First iPhone Worm

November 10, 2009

Ok now we have the first worm for iPhone I think. It is funny that the author of the worm is a 21-year old kid who was curious and bored. Now that is a wow.

It is also learnt that the worm is very simple and its behaviours are similar to malware programs back in the early days of computer malware. Well, everybody thought the same thing when Conficker was released last year and to-date we are yet to be sure exactly what the worm is capable of doing. Some sources claim that it looks like the Conficker worm (and its variants) are waiting for some sort of instructions to act. Sounds like a sci-fi thriller movie to me.

Back to the iPhone story, Sophos wrote that the worm can only infect jailbroken iPhones that are installed with SSH and other phones are not affected.

Phishing Attack 101

November 6, 2009

Found this simple but cool slide from ASCL Online which explains how easy it is to launch a phishing attack in a very layman terms. I have attached the file for your weekend reading pleasure.

The moral of the case study:

  1. NEVER click an URL from a link sent to you. Always type out the URL on your browser.
  2. Banks WILL NEVER send emails to its customers for account maintenance.

 Have a great weekend! Cheers!

Conficker Eye Chart

November 5, 2009

If you want to know whether your computer is infected with Conficker, try this site: Conficker Eye Chart.

A cool work put together by the people from Conficker Working Group. Bear in mind that this test will not work if you are using a proxy server on your network.

A Needle in a Haystack

November 3, 2009

Attended a half-day workshop from a security vendor (which turned into a full-day workshop because of the number of questions from the attendees). While sitting there feeling so sleepy and restless due to the very low temperature of the auditorium, this thing struck my mind – there are hundreds of IT security best practises and standards out there but how do we choose the best for our organization?

There is no one-size-fit-all scenario when it comes to IT security compliance. In another words, you can’t just adopt the same standard that your friend’s organization is using just because it fits and works well for his/her organization. Can risk assessment be the answer? Even so risk assessments are normally conducted based on a standard you have chosen and after the gap assessment has been accomplished.

This is definitely quite a tough question but I am sure there may be some studies conducted by certain experts which can be used to ascertain the best fitting security model or standard for a organization.

DDoS Attacks Against Swedish Sites

November 2, 2009

Swedish authorities have few leads in their investigation of a massive denial-of-service attack on Thursday that downed about 40 websites belonging to police and media outlets. The attacks flooded media IT development firm Adeprimo with some 400,000 requests per second, compared with the 800 requests that are typical.

Read more.

Should A CIRT Be Held Accountable For Security Incidents?

October 28, 2009

Currently I am on a mission to Kabul to study the readiness of the Afghan government to setup a CIRT (Computer Incident Response Team). Despite the political tension, security threats, tankers, AK47s, bomb blasts and earthquake, it is a good mission as far as the objectives of the mission is concerned.

From what I gather from Afghanistan and also many parts of the world, people want the CIRT to guarantee security. They want the CIRT to be accountable in the event of security breach. Does this make any sense? It is like blaming the police because you got mugged.

A CIRT can be regarded as a fire department; i.e. they respond to incidents. They can’t be held accoutable should there be a security incident within its constituencies (you can’t blame the fire department for fire incidents). However, a CIRT can participate in conferences and forums  and even lawmaking exercises to improve baseline security standards and produce best practices. Most of the CIRTs in the world provide reactive services but with the current advancement in the taxanomy of attacks, CIRTs should also start providing proactive services to prevent attacks. They should be in the forefront to identify attacks and disseminate the threat information to the right people at the right time for the right actions to be taken.

FBI & SOCA Plot Cybercrime Smackdown

October 27, 2009

The Register reported that the FBI and the UK’s Serious and Organised Crime Agency (SOCA) have drawn up a program for dismantling and disrupting cybercrime operations.

The three prong strategy aims to target botnet and malware creators, so-called bullet-proof hosting providers that offer hosting services to cybercrooks, and digital currency exchanges. Digital currency exchanges such as WebMoney and Liberty Reserve are central to the operation of the black economy, according to Andy Auld, head of intelligence at SOCA’s e-crime department.

[…]

The RBN – described as a purpose-built criminal ISP – allegedly paid off local police, judges and government officials in St Petersburg. There were strong indications RBN had the local police, local judiciary and local government in St Petersburg in its pocket. Our investigation hit significant hurdles.

Sounds like a Hollywood movie? Well, we are definitely witnessing the proliferation of cybercrime. I applaud the effort being put together by the likes of FBI and SOCA but this is not good enough. More governments and relevant agencies of the world should come together to combat this and eliminate the safe haven for the cybercriminals.

Web Addresses (URLs) in Non-Latin Script

October 27, 2009

ICANN (International Corporation for Assigned Names and Numbers) during its meet in Seoul announced annoounced that they will be working towards allowing non-latin wen addressess, such as Japanese, Arabic and Chinese. The intention is noble, which is making the Internet more accessible to more parts of the world. BBC reported that if everything works according to the plan, this new feature will be up by the mid of 2010.

I am yet to read about any security concerns on this new initiative but my concern is on phishing attacks. If you are targeted by a phishing attack with a URL which you can’t understand the risk of falling victim is higher. More often people just click the links sent to them via emails even if the URLs are in latin.

Microsoft & Vulnerabilities

October 26, 2009

A good article from Computerworld.

The total number of flaws disclosed and patched by the software maker so far this year stands at around 160, more than the 155 or so that Microsoft reported for all of 2008.

The increase in the number of flaws being discovered comes at a time when attackers are getting much faster at exploiting them. A survey by security vendor Qualys earlier this year showed that 80% of vulnerability exploits are available within 10 days of the vulnerability’s disclosure. Nearly 50% of the vulnerabilities patched by Microsoft in its security updates for April this year already had known exploits by the time the patches were available.

Now, we all know that Vista was supposed to solve most of the security issues that have been bugging Microsoft’s previous applications but the current number of reported vulnerabilities has surplused the number for the entire 2008. How is this possible? Why are there so many vulnerabilities? Why is there lack of quality assurance when it comes to software coding?

Windows 7 was launched on 22nd October 2009 and I wonder if we are in for another “catch me if you can” game with the software giant. We have definitely learned from the past (I suppose) that MS can never produce a secure software, but why are we still going for the products? I think when it comes to using a software, user-friendliness and features take the front seat and security takes the back seat. People are more willing to pay for the features rather than security.

On a separate issue altogether, I have been a big admirer of Mac OS ever since I started using it like 2 years back because of its robustness and the speed that I can get it up to work. In the last 2 years, I think I have only rebooted my MacBook 3 times and I never had a problem of opening the Macbook lid and start working on it in less than 5 seconds. In contrast to a Vista machine which I have which needs about 30 seconds (if I am lucky) to 60 seconds to get the login screen. Most of the time, after typing in the password the notebook will just hang for about a minute before I can start using it. Anyway, let us wait and see what Windows 7 holds for us😉.

Encryption Can Save You From Being Jailed?

October 26, 2009

This is interesting: Secret code saves man who spied on flatmates.

Well this is another situation where the legal system of a country is not ready to cater for cases related to digital evidences. I am just surprised that the police did not force the guy to decrypt the files. What if the guy was really spying on the flatmates and got tipped-off that the police was going to pay him a visit and disconnected his gadgets. I really think that the police should have forced the suspect to decrypt the files.

It is as if the police arrived at a house suspected to produce drugs and did not enter it because the house owner locked the doors.