The Great Years: 2004-2010
Darn. And I was getting all excited.
Nothing about the composition of these strips renders them detectable by scanner or satellite. In 2004, the false belief attaching to this security feature was enhanced by the claim of these bands containing RFID tags. As technology advanced, so did the rumor, leading many to microwave their
$20 bills into ashen submission by falling for the canard that nuking their currency would disable these transmitters.
Link here.
Alex Eckelberry
A group of European computer researchers have demonstrated that it is possible to insert a software virus into radio frequency identification tags, part of a microchip-based tracking technology in growing use in commercial and security applications.
NY Times link here (ComputerWorld here — thanks Jarrett).
Alex Eckelberry
This hopefully (and very likely) goes into the category of entertainment — not reality.
Everybody loves a good conspiracy theory. First, there was a crazy theory that the new $20 bill shows hidden pictures of the 9/11 attacks. Now, there’s speculation that the the new $20 bills have a little something extra besides the pretty colors. According to this site, they’re embedded with Radio Frequency Identification (RFID) chips that can set off those monitoring devices at store exits designed to alert personnel that you’re walking out with tagged merchandise.
The author claims that you can “fry” the RFID tag by putting your money in the microwave – but it may explode if you do (although apparently the results do vary depending on what microwave machine you’re using). I would not test this at home — if there is an RFID tag in the money, microwaving an RFID tag will release some unpleasant chemicals that aren’t too healthy — and you’ll destroy your nice $20 bill in the process.
If you don’t want your money tracked, don’t think you’ll avoid it by leaving the country. A link from this site takes you to a story written way back in 2001 about how the European Central Bank was planning to embed RFID chips in all their euro notes by 2005. True or not?
(US Treasury site on this new bill here.)
Alex Eckelberry and Deb Shinder
Street Gangs Online: We already knew terrorist groups like Al Quaida use the Internet to communicate with each other and plan their criminal activities. Now it looks like common street gangs are invading the ‘Net, too. These new “netbangers” are hanging out in chat rooms instead of (or in addition to) street corners, even creating their own professional quality web sites. And the cops aren’t far behind.
But it’s not just kids searching for vicarious thrills. Active gang members use the Web sites to communicate with each other and sometimes to pick online fights with rival gangs. What starts on the Internet can quickly spill onto the streets. Cops in Boston and Texas who broke up gang brawls in the past few years found that the altercations had been scheduled on gang Web sites.
Read more about it here.
Deb Shinder
There are a number of companies out there that provide solutions for transferring your PC data to a new system — like Apptimum AlohaBob and Laplink’s PC Mover. The breadth of the solutions vary — one may only transfer raw information in bulk from one machine to another, and another might attempt to intelligently migrate your applications over as well.
Last week, we got the announcement that Microsoft has acquired Apptimum (aka Eisenworld/AlohaBob), a company that makes software designed to help you automatically transfer your applications to new computers. At this point it’s only speculation, but if such technology could be built into the operating system, it would make it far more convenient for home and business users to upgrade their hardware systems.
Read the announcement here.
Alex Eckelberry and Deb Shinder
Last week, we discussed some legal issues pertaining to wireless networking, including whether “hitching a ride” on an open wi-fi network is a crime and possible liability if someone else uses your wireless network to engage in illegal activity. Lots of you wrote to comment on the topic.
In emails directly to me, several of you said that you intentionally share your wireless network with your neighbors, or use a neighbor’s network with their permission. John V. asked “If your PC found 10 wireless hotspots, how would you know which ones are free and which ones were left open by error?” The answer, of course, is that you don’t – unless the network owner has advertised the availability of his network or named it in a way to make it obvious that outsiders are welcome to use it (for instance, an SSID of “FreeNet” or some such might indicate his intentions).
Steve R. recounted an experience where he left his car unlocked and his CD player was stolen, and the police officer who responded told him that by leaving the doors unlocked he “invited” the thief in. While I disagree with this “blame the victim” philosophy, I don’t think the analogy carries over completely to the wi-fi situation, primarily because there are many people who leave their wireless networks open because they actually want others to use them. I doubt anyone leaves his car unlocked with the intention of having his CD player taken.
James P. argued that “The argument of using someone else’s connection/bandwidth while not trying to access files is lame. That excuse is the same as throwing your trash into a neighbor’s unlocked refuse bin but not searching through the neighbor’s trash. The neighbor is paying for trash removal and that amounts to a “theft of service”- no ifs, ands, or buts about it!” Matt P. counters with “it’s up to the person who owns the network to take steps ie. encryption, mac filter, etc to ensure only computers they desire are connecting to their network. It also seems clear that anything beyond your personal property ie. sidewalk, street, etc. is public space and cannot be claimed as private. Therefore, if I can detect the wifi signal on public property or from my own property; then I have every right to use that signal IF it is left unsecure. If the signal is secured and I attempt to connect then I am hacking and that would be illegal.”
Bob G. said “attaching to [another person’s] network is less like trespassing on their property than it is like eating the apples that fell off their tree into your yard.” On the other hand, Douglas B. said “My demand, in my little realm of my life, is that you ask first and if permission given then usage is authorized.” Terrance K. took a balanced approach: “it should be a crime that is treated like speeding on the highway. The crime itself is minor [even though the penalty in some jurisdictions is disproportionately high in order to generate revenue] and often overlooked [e.g. when the highway is empty, or ALL the traffic is speeding & you’re just keeping up, or in an emergency], but it establishes responsibility for any consequences. Once responsibility is established, the miscreant can also be charged with any greater crimes, as appropriate.”
About half of those who wrote that they have wireless networks said they use WEP or other encryption methods. Slightly more than half said you should be allowed to share your connection if you want to, since the ISP doesn’t limit the number of internal devices that you can connect to your network.
Many of you asked for specific instructions on how to make a wireless network more secure. There are numerous resources out there that offer tips on different ways to do this. Tomorrow, I will post a step-by-step article covering different methods of securing wi-fi networks.
Deb Shinder
Many of you are active in Small Business, and we’d like your input about spyware at your place of work. We have 6 very short questions for you, and would appreciate it if you would take one minute and answer these for us. Link here.
Remember the olden days of the Internet, back when Web pages consisted of mostly text and a few photos, and those who wanted to get really fancy might include an animated .gif or two? That was when we painstakingly wrote HTML code in Notepad and uploaded individual files to our Web servers with an FTP program. Those were the days – and we’ve come a long way, baby (to kill two clichés with one sentence).
Many of today’s Web sites are marvels of modern technology. With Java applets, Active X controls, Dynamic HTML (DHTML), cascading style sheets (CSS) and Web design and editing software that makes it twenty times quicker and easier to create a sophisticated page with audio, video and interactive elements, today’s Web is a tangled one indeed.
But just because we can add all these neat features to our pages doesn’t necessarily mean we should do it. I love an impressive Web page as much as the next guy – but only when all that flash serves a purpose. Lately I’ve begun to wish that Web designers, especially those putting up business or information oriented sites, would take a step back and simplify their lives (and mine, as a site visitor) just a little.
I suspect I’m not the only one who feels that way. One of the biggest pet peeves seems to be embedded audio, especially when it’s unexpected. I’ve recently received requests from several readers to give them a warning when one of the favorite links contains embedded sound. You tell me that you often read the newsletter at work, and a sudden blast of music or other audio from your computer disrupts others around you in the office. That’s why I’ve started including the “(sound)” notation after some of the links. That way you have a chance to turn the speakers down or off before you click.
If only all links contained such a warning. I often surf the Web while talking on the phone, so I tend to keep my speakers off by default, just turning them on when there’s something on a site that I actually want to hear.
By no means am I suggesting that all sites should be silent. Sometimes sound is necessary or at least adds value, such as when the site contains a tutorial on how to do something. And some sites are meant to be pure entertainment, and background music is appropriate. On my personal family web site at www.shinder.net, I have an embedded music file called Picard’s Flute, from one of my favorite Star Trek episodes. I’ve gotten tons of positive comments from visitors who recognized it. But on my business oriented sites, at www.debshinder.com and www.ms-security.org, I let the information speak for itself.
You know what they say: you can remain silent and let people think you’re a fool, or you can speak up and remove all doubt. More Web designers should think about that old adage. Probably the best (and certainly the safest) policy is to give site visitors the option to play sound or not, rather than starting it automatically when the page loads.
Of course, sound files aren’t the only elements that can make you want to flee from a page as quickly as possible. Here’s one I encountered for the first time last week: I went to a page and liked it so much that I wanted to make it a favorite. So I tried to right click and got a message saying “Sorry, you do not have permission to right click.” Now, I understand disabling right click for images so people can’t easily save/steal them, but to disable right click functionality for the page as a whole – that’s just an over controlling Web designer. Sure, I can always click the Favorites button in the toolbar and add the site that way – but I’m not sure it’s a favorite anymore after that. For more examples of bad Web design, see Web Pages That Suck 2005 here.
What do you think? Do you love fancy, flashing, dancing Web pages that sing to you? Or would you prefer that Web designers tone it down a notch? How about cascading navigation menus? Do they make the page look cleaner or drive you crazy (or both)? What are the latest ways Web designers annoy you?
Deb Shinder
Update: I have redacted the company’s name at their request. I spoke with a partner at the company. They are pulling the site down, which is hosted at an outside hosting company. The hosting company was running an old version of Apache and the financial services company is a small outfit which doesn’t have in-house IT. They are taking care of the error.
From the Great Irony department. A financial services company is hosting a phishing site. As of this afternoon, Paul Laudanski at CastleCops “was told the folks are in a conference meeting, she cannot interrupt. I strongly urged [her] to interrupt as this is very bad PR for the company, but [she] would not sway.” I called as well and got the same run-around. Absolutely refused to help in the matter, short of taking my number, insisted that the person responsible is off site in a meeting and cannot be reached. Sad state of affairs.
So because she won’t “interrupt a conference meeting”, the site is live right now.
Why do I bother blogging this? I see sites constantly compromised for phishing scams and I guess I’m just going to start raising the volume a bit more on poor security practices that lead to these types of things.
Alex Eckelberry
Nothing major in this one. No cash changd hands.
Link here with settlement docs.
Alex Eckelberry
(Adam Piggott of Proactive Services originally found this mess, contacted Suzi Turner at SpywareWarrior who got him in touch with one of our spyware researchers, Adam Thomas.)
Discussions about botnets in the security community are quite active these days. And there’s a reason: They’re out there and they’re very nasty. Here’s one in action that’s live today.
Take this innocent piece of spam (it looks better normally, but the website they are pulling the pictures from is down).
A spam like this will take you to a fake Windows update site:
If you visit the site, they will attempt to run a WMF exploit (video of a related site by Suzi Turner here). If you are patched with the January 5 security update from Microsoft (or have decent AV protection) but still fall for clicking on the “Start” link, you will download a trojan installer, wusetup.exe, which sets up the machine to be controlled in a botnet (virustotal.com results for this trojan here).
The wusetup.exe loads files that turn your machine into a proxy server – you are becoming a member of a bot-net. It brings down these files:
ieschedule.exe ib7.dll smss.exe harvest.exe ieserver.exe loader.exe
There’s also remote control and keylogging involved. You get a copy of Famatech’s Remote Server (part of Famatech Radmin) — r_server.exe. And last night, Adam Piggott tipped us off about an affiliate site which installs, through an old Windows help file exploit, a variant of the Winldra keylogger. And the site shown above is directly implicated.
What happens after this is all installed?
It all comes down to a botnet controller, which probably looks similiar to this one (this controller I’ve pictured is actually live right now so I’ve obscured sensitive information):
In this controller, you can access a person’s hard drive and perform other tasks.
And since apparently most, if not all, of these machines have Remote Server on them, you can access them through Radmin, which I tested just now against one of the infected systems. The “password” dialog box below means the system is running Remote Server.
Famatech Remote Administrator (Famatech Radmin) is also sold as an OEM version by Sunbelt as Sunbelt Remote Administrator (Sunbelt Radmin). It is a normal remote control program but used in the wrong hands can be quite nasty, because it has the unique property of being able to operate in “stealth” mode — the tray icon can be hidden. It’s one reason why we detect Radmin ourselves in CounterSpy as a potential risk.
Alex Eckelberry (Thanks to Sunbelt spyware researcher Adam Thomas and Adam Piggott for his diligent work and for providing us a copy of the spam message you see above)
A fellow blogger by the name of Netsato dropped a comment on my blog about BraveSentry. Curious, I checked out his blog and there’s a detailed writeup about an illegal BraveSentry force-install that probably occurred through the use of the infamous WMF exploit. Apparently his system was not updated with the latest MS security patches, but it was on a test system where nothing important was stored.
Bravesentry is a malicious anti-spyware software that entered my computer via Trojan horse applications manifested in the files “t.inx” and/or “kernels8.exe”. My theory is that i.inx was passed to my computer by visiting a rouge website designed to exploit a pre service pack 2 Windows XP computer. Once inside, my software firewall detected t.inx was requesting access to the Internet which I promptly attempted to block. Apparently to no avail, “kernels8.exe” somehow slipped in to the computer which I also tried to block via my software firewall. After running a full virus scan (which found nothing), I rebooted the computer to be greeted by Bravesentry upon start up notifying me that my computer is infected by spyware and that it will proceed to scan my computer. Needless to say, Bravesentry was uninvited, and also not easy to uninstall. Rather than trying to “fix” this computer, I decided to document the problem as best as I could, and to simply wipe out the hard drive and rebuild the computer.
Link here.
Alex Eckelberry
Paul Roberts at eWeek has started a weekly podcast on security.
In this debut OnSecurity podcast, eWEEK Senior Writer Paul Roberts talks with Eric Sites, vice president of research and development for Sunbelt Software, about the malicious hacker program CoolWebSearch, and what IT managers and users can do about it.
Podcast link here.
Alex Eckelberry
We do hire interesting people, and along those lines, Joe Wells, our chief scientist for security, has written a sci-fi book. It’s a free download, along with maps to accompany the storyline. There’s also a “Story Development Kit” that is planned for release allowing for other writers who might want to use the world and it history.
The book is free, and you can download it here.
Alex Eckelberry
Oh boy, this takes the cake. An antispyware application which bundles in adware.
In order to install Spy-Shield, you have agree to install BestOffersNetwork (formerly known as DirectRevenue) adware. The EULA for the BestOffersNetwork software is shown right after you start to run the installer for Spy-Shield. If you refuse the BestOffersNetwork installation, Spy-Shield will not install…
Absolutely unbelievable. Link here.
Alex Eckelberry
A timely follow up to yesterday’s blog posting on other people’s wi-fi connections:
Ontario Provincial Police charged a 25-year-old man last week under Section 326 of the Criminal Code – “Theft of Communications.”
The OPP allege the man was using his lap top computer to steal a wireless Internet connection in Morrisburg.
Alex Eckelberry
Update from Wired: Editor’s note: Since publication of this article, iBill has spoken with Wired News. The company now says that the purportedly stolen database did not originate with iBill, and only three of the more than 17 million entries match past iBill customers. Asked to respond, Secure Science says it no longer believes that iBill was the source of the data. Read the full story.
Wired just posted an article on some outstanding work that Lance James at Secure Science worked on with regard to porn payment processor iBill. We collaborated with him later on the project as well.
From the article:
Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it’s been bought and sold in a black market made up of fraud artists and spammers, security experts say.
…Secure Science found that data in February 2005, and reported it to the FBI’s Miami field office, the company says. The FBI declined comment.
Last month, Sunbelt Software found an additional list of slightly over 1 million individual entries labeled Ibill_1m.txt on a spamming website. That list appeared to date from 2003.
Link here.
Alex Eckelberry
There’s Raze, SpySheriff, PestTrap, SpyAxe and all the rest. Now there’s BraveSentry.
Below is a screen shot of an infestation from Game4all(dot)biz that installed both BraveSentry and Alfacleaner:
Here is the desktop hijack associated with BraveSentry:
bravesentry.com
Ocean Industries Daniel Ocean
Amsterdam NL
Email: ceo @ bravesentry.com
Other site in the IP:
anosurfer.com
Pietro Miezani Privaweria Ltd
Gua EC
anosurfer @ anosurfer.com
Our dear friend “anosurfer” is also apparently related to SpySheriff
Alex Eckelberry
(Thanks to Sunbelt researchers Patrick Jordan and Adam Thomas)
