Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Internet Security – Browser Tracking Techniques

This informative article from Internet Storm Center shares browser tracking techniques

https://isc.sans.edu/forums/diary/11+Ways+To+Track+Your+Moves+When+Using+a+Web+Browser/19369/

There are a number of different use cases to track users as they use a particular web site. Some of them are more “sinister” then others. For most web applications, some form of session tracking is required to maintain the user’s state. This is typically easily done using well configured cookies (and not the scope of this article). Session are meant to be ephemeral and will not persist for long.  Over the years, browsers and plugins have provided a number of ways to restrict this tracking. Here are some of the more common techniques how tracking is done and how the user can prevent (some of) it:

1 – Cookies
2 – Flash Cookies (Local Shared Objects)
3 – IP Address
4 – User Agent
5 – Browser Fingerprinting
6 – Local Storage
7 – Cached Content
8 – Canvas Fingerprinting
9 – Carrier Injected Headers
10 – Redirects
11 – Cookie Respawning / Syncing

Antivirus – AV-Test product of year awards for 2014

Several AV companies won product of year awards from independent testing firm AV-Test recently

http://securitywatch.pcmag.com/security-software/332116-best-antivirus-products-honored-by-av-test-institute

The Best of 2014 –  The award for best protection goes to Trend Micro. Not only did Trend consistently take high marks for protection, it also did well in the other two categories. For least impact on performance, Kaspersky took the prize. It demonstrated “no negative impact on the speed of the computer” and again scored well in the other two tests.

Avira earned Best of 2014 for usability, because it “always achieved outstanding results in all the test units.” Of course, low false positives aren’t meaningful unless coupled with good detection of actual malware. Avira accomplished that in AV-Test’s evaluation, though it didn’t do so well in our own testing.

Other Awards –  AV-Test rates both consumer and corporate security products. The full report also includes a corporate winner in each category.  Of course, malware isn’t just a Windows problem. Android, in particular, is becoming a very popular target. In the Android realm, two vendors shared top honors, Qihoo and Cheetah Mobile. The report also honored Kaspersky Virus Removal Tool as the best utility to make repairs after a malware attack

Leadership – Turning losses into victories

Another excellent monthly article related to management and leadership skills

http://www.johnmaxwell.com/blog/how-to-turn-a-loss-into-a-win

It’s hard to learn when we’re feeling down, because then we have to do things that aren’t natural. It’s hard to smile when we are not happy. It is difficult to respond with a good attitude when we’re numb with defeat. How will we face others when we are humiliated? How do we get back up when we are continually knocked down?

If you really want to become a learner, you need to change the way you look at your losses or mistakes and develop some important qualities that will help you respond to them. I hope this book will be of value to you, teaching you how to learn from your losses. Most of us need someone to help us figure out how to do that.

Malware – Hard Drive Firmware risk discovered

Researchers have discovered a new low-level machine language attack that can be hidden in the firmware that controls disk operations.

http://www.geek.com/apps/nsa-malware-found-hiding-in-hard-drives-for-almost-20-years-1615949/

Someone out there figured out how to hide persistent, invisible espionage malware inside the firmware of your hard drives. Now it’s been discovered that they’ve been using it to spy on targets for nearly 20 years. This particular piece of malware is delivered via modified hard drive firmware, and Kaspersky says that it’s compatible with nearly all major hard drive brands: Seagate, Western Digital, Samsung, you name it. Once it’s there, it’s nearly impossible to get rid of or even detect. Since it’s not taking up space on the hard drive’s platters, it can easily re-infect a system even after a drive has been fully formatted.

Sarbanes-Oxley – Best practices in preparing for external audit

Some excellent planning excerpts from this informative article:

http://searchdatacenter.techtarget.com/tip/Five-tips-to-prep-for-a-Sarbanes-Oxley-audit

The SOX compliance requirements are complex and detailed. If you have an annual Sarbanes-Oxley audit on the horizon, brush up on your responsibilities and prep work in these recommended steps:

1. There are ways to streamline compliance efforts for the biggest SOX hurdle: SOX 404. For example, test only the internal controls that could lead to a material misstatement if they failed. By filtering out just this subset of controls, you’ll save time and effort in the long run.

2. Create a flow chart of processes, procedures and related activities in the organization so you know where to place controls to prevent errors.

3. Review your data governance and security protocols

4. Most SOX-regulated IT organizations use COBIT, ITIL or another governance methodology to ensure consistent practices.

5. All this internal SOX audit preparation is a gateway to compliance best practices and easier protection of new IT initiatives, such as virtual desktops or cloud.

6. Don’t forget about software as a service (SaaS). Sensitive data frequently resides off-site on these third-party SaaS applications, and auditors are adapting to fetter out non-compliance. If your organization relies on SaaS vendors, verify that they keep data SOX-compliant with SAS 70 reports.

7. The right auditor makes the entire process run more smoothly. Choose a company that has experience in your specific industry.

8. There’s nothing wrong with asking questions about what you’ll be audited on and what the auditors’ methods will be. It will help your IT organization prepare and avoid common mistakes.

Microsoft Security Updates – FEBRUARY 2015

Critical Security updates to Microsoft Windows, Office, IE, and other products became available on Patch Tuesday and users should promptly update for the best levels of protection against new threats

https://isc.sans.edu/forums/diary/Microsoft+Update+Advisory+for+February+2015/19315/

http://technet.microsoft.com/en-us/security/bulletin/MS15-feb

Microsoft is releasing the following nine security bulletins for newly discovered vulnerabilities:

Bulletin ID: MS15-009
Bulletin Title: Security Update for Internet Explorer (3034682)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution

Bulletin ID: MS15-010
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution

Bulletin ID: MS15-011
Bulletin Title: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution

Bulletin ID: MS15-012
Bulletin Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
Max Severity Rating: Important
Vulnerability Impact: Remote Code Execution

Bulletin ID: MS15-013
Bulletin Title: Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
Max Severity Rating: Important
Vulnerability Impact: Security Feature Bypass

Bulletin ID: MS15-014
Bulletin Title: Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
Max Severity Rating: Important
Vulnerability Impact: Security Feature Bypass

Bulletin ID: MS15-015
Bulletin Title: Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege

Bulletin ID: MS15-016
Bulletin Title: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
Max Severity Rating: Important
Vulnerability Impact: Information Disclosure

Bulletin ID: MS15-017
Bulletin Title: Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege

Facebook – Fake Flash Update infects 110,000 users in FEB 2015

Always avoid clicking on Facebook links that may be sent from another user, which are out-of-character or a potentially dangerous site.  Facebook security administrators have responded to reduce spread of this new threat.

http://seclists.org/fulldisclosure/2015/Jan/131

http://facecrooks.com/Scam-Watch/Huge-Facebook-Malware-Outbreak-Infects-110K-Users-Two-Days.html/

A new trojan is propagating through Facebook which was able to infect more than 110,000 users only in only two days.

Propagation — The trojan tags the infected user’s friends in an enticing post. Upon opening the post, the user will get a preview of a porn video which eventually stops and asks for downloading a (fake) flash player to continue the preview. The fake flash player is the downloader of the actual malware.

Background — We have been monitoring this malware for the last two days where it could infect more than 110K users only in two days and it is still on the rise. This malware keeps its profile low by only tagging less than 20 user in each round of post.  This trojan is different from the previous trojans in online social network in some techniques. For instance, the previous trojans sent messages (on behalf of the victim) to a number of the victim’s friends. Upon infection of those friends, the malware could go one step further and infect the friends of the initial victim’s friends.

New “Magnet” technique – Malware gets more visibility to the potential victims as it tags the friends of the victim in a the malicious post. In this case, the tag may be seen by friends of the victim’s friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation.

Data Breach – Personal data costs 10X more than exposed credit cards

Personal data fetches 10X more $$$ than credit cards. And this makes sense, as many will cancel credit cards.  However, it’s impossible to change your SSN, birthdate, address (unless you move) etc., once exposed. 

Our nation needs to wake up and combat “identity theft”. It needs to be more difficult for folks to open accounts.  Currently, there is almost zero authentication as to who is actually making that request on the other side.

http://www.networkworld.com/article/2880366/security0/anthem-hack-personal-data-stolen-sells-for-10x-price-of-stolen-credit-card-numbers.html

Leadership – Planning for future requires introspection of past

John Maxwell offers an excellent resource for leaders and managers.  In planning for 2015 projects, it is beneficial to evaluate both successes and failures during the past year

http://www.johnmaxwell.com/blog/look-back-to-plan-forward

QUOTE:  STUDY YOUR WINS AND LOSSES - First, I pull out my calendar and make a list of significant events, tasks, meetings, decisions, and accomplishments. I spend time reflecting, in order to remember and write down every experience that stood out in the past year. I write down both positive and negative experiences, because I know that I learn more from losing than from winning.

ASK YOURSELF QUESTIONS

What did I do that I shouldn’t have done?
What did I spend a lot of time on?
Was it a priority?
Was it in my strength zone?
Was it something only I could do, or should I have delegated it?
What will I do differently this year?

What didn’t I do that I should have done?
What’s missing from the calendar?
What did I neglect that I should have been a priority?
What action didn’t I take, that really should have been done?
What will I do differently this year?

What is the most important thing I did this year to help someone else?
Can I do it again next year (for them or another person)?
Did I do it as effectively as possible?
How could I do it better in the future?

What did I do this year that helped me grow more than anything else?
Is it repeatable?
Do I want to make it a regular habit?
How can I break it down into manageable “chunks” to make it happen again this year?
What else can I do to grow?

Where do I need to be more intentional?
Where did I let things happen to me, instead of making them happen?
What bad habits do I need to break?
In what areas do I need to focus more attention, make important decisions, and take steps in a positive direction?

How can I take things to the next level?
How can I take a good experience and make it somehow better?
How can I grow more this year?
How can I make something that was satisfying even more satisfying?
How can I top last year’s accomplishments?
How can I exceed my own expectations, as well as the expectations of others?

Adobe Flash – Security update addresses CVE-2015-0313

Users should update Adobe Flash as they are prompted to ensure protection against in-the-wild zero day attacks circulating as malicious advertisting (where just visiting the site, may lead to an infection)

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4.  This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February 5, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.

More information can be found on malicious threats circulating in the wild here:

http://blogs.msmvps.com/harrywaldron/2015/02/04/malware-adobe-flash-vulnerability-cve-2015-0313-exploited-in-wild/