Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it,
follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given
their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
[Shields Up] Computer Security Thread
Posts
Thanks for the help y'all
We're more than happy to help, and very glad to hear that things worked out alright for you in the end!
As a last note, because I forgot when I was writing up the other procedures, you might consider changing your important passwords if a rootkit was indeed located during the cleaning. That is, if you used your important passwords during the period when you machine was infected. Your discretion, of course, but there's a chance a keylogger was included with the nastiness.
To be honest, I'm not entirely sure about this. I know there are options for this operation that could be considered shady, but I'm not immediately aware of any legitimate tools to bypass secured archives. I'll poke around, and let you know if I come up with anything.
I'll spare the diatribe about Apple's treatment of malware on their platform and bottom line it for you: If the iPad in question is not jailbroken, then the risk of malware is essentially nill. All software you can run on the iPad is filtered through the App Store, which puts it into a "Walled Garden" scenario where all code needs to be Apple approved before it is distributed. Is there a chance that someone could get around this? Sure! But I'd say it's probably none too likely, and that if it did happen, it'd be a huge news story.
Of course, if we're talking about keylogging and eavesdropping software that Apple purposefully allow on their portable devices, that's another story entirely. The Carrier IQ scandal is still evolving, though I don't know if it impacts iPads, or is limited to iPhones. (I should note that Apple has stated they will remove Carrier IQ from their devices moving forward, by the way).
The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
So the risk of malware from websites, emails, or whatever doesn't really exist?
To my understanding, it's impossible to install any software on an iPad (that's not jailbroken) that doesn't come from the app store. As the device isn't exactly configured to download and install software via the web browser or email, I'd say that the chances of running afoul of nasties that way is fairly slim. Even if you encounter a javascript-based malware attack while browsing, there's almost no chance that it could leverage the OS in a manner that would infect it.
I hate speaking in absolutely, though. I'm positive that eventually someone will figure out a way to drive-by infect iPads and iPhones. The market share of these devices is simply too high for them to be left alone, and no OS is invulnerable.
But at the current juncture I'd say the risk is negligible, and that the availability of security software for the iPad isn't very good anyhow (None that I know of).
As always, though, social engineering attacks are still very real. Using and iPad won't protect from phishing or the like. You're probably very well aware of this fact, but in my experience not all apple users are.
Second, there's been a discovery of a critical day zero flaw in Windows 7 (x64) today. There's a report here that describes the threat, via Secunia. Apparently viewing an HTML file with an improperly formatted iFrame causes a memory error in win32k.sys. Currently it's only been proven for denial of service, but a memory error of this sort can probably be finessed into remote execution. Also, the article claims that only Safari is at risk, but if we're talking Webkit here, then Chrome is bound to be an actor in this too.
I'd suggest simply linking to later posts to get around it. Using images is more than a bit of a hack, and complicates sending instructions out to other people.
And...heh, that's a nasty bit of work there. I hope MS pops out a patch for it quickstyle.
The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
Working in tracing some new infections that have been showing their ugly heads the past month or so...Including a rather interesting bootkit that ISNT related to TDSS, but tentatively called rootkit.mbr.sst.b (We'll just refer to it as SST from now on). Don't know the details yet, I just know it's somewhat new, probably performs most of the same duties as TDSS, but with all new fingerprints and hiding locations. Worth watching
Thanks for the check in, too, khalathas. I'm always interested to know what's going on in the wild. Your reports seem to tie in nicely with some rumblings that were circulating a few months back. I can't recall the source at the moment, but apparently the 'guts' of the TDSS bootkit were released for sale and/or distribution on the shadier parts of the web. Security analysts at the time were speculating that it indicated not only would modified versions of TDSS emerge from the woodwork as more criminals got their hands on it, but also that the masterminds behind TDSS itself were likely moving on to the next big infection. Sounds like maybe we're seeing some motion on the designer bootkit front.
So what's the best way to ensure that I can secure my wireless network? I'm getting a WRT54GL, and I plan to use dd-wrt firmware once I get it. I'll be hooking up my desktop, laptop, and game consoles through the wired portion of the router, while my phone, some other consoles, and periodically my laptop will use the wireless. I know to change the passwords on the router immediately, but what other configurations should I have in place to ensure no one cracks my network or takes control of my router? I've heard MAC address filtering is easily sniffed-and-spoofed, so I'm not sure what else I can do beyond using WPA2. Any help would be greatly appreciated.
1) Change the SSID. Something nodescript is good (not 'TetraNitroCubane's Apartment'). You can also hide the SSID so people searching for networks don't see it.
2) WPA2, unless you have a device that doesn't support it (rare, but possible).
3) MAC address filtering if you don't need to support random people hopping on and using it.
WPA2 is the big part there, because 1 and 3 are both easily bypassed by someone that has any clue what they are doing, but that won't be many people and even those will likely pick easier targets.
I want to say you can also restrict access to the router's setup pages to wired connections only, but not sure on that.
Also, does anyone know if there are any attacks against WPA2 on record?
Don't use the default channel.
Limit the number of IP addresses that can be handed out in addition to using a MAC address filter.
Use WPA2+AES.
If you use a preselected key, change it occasionally.
This one isn't really necessary, but could help reduce access. Look at the antenna power, don't need something that will bleed over to the neighbors. If you have a laptop with a client program that supports signal measurement you can wander around and see how far the signal reaches. A number of routers have detachable antennas that can be replaced with ones with different characteristics.
If I could throw another question on the pile, are there any opinions on what firmware to run? I was thinking I would go with dd-wrt, but tomato is another option, and/or just sticking with stock. I'm not terribly interested in anything complicated - Security first, stability second, speed third.
http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars
Well fuck.
That article pretty much confirms that the router I've just purchased can be brute forced no matter what options I select. Maybe custom firmware will allow for more security, by actually deactivating WPS? This looks like an extremely serious vulnerability, and one that's going to have significant legacy issues. Thanks, yotes. I don't know how I missed this over on ars, but it's critical information.
EDIT: So a little nosing around Google lead me to this page on the Reaver open source project. It looks like dd-wrt does NOT support WPS, and as such flashing a vulnerable router with this firmware may be a good way to secure it against WPS vulnerabilities.
33 years to bruteforce all possible alphanumeric combinations with just 8 characters, not really worth the bother.
I went ahead and flashed my WRT54GL with dd-wrt, and set everything up as suggested. Thanks, guys. I have a lot more in the way of questions, but since they're not strictly security based, I'll just make another thread.
In the meantime, some news: It looks like Dreamhost was compromised over the weekend.
As of now if you use Dreamhost at all and haven't changed your password, it's a good (and mandatory) thing to do. They don't elaborate on the nature of the breach, unfortunately, so it's hard to say what happened.
The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
Though, I have to admit, I always get the heebee jeebees when I look at the permissions requests on Android apps. Why does a Wifi analyzer need unfettered access to the internet? And why should it be allowed to read, write, and delete any file to my local storage?
Even more unsettling are the apps that request full control of your contact list.
This is why I don't install many apps, to be honest. I'd root the phone to garner more control over it, but from what I've heard that makes androids less secure, and more vulnerable to malware.
We are getting ready for PCI check in a couple of months but have acquired a new office who was not PCI.
Now they are fighting us on every little program.
Long story short. Do you guys know of a program that, would scan a computer for software, and then spit out a report of any security issues that program might have?
I have thought about secunia PCI but I'm looking for something more robust (secunia doesn't list all the software installed)
Any ideas?
What do you guys use to keep track of software and make sure it is safe?
Thanks
Sykeed
You need a good Vulnerability Scanner. There is a wide range of products that can do this for you, but for small to medium shops I would recommend Nessus or Retina. Both have canned PCI reporting and scanning.
I think what my boss had in mind was a big database we hand a file of 200 programs and it spit out vunurabilities for all 200 programs.
I know cert will do one by one. anyone know a way to do a mass batch?
This is easier said than done. In recent years, there have been efforts to co-ordinate getting publicly released vulnerability disclosures into the CVE database. Most of the big software companies will include a CVE ID for any public disclosures these days. It's not mandatory, though.
You can also cross reference that against ExploitDB to see if there is any public proof of concept code for a given vulnerability. Most vuln scanners will do that work for you.
With that in mind, I wonder why the US Government only uses Internet Explorer on all the machines. It's not like Chrome costs anything, plus it's customizable to work in all necessary environments. And that's all aside from the performance gain of using Chrome instead. Just struck me as strange so I thought I'd pop in here to talk about it.
Actually, the State Department is switching to Chrome.
To actually answer your question, though, it's because IE is still the only browser that has a lot of hooks into Windows' group policy system so that it's easy to keep settings consistent across thousands of desktops. A big part of enterprise security is policy management. Have an internal SSL certificate authority you need to trust? Want to allow ActiveX controls to run unprompted from that legacy system you have? Need to automatically authenticate via NTLM with your IIS application using your Windows credentials? Internet Explorer was the only browser that could do things like this for a long time. Some of these things have been possible in Firefox with scripting and some work, but it was a giant pain to do in an enterprise setting compared to Internet Explorer. Enough of a pain that it wasn't worth the work, IMO.
Chrome piggy backs off the native operating system where it makes sense (for instance, for stuff like CA cert trusts and NTLM auth) instead of trying to implement everything from scratch like Firefox does. I think they need to add some hooks so that I can disable a few things via policies like cloud syncing and saving passwords before I would want to completely standardize on it in my environment. For smaller organizations who aren't managing browser settings via policies, though, I think it's the best choice.
Granted, I don't know all the ins and outs of implementing such a change. I was just musing after coming across the info.
Can you check the properties of the items that are "locked out" and check for a special permission that denies "read data" permissions to the group "Users" because I got hit by something that did that to a lot of the default "personal data" folders then popped up a "virus scanner" that offered to restore the lost data a while back.
Also, if she's been logging on as a limited user hen got this and went to admin mode to try and fix it, the administrator's documents folder would be empty since it's probably never been used.
DropBox invite link - get 250MB extra free.
Do you have access to the machine? If so, PM me.