Search Disaster Preparedness Blog

Entries in computer security (6)

Monday
Sep272010

Autofill Bug In Safari Exposes Personal Information

Apple has left an autofill bug in Safari unpatched that could potentially expose personal information you would never intend for anyone else to see.

Apples Autofill feature allows you to quickly fill out forms that you have previously entered, including credit card information and social security numbers.

A security expert has figured out a way of getting that information by tricking you to hit two keys: the "U" key and the "tab" keys. In theory you could place a hidden form behind a game on a web page that utilizes these keys and tricks you into filling out the form, and stealing your information.

Jeremiah Grossman discovered the bug and you can see a video of the flaw being demonstrated on his site under his entry: The Safari AutoFill Hack Lives!

Thursday
May062010

Possible Human Error Causes Rapid Market Decline

I was going to post something on Human Error in a later post, but in light of today's alleged incident in the U.S. Markets which caused a nearly 1000 point drop in the Dow I thought I would at least touch on it.

Currently here is what we know about the alleged incident - (Which is still being investigated) A trader at Citi entered a "B" for Billion instead of an "M" for Million. This in turn caused a nearly $10 {CORRECTION it was about $20 give or take a few} stock price dip in PG, and subsequently caused the rest of the market to drop before recovering. 

On the good side, these things can be researched, and fixed. However, in an already skittish and heavily volitile market it can easily cause additional panic by the average investor.

In addition to other issues, it has already been proposed that someone else who knows what they are doing could easily manipulate the market and cause an intentional crash (I believe the commentators were implying a cyber-terror event).

Already the investigations by the SEC have begun and we will have to wait and see what the outcome will be.

Look for a future post coming soon about Human Error and the Impact on Business coming soon.

Monday
Jun082009

Malware On ATMs Allowing Criminals To Steal Data and Cash

Approximately 20 ATMs have been found in Europe that have malware on them allowing thieves to steal cash as well as acount data and PINS from account holders.

The ATMs are located mostly in Russia and the Ukraine however their seems to be indications that the Unites States may have compromised ATMS as well.

Since the malware needs to be directly installed onto the ATM an insider is suspected but whether that insider works at a bank, an ATM vendor, a company that services the machines or someone close to an insider is unknown at this time.

The discovery was made by SpiderLabs at Trustwave.

The ATMs were running the Windows XP Operating System and had an executable on them that was masquerading as a legitimate Windows protected storage service, he said. The malware looks at all the data being processed by the ATM and records account information that is stored on the magnetic stripes on cards inserted into the machine and encrypted PIN blocks that are generated when someone types in their personal identification number.

Even though PINs are encrypted, the criminals could potentially intercept the encryption keys exchanged with the bank and use them to decrypt the PINs or even use other methods to decrypt the keys once they have the information.

For more on this story please refer to the reference below.

Tuesday
Mar312009

DHS Press Release: Conficker/Downadup Computer Worm Detection Tool

DHS Releases Conficker/Downadup Computer Worm Detection Tool

Release Date: March 30, 2009

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

The U.S. Department of Homeland Security (DHS) announced today the release of a DHS-developed detection tool that can be used by the federal government, commercial vendors, state and local governments, and critical infrastructure owners and operators to scan their networks for the Conficker/Downadup computer worm.

The department's United States Computer Emergency Readiness Team (US-CERT) developed the tool that assists mission-critical partners in detecting if their networks are infected. The tool has been made available to federal and state partners via the Government Forum of Incident Response and Security Teams (GFIRST) Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers (ISACs). Additional outreach to partners will continue in the coming days.

Department cyber experts briefed federal Chief Information Officers and Chief Information Security Officers today, as well as their equivalents in the private sector and state/local government via the ISACs and the National Infrastructure Protection Plan framework.

"While tools have existed for individual users, this is the only free tool – and the most comprehensive one – available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm," said US-CERT Director Mischel Kwon."Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation's critical networks and systems, both from this threat and all others."

In addition to the development of this tool, DHS is working closely with private sector and government partners to minimize any impact from the Conficker/Downadup computer worm. This worm can infect Microsoft Windows systems from thumb drives, network share drives, or directly across a corporate network if network servers are not protected by Microsoft’s MS08-067 patch.

US-CERT recommends that Windows Operating Systems users apply Microsoft security patch MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) as quickly as possible to help protect themselves from the worm. This security patch, released in October 2008, is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an infected system and install additional malicious software.

Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of an infection may be detected if users are unable to connect to their security solution Web site or if they are unable to download free detection/removal tools.

If an infection is suspected, the system or computer should be removed from the network. In the case of home users, the computer should be unplugged from the Internet.

Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:

Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Home users may also call Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

McAfee:
http://www.mcafee.com/us/threat_center/default.asp

US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch, disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.

In addition, US-CERT recommends that computer users and administrators implement the following preparedness measures to protect themselves against this vulnerability, and also from future vulnerabilities:

  • Keep up-to-date on security patches and fixes for your operating system.The easiest way to do this is to set your system to receive automatic updates, which will ensure you automatically receive security updates issued by Microsoft.If your system does not allow automatic updates, we recommend that you manually install the Microsoft security patch today through Microsoft Update at http://update.microsoft.com/microsoftupdate
  • Install anti-virus and anti-spyware software and keep them up-to-date
  • Enable a firewall which will help block attacks before they can get into your computer

To access the alerts for this vulnerability and for additional information on cyber security tips and practices, please visit www.us-cert.gov.

###

 

Friday
Jan302009

Feds Stop Computer Virus In Plot To Destroy Fannie Mae

The Justice Department today announced that they foiled a plot by a former Fannie Mae contractor who was fired from unleashing a virus.

According to the Feds the virus would have destroyed data on all of the finance company's 4,000 computers tomorrow (Saturday January 31).

Rajendrasinh B. Makwana, 35, of Glen Allen, Va., a citizen of India, was fired early on the afternoon of Oct. 24 from his job at Fannie Mae's data center. An affidavit states he was fired for erroneously writing programming instructions two weeks earlier that changed the settings on high-speed computers.

However, beofre surrendering his Fannie Mae badge and laptop computer at the end of the day Oct. 24, Makwana "intentionally and without authorization caused and attempted to cause damage to Fannie Mae's computer network by entering malicious code."

The indictment says the virus was found "by chance" in late October and removed.