Archive for Security

Jul
29

Rogueware on the Rise

Posted by: | Comments (0)

With so much attention on email spam and trojans it is interesting to note that one of the fastest growing forms of malware is in fact rogueware. And not only is it becoming extremely popular, but it has also proved to be very effective.

Rogueware is basically any form of software that is represented as the genuine article, but is in fact a keylogger, virus, etc. The most common software that is used for rogueware is anti-virus software. The distribution can include less than upstanding means such as browser popups (a machine infected with other forms of malware might in fact bring up popups that direct the user to buy a certain anti-virus software) and spam, but can also be through normal marketing channels such as a web site that is selling anti-virus software. Some have even purchased Google Adwords and banner space.

How it works is simple. The victim purchases the software or downloads a trial copy and installs it on their computer. The software install then carries its payload on to the computer in the form of some type malware such as a keylogger, virus, or Trojan.

There are new variants of this that include a free scan of the computer not unlike real anti-virus companies like Kaspersky and McAfee. The free scan variant will proceed to “scan” your system all the while installing malware on your system.

In both methods, the user signs off on the software allowing it to bypass most forms of security. It might even give you a message like Norton where it says this antivirus software is not effective while other antivirus software is running please disable your antivirus software before scanning.

Now the numbers. In 2008, 92,000 different types of rogueware were spotted. In the second quarter of this year there have been 374,000 new forms of rogueware. This is double Q1 of this years number which was nearly double all of last year. The jump from 2008 Q4 to 2009 Q2 is a 748% increase and now security experts are estimating that Q3 of this year will have around 637,000 new forms of rogueware.

Categories : Security
Comments (0)
Mar
25

WebHostingTalk: Down but not Out

Posted by: | Comments (0)

According to a WebHostingTalk.com representative, a deliberate attack hit the WebHostingTalk database, destroying online backups, and then deleting three databases: user/post/thread.

WHT has been looking into how they could shore up their defenses. WHT has been looking into restoring the database via a onsite physical backup. Unfortunately, they have been experience technical difficulties restoring the five month old physical backup.

There is one thing everyone can learn about this, well actually several.

First off I think WHT handled this quite well. They investigated the breach, closed off the attacks, checked to see if credit card data was stolen, tried to back up the data, and alerted users. They handled this very well and I think iNET should take a bow for the maturity shown in this matter.

The other thing that other people can learn is the power of physical backups. Even with the cloud and multiple online backups, if the data has a connection to it, it can be compromised.

With a physical backup, you can backup the data then store it in a secure area. Yes, physical backups are a chore at times to make, the media can break down, etc. But online backups can also suffer these problems and can suffer other problems as well.

From my own experience, backing up the data and storing it onsite has saved me countless times and gives me peace of mind.

Categories : Security
Comments (0)
Jan
08

Rapid7’s NeXpose: Reshaping Security

Posted by: | Comments (0)

When it comes to the data center, one of the highest priorities for the IT department is security. IDC’s Frank Gens, Senior Vice President & Chief Analyst said, that security ”is always the number one concern of IT.” Gartner and Forrester studies also put security up as one of the high priorities that a data center can provide its customers.

Security in a data center doesn’t just cover the web server or the network. Security encompasses the entire data center from end to end. Normally this means the purchasing of multiple security devices and software packages. To watch over the security a fully staffed IT department would have to be hired, to maintain the security policies and to implement, enforce, and solve security problems.

Therefore, it is with this mindset we first looked at Rapid7’s security application NeXpose. NeXpose is a Unified Vulnerability Management (UVM) system. UVMs provide end-to-end security and can cover multiple systems.

NeXpose comes in four forms; software, hardware appliance, SaaS, and managed. The software runs on Microsoft Windows Server 2003, Microsoft Windows Server 2000, SuSE Enterprise, Red Hat Enterprise, Fedora 9, Debian 4.0, CentOS 4, and Ubuntu 7.1.

In a nutshell, NeXpose protects the entire network using non-malicious penetration attacks. The results of these attacks are prioritized and summarized. NeXpose delivers the steps on how to solve these vulnerabilities and then provide the results in a professional grade report.

Scanning the Network

Scanning the network begins with identifying what devices make up the network. This process ensures that NeXpose uses pertinent attacks increasing reliability and the speed of the scan. If the user likes, they can take some time to block off sections of the network (asset groups), set permissions, etc. By setting permissions for sections of the network, the user can delegate the security of sections to others or could use the permissions to resell NeXpose.

NeXpose uses a Java expert system shell (JESS,) that scans and finds vulnerabilities much like the methods employed by ethical hackers and security audit firms. If we look at a network as a system with a series of layers, the power of this expert system becomes apparent.

For an example: if the network is vulnerable to a SQL injection attack NeXpose will use it to gain access to the database. At the database level, it will check for more vulnerabilities such as privilege escalation vulnerability to gain access to the operating system layer. With each vulnerability found, NeXpose looks to see how far that single vulnerability can go.

NeXpose scans hardware, networks, operating systems, databases, applications, web applications, and follows security policies. Here is just a small taste of what NeXpose can scan routers, switches, hardware firewalls, Microsoft Windows, Linux, Solaris, Mac OS, IPSec, PPTP, DHCP, DNS, Oracle, Microsoft SQL Server, Sybase, MySQL, Lotus Domino, Microsoft Exchange, Lotus Notes, Adobe Acrobat, Apache, Microsoft IIS, Telnet, SSH, ASP, ColdFusion, PHP, AJAX, JavaScript, password policies, user rights, system access policies, and a lot more.

Since the expert system finds exploits organically, it can greatly reduce false positives to well below 1%. In fact, if a customer finds a problem with the software it will be sent to Rapid7 as a bug and will be fixed and updated within two weeks if it is verifiable.

NeXpose’s broad coverage gives the user the complete picture. NeXpose can tell the user how a vulnerability in one section of the network affects other areas. The impact a single vulnerability has on a network as a whole aids NeXpose in determining the priority of a vulnerability. A timeline can be built for the assessment and solving of security problems with sequenced patching, plan security upgrades, and create a road map for fixing network problems.

The Summation and Fixing Vulnerabilities

Once vulnerabilities have been prioritized, NeXpose offers a systematic process to fix each vulnerability. NeXpose also builds a list of possible patches and upgrades that will help in solving vulnerabilities. If several patches are grouped in a single download (such as service pack), then NeXpose will display that download instead of all the individual patches.

NeXpose has a built in ticket system as well to handle implementation of security fixes. This gives the user flexibility in assigning multiple security vulnerability projects and can greatly increase efficiency.

All of the information produced by NeXpose can be placed into a report. Reports can be selected from a number of template styles or can be customized to match the company’s security policy. Each report is sequenced with table of contents, bookmarks, highlighted sections, etc. The reports are professional quality and in many ways can be used as the final draft of an executive level vulnerability report.

Technology and Customer Support

NeXpose’s vulnerability database currently has more than 11,000 definitions and over 26,000 checks with more added as new vulnerabilities are found. The Rapid7 team updates NeXpose on continuous rotations to keep it up to date with various operating system and software vulnerabilities. As an added bonus, NeXpose comes with a 100% accuracy policy, if a customer finds a problem in the software, they will push it into development and get it fixed and updated within two weeks (after it has been verified).

Customer support for NeXpose comes in many flavors. Extended office hour phone support and email is standard with 24/7 phone support for an additional cost. Since Rapid7 has only one product, the entire customer support staff is knowledgeable in deploying NeXpose. Rapid7 also offers consulting and training services.

Every now and again, there is a product that really seems to get it right and delivers. Rapid7’s NeXpose is one of those products. If you are serious about security, you should give NeXpose a look.

Categories : Security
Comments (0)

A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs Web site reveals the perils of leaving detailed personal information online, security analysts say.

Read More→

Categories : Security
Comments (0)

Following their widespread computer crash earlier this week Wells Fargo & Co. may have a new problem to deal with: online scammers and phishing schemes.

Read More→

Categories : Security
Comments (0)

About Us

WebHostBlog comes from the creators and former staff of WebHostMagazine.com. WebHostBlog has been a source for Web hosting information and marketing tips since 2003. Along with news and information on the Web hosting industry WebHostBlog.com has covered topics such as business strategy and marketing and continues to be a quality resource for host related subjects. Read More

Contact Us

We work long hours, however we are always interested in hearing what you have to say. So if you have any ideas, comments, questions, death threats, or have a business proposal let us know!

For information on getting a hold of us, you can find our contact information on our Contact Us page

Special Thanks

Our staff has been working with Web Hosts and Web Host finders and news and information sites for over 20 years now and on behalf of those who knew us at The Ultimate Web Host list, Web Host Directory, Web Host Magazine, Web Host Blog and other sites, we'd like to say thank you for helping to build this amazing industry. And we'd like to give a special thanks to many of you who have contributed to these pages, and to Web Host Magazine when we owned and ran it for 14 years. Thanks for your help and advice!
. . . . .