Archive | Mini-Whitepaper RSS for this section

What We All (in IT) Can Learn from Anonymous Hacking & Activism (mini-whitepaper)

Overview

When talking with several other IT professionals, they happened to know who Anonymous was. Based on hacking, activism, and other protesting events particularly online, Anonymous has become very well known around the IT world. But, the questions today have to do with how all of us (in the IT and business world) can learn from these motives by Anonymous.

Here are some automatic principles that can be learned that applies to all of us in the IT world:

  1. Anonymous will not ever cease function, because it is an awesome principle. It requires the hacker to be anonymous, and to not admit identity. Tons of people worldwide do not display their picture with their name online. Ask a “private” person to put their full name online, and they will cower in fear. That is why Anonymous can get away with their motives that are done in secret.
  2. The target to bring down Anonymous, is to get them to stop their hacking, and to stop the activism in the streets. It’s not getting anywhere. The collective thinks that we need a perfect world, but sadly, it won’t happen!
  3. Membership in Anonymous is a “free-for-all”. Which means that even if your code name gets banned, you can come back as a different code name/IP address and continue contribution on hacking, projects (software), etc.
  4. There is probably not a grand-master or leader, just people keeping the same old mission going year after year. It all began with a few voices on 4chan years ago, and keeps on going (8 years now?).
  5. Time is of the essence. These people spend countless hours hacking. That means you have to work countless hours fighting back and on prevention.

What Businesses can learn

  1. Anyone entering your organization with anonymous identity ideas, or asks to be anonymous (by preference), has probably bad motives.
  2. It’s about time to implement better password security policies.
  3. It’s also time to implement better database encryption.
  4. Ensure good reputation across the entire spectrum of business…why? It attracts awesome workers, makes income rise, and makes the overall feeling of running the company a great type of feeling.
  5. Ensure the host server has excellent firewall technology and antivirus. It should not allow even the tiniest of malware threats onto a client server.

What Developers can learn

  1. “There may be developers smarter than me in Anonymous, so I need to step up my coding skills and get better encryption.”
  2. Encrypting files and databases has never been more important than now. Don’t think it cannot happen to you. That’s what Philips thought, or even AMD thought. You’d think AMD would have proper protection for their WordPress databasing since they know how to engineer root-level microprocessing chips. What gives?
  3. If the network is running one or two servers to operate a website, then it DOES need antivirus/firewall software. Don’t think just because your skills in database administration or server management are very good that malware can’t trump your server…you’re wrong. Some of the best administrators/managers have trouble with their server keeping free from malware.
  4. If you must get an unknown application from the web, or download it from an “anonymous source”, then run it in a sandbox or virtual machine. Execution of malware could be the end of the life for a server…don’t be tricked…stay protected.
  5. Just because your programming skills are awesome doesn’t mean anything. There are a lot of others that think their programming skills are awesome, however, the first time you let your guard down or get prideful – expect trouble.

What IT Security can learn

  1. Hackers can get in to nearly anything. Keep up on top standards in IT security. Being one step ahead of the hackers is a good thing.
  2. Keep the defense-in-depth method in mind. If you can get it to work, it will help for miles and miles (or kilometers and kilometers).
  3. Don’t expect security to be a piece of cake anymore. It’s now the top challenge in IT, and people are being recruited all across the IT stage to work in security. There just isn’t enough warriors on the scene. It’s time to step it up a notch in all aspects of your work. Don’t procrastinate and don’t be pessimistic. Be optimistic about all outcomes of your work, and see the improvement before your eyes!
  4. As stated above for businesses: password security is extremely important! Push password security big time. It’s the only chance at keep information secure in personal, business, and enterprise aspects.
  5. Push internet security software like there’s no tomorrow. Because for some people’s computers, personal or business, there will be no tomorrow. Not just for computers now, but also for devices such as smart phones, tablets, and PDAs.

Conclusion

There may be no more way to stop Anonymous, but at least we can be 5-10 steps ahead of them. If we do that, we’re showing them they have no future. It will also make it more challenging for hackers, and improve the best of technologies all across the IT spectrum. See for yourself, and try these principles on your specific spectrum. You won’t be sorry!

 

Protection

Get Kaspersky Antivirus for Server now to safeguard your Windows Server!

Please consider a donation to help our project, if we have helped you or your business save money.

Rakshasa Case Study: Really Undetectable?

By Jay Pfoutz
Editor

Apparently, the new showy security threat is Rakshasa… At Black Hat Las Vegas, this new security technique was unveiled.

This new malware by researcher Jonathan Brossard is apparently ‘impossible to disinfect’.

Now, FIRST OF ALL!! – Anything created with man’s hands can be destroyed. I’d like to see this opinion last: undetectable, can’t be disinfected, etc.

The paper on Rakshasa can be found here. It describes a hardware backdoor. Unbeknownst to this artist researcher, companies like Kaspersky or ESET have already begun to craft hardware antivirus drivers. So, this backdoor hardware malware scheme is a bit late, but maybe just in time, too.

Will it be used? Who knows. That’s the scary part!

It is realistically a BIOSkit, a rootkit that infects the BIOS of the computer. What’s wrong with this…? It can be easily disinfected by flashing all of the devices of the computer, which apparently would be infected.

However, this malware has not been tested in an enterprise-based beta, which means just because it worked on a couple of machines does not mean it would work on any other computer. Impressive? Yes! But, not at all scary, yet.

What makes me more shocked, is that people will actually believe that this malware will not be able to be disinfected. But, this is the turnaround: it can be! This is nothing more than a BIOSkit, and we have seen BIOSkits removed in our leagues many times.

But, then again, people commonly believe rootkits are impossible to be removed too. Look…we proved them wrong!

By inflicting code signing for BIOS, just like all other hardware driver signing, can easily keep it blocked. Also, if BitLocker evolves in Windows 8 and further technologies, it could easily secure the OS. Also, things like device encryption, could be taken to a new level.

This is not a new vulnerability, and Brossard agrees.

I’m sure we’ll have more on this story as it develops in the future. Stay tuned to seCURE Connexion!

Avoiding Digital Disasters (mini-whitepaper)

What is a data disaster?

Data disasters are the acute or chronic loss of data due to any of the following:

  • Virus or malware infection
  • Hard drive failure
  • Hacked computer
  • Computer being improperly shutdown

How do you value your data?

What are ways to recognize data loss?

It is best to protect your data by coming up with your own insurance plan. The data insurance plan.

What are ways to do this?

If you find it difficult to automate these tasks and want a continuous backup of your files, try this:

Defense-in-Depth PC Strategy (mini-whitepaper)

Defense-in-depth is a security strategy that provides multiple layers of protection for a network. Security strategy like this involves making an attacker have to work through a bunch of issues before he/she can have access to your network. The idea is to make them give up before they get too far.

We’ve provided a few tips on doing a defense-in-depth strategy (works for home/small business):

  1. Virtual Private Network – This is a tool to be used to allow all traffic in/out of your network to be encrypted. This makes it impossible for any data to be read easily. This is the best first layer, and should provide the top protection for your data. Many services offer VPN services for as little as $5 USD per month: StrongVPNWiTopiaoverplay. It is best to note that you need a VPN capable router for VPN to work.
    Nederlands: Typische opstelling bij site-to-si...
  2. Network Firewall – Using your router’s firewall will help prevent incoming attacks.
  3. Install antivirus software and firewall software – See a list of the best antivirus/anti-malware software
  4. Install a second opinion anti-malware scanner – Malwarebytes’ Anti-Malware Pro or HitMan Pro.
  5. Create a strong password for all devices and accounts online, etc.
  6. Encrypt your files. Use BitLocker or similar tools.

There is not a perfect defense-in-depth strategy, but hopefully this will work out for you!

Thickening Digital/SSL Certifications (mini-whitepaper)

English: A candidate icon for Portal:Computer ...

Current malware trends seem to be focusing on certificate stealing by forgery. Certificate forgery is one of the current plaguing problems since 2011. Ever since last year, CAs have shown high risk issues for certificate forgery. From Stuxnet to Flame, certificate forgery has been on the rise big time.

Normally, web browsers and operating systems keep a copy of a certificate and “pin it” to an identity called a Public Key. So, as Microsoft knows this issue, they have issued their own Automatic Revocation Updater (Win. Vista SP2+). Through this, Windows is able to specifically flag certain certificates that are known to be malicious.

How Microsoft trusts RSAs, certificates, etc.:

“Public key based cryptographic algorithms strength is determined based on the time taken to derive the private key using brute force methods. The algorithm is deemed to be strong enough when the time required to derive private key is prohibitive enough using the computing power at disposal. The threat landscape continues to evolve.  As such, we are further hardening our criteria for the RSA algorithm with key length less than 1024 bits. To further reduce the risk of unauthorized exposure of sensitive information, Microsoft has created a software update that will be released in August 2012 for the following operating systems: Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2,” Hudson  said.

Now, top CA companies for online certificates, including Comodo, NGINX, GlobalSign, DigiCert, etc., have enhanced online revocation systems to check for malicious attempts in certification.

NGINX provides an explanation:

Today GlobalSign, DigiCert, Comodo and Nginx Inc. announced a joint effort and a sponsored development contract, to enhance the NGINX open source Web server to support OCSP-stapling. This collaboration further advances the SSL ecosystem by improving the privacy, reliability and revocation checking for all websites using the NGINX web server—currently run by more than 25 percent of the top 1,000 websites, and by 70,000,000 websites on the Internet overall.

“The team at NGINX is delighted that GlobalSign, DigiCert and Comodo support the OCSP stapling enhancement to the NGINX webserver,” said Igor Sysoev CTO and principal architect at NGINX, “We have been continuously working on enhancements to NGINX that increase performance, reliability and security. With improved SSL functionality we expect the vast majority of our customers to share our enthusiasm for increased safety on the Internet.”

Continued here

Now, if it’s all the same to you, an alternative system, like Convergence, is in order. This is a good replacement for certificates for online. See this link for more info.

See more good reading below…

Avoid troubles with malware entirely by purchasing Malwarebytes’ Anti-Malware.

Controlling Internet Activities for Businesses (mini-whitepaper)

Today the discussion is about how to control the Internet activities of my small-or-medium business. What is to be said, however, is the loyalty of your employees to your company is what matters most, in which they will stay on task. (Won’t get into that, as that would have to do with business ethics)

Of course, employees love fast Internet connection. They love fast services. But, what can be done to control the Internet connections in your business?

Browsing

While it’s fine that most companies allow a little browsing by their employees, it’s easy to get wrapped up in the Internet. One great way to fix this issue, is to disallow browsing, or put some control on it. The best control that can be sought is bandwidth limits. Blocking heavy bandwidth sites, and disallowing an employees to use a lot of bandwidth will control their browsing a lot!

Anti-Malware & Anti-Phishing

The other way to control the Internet in your business is to have the proper protection software for each computer. It is not uncommon for a business to have security problems, so it’s a no-brainer to have security software installed for every single computer.

Some of the best tools to use would involve:

Using these tactics will be able to help control the Internet usage in your business, and ensure your employees are staying on task!

%d bloggers like this: