ReadersZone

Using a mobile computer inside corporate office is very much secure as compare to using it outside the corporate network. In corporate network your mobile computer id protected with corporate firewall, anti-virus, spyware’s, corporate access control and other security polices but what about using mobile PCs outside the boundaries of corporate office. Many organizations using laptops for flexible work hours. Regardless the flexibility introduced by laptops in working hours also introduces more security risks and more unknown challenges. Once an employee takes their laptop and leaves, they are on their own. The laptop becomes an island unto itself and must be able to defend itself against malware, unauthorized access, and other malicious activities.

Microsoft’s latest operating system windows vista provides more secure foundation for laptops as compare to earlier versions of windows operating system. Let’s take a look at some of the components that go into Windows Vista’s security, and why Windows Vista should be the operating system of choice when securing your mobile computer is a priority.

Address Space Layout Randomization: Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process’s address space. Prior to windows vista memory addresses were static and could be discovered. Static memory addresses can be easily discovered by an attacker who is developing a malware or trying to do malicious activities on memory.

Data Execution Prevention: Data Execution Prevention (DEP) is a security feature Included in Windows Vista , that prevents any application or service to execute code from a non-executable memory location. These types of attacks mainly targets computer programs that are poorly written. Prevention from Data Execution Prevention is first introduced in windows XP sp2.

Windows Vista Firewall: Firewall is a critical first line of defense to protect your computer against many types of malicious software. Vista firewall monitors and restricts both incoming and outgoing traffic. Vista firewall also provides internet protocol security settings and Firewall filtering settings integrated. Monitoring outgoing traffic gives a fair idea which computer programs are trying to access the internet and whether are these programs also trying to send some important data to remote systems.

Internet Explorer with protected mode: Internet explorer running in protected mode provides an extra level of security and data protection to windows vista users. Protected Mode protects the system by ensuring that any malware or exploits encountered via the Web are unable to affect the operating system or core functionality. In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent. Protected Mode requires the user to confirm any activity that tries to put something on your machine or start another program.

BitLocker Drive Encryption: BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Ultimate for client computers and in Windows Server 2008. BitLocker enhances data protection drive encryption and the integrity checking of early boot components. Drive encryption protects data by preventing unauthorized users from breaking Windows file and system protection on lost, stolen or inappropriately decommissioned computers. This protection is achieved by encrypting the entire Windows volume; with BitLocker all user and system files are encrypted including the swap and hibernation files. Integrity checking the early boot components helps to ensure that data decryption is performed only if those components appear unmolested and that the encrypted drive is located in the original computer.

This post is created while reading some articles on Microsoft Windows Vista website, Microsoft Technet Windows Website and definitions are taken from Wikipedia.

Share

May 16, 2008 Symantec released it’s two new Norton security products for public beta. Norton Internet Security and Norton AntiVirus. Norton has some significant changes in architecture as well as in code of it’s security products. Norton 2009 security products not only scan and run services faster then previous versions of Norton Security but also consumes less computer resources.

The 2009 releases of Norton Internet Security and Norton AntiVirus were engineered to be fast, and light on system resources.Norton Internet Security provides comprehensive security against all types of online threats while Norton AntiVirus protects against malicious software without slowing you down.

Norton Internet Security and Norton AntiVirus 2009 are based on the Norton Protection System, a multi-layered set of technologies that work in concert to stop threats before they impact you. The Norton Protection System includes an innovative new technology that uses security information from millions of users to pre-determine what files and processes are safe, and what aren’t. Coupled with Norton’s acclaimed Browser Protection technology for blocking web-based attacks and our enhanced SONAR technology for detecting unknown threats, Norton 2009 protects without impacting performance.

Norton Internet Security 2009 Features

• Innovative new architecture dramatically reduces the boot time impact, the scan time, the memory usage as well as the system footprint and the install time.
• Smart Idle Time Scheduler runs quietly in the background to let you work and play without disruption.
• Silent Mode ensures your games and movies are never interrupted by alerts and security updates.
• Enhanced Browser Protection blocks browser exploits and protects against infected websites (now supports Firefox).
• Expanded SONAR Protection offers real-time protection against new and unknown threats without requiring the user to make confusing security decisions.
• Enhanced Identity Safe now includes an interactive tutorial to get users up and running, cloning of your cards importing your data from Internet Explorer and more!
• Improved Home Network Security Networked devices report their health and status through a visual map.

Norton AntiVirus 2009 Features

• Innovative new architecture dramatically reduces the boot time impact, the scan time, the memory usage as well as the system footprint and the install time
• Smart Idle Time Scheduler runs quietly in the background to let you work and play without disruption
• Silent-Mode ensures your games and movies are never interrupted by alerts and security updates
• Enhanced Browser Protection - Blocks browser exploits and protects against infected websites (now supports Firefox)
• Expanded SONAR Protection offers real time protection against bots and other types of unknown threats without requiring the user to make confusing security decisions

Download Norton AntiVirus 2009 Beta

Download Norton Internet Security 2009 Beta

Share

Microsoft Windows XP is still preferred operating system, instead of the fact that it has a number of security loop holes. When Microsoft started building Vista, there primary goal is to make an operating that can address most of security issues that are addressed in Windows XP. Windows Vista comes with a number of security improvements. It’s important for end user to understand how to use these new security features.

• Network Access Protection (NAP): Network Access Protection (NAP) is one of the most desired and highly anticipated features of Windows Server 2008. NAP is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access. Network Access Protection is complicated to setup but I think it’s a good idea to setup Network Access Protection. Step by step guide: How to Set up Network Access Protection.

• Turn on Phishing Filter: Make sure that Phishing Filter is turned on for all your desktop computers. The Phishing Filter combines a local (client side) system scanning for suspicious website characteristics with an online service. Phishing Filter checks website characteristics to common Phishing websites, warn if it finds any fraudulent and legitimate website.
  The Phishing Filter is not enabled by default—you must actively enable the feature the first time you use the browser after installation. You can enable and disable the Phishing Filter with just a single click at any time using the browser menus.
• Use Network Profiles: Windows Vista does not treat all network connections equally as compare to previous version of Windows operating system. Vista’s Network and Sharing center designate a networks as public, private or a domain network. Vista treats domain networks automatically when computer is used to login into a domain. It’s very important to select proper network network profile because vista implements various security features based on network type.
• Use Vista 64-Bit Version: Windows Vista’s 64-Bit version is more secure as compare to 32-Bit version. Vista 64bit version offers Data Execution Prevention feature. DEP is a security feature that can help prevent damage to your computer from viruses and other security threats. DEP can help protect your computer by monitoring programs to make sure they use system memory safely. If a program tries running (also known as executing) code from memory in an incorrect way, DEP closes the program.

This Post is created reading  a number of Microsoft Technet Articles.

Share

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. The approach taken with ratproxy offers several important advantages over more traditional methods:

• No risk of disruptions. In the default operating mode, tool does not generate a high volume of attack-simulating traffic, and as such may be safely employed against production systems at will, for all types of ad hoc, post-release audits. Active scanners may trigger DoS conditions or persistent XSSes, and hence are poorly suited for live platforms.

• Low effort, high yield. Compared to active scanners or fully manual proxy-based testing, ratproxy assessments take very little time or bandwidth to run, and proceed in an intuitive, distraction-free manner - yet provide a good insight into the inner workings of a product, and the potential security vulnerabilities therein. They also afford a consistent and predictable coverage of user-accessible features.

• Preserved control flow of human interaction. By silently following the browser, the coverage in locations protected by nonces, during other operations valid only under certain circumstances, or during dynamic events such as cross-domain Referer data disclosure, is greatly enhanced. Brute-force crawlers and fuzzers usually have no way to explore these areas in a reliable manner.

• WYSIWYG data on script behavior. Javascript interfaces and event handlers are explored precisely to a degree they are used in the browser, with no need for complex guesswork or simulations. Active scanners often have a significant difficulty exploring JSON responses, XMLHttpRequest() behavior, UI-triggered event data flow, and the like.

• Easy process integration. The proxy can be transparently integrated into an existing manual security testing or interface QA processes without introducing a significant setup or operator training overhead.

Visit Ratproxy Website

Share

Gmail team seems to be working very hard to make their E-Mail service more secure. Recently Gmail team has introduced two new security features in Gmail. Gmail developers introduced Remote Sign out  and Better support for Phishing messages.

Remote Sign Out : Gmail users can sign into their Google account from different locations at different time. There might be possibility that users may forget to sign out from their Google account. At the bottom of your inbox, you’ll see information about the time of the last activity on your account and whether it’s still open in another location:

By clicking the details link users can see more details about their recent activities. Gmail users can also sign out all their active sessions.

Phishing Messages: Gmail does its best to put a red warning label on phishing messages but sometimes it’s very difficult for users to find the phishing E-Mails. Gmail supporting email authentication standards including DomainKeys and DomainKeys Identified Mail (DKIM) to verify senders and help identify forged messages. Now any email that claims to come from “paypal.com” or “ebay.com”(and their international versions) is authenticated by Gmail and — here comes the important part — rejected if it fails to verify as actually coming from PayPal or eBay. That’s right: you won’t even see the phishing message in your spam folder. Gmail just won’t accept it at all. Conversely, if you get an message in Gmail where the “From” says “@paypal.com” or “@ebay.com,” then you’ll know it actually came from PayPal or eBay. It’s email the way it should be. Gmail can easily reject as a fake anything that doesn’t authenticate.

Technorati Tags: Remote Sign out,Gmail,Ebay Phishing,Paypal Phishing

Share

LinkedIn and Google both are facing problems while keeping customers data private. On July 3, 2008 Google has confirmed that personal data of U.S. employees hired prior to 2006 have been stolen in a recent burglary.  LinkedIn was founded five years ago and provides business networking service. LinkedIn works same as other social networking service first users has to register with LinkedIn and then connect with their friends or can find new friends there.

HR companies sees LinkedIn a source of professional profiles they have to pay some money and they have access to a number of professional profiles. LinkedIn’s new Enterprise Corporate Solution allows access to all LinkedIn members, and there are bout 23 million of them in all. With a simple search, one can find loads of profiles which can then be sent to recruiters and HR companies.

Share

Spammers are now using Amazon’s Clod service EC2 (Amazon Elastic Compute Cloud). Over last couple of days Sophos has detected a good amount of spam messages, telling users that your computer require a critical Microsoft Windows Update. This is oldest and best trick used by spammers to spread spam messages. There is no clear indication why spammers using Amazon EC2 to spread the spam messages but may be Amazon EC2 is well know and trustworthy site, users will be fooled into getting infected.

In order to stay protected, you should disregard any message with the following subject lines:

• Critical Microsoft Update
• Critical Update Notification
• Important Microsoft Update
• Important Update Notification
• Important Windows Update.

Basically, anything stating that you need some sort of critical update.

Spam message Screenshot taken from Sophos website

Alert message of Sophos Anti-virus

The emails arrived via an IP that is part of a botnet:

Share

Today on Tuesday July 1, 2008 Passpack has released the desktop version of it’s online password manager software. Passpack Desktop is based on Adobe AIR. Desktop version of Passpack is best suited to use as a backup of all your online passwords. This new release automatically synchronize to Passpack online.

Best thing about the Passpack for desktop is there is no need to setup an online Passpack account. Users can manager their passwords using Passpack’s desktop software and it’s free to. When ever users signup with Passpack online this software automatically synchronize to Passpack online.

Passpack desktop is free: for everyone and forever. The code is released
under a Creative Commons license, so programmers can have a look under
the hood to verify the security.

Passpack Desktop Features

• Same top security and easy interface as the online password Manager, and easy to install.

• Access your passwords even if you can’t reach Passpack.com.

• Automatically backup your Passpack.com account during Passpack Desktop setup.

• Push-button sync integrates Passpack Desktop with new/changed passwords from Passpack.com.

• Better flow of communication from the online version to the desktop version

• Endless number of password storage.

• Ability to use the desktop version exclusively, online becoming then an option.

Passpack Desktop Screenshot

Technorati Tags: Passpack,Password Manager

Share

I think, Spammers and Phishers are always come with some new idea and targets to spread spam messages. This time they are targeting Google Calendar.  Phishers sending message to Google calendar users to their Gmail Account, With a reference to a legitimate and sender name is Google Customer Care. These messages ask users to verify their account.

A Sample message and Screen shot taken from CNET Website a

We are having congestions (sic) due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted. We are sending you this email to so that you can verify and let us know if you still want to use this account

Google Calendar Spam Attack

According to SANS Internet Storm Center (ISC) spammers are now targeting Google calendar to spread spam messages. Spammers sending spam messages asking for meeting invites.

Actual content viewable via outlook calendar.

Google Agenda
donald smith, vous êtes invité(e) à participer à
Your pending transfers respond prompt.
sam. 5 avr. 20:30 – 21:30
(Fuseau horaire : Hawaï)
Agenda : donald smith
Compliments and Greetings,
This is an official notification of the availability of your full
entitlement valid 1.2 million which has not been affected due to official negligence. This transfer has been held pending and its original account suspended pending when the benefactor provided the TAX clearance document .but the impostors who are operating in syndicates all over the world today are misled and misguided you about the position of your fund with the sole aim of exporting money from you that explain why you have
not receive the payment up-to-date.

However, you are advised to immediately reconfirm your telephone and currant contact/ payment receiving details to this e-mail address (richtransferoffice@yahoo.co.in) .You will receive your payment by:

(1) By wire transfer direct to your nominated bank account.
(2)Issuing you ATM CARD
(3) or by drawing a cashiers cheque payable in your name,
with strict procedures of the International funds transfer rules and regulations in avoidance of unhealthy intents and unnecessary delay.

So, let us know which of option you like to receive your monies .But before we proceed, you are required to make a payment of the Non-resident tax of $150 only as the authorities demand which is described as selective payment to enable us effect maximum clearance on your file and automate your full information on the transfer script text to ensure that the payment reach your hand on time through a legal secure way from the exact time frame we initiate our service if you accurately furnished us with our requirement as instructed.

Note that we have no legal right to deduct or add to the value of your funds because your payment has already been keyed into the system for final transfer, thus the compliance with this condition this payment will reach you within 48 banking hour or less.

Yours faithfully,
Johnson Mark
International Clearing House West Africa- BENIN
Affiliate to the World Association of Debt Management.

Google Calendar users please be careful before accepting any meeting requests from unknown sender.

Share

Spammers are now targeting Smartphone’s like Blackberry and iPhone. Spammers are seeing these new Smartphone as a new market to spread spam messages. By the end of 2010 there will be around 1.3 Billion computers and 4 Billion Smartphone’s so it makes real sense to target these hand handled devices.  Spammers mostly use text messages to spread spam using Smartphone’s. Using Smartphone’s to spread spam messages is much costlier then sending E-Mails.

Neil Cook, vice-president of technology services for Cloudmark, a messaging security company, estimates that penetration of Smartphone needs to reach 20 per cent to 30 per cent before it becomes worthwhile for hackers to spread viruses. Spam is a problem in India and China, and North America and Europe are expected to follow.

Mr Cook said

The rise in spamming and scams boils down to economics. Spammers are really very good businessmen. They see new opportunities and new markets. As new media becomes attractive to spammers, they move in there. They will move anywhere if they can make a return on investment.

Smartphone Facts

• 32.2 Million Smartphone’s were sold in first three month of this year.
• 275 Million Smartphone’s will be sold in next year.
• 4 Billion Will be there by year 2010

Share