Wednesday, September 22, 2010

Another Reason To Be Careful Where You Download From

HelpNet Security News has an article today on a new trojan that sort of holds your computer ransom.

This software is distributed as installers for popular software like Divx or uTorrent, and distributed through sites with domain names that look official to those not already familiar with what the real site's name ought to be.

Once you've downloaded and installed it, the program asks you to "unlock" it by sending an SMS text message from your cell phone to what is essentially a 1-900 type service. You send a text message, they send you the "unlock" code, and your cell phone gets billed for the "service".

Fortunately, this version isn't a drastic as some other ransom-ware that actually prevents you from using the computer until you get the unlock code.

Wednesday, August 25, 2010

*nix System Hardening - Step 1

If you run a Linux, FreeBSD, or MacOS system with ANY server services open to the world (Apache, SSH, FTP, etc.) take a look at fail2ban.

The idea of this little program is that it watches your log files for failed attempts to log in and bans the IP that repeatedly fails to log in (usually that means they are password guessing, and not a legitimate user)

DenyHosts does something similar for just SSH, but if you have other services open fail2ban is better.

Monday, August 16, 2010

Small Businesses Hammered By Cybercrime

There is a good article over on Infosec Island by Ashesh Mamidi contributed by fellow blogger Theresa Peyton:

The jist of it, as I've been trying to tell people: Viruses and Malware are NOT just an annoyance anymore. They are a real threat to your financial well being.

Everyone should be running at least a good firewall and an antivirus program. Better yet, I'd recommend trying a software whitelisting program like Faronics Anti-Executable ... if it's not on the approved list it doesn't get run.

Friday, August 13, 2010

How To Still Get Auto-updates In XP SP2

As you might already know, Windows XP SP2 has been retired, and cannot download automatic updates anymore (except to update to SP3).

If for some strange reason you cannot upgrade to SP3 (some incompatibility with a business critical app that is no longer supported by it's vendor) there is a way to fool SP2 into thinking it is SP3 and therefore allowing automatic updates to still occur. This is foolish if there is not a VERY good reason to avoid SP3, but here it is:

Go into the registry and edit this key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows,'  edit the DWORD value 'CSDVersion' from 200 to 300, then reboot.

I strongly recommend just updating to SP3, or better yet, buy Windows 7. ...but, if you have to stay on SP2, now you can, and not miss out on all of the patches.

There is no guarantee that this will not eventually run into a patch that will just break something, as Microsoft does not test the patches for SP2 compatibility any more, so if your computer tells the update server it's SP3 it will send you patches meant for SP3. Likely those patches will work, but there is some risk that they will not beacause they expect certain components that were updated in SP3 to be there.

Friday, August 06, 2010


This only really relates to people living in Oshawa, Ontario...but, Oshawa PUC is lending out Watt meters through the Oshawa Public Library.
You can borrow one of these meters: just presenting your Oshawa Library card and asking for one at the front counter of the library. You get it for 1 month, no fee.

I decided that even though I've done a lot (changed all my light bulbs, started using more efficient appliances, etc. over the years, there's more i could be doing. I borrowed one of these to see what I could identify as an energy hog and reduce my energy consumption even further.

I was pleasantly surprised that my laptop charger, which always has a glowing LED on it only seems to consume any appreciable power when the laptop is plugged in. I always unplug it anyway, but I was happy to see that when it is not charging the laptop it uses less than 1 watt. (the minimum that can be measured on this device). The same goes for the PSP charger and cell phone chargers. :)

I was very unhappy to see that my Playstation 3 (the old 60GB FAT version) uses a whole 25W when it is OFF!

I turned it on for a minute and it quickly went up to 180W. I imagine when I watch a movie or play a game for a while it will consume even more as the fans start to kick in.

It should be interesting to see what readings I get from some of the other electronic gadgets in the house

[Update Aug 8, 2010:
It turns out that the PS3 uses about 175W on average when it is on, regardless of how long it runs or what I do with it.

I tested my VCR/DVD recorder. It eats about 3-5W when turned off and 29W when playing a DVD. I guess I should use that to watch movies instead of the PS3. ]

[Update Aug 30, 2010:
My new favorite is our Daenyx DVD player. Not just cheap to buy, cheap to run.
It uses no power when turned off (you have to get up and push the on/off button, it's a real switch) and, surprisingly, it only consumes 5W when playing !  That's as much as the DVD/VCR combo unit (that we've now gotten rid of} used just waiting for an on signal from the remote.

The Dlink DIR-615 home wireless router (which I also like because I've installed DD-WRT on it) uses just 3-4W.]

Firefox 4.0 Beta Download Scam

People will fall for anything. There is a scam going around twitter and other social networking sites telling users that if they follow a certain shortened URL (see here for more on the dangers of shrotened URLS), they can then download a cracked version of Firefox 4.0 or a key generator for Mozilla Firefox 4.0.

This of course only leads you to a place to download all kinds of malware onto your computer.

This is ridiculous, as Mozilla Firefox is Open Source (as in free, always!)
You can download the REAL Firefox 4.0 beta from the Firefox site FREE! Keep in mind it IS a beta, there WILL be bugs.

Friday, July 30, 2010

Microsoft Security Advisory 2286198

Microsoft Security Advisory (2286198)  is about to get a patch!

It's about time. We've all (at least those of us who pay attention to these things) been waiting for 2 weeks for this very important fix. MS says they will have it ready to roll on Monday.

For those not watching MS's every move, this bug allows a malicious user to create a special .lnk file (shortcut) on a USB drive, or hard drive, or shared drive on a network... etc. and when you just browse to the folder containing it, it exectues! No double-click, you just have to look at the folder it's in. Thanks to the folks at MS who fixed it so quickly. This was a scary bug.

Note, if you don't want to wait till Monday, you can fix it now. Just disable the "WebClient" service under Control Panel>Administrative Tools>Services
If you don't know what WebDAV is, you don't need that service running.

Oh, and one more thing:
Recognize and avoid fraudulent e-mail to Microsoft customers:
If you receive an e-mail message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious Web sites. Microsoft does
not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on

(quoted directly from a Microsoft Security Bulletin)

Monday, July 26, 2010

What To Do With Old Hard Disks?

In the past, I have mentioned in just about every forum where the issue has come up, that the most important thing to do when disposing of an old computer is to keep the hard drive.

Sure, if you are trying to sell the old PC it will sell better with the hard disk, but in that case you should first wipe the data off it with a secure wipe program (like DBAN) not just format it.  

Back to my suggestion that you keep it.... If you keep your old hard disk you will always have access to it as a point in time backup of what your old system had installed and what files you had at the time of your upgrade. This is handy if you forgot to copy something over to the new system, or you lose a file. Just stick that disk in your handy fire safe (you have one for valuable paper documents right?)

What do you do with it when you want to copy something from it? Get one of these handy dandy USB 2.0 to IDE/SATA adapters. (this link is just an example, search your favorite tech site or computer store and I'm sure you will find one similar to this). You plug one end into the hard disk and plug the included power supply into the hard disk (it should be pretty evident how that works, the connectors only fit one way.) and then plug the USB end of the cable into a USB port on your new PC. It will appear, after a moment, as a new removable drive. ...just like a USB memory stick.

You then can copy and paste files from it, or to it, and use it as your backup hard drive. Maybe make a folder called "OLD PC" and drag and drop all of the current contents into it, then create a folder with today's date "Backup-ddmmmyyyy" and copy your new files that you want backed up from your new computer's C: drive there.

Saturday, July 17, 2010

Can You Run It?

Here's the problem:  You have an older Windows PC (or maybe a brand new one with some limitations, like a netbook) and you want to know if it can run game X, but you don't want to search out the system requirements for game X and try to figure out if your system matches that.  "Minimum Nvidia GeForce 2 or equivalent? How does that compare to my built in Intel 500 ?" you might say.

Here is a solution:

Just go to that website, choose the game you are trying to find from the list (or search for it) then click the "Can You Run It?" button.

The first time you run this you will have to install an active X control (click the yellow bar that appears at the top of the browser.)

It will analyze your hardware and give you a report of whether the game will run, or what part needs to be upgraded to play.

Wednesday, July 07, 2010

Beware Of Photo Printing Kiosks, There Be Dragons

Morgan Storey, a security researcher in Australia, recently blogged about something that hadn't occurred to me before, but should have.... You know those photo printing kiosks in the mall, Walmart, Costco, etc. Have you ever noticed that they run Windows? Sometimes they are built on outdated hardware, so probably they are running old, unpatched, out of date Windows?

How many USB sticks and memory cards get plugged into them every day? More importantly, how many virus infected USB sticks and memory cards? ...and how many previously un-infected cards and sticks come home from them with brand new infections?

This is a serious issue. Protect your own systems by doing one or all of these things:

1. turn off Windows' ability to run autorun.inf files. Autorun.inf files are used to automatically start install programs when you insert a CD-ROM or USB stick with software you want. Windows Vista/7 will still pop up the auto PLAY pop up asking what you want to do with your newly inserted USB drive, but it won't execute the instructions in the Autorun.inf file on it.

Copy these lines into notepad and save as disableautorun.reg


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

Then simply double click the disableautorun.reg file.

2. use only USB/SD devices with a read-only switch on them. Switch it to read-only mode before sticking it in the mall's computer.

3. Format the card (if you are using the camera's card) in your camera right after you get home. So far there are no cross-platform viruses that infect both computers and cameras. That doesn't mean there will never be, but for now that's a safe assumption that a virus you got from the kiosk won't infect your camera.

4. ask your favorite photo printing place if you can upload the photos to their website from home instead of bringing them in on a card/USB stick.

Friday, June 18, 2010

Playstation Move Makes The PS3 More Like The Wii

Earlier I wrote about how Kinect was making Xbox360 work more like the Wii, well, Move is Playstation's answer to the active gaming trend.

You Can see a picture of the Move Motion controler with it's little motion capture ball on the end, and the associated Move Navigation Controller here:
It will look very familiar to Wii gamers. The two piece controller is remarkably similar to the Wiimote, but reportedly much more accurate. These controllers also rely on the use of the Playstation Eye camera.

At $50 for the motion controller, $30 for the navigation controller, and $40 for the camera it comes out a little bit cheaper than the MS Kinect system, and not all games will require all 3 parts.

This should end up being an interesting year for videogames with these new motion controllers and 3D gaming toys from both Sony and Nintedo.

Tuesday, June 15, 2010

Xbox 360 Becomes More Like Wii

The video game geeks know it already as Project Natal, but it's been re-named Kinect and it's the hottest upcoming Video game technology. You can preorder a kinect set now for about $150 for the special motion tracking camera (EBGames is taking orders), plus you will need some new Kinect games.
The cool thing about Kinect is that it has no controller, just a camera that sits on top of the TV.
PS3 is doing something similar, but will use the standard Playstation Eye camera and add a lightsabre-like controlller so that you still have buttons to push and it should improve the camera's tracking... but back to Natal um, I mean, Kinect.

Here is what it looks like:

Friday, June 11, 2010

FortiGate signature for Mass Website Hack

This is highly technical and goes beyond the "tech tips for everyday users" that I initially intended Rod'sTech to be about, but it's important and I want to share this with the InfoSec community.

If you haven't heard of this mass SQL injection hack that happened recently read about it on one or more of these sites:

For goodness sake, do not go looking for the URL mentioned here with a JavaScript enabled browser!

For users of FortiGate brand UTM firewalls I've put together a FortiGate IPS custom signature that should help by blocking/reporting on infected sites.

It is:

F-SBID( --name "robint-us-web-ad-hack"; --protocol tcp; --flow bi_direction; --pattern "}{/script}"; --service HTTP; --context body; )

Note: You will have to replace } with > and { with < in the pattern section to make the signature work. I cannot publish it in full here or it might trigger the attack accidentally if a browser parsed it as an instruction.

Open up your FortiGate system, go to Intrusion Protection|Signature and click the Custom Tab at the top. Click the "Create New" button.

Paste in the code (remember to make the modifications I mentioned) and name it robint-us-web-ad-hack. Click OK.

Now click IPS Sensor on the left hand menu, and choose your sensor (If you are not using IPS refer to the FortiGate manuals. It is way beyond the scope of this blog post to tell you how to set that up) Click the little edit button in the right-most column next to the sensor you want it in.

Click the "Add Custom Override" button.
Fill in the Signature name and check enable, select the action you want to take and select logging to get your alerts.

Thursday, June 10, 2010

Good InfoSec Ad

Note: I in no way intend this to be an endorsement of the company that made the ad, I just thought it was a neat ad.

Wednesday, June 02, 2010

Microsoft Baseline Security Analyzer

Most every IT pro has heard of and (hopefully) tried MBSA at some point, but here's a reminder for those who haven't revisted it in a while, and a step by step how to for anyone new to this tool.

This is EASY to use and everyone should check their systems against this tool from time to time.

  1. Download the tool.
  2. Install it. (Double click the exe file you just downloaded.)
  3. Go to Start|All Programs|Microsoft Baseline Security Analyzer 2.1
  4. Choose if you want to scan one computer or multiple computers.
  5. Fill in what computer(s) you want to test (you must be administrator on them)
  6. Click Start Scan
  7. Sit back and drink your coffee.

Friday, May 28, 2010

Keeping Your Kids Safe Online

For parents looking for something to teach kids about online safety, there is
Zoe and Molly Online. It is a web comic and quiz designed to teach children about possible dangers online. It was created by the Canadian Centre for Child Protection, in partnership with Shaw Communications Inc. It's being introduced to kids at school all over the country.

If you find something online that exploits children report it here:

Friday, May 21, 2010

Hotmail Gets More Secure

Following Google's lead, Microsoft has made the SSL/TLS secured http (https://) protocol the default for Hotmail.

In addition, Microsoft has started an attempt to make the users more aware of possible phishing attempts by marking the e-mails they have verified as coming from a legitimate source with a green shield icon.

Spam filtering finally gets personalized. You can now mark senders (who are not necessarily on your contact list) that you don't want to be sent to the junk mail folder.

And perhaps the most innovative feature, if you are away from home and accessing your e-mail from a public workstation (like a cyber-cafe or library) or simply on an unsecured wireless network and want to have the added assurance that your password will not be compromised, you can request a one-time password to be sent to your phone.

Tuesday, May 18, 2010

SecTor 2010

I registered before the Early Bird price expired again this year, and boy am I glad I did. Looking at the first round of speakers that have been announced... There are a few I'm really looking forward to, but none more than HD Moore's talk on Metasploit and penetration testing.

For those who don't know what that's all about, penetration testing is basically simulating a cyber attack. HD Moore Is one of the world's most recognized names in this field because he started the Metasploit Project to create an open framework of tools to do such testing.

This is the direction I'd like to take my career in. I'm really excited about a chance to meet HD.

Cyber Security In Canada?

A CSIS memo says risk of cyber attacks on the rise. (No surprise to me or anyone else in the computer security industry.)

Check out this video clip from CBC's The National

So far Canada doesn't have a comprehensive plan. By contrast, the USA is spending $40 billion on cyber security. Are we falling too far behind?
Public Safety Canada says that a national strategy is pending, I hope it's worth the wait.

Friday, May 07, 2010

The Very Real Dangers Of Photocopiers

In case you missed it, the internet's been all a-buzz about the dangers of photocopiers from a privacy and information data leakage point of view.

CBS did a great little 5 minute segment on this, here it is:

Watch CBS News Videos Online

Tuesday, May 04, 2010

How To Start using E-mail Encryption (Part 1)

I called this "Part 1" because there are a number of different ways to encrypt e-mail, and this is the one I use, but over time I will try to cover others.

Why encrypt? E-mail is sent in plain text. If you are careful, you connect to your ISP's mail server using SSL encrypted transports. (the https:// page of a webmail, or using the SSL versions of POP or IMAP as explained in my previous post about Gmail security). If you are lucky, your ISP might use SSL encrypted transports beween their server and the next server (still not common practice), but plain text versions sit on the disk at both servers, and eventually on the computer of your intended recipient. The recipient we are not worried about, but if it's not something you want the mail man reading you don't put it on the back of a post card, you stick it in an envelope. That's encryption. SSL trasport encryption is like those big yellow interoffice mail envelopes. All your stuff goes into one of those for transport across the office and is opened when it gets to the right department. PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard, the opensource version of PGP) is like mailing your letter in a lockbox that only your recipient has a key for.

So how do you set up GPG for personal use?
First, if you are still using Outlook Express as a mail client, switch to Thunderbird. No, really. Outlook Express is a bad mail client anyway, and the integration with PGP and GPG is dismal.

If you are using the full blown Outlook you must be using it for corporate use, just buy PGP it integrates seamlessly.

Now for those already using Thunderbird (or new converts from Outlook Express), download the appropriate version of  the Enigmail Add-on and GNUPG for your OS. (Gpg4win if you are on windows)

Install GPG. Install the Enigmail add-on into Thunderbird

When you have Enigmail installed you will see a couple of new menu items and icons at the top like this:

Then you need to create a GPG key, associate your key with your e-mail address in Thunderbird, and set the settings of when you want your key to be used for signing and encrypting. I recommend that you set it to encrypt automatically if the contact has a known encryption key.

Follow the instructions that came with your version of GPG for creating a new key. 

Associating a key with your e-mail address is pretty easy.
Open the account settings in Thunderbird (where you set your e-mail address), there is a new menu item there too.

If this is your first time ever using GPG/PGP then you can probably leave it set to use e-mail address to identify OpenPGP key. If you have old keys floating around or use multiple keys select the Use specific OpenPGP key option.

Select whether you want it to insist you sign messages or not.

Back to that OpenPGP menu item on the main window... Click it
Select Preferences.

The most important setting in this menu is this one:
When sending mail, Add my own key to the recipients list. If you don't select that you won't be able to read your own sent mail when you encrypt.
Next to that I'd say selecting the Encrypt replies to encrypted messages is a good one to check. If someone went to the trouble of securing communications with you, you don't want to reply to them in the clear.

Now when you go to write a message there is a new option icon at the top of that screen:

Now you just need some PGP public keys of friends to send encrypted mail to. Here's mine. Have fun, and stay out of trouble. :)

Version: SKS 1.1.0


Sunday, May 02, 2010

Why Keep Passwords To Yourself?

This video I found online will help explain it.

HACKING IS EASY! from Airwave Ranger on Vimeo.

Tuesday, April 27, 2010

Certified Ethical Hacker?

Yes, there is such a thing.

Although, I'd say that it certifies neither that you are a hacker, nor that you are ethical.... but it does show that you have been exposed to a wide variety of tools that hackers might use to invade your network, so that you will recognize them if you ever come across them, and you will be able to use them to test your own defenses.
("testing" someone elses defenses without written approval is illegal!)

I strongly recommend that, as a minimum, every network security professional should have this certificate.  It took me very little time, most of which was spent finding and playing with some of the programs, and very little money (less than $300 including the test and the review guide) to get this, and, while it is not the most prestigious certification on the planet (My CISSP is something I prize far more), preparing for it was a good review of all the "hacker tools" I'd read about in the past 10 years, and reminded me of some tools for network administration that I'd neglected that have made life much easier (like Microsoft's PSTools)
Update: April 29, 2010

So what does an Ethical Hacker do?
An Ethical Hacker tests a corporation's network defenses under contract by that corporation to identify weaknesses in the company's information security, so that the company can fix the problems before a malicious hacker (or cracker) finds and takes advantage of that weakness.

Why would a compnay need to hire an Ethical Hacker?
They don't want to be the next TJX. Some government regulations require companies in certain industries to have Penetration Testing (simulated hacking) done on a regular basis. The Payment Card Industry Data Security Standard (PCI-DSS) requires larger companies to have at least regular vulnerability assessments done. Ethical Hackers can help with some of these goals.

Why did I get certified?
I want to take the EC-Council Certified Security Administrator (ECSA) course later this year, and probably then become a Licensed Penetration Tester (LPT). To do that I needed to first get the CEH certificate.

Thursday, February 11, 2010

Microsoft End Of Support Coming Up Soon For Some Versions Of Windows

After April 13, 2010, Microsoft will no longer issue security updates for Vista RTM (release to manufacturing).  Vista users are encouraged to upgrade to Vista Service Pack 1 or Service Pack 2 if they have not already.

I'd personally recommend SP2.

After July 13, 2010, Microsoft will no longer support Windows 2000 at all, and will no longer issue security updates for Windows XP SP2.  If you are still running Windows XP SP2 upgrade to SP3, or Windows 7.

Wednesday, January 20, 2010

The "Aurora" Attack That Got Google And Adobe

This is why you MUST get off IE6 and onto an up to date version, and KEEP it up to date, and run an up to date Antivirus.

I'm sorry, this is really technical, but it is important. 

YouTube video courtesy of Sophos Antivirus.

Thursday, January 14, 2010

Gmail Now Secured By Default

Google has decided to make the SSL encrypted sessions in Gmail on by default now!
I talked about this little known option back in September. You no longer have to go into the settings to turn it on, it's on by default now. Yay Google!

Now if only Hotmail, and Yahoo mail would follow the lead.

[UPDATE: May 2010]
Hotmail has followed suit! now Yahoo where's your update???

Tuesday, January 12, 2010

Why Isn't Apple Giving Us A Patch? (Again!)

Why does Apple sit on bugs that have already been fixed by others for so long?

Remember the Java one that hit the news back in May? At least you could get your Java elsewhere.