Risk Management and Compliance» malware http://blog.kraasecurity.com Risk Assessment, Vulnerabilities, Website Security Thu, 12 Aug 2010 02:54:47 +0000 en hourly 1 http://wordpress.org/?v=abc Data Loss, this time with Network Solutions http://blog.kraasecurity.com/2009/07/27/data-loss-this-time-with-network-solutions/ http://blog.kraasecurity.com/2009/07/27/data-loss-this-time-with-network-solutions/#comments Mon, 27 Jul 2009 16:55:02 +0000 admin http://blog.kraasecurity.com/2009/07/27/data-loss-this-time-with-network-solutions/ Data Loss, this time with Network Solution

Network Solutions, one of the largest domain registrars recently announced a data breach. Malicious code was found on its e-commerce server which may have captured transactions from thousands of websites and capturing half a million or more credit cards. The company said they found the code during a routine check. Since the breach occurred between March 12 and June 8th, how routine was the actual checks? I wonder when their last vulnerability assessment or Information security risk assessment was conducted? Data loss prevention is sorely lacking in just about every industry.

Here is what the company said “At this point, we have no reports or other reasons to believe that any credit card account information has been misused and, under established practice, credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer,” a statement from the company reads. All these statements around hacker breaches and stolen credit cards read the same.

The process now begins where all the merchants have to be identified, then each merchant has to notify their customers. Their customer then have to work with their banks to stop credit cards, have to get credit monitoring and thus goes the Circle of Life (of data breaches) Here is the list of data breaches in 2009 alone. If you recall the breaches of Heartland Payment Systems and RBS WorldPay, the breachescaused them to be removed from the PCI security audit () list . Well that should be obvious, or should they have been rated compliant int he first place. Known non-compliance might be a better than weak compliance.

The basic question is what was Network Solution not doing to have malicious software installed on key servers? Was it a breach through a web application, was it through malicious email, a browser based attack, some insider who didn’t know enough about security and clicked on the wrong thing? What routine check found it and why wasn’t this check run on a more routine basis, such as weekly or even daily?

At the end of the day, security is a moving target. We can utilize encryption, vulnerability management, application security risk assessment, email filtering, backup and recovery, but all will be useless is we follow poor practices or do not have good procedures in place to take into account the human element. Most breaches are insider problems or mis-configurations or plain old stupidity.

Gary Bahadur
http://www.kraasecurity.com

http://blog.kraasecurity.com

*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test

Reblog this post [with Zemanta]
]]> http://blog.kraasecurity.com/2009/07/27/data-loss-this-time-with-network-solutions/feed/ 2 Buying Malware rather than getting it for free http://blog.kraasecurity.com/2009/05/22/buy-malware/ http://blog.kraasecurity.com/2009/05/22/buy-malware/#comments Fri, 22 May 2009 12:27:53 +0000 admin http://blog.kraasecurity.com/?p=41 This kind of incident (see article below) seems to be happening every few months. So you purchase a product (netbook) and it comes infected. No longer do you just have to worry about it working, or if the OS will behave nicely or the drivers will work with your printer. If the manufacturer can not control malware, what hope is there?

I am pretty puzzled about how the malware actually got on the machine. The article doesnt delve into too much detail, but looks like maybe a driver was infected that got placed on the machine. This seems to say the manufacturer does not use any kind of antivirus, or antimalware to test the security of the system before shipping it out. It also calls into question the security processes in place around managing software and development. A bit scary.

So what are some things you can do to protect against malware (i hope you know most of these already)

1) Use a firewall - A good personal firewall will help defend your system, especially if it has the capability to monitor outbound traffic or stop unknow programs from being run or installed. Try Zonealarm, free version.

2) Run anti-virus – This is obvious. while many antivirus programs will miss a lot of malware, you need a defense in depth strategy. Try AVG or Avast.

3) Install patches - A must do. Keep your systems patched because many worms, virus, and malware take advantage of unpatched system vulnerabilities

4) Use antispyware – This is a bit different from antivirus. It can stop malicious code from running and warn you of registry changes. A good start for the beginner is SpywareGuard and  Spybot S & D.

5) Protect the browser – Browser protection software can stop activex controls from running, protect you from tracking cookies and known malware. Two examples are SpywareBlaster and IE-SpyAd

6) Stop Surfing Porn!

Baha

baha@kraasecurity.com

www.kraasecurity.com

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

++++++++++++++++++++++++++++++++++++++++++++++++++++

Netbook comes with factory-sealed malware
Chuck MillerMay 20, 2009
SC Magazine

]]> http://blog.kraasecurity.com/2009/05/22/buy-malware/feed/ 0