TechPunk.net

Archive for January, 2010

Looks like a new type of Social Engineering led to the recent attacks on Google:

via CNET

“The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were,” the Financial Times reported. “The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.”

“We’re seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them,” George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. “Someone went to the trouble to backtrack: ‘Let me look at their friends, who I can target as a secondary person.’”

Watch out who you are chatting with and just like with email, don’t open anything unless you are sure it’s really from a friend.

It seems like such a no-brainer… the more complex the password, the harder it is for unwanted visitors to gain access to your system. OH! How the users whine and complain when the password policy is upgraded to include a capital, a number and a special character.  It’s amazing how many clients of mine used the name of the company as the administrator password and all the users’ passwords were the same as the username!

Jaikumar Vijayan at Computerworld writes about a study of 32 million breached passwords:

A report released today by database security vendor Imperva Inc. serves as another reminder of why IT administrators need to enforce strong password policies on enterprise applications and systems.

Imperva’s report is based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.

An analysis of that list provides the latest confirmation that a majority of users still don’t care about the strength of their passwords if they are left to choose them on their own.

You will never believe the most popular password is. Oh, wait… you probably can.

These are the simple facts my friends. There are two moves that any ISP can do to combat Spam and reduce the spread of Botnets and they won’t cost an arm and a leg either.  John E. Dunn @ Techworld gives us the scoop:

Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default. Second, tell users when they are spewing spam from compromised PCs.According to Trend Micro’s CTO, Dave Rand, who is leading a campaign to reform the way ISPs approach the matter of botnets and spam, the two countries that adopted such techniques, The Netherlands and Turkey, have seen a huge reduction in the numbers of botnetted PCs.

Go read it all and see that a little security can go a long way when dealing with spam.

Craig Schmugar at McAfee Lab Blog went looking for Operation Aurora exploits from the earthquake crisis over the weekend and found something interesting. He shows just how easy it is to use the tragedy in Haiti to commit a little clickjacking:

I figured a good place to look for attackers is by Googling the most popular search terms of the day.  It’s been a while since I last researched search engine manipulation.  As expected it was quite easy to find high ranking search results for Haiti-related terms; the vast majority led to rogue antivirus malicious sites, similar to earlier blogs.  I did not come across any sites exploiting the recent zero-day IE vulnerability.  However, I did come across plenty of Clickjacking, but not just Clickjacking, they have incorporated Google Trends, Digg.com, Blackhat SEO, and Clickfraud as well.

Go read the whole thing to see how easy it is to get yourself duped.

Wired is reporting a sophisticated attack on Google and Adobe networks exploiting a vulnerability in Internet Explorer:

Google announced Tuesday that it had been the target of a “highly
sophisticated” and coordinated hack attack against its corporate
network. It said the hackers had stolen intellectual property and sought
access to the Gmail accounts of human rights activists. The attack had
originated from China, the company said.

Minutes later, Adobe acknowledged in a blog post that it discovered Jan.
2 that it also had been the target of a “sophisticated, coordinated
attack against corporate network systems managed by Adobe and other
companies.”

If you hate the amount of unsolicited email that winds up in your inbox, you are gonna love the strides that researchers are taking to fight the dreaded botnets that exist solely to cause you pain and suffering any time you access your mail.

Some researchers are not taking this sitting down and have taken the fight to the cyber-crooks in an attempt to slow the spread of malicious software throughout the Web.

Kelly Jackson Higgins @ DarkReading puts together a great read on what is working and what is not in this fight:

For the most part researchers monitor and study botnets with honeypots and other more passive methods. Then security vendors come up with malware signatures to help their customers scan for these threats. But some researchers are turning up the heat on the bad guys’ botnet infrastructures by taking the lead in killing some botnets: Aside from last weekend’s takedown by Neustar of Lethic, which is responsible for about 10 percent of all spam, FireEye last November helped shut down the MegaD botnet. And researchers at the University of California at Santa Barbara in May revealed they had taken the offensive strategy one step further by infiltrating the Torpig botnet, a bold and controversial move that stirred debate about just how far researchers should go to disrupt a botnet.

Back in 2008 after two major ISPs halted traffic to malicious hosting provider McColo, spam worldwide dropped around 70 percent because McColo had been the main home to most botnet command and control (C&C) servers.

Arbor Networks fills us in on the Lethic Spambot:

There’s another spambot afoot, and of its activities is to spam pharmacy and pill spam. We found it via the malcode in our zoo and the C&C traffic that we hadn’t characterized previously. AV coverage of the samples is modest. The botnet appears to be spamming the usual unwanted junk, and appears to be a medium sized botnet.

Give these guys and girls a hand for wading into this spam infested cesspool and doing the heavy work so we don’t have to.

Cheers!

Do you need to connect an iMac to a Windows Active Directory Domain? It’s easy!

Just follow these steps:

1) Create a computer account on the Domain Controller.

2) From the APPLE MENU select SYSTEM PREFERENCES.

3) Under SYSTEM select ACCOUNTS.

4) Select LOGIN OPTIONS.

5) Set AUTOMATIC LOGIN to OFF.

6) Set DISPLAY LOGIN WINDOW AS to NAME AND PASSWORD.

7) Check ALLOW NETWORK USERS TO LOG IN AT LOGIN WINDOW.

8 ) Click JOIN next to NETWORK ACCOUNT SERVER.

9) Click OPEN DIRECTORY UTILITY.

10) Check ACTIVE DIRECTORY (click the lock at the bottom if needed) then DOUBLE CLICK on ACTIVE DIRECTORY.

11) Enter the ACTIVE DIRECTORY DOMAIN.

12) Enter COMPUTER NAME (same name as the account you set up in ACTIVE DIRECTORY.

13) Click BIND.

14) Enter Domain Administrator Username and Password.

15) Enter Local Administrator Username and Password.

16) Click JOIN EXISTING ACCOUNT.

17) Click OK.

18) Click APPLY.

19) Log out

20) Log in using domain credentials and you are done.