Security Protection – Harry Waldron MVP Rotating Header Image

June, 2012:

Windows 8 – Preliminary list of Security improvements

Windows 8 will provide further security improvements and a preliminary list is noted below:

How Windows 8 Beefs Up Security http://www.securitynewsdaily.com/2008-windows-8-security.html

QUOTE:  Windows 8 promises to be much more secure than Windows 7 — so much so that some users might not like it.  Chris Valasek, a researcher with the San Francisco security firm Coverity, has been playing with the developer preview version of Windows 8 since last fall.  He told the British tech blog the Register that while the internal structure is not too different from that of Windows 7, there are a few new features that will nonetheless beef up Windows 8’s security considerably.

App store – New Windows 8 Apps will be contained by a much more restrictive security sandbox

Internet Explorer 10 — Locking down the browser with improved Flash & Java protection and other safeguards

Secure Boot — It means that all installed operating systems, whether on a hard drive or on an optical drive, will be checked for digital certificates of authenticity before they’re allowed to start the machine.

Windows Defender — Windows 8 will have a Microsoft first — a built-in anti-virus software installation

DSNChanger Malware – FBI will take infected PCs offline on 07/09/2012

In about 10 days, the FBI will carry out another stage of malware cleanup as noted below

DSNChanger Malware – FBI will take infected PCs offline on 07/09/2012 http://www.securitynewsdaily.com/2030-dnschanger-deadline.html

DNS-CHANGER MALWARE test site (if you see RED your PC may be infected … GREEN indicates no infection is present)
http://dns-ok.us/

QUOTE: In 10 days, there’s a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing.  This potentially dire situation is due to the nasty DNSChanger Trojan, and the fateful date of July 9, on which the FBI is set to take all computers still infected with the malware offline for good. 

Launched by Estonian cybercriminals, the DNSChanger malware infected Windows PCs, Macs and routers across the world and enabled the crooks to hijack victims’ Web traffic and reroute it to rigged sites. After the FBI, in “Operation Ghost Click,” busted the criminals last November, the FBI set up surrogate servers to keep the computers infected with the Trojan temporarily online so users could clean them.

But on July 9, those surrogate servers are coming down.  In his Krebs on Security blog, researcher Brian Krebs cites a statistic from the DNSChanger Working Group, which estimates that more than 300,000 computers are still infected with the malware.

NMAP 6.01 Security Scanner Release

NMAP is an excellent network vulnerabilty assessment tool and a new version is now available:

http://nmap.org/download.html

QUOTE: Nmap 6.01 source code and binary packages for Linux, Windows, and Mac are available at:

Here are the changes in 6.01:

o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. A symptom of the hang was this message in the system console: 

o [Zenmap] Fixed a crash that happened when activating the host filter.   

o Fixed an error that occurred when scanning certain addresses like 192.168.0.0 on Windows XP:   

o Fixed a bug that caused Nmap to fail to find any network interface when   at least one of them is in the monitor mode. o Fixed the greppable output of hosts that time-out

o [Zenmap] Updated the version of Python used to build the Windows release from 2.7.1 to 2.7.3 to remove a false-positive security alarm flagged by tools such as Secunia PSI.

Microsoft Security Essentials – New Pre-Release version

As with any beta version, please be careful and technical skills should be in place to uninstall or troubleshoot potential issues.  During first few days of testing, no issues have been discovered and it installed cleanly.

Microsoft Security Essentials – New Pre-Release version http://www.microsoft.com/en-us/download/details.aspx?id=29942

QUOTE: As a Microsoft Security Essentials Prerelease user, you will have the opportunity to explore and test new builds of Microsoft Security Essentials before they are publically available and provide feedback to Microsoft. Your feedback helps Microsoft to make its software and services the best that they can be. As a Microsoft Security Essentials Prerelease user, Microsoft Security Essentials updates will automatically be installed on your computer through Microsoft Updates.

Internet Explorer Settings – How to reset this for your PC

Below is a “how to reset link” for Internet Explorer that includes a special FixIT tool from Microsoft.  Occasionally this environment might become damaged and this allows a reset back to initial default settings.

Internet Explorer Settings – How to reset this for your PC
http://support.microsoft.com/kb/923737

Windows Update – How to reset this for your PC

Below is a “how to reset link” for Windows Update that includes a special FixIT tool from Microsoft.  Occasionally this environment might become damaged and this allows a reset back to initial default settings.

How to Reset Windows Update http://support.microsoft.com/kb/910339

RSA SecurID 800 Tokens – New attack could reveal keys in about 15 minutes

While this POC attack and research paper are complex and highly mathematical in nature, further developments should be closely watched.

RSA SecurID 800 Tokens – New attack could reveal keys in about 15 minutes http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/

QUOTE:  Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.  The exploit, described in a paper to be presented at the CRYPTO 2012 conference in August, requires just 13 minutes to extract a secret key from RSA’s SecurID 800, which company marketers hold out as a secure way for employees to store credentials needed to access confidential virtual private networks, corporate domains, and other sensitive environments. The attack also works against other widely used devices, including the electronic identification cards the government of Estonia requires all citizens 15 years or older to carry, as well as tokens made by a variety of other companies.

The latest research comes after RSA warned last year that the effectiveness of the SecurID system its customers use to secure corporate and governmental networks was compromised after hackers broke into RSA networks and stole confidential information concerning the two-factor authentication product. Not long after that, military contractor Lockheed Martin revealed a breach it said was aided by the theft of that confidential RSA data.

Best Practices – Wireless Safety while traveling

The Security News Daily shares some valuable tips to be careful with sites you connect to, as well as performing e-commerce activity while on the road.  Sites that you connect to may not be well secured and you should avoid banking, internet purchases, and even email if you are not sure of the overall safety of the site hosting internet services.

How to Keep Your Wi-Fi Safe While Traveling http://www.securitynewsdaily.com/2009-wi-fi-safe-traveling.html

QUOTE:  But before you get too relaxed, beware. Lurking on that public Wi-Fi network you’re using might be identity thieves and account hackers who are waiting to pounce on your information.  “If you are logged in and it’s not secure, pretty much everything that travels over the air is vulnerable,” said Chris DePuy, vice president at the Dell’Oro Group, a market research firm in Redwood City, Calif.

Security News Daily – How to secure Wireless home network http://www.securitynewsdaily.com/how-to-secure-home-wireless-network-0816/

Facebook – How internal teams respond to reported incidents

Facecrooks security shares an interesting workflow diagram and key procedures when security or content abuse is reported.

Facebook – How internal teams respond to reported incidents http://facecrooks.com/Internet-Safety-Privacy/what-happens-when-you-click-report-on-facebook.html

QUOTE:  Facebook Safety has posted a note and an infographic that details the internal teams, guidelines and workflows that are involved in the Facebook reporting process. (the image is rather large, so you might have to download it and view it in an editor to view it properly). Facebook has hundreds of moderators based in four centers that evaluate content based on established community standards. The following four distinct teams act and respond accordingly:

1. Safety Team – Violence and Harmful Behavior
2. Hate and Harassment Team – Hate Speech
3. Abusive Content Team – Scams, Spam and Explicit Content
4. Access Team – Hacked and Imposter Accounts

The Safety Team will contact law enforcement authorities when credible threats of violence are present.

Nigerian email scams are designed to be obvious

An interesting analysis on the design of these scams, intended to reach just a small number of individuals who might be more easily persuaded to fall for these attacks.

Nigerian email scams are designed to be obvious http://www.securitynewsdaily.com/2002-nigerian-emails-scam-dumb.html

QUOTE:  Here’s a modern-day question: Why are Nigerian con-man emails so obvious? Because that makes sure only stupid people will respond to them, says Microsoft security analyst Cormac Herley in a newly released research paper.  “Far-fetched tales of West African riches strike most as comical,” Herley writes in the introduction to his paper. “Our analysis suggests that is an advantage to the attacker, not a disadvantage.”  But even if 99 percent of the thousands of people who receive the email ignore it, that still leaves quite a lot of sad suckers who are taken in by the tale.   And, reasons Herley, if those people are dumb enough to believe such a silly story, or ignorant enough to have not heard a decade’s worth of Nigerian email jokes, then they’re quite likely to fall for the old-fashioned “advance fee” con that the email sets up.