This all depends on if they get the patchwaork dns server order extended. If they do then your infected pc will work fine. I hope they do not then these mahcines will cease to work and the infection will become obvious.
If your PC starts acting weird or totally goes offline on or after March 8th(for folks who keep their computers off) Please contact ECC for assistance.
Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan — Krebs on Security.
There is another bill called ACTA which has been worked on behind closed doors and is set to assault everyone even more than SOPA. I have said SOPA was a misdirection and it was. Whether ACTA is the real beast or another deception remains to be seen. This bill needs to be fought harder on a global level than SOPA was. Considering how critical the internet is to the world in terms of business ACTA is even more dangerous than SOPA.
With the online community seemingly victorious in defeating the SOPA/PIPA bills in the US, you might think a collective sigh of relief would be in order.Attention on the SOPA fight is now quickly turning to another highly controversial attempt to protect intellectual property, which could allow for significantly greater powers to monitor web users. And the EU could be set to sign up despite strong opposition.The secretive Anti-Counterfeiting Trade Agreement ACTA might not be new, but it is shaping up to be the next target for protests by a galvanised online community. In fact, the ACTA treaty has been drawing condemnation from all manner of groups intent on protecting their rights, since it was leaked that the US, EU and various nations would negotiate treaty content.Australia, Canada, Japan, Republic of Korea, Morocco, New Zealand, Singapore, and the US have all signed up to ACTA, while the EU and others have indicated a commitment to do so at a later stage.There has been an air of secrecy about whats actually going into the bill. At first, it was thought that negotiations were mostly about physical goods. However, a series of leaks highlighted intentions to cover “internet distribution and information technology”, according to the Electronic Frontier Foundation.Under rules being put forward by the treaty, ISPs would be actively encouraged to monitor web users to make sure that IP infringement was not taking place. For the average web user it would be a catastrophic blow to freedom online.What is particularly is that it undermines the democratic debate of existing IP monitoring bodies such as the World Intellectual Property Organisation and the World Trade Organisation.Aside from a lack of transparency, controversy has also surrounded the relatively small group of countries involved in the ongoing talks, with many developing nations left out of discussions. This means that wealthy countries looking to push a hard line on IP laws will be able to decide which rules they want in place with little opportunity for change at a later date. Even in the nations in talks there is little inclusion by “civil society”, as the EFF puts it.
via Secret ACTA bill shakes the web – Online communities ready themselves for another fight | TechEye.
Once again Microsoft engages in anti-competitive and blatantly monopolistic behavior. Note this happens right after they are freed of the DOJ anti-trust oversight. If you are going to buy any kind of mobile device make sure it does NOT run windows or you won’t every be able to run anything but windows in it.
With Windows 8 coming out later this year, there has already been controversy about whether computers that ship with Windows 8 will have the ability to run Linux, either as a replacement for Windows or in a dual-boot setup. As weve reported, a process called UEFI secure booting prevents the booting of operating systems not signed by a trusted Certificate Authority—and hardware makers must enable the secure boot technology to qualify for a Designed for Windows 8 logo.This would make it difficult, but not impossible, for Linux operating systems to be installed on Windows 8 computers. Hardware manufacturers can still give users the option of disabling secure boot and running any operating system they wish. However, it now appears that flexibility will only be available to Windows 8 systems running on Intel chips, and not ARM ones.A Computerworld blog post points to a recent Microsoft document laying out the Windows 8 hardware certification requirements for client and server systems. This document mandates flexibility on Intel systems: “On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup,” Microsoft writes on page 116 of the document. But the opposite is true for ARM systems running Windows 8. “On an ARM system, it is forbidden to enable Custom Mode. … Disabling Secure MUST NOT be possible on ARM systems,” Microsoft states.This may still leave open the possibility that makers of Linux distributions can provide a signed version of the operating system, so that it can be installed alongside Windows 8 on ARM systems. But the prohibition on disabling secure boot does place another obstacle in the way. Weve reached out to Microsoft to see if the company has any further comment.
via Microsoft mandating Secure Boot on ARM, making Linux installs difficult.
Time for me to start recommending routers with dd-wrt and NO WPS capabilities. If turning it off doesn’t turn it off then security is non-existent for wireless network. Ick.
The attack took about six hours to properly guess the PIN and return the SSID and password for the target network. During that time, the router locked up once under load, as I was putting normal levels of network traffic through it from other devices. Some routers will also lock out WPS requests for five minutes or so when they detect multiple failed PIN submissions—mine stopped responding occasionally, generating a string of warnings, but Reaver picked back up where it left off once the Linksys started responding again.
Having demonstrated the insecurity of WPS, I went into the Linksys’ administrative interface and turned WPS off. Then, I relaunched Reaver, figuring that surely setting the router to manual configuration would block the attacks at the door. But apparently Reaver didn’t get the memo, and the Linksys’ WPS interface still responded to its queries—once again coughing up the password and SSID.
The tool also managed to repeatedly cause the router to stop responding to other computers on the network, essentially creating a denial of service attack—a great thing to remember for the next time my neighbors have a loud, all-night Call of Duty session.
In a phone conversation, Craig Heffner says that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they’ve tested. “On all of the Linksys routers, you cannot manually disable WPS,” he said. While the Web interface has a radio button that allegedly turns off WPS configuration, “it’s still on and still vulnerable.”
I figured it was a matter of time before this was exposed. The pins are usually 8 digits which it has been known for quite some time that you need at least 12 sufficiently random characters for any kind of protection against brute force attacks. Of course the lack of a lockout system makes it even more trivial.
WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs | threatpost.
Subway itself wasn’t nailed but it franchisees were. Most franchise holders are SMB’s and many of them don’t think they are vulnerable due to their size. However criminals are banking on that thinking now to hijack everything from computers to POS systems(many of which are simply windows computers with POS overlays running on them). this means proper security for all of these systems are important. If you are a small business please contact ECC for a security audit if you have never had one done.
For thousands of customers of Subway restaurants around the US over the past few years, paying for their $5 footlong sub was a ticket to having their credit card data stolen. In a scheme dating back at least to 2008, a band of Romanian hackers is alleged to have stolen payment card data from the point-of-sale (POS) systems of hundreds of small businesses, including more than 150 Subway restaurant franchises and at least 50 other small retailers. And those retailers made it possible by practically leaving their cash drawers open to the Internet, letting the hackers ring up over $3 million in fraudulent charges.
In an indictment unsealed in the US District Court of New Hampshire on December 8, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims.
“This is the crime of the future,” said Dave Marcus, director of security research and communications at McAfee Labs in an interview with Ars. Instead of coming in with guns and robbing the till, he said, criminals can target small businesses, “root them from across the planet, and steal digitally.”
The tools used in the crime are widely available on the Internet for anyone willing to take the risks, and small businesses’ generally poor security practices and reliance on common, inexpensive software packages to run their operations makes them easy pickings for large-scale scams like this one, Marcus said.
While the scale of this particular ring may be significant, the methods used by the attackers were hardly sophisticated. According to the indictment, the systems attacked were discovered through a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them. The software provided a ready-made back door for the hackers to gain entry to the POS systems—which is why remote access software is banned from systems that handle payment cards by the PCI Security Standards Council, which governs credit card and debit card payment systems security.
“With PCI compliance, those apps shouldn’t be on those systems,” said Konrad Fellmann, audit and compliance manager for SecureState, an IT security firm with a practice in retail security auditing, in an interview with Ars. But because small retailers who don’t store credit card data, they’re not required to have the same level of auditing as larger companies, Fellmann said.
via How hackers gave Subway a $30 million lesson in point-of-sale security.
This link aggregates all of techcrunchs coverage with decent linking to outside sites about this too.
Crapware on a pc or mac is easy to combat….format the machine and use your own, known good image. Phones however are a new frontier of badness for the enterprise and anyone with need for data security. Folks wonder why I’ve advocated locking smartphones out of sensitive networks…this is why. I’ve figured this for a while…now it’s been proven. There are quite a few links in this story..please read them. The video that’s blown the lid off this is right here.
You just can’t make this stuff up. If I had told you six months ago to be very careful about entrusting corporate data to mobile carriers who pre-install app crap, because they would build spyware into phones, collect secure web browsing information, and embed this software so deeply that you have to change the ROM to get rid of it, you would have written me off as a paranoid. Yet, that appears to be the situation with CarrierIQ, a carrier utility gone wild.
Like the Master Control Program in the 80s science fiction classic, “Tron,” CarrierIQ collects data for an ostensibly harmless purpose: to help carriers improve the quality of their network and improve the user experience. Then, it goes crazy and tries to kill everyone. It may not be as bad in this case, but the trouble is, though Carrier IQ claims, “we are counting and summarizing performance, not recording keystrokes or providing tracking tools,” third party analysis of Carrier IQ begs to differ.
Specifically, researcher Trevor Eckhart writes on his blog that the Carrier IQ application “is receiving not only HTTP strings directly from browser, but also HTTPs strings. HTTPs data is the only thing protecting much of the ‘secure’ Internet.” Carrier IQ, realizing how damaging this revelation was, tried to squelch Eckhart through a cease-and-desist letter (giving him two whole days to respond, and threatening damages starting at$180K), but the Electronic Frontier Foundation came to the rescue. Carrier IQ relented after the assault from the EFF, and is now “deeply sorry for any concern or trouble” that the letter may have caused Eckhart.
From an enterprise perspective, this is massive. It’s the Jerry Sandusky of mobility. It is an insane breach of trust.
[ Not up to date on Carrier IQ? See Carrier IQ Withdraws Legal Threat Against Security Researcher. ]
Enterprises have long put up with “app crap” on Windows platforms, and, then, on mobile platforms. On the Windows platforms, enterprises would shrug, wipe the machines, re-image them, and move on with work as usual. On mobile, enterprises believed that the app crap was benign enough. Wrong.
We all knew that spyware existed on PCs, but the big difference is that spyware and rootkits got installed by malicious third parties, not our trusted partners who get paid for services that they provide.
All of a sudden, Steve Jobs’ perspective about who should control mobile device firmware doesn’t seem to be such a bad idea.
Carrier IQ has no relationship, at all, with the enterprise. They’ve said that “we do not sell Carrier IQ data to third parties” or “provide real-time data reporting to any customer.” But once you generate the data, it’s there for the taking.
This year’s Data Breach Investigations Report, co-sponsored by the US Secret Service, and, ironically, a mobile provider, emphatically states that organizations need to eliminate unnecessary data collection (since it can and will be stolen.) As enterprise trusted partners, it’s time for carriers to eliminate the middleman. Carrier IQ had no incentive at all to limit the type of data that it collects.
Because Carrier IQ is so carrier focused, it may have even come as something of a surprise to the Carrier IQ folks that they may have violated wiretap laws.
The whole model needs to change, or this incident will be repeated. Carriers currently control the phone, and work with third parties to build management software that they need. The third parties have no skin in the game in terms of the trust relationship with the enterprise. Frankly, in this case, if Carrier IQ’s reputation becomes so tarnished that they can no longer sustain a viable business, they can pull up their tent stakes, change their name, and resume operations.
Well, good for them, but BAD for the enterprise, because the enterprise now needs to start investing the type of time that used to be reserved for Windows PCs, in order to re-image spyware-vulnerable smartphones. It’s not a matter of just removing the software. InformationWeek contributor Mathew Schwartz told me this morning that “some deployments of Carrier IQ by the carriers have an ‘off switch’ that smartphone owners can trigger,” but that he’s also seen reports that it simply doesn’t work.
Carrier IQ: Mobile App Crap Must Stop – Security – Mobile Security – Informationweek.
Watch this folks. I talk about this over and over. a/v isn’t enough..it is only a start. Please start with these basics. Please contact ECC on how to minimize your exposure.
I got Hyper-v working finally here at my office. I now have one box hosting 3 virtual mahcines. VM 1 is my Astaro firewall. VM 2 is my main AD file/print/authentication server. VM 3 is my Astaro Command Center which aggregates status and updates from my astaro and my other client installs to me. This allows me to monitor all of my Astaro easily in one spot without having to constantly individually touch each machine. My power usage used to idle at nearly 130 watts. My idle power now hovers around 60 watts. I now average less than 90 watts which means nearly half of my power budget is now gone. The host machine is running server 2008 R2 enterprise with Hyper-v. It has three physical nics. It also mirrors all functions of the main server except for file serving.
As for resource allocation here is the breakdown:
VM1: 4 vcpus, 2 gigs of ram(static), 3 virtual nics, 80 gigs of dynamic storage on RAID 1, 25% total system cpu ghz reserved with the ability to burst to 50% usage with medium priority.
VM2: 2 vcpus, 2 gigs ram(static), 1 virtual nic, 500 gigs of dynamic storage assigned on it’s own raid 1 array, 0% cpu reservation with burst to 25% cpu with medium priority.
VM3: 4 vcpus, 1 gig ram(static), 1 virtual nic, 120 gigs of dynamic RAID 1 storage, 0% cpu reservation with burst to 25%.
Right now the host machine spends most of it’s time at idle. Considering how little power this draws it will pay for itself in under 1 year.
