Security Archives - Page 8 of 13 - Tech Prognosis Blog

“Windows license locked”: Ransomware Targets Windows

April 12, 2011 by techprognosis

“Windows license locked!”
“This copy of Windows is locked. You may be a victim of fraud or there may be an internal system error” – malware message

Mikko Hyppönen of F-Secure has warned of a new variant of what he calls “Ransomware” or ransom trojans. These are attacks by malware that takes a computer hostage and then tries to extort a payment in return for returning control of the computer or its files to the owner. Sometimes, the malware will encrypt files (using AES – Advanced Encryption Standard, for example) until some “ransom” is paid by buying a key to unlock the hostage computer.

WeR1 v Cyberlynk: Ethics and Danger in the Cloud

April 5, 2011 by techprognosis

A recent lawsuit involving WeR1 World Network and CyberLynk Network brings up the issue of ethics, responsibility and danger in the much hyped “Cloud” storage utility that has been agressively pushed by most of the major vendors in recent times.

The gist of the case is that a disgruntled employee of Cyberlynk managed to log back into the Cyberlynk network after he was fired and proceeded to delete about 304GB of data which happened to include an entire season of the TV show called “Zodiac Island” produced by WeR1 network.

APTs and Small Businesses: Hype or Real?

April 1, 2011 by techprognosis

A new buzzword seem to emerge every few hours these days. If it’s not “Cloud”, it is “DLP”. One of the latest, in the security field at least, is “APT”. For Debian-based Linux users, we think of Aptitude, the update tool when we hear the word Apt. This APT refers to Advanced Persistent Threat – a term that is argued to have been coined by Washington D.C.-based security firm Mandiant.

It is a new attempt at restating an old problem of information security. Think of the old telephone trap and trace, satellite imaging, the presence of undercover operatives on the enemy’s side of the fence etc. Just like “Cloud” and “DLP”, the phrase sounds catchy and has enough ominous ring to it that will make CEOs and CISOs perk up when it is thrown at them by master pitchmen of security providers.

The Comodo Hack: How Serious Is It?

March 30, 2011 by techprognosis

The recent Comodo hack seems to be a lot more serious than initially thought with the latest information that the hacker was actually able to wipe a hard drive on the Comodo server. To quote the gloating hacker:

Some stupids in internet still cannot understand I’m behind the attack on SSL, talks about their small understandings about my hack and makes me nervous. I uploaded JUST 1 table of their ENTIRE database which I own. Also ask Comodo about my hack, ask them what I did to them. Let me tell you what I did: I was logged in into their server via RDP (remote desktop), they detected me and via hardware firewall, they added allowed IP for RDP, so I was no longer able to login via RDP.

Read more

Is Samsung Installing Keyloggers on Laptops?

March 30, 2011 by techprognosis

UPDATE: It has now been confirmed that Samsung laptops do not contain keyloggers or spyware.

UPDATE: Samsung has issued a statement saying that the finding is false. The statement says the software used to detect the keylogger, VIPRE, can be fooled by Microsoft’s Live Application multi-language support folder. This has been confirmed at F-Secure and two other publications, here and here.

UPDATE: GFI Labs, the maker of VIPRE, has issued an explanation and apology for generating the false positives that led to these articles: “We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive.”

UPDATE: A Samsung executive is said to have personally flown from Newark, N.J., to Burlington, Vt., carrying two unopened boxes containing new R540 laptop computers. These units were immediately put under seal and details recorded for chain-of-custody records. At 17:40, Dr Peter Stephenson, Director of the Norwich University Center for Advanced Computing and Digital Forensics, began the detailed forensic analysis of the disks. The results are expected by Monday.

Original post:
There seems to be a claim (false, as it turns out) that Samsung installs a commercial keylogger called StarLogger on its laptops before shipping them out, apparently to “monitor the performance of the machine and to find out how it is being used.”

This was reported by Mohamed Hassan, MSIA, CISSP, CISA who bought two different models of Samsung’s laptop – the R525 and R540 models. If the report is true, it will be like a rehash of the Sony Rootkit snafu a couple of years back.

Your Business and the CIA Triad: What’s your Status?

September 1, 2010 by Daniel Ihonvbere

The CIA triad is an information systems security term that refers to the critical task of data protection. The core goal of information security is to assure the confidentiality, integrity and availability of all the sensitive data kept by an organization. That’s critical for the continuity of business operations, as well as legally and ethically required.
So what is the CIA triad?
It provides for safely using paper- and computer-based data systems, email, fax machines, telephones, web browsers, and even just talking out loud through the provision of:

Confidentiality of data – where you ensure that critical data is only accessed by people with proper approval and on a need to know basis.
Confidentiality is related to the broader concept of data privacy – the act of limiting access to Personally Identifiable Information (PII). In the US, a range of state and federal laws, with abbreviations like FERPA, FSMA, and HIPAA, set the legal terms of privacy.