blogs.washingtonpost.com/securityfix -> blogs.washingtonpost.com/securityfix/
Security Fix Brian Krebs on Computer Security Posted at 10:58 AM ET, 05/17/2005 Before You Fire the Company Geek... If you notice a fellow employee suddenly freaking out or acting really su spicious, he may be having personal problems -- or he may be in the proc ess of hacking the company.
The study examined 49 insider attacks, carried out between 1996 and 2002, where disgruntled employees took advantage of their access to the compa ny's network and computer resources to destroy data or embarrass fellow employees or their employer. The study focused less on the incidence of hacking committed by trusted employees than on the motivation of insider hackers and the circumstances that allowed them to inflict damage on th e affected companies. As such, it includes some interesting anecdotes, b ut also a lot of "no duh" findings. For example of the latter, the study's "executive summary" notes that in 62 percent of the cases, "a negative work-related event triggered most o f the insiders' actions." The study also found that 82 percent of the ti me the people who hacked their company "exhibited unusual behavior in th e workplace prior to carrying out their activities." The survey surmises that's probably because the insiders were angry at someone they worked with or for: 84 percent of attacks were motivated by a desire to seek re venge, and in 85 percent of the cases the insider had a documented griev ance against their employer or a co-worker. Part of that "unusual behavior" was no doubt a result of the employee try ing to hit "alt-tab" fast enough to hide their screen when the boss walk s by. In 27% of the cases, "the overt behaviors were technical actions t aken to set up the attack, including constructing and testing a logic bo mb on the network, centralizing critical assets and sabotaging backups, or installing backdoors." For the uninitiated, a "logic bomb" is a destr uctive computer program -- like a virus -- designed to go off at a time predetermined by the attacker, usually after said attacker is no longer employed by the target. A "backdoor" is a simple program that allows the attacker to secretly gain access to the company's network, even if the credentials given to them by their employer to access the network have b een revoked. To get to the more interesting findings, forget the executive summary and the 10 pages of methodology and check out some of the real-life anecdot es upon which the report was based. For instance: "A system administrator, angered by his diminished role in a thriving def ense manufacturing firm whose computer network he alone had developed an d managed, centralized the software that supported the company's manufac turing processes on a single server, and then intimidated a coworker int o giving him the only backup tapes for that software. Following the syst em administrator's termination for inappropriate and abusive treatment o f his coworkers, a logic bomb previously planted by the insider detonate d, deleting the only remaining copy of the critical software from the co mpany's server. The company estimated the cost of damage in excess of $1 0 million, which led to the layoff of some 80 employees." As it turns out, the report's title is a bit of a misnomer: In almost 60 percent of the time, the attacks were launched by contractors or people who had recently been fired (48 percent). Eighty-six percent of insiders were techie types, including system administrators, programmers, engine ers and IT specialists. Accordi ng to the report, if you're going to fire someone (particularly company geeks who have the motive, means and access to inflict pain on your comp uter systems) make double sure you cut off their e-mail and network acce ss at the same time you hand them their walking papers. Some other interesting (although not particularly surprising) tidbits: Al most all -- 96 percent -- of the insiders were men, and 30 percent of th em had previously been arrested, including arrests for violent offenses (18 percent), alcohol or drug-related offenses (11 percent), and non-fin ancial-fraud related theft offenses (11 percent. Ninety percent of the i nsiders faced formal criminal charges, and 61 percent of those charged f aced penalties under federal law. Eight-three percent of those charged w ere convicted, and another 5 percent didn't contest the charges.
Safari Web browser, and the default mail a nd address book program. As always, Mac users can download and install by clicking on the software update tab, located in system preferences.
Firefox Web browser didn't include links to where people can go to download the updated version fo r Mac or Linux systems. Here's one comment: Ok guys, if you post a link to a download you have to tell us thats its not for Mac - so now the question is are your instruc tions for updates in Gates language only? Shame on me for thinking our readers are mostly Windows users.
series of video guides demonstrating some of the basi c steps users need to take to stay safe online, including brief primers on choosing and using firewall and anti-virus software, downloading and installing the latest Microsoft Windows patches, and taking advantage of free anti-spyware tools. These videos are by no means definitive guides, but I hope they will be o f some use to those who find themselves completely intimidated by comput er security.
Download and install it manually, or use Firefox's updater tool, by clicking on "Tools" in th e menu at the top of the browser window, then "options," then the "Advan ced" tab.
Then hit the button that says "check now" and it should find the upda te for you. Alternatively, if you see a little red arrow in the upper right hand corn er of your screen, click on that and it will prompt you to download the update.
Updated extensions are usu ally available within a few days of a Firefox upgrade, so keep an eye ou t for that little red arrow to show up again soon after you update if yo u have extensions installed.
underground market for credit card accounts gleaned from phishing sc ams. Sergio Pinon, MasterCard's senior vice president of security and risk ser vices, said that while the number of scams using the company's brand and trademarks has skyrocketed over the past year, the actual losses associ ated with compromised account numbers have remained flat.
Anti-Phishing Working Gro up, there were 13,141 new and unique phishing e-mails sent in February. The number of phishing attacks have increased an average of 26 percent e ach month since July 2004, the APWG found. Not all of the credit card numbers found online are posted by criminals; for example, Pinon said that in several cases the company stumbled on ac count numbers sitting in poorly secured databases run by companies that organize meetings and conferences.
last month's deluge of patches, when Microsoft dumped a total of ei ght fixes -- five of them "critical" -- to plug 18 different holes in it s software. Microsoft rated today's patch "important," which generally means hackers could use it to break into vulnerable computers, but that at least some action on the part of the victim would be required. The problem also is mainly resident in certain versions of Windows 2000, which is mostly use d by businesses. The problem does appear to affect users of Windows98, W indows SE and Windows ME, but those users may be out of luck: Microsoft no longer offers support or patches for non-critical security flaws in t hose operating systems. Microsoft also used the occasion to launch a pilot project called "Micros oft Security Advisories," which the company said aims "to provide guidan ce and information about security related changes that may not require a security bulletin but that may still impact customers' overall security ." Translation: Some "features" we've intentionally designed into our so ftware are being abused, and here are some ways to make sure said featur es don't turn into a liability for you or your organization.
anti-virus companies rece ntly called attention to the fact that hackers and unscrupulous online m arketers are spreading spyware by taking advantage of how the "digital r ights management" (DRM) tech...
|
http://csua.com/feed/