined critical infrastructure as: “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters (Sec. 1016(e)).

Sounds serious – you bet! I think it’s fair to say that as our dependence on technology grows, each of us has an increasingly important role in protecting our homes, company and country. So let’s get to work!

Local Administrator – The Magic of RunAs

Published by
John Biasi
May 25, 2007 in Beginner, Security and Windows. Comments

Chess King & QueenWelcome back! If you’ve stuck with me this long, you must actually enjoy the pain of locking down your computer and seeing what breaks! In most cases, you are probably not having any problems, but there are those situations where you might find yourself wishing you hadn’t taken my advice in the first place.

There are some normal tasks that require you to have local administrative privileges to get things done – adding a new printer, for example. So how do you accomplish this? Well, the tedious way would be to log out of your normal user account, and then log back in as an administrator, add the printer, then log out of the administrator account, and back in as your normal user account. Sounds like fun, doesn’t it?

Fortunately, there are better ways to hack this one. Unfortunately, not all of them are super-simple, owing to Microsoft’s way of managing things, but they should be an improvement over logging into and out of different accounts.

If you are running Windows XP or 2000, the preferred method would be to use the RunAs command. So, using our printer example from earlier, if you go to the Printers and Faxes icon in the Start Menu, you will see an Add Printer icon. Right-click on it, see anything interesting? Probably not, but if you hold down the “Shift” key on your keyboard, and then right-click, you should notice a new option, “Run as…” If you click on this, you will be prompted for a user name and password. Enter in the information of the local administrator account that you created, and click OK. Congratulations! You have now started the Add Printer Wizard using your powerful administrator account instead of your lowly user account.

You can also use RunAs from the command line, using the following syntax:

RUNAS /user:<UserName> <application of your choice>

You will then be prompted to enter the password for the user account.

You can find a massive amount of information on getting around without being an administrator at Aaron Margosis’ “Non-Admin” Weblog . (This link is to all posts in the “Non-admin for home users” tag.) Some of Aaron’s posts are a bit technical, but the information he provides is invaluable.  Plus he’s from Microsoft, so he knows what he’s talking about.

Local Administrator Accounts – Make the Change

Published by
John Biasi
May 23, 2007 in Beginner, Security and Windows. Comments

Chess King & QueenWell, if you’re still with me, then my last article on local administrators may have motivated you to take the leap into a more secure user account. Congratulations, you will thank me later, after you see how much less spyware, viruses, and pop-ups find their way onto your computer.

There are a number of ways to “demote” yourself into a regular user account. The first method is to create a new user account that is a standard user, and use it instead of your current local administrator account. That would leave the admin account there for you to manage your computer as needed. The downside to this method is that the account you will be using on a regular basis will need to be customized from scratch, because all your settings and files will still be associated with the old account.

The method I prefer is to create another account, but this time give it the local administrative privileges. So you would go into Control Panel, and open up User Accounts. Go to New User, and create a new user. Name it something subtle, like “All-Mighty Admin.” No, seriously, go for something that doesn’t scream “hack me, I’m the account with all the power!” I suggest something like “maint,” “user1,” or maybe a pet’s name. Then give it a nice strong password.

The next step is to log into your new local administrator account, and make sure everything looks like it is working properly. Now, from that account, go to Control Panel > User Accounts again, and select your old administrator account. You can change the type from Administrator to Limited User. Why didn’t I say Power User? Well, that’s the subject of another post, but for now, just know that a Power User account has virtually the same privileges as an Administrator, including relatively easy access to elevate the account to an actual Administrator! So stick with the Limited User classification, I promise it won’t be that painful.

Then log into your newly demoted user account, and make sure everything works for you. There are some programs that have “issues” with the lack of administrative privileges, however. If you find any, please post in the comments, and I will try to assist you in getting it running properly. We will also discuss methods of temporarily running as an administrator when needed in the next part of this series.

Who turned the lights out?

Published by
Bridgitt
May 23, 2007 in Beginner. Comments

BlackoutAs you probably know, there are more than a few nasty people out there who’d love to bring down a nation’s information infrastructure. And in August of 2003, it felt like someone did just that.

Do you recall where you were when the northeast blackout occurred in 2003? Well, I was in the thick of it in Michigan. On a beautiful and hot August day, my carpooler and myself thought we’d sneak out of work a little early. Upon getting in the car, I recall not being able to get our favorite radio station. Oh well, that was an easy fix, pop in a CD.

As we proceeded near the highway, we noticed all the traffic lights were out. Strange, we thought, but didn’t think to much of it…until we couldn’t move any further. The highways were jammed. We noticed that gas stations were crowded, but that was because they ran out of ice on what was a very hot day. What we also found out was that one couldn’t get gas because of the lack of electricity. Luckily we filled up before going to work that morning.

So, what was normally about a 1.5 hour drive turned into five hours. Surprisingly, people were rather calm. As we sat there, it was eerie to wonder what was lurking on everyone’s minds since 9/11 wasn’t in the too-distant-past. Once home, we arrived to no electricity, thus no air conditioning, no water, and no TV. But I can tell you as one of the 5.4 million people in Michigan affected that day, it was truly an eye-opening experience to the realization of our dependence on technology.

It’s been reported that financial losses resulting from that blackout were about $6 billion. The official cause of that blackout was a software bug. Of course, there are those who believe this was the work of a hacker(s). I’m not sure, but just so that I can sleep a little better at night, I’m going with the official story. However, should the day come and our critical systems do get into dangerous hands, I’m sure that August 2003 might be child’s play compared to what we might really be up against.

Needless to say, technology touches almost every facet of our lives everyday. Therefore, we all have a vested interest in doing our part to keep the computer systems safe, at work and home. I’m not sure about you, but when my lights go out, I want to be the one flicking the switch.

Oh, and the moral of the story is – don’t leave work early. Oh, who am I kidding? Before you do, look into your crystal ball. Make sure there are no blackouts planned. They have a bad habit of rendering your “sneaking out” pointless.

Local Administrator Accounts – Why they are bad

Published by
John Biasi
May 22, 2007 in Beginner, Security and Windows. Comments

Chess King & QueenDo you work on your computer as a local administrator?  If you are running Windows, most likely you are.  Certain other operating systems also place you in a local administrator account by default, but many alternatives to Windows are smart enough to create a regular user account for you to use by default.  Note for Windows Vista, this is slightly different.  However, since the majority of users haven’t upgraded yet, I will hold off on the Vista details until a future article, so we don’t confuse things too much.

What is a local administrator?  This is the account on your computer that has absolute power over Windows.  Anything you want to do - such as install drivers, update the system, install new programs, or manage user accounts – can be done from the local administrator account.  This account is appropriately named “Administrator” by default.

Why is this bad?  After all, it’s your computer, don’t you want to have full control over everything?  While you certainly need the local administrator account to properly manage your computer, you shouldn’t be using it for your day-to-day tasks.  Web surfing should never be done from a local administrator account.  Why?  Because any program you run as an administrator has the same level of access that you do.  So if you go to a website that has malicious code on it, that code could direct your computer to install programs, delete files, or many other equally dangerous tasks.

Convinced, but not sure if you are using a local administrator account?  There’s a number of ways to find out.  Go to the Start Menu, and click on Run.  In the window that comes up, type “cmd” (without the quotes).  In the Command Prompt window, type “net localgroup administrators” (again, without the quotes).  A list of users who are local administrators will come up, so check to see if you’re in there.  Another way to check would be to go to Control Panel, and click on User Accounts.  You should see your account there, with a word such as Administrator, Power User, or Limited User with it.

In the next part, I’ll show you how to turn your account into a regular user account, without losing all your carefully customized settings and files.

Protecting The Nation

Published by
Bridgitt
May 22, 2007 in Beginner and Various. Comments

1s and 0sLast week we spent time understanding the CIA of computer security and why we should be concerned with confidentiality, integrity and availability. While we focused on how this impacts individuals, this week we’ll look at just how critical protecting technology is for a nation.

During wartime, we typically become more aware of the possibilities of information warfare. (Or perhaps not, with 60 million+ people voting on American Idol – but I digress). Anyway, some of us are informed that nations are engaging in ways to disrupt other nation’s information infrastructure and that those methods are becoming increasingly sophisticated. This becomes particularly onerous when we realize just how critical technology is for our everyday activities.

As we know, civilians aren’t the only one’s dependent on technology. Most of the images that we see of Iraq today show troops on the ground – shooting, fighting, etc. What we typically don’t see are the technological tools used to control the military vehicles, weapons systems and communication systems that soldiers must depend on. Imagine those tools being compromised.

Interestingly enough, during the Persian Gulf War in 1991, Saddam Hussein was offered some very hot information, that had he bought, could have possibly changed the outcome of that war. According to some reports, 34 American military sites were breached by hackers from the Netherlands. The computers that they attacked contained important information about Operation Desert Storm, such as the exact location of military troops, weapon details, and the movement of American warships. Imagine what could have happened had Saddam not thought this was a trick?

Within the last few weeks, Russia has been accused of cyber attacks against Estonia (yes, go ahead and dust off that atlas). The websites of Estonia’s government ministries, banks, companies and newspapers have been disabled. Even NATO has sent some of its top cyberterrorism experts to investigate the situation and to help the Estonians augment their electronic defenses.

So, while there a plenty of examples, we should recognize that today, nations must protect their critical infrastructures against cyber attacks. Later on we’ll cover popular attack methods, but for now, realize that our nation’s next war might be more about the rise of the machines and less about human battles.

« Previous Entries
Next Entries »
Text Link Ads

About

Becoming paranoid is a weblog about computer security, privacy and staying safe online, specially dedicated to novices
If you want to know something more about us, visit our contact page.

If you enjoyed Becoming paranoid, you can have a look at the rest of our blogs:


Latest

RSS

Sponsored links


Search

Search in the Becoming paranoid Archive


Subscribe

Enter your email address:

Delivered by FeedBurner


Tag cloud

Archives

Categories