Your Ad Here

Friday, February 22, 2008

Bank of America Phishing Scam

From SecurityOrb.com Website:

Bank of America Phishing Scam

Summary

SecurityOrb.com have reported a new phishing scam email in circulation. The
following message is a phishing scam attempt sent out to gain illegal
access to bank account information. Do not respond, or click the links
contained in the email, delete it immediately.


Bank of America Phishing Scam Email

From: Bank of America U.S. Online Treasury'08
[mailto:customers-department-reference-38gjm@bankofamerica.com]
Sent: Mon 2/4/2008 10:05 AM
To: Doe, John A.
Subject: Please Authorize Your BOA U.S. Commercial Account

Dear Bank of America Direct User:

Our records indicate that a new digital certificate has been issued to
your Bank of America Direct user ID.
The new certificate will be available for an installation period of 90
days, or until May 01, 2008 before expiration. If you choose not install
your digital certificate prior to the expiration date, then your access
to Bank of America Direct will remain interrupted.

Digital certificates are computer-based records issued to individual
user IDs that allow Bank of America Direct to validate your identity and
protect your information from unauthorized access. In order to access
Bank of America Direct, you must use a valid digital certificate.

Installation Instructions

To install your newly-granted digital certificate, please access the
Digital Certificate Pick-Up site at:

hxxp://direct-certs3.bankofamerica.com/direct/certpickup.htm?referrer=20
yeucslDbczyOrcecOahg



Sincerely,

Bank of America Direct Technical Care Center

Tuesday, February 19, 2008

Vista SP1 Issues Already

Vista SP1 Issues Already

I will be attending Black Hat DC 2008 tomorrow, so I hope to have some good stuff. But, on another note, for those of you who were waiting for the release of Microsoft Vista SP1 from a few blog postings ago, I have bad news....

Late last week, Microsoft started to receive trouble calls after update KB937287 caused some Vista PCs to either fail to properly boot up or enter an endless boot up loop.

Microsoft released a statement:
"We've received reports that some customers may be experiencing an unusual reboot cycle after installing KB937287, the servicing stack update we released last week. To prevent further instances of this issue, we temporarily stopped automatic distribution of the update and are investigating solutions to the problem. We believe this problem only impacts a small number of customers. We are working to identify possible solutions and will resume automatic distribution again after we address the issue."


The bottom line is... Wait until they get it right...

Friday, February 15, 2008

Linux Security Flaw


Linux Security Flaw

Say it ain’t so…

There are security flaws in the Linux kernel up to version 2.6.24.1. Some of the effected distributions are Ubuntu, SuSE, Red Hat, Mandriva, Debian and many others as well.

The newly discovered security flaws ranges from being able to conduct denial of service attacks, disclosure of sensitive information, or allow the attacker to gain "root" privileges.

It is recommended that system administrators and users update their kernels immediately, since there are publicly released exploit code for the vulnerabilities on the hacker sites.

I will be researching this matter some more and provide a follow-up

Thursday, February 14, 2008

Wednesday, February 13, 2008

Electronic Voting and Security Issues

Electronic Voting and Security Issues

For those of you who voted recently as I did, there is a good chance you used the Diebold electronic voting system. I could not help wondering if my vote would be counted correctly at the end of the day. As some of you may remember, the Diebold electronic voting system has security flaws that may allow an individual to change the results of the ballots if the system is left unsupervised for less than a minute. I first heard about this on CNN two years ago where a Princeton Professor demonstrated on CNN how easily the system could be hacked to alter ballot results.

The virus can steal votes, hide all records of the transactions and worst of all, it can delete itself thus leaving no evidence the system was compromised.

I also think an individual with a small super-magnet can wipe out all the data to break the machine and register zero votes. No information would be preferable to corrupt information, and might force a re-vote with paper ballots.

The voting system has no real physical security as well. There are more than a 1000 Keys in circulation and all the boxes use the same key. In addition, an amateur locksmith was able to pick the lock in less than 10 seconds or you can remove a few screws at the bottom of the system to have total access to the components.

This is scary stuff and it makes you wonder what really happened in the previous elections and what will happen in future election too.

To date, more than 80% of U.S. voter use the Diebold electronic voting machines. Something needs to be reviewed and corrected fast.

Go Vote…

Tuesday, February 12, 2008

Mac OS X 10.5.2 Update

Mac OS X 10.5.2 Update

Apple released the much-anticipated Mac OS X 10.5.2 update, which includes general operating system improvements that enhance the stability, compatibility, and security on the Mac.

The Mac OS X 10.5.2 update is recommended for all users running Mac OS X 10.5 or 10.5.1 Leopard. It is also recommended that you back up your system before installing the update.

To install the Mac OS X update users can use Software Update or the standalone installer.

To use the Software Update:
Choose Software Update from the Apple menu to automatically check for the latest Apple software using the Internet, including this update. The size of the Mac OS X 10.5.2 update is approximately 350MB.

Monday, February 11, 2008

Mozilla Firefox Update to 2.0.0.12


Mozilla Firefox Update

Over the weekend, many of you should have had your Firefox Internet browser go through an update. If not, then you need to make sure that is those.

The update, which was officially released on Friday, took care of some major issues closing 10 security holes including a directory traversal issue ranked as High severity and three Critical issues.

The update increments the browser's version to 2.0.0.12 and can be downloaded through Firefox's Help menu.

Friday, February 8, 2008

Windows Vista Service Pack 1 (SP1)


Windows Vista Service Pack 1 (SP1)

Windows Vista SP1 is the first major update to Windows Vista that includes a collection of bug fixes, security patches, minor functional changes, and other additions to Microsoft's latest operating system.

SP1 features a number of enhancements designed to make the OS more stable, secure, and efficient such as, a fix for a problem in which optical disks turn blank after being formatted with Vista's Live File System, a patch for a glitch that generates an error message when large files are copied from one Vista-based computer to another over a network, and an update designed to improve Vista's speed when it's operating on a computer linked to a virtual private network. From what I read, there are more than 300 hot fixes covering everything from data protection to video performance.

Microsoft will be releasing Vista SP 1 in late March or early April to the General Public. Depending on how well these improvement are, you may see a bump in new Window Vista desktops...

Thursday, February 7, 2008

Best Practices for Creating a Password

Best Practices for Creating a Password

Passwords are usually the first line of defense when it comes to protecting computers and information assets. What happens when that first line of defense is not properly created? I think we already know…

One of the best ways to create a strong password is to create a pass-phrase.

Pass-phrase

One of the easiest way to remember and hardest way to crack password is to use pseudo-random password. The actual password is generated from an easy to remember pass-phrase that is important to the user. This phrase can be the words from a book that you particularly like, words from a song that you always remember with ease, a statement that some powerful figure made that you will NEVER forget. The key to a successful password is to create a phrase that is easy for you to remember, but no one else will ever think about attributing it to you.

Example of a Good Pass-phrase:

pass phrase: My Brother's Birthday Is april Twenty Second Nineteen Sixty three(3)

Wednesday, February 6, 2008

Federal Desktop Core Configuration

Federal Desktop Core Configuration

The FDCC is an U.S. Office of Management and Budget (OMB) mandate that requires that all Federal Agencies standardize the configuration of approximately 300 settings on each of their Windows XP and Vista Computer. The reason for this standardization is to strengthen Federal IT security by reducing opportunities for hackers to access and exploit government computer systems. FDCC applies to both desktops and laptops that are deployed and connected directly to the organization's network.

Some of the change after implementing FDCC are:

Password changes will occur every 60 days instead of 90 days.

You will need to fill in the login and the password screen each time you log on to your computer, your login will not be saved when you log on.

You not be able to access certain websites using Internet Explorer due to its higher encryption setting.

Administrative privileges will be taken away which means you will not be able to download new applications.

This is going to be a challenging effort for many system administrators and their customers, but should help with many of the computer incident that occur in a windows-based environment.

Tuesday, February 5, 2008

The Russian Business Network: A Really Bad Network, Who’s to Blame?


The Russian Business Network: A Really Bad Network, Who’s to Blame?

A few months back, I read an interesting article on Washingtonpost.com by Brian Krebs titled “Shadowy Russian Firm Seen as Conduit for Cyber crime”.

The article was very interesting as I learned “The Russian Business Network” (RBN) is a Russian Internet Service Provider known for the hosting of illegal and shady businesses on the web. These businesses include, child pornography, phishing, malware distribution sites and some of the worst spammers on the Internet.

According to experts from Team Cymru, a research group specializing in Internet crime, “The Russian company is linked to about 60% of all cyber crimes”. I also read that businesses that decided take active stance against RBN and their customers were sometimes targeted by denial of service attacks originating in the RBN network.

The business (RBN) is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions (Economist.com).

Recently, dude to all the attention pertaining to the RBN and there business practices, they all of a sudden closed up shop in December, but reappeared in China a few days later.

But who’s to blame? RBN or its customers? Some would say that RBM is provide hosting services; their customers are apparently the ones violating laws…

This story is no where near over and I will be following it through out the year...

Monday, February 4, 2008

Electronic Discovery

Electronic Discovery

Electronic discovery has gained a lot of popularity since the Enron debacle from a few years back.

Most estimations states 90% of legal evidence reside in computer systems. This includes situations involving corporate trade secrets, personal and commercial disputes, employment discrimination, misdemeanor and felony crimes, and personal injury can be won or lost solely with the introduction of recovered e-mail messages and other electronic files and records.

Electronic discovery or ediscovery refers to any process in which electronic data is searched, located and secured with the intent of using it as evidence in a civil or criminal case or for information gathering.

Saturday, February 2, 2008

Windows Vista: One Year Later

Windows Vista: One Year Later

I have only used Microsoft’s Windows Vista a few times since its initial release to the public. I can say, the experience wasn’t anything to write home about. I found the operating system to be very confusing and it was not too easy to accomplish the functions as in Windows XP.

Even though many of the ideas seemed to have been adopted from the Mac OS X and Linux OS, I was not too impressed. An interesting article on Windows Vista has been attached below from Earthtimes.org.

Some improvement needed a year after Windows Vista
Posted on : 2008-02-03 | Author : DPA
News Category :

Munich/Bonn, Germany - Windows Vista operating system celebrated its first birthday in late January, which means it's the perfect time for a system review. The system is probably running on about 100 million computers by now. While experts have found much to criticize, there are also a lot of positives to be noted.

A year of use shows that Vista is the best Windows operating system when it comes to security.

"Windows Vista is well protected against traditional attacks," says Thomas Caspers of the BSI Federal Office for Security in Information Technology. "But it's not perfect."

About 20 security gaps were discovered in Vista's first year which could have led to serious problems without timely patches from Microsoft.

One of the system's new functions is called User Access Control (UAC). UAC is designed to prevent attacks on system critical areas by requiring Vista to request confirmation of user registration for program installation.

While this is "a step in the right direction," many users find the process cumbersome, says Axel Vahldiek of "c't," a Hanover-based computer magazine.

According to Vahldiek, UAC needs to be improved so users don't need quite as many mouse clicks to make it work. System prompts also need to be more clear.

"It only makes cryptic references to string IDs. A lot of users don't know what to do with that."

Vista's startup procedure has garnered the most criticism, as the system has not been prepackaged with drivers for many programs and hardware.

"The situation has gotten noticeably better," says Vahldiek, with the exception of drivers for some older devices.

Microsoft has given Vista a positive review, but does admit that its introduction was not completely seamless.

"Above all, there were sometimes problems with older programs and older hardware," says Andreas Schoeberger, a product manager. But Microsoft has also registered a steady decrease in assistance calls to its support teams.

Experts remain dissatisfied with Vista's performance. Caspers notes that on tests with the same kind of hardware, Vista runs slower than either XP or Linux operating system Ubuntu.

Vista's first service package is supposed to hit the market in the first quarter of 2008. It will be a collection of updates designed to make the system more stable. There are also plans to speed up the system, though users of older PCs likely won't notice any difference.

Schoeberger said Service Pack 1 won't have any remarkable new functions. But it will remove RFM - reduced functionality mode - from the system.

RFM effectively renders the system inoperable if users don't register with a licensing key by a set deadline or if the manufacturer determines that the user is unlicensed. Caspers says users considering dropping Vista should wait until after the new service pack is released.

While concerns linger about Vista, there is no reason for XP users to worry that Microsoft will stop supporting them.

The "main support phase" does not expire until April 2009. Until then, updates and security patches, as well as new functions and service expansions, will be made available.

After that, a third and final service pack is scheduled for release during the first half of 2008, Schoenberger says. An expanded support phase will last through April 2014, during which Microsoft will continue to release security updates for XP.

Friday, February 1, 2008

Linux and Mac OS X Desktop Gaining Market Share in 2008 on Windows Desktop

Linux and Mac OS X Desktop Gaining Market Share in 2008 on Windows Desktop

Recent research and announcements from IBM, Dell and other major PC vendors points to the Linux desktops being a factor to content with in 2008. In addition, the stability and popularity of the Mac OS X desktop is said to gain some percentage in the desktop market from Microsoft.

As a Mac OS X user myself and observing the increase of individuals in my circle converting, I can see a shift.

I will be keeping a close eye on these developments through out the year.