November 2007 - Posts
Minyanville is a neat site that offers stock market and investment tips. These 6 tips are excellent in avoiding scam artists that try to take advantage of this business season.
Holiday Safety Tips - Don't Fall Prey to Holiday Scams
http://www.minyanville.com/articles/index/a/14897
QUOTE: The holidays bring good cheer, mistletoe – and scam artists. Holiday scammers play on your trusting nature, desire for a bargain and “urgent need” to update your financial information in their continuing quest to separate you from your money. Keep an eye out for these holiday scams:
1. Avoid E-Card greetings
2. Phony Sign-Up Tables at the mall or other public places offering charge cards
3. Emails requesting "Account information needed"
4. Emails, phone calls, or regular mail claiming "You are the winner"
5. Emails or regular mail claiming that "You are approved for credit cards"
6. Other telemarketing scams
SUMMARY: Just remember what your mother taught you: If it’s too good to be true, it’s a scam. Keep that in mind and no crook will spoil your holiday.
This advice is excellent for better ensuring safety while shopping online during the holidays.
QUOTE:
5 Ways To Increase Safety While Shopping Online
1. Shop from Reliable Retailers. It's wise to do business with companies you already know and trust. If the retailer is unfamiliar, look up information on the company with the Better Business Bureau or the Office of the State Attorney General in the state where the seller is located.
2. Use a Credit Card, Not a Debit Card Online. Credit cards limit your liability for unauthorized charges to $50. You're not assured this protection with a debit card.
3. Ask about Single Use Credit Cards. Some credit card companies use a new technology that allows them to issue a single use credit card number for online purchases. With this number, you avoid having to use your real credit card number online, so security isn't jeopardized.
4. Avoid Buying On Public Computers. A hacker or thief can easily put a keylogger on a public computer that allows him or her to know everything you've typed — including your credit card numbers and passwords. Stay away from public access computers when shopping!
5. Don't Save Your Credit Card Numbers Online. Many reputable sites give you the option to save credit card numbers online to make future purchases easy. However, if the company's database is ever successfully hacked, your information could be exposed. It's safer to re-enter your numbers with each transaction.
Webroot Safe Holiday Shopping Guide - (PDF format, 16 pages, 1.8MB)
http://www.webroot.com/pdf/Webroot_HolidayShopping_USA_1107.pdf
I may have spoken too soon, as a new batch of .cn sites are starting to show up, according to Sunbelt 
Internet Search poisoning - 2nd wave could be on the way?
Sunbelt is reporting new seedings for the .cn domain (China) oriented websites in Google (and this could possibly show up in other search engines). The sites are not launching exploit attacks yet, but this could change.
What to avoid: Avoid unusual sites with random letter/number combos, numerical IP addresses, and sites which end in a domain name of "cn" from Internet searches.
Sunbelt: HEADS UP: More Google poisoning on the way?
http://sunbeltblog.blogspot.com/2007/11/heads-up-more-google-poisoning-on-way.html
quote:
Google has removed the sites responsible for the recent massive Google poisoning attack. However, we’re seeing indications that another attack may be on the way. We have seen another spate of websites freshly registered, using the similar .cn domains. There seem to be two different groups here. Right now, we’re not seeing either site serve exploits, as we saw in the last attack. However, this could change.
Some updates are noted below on this very serious threat related to malicious web sites that may be offered from Internet searches (e.g., Google). Numerous malicious pages are being created in a manner that they will appear prominently on the 1st few pages of a search (e.g., ranked high in order of appearance from a search and the malware gang appears to be keyed in on Google's site ranking methodology).
Below is some excellent advice from Sandi on what to avoid:
http://msmvps.com/blogs/spywaresucks/archive/2007/11/27/1359221.aspx
QUOTE: Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they're all Chinese domains. Users of Google (and other web search engines) need to pay close attention to the links that are being offered, and avoid anything that just doesn't look right, and certainly avoid 'nonsense' domains like those in the Sunbelt screenshots
Below is the latest update from Sunbelt on this threat:
http://sunbeltblog.blogspot.com/2007/11/malware-redirects-aftermath_27.html
QUOTE: Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages.
Sunbelt is classifying this particular threat as follows in CounterSpy:
SCAM.IWin Malware Family
http://research.sunbelt-software.com/threatdisplay.aspx?name=Scam.Iwin&threatid=43561
QUOTE: Scam.Iwin is created by a browser exploit for the purpose of transmitting false clicks to internet URLs. The victim's computer is used to generate income for the attacker in a pay-per-click affilate program by transmitting false clicks to the attacker's URLs without the user's knowledge. The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet. Scam.Iwin is thought to be related to CoolWebSearch.
Original post from yesterday:
http://myitforum.com/cs2/blogs/hwaldron/archive/2007/11/27/internet-searches-massive-number-of-redirects-to-malicious-sites.aspx
If the "123" extension type (Lotus 1-2-3 spreadsheet format) is not being used, this might be valuable to add to the email attachment blocking list used by Lotus Notes shops. There are some workarounds for version 5 and 7 and IBM may have a version 6 solution by the end of the month.
Lotus Notes - vulnerable to attack thru "123" extension
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049439
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21285600
QUOTE: Sebastián Muñiz from the CORE IMPACT Exploit Writers Team (EWT) at Core Security Technologies contacted IBM® Lotus® to report a potential keyview buffer overflow vulnerability in Lotus Notes® when viewing a Lotus 1-2-3 (.123 extension) file attachment. In specific situations it was found that the possibility exists to execute arbitrary code.
To successfully exploit this vulnerability, an attacker would need to send a specially crafted Lotus 1-2-3 file attachment to users, and the users would then have to double-click and View the attachment.
There are a number of new features and improvements that the next version of SQL Server will provide when it is released in 2008.
MVP Brad McGehee discusses the ins and outs of SQL Server 2008
http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci1283694,00.html
QUOTE: With the release of the recent SQL Server 2008 Community Technology Preview, and a final product expected in the second half of 2008, SQL Server MVP Brad McGehee shared some of his insights with SearchWinIT.com on the product's complexity, what's new for IT managers and DBAs and where the database still needs a little work.
Sunbelt posted this cautionary note today noting that folks should be careful when selecting links provided from an Internet search. One theory for the seeding might be malicious links posted in blogs, forums or other community sources? Given the dangers of email and hostile URLs, it's important for folks to stay as up-to-date as possible on security patches, AV protection, and old fashioned common sense
BREAKING: Massive amounts of malware redirects in searches
http://sunbeltblog.blogspot.com/2007...f-malware.html
QUOTE: We’re seeing a large amount of seeded search results which lead to malware sites. These are using common, innocent terms — one researcher landed on a malware site through searching for alternate firmware for a router.
Quicktime and possibly iTunes processing could be affected by malformed RSTP headers found in QT music formats. Users should be careful with email attachments and website visitation, plus watch for any forthcoming QT updates, as Apple will most likely patch this serious vulnerability promptly.
Apple QuickTime and iTunes Critical Vulnerabilities
http://secunia.com/advisories/27755/
http://isc.sans.org/diary.html?storyid=3690
http://www.frsirt.com/english/advisories/2007/3984
http://www.kb.cert.org/vuls/id/659761
http://www.f-secure.com/weblog/archives/00001325.html
QUOTE: Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.
ISC UPDATE-1: We have received a report that exploits are now working for Vista, XP, IE6, IE7, and Safari 3.0 on Windows. Keep in mind that other attack vectors may be vulnerable as well.
ISC UPDATE-2: Firefox has been reported as an exploit vector as well.
While these 10 tips shared in an Information Week article require some work, they will help ensure safety both at home and while on the road as well:
Wireless Security - 10 tips to secure your laptop
http://www.informationweek.com/news/showArticle.jhtml?articleID=203102748
QUOTE: Whether you're home or on the road, these security steps will help protect you and your computer from wireless scoundrels:
1. Make sure you are connecting to the right network.
2. Secure your connection.
3. Use frequency settings that are different from others
4. Find the strongest signals
5. Turn off your wireless network adapter when you are on the plane
6. Use whole disk encryption on your laptop
7. If you are having trouble connecting to a network, trying rebooting Windows
8. Make sure you have a firewall and it is running
9. Pick your hotspot connection and your supplier carefully
10. Finally, don't blithely accept SSL certificates and SSH public keys
AVERT Labs, a security division for McAfee, has projected 10 top threats for 2008 based on current trends.
http://www.avertlabs.com/research/blog/index.php/2007/11/19/avert-labs-2008-threat-predictions/
QUOTE: The complete set of predictions is available for download on McAfee’s Threat Center (PDF link here) as well as a bonus episode of our podcast Audio Parasitics.
Firefox is a highly functional and fairly secure browser, which can be used to complement Internet Explorer 7 in the Windows environment. I've been testing the alpha version (aka Minefield) for several months and it has been reliable with just a few crashes experienced. The 1st beta was installed using the "clean install" techniques and so far it seems to be working well Firefox 3.0 Beta 1 - Now Available
http://www.mozilla.com/en-US/firefox/all-beta.html QUOTE: The Mozilla Corporation today released Firefox 3 Beta 1, which is now available for download in a variety of languages. The beta includes updates to the default theme, the new places site management features, improved security architecture, and Gecko 1.9.
Firefox 3.0 Beta 1 - Release notes http://www.mozilla.com/en-US/firefox/3.0b1/releasenotes/ Firefox 3.0 Project Page
http://wiki.mozilla.org/Firefox3 Related Mozilla Blog entries http://blog.mozilla.com/blog/2007/11/20/firefox-3-beta-1-ready-for-testing/ http://developer.mozilla.org/devnews/index.php/2007/11/19/firefox-3-beta-1-now-available-for-download/
The following resources are excellent in defining the requirements related to SOX 404 IT controls:
SOX 404 Powerpoint presentation by EKS&H (11 slides, 820KB)
selecting this link will download this PPT file
http://www.hftpcoloradofrontrange.org/dwnlds/HFTP_SOX_Presentation.ppt
SOX 404 PDF detailed requirements by KPMG (48 pages, 880kb)
http://www.kpmg.com/aci/docs/PCAOB_S-O_404_v9.pdf
ISACA - Free PDF version of COBIT 4.0
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1920
QUOTE: The ISACA is now offering a free PDF versions of COBIT 4.0, (plus the older 3.0 standards as well). You'll need to follow the registration process through and once you become a member you can login and obtain a PDF copy. There are also additional benefits and documents if you become a paid member of ISACA. Many external audit firms use COBIT standards to ensure SOX 404 requirements are met. This free benefit can help folks get started with key IT standards they may need to implement to safeguard their financial systems
More Posts
Next page »