Archive

Archive for November, 2006

Protecting your login information with KeyScrambler

November 30th, 2006

One of the BC moderators, TG1911, recently referred me to a new FireFox extension and Internet Explorer plugin that he wanted to add into our popular Freeware Replacements for Common Commercial Applications thread. This program, called KeyScrambler Personal, is an anti-keylogger application that can be used to encrypt data that you input into a browser.  It works by encrypting your keystrokes at the keyboard driver level and then decrypting them when they reach your browser.  As keyloggers attempt to read from the keyboard driver, they will now only be able to see the encrypted keystrokes.

The program comes in two versions, a Personal and a Pro version. The Personal version is free and will encrypt all logon input when logging into a site. The Pro version, on the other hand, costs $24.99 but will encrypt all input that you enter while using a site.

While using the Personal version when I visited a site that contained a logon form the browser would show a small popup that stated that my input was being protected by Key Scramber as shown in the image below.

As I input data into the login form, that same popup will show the encrypted data that the keylogger will see. 

In order to properly test this, I needed to install a keylogger and see if it worked.  I fired up Vmware and then installed KeyScrambler.  I then used the below test method using three different commercial keyloggers – Actual Spy, PC ACME Professional, and Keyboard Spectator Pro (KGB Spy) 3.30.  For this review I will go over my experiences when using Actual Spy.

First, I fired up FireFox, disabled Keyscrambler, and went to Hotmail to sign in with a fake account.  As you can see from the image below, Actual Spy did record the correct text I entered.  So now I know the keylogger is capturing my keystrokes and I can continue with my experiment.

I now went into the FireFox KeyScrambler extension properties and enabled it so it would protect my login data.  When visiting Hotmail again and entering the same fake login information, Actual Spy once again recorded the key strokes.  This time, though, the keystrokes were encrypted!

I now performed the same procedure using Internet Explorer where it worked just as well.  This entire procedure was tested again using the other two keyloggers.  They all produced the same results; KeyScrambler is encrypting the keystrokes before it gets to them.

For those who are looking for a free way to protect their login information from a keylogger, this seems like the perfect tool to use.  It’s easy to use, requires no work on your side other than the install, and works nicely.  I know I am now using it.

Tags: , , , ,

Computer security Systems

From precious metals to body parts?

November 29th, 2006

The latest in a long line of fake codecs was discovered today by Miekiemoes.  Instead of using names deriving from precious metals, as reported by Sunbelt, they now have moved on to body parts.  Introducing BrainCodec; the latest site ready to infect you with VirusBursters.

 

BrainCodec

 

This is so new in fact, that though the BrainCodec has its own domain and its own braincodec.107.exe, they forgot to change the web site itself.  As you can see the web site is still showing the layout and image for Gold Codec.

What happened to Gold Codec then?  They reverted it back to a parked domain at our favorite malware registrar, and hoster, ESTDomains.

 

Gold Codec

 

Information on Brain Codec is:

braincodec(dot).com
85.255.117.198

Domain Name: BRAINCODEC.COM

Registrant:
na
Alex Plawsky (alex@braincodec.com)
ul. Chłodna 51
Warszawa
null,00867
PL
Tel. +48.22528102

I can’t wait for toecodec to be released.

Tags: No Tags

Computer security Systems

Increased Solaris support in LM-X

November 29th, 2006

With the upcoming version of our license manager LM-X, we will increase our Solaris OS support to include x64, on par with our other supported platforms.
In keeping with our goals to support our users’ operating systems, and recognizing that Sun is increasingly promoting x64, we feel it’s important that LM-X also supports this OS.
Popularity: 35% [?]

Read more at nospam@example.com (Henrik Goldman)

Computer security Systems

From Atlas to ASP.NET AJAX: Client Controls

November 28th, 2006

I have always had my beef with the client controls Atlas introduced. I am using JavaScript since approximately ten years now, so I know my way around DOM fairly well. So why add another layer in between? Of course there are scenarios where that makes sense, and there are developers who really appreciate a rather consistent API.
When upgrading to ASP.NET AJAX, client controls are gone at first. You need to install the CTP first. Then, some details change. First of all, the namespace moved from Sys.UI to Sys.Preview.UI. However in order to be able to access Sys.Preview.UI, an additional library must be loaded via the ScriptManager:

<asp:ScriptManager ID=”ScriptManager1″ runat=”server”>
<Scripts>
<asp:ScriptReference
Name=”Microsoft.Web.Resources.ScriptLibrary.PreviewScript.js”
Assembly=”Microsoft.Web.Preview” />
</Scripts>
</asp:ScriptManager>

Apart from that, not very much changes. One notable exception: Sys.UI.Select is gone; it is now called Sys.Preview.UI.Selector. I wonder why, but it works
(Part of the Atlas to ASP.NET AJAX Migration series.)

Read more at nospam@example.com (Christian)

ASP.NET security , , , , , , ,

Which security category does your company belong to?

November 28th, 2006

There are about 9 different categories of companies when they are categorized in two dimensions. The dimensions that I have chosen are Security Preparedness along the x-axis and # of Security Breaches along the y-axis.

Lucky – These companies have a low security preparedness, but they have been lucky to have low number of breaches. There is no guarantee that they will continue to stay lucky. It is hard to implement security in such companies because the management has not had a bitter experience of breaches. These are ignorant blissful companies. One big bad incident could push them to the Aware category.

Aware – These companies too have low security preparedness but they have had high number of breaches. Due to the bitter experience of high number of breaches, the management of these companies does understand the importance of security. It is much easier to implement security in “Aware” companies unlike the “Lucky” companies.

Unlucky – I meet unlucky people all the time, no pun intended. These companies have high level of security preparedness, despite that they have had high number of breaches. These are the companies that should spend time doing the post-mortem of the breaches and applying the learning that arises out of the post-mortem to enhance their security posture.

Desirable – These are the companies that have successfully deployed security to minimize the number of breaches. Which company does not want to be here? The goal for the companies in other categories is to consciously move to this category.

Of-course there are other 5 average categories that I did not address, being average does not get much publicity either!

Computer security Systems

Vista may help to protect MS Office attacks

November 27th, 2006

Thomas Dullien, head of research for reverse-engineering tool maker Sabre Security, posted on his blog that a feature in Windows Vista will help to block the rash of client side exploits that have been targeting Microsoft Office.  This new feature called address space layout randomization, or ASLR, spreads data randomly through a process’s memory space.  Doing this makes it much harder for an attacker to pick the right memory address that it needs to target in order to exploit a known security risk.

Tags: No Tags

Computer security Systems

The Soul Of A New Microsoft

November 27th, 2006

Businessweek.com has a new cover story titled The Soul Of A New Microsoft which  focuses on the new breed of leaders who are be paving the way for Microsoft to new branches of technology like the XBOX and Zune. The article predominantly focuses on the vice-president for design and development at its Entertainment & Devices unit, J Allard who was the team leader behind Zune.

lready, Allard and those like him are having an impact. They’re showing that strategies to move the company beyond Windows can emerge and be accepted by top brass as nonthreatening. A key moment came six years ago, when Allard insisted that the new Xbox video game console be developed without using Windows. In one meeting, Gates berated him for suggesting that the operating system wasn’t up to snuff. But Allard argued that it wasn’t specialized enough to handle video gaming. Gates eventually relented, in a decision that is widely seen today as a key to the console’s success.

The article is definitely an interesting read whether your into technology or business.

Tags: No Tags

Computer security Systems

Brief Overview of the Windows Vista Parental Controls

November 27th, 2006

Windows Vista comes with a new set of parental control features that allow you to set limits on an account’s web use, hours that they can use the computer, and games and programs they can run. Using these features a parent can control how a minor uses a computer.

The categories that can be enforced in parental control are:

  • Web Filters – This category allow you to specify what sites a user can or cannot go to, whether they can download files, or if they are allowed to go to a site that matches a particular content.
  • Time Limits – In this category you can specify the specific hours that a user can use a computer. If they attempt to logon during this time, they will be denied, and if they are currently logged on, will be logged off.
  • Games – Here you can specify the game rating system that will be used, the highest rating of a game they can play, and choose specific games that they can or cannot play.
  • Program Use – Specify the programs a user is allowed to run and is not allowed to run.

It is important to note that parental controls can only be assigned to Standard User accounts and not an administrator. You can see a video where we set the parental controls on a user and this video where we show these restrictions in place.

Tags: No Tags

Computer security Systems

Zune receives a scathing review from the Chicago Sun-Times

November 27th, 2006

The Microsoft Zune has received what could be the most critical and scathing review since its release.  In Andy Ihnatko’s review titled Avoid the loony Zune, Andy relates his horrible experiences during his week of playing with it.  The problems reported range from a horrible setup to lack of compatibility with Windows Media Player.

I personally do not own, or have tried, a Zune but if the reports from this article are true  then it does not sound like the iPod killer that Microsoft hopes it will be.  Some of the problems Andy ran into include:

  • Horrible setup
  • Lack of compatibility with Windows Media Player.  To me that doesn’t event make sense as it is Window’s flagship media program.
  • Only the Zune software can sync with the Zune
  • No support for podcasts.
  • Having to purchase Zune points ($5 blocks) instead of just using real money to purchase a song for $0.99.

For more information please read the original article while I leave you with one of Andy’s comments:

“Avoid,” is my general message. The Zune is a square wheel, a product that’s so absurd and so obviously immune to success that it evokes something akin to a sense of pity.

Tags: No Tags

Computer security Systems

Gears of War and Best Buy Cyber Monday Deal

November 27th, 2006

Best Buy has a promotion out for Cyber Monday on the purchase of Gears of War for the XBOX 360.  If you order this game you will receive 1,600 free XBOX Live Marketplace points.  The free 1,600 XBOX Live points is equivalent to around $20.

Tags: No Tags

Computer security Systems

SANS Top-20 Internet Security Attack Targets (2006 Annual Update)

November 27th, 2006

Two weeks ago, the SANS Institute has released its annual Top 20 Internet Security Attack Targets list. Of course you can debate how such a Top list came together and what the real value behind that is, but there are two specific points in this year’s list that I found quite interesting.
First of all, there is a new entry: Users (H2). This shows that phishing, social engineering and related attacks are getting more and more prevalent. User education is therefore more important than ever.
Second, PHP is specifically mentioned a couple of times (one wonders why). In entry C2 of the SANS Top 20 (Web Applications), the institute gives some very specific advice:
From the PHP system administration and hosting perspective:

Always test and deploy patches and new versions of PHP as they are released
Frequent web scanning is recommended in environments where a large number of PHP applications are in use
Consider using the following PHP configuration:

register_globals (should be off, will break insecure apps)
allow_url_fopen (should be off, will break apps that rely on this feature, but protect against a very active exploit vector)
magic_quotes_gpc (should be off, will break older insecure apps)
open_basedir (should be enabled and correctly configured)
Consider using least privilege execution features like PHPsuexec or suPHP
Consider using Suhosin to control the execution environment of PHP scripts

Use Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Consider using Apache’s mod_security to block known PHP attacks
As a last resort, consider banning applications which have a track record of active exploitation, and slow response times to fix known security issues.

From the developer perspective:

If you use PHP, migrate your application to PHP 5.2 as a matter of urgency.
To avoid the coding issues above:

Develop with the latest PHP release and a hardened configuration (see above)
Validate all input appropriately
Encode all output using htmlentities() or [...]

Read more at nospam@example.com (Christian)

PHP security

Speaking of Security Podcast #40

November 26th, 2006

Click here to listen/download (11:12).
We take a another look back at the U.S. mid-term elections, this time with Speaking of Security blogger, Shannon Kellogg. Also meet the new head of RSA Labs and newest Speaking of Security blogger, Ari Juels, whose research interests include authentication, biometric security, privacy, and RFID.

Original post by blog@rsa.com (Podcast Producers) and software by Elliott Back

Computer security Systems