Archive for Security

The attacks that hijacked more than 130 million credit and debit cards were easily preventable. TJX, Heartland, and Hannaford breaches used some of the most basic of hacker technologies and should never have gone the distance.

130 million cards, damages in the billions, if not the hundreds of billions of dollars were caused by SQL injections, sniffers, and backdoor malware. These were not overly complicated code written by world class hackers these were moderately difficult techniques that are employed on a constant basis.

Indeed the Web Hacking Incident Database labels the SQL injection as the most commonly exploited flaw on a Web application.Sniffers were deployed to capture credit card data and were used in concert with breaches to the database to collect necessary information. Backdoor malware used to transmit the data back to their servers. Once the initial breach was made, the hackers “installed” the sniffers and the malware to complete the process of collecting card information and sending it back.

What’s even more amazing about this, is the fact that the FBI and Secret Service sent out a warning that talked about the various ways hackers will exploit known problems to capture card data. Security experts who looked at these three cases determined that the warning was almost an exact blueprint of each breach.

You may not have access to several million credit cards. Your web site might not be a financial institution. Your web site might only have a modest amount of customers and be a relatively minor player in your industry. Regardless of what your site is, you owe it to your customers, readership, and yourself to provide a secure environment. The tools for prevention of SQL injections. XSS, malware distribution and the like are available. Get educated and get secure.

Categories : Security
Comments (0)

Rogueware on the Rise

Posted by: | Comments (0)

With so much attention on email spam and trojans it is interesting to note that one of the fastest growing forms of malware is in fact rogueware. And not only is it becoming extremely popular, but it has also proved to be very effective.

Rogueware is basically any form of software that is represented as the genuine article, but is in fact a keylogger, virus, etc. The most common software that is used for rogueware is anti-virus software. The distribution can include less than upstanding means such as browser popups (a machine infected with other forms of malware might in fact bring up popups that direct the user to buy a certain anti-virus software) and spam, but can also be through normal marketing channels such as a web site that is selling anti-virus software. Some have even purchased Google Adwords and banner space.

How it works is simple. The victim purchases the software or downloads a trial copy and installs it on their computer. The software install then carries its payload on to the computer in the form of some type malware such as a keylogger, virus, or Trojan.

There are new variants of this that include a free scan of the computer not unlike real anti-virus companies like Kaspersky and McAfee. The free scan variant will proceed to “scan” your system all the while installing malware on your system.

In both methods, the user signs off on the software allowing it to bypass most forms of security. It might even give you a message like Norton where it says this antivirus software is not effective while other antivirus software is running please disable your antivirus software before scanning.

Now the numbers. In 2008, 92,000 different types of rogueware were spotted. In the second quarter of this year there have been 374,000 new forms of rogueware. This is double Q1 of this years number which was nearly double all of last year. The jump from 2008 Q4 to 2009 Q2 is a 748% increase and now security experts are estimating that Q3 of this year will have around 637,000 new forms of rogueware.

Categories : Security
Comments (0)

Security: The Insider Job

Posted by: | Comments (0)

It is an interesting thing, security. You know security use to mean you have yourself a firewall and anti-virus software and you are fine and dandy. This might have worked a decade ago when tons of sensitive data such as personal records, credit cards and the like was not up for grabs.

Even with the need for greater security many businesses (SMBs and enterprises) still have the same mentality. For the past oh I don’t know off hand, three, five years I suppose, there have been many studies, many reports and all talk about the threat of the inside problem.

The insider doesn’t have to be someone who is disgruntled and wishes to do the company harm. That what I would like to talk about specifically in fact. The Insider job in small business.

We hear a lot about the IT manager who changes passwords such as what happened in San Francisco. To the possible problems of workers getting laid off and in a moment of anger sending confidential email and possible “company secrets.” But again a lot of problems do not come from those who wish harm, but from carelessness. A three digit password instead of something more robust, leaving passwords out, borrowing a company laptop and leaving it somewhere, using unsecured flash drives, etc.

In small businesses especially, management may not want to have a security policy. When there are few employees implementing a security policy might seem like the company views employees with suspicion. And that fear of ruining the team dynamic with more rules and regulations.

But the fact of the matter is security policies protect the employees, management, and the customers. The show that due diligence has been maintained by the staff of a company if a security breach occurs and can lower the amount of money a company or employees gets fined in a court of law. It is free to make and only requires a little bit of time to maintain. A few areas that should be looked at are the disposal of old hard drives, the use of flash drives, phishing emails and how to handle them, tracking of portable devices on the network, password creation, password storage, and backup and recovery policies.

The other thing you need to do is have that policy maintained and used. Every employee should know what areas are relevant to them and if changes occur the policy should be updated to reflect those changes. A policy that is not maintained is just as bad as a policy know one uses, which is just as bad as not having one in the first place.

Whether the company is big or small, a security policy that is written, utilized, and maintained goes a long way to helping with internal threats, and can reduce headaches for everyone in the company.

Categories : Commentary
Comments (0)

WebHostingTalk: Down but not Out

Posted by: | Comments (0)

According to a representative, a deliberate attack hit the WebHostingTalk database, destroying online backups, and then deleting three databases: user/post/thread.

WHT has been looking into how they could shore up their defenses. WHT has been looking into restoring the database via a onsite physical backup. Unfortunately, they have been experience technical difficulties restoring the five month old physical backup.

There is one thing everyone can learn about this, well actually several.

First off I think WHT handled this quite well. They investigated the breach, closed off the attacks, checked to see if credit card data was stolen, tried to back up the data, and alerted users. They handled this very well and I think iNET should take a bow for the maturity shown in this matter.

The other thing that other people can learn is the power of physical backups. Even with the cloud and multiple online backups, if the data has a connection to it, it can be compromised.

With a physical backup, you can backup the data then store it in a secure area. Yes, physical backups are a chore at times to make, the media can break down, etc. But online backups can also suffer these problems and can suffer other problems as well.

From my own experience, backing up the data and storing it onsite has saved me countless times and gives me peace of mind.

Categories : Security
Comments (0)

Rapid7’s NeXpose: Reshaping Security

Posted by: | Comments (0)

When it comes to the data center, one of the highest priorities for the IT department is security. IDC’s Frank Gens, Senior Vice President & Chief Analyst said, that security ”is always the number one concern of IT.” Gartner and Forrester studies also put security up as one of the high priorities that a data center can provide its customers.

Security in a data center doesn’t just cover the web server or the network. Security encompasses the entire data center from end to end. Normally this means the purchasing of multiple security devices and software packages. To watch over the security a fully staffed IT department would have to be hired, to maintain the security policies and to implement, enforce, and solve security problems.

Therefore, it is with this mindset we first looked at Rapid7’s security application NeXpose. NeXpose is a Unified Vulnerability Management (UVM) system. UVMs provide end-to-end security and can cover multiple systems.

NeXpose comes in four forms; software, hardware appliance, SaaS, and managed. The software runs on Microsoft Windows Server 2003, Microsoft Windows Server 2000, SuSE Enterprise, Red Hat Enterprise, Fedora 9, Debian 4.0, CentOS 4, and Ubuntu 7.1.

In a nutshell, NeXpose protects the entire network using non-malicious penetration attacks. The results of these attacks are prioritized and summarized. NeXpose delivers the steps on how to solve these vulnerabilities and then provide the results in a professional grade report.

Scanning the Network

Scanning the network begins with identifying what devices make up the network. This process ensures that NeXpose uses pertinent attacks increasing reliability and the speed of the scan. If the user likes, they can take some time to block off sections of the network (asset groups), set permissions, etc. By setting permissions for sections of the network, the user can delegate the security of sections to others or could use the permissions to resell NeXpose.

NeXpose uses a Java expert system shell (JESS,) that scans and finds vulnerabilities much like the methods employed by ethical hackers and security audit firms. If we look at a network as a system with a series of layers, the power of this expert system becomes apparent.

For an example: if the network is vulnerable to a SQL injection attack NeXpose will use it to gain access to the database. At the database level, it will check for more vulnerabilities such as privilege escalation vulnerability to gain access to the operating system layer. With each vulnerability found, NeXpose looks to see how far that single vulnerability can go.

NeXpose scans hardware, networks, operating systems, databases, applications, web applications, and follows security policies. Here is just a small taste of what NeXpose can scan routers, switches, hardware firewalls, Microsoft Windows, Linux, Solaris, Mac OS, IPSec, PPTP, DHCP, DNS, Oracle, Microsoft SQL Server, Sybase, MySQL, Lotus Domino, Microsoft Exchange, Lotus Notes, Adobe Acrobat, Apache, Microsoft IIS, Telnet, SSH, ASP, ColdFusion, PHP, AJAX, JavaScript, password policies, user rights, system access policies, and a lot more.

Since the expert system finds exploits organically, it can greatly reduce false positives to well below 1%. In fact, if a customer finds a problem with the software it will be sent to Rapid7 as a bug and will be fixed and updated within two weeks if it is verifiable.

NeXpose’s broad coverage gives the user the complete picture. NeXpose can tell the user how a vulnerability in one section of the network affects other areas. The impact a single vulnerability has on a network as a whole aids NeXpose in determining the priority of a vulnerability. A timeline can be built for the assessment and solving of security problems with sequenced patching, plan security upgrades, and create a road map for fixing network problems.

The Summation and Fixing Vulnerabilities

Once vulnerabilities have been prioritized, NeXpose offers a systematic process to fix each vulnerability. NeXpose also builds a list of possible patches and upgrades that will help in solving vulnerabilities. If several patches are grouped in a single download (such as service pack), then NeXpose will display that download instead of all the individual patches.

NeXpose has a built in ticket system as well to handle implementation of security fixes. This gives the user flexibility in assigning multiple security vulnerability projects and can greatly increase efficiency.

All of the information produced by NeXpose can be placed into a report. Reports can be selected from a number of template styles or can be customized to match the company’s security policy. Each report is sequenced with table of contents, bookmarks, highlighted sections, etc. The reports are professional quality and in many ways can be used as the final draft of an executive level vulnerability report.

Technology and Customer Support

NeXpose’s vulnerability database currently has more than 11,000 definitions and over 26,000 checks with more added as new vulnerabilities are found. The Rapid7 team updates NeXpose on continuous rotations to keep it up to date with various operating system and software vulnerabilities. As an added bonus, NeXpose comes with a 100% accuracy policy, if a customer finds a problem in the software, they will push it into development and get it fixed and updated within two weeks (after it has been verified).

Customer support for NeXpose comes in many flavors. Extended office hour phone support and email is standard with 24/7 phone support for an additional cost. Since Rapid7 has only one product, the entire customer support staff is knowledgeable in deploying NeXpose. Rapid7 also offers consulting and training services.

Every now and again, there is a product that really seems to get it right and delivers. Rapid7’s NeXpose is one of those products. If you are serious about security, you should give NeXpose a look.

Categories : Security
Comments (0)

About Us

WebHostBlog comes from the creators and former staff of WebHostBlog has been a source for Web hosting information and marketing tips since 2003. Along with news and information on the Web hosting industry has covered topics such as business strategy and marketing and continues to be a quality resource for host related subjects. Read More

Contact Us

We work long hours, however we are always interested in hearing what you have to say. So if you have any ideas, comments, questions, death threats, or have a business proposal let us know!

For information on getting a hold of us, you can find our contact information on our Contact Us page

Special Thanks

Our staff has been working with Web Hosts and Web Host finders and news and information sites for over 20 years now and on behalf of those who knew us at The Ultimate Web Host list, Web Host Directory, Web Host Magazine, Web Host Blog and other sites, we'd like to say thank you for helping to build this amazing industry. And we'd like to give a special thanks to many of you who have contributed to these pages, and to Web Host Magazine when we owned and ran it for 14 years. Thanks for your help and advice!
. . . . .