November 18th, 2013
The thoroughly expected “CryptoLocker” malware has attained prominence over the last two months, properly encrypting files and requiring a difficult-to-track ransom in order to receive back the decryption key.
At the same time, there has been a large run-up in the price of Bitcoin.
Most commentators have focused on the Chinese market for the Bitcoin run-up. However, finally there is some attention to how the Bitcoin ransoms may be helping to inflate this tiny market:
2) A sinister cryptlocker virus has been spreading aggressively for more than a month. It hijacks computer systems and threatens to delete data unless a bitcoin ransom is handed over. Also, reports abound of a rush of purchases byunsophisticated and distressed buyers who are presumably ready to pay any price, and thus can be squeezed by more sophisticated players in the market.
Kaminska makes this reason #2, ahead of the Chinese market and below the Silk Road seizure – but the Silk Road incidents should have lowered the price, not raised it.
Combine that with how it might be difficult to buy a MoneyPak, and you’ve got the recipe for a squeeze.
August 8th, 2013
A couple examples of the simple explanation that .js files just obviously might house some .php and invoke it:
Die Datei wird durch einen Aufruf von
which means, basically, that the rogue PHP function in the flowplayer js would be called and activated by a require_once() call. But where is that call?
The second clue is that there were actually three files involved in the intrusion, not one, and all three are critical to the intrusion. The somewhat unhelpful post from OpenX says to md5sum the following files:
The question then is: what is special about the other two files, and why would changing them be related to closing the backdoor?
player.delivery.php ver 2.8.10 has this line:
MAX_commonReadFile( $pwd . ‘/’ . $file_to_serve);
whereas vers 2.8.9 and 2.8.11 have:
echo file_get_contents( $pwd . ‘/’ . $file_to_serve);
Versions 2.8.9 and 2.8.11 don’t have this function, so it was also injected. Here is the function in 2.8.10, nestled between MAX_commonConvertEncoding and MAX_commonSendContentTypeHeader:
* A function to read a contents of SWF file
* @param string $file The path to SWF file to read
I’m puzzled currently about the ['debug']['read'] item – it seems to be a way of throwing admins who are trying to trace problems with the site and thus who are in debug mode. Anyone else have an idea?
So, a few final thoughts:
- Currently we have no idea how the code got in there. I am looking forward to the article which traces the evolution of the code tree and speculates about the account(s) involved in these three code updates.
- Heise articles suggest that OpenX might be involved in some issues for a long time, including before this event. This backdoor was discovered only after 7 months. +1 for the person who finds any more problems in the codebase.
July 9th, 2013
Recently I’ve needed to use Live CDs for a client, when nothing could be saved on disk. I’ve used:
* Knoppix (best)
* Xubuntu (has problems with the wireless card in this laptop)
* Tails (security overkill)
It is time to take a look at Puppy again, just to see if it is compatible with the wireless card in this server.
Incidentally, the idea of routinely using a hard-drive-free Linux live CD is becoming more appealing. The idea is to have a computer with no connection between current and past sessions. If you are dealing with information covered by privacy regulations, like student info, health information, or financial information, this can help you meet regulations in short interactions with websites.
June 4th, 2013
Intellectual property concerns are paramount in the technology world. Once the Supreme Court opened the door for patenting computer programs and technical processes, the economic incentive to patent technologies of all kinds became large.
Pair that with a potentially less-than-precise Patent Office, which frequently allows patents which are either obvious or have significant overlap with other patents (and frequently both!), then you get a recipe for litigation over the most simple of computer techniques (say, one-click ordering, pop-up windows on mobile, or cloud storage of files).
This American Life put together a fantastic exploration of this topic. Check it out. http://www.thisamericanlife.org/radio-archives/episode/441/when-patents-attack
April 25th, 2013
The ISC StormCast for today - https://isc.sans.edu/podcastdetail.html?id=3266 - mentions a new way stolen credit cards are being automated. Rather than start at minimal amounts (as in 0.05) to test the cards, the attackers are starting at high amounts and ratcheting downwards until the transaction is accepted. Clever.
May 8th, 2012
Nielsen reports today that more than 50% of Americans use smartphones, and than Android-based phones are in the lead. Android is at above 48%, and iPhone is at 32%.
Android software is heavily fragmented, however, and I would suspect that a demographic study of users would reveal that iPhone users are more valuable in general.
November 6th, 2008
The word “free” is always dicey when you talk about computer software. Usually, free software is a loss-leader for the software company, and such software often comes bundled with stuff which tries to separate you from your money later on. And, in the worst cases, this “stuff” is spyware, which spies on you, trying to figure out how to sell you more stuff.
Nevertheless, there are some computer security companies which make available some good antivirus software, and they give it away to home users. Those companies hope to make money later, either from upgrades, or indirectly as a marketing cost leading to higher trust levels (for instance, tech people buy their software for non-home situations) I often will recommend these packages to my clients, and they work well in a pinch.
The biggest problem with these programs is that they can turn into “nagware” – that is to say, they start nagging you to buy an upgrade. AVG, for instance, used to be pretty quiet, but now (in 2008) its newest version is total nagware.
- Avast! 4, from the Czech company Alwil. http://avast.com/eng/download-avast-home.html The main annoyance with this software is the yearly registration requirement, but that is no more or less annoying than some website registrations.
- AVG Free, also from a Czech company, AVG (formerly Grisoft). http://free.avg.com/download-avg-anti-virus-free-edition — AVG has been amping up the upgrade nags quite a bit lately, so if you install this, be prepared.
- Comodo Internet Security: http://www.comodointernetsecurity.com/download_cis.html — This program is a bit technical and geeky, but its latest upgrade strikes me as worthwhile.
There are a few other currently free antivirus software packages – for instance, Avira AntiVir and Eeye Blink – but I can’t say anything one way or another on those two.
December 3rd, 2007
Thought I’d give a shout-out to the makers of LogMeIn (http://logmein.com), who have come up with a useful free version of a product which turns out to be more handy than my previous option (a combination of DynDNS, VNC, and fiddling with routers). In the span of 3 months, I went from not using it at all to having more than a dozen systems on it. (It even has a Mac version, in beta, which I can use to remote-control my media-laden MacMini.)
About two years ago, I tried to get Hamachi working — that was the original project by this company, so far as I know. Frankly I was left a little baffled, and ended up using the old standby, OpenVPN. However, compared to Hamachi-of-two-years-ago, LogMeIn is wonderfully slick.
I foresee a time when I’ll be using its Rescue, Pro, and Backup versions — there are situations appropriate for those kinds. (Pro allows you to locally print off a remote program; Rescue lets you help people remotely without an install; Backup does what backup implies — competitor to Mozy?) But for now, LogMeIn is good enough to keep me from exploring further VNC, PCAnywhere, Connect, Remote Desktop, SharedView, WebEx, or Glance. In the future, those will surely become part of the mix.
November 19th, 2007
A client of mine ran into an odd event last week: the computer seemed to be infected either with a virus or with an anti-virus program which wouldn’t shut up.
After looking at it a bit, I had to shut down the web browser, and though I couldn’t find any malware, I made sure her workspace was over at a non-admin account.
Now today, I find that reputable websites (that is, if mlb.com and canada.com are reputable) are serving advertisements from doubleclick — and those ads are the culprit. This youtube video shows what happens.
What can you do? Well, we are now in the age of cross-site web programming, wherein almost all websites are assembled together on the web browser to create one’s internet experience. You have to assume that even responsible websites will be using scripts, videos, or widgets from other sites. And you also have to assume that they won’t catch everything. So: you have to practice safe browsing, now more than ever. This means one thing, above all:
Don’t browse the web when you’re using your computer in a profile or account which can make widespread changes on your machine. (These are usually called “administrative” accounts.)
If you do, well, you’ll be paying someone to clean up your machine sometime soon.
April 17th, 2006
http://www.zdnet.com.au/news/software/0,2000061733,39187298,00.htm brings up an interesting issue. Part of the topic really is a lack of management at such places. The types of tasks which need to be done in the enterprise haven’t been analyzed, and thus employees are allowed to do basically anything they want with their machines. They consequently are encouraged to rely on any old application which comes their way, and get hooked to it.
SMEs really need to have a sense of what computers will do for their enterprise. Why do they have computers, and how do they add to the bottom line of the company? That reasoning then should have impacts with employee job roles and with information technology spends, no matter how small.
If an employee truly only needs to work with a web browser and with a spreadsheet, it is ridiculous to use a Windows machine. Technology choices should then go from there.
Employees will simply learn to copy, whatever the tasks. If Mozilla and OpenOffice are given for tasks, then the employees will cope. Once that is all they use, then if they show up one day and all their data is on a server of some sort (IMAP, shared backed up server, etc.), and they can still run Mozilla and OpenOffice, then there you go.
The “gravy” (media players, chat software, etc.) really can be duplicated for free on linux without incident. Be better, in fact.
This form of thinking can apply to lowering one’s Windows spend as well. There are open source alternatives on Windows, and they should be used as much as possible. Start with OpenOffice, Thunderbird, and Firefox. Gaim if you need chat. MS Access is still handy on Windows — a MySql/OpenOffice emulation is on its way.
Next Page »