eWorld Translations

In a briefing of the Senate committee overseeing commerce, transportation and technology, Admiral Mike McConnell, former US Director of National Intelligence (DNI) revealed that the nation “would lose” in a cyber war if the nation was attacked today.

McConnell believes that in order to force the nation’s entities to protect their IT systems it will take a catastrophic cyber attack, which he told to expect.

Alan Paller, Director of Research at the SANS Institute, commented on this issue in the SANS NewsBites: “Watching the Senators’ expressions when Admiral McConnell told them that we would lose in a cyber war, was a powerful awakening. They didn’t know!  Other than the chairman and ranking member, who served in the same roles on the Senate Intelligence Committee until last year, and had had intense classified briefings, the Commerce Committee members had no idea how far behind the United States has fallen. Their lack of knowledge completely explains why Congress passed such a terrible law (in FISMA), why they never fixed it, and why the Office of Management and Budget staff, living in similar oblivion, won’t take the clear and proven steps necessary to reduce the security risk to federal systems.”

Dr. Eugene Schultz, CTO of Emagined Security, who was also the co-founder and original project manager of
the Department of Energy’s Computer Incident Advisory Capability (CIAC), cautions: “Unfortunately, senior management in the U.S. commercial sector is unlikely to heed McConnell’s warning, let alone act on it. The following quote from a prominent CIO summarizes the problem nicely: ‘You security guys keep talking and talking about the end of the world. It doesn’t seem to come.’”

No matter whether you are representing or working for a large or SME company or are a sole proprietor or freelancer or a home user, we can only urge you to take much less of a laissez-faire approach than that placated by Dr. Schultz.

Please take the time to review and update your security measures, policies and procedures to be better prepared for any potential adverse activities that could affect you and/or your business. Contact us today if you’d like our help.

ControlScan is settling with the Federal Trade Commission (FTC) over charges that it misled customers about how it verified their security and privacy practices; according to the FTC, ControlScan performed “little or no verification” of whether or not their practices were protecting their site visitors’ security and privacy.

Furthermore, even though its seal displayed a current date, ControlScan did not perform reviews of the sites on a daily basis, per the FTC’s allegations.

More detailed coverage of the settlement is available at the FTC site.

For assistance in reviewing and updating your current policies and procedures, contact us today.

A zero-day flaw in both Visual Basic Scripting (VBScript) and Windows Help is under investigation by Microsoft since this vulnerability could be exploited to introduce malware on computers that are running the Windows 2000, Windows XP or Server 2003 operating system and which use Internet Explorer (IE) version 7 or 8.

Polish security analyst Maurycy Prodeus, with iSEC Security Research, who revealed the vulnerability and posted attack code last week, called the bug a “logic flaw.”

Another security researcher, Cesar Cerrudo, believes “that there is a high probability a regular user will press F1 key if asked, since an attacker can annoy the user with hundreds of messages telling the user to press F1 to continue.”

One of the workarounds offered by Microsoft, namely to not press the F1 key when prompted by a website to do so, is a no-brainer and boils down to common sense. Prodeus’ attack is successful, as Cerrudo points out, because it abuses the VBScript “MsgBox()” function.

According to Microsoft’s Security Advisory, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this attack.

Let us help you to assure that your products, policies and procedures are up-to-date. Contact us today.

The Open Door Clinic of Greater Elgin, Illinois (USA), a not-for-profit corporation that treats and consults patients infected with HIV/AIDS, allegedly leaked confidential patient information as the result of installing a peer-to-peer file sharing network application on one of its computer or a computer used by one of its staff for work, according to a class action law suit filed last month.

The suit’s class is comprised of 260 or more people whose personal medical information was leaked; it alleges breach of confidentiality, invasion of privacy and negligence, given that the clinic became aware of the data leak as early as summer 2008, yet, neglected to inform its patients at that time.

Let us help you to avoid similar headaches for you and your organization. Contact us today to arrange for a review and update of your privacy and security products, policies and procedures.

RealDVD, the DVD copying software by RealNetworks, will no longer be supported by the company nor will any similar technology that enables the duplication of copyrighted content.

This is the result of settlement reached with the Motion Picture Association of America (MPAA) which had alleged that the product, in essence, allowed people to steal DVDs.

While RealNetworks argued that the product was intended and designed to allow people to make backup copies to their PC’s hard disk of movies they had purchased legitimately, the company probably did not want to drag this on any longer in court, risking even higher costs than the 4.5 million US dollars they have to pay under the settlement to cover the plaintiff’s legal fees.

The 2700 people who purchased RealDVD will each receive a reimbursement in the amount of 30 US dollars.

The general counsel of the MPAA, Daniel Mandil, asserts that copying DVDs amounts to “theft.”

According to security and vulnerability research company Secunia, a typical home user who is running Windows is facing the “unreasonable” challenge to patch one software or another every five days.

In the last week of January, of the users who ran Secunia’s Personal Software Inspector (PSI) application, half had at least 66 programs from more than 21 vendors on their machines, resulting in the need to master 22 or more different patch mechanisms.

While Secunia’s Chief Security Officer, Thomas Kristensen, is calling for software vendors to create a unified patching standard, he is not holding his breath for this to become a reality any time soon.

Therefore, the company is releasing a technical preview of PSI 2.0 which will include automatic updating functionality reminiscent of what Microsoft provides for Windows and other software. Their patch tool eventually will handle 70-80% of the software on consumers’ Windows machines.

You can read more about Secunia’s PSI findings in their white paper.

We’ll gladly help you to review and update your computer’s configuration, your security mechanisms and your policies. Contact us today.

Three people have been arrested by the Spanish authorities in connection with the Mariposa botnet consisting of about 13 million PCs worldwide which included personal computers at 40 major banks as well as at Fortune 1000 companies (including half of the Fortune 100 companies).

The botnet was first detected in December 2008 and was shutdown in December 2009, defeated with the assistance of a coalition of security experts, academics and law enforcement – the Mariposa Working Group – that monitored communications between compromised computers and the cyber criminals.

What ultimately brought the group down was that it used a real name while registering command-and-control domains, thereby enabling the Mariposa Working Group to track them down. Even more critically, one suspect also made direct connections from his own computer to try and reclaim control of the botnet after authorities took it down around Christmas. Investigators were able to identify him based on that traffic.

Allegedly, the three people arrested in Spain (identified by he Spanish authorities only by their Internet handles and ages (“netkairo,” 31; “jonyloleante,” 30; and “ostiator,” 25) were the administrators of Mariposa. In other countries, arrests are said to be imminent.

Mariposa is believed to be one of the largest botnets detected to date. By comparison, researchers believe that the infamous Conficker botnet was linked to only half as many IP addresses.

Cesar Lorenza, a captain with Spain’s Guardia Civil, which is investigating the case, told The Associated Press, based on bank records that investigators examined as well as computer that were seized to determine how much money the criminals made: “They’re not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits – the most frightening thing is they are normal people who are earning a lot of money with cyber crime.”

Botnets are networks of infected PCs that have been hijacked from their owners, often without their knowledge, and put into the control of criminals. Linked together, the machines supply an enormous amount of computing power to spammers, identity thieves, and Internet attackers.

For assistance in reviewing and updating your defensive measures and policies, contact us today.

A paper released by McAfee at the RSA conference indicates that the attackers who gained access to systems at Google and Adobe as well as at other companies did so by going after their source-code management systems (SCMs).

Apparently a lot of the affected companies used an SCM from Perforce which, according to the paper, was “wide open” to the attackers.

Initial access to the companies’ systems was gained through weaponized email (formerly known as spear phishing), which exploited a zero-day vulnerability in the Internet Explorer browser.

The targeted victims received an e-mail or instant message that appeared to originate from somebody whom they knew and trusted, and contained a link to a website that executed a malicious JavaScript which downloaded a binary to the user’s system disguised as a JPEG file and opened a backdoor onto said victim’s computer, setting up a connection to the attackers’ command-and-control servers.

There is a chance that the source code at these companies was modified to make customers of their software in return vulnerable to attack down the line. This is reminiscent to the attackers creating themselves a set of keys in advance for locks that are going to be sold far and wide.

A copy of the white paper is available a the Wired website.

If you would like our help in reviewing and updating both your computer systems’ security and your respective policies, contact us today.

Last week, Skype released version 4.2 of its Voice-over-IP (VoIP) and instant messaging client software, available for download here.

Among the new and improved features are

• Improved first-time user setup flow
• Call Quality Indicator
• Call Transfer
• Improved importing of contacts from other address books
• Client alerts
• Improved video quality in low bandwidth conditions
• Support for 720p video calls with the new encoding web-cameras that will be available soon
• Incoming authorization requests are now shown when a user returns to Skype after having been away for a while
• The Video call button is now always visible, even if there isn’t a web camera detected
• The default privacy settings for Instant Messages were changed from “anyone” to “people in my contact list only”
• The localization of Arabic and Brazilian Portuguese was also improved

For additional details as well as a comprehensive overview of known issues, please consult the release notes.

If you would like some help setting up and/or configuring Skype or to discuss your communications needs, contact us today.

As reported by various news sources, RR Donnelley & Sons Co. has agreed to acquire Bowne & Co. Inc., for $481 million in an all-cash deal expanding RR Donnelley’s product portfolio and adding Bowne’s customers to the fold.

Analysts consider this step by Chicago-based printing services firm RR Donnelley a catalyst for further consolidation in the printing industry, including its ancillary services.

New York-based Bowne helps businesses produce and manage their shareholder, investor, marketing and business communications.

According to RR Donnelley Chief Executive Thomas Quinlan, “Bowne is an exceptional fit with RR Donnelley. This combination satisfies all of the strategic imperatives that we evaluate as we consider acquisitions.”

In related news, RR Donnelley had offered in May 2009 to buy the assets and properties of Quebecor World for about $1.5 billion but was rebuffed by the Canadian company. Last month, privately held U.S. commercial printing company Quad/Graphics Inc. acquired Quebecor World, which is now known as World Color Press after emerging from bankruptcy protection in mid-2009.