Posts Tagged ‘Security’

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Tuesday, October 27th, 2009

From Wired News (10/22/09) by Zetter, Kim : http://www.wired.com/threatlevel/2009/10/vulnerable-devices

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password.

Linksys routers had the highest percent of vulnerable devices found in the United States — 45 percent of 2,729 routers that were publicly accessible still had a default password in place. Polycom VoIP units came in second, with default passwords lingering on about 29 percent of 585 devices accessible over the internet.

“You can reflash the firmware or install any software you wish on vulnerable devices,” said Salvatore Stolfo, a Columbia University computer science professor who is overseeing the research project aimed at uncovering vulnerable appliances on the internet. “These devices will be owned and used by bot herders and other miscreants.”

Hackers can use vulnerable routers to conduct click fraud or DNS cache poisoning attacks or to launch attacks on other systems. (See our recent Threat Level story about vulnerable routers used by Time Warner customers.) Someone with remote access to the administrative interface of a VoIP system would also be able to install firmware to record conversations.

View Full Article

Tags: , ,
Posted in News, Security | No Comments »

The State of Web Insecurity: 508 percent increase in malicious web links and many more…

Friday, September 4th, 2009

IBM in its X-Force 2009 Mid-Year Trend and Risk Report said that there was a 508 percent increase in the number of new malicious Web links. The report shows an increasing state of Web insecurity as “web client, server and content threats converge to create an untenable risk landscape.”

According to Mark Cox in his article: “State of web insecurity is unprecedented: IBM” published in echannelline.com, “this problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.”

This means that while more and more people share contents on the web, the threat also increases due to content providers being unmindful of their sites security. The benefits of making knowledge and information easily accessible and shareable due to advances in technology has its negative effects if security is not given primary consideration. Web criminals are taking advantage of this situation especially now that “interoperability between browsers, plugins, content and server applications has dramatically increase the complexity and risk.”

The report also said that PDF vulnerabilities has increased. And that while Phishing attacks has dramatically decreased, analysts believe that banking Trojans are taking its place and are geared toward financial targets. URL spam, according to the report, is still number one.

From: State of web insecurity is unprecedented: IBM” in echannelline.com

Tags: , , ,
Posted in Security | 1 Comment »

Microsoft Lists Top 10 Windows Malware, reminds us we’re better off with Linux

Tuesday, September 1st, 2009

The top 10 Windows Malware listed by Microsoft based on their MSRT, or Malicious Software Removal Tool covers only 1,776,569 machines according to an article: Microsoft Lists Top 10 Windows Malware in Security Watch. The article further states that “The downside to it is that it searches for and removes a list of malware that is small compared to that of a real anti-malware product.”

The country data (also covering only top 10 countries) of 4,057,285 machines makes it clear that there are a lot of machines not counted in the top 10 list. And since this covers only top 10 countries and only those cleaned by MSRT excluding those undetected and unremovable, makes us think that there are a lot more Microsoft Windows machines around the world that are infected. This shows that Microsoft has lot bigger problem when it comes to malware. And yes, we’re better off with Free and Open Source Software especially Linux OS.

More of the article and data including list of top 10 Microsoft Windows Malware and top 10 Countries can be seen here: Microsoft Lists Top 10 Windows Malware in Security Watch

Tags: , , , , ,
Posted in News, Security | 1 Comment »

IPV6 is enabled by default: Do you need it turned “ON” or “OFF” for security or speed gain?

Tuesday, August 18th, 2009

Do you know that most recent versions of OSes whether Microsoft, Apple, Linux or Solaris are shipped with IPV6 enabled by default? And this has both security and network speed implications?

“Do you know whether your computers are actively using IPv6 or not? Better check, as the bad guys probably already know.

Microsoft began enabling IPv6 protocol by default with the release of Vista.

That policy continued with Windows Server 2008 and will with Windows 7. Apple, Linux, and Solaris are also shipping their latest distributions with IPv6 enabled.”

Computers with their IPV6 turned “ON” are estimated to be around 300 million computers and most users probably are not aware of it.

An article by Michael Kassner in ZDNet AsiaIPv6: Oops, it’s on by default” [url: http://www.zdnetasia.com/techguide/security/0,39044901,62056959,00.htm?scid=nl_z_tgis] discusses the implications (security and network speed) and several reasons or situations why you need IPV6 turned “OFF” or “ON”, what you need to do if you need it turned “ON” and provides links on references on how to turn them “OFF” for several OS: Microsft, Apple and Linux.

Tags: , , ,
Posted in Security | No Comments »

Threats to your Digital Rights: “BIG BROTHER IS WATCHING … : How Wired Gadgets Encroach on Privacy”

Wednesday, July 29th, 2009

You think it only happens in the movies or in science fiction novels? Nope, its happening now or at least the possibilities of what the state especially authoritarian state can do is already there. Yes, the technologies are already in place.

This is what Christian Stöcker says in his article: BIG BROTHER IS WATCHING YOUR BLACKBERRY How Wired Gadgets Encroach on Privacy in Spiegel Online International

“With every high-tech gadget we buy, we give up a little more privacy. Many devices today are in constant communication with their manufacturer. And it’s not just consumers who are losing their rights — the technology gives authoritarian states whole new ways of keeping tabs on individuals.”

So in exchange of convenience, being up to date with technology, being “connected” or simply having the “GAS” (gadget aquisition syndrome), you have to give up something in return: your privacy and control of your life.

Read more about it in: http://www.spiegel.de/international/business/0,1518,637640,00.html

——————————–
Thanks to Roli for sharing the above mentioned article

Tags: , ,
Posted in Digital Rights, Security | 1 Comment »

Vast Spy System Loots Computers in 103 Countries

Tuesday, March 31st, 2009

Vast Spy System Loots Computers in 103 Countries
New York Times (03/29/09) Markoff, John

Researchers at the University of Toronto’s Munk Center for International Studies say a massive electronic spying operation has successfully stolen documents from hundreds of government and private offices around the world. The researchers say the system was controlled from computers almost exclusively in China, but they cannot conclusively say the Chinese government is involved. The researchers were asked by the office of the Dalai Lama to examine its computers for signs of malware and discovered a vast operation that, in less than two years, managed to infiltrate at least 1,295 computers in 103 countries, including computers belonging to many embassies, foreign ministries, other government offices, and the Dalai Lama’s Tibetan exile centers in India, Brussels, London, and New York. The researchers say that in addition to spying on the Dalai Lama, the system, which they named GhostNet, also focused on governments in South Asian and Southeast Asian countries. GhostNet is by far the largest, in terms of the number of countries affected, spying operation to be exposed, and it is believed that this is the first time that researchers have been able to uncover the workings of a computer systems used for intrusions of such magnitude. The researchers say GhostNet continues to infect and monitor more than a dozen new computers a week. The malware not only “phishes” for unwary victims but also “whales” for specific, important targets. The malware can even turn on the video and audio features of an infected computer, enabling the malware’s operators to see and hear what goes on in front of the computer. The researchers have notified international law enforcement agencies of the spying operation, which they believe exposes shortcomings in the legal structure of cyberspace.

View full article: http://www.nytimes.com/2009/03/29/technology/29spy.html

Tags:
Posted in Security | No Comments »