When you’re in an airport, you open your laptop to read or send e-mails, looking for a free Wi-Fi hotspot. And there it is! You almost always find one and connect to send and read your e-mails etc. What you do not take into consideration is that the free Wi-Fi may have a privacy cost associated with it: the data of your connection, your personal details and other important information can be stolen when you send your message, without having any idea that such a thing could happen. Before you know it, you’re calling Lifelock for identity theft protection because your personal information has been stolen, and soon, your identity.

What should make you suspicious is when there is a Wi-Fi hotspot with a name that is not recognized or resembles an official or even a celebrity name. Also, the user must be particularly cautious in hotspots that do not need password protection for access. The ‘magic’ of the data theft happens through a proxy technology, which monitors the Wi-Fi communication and captures and stores a copy of all your data on the hacker’s laptop. This process will slow down the traffic speed of your connection but in cases of networks with many users it is difficult to say with certainty whether the slow traffic is due to the theft of your data or because there are many users connected simultaneously.

Each time the user performs a task on the internet, whether buying staff online, checking your bank account or checking of email, the computer must send the login to the network, which is a goldmine for fraudsters on the internet. Under normal conditions the connection to a secure site (such as your bank site) must start with “https” instead of “http“, which means that traffic is encrypted. Some sophisticated hackers can even steal your encrypted communication (by proxying your connections through their own computer). For this reason, extreme caution is required when giving personal information and passwords in a public WiFi hotspot.

The threats to be aware while using public Wi-Fi:

• Evil twin login interception: networks set up by hackers to resemble legitimate Wi-Fi hotspots.
• 0-day OS / app attack attempts: attacking your computer and applications in order to get access to it using unknown and unpatched vulnerabilities.
• Sniffing: software or hardware that can capture and record the traffic passing over a network.
• Data leakage (man-in-the-middle attack): Cyber-criminals who can modify network traffic, leaving the impression that the user navigates the website of a bank for instance, while, in reality, traffic is passed first through the attacker’s computer.

No related posts.

The Duqu Virus is a clone of Stuxnet and attacks victims usually through a Microsoft Word attachment in emails. If the victim opens the Word Document, the PC is infected and the attacker can even take control of the computer.

Microsoft has been working to find a permanent patch for this vulnerability. Until then, they released a temporary fix here.

Description:

The Microsoft Windows Kernel is susceptible to a vulnerability due to improper handling of TrueType fonts. This vulnerability is being actively exploited in the wild by the Duqu worm.By enticing the target to view a document with a malicious font, the attacker can exploit this vulnerability in order to execute arbitrary code on the target machine with SYSTEM-level permissions.

Status:

vendor confirmed, updates not available

References:

Microsoft Security Advisory

http://technet.microsoft.com/en-us/security/advisory/2639658

Common Vulnerabilities and Exposures

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402

No related posts.

As BBC, Reuters and AFP reported, Sega announced that data for their users was compromised from their online network, Sega Pass. Confidential information such as names, birth dates, email addresses, passwords etc were stolen, while stating that the credit card numbers remained unaffected. The company admitted that data information were stolen from the database for approximately 1.3 million customers.

The Sega Pass network was shut down in order to mitigate the attack and reinforce the level of security, Sega said, and apologized to customers for the problem. Remains unknown when the network will operate again.

The violation in security was found last Thursday by the European Sega subsidiary company and was not revealed until recently. The hacker group Lulz Security, which has claimed responsibility for many of the recent major cyber-attacks, but not for the last one, voluntarily offered to help Sega to discover the culprit and punish him.

Related posts:

1. Information Security Cyber Threats for 2010
2. Block Attacks with a Cisco ASA Firewall and IDS using the shun command
3. Preventing SQL Injection Attacks with Cisco ASA Firewall

Specifically, Win32/Yimfoca.AA is located in the top ten list of ThreatSense.Net in many European countries such as Austria, Italy, the Czech Republic and Slovakia in recent weeks.

According to Marek Polesensky, Malware Researcher of ESET, the Yimfoca worm uses Facebook chat to attack users, while Fbphotofake is a social engineering worm, which attacks victims by itself but also in combination with other malicious software through spam messages on Facebook. “The Yimfoca worm acts as a backdoor and can be controlled remotely, transmitting the virus through IM software such as Skype, MSN or Yahoo Messenger».

Moreover, Yimfoca can download and put into operation other malware programs circulating on the Internet – including rogue anti-virus software, by changing security settings or turning off the firewall in Windows. The Fbphotofake worm appears mainly as spam on Facebook. Users are advised to be careful not to open suspicious and unknown attachments or click on dubious links.

About the recent malware attacks, David Harley, Senior Research Fellow of ESET, noted the spread of the Nigerian letter scam on Facebook. “It is a typical case of Advance Fee Fraud (AFF), with an extra emotional blackmail,” says Harley. Moreover, he advises users to “Be always sure of the identity of the sender of instant messages or the content of messages on Facebook”. Also, Randy Abrams, Director of Technical Education of ESET North America, notes that “Part of the problem is that the philosophy of Facebook does not include security and this is a very difficult hurdle for specialists in the field of antivirus and security”.

Recent threats on Facebook include the following:

• The Win32/Yimfoca.AA worm has reached the Top Ten list of ThreatSense.Net in several European countries in recent months.
• Fbphotofake spreads spam on Facebook. For the case of the two worms mentioned above, users must be careful not to open suspicious and unknown attachments or click on dubious links.
• The Nigerian letter scam is spreading through the messages in Facebook, too.
• Koobface worm which is one year old but can be found sometimes nowadays as well.

Information about safety in Facebook can be found here: http://www.facebook.com/security.

If you are infected from any of the above viruses (especially Koobface), download Spyware Doctor 2011 below to clean up your computer. I suggest you to Download the trial version of the software and run it on your PC. If the tool finds any of the Facebook viruses, you can purchase the full version to clean up the infection.

No related posts.

Fortunately, there are steps you can take to protect your wireless network security and developers are constantly working on improving these measures.

Below are five steps to be taken to protect your wireless network:

1. Change the wireless network name (SSID) from the default

The network name SSID (Service Set Identifier) it has a default value for wireless devices installed by the manufacturer. The SSID is the name of your wireless network, which can have up to 32 characters. Hackers know these default names and can use them to log into your network. Change the network name to something unique, not associated with your network equipment. As an extra precaution, change the name of the network regularly so any hacker who perhaps figured out the name of your network before he would have to find it out it again and again. This will limit the intrusion in the future.

2. Disable SSID broadcast

By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join the wireless network using only this information. But hackers can also connect to it, so if you do not have a public hotspot, the SSID broadcast is better to be off. You might think that broadcasting the network name is more convenient for you to be able to connect with one click, but you can in fact configure devices on the network to automatically connect to a specific SSID without broadcasting the network name of the router.

3. Change the default password

When using wireless devices like access points and routers, in order to connect and manage their settings will require a password. They have a factory default password. (The default password is usually admin). Hackers know these defaults and will try to use them to access the wireless device and change settings. To prevent unauthorized changes change the device default password, so it is hard to guess.

4. Turn on the MAC-address filtering

On most routers you can enable MAC address filtering (MAC = Media Access Control). MAC address is a unique number assigned to each network device. When the MAC-address filtering is configured, only devices with specific MAC addresses can access the wireless network. For example, you can allow access to the wireless network only for the computers in your home. The hacker will be very difficult to get access to your network using a random MAC-address.

5. Turn on encryption

Encryption protects data transmitted over a wireless network. There are Different levels of security for wireless networks such as the WEP protocol (Wired Equivalent Protocol) and WPA (Wi-Fi Protected Access). Currently, the most widely used is WPA since it is more secure because it uses dynamic key encryption.

Related posts:

1. How to build a Wireless Home Network using a Router
2. Cisco ASA 5505 Network Port Interfaces

Encryption plays an important role in protecting data, not only for maintaining confidentiality of information but also to protect data from damage, destruction or alteration. An important part of the encryption process is that it allows verification of the source of information, just like an electronic signature, where the decryption key is available, while the secret encryption key guarantees the authenticity and integrity of a file.

The encryption technologies and algorithms are not limited by the properties of the storage media used. This means that data is modified to the extent that no useful information can be extracted from them, while the resources remain unaffected. It does not matter if the encryption algorithm is known to the public, because confidentiality is guaranteed by the secrecy of the unique key used for decryption.

Just because the encryption is independent of the characteristics of a storage or communication medium, it can be used for secure transfer of data through open communication channels and to protect data in portable storage devices that have been lost or the user has chosen to reject. Even if an offender has access to a file, he will not be able to decrypt the contents nor read them without the secret key.

Related posts:

1. How to Rescue Lost Data from Your Hard Disk Using Spotmau Powersuite 2010

The specifications of my hardware and software are the following:

• Laptop DELL (core i3 with 4GB RAM)
• Win7 64-bit Professional
• VMWARE Workstation version 6.5.4

STEPS:

1. Download file from http://www.backtrack-linux.org/downloads/

File downloaded is bt4-r1-vm.tar.bz2 (around 2.5 GBytes)

2. Check the file with md5.exe tool to verify that MD5 is correct. This is important because such big files sometimes get corrupted when downloaded and also to verify the integrity of the file.

3. Uncompress the image with WinRAR (it took some time for winrar to open the archive – Be patient here.)

4. In VMWARE go to File>Open and select the virtual machine (BT4-R1) which you extracted above.

5. I then selected “Edit Virtual machine settings” and increased the memory from 768MB to 1024MB.

6. Then click on “Power on the virtual machine”
If you get a message that “This virtual machine may have been moved or copied” I selected “I copied it”.

7. After the Virtual machine boots up, you will get a prompt:

bt login:

Use root/toor as initial username/password

You will get the root prompt:

root@bt:~#

Now we must change the root password to something really strong.

root@bt:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

8. Now do the fix-splash as advised by the backtrack website:

root@bt:~# fix-splash

And then reboot

root@bt:~# reboot now

9. After the machine boots up, start the graphical interface:

root@bt:~# startx

DONE

Some other notes:

I like to have my virtual machine with direct access to the network interface of my host computer, so I always go to the virtual machine settings (“Edit Virtual machine settings”) and change the network adapter from “NAT” to “Bridged Mode“. With that, the LAN interface of the Backtrack in the virtual machine will have direct access to the network. If you have a DHCP server in the network, the Backtrack system will receive IP from the network, or otherwise you can configure static IP. Let’s see how to do both options below:

IP address from DHCP Server

ifconfig eth0 up
dhclient eth0

Static IP

ifconfig eth0 100.100.100.1 netmask 255.255.255.0 up
route add default gw 100.100.100.2 eth0

Also, you need to edit the /etc/resolv.conf file and change the nameserver line to add your DNS IP address.

Related posts:

1. Installing BackTrack 4 Pre Final in VMWARE
2. VCP Certification-VMWare Certified Professional

The use of secure wireless networks, encryption or hiding of data on disk to prevent “theft”, and serious precautions during online shopping or banking transactions, are among the practical security measures that users need to follow for protecting their personal information.

With the proliferation of social networks and the numerous applications used to share information via the Internet, PandaLabs, the anti-malware labs of Panda Security, advise users to take additional steps to avoid falling victims to malicious actions during the holidays.

These types of “geo-location” applications are used widely in recent years. Facebook applications such as Doorpl or Trip Advisor (which describes the current location of someone or the desired destination of someone), the Twitter geolocation utility (which shows from which location your tweets are sent), or the location services via GPS mobile devices (iPhone and Android users) are just some examples.

PandaLabs constantly analyze the latest trends in Internet and are able to advise users for their protection throughout the year and more specifically during a massive holiday period like the summer.

If you take your own computer with you on vacation:
- Before you do anything, keep a back up of all your data.
- Make sure you have a reliable and updated antivirus/antimalware protection software and that all necessary security patches are installed.
- In order to mitigate the consequences of theft of your computer, use the encryption technology for information stored on your hard disk, even if such work is tedious and complicated. This will prohibit any access to your files without correct password.
- Clear the temporary files, logs, cookies and password reminders or auto-complete features you use on the browser. This would eliminate the automatic access to webmail, social networks, bank accounts or your favorite online stores.
- Do not connect on unprotected WiFi networks, as you can “get hooked” by hackers who can intercept information shared with your community. Even if you have to pay for network access, it is better and safer to use a secure network you can trust.
- Pay attention to email. The phishing attacks and spam are becoming smarter for stealing sensitive personal data.

If you use another computer on your vacation:
- It’s better not to use someone else computer. You do not know what is installed on this computer. It is possible that PCs in cyber-cafes, hotels or airports, from where you might log into your bank account, etc. are infected by a dangerous Trojan Horse.
- If you do not really have a choice and must go into websites that require your personal credentials, make sure you change them immediately after use in order to minimize the risk.
- Avoid doing online transactions if possible. Remember that any information you enter can be used by another user.
- Do not accept any inducement for storage of personal data offered by many web browsers.
- When you are finished using the computer, delete all temporary files, browser history, the cookies, the log files and any other information stored on computer.
- If you download something on the computer, remember to delete it before turning the computer off.

Using social networks
- Never use the travel planning applications offered by these networks in order to be sure that it is impossible to identify who you are. Do not accept the geolocation detection (geolocation function) in Twitter and do not use this technology in mobile phones.
- Do not reveal your plans for your holidays in chat rooms, IRCs, social communities, etc.
- If you spend time in chat rooms while you’re on vacation, do not disclose any personal or confidential information to someone you don’t know.
- Share the above tips with your children, which are often more open to good faith to share information via the Internet.
- If you notice any suspicious behavior while you are connected to a social network (people with great interest for other people’s destinations, dates, etc.) contact the police. Prevention is always better than cure.

Related posts:

1. The Results Of A Hacker Finding Your Personal Information
2. Information Security Cyber Threats for 2010
3. How To Remove Personal Antivirus-Remove Personal Antivirus Automatically

First, we need to make some changes on the sshd configuration of the NAS station. Open a CLI connection with the NAS (using telnet or ssh) and edit (using vi) the sshd_config file located under /etc/ssh/ path. You need to change the following settings in sshd_config:

• Uncomment the #AllowTcpForwarding no parameter (remove the # ) and change it to yes.
  AllowTcpForwarding yes
• Uncomment the #PermitTunnel no parameter (remove the # ) and change it to yes.
  PermitTunnel yes

However, the changes above will not be permanent since the QNAP NAS device will change all configuration to default settings when rebooted. Therefore we need to somehow make the changes permanent. What we can do is the following:

• Copy the modified sshd_config file into a shared location on the NAS.
• Use the “autorun.sh” script to copy the modified sshd_config file from the shared location and overwrite the original sshd_config file located under /etc/ssh/
• Then restart the sshd deamon to take the new modified settings.

I have copied the modified sshd_config file under /share/HDA_DATA/
Now, in order to create the autorun.sh file, do the following:
# mount -t ext2 /dev/mtdblock5 /tmp/config
# vi /tmp/config/autorun.sh

Get into vi editor and enter the following lines:
cp /share/HDA_DATA/sshd_config /etc/ssh/
killall sshd

Save the file and make it executable.

# chmod +x /tmp/config/autorun.sh
# umount /tmp/config

That’s it for the NAS.

Now in order to create the ssh tunnel, we will use PuTTy as shown below:

Open up PuTTY and go to Tunnels. At Source Port enter a desired local port that will be listening on your local PC (e.g 8888). Select Dynamic and press Add.

As you can see above, port 8888 is created. This port will start listening on your local PC after you connect with SSH to the NAS.

Now go up to “Session” and put the IP address of your NAS ssh server. The picture above shows a private IP address (192.168.10.111) but in real situations this should be the domain name or the public IP address of your NAS server. Click “Open” to log in to the NAS with your SSH username and password. When you log in, a secure SSH tunnel will be created between your PC and the remote NAS server.

If you need to encrypt all of your internet browsing traffic, you have to configure a SOCKS proxy on your browser with IP address 127.0.0.1 and port 8888.

Related posts:

1. Connecting to the ASA Firewall with Telnet and SSH

In 2008, the company’s analysts predicted an increase in system infections by viruses. Unfortunately, these estimates proved accurate. In 2009 we saw the emergence of sophisticated malware with functionality based on rootkits, the significant use of worm Kido (also known as Conficker), but also we observed numerous Internet attacks, the proliferation of botnets, fraud using mobile SMS and attacks on social networking websites.

Estimates for 2010

According to the experts at Kaspersky Lab, there will be a change in the types of attacks. More specifically, there should be a change from the attacks waged through websites and applications to attacks via file-sharing and peer-to-peer networks.

Already in 2009 there was series of massive attacks based on malware that spread via torrents. This method was used for the deployment of web threats such as viruses like TDSS and Virut, and the invasion of computers running Mac OS X. In 2010, we should expect a significant increase in this type of attacks on P2P networks.

The cyber criminals will continue to compete unleashing viruses. Currently, cyber criminals try more and more to be legalized and there are many ways to profit using the spread of malicious viruses through botnet networks. Today, botnets are used mainly for “black market services”. However, future services are expected to become more “gray” color.

The so called “cooperation programs” will give botnet administrators/owners the ability to profit from activities such as sending spam, DoS attacks or via sending malicious software applications that are not clearly a form of criminal activity.

The decline observed in the use of Trojan viruses that banged users of online gaming in 2009, is likely to occur in the use of fake antivirus programs in 2010. This category of threat first appeared in 2007 and in 2009 it reached its zenith. The worm Kido, for example, went to install rogue antivirus programs on infected computers.

However, the “market” of fake antivirus programs is now saturated and profits for cyber criminals have fallen. Furthermore, these activities are closely monitored by the legitimate security companies. In this context, an increasing degree of difficulty for the development and distribution of rogue antivirus programs is introduced.

With regards to attacks on web services, Google Wave is expected to monopolize the interest in 2010. There is no doubt that attacks in this new Google service will follow the usual model. First comes the sending of spam messages, then phishing attacks, then the exploitation of vulnerabilities of systems and the end comes with the spread of malware. The availability of Chrome OS operating system by Google, which is based on Internet technology, is a notable development, but experts of Kaspersky Lab expect that cyber criminals will not show great interest around this software platform.

However, it is expected that 2010 will be a difficult year for iPhone users and for phones with Android operating system. The first malicious programs for these platforms appeared in 2009, which is a clear indication that there is increased interest from cyber criminals. As for the users of iPhone, only those who have cracked appliances will be at risk, but the same does not apply to users of devices with Android software, as all of them can fall victims to attacks. For example, the growing popularity of mobile phones with Android software in China, combined with the lack of effective controls for the security of applications offered from third parties, is expected to contribute to the rise in the number of attacks by malicious programs.

The identification of new vulnerabilities in the systems will be the main cause of mass infection by viruses. These vulnerabilities will be mainly related to software developed by third parties (such as Adobe, Apple, etc.), but also Windows 7, whose marketing has recently started. If a large number of such software vulnerabilities is not found in 2010, it may well be one of the “quieter” years long.

Related posts:

1. Cyber Attacks to Sega
2. Securing your personal information during the holidays
3. The Results Of A Hacker Finding Your Personal Information