August 5th, 2008

Microsoft aims to close Patch Tuesday vulnerability window

Posted by Larry Dignan @ 6:22 am

Categories: General, Microsoft, Security, Software Infrastructure

Tags: Window, Security Company, Microsoft Corp., Security, Larry Dignan

Microsoft is upping the ante in an effort to head off hackers at the Patch Tuesday pass.

Ryan Naraine reports:

The new Microsoft Active Protections Program (MAPP), which will be formally announced at Black Hat USA 2008 here, will give anti-virus, intrusion prevention/detection and corporate network security vendors a head start to add signatures and filters to protect against Microsoft software vulnerabilities.

The idea is to provide detection guidance ahead of time to help security vendors reproduce the vulnerabilities being patched and ship signatures and detection capabilities without false positives.

If folks deployed Patch Tuesday fixes right away–like the minute they were released by Microsoft–that heads up to security vendors wouldn’t be necessary. But the reality is that IT shops have to test the patches first and that takes time. During that time exploit code can be launched.

Hats off to Microsoft for being proactive. The program has its risk–especially if Microsoft’s vulnerability data can be intercepted–but it’s worth a shot

July 31st, 2008

McAfee acquires Reconnex, inks distribution pacts

Posted by Larry Dignan @ 2:05 pm

Categories: General, Security, Software Infrastructure

Tags: McAfee Inc., Real Estate, Financial Accounting, Desktops, Security, Business Operations, Finance, Hardware, Larry Dignan

McAfee on Thursday acquired data loss prevention company Reconnex, inked distribution pacts with HP and Toshiba and reported better than expected second quarter earnings.

The company said it acquired Reconnex, which makes technology that automates data protection, for $46 million. McAfee said Reconnex will allow it to deploy data loss protection systems faster and offer customers better security bundles. The deal will close in the third quarter.

Separately, McAfee said that it will bundle its Internet Security Suite on Toshiba laptops in an exclusive deal that gives consumers a 30-day trial. McAfee and Symantec often duke it out for desktop PC real estate. McAfee also announced that it will provide a 60-day trial of its Total Protection Software on “select HP commercial desktop computers and notebooks.” The offer targets small business customers.

McAfee also reported second quarter net income of $47.8 million, or 30 cents a share, on revenue of $396.8 million, up 26 percent from a year ago. Excluding charges earnings were $83.8 million, or 52 cents a share. Wall Street was expecting earnings of 45 cents a share. Corporate revenue was $240 million in the quarter with consumer sales of $157 million.

The outlook for the third quarter and 2008 was solid. For the third quarter, McAfee sees earnings per share of 46 cents a share to 50 cents a share compared to estimates of 48 cents a share. For 2008, McAfee also upped its outlook.

McAfee’s results follow Symantec’s quarterly financials. The message: Security vendors aren’t being dinged by tight IT budgets.

July 31st, 2008

Roboform launches Enterprise, still wondering if this Mac thing will take off.

Posted by Sam Diaz @ 12:40 pm

Categories: General, Innovation, Security, Software Infrastructure, Web Technology

Tags: Apple Macintosh, Password, Roboform, Mac Sale, Desktops, Hardware, Sam Diaz

I hate passwords - especially in a corporate setting. We’ve all been there - your password must be between 6-8 characters and must include at least one letter, one number, one symbol, yadda yadda yadda. Oh, and you’ll be asked to change it every 60 days. Sigh. OK,  I recognize that IT departments do that sort of stuff to keep the network safe. But I also can sympathize with employees who, because of password overload, write their passwords on sticky notes and keep them at their workstations. Yeah, like that’s keeping the network secure.

Now, here comes RoboForm, a longtme password-management and form-filling product for consumers, with a new Enterprise version. The company released it a few months back but the release from parent company Siber Systems just recently fell in my inbox. I have to admit I was pretty excited to see it. The product is top-notch and its Robo2Go product, which stores all of your passwords on a removable USB drive for use on any computer, was one of my favorites. (”Was” is the key word there.)

Years ago - at least four, maybe five - I had all of my user names and passwords stored on a USB drive in a Roboform file. Access to my bank, credit card and email accounts was as simple as finding an open USB port… until I became a Mac guy. Apparently, RoboForm was not compatible with the Mac. Oh sure, I complained and even resorted to begging and pleading for a Mac version. Yes, that’s how much I liked this product. Instead, I was given the obligatory “We’re working on it.” reply and was sent back to pen-and-paper to keep track of my passwords. In all honesty, I’d kind of forgotten about RoboForm until I heard from them again this week.

Guess what? Still no Mac version. Five years later. In 2008. Can you believe it?

I have a hard time comprehending that, in five years time, this company has not figured out a work-around to make this happen. They have adapters for Firefox (a good thing) and Netscape 7 (who uses that?). It also supports the AOL browser. (I can’t even muster up a sarcastic comment about this.) The underlying message is that it works best with Internet Explorer. (Well, there went that whole security issue.)

Maybe the folks at SiberSystems hasn’t heard but real people and real companies - not just the ultra-geeky - are using Macs. This isn’t 1998. This is 2008. Mac sales are up. There’s even a whole line of Mac computers - desktops, laptops, the whole bit. You might have heard of them.  Macs even connect to the Internet now using a number of different browsers and even are compatible with wireless networks. Microsoft even makes a version of Office for the Mac.

Apologies for the sarcasm but I really want to stand on rooftops and shout out the praises of Roboform - but I just can’t. Not yet.  I’ve been on this cloud computing kick lately and am a firm believer that the computing work we do - whether for business or pleasure - no longer should be tied to one particular operating system. VPN or not, I can access my corporate email from any machine with a browser and a Web connection. Same goes for my Yahoo mail, my Flickr account, my Facebook page and so on.

So what’s the holdup?

I just heard back from Bill Carey, VP of Marketing at SiberSystems, who was a good sport about my whining and even sympathized with my beef. The short answer: it’s coming. Maybe as early as next year. He tells me that the company has been wanting to launch a Mac version for a long time (at least five years, right?) but “we’ve never been able to get out of the starting block. We’ve always had problems finding Mac developers.” (Insert long, awkward, silent pause here.)

The good news is that the company has “recently brought in additional resources” to work on Mac versions of its products. I’ve waited this long. I guess I can wait a little longer. But if I wait too long, I’ll just be using biometrics - fingerprints, eye-scan, whatever - and won’t even need a password.

July 31st, 2008

Symantec is commanding more of your IT budget

Posted by Larry Dignan @ 4:50 am

Categories: General, Security, Software Infrastructure, Storage, Symantec

Tags: IT Budget, Symantec Corp., Information Technology, Storage, Norton 360, Security, Larry Dignan

Symantec’s strategy of selling security and storage together is apparently paying off as companies consolidate the number of vendors they use.

The security and storage management software company reported strong fiscal first quarter results (statement) as net income more than doubled from a year ago. Symantec reported first quarter earnings of $187 million, or 22 cents a share, compared to $95 million, or 10 cents share a year ago. Excluding charges, Symantec reported earnings of $342 million, or 40 cents a share, well ahead of Wall Street projections of 35 cents a share. Revenue was $1.65 billion, up 16 percent from a year ago.

Symantec also upped its outlook for the second quarter and projected revenue between $1.52 billion and $1.56 billion and earnings between 15 cents a share and 17 cents a share. Excluding charges Symantec sees earnings between 34 cents a share and 36 cents a share.

Under the surface it appears that Symantec is winning more wallet share. Symantec had 336 agreements worldwide versus 249 in the same period a year ago with a contract value of more than $300,000 each. Of the 336 agreements, 85 had a value of more than $1 million compared to 48 a year ago. And 80 percent of those transactions included multiple products.

Meanwhile, Symantec is weathering economic uncertainty well. On the company’s conference call, CEO John Thompson said:

The June quarter results highlight the critical nature of our product portfolio to customers around the world. In addition we saw CIOs of large enterprises purchase more products from Symantec as they strive to reduce the number of vendors they much manage. This is a trend we expect to continue particularly during these more challenging economic times…

I think its fair to say that there are a number of customers out there that are cautious in their view of what their spending plans are for the second half of this calendar year and so we can’t be unmindful of that but by the same token we happen to have key product portfolio items in security and storage management which are almost un-deferrable expenditures for them as their data volumes continue to grow. So as data volumes grow so will our business independent of perhaps the broader macroeconomic environment. While we’re not immune we think we do have some degree of insulation from that problem.

Thompson added that the pipeline for September also looks strong. Could it be that Symantec’s security and storage strategy is working? Symantec had bought Veritas to enter the storage software market but the results of the combination have been spotty over the quarters. Now Symantec is in storage, security and virtualization via the purchase of Altiris.

“I also think you’re starting to see a little bit more of products that are not just either storage or security but the combination of the two,” said Enrique Salem.

To Symantec all of these ventures flow together to manage and secure data:

Let me put our strategic intent around virtualization in context for you today. At the endpoint our strategy is based on freeing valuable information from the underlying systems functions. Today important enterprise information is scattered across a broad range of devices from PDAs to storage arrays. This valuable information is deeply entangled with other data such as operating systems and application code, which is far less valuable to any enterprise.

We believe that virtualization when properly applied can decouple information that matters from the rest of IT environment so that it can be independently secured and managed. To help our customers achieve this benefit Symantec is infusing virtualization capabilities across our portfolio from server management and high availability to security.

If CIOs are really consolidating vendors and gravitating to the big vendors Symantec could be in a good position to leverage its storage and security beachhead.

Other odds and ends worth noting:

• Symantec’s Vontu team had its best quarter ever and closed its largest data loss prevention deals ever.
• Norton 360 represents more than 35 percent of the company’s consumer sales.
• Storage and server management software was 37 percent of Symantec’s revenue as sales jumped 12 percent from a year ago with the consumer business accounting for 29 percent of the total (up 12 percent. Security and compliance software was 27 percent of Symantec’s revenue total with services coming in at 7 percent.
• Fifty two percent of revenue was international.

July 8th, 2008

Microsoft delivers 'important' patches

Posted by Larry Dignan @ 10:51 am

Categories: General, Microsoft, Security

Tags: Microsoft SQL Server, Vulnerability, Patch Management, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Windows, Microsoft Outlook, Microsoft Office, Security, Databases

Microsoft on Tuesday delivered nine important patches to fix vulnerabilities in SQL Server, Exchange Server, Vista and Windows Server.

Among the details, which were previewed last week.

CVE-2008-0085: A vulnerability in the way SQL Server manages memory page reuse. An attacker with database operator access could get to customer data. The versions impacted are SQL Server 7.0, SQL Server 2000 and SQL Server 2005 on Windows 2000, Windows Server 2003 and 2008.

CVE-2008-0086: A convert function vulnerability could allow an attacker to take control of a system. Same deal with CVE-2008-0107 and CVE-2008-0106.

CVE-2008-1435: Microsoft says: “A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.” Operating systems impacted include Windows Vista and Windows Server 2008.

CVE-2008-1447 and CVE-2008-1454: Both of these fix vulnerabilities that allow DNS spoofing to redirect Internet traffic from legit sites. Windows 2000, XP, and Server 2003 impacted.

CVE-2008-2247 and CVE-2008-2248: Both of these vulnerabilities appear in Outlook Web Access for Exchange and involve cross-site scripting issues. Exchange Server 2003 and 2007 impacted. Microsoft sums up:

Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run in the security context of the user’s OWA session and could perform any action the user could perform such as reading, sending, and deleting e-mail as the logged-on user.

Also see:

• On deck from MS: Four ‘important’ patches but nothing for IE
• Microsoft warns of “active, targeted” ActiveX control attacks

June 17th, 2008

Bank of America check card data compromised

Posted by Larry Dignan @ 5:02 am

Categories: E-commerce, General, Security

Tags: Bank Of America Corp., Card, Larry Dignan

Bank of America says that some of the information from its check cards have been compromised.

In a letter to customers–I was one of them–Bank of America said:

We have learned that information from certain Bank of America Check Cards may have been compromised. Your Check Card number may have been part of this compromise. To ensure that your privacy is protected to the best of our ability we have taken the following steps:

• As a measure of added security we have issued you a replacement Bank of America check Card. It is included with this letter.
• Your old card will be closed within 30-days of this letter.
• We will monitor activity on your Bank of America account; if we detect any suspicious transactions we will notify you immediately.

From there, Bank of America tells you to activate the new card, check recurring payments and destroy the old card. And last but not least monitor your account.

Bank of America closes with “we understand that some of these steps may pose an inconvenience to you” and the bank says it “is working hard to keep your financial information secure.”

I’ll call to see how many other card numbers were compromised beyond mine. One annoyance: After you activate your card Bank of America pitches you on a privacy protection service. That’s a bit tacky given that Bank of America compromised your data in the first place.

Update: A Bank of America spokeswoman wouldn’t put a figure on how many accounts may have been compromised. She did say the following:

This was not a breach of the bank’s systems. Sometimes we are notified by the card associations. If a card is compromised at third party we notify the customer and replace the card.

The spokeswoman wouldn’t disclose the third party where the breach occurred.

June 16th, 2008

MySpace plays more spam Whac-a-Mole; Wins $6 million settlement

Posted by Larry Dignan @ 7:18 pm

Categories: General, MySpace, Security, Web Technology

Tags: Settlement, MySpace, Cyberthreats, Spam, Litigation, Security, Spam And Phishing, Business Operations, Larry Dignan

MySpace has won a $6 million spam settlement against an affiliate network called Media Breakaway and its CEO Scott Richter.

The MySpace victory comes a month after it won a $230 million settlement against well-known spammers Stanford Wallace and Walter Rines. In its latest victory, MySpace won an arbitration hearing where it was awarded $4.8 million in damages and $1.2 million in attorneys fees and costs. MySpace alleged Media Breakaway violated the CAN SPAM Act among other statutes. Media Breakaway, officially a “performance-based marketing solutions” company, denied the claims.

George H. King, a judge in the Central District of California, ruled for MySpace in arbitration. The final ruling (PDF download) hinged on what was acceptable commercial use of MySpace (Techmeme).

The official line from MySpace chief security officer Hemanshu Nigam:

“MySpace has zero tolerance for illegal activity on our site and is committed to bringing to justice those who try to harm our members. Recently, MySpace won a major victory against Scott Richter and Media Breakaway under the Federal CAN SPAM Act. This award reflects MySpace’s continued momentum and holistic approach to ridding the site of spammers and phishers through technological innovation, education, partnerships and enforcement. We will continue to do our part in cleansing the Internet of this invasive onslaught of spam.”

The reality: MySpace is playing a neverending game of spam Whac-a-Mole. What’s MySpace and other sites dealing with? Check this excerpt from the complaint:

It doesn’t sound like Media Breakaway is actually going to repent. The spam battle continues…

June 16th, 2008

Delta Airlines pioneers biometric aiport security screening

Posted by Jason Perlow @ 9:40 am

Categories: Hardware Infrastructure, Personal Technology, Security, Software Infrastructure

Tags: Delta Air Lines Inc., Clear, Business Structures, Security, Finance, Jason Perlow

As predicted in my previous post about Continental Airlines’ actively obstructive behavior in order to prevent access to CLEAR lanes in its major airport hubs, a major competing airline, Delta Airlines threw down the gauntlet this morning as the first major domestic US air carrier to enter a long term co-branded partnership with Verified Identity Pass.

(NEW YORK) – June 16, 2008 – In time for the busy summer travel season, Clear®, the fast pass for airport security, today announced a broad partnership with Delta Air Lines that includes the operation of fast lanes in Delta terminals at New York’s JFK and LaGuardia airports, and Los Angeles International, starting this summer. Beginning today, new enrollment centers will open in select Delta Crown Room Clubs in Atlanta that provide a convenient way for customers to join Clear’s Fast Pass program.

The Clear-Delta Air Lines partnership will include a significant presence for Clear in Delta’s terminals, online at delta.com and through a direct marketing campaign to its SkyMiles® members. All Delta SkyMiles members will be offered bonus miles when they join Clear.

Read the entire CLEAR and Delta Airlines press release here.

Also See: CLEAR biometric technology gallery

June 12th, 2008

Continental's TSA Airport Security is decidedly Un-CLEAR

Posted by Jason Perlow @ 9:38 am

Categories: General, Hardware Infrastructure, Links, News to know, Personal Technology, Security, Software Infrastructure

Tags: Program, Continental Airlines Inc., Airport Security, Airport, Clear, Transportation Security Administration, Newark Liberty, Security, Jason Perlow

As some of you may know, my job as a systems architect for one of the world’s largest systems integration firms requires that I do a large amount of travel. Typically, I’m away from home about four days out of the week. Naturally, this results in going through a lot of airport security lines. Like many frequent air travelers, I try to be loyal to a single airline in order to build up frequent flyer points in order to increase my status and possibility for receiving preferential treatment on that airline. In my case, I recently achieved enough points in order to qualify for “Gold” OnePass Elite status on Continental Airlines. Among other benefits, this entitles me to shorter, preferential bag drop-off lines, a higher potential for First Class upgrades, priority boarding, as well as use of the separate EliteAccess TSA security lines at terminals that Continental controls.

Unfortunately — or fortunately depending on how you view the situation — I happen to live near Continental’s primary East Coast hub, Newark Liberty International Airport, so its the one that I use the most. Continental effectively controls this airport, as approximately 85 percent of all departing flights are Continental’s. Newark Liberty is ranked as the tenth busiest airport in the entire country, the fifth busiest in the US for international travel, and is the second busiest airport in the New York metropolitan area, handling a volume of approximately 36.3 million passengers per year, versus JFK’s 47.8 and LaGuardia’s 25.3, according to 2007 statistics.

Do you have TSA airport security line rage? It’s going to get worse if you fly out of any of Continental-controlled airports. Click on the “Read the rest of this entry” link below for more.

Read the rest of this entry »

June 10th, 2008

Lollicams

Posted by Ed Gottsman @ 8:27 am

Categories: Security, Social networking, Web Technology

Tags: Camera, Sign, Ed Gottsman

According to The Register, there were 1,400 incidents of crossing guard abuse (driving past while they’re in the road, revving engines, shouting epithets, etc.) reported in the UK last year. Dozens of guards (they’re called “lollipop ladies” because of the signs they carry and because, apparently, few of them are men) have been hit by cars.

Local councils are responding with 1) training and 2) the Routesafe Monitor, a double-headed video camera installed in the lollipop person’s stop sign. The camera is activated when the sign is held up and monitors the situation before and behind. Anyone misbehaving while the sign is upright will be taped and (presumably) tracked down and remonstrated with.

So What?

The UK has a lot of law enforcement cameras. By one estimate, Londoners get snapped or taped more than 300 times per day. Who watches all of those feeds? Good question, but it doesn’t work that way. The cameras are used (for the most part) reactively–after a crime is reported, the police go back and retrieve the relevant footage.

300 times. So what difference will a few more cameras make? Read the rest of this entry »

June 8th, 2008

PGP rolls out Whole Disk Encryption for Mac

Posted by Larry Dignan @ 9:01 pm

Categories: Apple, General, Security, Software Infrastructure

Tags: Apple Macintosh, Disk, Encryption, PGP Corp., Whole Disk Encryption, Desktops, Hardware, Larry Dignan

PGP Corp., a security company focused on data encryption, plans to announce that it is offering a Mac OS X version of its Whole Disk Encryption product.

Whole Disk Encryption is used on the Windows platform in multiple verticals. John Dasher, director of product development at PGP, says the Mac OS X version is partially in response to increased enterprise adoption of the Mac platform. The announcement coincides with Apple’s Worldwide Developer Conference.

“A lot of our customers are adopting Macs and told us they would like Whole Disk Encryption for the Mac,” says Dasher. “Most of our customers have at least a few Macs.”

Whole Disk Encryption retails for $119 a seat and is in compliance with FIPS 140-2, a data encryption standard validated by the U.S. government. The latest version of Whole Disk Encryption (9.9) adds pre-boot authentication for Intel-based Mac OS X systems and protects data on desktops, laptops and removable media. PGP’s Whole Disk Encryption locks down all contents on laptops, desktops and drives of all kind.

The idea for PGP is to capitalize on the increasingly heterogeneous enterprise environment with one security encryption product. Forrester Research reckons that enterprise adoption of Macs tripled in the last year to 4.2 percent. That’s a small percentage, but you’d hardly want 4.2 percent of your PCs lying around unencrypted. For instance, the National Institute of Health lost clinical data on 2,500 patients and later only allowed users that didn’t have access to use Macs. Why? The NIH couldn’t encrypt Macs uniformly.

Dasher added that PGP’s Whole Disk Encryption is fully compatible with Apple’s Filevault, which encrypts files.

May 30th, 2008

China's cyber-militia behind U.S. blackouts?

Posted by Larry Dignan @ 3:49 am

Categories: General, Government, Hardware Infrastructure, Security

Tags: U.S., China, Blackout, Hacker, Intelligence Official, Takeaway, Government, Hacking, Spyware, Spyware, Adware & Malware

Chinese hackers may have been behind power blackouts in Florida and the Northeast, according to a report in the National Journal.

The report, penned by Shane Harris for the National Journal, lays out a lengthy case that China has deployed hackers working unofficially and officially for the government and military to probe U.S. infrastructure. That conclusion isn’t terribly surprising, but Harris lays out a bunch of interesting points in this must-read that’s likely to get some attention today (Techmeme). One eye-opener is that the Chinese government makes little distinction between hackers that work for the government and freelance for giggles. The end result is a loose-knit cyber army.

Among the key excerpts from the National Journal report:

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network thhttp://blog.wired.com/defense/2008/05/did-chinas-hack.htmlat controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said.

My problem with this argument is that it’s based on one source recounting intelligence officials that are unnamed. Kevin Poulsen shoots down the argument at Wired’s Threat Level blog while colleague Noah Shachtman touts it. As Poulsen notes this China-behind-the-2003-blackout reasoning sounds like a conspiracy theory. The first reaction to the blackout in New York revolved around terrorism–after all it was only two years after Sept. 11, 2001.

In any case, I was caught in that blackout. It wasn’t fun almost getting trampled at the ferry trying to get to Hoboken. Send my regards to whoever was responsible. Here’s the Energy Department’s final report on the 2003 blackout.

Back to those excerpts:

Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations…A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake.

And.

Joel Brenner, the U.S. counterintelligence chief, said he knows of “a large American company” whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, “The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.’ They had to have got this by hacking into [the company's] systems.”

And.

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used.

And the hits just keep coming. The takeaway is that the U.S. government is waking up to the threat–very slowly-and for all we know is planting these tidbits. In any case, the conclusion is the same. The U.s. needs to step up it up on the cyber defense front.

May 29th, 2008

The corporate espionage game: MediaDefender's attack on Revision3

Posted by Larry Dignan @ 12:35 pm

Categories: General, IT Management, Security

Tags: Game, Network, Attack, MediaDefender, Revision3, Louderback, Servers, Hardware, Larry Dignan

Run don’t walk to read Jim Louderback’s account of how Revision3 was taken down by MediaDefender, a subsidiary of penny stock ArtistDirect.

The gist: Revision3 suffered a denial of service attack that was orchestrated by MediaDefender. Louderback’s well-told tale has all the details, but we’ll pick it up here:

So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at MediaDefender.

First, they willingly admitted to abusing Revision3’s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only - to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.

Second, and here’s where the chain of events come into focus, although not the motive. We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of “Hi”s brought down our network.

Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.

“MediaDefender did not do anything specific, targeted at Revision3″, claims Grodsky. “We didn’t do anything to increase the traffic” - beyond what they’d normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender’s back-door access to the server, “traffic piled up (to Revision3 from MediaDefender servers because) it didn’t get any acknowledgment back.”

Putting aside the company’s outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I’m still left to wonder why they didn’t just tell us our basement window was unlocked. A quick call or email and we’d have locked it up tighter than a drum.

My question: Why would MediaDefender call Revision3 when it was getting the goods? It’s like a Peeping Tom going next door to tell the hot neighbor that she leaves her blinds up. It ain’t happening folks.

I’d be more stunned by this incident if I didn’t know it to happen all the time. Companies spy on each other–that’s what so-called corporate intelligence departments are for. Now not all companies are as crooked as MediaDefender, but these things happen more often than you’d think. If you have an entry to monitor your enemy it’s really hard to not watch. This behavior is galling, but there are a bunch of examples of these fun and games.

Baseline magazine had an excellent cover story detailing the corporate espionage market in 2004, the magazine apparently nuked its archive, but luckily the Wayback Machine had it. I hope you enjoy it given it took about a half hour to find the damn thing. Why would a media company cut off its long tail?

May 29th, 2008

Comcast hack: Just a generic attack or BitTorrent revenge?

Posted by Larry Dignan @ 11:08 am

Categories: Broadband, General, Hardware Infrastructure, Security, Telecommunications, Web Technology

Tags: BitTorrent, Comcast Corp., Attack, Dancho, TorrentFreak, Domain Names, Networking, Security, Internet, Larry Dignan

Comcast’s portal had its DNS records hi-jacked in an attack. The big question: Was Comcast just a big target or was this a BitTorrent revenge attack as some folks have speculated?

If you recall, Comcast had drawn some fire over traffic shaping on its network and curtailing peer-to-peer services. It’s pretty easy to connect this hack with that BitTorrent flap, but it may not be that simple. Dancho Danchev has pieced together his investigation (Techmeme) and it’s good play-by-play on the attack.

Dancho explains:

Further investigation into this incident reveals a connection between the group responsible for Comcast’s DNS hijacking and previous incidents such as the defacements of Justin Timberlake, Hilary Duff and Tila Tequila’s MySpace profiles. Comcast.net wasn’t hacked, its DNS records got hijacked, so whenever someone visited comcast.net, the defaced page was loading from different servers.

TorrentFreak speculates that there was some BitTorrent revenge here, but that may be a big leap to make. Sure, BitTorrent throttling was a hot topic–that was ultimately resolved in a partnership.

If anything the BitTorrent flap did make Comcast a newsworthy target but most likely some hackers just caught a large Internet player with its guard down for a bit.

May 29th, 2008

State of the Internet: Old worms live on; Delaware speediest state; South Korea a broadband king

Posted by Larry Dignan @ 4:55 am

Categories: Broadband, General, Government, Hardware Infrastructure, Security, Telecommunications

Tags: Internet, Broadband, Worm, Akamai Technologies Inc., Attack, Attack Traffic, Cyberthreats, Security, Viruses And Worms, Larry Dignan

Akamai on Thursday released its first State of the Internet report and found attack traffic–viruses, worms, bots and such–derived from 125 countries with 30 percent of that traffic coming from the United States and China. Some of these attacks, which occurred in the first quarter, were from worms like Blaster back in 2003.

Of that attack traffic, the top 10 countries accounted for 75 percent of the attacks. The surprising hotspots for attacks included Venezuela, Argentina and Brazil–three places not exactly known for their hacking communities. Russia was a no-show.

Here’s the chart from Akamai’s report, which requires registration:

And the most popular port of attack was Port 135, which got nearly 30 percent of the attacks in the first quarter. This port is used for remote procedure calls on Microsoft operating systems and was used by the Blaster worm way back in 2003.

Akamai explains:

One interesting observation about the ports that see the highest levels of attack traffic is that they were targeted by worms, viruses, and bots that spread across the Internet several years ago. While that’s not to say that there are not any current pieces of malware that attack these ports, it may point to a large pool of Microsoft Windows-based systems that are insufficiently maintained, and remain unpatched years after these attacks “peaked” and were initially mitigated with updated software.

Among other notable findings:

• South Korea had the highest levels of high broadband connectivity (more than 5 Mbps) in the world followed by Japan, Hong Kong and Sweden. See chart at right.
• In the U.S., Delaware had the highest connectivity with more than 60 percent of connections to Akamai topping 5 Mbps. For what it’s worth, Delaware is my home state and it’s nice to see the little place be known for something more than tax free shopping. Of course, I still look at cashiers like they are smoking crack when I have to pay a sales tax but I digress. Rhode Island was second with 42 percent of connections topping 5 Mbps. Call it the small, but speedy rule.
• Washington state was the slowest of the bunch and Akamai didn’t have any reasons for the speed decline. Perhaps Microsoft and Amazon are taking all the bandwidth.
• In the first quarter, 323 million unique IP addresses connected via Akamai.
• Among the slowest countries Rwanda had the most connections below 256 Kbps.

May 27th, 2008

Yahoo sues 'lottery' spammers; Good luck collecting

Posted by Larry Dignan @ 6:37 am

Categories: General, Security, Web Technology, Yahoo

Tags: Yahoo! Inc., Spammer, E-mail, Spam, Sales Channel, Online Communications, Security, Spam And Phishing, Sales, Larry Dignan

Yahoo said Tuesday that it has filed a lawsuit against “Yahoo! Lottery Spammers” for launching a scam where users are convinced that they won a prize from the company.

The lawsuit is the latest filed under the Federal CAN-SPAM Act. Yahoo filed suit in the U.S. District Court for the Southern District of New York under the Federal Trademark Act and other state laws too.

Yahoo’s lawsuit comes just a few weeks after MySpace won a $230 million award against well-known spammer Stanford Wallace. However, Yahoo will have a tough time collecting. The Yahoo! Lottery Spammers gang is a group of unknown criminals aka “Defendants XYZ Companies” and “John/Jane Does.” In its complaint (download PDF), Yahoo says it is hoping to get some help identifying these spammers:

According to Yahoo:

The complaint alleges that without permission or authorization, and with full knowledge and notice of Yahoo!’s trademark rights, the spammers willfully masqueraded as Yahoo!, and sent e-mails claiming that the recipient had won a lottery, prize or other award from Yahoo!. Yahoo! does not offer any such awards and has no affiliation or any connection with the spammers or their e-mail communications. This type of lottery scam is a hoax designed to trick unsuspecting e-mail users into revealing valuable personal data like passwords, credit card information, and social security numbers. Commonly known as a “phishing” scam, in this confidence game, perpetrators typically use the stolen information to access recipients’ bank accounts and credit cards, to apply for unauthorized credit cards or loans, or to fraudulently create documents bearing the victims’ personal identification and then use or sell it in a wide variety of credit and identity scams. Some of the “winners” are also deceived into sending the defendants money for processing and mailing charges.

That sounds great but it’s highly unlikely Yahoo will get anywhere with this suit.

How can you demand a jury trial when you open a complaint with this?

Who exactly will round up these anonymous people?

I’d love to be more constructive about these spam lawsuits, but it’s so tough to nail these criminals. Simply put, you’re on your own against many of these spammers. Fortunately for you if you know how to spell you can avoid a lot of these scams. Check out exhibit A in the spammers can’t spell files:

May 22nd, 2008

TJX whistle blower sacked?

Posted by Larry Dignan @ 2:54 pm

Categories: General, Security, Software Infrastructure

Tags: TJX, CrYpTiC_MauleR, Security, Larry Dignan

TJX, the retailer that was hit with a major security breach, has sacked a whistle blower who was exposing the company’s security issues.

According to the ha.ckers.org site:

I had some very disturbing news today from one of the forum users - he had just been fired by TJX for whistle blowing on their security issues. CrYpTiC_MauleR, who’s posts on TJX can be found here was fired today by TJX for talking about the company’s security flaws. This is the same company who recently lost millions of credit card numbers, for those of you who don’t recall. They tracked him down by IP (we’re still not completely sure how they did this, but we think it may have to do with a DynDNS account he uses), contacted his ISP to find out who he was, brought him into the office, questioned him about what he found, asked for him to write down his thoughts on how to fix the issues and then promptly fired him.

I completely understand why a company would want to reduce their risk, but this doesn’t bode well for future would-be whistle blowers, or for the future state of security for TJX. CrYpTiC_MauleR has been a long time poster on sla.ckers.org and has made a lot of contributions…

Now this is all a little bit hard to verify–it’s not like TJX (all resources) is going to talk about personnel issues. Meanwhile, the full name of CrYpTiC_MauleR isn’t known. However, we have it on good word that this actually happened.

And now for the big question: Should this whistle blower been fired? I’d have to argue that TJX was right to fire CrYpTiC_MauleR. It’s noble to be a whistle blower. It’s another thing to disclose internal information in a hacker forum–especially as TJX was trying to recover from its security breach.

What’s your take?

May 19th, 2008

Welcome (back) Ryan Naraine; Zero Day's line-up revamped

Posted by Larry Dignan @ 10:22 am

Categories: Blogging, General, Security

Tags: Security Blog, Ryan, Nate McFeters, Dancho Danchev, Dancho, Nathan, Security, Larry Dignan

You may have noticed a familiar byline over at our Zero Day security blog–Ryan Naraine. His addition completes a revamped line-up for our security blog.

Ryan is now an evangelist for Kaspersky Lab, a security vendor. He joins Nate McFeters and Dancho Danchev, two real-world security researchers that are highlighting cutting edge threats. Dancho has been a go-to source of vulnerability information.

With Ryan back in the fold along with Nate and Dancho our security line-up is locked and loaded. As for me, I’ll contribute on breaking news events, but my mug is coming off Zero Day shortly to be replaced by Ryan. I have my hands full with Between the Lines.

Here’s a look at the new Zero Day cast:

• Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the world.
• Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He’s been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
• Nate McFeters is a Senior Security Advisor for Ernst & Young’s Advanced Security Center in Chicago. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box.

It’s quite a line-up that gives you perspective on security issues from multiple angles. Enjoy. Back to our regularly scheduled programming.

May 14th, 2008

MySpace's big spam win: Will it really be a deterrent?

Posted by Larry Dignan @ 3:52 am

Categories: General, Government, MySpace, Security, Social networking

Tags: MySpace, Stanford Wallace, User Engagement, Cyberthreats, Spam, Phishing, Viruses And Worms, Security, Spam And Phishing, Larry Dignan

MySpace won statutory damages of more than $230 million against spammers Stanford Wallace and Walter Rines, but the big question is whether this ruling–delivered in the Federal District Court in Los Angeles–will act as a deterrent.

To be sure, MySpace’s win (see court order PDF) has some eye-popping figures (good luck collecting that sum). Wallace and Rines worked together to create MySpace accounts, swipe passwords and then spam users. MySpace reckons that the duo sent as many as 735,925 messages. The award is the largest under the CAN-SPAM Act.

Hemanshu Nigam, MySpace’s chief security officer, said in a statement:

“MySpace has zero tolerance for those who attempt to act illegally on our site.  The Federal District Court in Los Angeles awarded MySpace $233,777,500 under the federal CAN-SPAM Act and $1,500,000 under the California anti-phishing statute. User engagement is up 32 percent year over year while spam is significantly decreasing, proving efforts like this are working.  We thank the court for serving justice upon defendants Wallace and Rines and we remain committed to punishing those who violate the law and try to harm our members.”

The hope here is that this big award will act as a deterrent. However, that’s unclear. Wallace and Rines obviously aren’t taking the matter seriously. Both failed to show up for the court hearing. Meanwhile, Wallace, known as the Spam King, led a spam outfit called Cyber Promotions. He has lost lawsuits to ISPs and has wound up in a spyware case that led to a $4 million federal judgment against him in 2006, according to the Associated Press. Wallace has seen injunctions before yet the spam keeps coming.

Add it up and Wallace owes almost a quarter of a billion greenbacks. He doesn’t seem to be sweating it much.

This award is a lot like those big NFL contracts with nice round numbers, say $60 million over 5 years. They make for great headlines, but the reality never matches the contract. The problem: Those contracts aren’t guaranteed and most players don’t collect the whole sum. In other words, MySpace’s win makes for a nice headline, but until Wallace either pays up or lands in jail the risk-reward equation remains in his favor.

May 8th, 2008

Facebook reaches safety plan with states

Posted by Larry Dignan @ 9:43 am

Categories: Facebook, General, Government, Security

Tags: Facebook, Agreement, Phishing, Cyberthreats, Spam, Harassment, Viruses And Worms, Security, Spam And Phishing, Human Resources

Facebook has joined MySpace and inked a deal with 49 state attorneys general on a safety plan. Texas was the lone holdout.

News.com’s Caroline McCarthy reports:

“We’ve agreed with 49 states and the District of Columbia to set up principles around Internet safety,” Facebook Chief Privacy Officer Chris Kelly explained in an interview with CNET News.com. The agreement is centered on “largely features that (Facebook) has in place already, but that we’ve committed to continuing and to enhance over time,” Kelly said.

In the deal, the social network has agreed to develop age verification technology, send warning messages when an under-18 user may be giving personal information to an unknown adult, restrict the ability for people to change their ages on the site, and keep abreast of inappropriate content and harassment on the site.

The agreement also has some security hooks. Kelly noted that “there is a specific provision in the agreement around phishing, and antiphishing tips, which we’ve already implemented.”