Your P2P Empowered Computer: Over 1,000,000 Served!
January 30, 2010 – Did you know that sharing your music or your videos on the net could expose you an entire network of criminals trying to access your personal data? And while you may be smug in the feeling that you are sharing just a few music files, you may be sadly mistaken. A study was recently conducted by Dartmouth College’s Tuck School of Business to examine the dangers of inadvertent data disclosure on file-sharing networks. This study involved the examination of data relating to P2P searches and files of 30 top US banks.
A search engine technology from Tiversa Inc. was used by the study group to collect and scrutinize all the P2P traffic that mentioned the banks under study by name, or mapped them to a particular digital footprint that was created by the University for each of the financial institutions that were being studied. Latest networks such as BitTorrent, FastTrack, Gnutella and eDonkey were used to gather the data for the study. The study found that an exceedingly high number of consumers doing simple tasks such as sharing music software on the P2P networks were inadvertently divulging sensitive data such as bank account and credit card details to criminals lurking around for such information. As per Eric Johnson, a study author and Professor of Operations at the Dartmouth’s Center for Digital Strategies, a significant number of individuals as well as firms face this risk from the peer-to-peer file sharing networks.
What happens is the following. When people share their files such as free music software and just plain music also, they are inadvertently, many times and unless they specifically restrict the folders or file types to be shared, exposing the entire contents of their computers to the entire network. This is quickly lapped up by criminal minds lurking around for this very purpose. The reason for the exposure is that the popular P2P clients like BearShare, Limewire, Morpheus, Kaaza etc are specifically designed to search for and retrieve certain types of media files on a user’s system. If the music files have accidentally been included in another folder, the contents of the entire folder can be exposed to the P2P network. If this folder happens to contain sensitive information, then rest assured that all of that sensitive information is being uploaded right along with the music recording that you were kind enough to share with your friends. Thus, it becomes extremely important to control the access of the folders being shared. Another reason for the exposure is the confusing interfaces of some P2P clients, which result in sharing of a folder that was not intended to be shared. Wizards included with the clients often manage to complicate the problem further, by searching for and recommending sharing of all kinds of media files in the entire computer. Just one of these files needs to be in a folder containing sensitive information.
While some of the information could be leaked inadvertently, cyber-criminals are increasingly using P2P networks to specifically search for and harvest such data. A considerable portion of the search terms that were analyzed appeared to be looking for account and user information, databases, routing and PIN numbers and passwords. Sadly, it is the home users that account for a majority of the leaked information – as high as 80% of the entire data comes from them. Most have limited knowledge of computer and network security, so they are inherently more vulnerable to data theft. For businesses, it is important to ensure that computers, servers, and other connected devices are securely configured and that restrictions are in place to install software without formal review and approval. For home users (especially parents), remain vigilant to ensure that potentially dangerous software isn’t installed by computer-saavy teens, who might want to share a few tunes but may unknowingly share much, much more.
Ivan Vazquez, AKA The Reaper, is a CompTIA Security+ certified, IT professional with more than 15 years of experience in the Information Technology universe. He specializes in network intrusion prevention, incident identification and analysis, and vulnerability scanning and analysis. His past experience includes tenures with nationally and internationally-known technology companies. Have feedback or questions? Don’t be afraid to send them to The Reaper.
Storm of Apple iPad Internet Searches Spurs New Rash of SEO Poisoning
The Apple iPad has yet to be officially released, but that doesn’t mean the criminal element on the internet can’t use it yet. While they may not have their hands on a production model, it appears the bad guys are already including “Apple iPad” in their webpage descriptions. Known as SEO Poisoning, it is a very low tech way that developers can use to influence the probability that their links will show up in the top search results on sites such as Google, Yahoo, and Bing.
According to antivirus vendors Trend Micro and Panda Security, search queries using terms that include “Apple”, “iPad”, and “Tablet” may result in the display of links that appear to lead to reputable sites containing information and news about the latest Apple product. Unfortunately, when users click on the links, they may be redirected to a maliciously encoded website or one that reports their system is infected with spyware/viruses. Computer security giant, Websense, has also posted an alert on its website, cautioning about this trending threat.
SEO Poisoning is not a new technique. For years, distributors of malware have used the popularity of current movies, products, and, sickeningly, youth entertainment offerings (e.g. Disney and Nickelodeon). Though Google, Bing and Yahoo may take efforts to begin filtering the Apple iPad malicious links, it is impossible to remove them all or prevent them from coming back. Computer users should always be cautious when clicking on any link returned from a search engine. The simplest way to gauge authenticity is by comparing the title of the link returned with the actual link displayed below. If they appear totally unrelated (e.g. Disney title with .cz domain), its a good idea to move on to another result.
Apple iPad Unveiled: Initial Reactions Mixed
Today, Apple officially debuted its latest touch product, the iPad. While hardcore Apple junkies were obviously excited, after monitoring two websites and posting approximately 82 Tweets in two hours, we were left feeling less than satisfied. Why? Several key features seem to be absent.
Lest we be accused of being hopeless cynics, we’ll start off with the good. What are the Pros we can derive from our virtual tour?
Pros: WiFi ready, multiple storage options, supports direct downloads from iTunes and App Stores, desktop ready when used with dock and optional keyboard, iBook allows for real digital reading, game graphics were excellent quality, iWork applications provide real productivity possibilities, photo albums and calendars appear easy to use, drop-down menus and soft keyboard appear to make data input and navigation easy
There is a lot of good in the Pros list. So why are we still disappointed? Well, with the exception of iWork and iBook, we could pretty much get the same functionality in an iPhone or iPod Touch. We had Apps. We had Stanza for eBooks. We had a calendar and photos. We even had a soft keyboard. For that matter, we even had WiFi.
Despite the fact that most of these things were on a smaller scale, it doesn’t detract from the fact that we had them. All we’re really gaining in iPad is inches. Add on top of that, the fact that there is no camera, and it feels like Apple actually took functionality away from us. We may have never had it on the iPhone or iPod Touch, but the holy grail for many has been (and continues to be) support for Adobe Flash, which is crucial for those who lime to watch streaming televison shows on sites like Hulu, ABC, and NBC. Having Steve Jobs first page view on the iPad resolve into a Flash plug-in error only served to rub salt in the wound. Having said all of that, here is the list of Cons you knew was coming:
Cons: Overpriced for storage capacity (beginning at $499 for 64GB and WiFi only), no camera, no support for flash, seems to have too much iPhone/iPod operating system design and not enough OS X design, giving it 3G capabilities and not including cellular voice capability seems downright stingy
As you can discern, our initial impression is not the best. That is not to say, though, that a hands-on benchmarking might not make it feel like a really big iPod Touch. For the price of the base model, you can by a Netbook with a full OS (even if it is Windows), a camera, support for USB, and, lest we forget, Adobe Flash. Only time…and sales…will tell if the Apple iPad will be as big a hit as its smaller siblings.
Geek Shui Living on MWD: What the Apple Tablet needs to sell the purchase to your significant other.
Okay, every techie, geek, and gadget junkie knows what today is. Supposedly…and hopefully…Apple will debut the long-fabled and much-speculated version of their tablet. Will it be called iSlate, iTablet, or iCostalot? No one knows for sure, yet. To date, we’ve seen endless discussions on tech-related websites around the world regarding what it will look like, how much it will cost, etc.
Let’s be honest with ourselves. Any real technophile knows that it won’t matter if it costs $299 or $999. You will want it. You will wait in line for 32-hours, with people dressed up as Star Wars characters to buy it. If you’re single, you can stop reading because the rest of this doesn’t apply to you. For those that have a significant other who is not a geek, you are going to have to be able to justify buying yet another gadget. To garner support, the Apple Table is definitely going to need key features….
Read the rest of this post by Geek Shui Living, on the technology news website, MWD, by clicking on the image below.
Four Free iPhone Apps That Could Save Your Life
By now, most people have heard the story of the Colorado man, Dan Woolley, who, when trapped under the rubble after Haiti’s massive earthquake, used his iPhone to help him survive. Now, before you go all cynical and say that’s just about as feasible as the pregnant woman who said the iPhone helped her conceive, hear me out. Because critical thinking is imperative (Remember that class from college?), we have to take an objective look at his circumstances and the actions he took.
By Woolley’s own account, he used the backlight and camera from his iPhone to survey and take pictures of his surroundings. He also stated that he used a medical iPhone Application to diagnose and treat his own injuries. Specifically, he indicated the backlight function helped him navigate his way to an elevator shaft where he waited the rest of his 65 hour entrapment, until eventually being rescued. Obviously, Woolley had a will to live, which is the number one item on the list of important things to do when in danger. Quick wits on the part of Woolley were crucial, as well, in allowing him to remain calm and actually develop a plan. It has to be said, though, that the iPhone really did help him survive. Does it mean that he would have perished without it? This is not necessarily true, but I don’t imagine you or I want to try it and find out.
What his horrible experience does teach us is that it is important to use whatever you have, in case of emergency, to help yourself live to see another day. Having said that and for the benefit of all the iPhone owners out there, I have compiled a list of four (because everyone does five and ten) ,useful free iPhone Applications (in no particular order) that just might help you save yourself one day. There may be paid Apps that could save your life, too, but we all know free stuff is much cheaper. Please take heed, this list is theoretical and has not been (nor will be) tested by any of our own geeks. There are no guarantees here, but, in the event of an emergency, could having these Apps on your iPhone really make the situation any worse?
Top Four Lifesaving iPhone Apps
1. Flashlight – (by John Haney Software) The name says it all. Unlike the $1.99 flashlight you keep in the drawer with worn out batteries, you fire this App up and immediately have light. The difference between this and the regular iPhone backlight is the fact that you can configure it to stay on until you close the App. Additionally, you can choose between different colors, so, if you had two iPhones, you could probably go a step further and use it to guide ships into harbor or help planes land in the event of a blackout. Download It
2. Background Check App – (by BeenVerified.com) This one isn’t so much a “save your life in the moment of danger” App, as it is a proactive danger prevention tool. What does this mean? Well, the App purports to check backgrounds using criminal history, property records, current listings, etc. So, imagine you are at your local bar. You meet a seemingly nice man/woman, who chats you up over Mojitos. He/she tells you their name, where they live, etc. You want to make sure they are some sort of stalker or serial killer, so when they go to the bathroom you check them out with this App. Is it accurate? Who really knows. Wouldn’t you rather err on the side of caution, though? One word of warning: The reviews say it only lets you search three people per week, for free. For this reason, make sure you save your three for Friday and Saturday nights. Download It
(Note: Alternatively, you could download Most Wanted. This App keeps a, by-state listing, of the FBI’s Most Wanted Criminals, Terrorists, and other generally bad guys/girls. Checking your potential boyfriend/girlfriend with this couldn’t hurt either.)
3. Compass Free – (by Masayuki Akamatsu) Before you say it, yes, the iPhone 3.x software came with a compass. This one is for the unfortunate people who still have an iPhone 3G running 2.x software. For those people, being hopelessly lost in the wilderness with a compass-less iPhone is still a possibility. They need worry no longer! Simply opening the App and placing a finger at a 90-degree angle on the middle of the dial and turning it horizontally displays which direction is north. Now, its just a matter of heading off in the direction of civilization (if you know where that is). Is it 100% correct all the time. No, it isn’t, but, if you couldn’t use nature and the sky to determine the direction, you were doomed to wander in circles for days. Thusly, the fact that the compass was wrong really didn’t make your situation any worse. Download It
4. Lightsaber Unleashed – (by TheMacBox) Okay, here’s the dangerous scenario. You’re home is invaded by robots. They don’t have brains but they do have some kind of sensory unit that enables them to retain the equivalent of “memories”. If you’re in luck, the ones that invade your home have: (1). Been shown Star Wars videos as training aids; and (2) Are droids are with “memories” of watching their comrades get cut in half by a light saber. Assuming your droid had a capacity to learn, it might hear the sound of “Whaaaam, Whaaam”, catch a glimpse of the color (Use blue so they don’t think you’re a fellow bad guy.), think of its fallen comrades, and take off, before finding out that you’re just a geek with an iPhone. (Alternatively, this might also work with Ewoks or Gungans, with bad eyesight.) Download It
Okay, you’re done with your indoctrination. Armed with this valuable knowledge, go forth, download these Apps, and practice for the day you might need them. We’ll leave you with one last, important reminder. The most important thing about preparing for any emergency is not having the tools but practicing the plan!
Our latest Post on MWD – Don’t steal hope from Haiti
Geek Shui Living just published our most recent post on the technology news website, MWD.com. Following is an excerpt:
On January 22, 2010, the Apple iTunes Store made available for purchase the Hope for Haiti Now album. Included in the $7.99 purchase are 20 songs, from various artists who participated in the January 22nd Telethon. Airing simultaneously, on over 60 major and cable networks, performances included notable artists, such as John Legend, Beyonce, Bruce Springsteen, Jay-Z, Bono, Dave Matthews, and Neil Young, just to name a few.
What does all of this have to do with technology? Well, most technophiles, like myself, rarely visit a music store to buy albums. Instead, we depend on electronic sources, like the Apple iTunes Store. Many, though, choose to visit an alternate store that I like to call “The Special Internet Store”. Its a magical place where music, movies, and other digital media are offered at steeply discounted (as in 100%) prices. The only labor required is usually through the installation and configuration of the Peer-to-Peer (P2P) file sharing or Bit Torrent applications.
Click here to read more of this informative post that includes a reminder on good ethics: http://bit.ly/StealingHaitiGS
Don't Steal Hope from Haiti
U.S. State Department shifts focus from freeing Tibet to work on “Free Internet”
Excerpt from latest Geek Shui Living blog on MWD.com:
On January 21, 2010, U.S. Secretary of State, Hillary Rodham Clinton, spoke at the Newseum, in Washington D.C. The topic? Free internet of course! Unfortunately, for most of the techie crowd, she was not referring to the demilitarization of Internet Service Providers and the eradication of the overpriced monthly fees they demand in return for downloading torrents at high-speeds. More importantly, she was referring to…
Click here to visit MWD and read the entire article.
The Google vs. China Megamatch: The sordid details behind Aurora and Internet Explorer exploit.
Note: Following is the first of what Geek Shui Living hopes will be many posts by a network security guru, known ominously as The Reaper. We warmly welcome him to the team!
What is the Current Aurora Exploit Situation?
A computer code that exploits a serious Internet Explorer vulnerability (now patched under MS10-002) used in Operation Aurora to attack Google and others in December has now been published on the Internet. Many people are taking the matter seriously. The German government, for example, has recommended that its citizens stop using Internet Explorer and use alternative browsers instead. Microsoft released a patch for the vulnerability on January 21, 2010.
How did Operation “Aurora” Come to be?
Some may wonder about the origin of the name “Aurora.” Did McAfee make it up on its own? Did it just sound cool as it rolls clumsily off the tongue? Based on analysis, “Aurora” was part of the file path on the attacker’s machine that was included in two of the malware binaries that were confirmed to be associated with the attack. The filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine. The name was the internal name the attacker(s) gave to this operation. While Google itself has said that the attacks “originated in China,” experts have been quick to point out that attackers commonly route their communications through faraway computers, and that the real attackers may be located anywhere in the world. New clues, though, about the origins of the malicious software that was used to exploit the newly-patched Internet Explorer vulnerability suggest that the exploit was in fact assembled by Chinese programmers.
How Were Systems Compromised?
When a user manually loaded/navigated to a malicious web page from a vulnerable Microsoft Windows system, a JavaScript code was executed that checked for vulnerability, within the system, and, upon positive identification, injected a package to exploit the vulnerability, which specifically related to the Microsoft Internet Explorer DOM Operation Memory Corruption Vulnerability. Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.
What was the Payload of the Exploit?
Once a system was successfully compromised, the exploit was designed to download and run an executable from a site, which has since been taken offline (but will surely pop up again elsewhere). That executable installed a remote access Trojan to load at startup. This Trojan also contacted a remote server. This allowed remote attackers to view, create, and modify information on the compromised system. These highly customized attacks known as Advanced Persistent Threats (APT) were, previously, primarily seen by governments (indicating that someone wanted in really badly for more than just credit card numbers). The mere mention of APTs will surely strike fear in even the most veteran of cyberwarriors. They are in fact the equivalent of the modern drone on the battle field. With pinpoint accuracy they deliver their deadly payload, and once discovered, its already too late.
How Serious and Widespread is the Vulnerability?
In this instance, Aurora appears to have been a very concentrated attack on specific targets. It is not believed to be widespread at this time. The Microsoft Internet Explorer vulnerability leveraged in this attack does allow for remote code execution but still requires user intervention, such as following a hyperlink to a website, or opening an email attachment, etc). Furthermore, the single exploit known to exist can be thwarted, except in Internet Explorer 6, by ensuring Data Execution Prevention (DEP) is enabled. This is done by default in Internet Explorer 8 and optionally in Internet Explorer 7. Among the long list of affected browser/OS combinations listed by Microsoft are Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. While the patch may be available, it will not be effective if its not actually installed. Though the Google vs. China occurrence may be winding down, you can be certain that this exploit will reappear, with a different payload and probably aimed at building an evil robot army (are there any other kinds of robot armies?)
For a complete listing of the affected browsers/OS combinations and detailed information on MS10-002: Microsoft Security Bulletin MS10-002 – http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
Important Note: Home users should have Automatic Updates enabled by default, so the patching should be at least semi-automated. As always, though, System and Network Administrators should test this (and any other) patch on a non-production computer or server, to ensure it doesn’t break something critical that is unique to their network and get them fired.
Ivan Vazquez, AKA The Reaper, is a CompTIA Security+ certified professional with more than 15 years of experience in the Information Technology universe, who specializes in network intrusion prevention, incident identification and analysis, content management, and vulnerability scanning and analysis. His past experience includes tenures with nationally and internationally-known technology companies. Have feedback or questions? Don’t be afraid to send them to The Reaper.
Microsoft releases Emergency Patch for Internet Explorer Zero Day Flaw; Neither Admits nor Denies Anything
Today, Microsoft released Security Bulletin MS10-002, titled “Cumulative Security Update for Internet Explorer”. Though no specific acknowledgement or denial has been made on Microsoft’s part, investigation to date, by third party computer giant McAfee and independent researchers, has pinned blame for China’s alleged infiltration of Google’s network on this previously unmitigated (and apparently unknown) vulnerability. The bulletin’s Executive Summary states:
“This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Versions of Internet Explorer affected include: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. Affected Microsoft Operating Systems run the gamut from Windows 2000 SP4/Windows Server 2003 to the most current iterations Windows 7/Windows Server 2008. Microsoft operating system home users, with Automatic Updates configured, should have the patch installed automatically. For system and network administrators, the patch should be tested prior to actual deployment, since the newness of the patch prohibits stating with certainty that web-based applications, dependent upon Internet Explorer, will not be negatively affected.
In either case, this patch is a “must install” for all Microsoft users. Whether it was the Chinese Government or someone else trying to frame them, the vulnerability is a serious one that could ultimately be used to turn millions of Microsoft PCs into Botnet Zombies.
Source:
Microsoft Security Bulletin MS10-002 – http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
Decrease in Youth Activity Blamed on New-Fangled Smartphones
The technologically-challenged are sure to be overjoyed with the findings of a newly released report, entitled “Generation M2: Media in the Lives of 8- to 18-year-olds,” published by the Kaiser Family Foundation….
Read the rest of this Geek Shui Living post on the uber-technical website, MWD.com: http://bit.ly/5ryFrY
