Defence In Depth

I still don’t understand the reasoning behind, but for some reason Google put up a background image in their home page. This would of course remind you of Bing that has this feature since day one. Google has now made this feature an option and you can choose any background from a link at the left bottom corner.

It is notable that Google has never put up any ads on their home page for speedy loads and sleek look, I like it as plain it has always been.

When you are already number 1 by a long shot why imitate? I am sure this would have left many Google executives with a red face. The picture below is an example of the custom background.

I am sure many must have liked it as a personalized experience.

– Sumit

As you might have already heard that Google is offering a “Beta” version of the SSL encrypted search on its site. This will help warding off any sniffing over your Google searches and will help in tackling hijacking search results.

The URL is https://www.google.com/

I personally have never heard much about hijacking search results but Google as usual is ahead of the game here. Go ahead and give it a try

– Sumit

Today I heard about a new kind of malware called Ransomware and found it pretty interesting. After further research I found out that it is not a new kind and has been around for more than a decade.

It is like any other kind of malware that  can propagate via email, web or infected files. This malware can encrypt your file or file names, lock down essential system services or display screen at the start up.

Once activated it will extort the victim by asking to ransom to receive decryption key or ask to send text message to the premium services. It may also ask for credit card information to buy a tool in order to unlock the system. The victim can be pretty helpless in this attack if malware is able to encrypt important files with large key size along with the use of good encryption techniques like RSA as it’s impossible to break with normal desktops. You may have a chance with distributed computing or a super computer though.

Like most of the malware defence prevention is the only cure here.

• Try to not to download files on untrusted websites, majority of the software offering attractive screensavers and emoticons have trojans embedded in them.
• Use a good security software from a trust company, I personally like to use anti-virus, firewall and anti-spyware from different companies because no company offer best of these in a bundled package.
• Do not open email attachments from unknown sources.
• Learn to distinguish between a legitimate and phishing email leading you to the malicious websites, there are plenty of examples on the web.
• Avoid opening short-urls like bit.ly or tinyurl.com and if you must, consider using the “Long Url Please” addon for firefox which exposes the real urls hiding behind a short one. You can get it from here: https://addons.mozilla.org/en-US/firefox/addon/9549?version=0.4.2
• Avoid giving out too much personal information on the public websites including the social networking ones (I know you must be thinking what it has to do with the malware but this will help you protecting your identity which is the key target of malware)

I hope we all make continuous efforts to keep our systems clean and protected from nefarious users.

–Sumit

I know it has been sometime since I posted in my blog as I have been quite busy lately. Today as I was reading this article about hidden security threats we encounter online I wondered if many of us even take these as security risks. As online activities become a part of life and business there is a very fine line between a security conscious and paranoid.

The article talks about the following hidden security risks

• Shortened URLs
• Data Harvesting of Your Profile
• Social Network Impostors
• Web Snooping
• Scareware
• Trojan Horse Texts
• Lost Laptops, Exposed Data
• Rogue Wi-Fi Hotspots
• Weak Wi-Fi Security
• Endangered Data Backups
• Unpatched Software
• Security Myths

The summary is to avoid giving out too much personal information, trust any unknown source, keep your data safe/encrypted, destroy sensitive information properly, keep your computer updated, and above all create multiple layers of security.

Complete article is given here: http://www.networkworld.com/news/2010/012510-stop-11-hidden-security.html

– Sumit

I have been reading the security bootcamp emails daily from Infoword these days and I must say they are very informative and have helped me a lot to understand various aspects of security.

Here is one of the bootcamp email i got a chance to read today and is one of the best articles you will find out about high availability, business continuity and disaster recovery planning!

Check it out here: http://www.infoworld.com/d/security-central/are-you-ready-big-one-115

– Sumit

It has been a couple of weeks since Microsft has advised IT administrators to disable SMBv2 because of an unpatched vulnerability that affects Windows Vista, Windows 7 and Windows Server 2008.

This vulnerability could allow remote code execution which accounts for majority of vulnerabilities given today.

Microsoft has provided a tool to do this manually.

The link is give here: http://support.microsoft.com/kb/975497

– Sumit

If you are looking for a free, fast and no non-sense IP scanner for your network (or someone else’s ) you should really give angry IP scanner a try!

It is supported on Windows, Linux and Mac platform and above all its released under open source license, it is not the best port/IP scanner but it solves your purpose.

Link: http://www.angryip.org/w/Home

- Sumit

IBM has been releasing the quarterly reports about current threat trends in information security from some time now.

They have already released their mid-year report which could be found at: http://www-935.ibm.com/services/us/iss/xforce/trendreports/

I have read the 2008 annual reports and this report represents many trend differences as compared to it.

Some of the highlights are: -

• More use of organized crime for financial gains. Economical gain is still the number 1 cause for all security threats and attackers are keeping ROI in mind while developing attacks.
• Political/Military gains motivated attacks have also accelerated with time.
• Design of malware has changed with time and attackers are using newer ways to pentrate into systems.
• Attacker are selling vulnerable systems to other criminal organizations by displaying the reliability of their deployed mechanisms.
• Vulnerabilities in terms of CVSS score are high with 30%, medium with 62%, low at 7% and low at 1%
• Gain access, data manipulation and denial of services are still top 3 vulnerability consequences.
• Apple reaches number 1 sport and Sun no 2 in terms of disclosed vulnerabilities
• MS still has no 1 ranking in high vulnerabilities
• Nearly 49% of all the vulnerabilities disclosed in first half of 2009 had no remedies provided by the vendor.
• Web application is still the top concern and is a very under-rated problem
• Of all the vulnerabilities disclosed in 2009 50.4% were related to web based applications
• Cross-site scripting and sql injections are still no. 1 form of web application attacks
• 90% of injection attacks are attributed to sql injections. They are being carried out by automated scripts
• SQL injection attacks have grown by 50% as compared to Q4 2008 and have doubled in Q2 vs Q1 2009
• Largest number of client-side vulnerabilities exist in browser and their plugins.
• .pdf files are becoming popular methods of attack because users trust these more than .exe files. In fact pdf files have surpassed office applications in terms of document related vulnerabilities.
• There has been increase in number of anonymous proxy websites and obfuscated web pages and files.
• Phishing is down 80% as compared to 2008 report.
• Trojans are up 9% and have really grown in sophistication
• Infostealer and downloader are  the top trojans for 2009 so far
• Hackers continue to take advantage of scareware and trick end users to install fake security software which are malware in reality.
• Spam is up 40% than 2008, majority being URL based with a life span of 1 week or less. Top 10 popular subject to 38% of all phishing emails
• Hackers have increased the use of trusted domains with catchy subject lines to attract users.
• HTML based spam has dominated where as image based has declined since 2008
• Majority of spam urls last 7 days or less
• Spam origins from Brazil and India has increased after Q4 2008
• Financial institutions remain top target of phishing at 66.3% followed by Online payments at 31.4%

I would recommend to read the full report since it provides much more information and will help security professionals to change their focus towards new trends.

– Sumit

Welcome to Defence in Depth!

This is my first blog, i hope i will be able to keep up with the posts here!

I am a fan of multi-layered security model when it comes to Information Security and i hope to share my learnings with you

Thanks for stopping by.

Sumit