Archive for the ‘Uncategorized’ Category

Email Giants Move to Slash ‘Phishing’

Posted on: January 31st, 2012 by Jim Collier No Comments

Email-service providers Google Inc., Yahoo Inc., Microsoft Corp. and AOL Inc. are backing a new effort intended to dramatically reduce “phishing” emails, which attempt to trick recipients into thinking they come from a legitimate source.

Some of the underlying technologies are already used widely in protecting email, relying on the equivalent of digital signatures that help identify a message’s sender.

The companies—along with others such as financial-service companies Bank of America Corp., FMR LLC’s Fidelity Investments and eBay Inc.’s PayPal—are hoping to create an environment that allows the recipient of an email from, say, a bank, to feel secure that it isn’t a trick.

To achieve that, the firms have created DMARC.org, a working group of 15 companies that plans to promote a standard set of technologies that they say will lead to more secure email.

Some of the underlying technologies are already used widely in protecting email, relying on the equivalent of digital signatures that help identify a message’s sender. But senders don’t always authenticate every message they send, so recipients are forced to rely on complex and imperfect ways to distinguish trusted messages from potentially fraudulent ones, backers of the effort say.

Brett McDowell, chair of DMARC and a senior manager at PayPal, says senders also need policies that tell email providers how to treat messages that aren’t authenticated. That way, the email provider will be able to vouch for the authenticity of the real emails—and block fake ones or label them suspicious.

PayPal has been using the authentication technologies with Yahoo’s email service since 2007 and with Google’s since 2008, Mr. McDowell says, and is now blocking around 200,000 fake emails per day. Adam Dawes, a product manager at Google, says that 15% of the messages the company delivers to inboxes—a count that doesn’t include spam and other junk emails—is currently protected with the authentication safeguards.

Such volumes could be the reason that this effort to secure email can succeed where past ones have failed, representing a “critical mass” of key companies, says Mr. McDowell.

If the system were to work and email could be authenticated, it would allow businesses to communicate with customers in new ways—or rather in old ways that have been compromised by phishing attacks. A bank customer would be able to trust an email advising him to follow a link and update his account information, for example. Currently, many companies tell customers not to trust emails with this kind of message, and many consumers assume that such messages are phishing attacks.

“If you are a big bank or a retailer, you have a very strong interest in making sure people trust your messages,” says Michael Osterman, president of Osterman Research, which tracks the messaging industry. While past efforts to secure email have fallen short, DMARC “has a lot of promise,” he says.

Even if every email can be authenticated, it won’t bring an end to email fraud, Mr. McDowell acknowledges. But it will mean that scammers need to find new addresses with which to launch their attacks. Instead of crafting an email that looks like it comes from paypal.com, for instance, it would need to come from “paypalpayments.com” or some other fake site.

The DMARC working group officially launches Monday. Besides email providers and financial-service firms, initial participants include social-networking companies such as Facebook Inc. and LinkedIn Corp. and messaging-security providers such as Agari Data Inc.

Mr. McDowell said it won’t cost a lot for companies to start using the standards, but it will require them to identify every server that sends email and ensure that the technologies are in use. The same holds true for third-party firms such as marketing agencies that send email on behalf of a company.

When it comes to receiving emails, it’s likely that email vendors or security firms will add the capability to authenticate messages into future versions of their systems, Mr. McDowell says. He hopes that makers of security and email software also adopt the DMARC standards.

Write to Ben Worthen at ben.worthen@wsj.com.

Courtesy of The Wall Street Journal.

Microsoft Fixes 22 Flaws with Updates

Posted on: August 10th, 2011 by Jim Collier No Comments

Microsoft released 13 security bulletins addressing 22 unique vulnerabilities for its August Patch Tuesday update.

Of the 13 bulletins, two were rated as “critical,” nine as “important” and two as “moderate,” Microsoft said Aug. 9 in its Patch Tuesday notification announcement. The patches addressed bugs in both desktop and server versions of Microsoft Windows, Office, Internet Explorer, .NET and Visual Studio.

“Everything from Microsoft operating system kernel and networking components to their Microsoft Internet Explorer web browser and development products are impacted to patch information disclosure, denial of service, memory corruption, and elevation of privilege vulnerabilities,” wrote Kurt Baumgartner, a senior malware researcher at Kaspersky Lab, on the Securelist blog.

Administrators should prioritize the two critical updates fixing vulnerabilities in Internet Explorer and the Microsoft DNS server running in Windows Server 2003 and 2008 first, Angela Gunn, senior response communications manager at Microsoft Trustworthy Computing, wrote on the Microsoft Security Response Center blog on TechNet. Even though there are no exploits currently targeting the flaw in the wild, according to Gunn, the exploitability index on the IE issue is “1,” meaning a reliable exploit is expected soon. The DNS issue has an exploitability index of “3,” meaning an exploit is not expected within the next 30 days.

The Internet Explorer patch resolves five “privately reported” bugs and two publicly disclosed flaws in the Web browser, Gunn said. The most severe vulnerability would allow attackers to remotely execute code if the user viewed a specially crafted Website on an unpatched version of Internet Explorer. All versions of Internet Explorer, even IE6 and IE9, need to be patched.

The DNS Server patch fixes two vulnerabilities, of which the most severe one would result in remote code execution if the attacker sets up a malicious DNS server to send a specially crafted Naming Authority Pointer query to an unpatched server to obtain a DNS record. Windows servers that don’t have DNS turned on are not at risk, Gunn said.

The DNS vulnerability could result in a “complete system compromise,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “Because no user interaction is needed, a vulnerable service simply needs to be up and running for the vulnerability to be exploited,” Talbot said.

“The fact that vulnerabilities such as these continue to be so common is one reason why web-based attacks are so prevalent,” Talbot said.

It’s rare, Talbot said, that half of all the vulnerabilities patched this month are “low-profile” issues relating to information disclosure and denial of service attacks.

The information disclosure flaws in Remote Desktop Web Access Login and Microsoft Chat Web control are cross-site scripting issues, said Wolfgang Kandek, CTO of Qualys. The issue in Report Viewer Web control could be used to reveal contents of files stored on the web server, Wolfgang Kandek, CTO of Qualys, said.

Microsoft also fixed a Data Access Components issue that would have allowed attackers to link an Excel file with a maliciously modified library located on the same network directory. When opened, the library would load and execute on the system with the same privileges as the user opening the Excel file. Another remote code execution flaw was patched in Visio this month.

For the Excel vulnerability, “we will be monitoring for related exploit inclusion in underground market exploit packs like BlackHole, NeoSploit and Phoenix,” Baumgartner said.

Even though Microsoft didn’t rate the denial of service issues in Windows Vista and Windows 7 patch as “Critical,” administrators should pay “special attention” to the MS11-064 bulletin, according to Andrew Storms, director of security at nCircle. Attackers can remotely reboot a Windows system by sending malicious TCP/IP packets, even if it is running a local firewall, according to Storms, adding that the bug used to be called the “ping of death” in the early 1990s.

“Although these are not remote code execution issues, they could be used in conjunction with other attacks or just for playing pranks,” said Kandek.

MalwareBytes: to Remove Stubborn Malware

Posted on: July 7th, 2011 by Jim Collier No Comments

Malware is an ever-growing problem with today’s computer systems. Your computer is constantly at risk from infection by malware including viruses, worms, trojans, rootkits, dialers, and spyware. Malwarebytes specializes in fighting these malware processes.

If viruses are mischief, malware is mayhem. Malware doesn’t just want to disrupt your network, it wants your keystrokes, logins, passwords, address book, data, credit card information, favorite t-shirt and possibly your cat.

Malware is not going away any time soon. Malware is growing, developing, constantly evolving. Malware is becoming more difficult to detect, and even harder to remove.

Only the most sophisticated anti-malware techniques can detect and remove malicious programs from your computer. Malwarebytes Anti-Malware PRO combines powerful new technologies designed to seek out, destroy, and prevent malware.

Malwarebytes Anti-Malware PRO detects AND protects in an easy-to-use, straightforward, heavy-hitting but lightweight anti-malware application.

Consumers and personal users pay a one-time fee of just $24.95!

DOWNLOAD IT TODAY

Corporate and business customers need annual licenses; please see our Corporate Licensing program.

Malwarebytes technology takes the next step in the fight against malware. Malwarebytes Anti-Malware PRO detects and removes malware where even the best known anti-virus and anti-malware applications fail.

Malwarebytes Anti-Malware PRO monitors every process and stops malicious processes before they even start. The Proactive Protection Module keeps your system safe and secure with advanced heuristic scanning technology. The comprehensive Threats Center keeps you up-to-date with the latest malware threats.

Malwarebytes Anti-Malware PRO Features include:

  • Flash – Lightning fast scan speeds
  • Thorough – Full scans for all drives
  • Works Well With Others – Cooperative functionality
  • Puts YOU first! – Priority database updates
  • Puts Malware in the Slammer – Quarantine function holds threats and lets you restore at your convenience
  • Talk to the hand – Ignore list for both the scanner and Protection Module
  • For Your Pleasure – Customizable settings enhance performance
  • Toolbox – Extra utilities to help remove malware manually
  • Nitty Gritty – Command line support for quick scanning
  • RPP, Yeah You Know Me – Realtime Proactive Protection Module (not included in the free version)
  • Hablamos Everything! – Multi-lingual support (Klingon still in beta)
  • Support for Windows 2000, XP, Vista, and 7 (32-bit and 64-bit)

Welcome Kaspersky Labs to CPI

Posted on: June 7th, 2011 by Jim Collier No Comments

Kaspersky Lab delivers the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Our products provide superior detection rates and the industry’s fastest outbreak response time for SMBs, large enterprises, home users, and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers.

We put all our resources and know-how into preventing these threats from spreading. We help educate the community at large on best practices to ensure the greatest possible online security.The success of our mission has resulted in Kaspersky Lab emerging as the world’s largest privately held anti-malware company. Founded in 1997, the company of ers its products and technologies to industry and consumers
in virtually every country around the globe. Today, more than 300+ million users worldwide are protected by our technologies. And every day, we add more than 50,000 new systems.

As a result of supporting our customers’ needs, Kaspersky Lab has grown to more than 2,000+ employees, with more than half of us focused on R&D and customer support. Our products have continually received the highest recognition for quality. During the past decade and a half, Kaspersky Lab has been leading the anti-virus industry in innovations, starting with the i rst use of external database signatures in 1992, as well as being i rst to develop and implement heuristic virus analysis and linguistic text analysis. Its international team of
experts continuously analyze the latest security trends 24/7/365, thus allowing for the industry’s fastest response time to Internet threats and enabling the business to develop new and forward-looking technologies (many of which are now commonly used in security products throughout the world) – ahead of the competition. It is the company’s mission to always stay one step ahead of its competitors in of ering excellence: the best protection possible and ensuring the company’s product portfolio remains at the vanguard of the market.

Learn more at www.kaspersky.com. For the latest on anti-virus, anti-spyware, anti-spam, and other IT security issues and trends, visit www.securelist.com.