Secure Cyber

Job Recruiters -falling industry?

2011-02-18T11:19:00.001-05:00

It's a good time to express my disgust with today's job recruiters.

The Google rules the world of search but when it goes to the keywords in your resume...it becomes a nightmare. First of all, many job recruiter firms are hiring foreigners or just simply outsource the service in order to save money and have more profit. The result of it is a huge number of e-mails to the potential job candidates that are based on found keywords in the resume posted online.

In 95% of cases (based on my own statistics), the job recruiters are clueless about:
1. Your actual technical skills
2. Where your home is located relative to the company that has a job position opened
3. About your actual technical level (beginner, advanced, expert; entry-level or senior)

With over 20 years of experience in IT world and the combination of Information Security, Web Design, and LAN/WAN Administration and Management, several industry certifications including CISSP, I have been offered the following jobs as:

a) A Desktop Support Technician
b) A C++ programmer (I have never programmed in my life)
c) A Java programmer (just last week)
d) An Oracle programmer (because I used Oracle Hyperion Reporting software)
e) A Senior PHP programmer (I used some ready-to-use PHP scripts in old projects)
f) A Help Desk Technician
g) A SAP programmer (I don’t have anything in my resume that would point to SAP!)
h) LAN Administrator for $30/h

… not to mention a number of jobs with about 1.5-2 hrs commute or, in most of the cases, out of my city for temporary to permanent assignment.

Well, I would understand those folks who lost the job and are willing to go anywhere just to get back on track but as I clearly indicated in my resume, thanks G-d, I have the job and it is 8 miles away from my home. What kind of money the employer can offer to compensate my hours in the traffic, the part of my life that would never be repeated?

Today’s job recruiters are not willing to even read your resume through to understand who you are and what you are capable of – they are just working with the keywords in your resume – not with you. I don’t want to say that ALL of the job recruiters are the same. There is some exclusion. Those recruiters who are willing to make an extra step and research the information on social networking sites (particularly, Linkedin.com) are more successful what results in better job placement and satisfaction.

However, the most of the e-mails I have received are telling me one thing: the job recruiter is a low-qualification person who did not read your resume and probably has no clue about IT world at all, not to mention that he/she is not familiar with the geography and traffic in your area.

As with any industry, the quality of product or service should grow as time goes but in this case I believe the job recruitment industry is degrading slowly but surely. Many online readers and writers complained too, so, I am not along. Is there any expectation that the thing will improve in the future? Maybe it’s just a temporary “illness” of this industry? Who knows? Let’s hope. Until then, think about your resume as an SEO by optimizing it for Google keywords.

FACE THE DANGER

2011-01-13T16:09:00.002-05:00

There is no reason to explain again that today’s computing is not possible without adequate protection against viruses, malware, botnets, and all other cyber “weapons”. You probably are overwhelmed with a number of articles, experts’ advices, webinars, and various tutorials about user awareness the same way as I am.

What I want to add to this is to describe the face of real danger, the danger that the majority of computer users are not aware about. The new hacking technique and tools will make your security protection tools like a toy for kids. In my March 2010 article I have suggested a set of software tools to protect your computers (perhaps from all known malware).
What I have learned that after Stuxnet cyberattack became known and was described in more-less details, many security professionals have revised the entire approach to the security protection. The common denominator for all opinions is the fact that our commonly accepted approach to IT security is not working anymore due to the new and highly sophisticated penetration tools that were developed recently. No, I am not going to discuss Stuxnet and similar, highly sophisticated software that was discussed on the Internet widely but rater down-to-earth penetration tools that is available today.
The goal of this article is to make more people aware that our poor antivirus programs may protect you from only 20 to 30% of today’s penetration software. Disagree?
Just today, I got an e-mail from “Hakin9 Mewsletter newsletteren@hakin9.org” with the following content. As is (no spell correction):
“Russia Hackers are pleased to announce RH2.5 KIT ver 2011
that people can use to hack & secure computer systems by
knowing exactly how a hacker would break into it.
Collection of Advanced Hacking Guides & Tools.
PDF Guide:

1. Advanced Hacking Guide with MEtasploit
2. Malware Development (RATS, botnets, Rootkits)
3. Convert exe into PDF, XLS, DOC, JPG
4. Exploit development guide
5. Tech Tricks (Spoofing-Sms,email,call)
6. Download any Apple Apps Free of cost

7. Credit Card HAcking
8. Netbanking Hacking-bypass Virtual KEyboard
9. Spreading guide to Infect 100K/Victims per day
10. Advanced Email Hacking Tricks
11. SET(Social Engineering Toolkit) module
12. Links for other russian hacking sites

Hacking Marketplace

Tools/Services:
{Value more than 1500 USD}

1. Polomorphic Crypter's (to make Files undetectable- bypass all AV Scantime,runtime)
2. Java Driveby FUD (deploy your exe by URL on target)
3. Immunity Canvas (Hack remote pc with IP address)
4. Paid Botnets (Spyeye,etc)
5. IRC Bots(Ganga, niger,etc)
6. Yahoo messenger zeroday exploit (run exe on target)
7. Ice pack Enterprise (execute exe using php script)
8. Bleeding_Life_V2_pack /Other Packs

Service's:
1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure)
2. VPN Double + Triple Encrypted (Hide your real Ip Address)
3. Fake Emailer with attachment
4. Email Bomber (Send 1 million emails into Inbox)
5. DDOS Attacks Shells

Hire a Hacker
for Offensive and Defensive services, Internal on-site penetration testing gives
the business the assurance it needs to conduct safely in the Internet and with business partners.
Email at: root@russiahackers.ru or russiahackers@mail.ru
Visit Site”
First of all, I am a subscriber of Hackin9 IT Security Magazine, and I am getting the news about new development in the world of IT Security. Normally, the e-mail address field “FROM” looks like this:
Hakin9 Magazine newsletteren@hakin9.org
This time, it was slightly different:
Hakin9 Mewsletter newsletteren@hakin9.org
As you see above (and I have no doubts considering miss-spells and ignorance of normal technical English) , the content of e-mail was pure advertisement with a link to the live web site that offers the both sets of tools correspondingly for $100 and $250USD.
My guess is that my e-mail account was hacked along with many others, and the Russian hackers e-mailed the information about their “products”.
Let me be honest, I am not so worrying about hacking of my e-mail account but about the “products” offered on the web site.
Let’s review some.
Convert exe into PDF, XLS, DOC, JPG
This one is the most troubling “products”. Just imagine that you are getting the file attached to your e-mail with one of the named above extensions and are trying to open it. The file immediately executes the built-in code, and voila! Your PC is infected. Does anti-virus or firewall can prevent it? I honestly doubt…
Polymorphic Crypters (to make Files undetectable- bypass all AV Scantime, runtime)
No need to give an explanation – this code will bypass all Antimalware programs.
Spreading guide to Infect 100K/Victims per day
Tutorial on how to infect hundreds of thousands of PC users per day!
SET(Social Engineering Toolkit) module
Welcome to infected Facebook and Twitter!
Netbanking Hacking-bypass Virtual Keyboard
Do you use online banking? I do, and most of my friends do, and most of their friends do, too! Now, imagine you have opened one of the infected e-mails (or e-mails with infected attachment), and you will be faced with a nasty surprise: your account has zero balance! It also could happen on-the-fly, while you are logging into your banking account.
Immunity Canvas (Hack remote PC with IP address)
If the hacker knows the IP address of your PC, it can be hacked with this tool. You are no longer a single Administrator of your computer. You will share it with “nasty boys” who can speak not only English but also Russian or Chinese! A simple IP scanner (like free LanSpy) will help to identify your computer’s hardware, operating system, many installed programs, computer domain and NetBios names, MAC address, remote control, time, discs, transports, users, global and local users groups, policy settings, shared resources, sessions, open files, services, registry and event log information. Nothing on the remote computer is hidden from them now…
Welcome to the hacking world!
Should I continue?
You may want to ask “what should I do?” I’d be very much glad and happy if I could give you a definite answer but I don’t have one. The minimum of what you can do is to EDUCATE – yourself, your family and friends, friends of your friends, and, of course, corporate users if you are responsible for secure computing at your organization. So, instead of reading stupid chain e-mails that try to scare you if you don’t resend them immediately to another 10 people (nice way to spread the malware!) your fellow citizens will read and forward the information about how to conduct the secure computing and not to become the victims of cyber-gangsters.
As for the tools that I have suggested in my previous article, they are still vital. It’s better to have some basic protection + knowledge of secure computing than to ignore it completely because those tools do not provide 100% security.
Happy and secure computing in 2011!

What is Antivirus RAP Testing And Why Is It Important?

2010-04-19T08:12:00.001-05:00

Why am I still a fan of Sunbelt's VIPRE Antivirus+Antispam software?

As I mentioned in my blog earlier, VIPRE has numerous advantages over competitors, and another independent testing has proven the value of this software. In fact, I have replaced all of free and commercial anti-malware products on my home network, recommended to all my friends and several small business owners, and installed VIPRE. I have no regrets.
You might know that Virus Bulletin is the world's most prestigious antivirus lab. They have been testing antivirus products for years. Apart from their VB100 certification, they have another interesting test called RAP. It's for "Reactive and Proactive", and helps you form an impression of the heuristic -and- generic proactive detection capability of security software products - in particular how well products perform against malware that appears after vendors have submitted their products to Virus Bulletin for testing. They create a quadrant a few times a year, and compare all products they have tested. And as you see, VIPRE does EXCELLENT in this test in April 2010, compared to all the other products out there. Top right in the quadrant is highest quality. http://www.sunbeltsoftware.com/alex/gblog/rap_detections_2.jpg

As I have noted in another blog (The cyber-gangsters' "weapons" and the state of Internet security), there is no anti-virus program that can protect your PC from 100% of all malware, however, it should be an important part of your defense system, and it is where Sunbelt Software’s VIPRE engine (as one among the top AV products for reactive and proactive detection) shines.Virus Bulletin's RAP Testing measures products' reactive and proactive detection abilities against the most recent malware that has emerged around the world. The test measures virus/malware detection rates utilizing 4 specific sets of malware samples (look at the axles X and Y). The first three test sets reflect malware first seen in each of the three weeks prior to product submission. Shown results reflect how quickly product developers react to the steady flood of new malware emerging every day across the world. The last test set consists of malware samples first seen in the week after product submission. This test set is used to measure products' ability to detect new and unknown viruses proactively, using heuristic and generic techniques.

You can read more (and see the comparison charts as well) at RTEK 2000 web site.I recommend VIPRE products based on my own experience and my own testing against competitors.Get VIPRE (pronounced "viper") now. I bet that small fee for this commercial product will pay off handsomely.

This isn't a pattern of failure. It's a surrender cult.

2010-03-26T14:19:00.005-05:00

To add to my previous article about Chinese hackers (U.S. is losing power as the world leader), I recommend you to read the article from New York Post. Especially, I like: "Here's the US-Israeli-Palestinian relationship in simple terms: You run a business. And you have a brother who's worked with you for decades. A group of corrupt "partners" with criminal records, notorious for flouting every deal they've made, promises to make you rich. All you have to do is kill your brother."

There is more! This is the first paragraph of the " Bibi’s Predicament" article from the Commentary Magazine:
"It should be clear by now that President Obama intends to pursue the “peace process” in the same way that he pursued health care — by ramming it down his opponent’s throat, in this case, Israel’s."
He lives Israel no choice but to bomb Iran's nuclear installations.

"Surely something must be terribly wrong with a man who seems to be far more concerned with a Jew building a house in Israel than with Muslims building a nuclear bomb in Iran ."
Columnist Burt Prelutsky , LA Times

What can I say? I wish it didn't happen in my lifetime. I am so, so sorry for my country... :-(

Should we be afraid of Chinese hackers? ...Or lost cyber war (Part III)

2010-03-09T10:55:00.028-05:00

PART I

PART II

Average PC user in China or where the hackers are growing...
How Microsoft armed Chinese hackers
A cyber-war in action?
Cyber-espionage
The cyber-gangsters' "weapons" (outside link to my previous article)

PART III

PART III

Why U.S. is losing steam

In addition to the full access to Windows OS that proved to be vulnerable to endless exploits, China chooses FreeBSD as basis for secure OS. The Washington Times recently reported that "China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies." What a bold move! No wonder that many security specialists are seriously concerned that China rapidly getting the leading edge over U.S.
Congress discussed this issue recently but what's the result? Recall Obama's visit to China (read above). Is our government insane? Not at all! As always, money rules the world. When it comes to make a decision the corporate lobbying wins over common sense.

Even worse! The U.S. Government often downplays cyber attacks on our infrastructure. As Ed Giorgio (in 60 Minutes Report on US Cyber Security (November 7, 8 & 9, 2009)) noted, there are at least 10 "reasons why cyber intrusions are ignored, denied, or not reported by government." No doubts, they will be denied by the government officials but here they are:

It is downright embarrassing to admit that you do not have very good cyber defenses and it will severely hurt your brand.
The targeted organization frequently has no solution to the problem as was the case when DHS "lied" to congress. In government and the military, you cannot report a problem you don't have a solution for.
The administration might be worried about international political fallout because it impacts other delicate issues with China, Russia, Israel, France, etc.
We don't want to open a can of worms and admit that we too have an offensive capability which we work hard to keep secret.
We fear the unwanted oversight and attention.
If we are forced to address the problem by making us reprogram resources from high priority mainstream mission programs which are already behind on.
The bureaucracy doesn't want to be forced to hold somebody accountable and perhaps take adverse action.
Adding security may get in the way of mission operations and reduce our effectiveness (like not being allowed to use a flash drive).
Recognizing the problem would expand the set of stakeholders who you have to work with to solve the problem. No bureaucrat wants that as it causes a loss of control.
We are skeptics and just plain don't believe it's a big problem and that's it has been blown out of proportion.

"Security? What security? What are you talking about? It's not my responsibility!"

As David Osborne and Ted Gaebler indicate:
"It is hard to imagine today, but a hundred years ago bureaucracy meant something positive. It connoted a rational, efficient method of organization - something to take the place of the arbitrary exercise of power by authoritarian regimes. Bureaucracy brought the same logic to government work that the assembly line brought to the factory. With the hierarchical authority and functional a specialization, they made possible the efficient undertaking of large complex tasks."

Since the word "bureaucracy" became a synonym to the word "government" (verify it with MS-Word grammar!) what can you expect these days? Efficiency? Smart decisions? Logical solutions? Forget-about-it!

When the highly qualified computer investigator decided to track the Chinese hackers and passed his amazing discoveries to the FBI that praised his work, as a result he was facing charges against his activity. "...they are so afraid of taking risks that they wasted all this time investigating me instead of going after Titan Rain" [very sophisticated attack - read below] - said the computer investigator.

Do you have any comments? Are you surprised? Do you see the elements of "political correctness" here?

Do you have any comments? Are you surprised? Do you see the elements of "political correctness" here?

At the same time, Chinese government is not under pressure from its corporations and it ignores any "political correctness" that has overpowered United States. China improves the security of its army (PLA) using a hardened FreeBSD operating system. Considering also more than 100 information infrastructure attacks per minute on the US Department of Defense originated from China and keeping in account that most of the DOD computers are Windows-based, now we have a clear picture: it's the face of an enemy.

Whether it's current or future enemy hard to say but I think that at this moment it is a virtual one, the enemy that is invisible, the enemy that is hard to catch. As I mentioned earlier, tracking virtual enemies can be quite a challenge to U.S. spy hunters.The FBI officials are uncompromisingly pursuing the possibility that the Chinese government is behind many cyber attacks (especially not widely discussed Titan Rain attack - "the most pervasive cyber-espionage threats that U.S. computer networks have ever faced.") considering how well it was organized.

As you may guess, it's almost impossible to determine who exactly was behind the attack: China government, PLA, or someone from private sector (aka patriot hackers) because China has not been cooperating with U.S. investigations of Titan Rain. In accordance to the TIME magazine, "TIME has obtained documents showing that since 2003, the hackers, eager to access American know-how, have compromised secure networks ranging from the Redstone Arsenal military base to NASA to the World Bank… and can be a point patrol for more serious assaults that could shut down or even take over a number of U.S. military networks".

Due to the length of this article I don't want to discuss this issue further but I highly recommend reading about the Titan Rain attack (see the link above) and who discovered it.

Similar developments can be seen on a military front. In April 2009, in Prague, President Obama gave a speech in which he pledged America would work toward a "world without nuclear weapons.". Considering China's military advancements, they have different plans. China's growing revenues helps to become the world's biggest military power, to the point where the U.S. "would not dare and would not be able to intervene in military conflict", for instance in the Taiwan where U.S. has its own interest. Their new ballistic missile is capable hitting a target at sea with the range more than 1,000 miles and could be well used to attack and sink U.S. carriers.

No wonder, the Defense Secretary Roberts Gates has expressed his concern, too: "Investments in cyber and anti-satellite warfare (by China), anti-air and anti-ship weaponry, and ballistic missiles could threaten America's primary way to project power and help allies in the Pacific - in particular our forward air bases and carrier strike groups." while the U.S. administration (faced with huge budget deficit) seized financing for upgrade of aged nuclear arsenal. All of it will lead to the reduction of our military capabilities giving China a leading edge.

History often repeats itself. You are witnessing the process of losing the world dominance by one country and shifting the power to another one.

The lost cyber war

During 2008-2009, U.S. government and military organizations reported about 200 breaches including breaches of more than 70 million records in 2009 comparing to a total of fewer than 3 million in 2008. Do you see the trend? Did our government initiatives and billions of taxpayers' money spent on improving security pay off?

"The great thing about being a pessimist is that you are constantly either being proven right or pleasantly surprised." -- George Will, News commentator.

Consider me a pessimist but I don't see the light in the end of the tunnel.

I'd love to be wrong but I guarantee that there will be greater need in more security practitioners than we have now. Cyber security became a survival skill for any organization.

Senior government officials overseeing the nation's cyber defenses told a Senate panel that agencies are doing more to coordinate their far-ranging efforts, but that even in the best-case scenario, the hackers are often one step ahead. "The harder we can make the general network environment, the easier it's going to be to detect [threats]," said Richard Schaeffer, director of the National Security Agency's Information Assurance Directorate. "We believe that if one institutes best practices, proper configuration, good network monitoring ... a system ought to be able to withstand about 80 percent of the commonly known attacks."

What about the rest 20%?

What's the situation with resistance to cyber crime?

The painful experience of the last several years, lost data, productivity, new security standards imposed by the government, humongous amount of money spent on improvement of IT security raised a red flag for many organizations. I can't say that we do nothing to fight cyber crime but as I mentioned above we are always one step behind the hackers. Let's see what's going on these days.

In February 2009, President Obama launched a 60-day investigation into cyber-security, promising to improve U.S. Internet defense. I don't know what was done after the investigation except the creation of one or more departments with more bureaucrats but the situation did not change much. I have been reading articles about new Federal law propositions, new security requirements, new initiatives, however, all of it proved to be close to useless not only at the U.S. level but also on the international level. According to InformationWeek news reports, the American and Russian governments were engaged in talks to make Internet a more secure medium and limit certain types of cyber-weapons but talks haven't progressed far due to a difference in philosophy.

Many organizations and companies who work on defense against Chinese hackers have recognized that it's close to impossible to catch and prosecute hackers who operate abroad and especially in China. Since no international legal agreement exist, even if the hacker will be traced to a particular person, it will be impossible extradite him to the U.S. considering the relationships with the communist's government of China. Lately, the relationships became even worse (the hacking of Google's story).

Meanwhile, Chinese hackers are becoming harder to monitor since they communicate and coordinate their attacks through private text-messaging rather than on blogs or Web sites, leaving no traces of their activities.So, what is left? Is there ANY way to protect our networks and data? The only learning how to defend ourselves is the way to go under current circumstances.

Again, I can't say we do nothing because:

We educate IT professionals responsible for protection of their IT infrastructure, and we have a number of highly experienced and certified professionals who participate in examining case studies, war-gaming various scenarios, exercises, and implementing global defense solutions.
We have created a whole bunch of security-related certifications to certify the expertise of IT pros (CISSP, CEH, Security+, CISA).
We have developed multiple government standards to protect the government networks and information.
We plug the endless holes in the operating systems, applications, utilities, and databases.
We participate in numerous webinars, read whitepapers, magazines and books; discuss the IT security on hundreds of forums.
We have plenty of web sites dedicated to data security.
We spent (and continue spending) zillions of dollars on anti-malware products and technologies ($7 billion a year).

Yet, we are still facing the same danger to be exposed to sudden cyber-attack or to become the victim of cybercrime because the standards are not perfect and not everyone is following them, the anti-malware products are only 50% effective; there are endless security holes in the operating systems, applications, web browsers, perimeter defense and more. As a result, for instance, according to FBI, an average of over 1 million computers per year is currently being hijacked by botnets; an estimated 90% of Internet access points on corporate networks are inadequately protected; and the cyber-gangsters rip estimated $100 billion worldwide utilizing silent attacks that are invisible to their victims.

What are the latest developments in cyber-defense?

There is interesting information about the new security content protocol specification that has been released by The National Institute of Technology (Special Publication 800-126. "The Technical Specification for the SCAP,"). In accordance to the Government Computer News, "SCAP comprises specifications for the standard organization and expression of security-related information, provides an overview of the protocol and on ways software developers can integrate SCAP technology into their product offerings and interfaces."

In the end of last year, the U.S. Department of Homeland Security (DHS) completed, in cooperation with other government agencies, a draft of national cyber attack response plan that is planned to be tested in September 2010 during Cyber Storm III, a cyber security drill. I am just curious why this information is available online and not restricted to those who has appropriate security clearance...

Northrop Grumman and three universities planned to form a cyber security research consortium to address emergent cyber security issues. Northrop Grumman will fund 10 research projects at MIT, Carnegie Mellon University and Purdue University. Quite a powerful combination! I hope we'll get some positive developments from the best brains in our country.

The Homeland Security seeks new ideas how to protect our networks by creating a Web 2.0 crowd-sourcing portal called IdeaFactory. House leaders have asked the chamber's security officials to implement a new cyber-security training procedure for aides and take extra steps to protect sensitive information from potential hackers and to recommend the technology updated focused on security awareness.

Microsoft detailed new botnet protection, IdM technology at RSA Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, offers insight into the company's plans to thwart botnets, secure enterprise cloud computing and help individuals better manage their online identities.

Yes, the first step that will be the most effective is to educate computer users about potential threats from highly qualified hackers, what needs to be done and how to operate computers safely.

Here is what one fellow said in his blog:

"I run a computer service shop, and...we drop Avast [anti-virus program] on ALL computers that come in, while simultaneously telling every single customer that it will do nothing to prevent them from brand new threats...and neither will anything else on the market today! Quoting myself, "viruses are a cat-and-mouse game, and antivirus vendors are always the cat doing the chasing." Software firewalls are also junk because any virus that does take root can easily bypass such a program. In reality, the only two things that are needed to keep a secure network are (A) a hardware firewall between you and the Internet and (B) well-educated, cautious, skeptical users. Education seems to fly out the window when an erection or free music is involved… Computers and software stopped being the weakest link over a decade ago. The most commonly exploited security hole on a computer is the device which sits between the keyboard and the chair, not the IP stack or WMF rendering libraries."

Posted by: cryptikonline on: 07/14/09

Step number two should be proactive defense, the type of defense that actively fights hackers with their own weapons. I was glad to find information that there are some white-hat hackers that actually do just that!

In accordance to F-Secure, a white-hat hacker (a good guy) using the avatar 'Catch-Em' hacked into the Pakbugs.com web site (the underground site that re-sells stolen credit cards), compiled a list of registered users with their email addresses and passwords and then posted the list to the Full Disclosure security mailing list. He also forced the web site to shut down for several days, and later (when the web site was online again) activated the DDoS (distributed denial of service attack).

DNSSEC introduced a new encrypted domain technology designed to protect the domain name system from spoofing and other hacks.

Lockheed Martin has formed an information security alliance with several technology providers to focus on self-healing systems to solve some of the information security problems.

There are also some successful operations on the grand scale. Eighty (80) people worldwide were arrested in connection with a major international banking ID phishing scam. "Operation Phish Phry" has been described as the biggest cybercrime investigation in US history.

I'd like to see more news like these ones:

Godfather of spam Ralsky goes down. Spam king Alan Ralsky was sentenced to four years in jail this week, for pump-and-dump stock spamming. Nine other spammers were also sent to jail for the same crime.
Microsoft's 'Operation b49' chokes Waledac botnet. Waledac is one of the 10 largest botnets in the U.S. that is responsible for distributing billions of spam messages around the world.
Police arrest Mariposa botnet masters, 12M+ hosts compromised
Allaple Worm Author Sentenced
Second Man Sentenced for TJX Attacks

There is a known technique to build "Honeypot" servers that attract hackers by lack of any protection and avert them from sensitive servers that have various layers of protection. Since the hackers usually take the easy route, those servers serve well by not only turning the attention away from important computers but also allow learning how the servers are being hacked and what needs to be done to protect the sites against becoming a part of botnets. For instance, a new open-source honeypot project called Glastopf dynamically emulates vulnerabilities attackers are looking for" and can auto-detect and allow unknown attacks.

Recently introduced technique, perhaps limits the number of security holes in the software by using the application Whitelisting techniques like from Faronics. If any executable file is not on the white list, it's not permitted to run!

On another note, if you have the critical infrastructure with strategic importance, why not isolate it physically from the Internet and use, perhaps, dedicated lines of communication? Not possible? I doubt it. With amount of money wasted on security that does not protect there is always a way to find the method of managing the infrastructure without exposing it to attacks originated from the Internet.

What can we do about cyber-terrorism?

Let's be honest, the facts are against us. Those who defend the networks are faced with a huge range of cyber-weapons to protect the infrastructure. At the same time, the cyber-gangsters can reach the goal by exploiting only a single vulnerability. Cyber-gangsters are usually fanatics who would do anything to cause the mass destruction, whereas security experts are not the fanatics to work tirelessly endless hours.

U.S. Federal agents have thwarted planned terror attacks on Fort Dix, N.J. by uncovering a terror ring in Lackawanna, N.Y. and plots against the nation's financial centers, the World Bank, ten airliners landing in the U.S. (the liquid-bomb plot), JFK airport, the Brooklyn Bridge, the New York subway system, the Los Angeles airport, the Israeli consulate in Los Angeles, and the Prudential Building in Newark, N.J., among others. They fought real terrorists. But how do you fight cyber terrorists?

The Internet is not a secure media. Those security professionals who passed CISSP exam (commonly respected security certification) learned about the model for security policy development or so-called "CIA triad" (Confidentiality, Integrity, Availability). The problem with the Internet security lays in the fact that the Internet was not initially designed for confidentiality or integrity. It was designed for availability and resiliency by providing a packet switched network with alternate paths meshed together. The security services of confidentiality and integrity usually must be implemented at the application and end-point levels (computer, mobile phone, PDA, etc.).

There were some voices to re-design the Internet and to make it more secure. Wouldn't it be great? It makes sense for some of the people who are responsible for security. This drastic measure cannot be taken without the government intervention due to possibly imposed taxes on the Internet usage and huge expenses. As you may guess, this measure will obviously rage many people (including myself, perhaps on this stage) who would oppose it using all available civil rights. I am not talking only about the U.S. citizens but also about world's net-citizens since it must be a common effort after a commonly accepted agreement.

Maybe the future incidents will push more people toward this measure but we must act now - as a government and as individuals - to fully meet the challenge of cyber terrorism. Some methods we may use include:

Implementing strong access control systems to ensure that only authorized individuals can access cyber systems.
Using strong encryption to ensure confidentiality and integrity of information stored, processed, and transmitted on and through cyberspace
Keeping policies up to date, and ensuring they are strictly enforced
Implementing effective detection systems to recognize currently known and future cyber attacks quickly
Closely monitoring all cyber activity by using log files and log analyzers
Implementing a real-time national defense strategy
Deep analysis and forward thinking on possible future technologies and prediction of attacks (based on current trends) that may occur as those technologies are implemented to address the security requirements of the future

1. END-POINT PROTECTIONS FOR ORGANIZATIONS

Here are the "BIG SEVEN" rules that reflect the major steps to be taken to protect the end-points in the corporate and government networks:

Create an Internet use policy and use the web content filtering with scheduled updates.
Train employees on cyber security and enforce it vigorously.
When administer the access rights, reduce privileges as much as possible on a "need-to-know" basis.
Login to the system with administrator rights only when you need to change the configuration or install/remove the applications. Otherwise, login as a regular user with no administrative rights. (Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts)
Take care about updating your software (OSs and applications patches) religiously.
Use the best possible Anti-malware product on each piece of hardware. Besides that, implement application "whitelisting", heuristic and behavioral detection additionally to detection by signatures to mitigate zero-day threats.
Consider implementing new technologies such as cloud and virtual computing by centralizing the hardware for distributing the applications down to user's PCs (or terminals).

Using application and OS streaming based on specific needs and storing the images in one, central location will increase the security level and lessen the burden of maintaining the security locally, on each node since all the patches and security protection will be concentrated in one place rather be distributed all over the network - hosted security (assuming that the application/OS streaming will be tightly secured and encrypted).

Such a solution may dramatically lessen the number of attack vectors with many additional benefits. In fact, server versions of Windows typically have a lower infection rate on average than client versions. Servers have a tendency to have a lower effective attack surface (or vectors) than computers running client operating systems because they are more likely to be managed by experienced administrators and to be protected by several layers of security.

2. ANTI-SPAM PROTECTION

MessageLabs Intelligence Top Tips to Stamp out Spam:

Protect your email address - using your primary email address anywhere on the web puts it at risk of being picked up by spammers so be careful where you use it
Watch out for the checkboxes - when you buy or sign up for something online, opt out of being contacted by third parties, you don't know where your address will end up.
Don't use the reply, remove or forward options - acknowledging the spam email using any of these options only validates your email address and can lead to more spam.
Use an unusual name - if you use an email address with numbers in it for instance, you are less likely to receive spam. Spammers often use directories of common names to guess email addresses, e.g. ajones@company.com, bjones@company.com, etc.
Avoid clicking on any links in spam messages - the addresses of links are frequently disguised and often serve only to confirm your existence to spammers. Same with unsubscribe links.
Avoid downloading pictures in spam email - these can identify you as a recipient even if you just view the message in the preview pane. You can view your email as text to prevent this, or you can set your email security to block external images.
Use a spam filtering service

3. HOME PC PROTECTION

a) First of all, educate yourself about information security even if you are not involved in the Information Technologies.

b) Consider dedicating one PC exclusively for online banking. Restrict other browsing or services like email of web surfing.

c) Use the combination of the best security utilities. My "four favorites" that I have on EVERY PC that I use at home and recommend to my clients:

VIPRE: Best Antivirus + Antispyware (inexpensive commercial). This software is ahead of competition with less footprint and speed as well as amazing detection capability. Even with those feature it's not 100% proof. Therefore, I use once a week another utility, such as:
Malwarebytes.org' Malwarebytes' Anti-Malware (free or commercial). The one program (as far as I know) that can be installed in the Windows Safe Mode and remove the most persistent malware. It complements VIPRE very well (read my blog about VIPRE).
Secunia PSI (Personal Software Inspector) - free utility to scan and discover unpatched applications - the vectors of possible attacks. The utility also suggests possible solutions providing the links to updated files and vendors. (Secunia: Average insecure program per PC rate remains high)
Check Point's Zone Alarm firewall (free or commercial). This software also installs a free toolbar that scans the browsed web pages for known infections. (Matousec's Proactive Security Challenge)

In addition, if you download a zipped or executable file from the Internet web site, please use the Virustotal.com web site. Upload your file to that web site and verify it against 32 virus scanners. There is a big chance that only one anti-virus scanner will detect the malicious content. The service is free.

d) Do not expose your personal information on social networking web sites. It's easy to follow the crowd and proudly post your photos and personal information about yourself and your family. Keep in mind that it is exactly what the hackers need to steal your identity.

e) Remember that "there's no patch for human stupidity". Do not click on suspicious e-mails that you don't expect to receive. Do not open e-mail attachments (even such "innocent" as PDF or PPT files) because they may contain the malicious code. In fact, the PDF files, in particular, are responsible for about 80% of all infections in accordance to some sources. Such the files can take a form of fake codec or videos and poisoned search results continue tricking users into on purposely disabling the security programs that they had at the first place.

No Internet security suite can protect you from yourself, so do yourself and the Internet a favor - patch all your insecure applications - it's free with F-Secure and Secunia.

Through a combination of a fully patched OS (operating system) running the latest versions of the software installed, least privilege accounts and a well-configured personal firewall, a big percentage of the malware that penetrates through the client-side will be mitigated well before it reached the antivirus scanner.

f) Sometimes, you may travel (abroad or just out of your office). Please be cautious about public PCs/kiosks:

Check how the PC is set up. It shouldn't let you access the system settings such as the control panel and user accounts. It is a case when the less you can do on the PC, the better - it's well-locked down. I would also recommend to look around the PC for any kind of plug-in devices. It can be hardware-based keylogger attached to the keyboard cable or USB port. For more on keyloggers, read the Bright Hub article, "Risky business, using kiosk computers."
When you HAVE TO perform online banking and credit card purchases that might leave sensitive information on public PC and have to chance to avoid it (what is highly recommended), uncheck any box offering to remember your information and change your passwords as soon as you are on a PC you know is secure (home/your office). I have setup special access to my online PayPal account using the security fob that generates random digits to be used for passwords. It allows me to access the web site with a different password every time I use it. You may request it from PayPal, too.
If you have access to browser options that let you clear the cache and wipe out cookies, you should use them. The best systems warn you that they will clear stored information such as cookies when you exit.
If you need to save a file - do not do it to the local drive but rather to Flash drive. Also, you may want to e-mail the file to yourself and then delete it from the public PC. Make sure you emptied Windows Trash can.
If you access the Internet through Wi-Fi networks available in public places, remember, there might be hackers that wait for your free, password-free access. Today's Wi-Fi security protocols are proven to be weak and can be easily broken within minutes with a tool freely available on the Internet.

The future of cyber space. Be aware!

Since this is the last chapter of this article, I'd like to summarize my concerns. In accordance to Liu Migfu (People's Liberation Army (PLA) Senior Col., "The China Dream" book), "China's big goal in the 21st century is to become world number one, the top power."

China's population is growing by 21 million a year and currently houses 1.2 billion people that represent 22% of the world's population. At the same time, their territory is only 7%. The law that restricts Chinese citizens to have only one child doesn't work because poverty breeds children in spite of the danger to be put in jail. This limited territory cannot provide enough food for such a dramatically growing population forever. Many poor Chinese citizens will be faced with starvation.

Of course, I am speculating but think about it. What would be the solution to this problem if you are one of the Chinese government officials? The answer is the immigration (legal and illegal) of a large number of people to the every corner of this world. It's the most inexpensive solution that will have the most lasting effect. China thinks in longer terms. The gradual (and peaceful!) takeover of the territory could be a long-term plan. Legal immigrants can buy or open businesses in whichever country they settle in and have the political power earlier or later. The illegal immigrants will flood the businesses with cheap labor. Given enough time, all of it may lead to serious political and economical influence all around the world especially if Chinese immigrants will preserve close ties with their motherland.

I am taking about a peaceful invasion that you cannot fight because it will be a fight against unarmed people. Taking into consideration long-term plans and almost enormous financial resources of China, the Chinese immigrants will be supplied with enough money from the Chinese government to keep the businesses strong. Of course, they will have to repay the loan what will tie them to China even more.

The same financial resources concentrated in the hands of Chinese government can surely be used (and probably are used) to finance the cyber-gangsters who conduct cyber espionage (economic and military), to secretly stockpile the gold and invest in oil-rich regions out of China, to bribe government officials in various countries and to gain the advantage in trade and politics. Just try to arrest any Chinese anywhere in the United States and the Chinese government will raise a hell with the White House. I am taking about boycotts of trade goods and various sanctions. The growing power of China will be used easily to tight our hands. Now, can we arrest any Chinese hacker in China even if he is an originator of the cyber attack?

The trade and cyber war between the People's Republic of China and the United States, in particular, is a war for extraordinary power and wealth for the winner, and therefore China uses all available resources openly or secretly for winning down the road.

Regardless of whether cyber terrorism is a serious threat to safety, our critical infrastructures, or just an annoyance, we must be forward-thinking to meet future challenges regarding cyber security.

As you understand, many countries' governments consider cyber security and cyber- weapons very seriously. Our government, in fact, not only continuously worked on improvement of cyber-security but also successfully used cyber attacks during Iraq war in May 2007 when George W. Bush authorized the NSA attack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The attack not only prevented successful communication and coordination efforts but also supplied enemy with false information by leading them directly under fire of U.S. soldiers.

There were several cyber tsars to lead the U.S. efforts in cyber defense as well as several major initiatives aimed to improve and protect our infrastructures against cyber attacks. The new reality of computer age is taken so seriously that the Obama administration's former White House chief of cyber-security, Melissa Hathaway, has called for international cyberspace agreements (with similar proposals from Russian government).

However, the chances of such an agreement are quite slim. And here is why. The senior U.S. Army officials identify the wireless communications networks used by insurgents and terrorists as their No. 1 target, and after the Russian government's attempt to propose a treaty limiting the use of cyber-weapons, the State Department has rejected the idea preferring to focus on improving defenses and summon cyber attacks as crimes. In addition, the officials are against any move that could undermine our own cyber security by limiting the options and ability to attack because the advantages of having a cyber-warfare capacity are simply too great in the computer era world.

The cyber-war tactics are also advancing. The United States has already learned that it makes no sense to hit an enemy's infrastructure if it disables an ally's, and possibly America's own since many networks are interdependent. "If nations begin attacking one another's banks and power grids, the next step is exchange of bombs and bullets". In spite of the fact that China rapidly moves to the leading position of cyber-war master, most likely, it has no desire to knock-out Wall Street, because it owns large piece of it. Russia should be hesitant to begin a cyber-attack on the United States because, unlike Estonia or Georgia, the U.S. could quickly response with massive conventional force.

As you see the Cold War still exists but it moved underground or, to be precise, "underwire".

In fact, in accordance to McAfee's annual Virtual Criminology report, many nations are secretly stockpiling tools and techniques in preparation for sophisticated cyber warfare against each otherSo, expect the cyber-weapons to be enhanced, the cyber-war capacity to be increased and improved, and methods of penetration or DoS attacks to be technologically advanced.

Here is a "dirty 13" prediction for 2010 by Larry Barrett:

Antivirus is not enough
Social engineering as the primary attack vector
Rogue security software vendors escalate their efforts
Social networking third-party apps will fraud targets
Windows 7 will come in the crosshairs of attackers
Fast Flux botnets will increase
URL-shortening services become the phisher's best friend
Mac and Mobile Malware Will Increase
Spammers breaking more rules
As spammers adapt, volume will continue to fluctuate
Specialized malware on the rise
CAPTCHA technology will improve
Instant messaging spam will surge

Russians have an excellent proverb that when being translated to English sounds like this: "Those drowning - save thyself". It can be very well applied to the situations described in this article.

Got computer? Start with security!

Please share this article on your network (Tweeter, Facebook, etc - more social networking links can be found on top of the page in the right corner)

References:

http://community.middlebury.edu/~scs/docs/Lee%20Lai%20To,%20China,%20USA,%20and%20the%20South%20China%20Sea%20Conflicts.pdf
http://english.peopledaily.com.cn/home.html
http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=e1005399-d98b-4aff-bb60-2c1884949700
The commercial malware industry.
http://blogs.zdnet.com/security/?p=3673
http://blogs.zdnet.com/security/?p=4791&tag=nl.e539
Janczewski, L. & Colarik, A. (2008). "Cyber Warfare and Cyber Terrorism". Page xiii. Information Science Reference, Hershey, New York
http://www.financialsense.com/stormwatch/geo/pastanalysis/2009/0717.html
http://www.microsoft.com/downloads/details.aspx?FamilyID=037f3771-330e-4457-a52c-5b085dc0a4cd&displaylang=en
http://www.cnn.com/2008/TECH/03/07/china.hackers
http://www.popsci.com/scitech/article/2009-04/hackers-china-syndrome
http://money.cnn.com/magazines/fortune/fortune_archive
http://tinyurl.com/llcdcc
http://www.investors.com/NewsAndAnalysis/Article.aspx?id=522689

Should we be afraid of Chinese hackers? ...Or lost cyber war. (Part II)

2010-02-19T15:10:00.019-05:00

PART I

PART II

Average PC user in China or where the hackers are growing...
How Microsoft armed Chinese hackers
A cyber-war in action?
Cyber-espionage
The cyber-gangsters' "weapons" (outside link to my previous article)

PART III

Average PC user in China or were the hackers are growing...

Internet users in China aged below 25 spend on average 50 percent of their leisure time online, according to this survey. Those surveyed in China demonstrated high levels of social media activity. Nearly 9 out of 10 Chinese respondents indicated that they actively read or contribute to blogs and 85 percent said they participate in chat rooms.

New opportunities for self-expression, communication and interaction in China made the Internet a part of their everyday routines. The number of intelligent 20+ youngsters is increasing. Their computer skills reached sophistication allowing them to gain access to the world's most sensitive sites, including the Pentagon. In fact, some of them claim that they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies. There is a number that circulates the web (not confirmed data) that the Chinese government pays to up to 50,000 highly skilled military hackers to use the Internet for specific purposes that are defined by the government officials (cyber expert James Mulvenon told a congressional commission in 2008). Considering the population of China, this number may not seem threatening at first.

Sure they don't have a special facility with high-tech equipment; they operate from small apartments. Don't underestimate them - they are hardcore hackers who claim that "no web site is 100% safe". In spite of high level security, every web site has a specific weakness that can be exploited. Some of the hackers are self-educated programmers and some of them came from the People's Liberation Army, either way they know how to approach the task. Carefully studying the web pages, they determine the underlying programs used on a particular web site and then exploit the known weakness or test it to find the new one. The language differences are not the barriers for hacking. Many of them study English to the degree that serves them well in their activities. Young hackers are persistently trying to prove themselves against some of the most secure Web sites in the world.

There are many hacking tools are available on Chinese web sites for free and for a few bucks. For instance, for $150, youngsters can buy decent tools for hacking, design of Trojans or tool to evade anti-virus programs in addition to interactive tutorials and the support through chat or IM, i.e., the infamous software known as Grey Pigeon. Some days ago, the software was used for remote control (similar to GotoMyPC.com) but as it was discovered, it is an ideal tool for hacking that can easily be purchased in China.

Some experts believe many individual hackers are joined together to form small and large groups such as a civilian cyber militia that launch attacks on government and private web sites around the world. Some sites reach more than 10,000 registered users and offer special tutorials (sometimes even interactive) about hacking. There are hacker magazines, hacker clubs and online movie serials about hackers. About 43 percent of elementary-school students say they adore China's hackers and 33 percent say they want to be one! Imagine that future army of hackers.

As the Chinese economy improves, you can see more cars on the streets, plenty of construction sites, and numerous brand names ads and shopping centers. More and more citizens become wealthy, or at least move to the middle class level. Those who still can't find the way to make more money (and the young generation, in particular) try different methods utilizing the computer technology.

For instance, they build the web sites that are selling counterfeit items and attract customers by the low price. Usually, after getting money they either mail cheap imitations or nothing at all.

There is another side of hacking: not for money but to make a political statement.

The young generation knows how the government can suppress the democracy movements (Tiananmen Square), so rather than proceed on the road of democracy many young people (or China's Internet patriots) identify themselves in opposition to the West. These "red hackers" may not be acting on behalf of their government directly but the effect of their activities is the same.

If you'd knew the Mandarin language and tried to Google the word "hacker" using its characters, you'd find hundreds and hundreds web sites dedicated to the Chinese art of computer hacking. Some of the web sites are highly organized with detailed tutorials, history and logs of actual hacking, documentation, links, and even technical support. Some Chinese hackers are being trained at schools like the Communication Command Academy in Wuhan (the capital of Hubei province). Based on some research by the U.S. intelligence, the total number of registered hackers in China is approaching 400,000.

The hackers of all sorts can be found in the organized clubs whose members meet regularly. There are kid hackers, women-only hackers, hacker novices, and, of course, gurus. The most amazing and disturbing is the fact that most of them have the unifying characteristic: nationalism. Most of the Chinese hackers are not the individuals or anarchists but rather "tend to get more involved with politics because most of them are young, passionate, and patriotic." This stylish nationalism of hackers with laptops and Internet connection is dangerous for all countries but it is the most harmful to China itself since their government is inclined not to prosecute hackers unless they attack within the country.

These loose government restrictions are more frightening than state sponsored cyber-warfare. The government perhaps tolerates hackers and sometimes encourages them. Their government might task these hackers in turn gain control of them. Homegrown hackers might just as easily be recruited to write viruses or software for the People's Liberation Army.

If you are interested in learning more about the top Chinese hackers, check out the The Dark Visitor web site (in English).

In 2002, a scholarship student, Peng Yinan and two other hackers broke into the web site of Lite-On Corporation and replaced the Taiwanese firm's home page with the message "[F-ck] Taiwan's pro-independence!" In December 2003, similar message reemerged on the U.S. Navy Chartroom site. "[F%ck] usa.gov," read the defacement, which was signed by coolswallow and four others (the same Peng hacked the FoxNews web site after U.S. invasion into Iraq). In fact, they have not only defaced many web sites in the U.S. but also shared the hacking tool on the Internet.

Web site defacement is a very unpleasant thing when your web site is defaced! I remember when I got a call from California from a man who informed me about a U.S. teenager who hacked several web sites including my company's default web page (with a similar message about the U.S. government). It's good that I have the habit not to use the default page on the Microsoft Internet server (IIS) as a home page but rather any secondary. It saved my company from potential shame.

Based on Peng Yinan's following activities after 2003, I would compare him with infamous hacker Kevin Mitnick with the only a difference that Peng was somehow connected to the Shanghai government and since he was qualified enough, could be paid to do some freelance work. There are speculations that he was permanently hired by the Chinese government since he has disappeared from the hacker's world and that in itself is very disturbing.

The Chinese hackers became so experienced and recognized worldwide that MI5 hired Asian teenage hackers in fight against cyber terrorism in China, Russia and Pakistan.

In spite of the huge Internet activity in China, the country's Internet censoring is well known to the world (didn't KGB do the same with the phone calls and letters?). The government wants to have the control of the information flowing in and out of the country. It's not easy to do without sophisticated technology. It's a fact that Chinese entrepreneurs returning from working in Silicon Valley were requested to provide the filtering technology to China's Internet police. These police are actually very successful not only with censoring the communications but also with quick and effective shutting down the sites that they also do not hesitate to pursue for classified information inside of China or similar rogue sites.

How Microsoft armed Chinese hackers

When it comes to money, many (if not all) companies intend to forget about any possible consequences and lose conscience. Microsoft is not the exclusion. The prospect of a sweet piece of pie (e.g. China market) was reflected in the first move that Microsoft made in 2003 when Microsoft signed source code browsing agreement with China.

With the known weak security of Microsoft's operating systems and with the source code not open to the public, many countries, including China, adopt the open source code Linux operational system, a rival of Microsoft. To avoid it, Bill Gates signed an agreement with the Chinese government stating that the new Source Code Browsing Lab can browse the source code of the Microsoft operating system and engage in information security related research.

Almost 15 years of learning about how to do business with China, Microsoft decided to share the source code as a first significant step in penetration into Chinese market through the cooperation with the communist government. Liu, a member of the political bureau of the CPC Central Committee, said that China has great number of software talents and regarded software sector as one of its backbone industries. As a result, Microsoft offered China and later, 59 other countries the right to look at the fundamental source code for its Windows OS and to replace some sections with their own code. Now when China uses Windows in President Hu's office, or perhaps in its missile systems, it can install its own cryptography.

Let's look at this from another point of view. Microsoft makes money by selling its software to China and China has access to the source code of the operating systems that are used by the majority of the computer users around the world. Imagine that you are the computer hacker. What would you want most of all in order to break into the Windows PC?

You probably heard about "reverse engineering" used by hackers when the program they want to hack is taken apart into pieces in order to build the piece of code used for hacking. It is a very complicated and challenging process and not many hackers are able to do it. With the source code available as a gift from Microsoft, isn't it easier to hack Windows?

For instance, the latest report from Google is troubling: "Google detected a "highly sophisticated and targeted attack" last month which originated from China, and resulted in the theft of intellectual property from the search engine, according to Google's corporate development and chief legal officer David Drummond.

It later transpired that the attack was not limited to Google, but infiltrated 20 other large companies from a wide range of businesses - including the internet, finance, technology, media and chemical sectors." More.

Since the Chinese government directly or indirectly supports its own hackers, they might have access to the source code as well. Let's recall how many times Windows - based OS was hacked. In accordance to Shane Harris, who wrote an article about Chinese hackers, they "pose a clear and present danger to U.S. Government and private-sector computer networks and may be responsible for two major U.S. power blackouts." The U.S. government "officials believe that the intrusion may have precipitated the largest blackout in North American history. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected."

Needless to say, Chinese hackers are surely in the state of war with the U.S. Do you need more proof? Just read the daily news.
"China's big goal in the 21st century is to become world number one, the top power," People's Liberation Army (PLA) Senior Col. Liu Migfu writes in a newly published book, "The China Dream." This dream could rapidly become America's nightmare.

A cyber-war in action?

The U.S. Defense Secretary R. Gates said in a recent speech to the Air Force Association: "Investments in cyber and anti-satellite warfare (by China), anti-air and anti-ship weaponry, and ballistic missiles could threaten America's primary way to project power and help allies in the Pacific - in particular our forward air bases and carrier strike groups." The Pentagon recently admitted that last year many computer networks in the United States, Germany, Britain and France were hit by multiple intrusions, many of them originating from China. However, U.S. officials have been cautious not to directly accuse the Chinese military or its government of hacking because it is difficult to prove.

Due to the nature of botnets (distributed networks of infected computers spread out across the globe) the cyber-defense experts are faced with a problem to prove the origin of a cyber attack. Another reason the U.S. hasn't made any claims against China is previously mentioned necessity to be politically correct.

When David Sedney, the deputy assistant secretary of defense for East Asia mentioned, "The way these intrusions are conducted are certainly consistent with what you would need if you were going to actually carry out cyber warfare." Beijing hit back at that, denying such an allegation and calling on the U.S. to provide proof. "If they have any evidence, I hope they would provide it. Then, we can cooperate on this issue," said Qin Gang, a spokesman for the Chinese Foreign Ministry, during a regular press briefing... "I am telling you honestly, the Chinese government does not do such a thing".

India's security advisor said that Indian government network was attacked on December 15, 2009, the same day that some US companies reported having been attacked. The attack on the Indian computers came through a maliciously crafted PDF file that arrived from China as an attachment to an email. As always, the Chinese foreign ministry called their claim "groundless".

However, there is some evidence data about China as the base land of various attacks that have slowly come on to surface. For instance, a security researcher says he has found evidence linking the recent attacks on Google to China (January 2010). Analysis of the software used in the attacks revealed that it contained an algorithm from a Chinese technical paper that was published only on Chinese-language web sites.

Some experts believe that those hackers are not agents of the Chinese state even if they claim to be paid by Chinese government. All of it is quite sensitive information and no one would openly publicize it. However, I believe that with China's goal to achieve world dominance, it fits the picture. Military and economic espionage are an integral part of these carefully planned actions. As our recent Nobel Prize winner Mr. Obama mentioned in his speech, "We must begin by acknowledging the hard truth ... There will be times when nations - acting individually or in concert - will find the use of force not only necessary but morally justified."
Recent events related to the Islamic fundamentalism proved, different people have different morals. In China's goal for world dominance, everything is "morally justified". Chinese communists can be trusted the same way we trust Russian leaders.

In May 2001, several U.S. government web sites were hacked or brought down with DDoS attack by the Chinese. The White House, U.S. Navy, the Interior Department's National Business Center, and more than 1,000 American sites experienced an unprecedented situation of massive offense.

As qualification of Chinese hackers grows, the successive attacks have become more serious. In the past two years, Chinese hackers have intercepted critical NASA files, breached the computer system in a sensitive Commerce Department bureau and launched assaults on the Save Darfur Coalition, pro-Tibet groups and CNN. Sadly, those are just the attacks that have been publicly acknowledged.

What was the cause of these massive and sudden attacks in 2001? As later discovered, it was a coordinated effort of Chinese hackers whose rising Internet-driven nationalism pushed them to declare an anti-American protest after the death of a Chinese pilot who was killed in an accident when a U.S. EP-3 reconnaissance aircraft flying off the southern coast of China had collided with a Chinese F-8 fighter jet.

In its 2008 report to Congress, the U.S.-China Economic and Security Review Commission called Chinese cyber-espionage a major threat to U.S. technology. "China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States," the commission warned. U.S. defense officials called it "patriotic hacking". Hey, this patriotic thing presents real danger for the most vulnerable targets in our country such as air traffic control, the electric grid and waste facilities, banking and Social Security systems, and it cannot be taken lightly. Whether it was paid by the Chinese government or it was an act of hacker patriotism, our government should take this very seriously. We live in the digital age and all the information that is used in our networks and resides on the servers is at risk.

President Bush correctly understood this issue and before leaving the Oval Office authorized the creation of a National Cyber Security Center under the Department of Homeland Security. The current government proposed $355 million to secure private and public sector cyber-infrastructure.

James A. Lewis who helped develop cyber-security policy recommendations for the Obama administration, a senior member at the Center for Strategic and International Studies (CSIS), shared that concern. He said, "The U.S. government had a number of serious computer incidents in 2007, most of which were attributed to China," he says. "The focus in Washington is on what appear to be state-sponsored activities. That, of course, is only a part of what's going on in China." I wish the U.S. would take cyber-security in relation to China more seriously.

In reiteration for past failure when the U.S. military employed cyber-tactics in Iraq war, the insurgents recently hacked the US Military Drone Surveillance Video (RQ-1, MQ-1 Predator MQ-9 Reaper drones). As it was discovered, they have been doing it for a while (the U.S. military personnel found files on the detained Shiite militant's laptop in 2008). All they had to do is to use the Russian-made SkyGrabber, a program freely available on the Internet for less than $26. The event itself is so shocking that I hope it will be an eye-opener for those U.S. officials who are still blindfolded about cyber-terrorism.

There is a real war in the East region but it's not anymore the war with religious but uneducated mujahidin, but with highly sophisticated in computer technology enemy. I don't think it was done without any "outside" assistance from those who would love to bring the U.S. to the knees but the fact itself is disturbing.

Let me remind you that China's neighbor Russia is "singing the same song" with China pretty often when it comes to vote for sanctions against rogue governments. Generally, both countries veto almost every U.S. proposition and both countries hate the fact that USA is a major power in the world (perhaps, still the major). They are dreaming about shifting the axle of power to their own countries, away from Americans.

Unfortunately, they're not only dreaming but rather are taking multiple, carefully planned steps to overpower U.S. on the military front, economically, and financially by rising of own influence in all corners of the world. We learned from history that when the power players are in the battlefield of a global scale, all methods are good - don't expect that the players will play honestly, especially from the regimes ruled by current and former communists.

With kind permission of an author of the article "Marina Kalashnikova's Warning to the West", Jeffrey. R. Nyquist, I want to share with you the information below. Forgive me for inclusion of quite a large piece of this article but I consider this information is so important that I cannot squeeze it further.

"Russia has built an alliance of dictators, what Marina Kalashnikova (mentioned above) calls an "alliance of the most unbridled forces and regimes." Extremists of all kinds serve the purpose of breaking the peace, damaging Western economies, and setting the stage for a global revolution in which the balance of power shifts from the United States and the West to the Kremlin and its Chinese allies. "Among the ideas that animate general staff analysts in the Kremlin, there is the idea of diffusion," says Kalashnikova, "It is not that the Kremlin should strive for territorial expansion and the dissemination of its [political] model. The critical thing is power and the fulcrum of an overall strategic context. In that case, even if the Americans appear influential in the post-Soviet countries, Moscow remains in charge. The [Russian] General Staff therefore has successfully expanded Moscow's position beyond and above the old Soviet position in Africa and Latin America." What prevails, she says, is Moscow's "assertiveness and determination without fear of a reaction from the West."

In other words, the West has already been outmaneuvered. The KGB and the Russian General Staff have taken our measure, and they are laughing at us. Our leaders [read the U.S. Government] do not realize the sophistication of their enemy. They cannot see or understand what is happening. They blink, they turn away, continuing to use concepts gifted to them long ago by Soviet agents of influence. As a nation we are confused and disoriented, believing that the world is beholden to the West's money power - and therefore, peace can be purchased.

"The Kremlin has activated a network of extremists in the Third World," wrote Kalashnikova. "[At the same time] Russia has managed to shake off nearly all international conventions restricting the expansion of its military power." In this situation, the only counter to Russian power is American power. Yet the American president is preparing to surrender that power in a series of arms control agreements that will leave the United States vulnerable to a first strike. Placing this in context, nuclear weapons are ultimate weapons, so that the West's superiority in conventional weapons is therefore meaningless. Whoever gains strategic nuclear supremacy will rule the world; and the Russian strategic rocket forces are in place, ready to launch, while America's nuclear forces are rotting from neglect.

The Russian historian sees that the West relies on the greed of Russia's elite to keep the Kremlin in line. But this is a foolish conceit... the Kremlin's logic is ironclad: Let the West keep its worthless currency. Moscow will have weapons, and in the end Moscow and its allies will control everything. The liberal may believe that protests and appeals to humanity are the ultimate trump cards. The financiers may believe that money makes the world go 'round. Let them try to stop a salvo of ICBMs with liberal sentiment and cash. As far as the laws of physics are concerned, their favored instruments cannot stop a single missile.

According to Kalashnikova, "It is clear that the [Kremlin] regime has no restraint and will commit any crime, break any rule, surpass any benchmark in order to consolidate its already illegitimate power..." Even the old KGB chief, Vladimir Kryuchkov, was appalled: "Putin and others have to answer for what they are doing today to the country," he said. But the West sleeps. The West doesn't want to hear about the danger that rises in the East - from the Kremlin and its Chinese allies."

Recent attack simulation by the Pentagon officials reveled that "The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What's more, the military commanders noted that they even lacked the legal authority to respond - especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war." (New York Times).

If you didn't believe in the cyber-wars and attributed them to the movies only, what else can convince you more?

Cyber-espionage

As you may guess, stealing sensitive information from U.S. corporations is a part of a big plan for many Chinese conglomerates and the government. Considering a long history of the economic and military espionage, cyber-hacking is relatively new one, and the U.S. government officials are worried about China plans and actions.

In accordance to Brenner, the U.S. counterintelligence chief, perhaps once the Chinese used the strategic information gathered by cyber-espionage about large the American company during business negotiations. "The delegation gets to China and realizes, 'These guys on the other side of the table know every bottom line on every significant negotiating point.' They had to have got this by hacking into [the company's] systems." Brenner mentioned that even one case like this proves that Chinese will work very hard when they need to achieve the goal. It surely puts the national security (and eventually prosperity of our country) at serious risk.

Chinese target any high-level official, senior officers of the large companies or strategic institutions. Even the contractor working abroad can be the target of cyber-espionage. The laptop, USB memory module, the smart phone or PDA - all of it is under risk. "China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat" said Brenner.

The cyber-espionage attempts are very difficult to register and prove since today's cyber world includes botnets that can be easily used let's say by Russians who are masking as Chinese. However, several proven cases of cyber-espionage by Chinese should raise the awareness to a higher level and stop making friends with those who want to overrun us at every corner.

Try to "google" the key phrase "china hackers" in English and you will be surprised with a number of article like these:

Britain could be shut down by hackers from China, intelligence
Mar 29, 2009 ... China has the ability to shut down Britain's vital services, including food or power supplies, because its companies are involved in ...
Hackers in China break into PCs of Dalai, Indian embassy
International hackers, many from China, are attacking NYPD computers
Apr 22, 2009 ... A network of mystery hackers, most based in China, have been making 70000 attempts a day to break into the NYPD's computer system, ...
Hackers put China flag on Australian film site - Security- msnbc.com
Jul 27, 2009 ... Hackers posted a Chinese flag on the Web site of an Australian film festival in an escalation of protests against the planned appearance by ...
China's hackers stealing US defence secrets, says congressional ...
Nov 20, 2008 ... Beijing's spending on rocket science turns outer space into 'commanding heights' of modern warfare and could chill relations with America, ...
Block China Web Traffic IP Addresses and Chinese Hackers
Protect your web site from Chinese hackers by preventing traffic from IP address ranges originating in China.

Based on 7 year study, Mandiant describes how Chinese cyber-gangsters launched sophisticated attacks and were able to penetrate the government and corporate computer networks while being practically undetected. They describe so-called advanced persistent threat (APT) model and reveal the fact that the majority of APT attacks attributed to China. The shocking truth: existing anti-malware software was able to detect just 24% of the malware used in the attacks. Mandiant describes several stages of APT attacks:

Reconnaissance (getting the identify of individuals they will target in the attacks);
Intrusion into the network using known methods like phishing;
Establishing a backdoor through injection, registry modification, or scheduled services;
Installing multiple hacking utilities; obtaining user credentials and escalation of privileged access up to the administration level;
Data extraction, encryption, compression, storing on stage servers, and following deletion after successful upload to own network.
Maintaining persistence by adjusting the malware.

While APT-type attacks are usually silent, low profile attacks designed for long-term espionage, the recent attack on Google and 20 other large companies is more like open-war type.

Continue to PART III
Back to PART I

Should we be afraid of Chinese hackers? ...Or lost cyber war (Part I)

2010-02-18T17:16:00.018-05:00

"Our nation's intellectual capital, industrial secrets, and economic security are under daily and withering attack." --Stephen Spoonamore (expert in the field of electronic data security and digital network architecture.)

"China's big goal in the 21st century is to become world number one, the top power,"-Liu Migfu. (People's Liberation Army (PLA) Senior Col., "The China Dream" book).

"Political power flows from the barrel of a gun." - Mao Zedong (former Chairman of the Communists Party of China)

"Educate and inform the whole mass of the people... They are the only sure reliance for the preservation of our liberty."-- Thomas Jefferson

Disclaimer.
Please note, I don't pretend to be an expert in politics. I am just sharing my concerns. Thank you in advance if you are ready to spare 20-25 minutes and read this article.

I began sharing my views on politics as the main motivational factor for cyber crime in the first article that I wrote about Russian hackers. Now, let me share my concern about their neighbor to the south, a "rising star of the world economy" China, and growing skills of Chinese computer hackers.

PART I

PART II

Average PC user in China or where the hackers are growing...
How Microsoft armed Chinese hackers
A cyber-war in action?
Cyber-espionage
The cyber-gangsters' "weapons" (outside link to my previous article)

PART III

PART I

A "political correctness" storm.

The terms "cyber terrorism" or "information warfare" are derived from political agendas of those who rule the countries or from global conglomerates and large corporations that don't hesitate to use any possible measures to achieve their goal. The information age gave us not only sophisticated computer equipment, software, and gadgets but also something that many of us did not expect. I am talking about malware, cyber war, anti-virus programs, firewalls, computer worms and Trojans, botnets, identity theft, and social engineering. All of it became a part of our lives; whether your life is somehow associated with computers or you touch the keyboard occasionally.

This article is not only about cyber danger from our "friends" but also about what causes this danger and why we have to understand it better in order to protect not only our computer systems but our country and our position in the global economy. So, forgive me about emphasis on politics because I believe that political repercussion on current situation with the information security is enormous.

If you are working in the office (except those lucky enough to work from home), you are facing so-called "office politics" every day. You interact with your fellow co-workers and your lovely (or not so lovely) managers. As you may have already discovered, your wellbeing depends more on the right behavior and ability to navigate the river of office politics than on your technical or other abilities. The same occurs on the global level between the countries and even continents.

Unfortunately for us, many Western countries including USA are running under "political correctness" dogma created and nurtured by the fanatics of liberalism. Brainwashed liberals are people who do not accept even the strongest arguments and facts against their distorted dogma of social justice - the utopia of socialism and communism. Yes, they have ears but they don't want to listen; yes, they have eyes but they don't want to see the facts and reality of this world.

As Marina Kalashnikova, a Moscow-based historian, researcher and journalist, noted "Western establishment avoids uncomfortable truths about the world and themselves". Another Russian-born journalist who actually "tasted" socialism, Svetlana Kunin (IBD) said "When party leaders talk about the "collective good," what they are really talking about is their right to determine what is good for the collective. Government bureaucrats decide what level of sacrifice is needed and who needs to sacrifice. They replace voluntary charity with the forceful redistribution of other people's private property. Why do people born into a free society accept a failed 100-year-old ideology? It seems Americans are simply unaware of modern history. They don't know the theory behind slogans such as "fairness and equality" and "sacrifice for the collective good," much less how it works when implemented. They buy into old utopian slogans masquerading as new progressive ideals for "Hope and Change." More

Do you want to see where the "political correctness" approach leads to? Look at one of the European countries and what they are faced with. When the media is bought by the Islamic radicals from overseas and local hardcore liberals, the core value of democracy disappears and those who use it for their own advantages are well known. For instance, the examples of voices "political correctness" are clearly showing the fear of retribution if any action against rising Islam will be taken.

The "political correctness" is weakening and killing our country too; it's spreading out to all facets of our lives making us vulnerable even inside of our borders where we are faced now with a new enemy -- radical Islamism. We have created a climate in which not only citizens are forced not to speak when their concern is related to radicalized Muslims but also the members of the military who are afraid to raise questions about the bald and blatant Islamist comments. We have learned from the press that no one raised a red flag about what Major Nidal Hassan expressed over many years because it could be interpreted as anti-Muslim prejudice. In turn, the military took no action against a man who loudly advertised his extremist sympathies. Thirteen (13) Americans paid for that with their lives.

The radical Muslim world hates us because our culture (our music, our lifestyles, etc.) is spreading to them and threatening to steal away their power base (which is the hearts and minds of their children). Once their children have access to the Internet they'll discover the wide range of choices outside their culture. Instead, extremist Muslims use the Internet to radicalize young Muslims in Western countries using their personal weaknesses. And while the vast majority of the world's Muslims are not extremists, significant minorities are just that. Worldwide, Muslims believing themselves to be advancing the faith have committed more than 14,000 acts of violence just since 9/11. To name just few: Madrid, London, Bali, Jerusalem, Mumbai, and Amman. The list is long and bloody - and it includes many innocent Muslims.

There are many furious and confused Americans who witnessed the years-long campaign to minimize the threat of radical Islam, to paint Islam as "the religion of peace," and to marginalize critics of the jihad as guilty of "Islamophobia." It's time to learn from the problems concerning Switzerland and many other European countries: "(1) A large Muslim immigration coupled with a low native birth rate; (2) Increasing Muslims efforts to change the national culture over to an Islamic one, starting small but having ambition, and less and less tendency to assimilate and live in tolerance; and (3) Terrorism from radicalization" (New York Times and Wall St. J, 11/30).

Even in China, pro-China and pro-Muslim hackers have clashed online in a series of Web sites defacements since deadly ethnic riots in China's Muslim region last months.

Here is what one of the Internet bloggers, spinedr33, said: "...no President can come out and say "there's a cultural war happening right now... there are 1.6 billion Muslims and a sect of their culture doesn't want to co-exist with Western culture. So they want us dead. To defend our way of life, we have to fight back. Since these are people - and not countries - we're going to have to fight any regime/country that won't help stop their radical citizens. So there's a good chance that we may come into conflict with Iraq, Afghanistan, Iran, North Korea, etc." The best anyone can do is using the euphemism "war on terror." But let's face it- there IS a cultural war going on right now. At least WE'RE willing to call a truce to stop it (the radicals no longer seem able to do so). There's so much more to write, but what's the point? If you don't get it by now, you may never..."

Blind liberalism and ignorance to the reality of this world created the product of this correctness - our President and his ideas of spreading the wealth and social justice policies not only to our country but also on a global level. It began from Obama's apologies for past American behavior, sending peace feelers to our former enemies like Castro brothers and Hugo Chavez, bowing to the Japanese emperor and the Saudi king on his recent visits to Asia and Arab Emirates (we did not notice him bowing to the Queen of England). He has deferred to Russia about missile defense and conveniently "forgot" about human rights, global warming issues, and Tibet to China.

This President aims to kiss the back sides of our enemies pronouncing that America was ignorant and arrogant, and we are better now and ready for cooperation. Cooperation is good but with whom? Israelites also tried numerous times to cooperate but were barraged with rockets in return. This new American approach to solve the world problems by bowing is very much to the taste of Iran that, based on recent events, came to conclusion that America can be simply ignored.

Harold Estes, enlisted in the U.S. Navy in 1934 and served proudly before, during and after WW II, sent a letter to the President and several U.S. Congressman. He said "One of the benefits of my age, perhaps the only one, is to speak my mind, blunt and direct even to the head man. I am amazed, angry and determined not to see my country die before I do but you seem hell bent not to grant me that wish.
I can't figure out what country you are the president of. You fly around the world telling our friends and enemies despicable lies like:
"We're no longer a Christian nation", "America is arrogant" - (Your wife even announced to the world, "America is mean-spirited." Please tell her to try preaching that nonsense to 23 generations of our war dead buried all over the globe who died for no other reason than to free a whole lot of strangers from tyranny and hopelessness.)... Take a little advice from a very old geezer, young man. Shape up and start acting like an American. If you don't, I'll do what I can to see you get shipped out of that fancy rental on Pennsylvania Avenue. You were elected to lead not to bow, apologize and kiss the hands of murderers and corrupt leaders who still treat their people like slaves." More...

Why am I telling you all this that is not directly related to China? Because everything is politisized and the politics is a complicated matter especially when we are seeing the results of "political correctness".

Let's get back to my concern. Please answer these two questions. What's the difference between the Cuban communists and China communists? Why is it OK to have a business with one communist country but not with the other one? Is it more politically correct? Yes, today's situation with China dictates that we don't have to throw the stones on China since we have a glass roof ourselves. Who should we blame that we raised our enemy with our own hands? We can only ourselves and our own governments.

Political situation in China

Today, the emperors that were born into position through a family dynasty no longer rule China. Rather, the Republic of China currently operates under a communist government (and many U.S. Government officials are intended to forget it), which is divided into several branches. Much like the U.S. executive and legislative branches of the government, the NPC (National People's Congress) holds the power to pass laws and change the constitution, as well as elect members of the State Council and Chinese Supreme Court.

As Chinese describe it, after the end of the Qing dynasty in 1912, China was still maintaining a feudalistic society where a small group of rich landlords had the majority of the country's wealth, leaving masses of peasants in poverty and despair. Imperialism from Europe also humiliated the Chinese people because they were not truly in control of their own country, having been forced into an embarrassment of unfair agreements. Finally, the Chinese Communist Party formed in 1921 with the goal of bringing to an end foreign oppression of China.

Since the establishment of the People's Republic of China in 1949, the government has desperately tried to heal the country's wounds that resulted from years of turmoil. Their first priority is to assure that all Chinese "eat their fill and dress warmly," a task not easy to do considering the country's gargantuan population. This all falls under the Declaration of Human Rights which states that all citizens are entitled to "life, liberty and sustenance" (we see the difference in two countries' situations by comparing this to the United States' principle calling for "life, liberty and the pursuit of happiness.)

Under this socialist government, "freedom of speech, the press, assembly, association, marching and demonstration is officially guaranteed" for Chinese citizens. If you are a citizen of 18 years or older, you have the right to vote for deputies of the National People's Congress. They also have the right to lodge a complaint against officials if their rights are violated. Additionally, the country promises government protection of religious rights. China supports equal rights for all ethnic groups, prohibiting discrimination, including discrimination against women. However, the underlying principle behind today's Chinese government is the socialist idea that "All power in the People's Republic of China belongs to the people." After centuries of being under the control of an emperor and years of subjecting to foreign powers, the Chinese desperately work for a society in which the citizens lead their own country.

Sounds nice? In reality, based on observations, most of the democracy - related rights are being ignored or actually suppressed by the government. So, the slogan "All power in the People's Republic of China belongs to the people" actually is converted to "All power in the People's Republic of China belongs to the people" actually is converted to "All power in the People's Republic of China belongs to the Government". It is a nature of the socialism or communism - driven system. The Chinese government does not allow criticizing their rulers, they hold a tight control on all economical, financial, and political processes, and suppress the freedom of information by applying heavy censoring of Internet and local media (read the news about Obama's visit to China and his meeting with Chinese students).

Growing Economy

"Obama... was impressed with the dynamism of Shanghai, where he held a town hall-style meeting with Chinese youth Monday and which, he said, is "a sign of China's emergence as a great economic power." (AP). In fact, when my friends visited China last year, they also were impressed with a number of construction sites surrounding cities - the result of rapidly growing economy, so far, the third biggest in the world.

I respect the Chinese for their 5000+ years history, their contribution to the world with medicine, sport, the art of drawing and self-defense, their hardworking, dedication, and smart approach to many things in life. The current economic power of China is the result of sweat and blood of ordinary citizens applied every day. This is the simple secret of success. If you would have a chance to look inside of the auditorium of prestigious U.S. colleges that teach math, physics, and mechanical/electrical engineering, you would be surprised to find out that about 85% of students are Asians.

Some of them choose to stay in the U.S. They are the kids of hardworking parents who emigrated from China, who keep Chinese food restaurants with your favorite food, and who save money dollar-to-dollar to give the kids the best possible education. They are also the kids of wealthy Chinese who can afford to educate them in American colleges. Many of them come back to China after graduation as they see the opportunity to prosper in their own country. And many of the technology companies that are sources of national pride in China, for example Baidu.com and Sohu.com, are founded by returnees from the West, and are listed on the stock exchange abroad.

However, do not be blinded by China's economic growth success. A mild form of social-democratic political system in Western Europe has resulted in decline in standard of living weighed down by welfare. A harsher form of socialism in China led to mass misery and murder (Tiananmen Square). Recent events when China's authorities decided to put the Chinese lawyer on trial after he wanted just to follow the criminal law in a case against local mafia, or when the San Francisco layers tried to sue China for $2.2 billion dollars in an Internet-censoring software piracy case and came under cyber attack last month are proof that you can expect anything but democracy from the communist government.

China vs. Russia

Being at a great disadvantage compared to Russia, with a humongous number of poor people and lack of advanced economical infrastructure, China economically overpowered Russia as well as many other countries. It's not the only current communist government's smart politics to attract the foreign capital, not only smart policy to protect it, but also the solid base on workforce that want to live better and don't mind working very hard to achieve their goal. There are several explanations why Russia, the country with the biggest amount of natural resources and territory in the world, the country that had the industrial infrastructure in place, could not repeat the success of China:

Stupid politics and total corruption from the top to the bottom;
Lack of protection for foreign capitals;
Aging population;
Search of an "escape goat" instead of honest view on what's wrong with the country and how to fix it;
Obsession with drugs (flowing from Afghanistan), especially with alcohol.

I don't want to go into details on how the Russian government is implementing their plan to improve the lives of citizens by acquiring and selling natural resources for personal enrichment. What can you expect from a government that consists from 75% former KGB officers and their buddies and the rest from former criminals to mafia bosses? There were many articles written on this topic by not only the Western journalists but also by Russians themselves. The paradox is that while Russians are gladly accepted all Western goodies (cars, music, clothes, fashion, etc) after the fall of Soviet Union, they are hesitant to accept the true democracy and the country is falling back to the dark age of a cold war.

As one of the investors, Bill Mann mentioned back in 2006: "Investing in another country means that you need to have an understanding about what the people to whom you are entrusting your money think about people like you." Citing the "unpredictability of administrative processes" in Russia, Swedish retail giant, Ikea, froze all its future Russian investments last year because the company faced inflated electricity prices in supposed retaliation for an unwillingness to grease some palms. In a statement that attests the quote above, Ikea's country director conveyed the feeling to an interviewer that "someone somewhere does not like us." More...

Many of the average Russian workers are alcoholics (or, perhaps, huge fans of alcohol) who have no work ethic and motivation to work hard but to spend most of the earned money on alcohol. The paycheck day is very special - the stores that sell vodka see long lines. The next day after the paycheck, many factories and organizations lose 30-40% of people coming to work. A bottle of vodka became nation's currency, a door-opener to the offices of bureaucrats and a payment for various favors

Hard to believe? Consider this. The Russian Federal Organization' web site for alcohol regulations published the project of a new regulation to establish a minimal price for vodka since the "samogonka" (or hard liquor prepared at home) competes with the commercially available vodka. Russia is getting good revenue from sold vodka (38.2 rubles per bottle) considering the fact that, in 2008, vodka sold in Russian Federation in the amount of 1,760,000,000 liters! Add to that an estimated 20-24% of that amount of self-made alcohol and you will end up with 2,147,200,000 liters a year or more than 90 liters per person (!) including children.

Just consider these three sarcastic Russian anecdotes: "Kids from the Yaskovichi village knew very well that they will earlier or later become alcoholics but (just in a case) dreamed to become the astronauts." "The Turkish authorities request Russian tourists to arrive with the passports where they are pictured drunk..." And another one: "In Russia, the alcoholism is not struggle but pleasure".

Many Russian families send their kids oversees not for American education as Chinese do but to look for better life or perhaps to make some money and send it back home to support parents. What else can they expect? Either work as a puppet for one of the wealthy "new Russians" (and without owning a car it's also problematic); join military; join militia (local police) to collect the bribes on the roads; or become an alcoholic working at the factory or elsewhere for low compensation or even worse - drug addict - the fate of many young people. Many Russians don't see the light in the end of a tunnel in their homeland. It's not my imagination - I spoke to few kids from Russia that I met in Sicily (Italy), New York, Cancun, Rio de Janeiro and Barcelona. They are all spread out through the world map.

In many cases, finding a decent job in Russia is problematic - you have to have a car (not affordable for an average citizen) as well as certain skills that cost money to acquire. Young adults who live in large cities have more choices but the newest fashion - drugs are killing without remorse. Russia's attempt to establish the democracy turned to a population to serve the wealthy management.

I spoke to a Russian immigrant who recalled the following story that happened about 30 years ago. He was among several people in the room to meet the Russian journalist who worked in China for almost 25 years. It was a fascinating story about China and Chinese but he memorized the only one phrase that is still carbon in his memory. "If the average Soviet farmer ("kolhoznik") would work at least at 1/3 of the power of the Chinese farmers, the Soviet Union would be in great shape."

Long-term goals

Smart decisions even under communist government resulted in outstanding growth of China's economy since the strong economy must be a component of a global dominance. At some point, Deng Xiaoping's statement (who was a 3rd Chairman of the Central Military Commission of CCP) "to be rich is actually good" began China's re-birth. He is called "the architect" of a new brand of socialism and was credited with advancing Chinese standards of living

Having more money and carefully manipulating the currency, stocking up on a number of key commodities when the commodity prices such as oil and copper are low, investing up to 15% to 20% of GDP into the infrastructure of highways and railways, plus all the associated township infrastructure linking North and South, and East and West across the U.S.A. or Europe advances China's economy in unprecedented pace. China is also buying U.S. government issued bonds and heavily invests in military and space, purchasing new technologies from the West and then using it for own advantage.

At the same time, China is quietly and rapidly buying gold to protect its huge U.S. dollar reserves (~$2 trillion in U.S. debt). For the past six years, the country has almost doubled its holdings in gold to 1,054 tons, making China the sixth-largest holder of gold bullion. At the same time, they are pushing the idea of replacing the dollar as the world's reserve currency with another stable currency issued by international financial institutions. How can China buy gold quietly? They make a number of direct purchases from the governments of major gold-producing nations. China now has 30 times more gold in reserves than it held in 1990.

I am not talking only about the Chinese government but also private citizens who now have permission (and encouragement from the government to allocate at least 5 % of investment!) to buy gold, something that was not possible just last year and considered as a crime. If every one of the 900 million hardworking Chinese people were to buy just one ounce of gold, it would completely absorb the production of all the world's gold mines for the next 10 years. The value of that gold at today's bargain prices would be $1.13 trillion. According to the China Gold Association, the People's Republic plans to increase its gold reserves another 374% -- to 5,000 metric tons while the export of gold is banned! Recently, China entered into an agreement with Russia, Brazil, France and several Arab states to end dollar trading for oil -- instead using a bin of currencies that includes gold. No doubt, with the U.S. dollar losing value -- exactly opposite to gold -- China should protect itself, but all these actions together could make China a future world gold supplier - a part of the world dominance plan.
Watch out, America!

A weak yuan (The renminbi or the Chinese yuan is the currency of the People's Republic of China (PRC), with the exception of Hong Kong and Macau) makes Chinese exports cheaper and is forcing American companies move offshore, grinding down support for soothing global trade rules and fanning trade disputes. While China builds the magnetic levitation train that can travel at more than 300 miles per hours back in 2003, the U.S. invested only 1/10th of 1% of GDP for infrastructure while the railroads are falling apart. By the way, China just announced that their super-speed train broke the world record.

While China invests in the largest electric grid in the world more than doubling its electrical capacity, the U.S. has a "critical mass" situation with its electrical grid that is running out of capacity to support its economy (I am not even talking about electrical cars being planned to manufacture this year). This is how one country loses the power while another one gains using all the weaknesses of the opponent. Only now, the Obama administration began talking about investing $15 billion in the U.S. infrastructure that is still a water drop in the sea comparing to what is actually required.

"The world trading system is going to blow up, or the U.S. economy is going to totally de-industrialize unless China loosens controls on its currency", said Peter Morici, a University of Maryland business professor and a former chief economist at the U.S. International Trade Commission.

It reminds me of Japan in the beginning of the 70's, the country that basically overpowered American dominance in TV and metalworking tools markets. Using honest (and not very honest) methods, manipulating the U.S. government officials by either bribing or by blackmailing, they allowed, for instance, sell TVs in Japan only after the U.S. manufacturing and technology rights were sold to Japan. With Japanese's outstanding ability to improve the technology step-by-step, Japan began to manufacture better quality products and sell them cheaper. Do you remember the American TV companies like Zenith and RCA? They went out of business. Not to mention Japanese cars vs. American?

Even now, money hungry U.S. corporations repeat the same mistake - history did not teach them a lesson. For instance, the potentially huge market in China attracted Microsoft (read below how Microsoft gave away the source code to China) as well as many other industry giants. Now, all this technology is used to advance China and give it a leading edge. It's a fact of life that U.S. consumers use most of the China-made products in daily life starting from electronics, clothes, tools, and finishing with food products including food for pets. It's even scary to imagine that if one day China would want to stop the flow of the consumer products to the American people we would face a disaster. The only thing that calms me down is the fact that Chinese probably doesn't want the U.S. to fall down severely because of a huge pile of U.S. government issued bonds that has accumulated in their hands.

However, it's a trump card in their hands that could be used if it would fit in the big plan to bring the U.S. to its knees. And who would fill the vacuum? Who would become the new superpowers? Regimes proved that they were unafraid to be ruthless to their own people (not to mention their enemies). The Chinese government dreams about restoring the world dominance of China as the greatest country. I wouldn't be surprised if they achieve their goal within next 10-15 years. Read this part of an eye-opening article from IBD.

"In the case of Communist China, we're talking about a power that was willing to embrace capitalism because its totalitarian rulers saw that it could be the key to global dominance. When students tried to use new economic freedoms as a path to political freedoms, they were soon gunned down in Tiananmen Square, or incarcerated. So why would it surprise anyone that a regime so brutal and calculating would also in 1982 provide enough highly enriched uranium to Pakistan to construct two atomic bombs, as rogue Pakistani scientist A.Q. Khan has revealed and the Washington Post reported ...? Indeed, according to Khan it was none other than Chairman Mao himself who years before approved the secret deal. Islamabad and Red China may have animosity toward India in common. But it is simply naive to believe that Beijing did not have an eye on the potential destabilization that the nuclear empowerment of a hard-line Islamist regime would have on Western democracies.

"If New York were hit with a terrorist nuclear device, the Chinese would be the first to offer medical assistance, blankets, and toys," say nuclear weapons experts Thomas C. Reed and Danny B. Stillman in "The Nuclear Express," a book based in part on visits to Chinese nuclear facilities. "But the fact is," they add, "with New York down and the dollar discredited, the mandarins of China would be the last men standing. China would emerge as the world's pre-eminent economic power, with the clout to allocate energy resources as it saw fit."

China and Russia together have for many years helped Iran build nuclear facilities, which we now know Tehran's Islamofascist regime is using with the aim of building weapons. From providing technical information stolen from the West to aiding missile development to helping construct Iran's Bushehr plant, Moscow has been indispensable to the mullahs' nuclear ambitions. And again, to believe that former KGB agent Vladimir Putin only has economic gains in mind, or regional advantage, is naive. The bloodthirstiness of totalitarianism is at the core of China and Russia's proliferation efforts on behalf of Islamic powers. The Cold War may be over, but their malevolent global designs are not." (IBD, 11/13/09)

Financial and economic power these days gives China a clear advantage over the U.S. that struggles with economy and job market. No wonder our Democratic government tries to please the Chinese government in order to improve relations and allow more importing of American made products and technologies to China to bring the huge deficit balance down. The U.S. trade deficit with China widened in September 2009 to $22.1 billion from $20.2 billion, the highest in nearly a year.

Business Week mentioned: A day after President Obama left Asia after an 8-day visit, Jon Huntsman, the American ambassador in Beijing, tried to counter the spin in the media that his boss's China visit didn't go so well. China, having a leading edge now, can simply ignore U.S. requests or, perhaps, yield in small things but resist in a big way by following its own big plans.

Enough about China's global plans -- get familiar with their "cyber force".

Continue to PART II

Please share this article on your network (Tweeter, Facebook, etc - more links can be found on top of the page in the right corner)

The cyber-gangsters' "weapons" and the state of Internet security

2010-01-21T16:13:00.014-05:00

I wrote my first article about cyber crime related to Russian hackers. Writing an article about Chinese hackers (will be published soon) I had to explain why it's difficult to fight against them due to a wide range of tools, methods and existing vulnerability of operating systems and applications in addition to the specific political conditions in China. Since this material turned to more than 15-page information, I have decided to put it into a separate article. So, it's offered here.

Cyber-gangsters

Before talking about hackers, let's define who are we dealing with? Who are the people or organizations that are motivated to dedicate their intelligence and skills to a dirty business of exploiting computer systems?

Andrew M. Colarik of the

USA

and Lech J. Janczewski of

New Zealand

state that, "In the context of information security, terrorists may come in many forms such as politically motivated, anti-government, anti-world trade, and pro-environmental extremists". They further state, "Cyber terrorism means premeditated, politically motivated attacks by sub-national groups or clandestine agents, or individuals against information and computer systems, computer programs, and data that result in violence against non-combatant targets".

Let's add the money-motivated hackers, and you see the picture of the enemy.

The goal of money-motivated hackers is to benefit from money inflow:

with cyber espionage (to get the advanced technology secrets; to disrupt the competitors' networks; or to embarrass competitor and gain the advantage in the same field of business);
by acting as a "cyberbully" and demand money by various methods of electronic blackmailing;
by breaking into financial organizations' computer systems and transfer money to offshore accounts;
by stealing the valuable information and re-sell it to those who wants to use it for own advantage (example: stealing credit card account information and reselling it);
by "building" the botnets for DDoS attacks and sell the right to use it;
with identity theft by using stolen information to transfer money out of the bank accounts or to buy the goods from the Internet-based stores with newly opened credit cards;

I am sure there are few more methods but you got an idea.

According to a new study from McAfee, data theft and breaches from cybercrime may have cost businesses last year as much as $1trillion globally in lost intellectual property and resources for repairing the damage.

The goal of cyber-terrorists is to intimidate or force a government or its people to perform the changes that serve attacker's political and social objectives or political motivation. The goal also can be described as a disruption of major infrastructures of the country (e.g. nuclear plants, energy supply systems, defense infrastructure, and similar) in order to gain quick advantage in the pre-planned geo-political action.

Whether you want to call it "cyber terrorism" or only "information warfare", unfortunately, it's not the theory, it's the reality (read my blog about cyber attack on Estonia).

As you see, political views have various forms and can be the main motivational factor to be engaged in unlawful attacks or threats of attacks against computers, networks, and the information infrastructure.

I don't know if anyone assigned a name "cyber-gangsters" to all the people and organizations that are politically or financially - motivated to utilize multiple weaknesses of computer systems in order to achieve particular goals but I feel it's appropriate and I will use this term.

The cyber-gangsters' "weapons"

Neither definition-based anti-virus nor any other single solution is enough to block modern threats. Zero-day attacks, "mutating" viruses, or targeted attacks are all high-risk situations requiring an additional layer of protection. Our widely accepted security standards do not meet the needs either. In fact, the PCI standard for financial institutions and 3^rd-party vendors involved into financial transactions that is considered pretty tough proved to be inefficient. The cyber-gangsters using the sophisticated sniffer software were able to penetrate into Heartland Payment System AFTER they passed their PCI DSS audit. The result of the breach and lost data for the company was disastrous.

"The number of crimeware-spreading sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December, an 827 % increase from January of 2008." Source: Anti-Phishing Working Group, Phishing Activity Trends Report

Let's look what the "weapons" that are used by cyber-gangsters against personal computer and computer network (not a complete list, for sure).

- Zero-day attacks

- "Mutating" viruses

- Targeted attacks (DDoS) utilizing botnets

- Application exploits (including SQL injection) due to OS and applications design problems

- Cross-Site scripting

- Social Networking site exploits

- Browser exploits

- Hosted site exploits

- P-2-P networking infection

- Smartphone attacks

- Wi-Fi protocol weaknesses exploits

- Social Engineering to collect the information for the following attack

- Malicious e-mails and spam - based infections

- Creating malicious underground organizations to assist in cyber exploits and attacks

- Identity theft (which has also been linked to terrorist activity)

- Keyloggers, mouse-loggers, etc

- Rogue Blogs pollution

- Search engine results manipulation to redirect user to malicious web sites

- Two-factor authentication circumvention

Why do we loose a war with cyber-gangsters? Imagine that you are a network or security administrator. You will have to take care about a wide range of vulnerable spots in your network, computers, and applications. This range becomes wider every day. As for hackers, it's enough to find only ONE VULNERABLE SPOT and you are fried. Do you see the difference?

1. Infected with a virus

There are various virus-detection technologies, regular or more advanced; however, modern malware can successfully avoid virus detection attempts. None of the today's technologies are able to clean 100% of viruses. The number of various viruses and their variants is well over half of a million, and every day there more and more news about newly created and more sophisticated viruses, worms, and their "brothers"' variants.

As the software engineer pointed in the article (the link above), it is not easy to design the anti-virus software that will be able to detect new viruses since you don't know where to look and what to expect. So, no matter how the technology is advanced, we're still working in the reactive mode.

The "success" of newly-created viruses is obvious. In accordance to the confickerworkinggroup.org, the Conficker A+B virus has infected ~5.9 Millions of PCs, the Conficker C- ~290,000 PCs, and the last variant of Conficker A+B+C -~6.3 Millions of PCs. One in 7 computers infected with Conficker are hosted on Chinese Internet service provider (ISP) Chinanet. The number of infected PCs proves one more time that the most of the virus infections occur on the PCs that are not properly and timely managed. The protection could be achieved simply by installing patch MS8-067 or disabling AutoPlay on a Windows OS.

I don't need to point you to the numerous news about new infections happened almost every day on a large scale. In accordance to Norton Symantec anti-virus company, the top 100 infected sites had on average 18,000 threats and 40 per cent of the sites had more than 20,000 threats. An astounding 75 % of websites on the list were found to be distributing "malware" for more than 6 months. This is the world we live in.

I don't know if you heard anything about Zeus virus but this is the one that successfully avoids most of the anti-virus scanners available today. In fact, the effectiveness of an up to date anti-virus against Zeus is not 100%, not 90%, not even 50% - it's just 23%. Its popularity has also encouraged the opening of the Zeus Tracker which currently list 537 active cyber-gangsers domains, with the majority of them hosted in Russia, the U.S and China, followed by the

Netherlands

Ukraine

and

Germany

.

Does it mean we should not spend money and use the anti-virus programs since they don't guarantee 100% virus-free PC? Not at all, some protection is better than nothing. Ask any computer specialist, and every one of them has its own opinion which anti-virus program is better. I have also shared my experience in this blog after I have replaced all anti-virus and anti-spyware programs on my PC with the only one - VIPRE from Sunbelt. Follow the link and find out why I have chosen this product and more details with screenshots.

2. Applications and OS design problems

If the operating systems and applications were designed with a tough security in mind would you see the daily headlines like these?

- Microsoft confirms 'detailed' Windows 7 exploit;

- Typical weekly Security Vulnerability Alert (sans.org):

Windows 4
Microsoft Office 9
Other Microsoft Products 1
Third Party Windows Apps 4
Mac Os 21
Linux 2
BSD 1
Solaris 4
Aix 1
Cross Platform 9
Web Application' Cross Site Scripting 5
Web Application“ SQL Injection 1
Web Application 8
Network Device 3

- VMware has advised of a total of 93 vulnerabilities in several of its products, including ESXServer, VirtualCenter, and vCenter.

- Secunia's typical report:

o [SA37448] Internet Explorer Layout Handling Memory Corruption Vulnerability

o [SA37318] Microsoft Windows Win32k Kernel-Mode Driver Multiple Vulnerability

o [SA24314] Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability

o [SA35948] Adobe Flash Player Multiple Vulnerabilities

o [SA37314] Windows Web Services on Devices API Memory Corruption Vulnerability

o [SA37273] Google Chrome Two Vulnerabilities

o [SA36983] Adobe Reader/Acrobat Multiple Vulnerabilities

o [SA37313] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

o [SA37277] Microsoft Office Word File Information Block Parsing Buffer Overflow

o [SA37309] Microsoft Windows Win32k Kernel-Mode Driver Privilege Escalation

3. Web application security problems

There have been more than 250,000,000 customer record breaches since January, 2005. Each of those compromised records costs companies' on average $202 with the total cost of a data breach ranges from $613,000 to $32,000,000. There two options for compromising the web server: brute force password guessing and web application attacks. In accordance to Imperva, the most destructive attack techniques are: SQL Injection, Cross-Site Scripting, and Cookie Poisoning.

SQL Injection

SQL Injection continues to be one of the most predominant Web application threats that affect commercial and custom web applications (83% of Enterprises Experienced a Database Breach Last Year). Considering the widespread availability of valuable data on the Web, the popularity of e-commerce and dependency on the web for all kinds of information, attackers are motivated to implement faster, more advanced SQL injection methods to launch high profile, widespread attacks on targeted web sites such as an automated SQL injection via search engines, SQL Injection for web site defacement, malware distribution for Denial of Service (DoS) attacks, and direct database SQL Injection that takes advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a back-end database.

Recent news: Another 1.5 million websites associated with the newest series of SQL injection attacks have been found by network security specialist eSoft.

   Cross-Site Scripting (XSS or CSS): attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized, user-provided data.
   Cookie Poisoning: attack that modifies the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms.
   Design flaw: Every application security problem starts with poor design. In addition to thousands of desktop/server operating systems vulnerabilities, when you run the application on a top of it, it adds more vulnerability since the initial design was performed by the programmers who are not savvy in application security. Poor design is a cause of many problems that are exploited by not-to-our-surprise savvy hackers. It is the reason why the number of application vulnerabilities greatly exceeds the number of operating systems vulnerabilities.

To mitigate this problem, SANS Institute began educating programmers in application design security and even introduced a new security certification targeting the army of programmers.

4. The problem of botnets

The new technology, Web 2.0, browser-based computing, and mobile platforms give rise to a new breed of threat: stealthy Web-borne malware used to build botnets of enterprise and consumer PCs to steal customer data, intellectual property, and user credentials.
There are between 4 and 6 million computers scattered across the globe that have been compromised by cyber-gangsters without the users' knowledge. Botnets contribute to more than 87% of all unsolicited mail, equating to approximately 151 billion emails a day.

Last September, a botnet research group Shadowserver was monitoring more than 3750 distinct botnets averaging 20,000 or more bots each, with some containing more than a million infected PCs (!). Bots are so inexhaustible because they install as Trojans from malicious websites, bypassing many of today's security controls.

There are millions of PCs that are unpatched with the latest security fixes from many vendors. All of them are easy targets for "botnet kings".

I want particularly discuss the so-called Fast-flux and Double-flux botnets because they are prime example of sophistication that the cyber-gangster have these days.
Fast flux (fluctuation) is a technique to continuously move the location of a Web, email, or DNS server from computer to computer on the botnet in an effort to hide its malicious activity (spamming or phishing) and make the detection more difficult. IP blacklists that I personally use against spamming of my e-mails are basically useless in finding fast flux-based botnets.

"Double-flux, as you may guess, is similar to Fast flux but with double trick. With Double flux, the DNS name servers that resolve the Web host names are moved from computer to computer, so you don't know where you are actually connected (and in many instances, you are connected to the proxy pointed to the web server but not to the actual web server. To add even more protection against investigators, many of these systems encrypt (!) their communications, which makes it even more difficult (and close to impossible) to track their activities.

With compromised computers issuing 83% of the 107 billion spam messages distributed globally each day, the shutdown of botnet hosting ISPs, such as McColo in 2008 and Real Host in 2009, appear to have made botnets re-evaluate and enhance their backup strategy to enable recovery in just hours. It is predicted that in 2010 botnets will become autonomously intelligent, with each node containing an inbuilt self-sufficient coding in order to coordinate and extend its own survival. (Source: MessageLabs Intelligence 2009 Annual Security Report)

Are you seeing what I'm seeing? There is no light in the end of a tunnel, and so far, we are terribly losing the cyber war.

5. Social networking sites problems with uneducated users and security

As technology advances, the cyber-gangsters are on the leading edge. The "break-into-the-system" old methods still take place but now they build the web sites with malicious content, turn their greedy eyes to the social networking web sites, and employ the latest and sophisticated technologies to achieve own goal.

For instance, with over 350 million users (!) of Facebook, this social networking web site becomes a prime target for cyber-gangsters. I have no doubts that the FSB (former KGB) has a copy of all Facebook accounts coupled with scientific analysis software to filter down the most useful intelligence data on citizens of many countries, and especially,

United States

. Hey, it's almost free database with people who have no clue that their opinions, personal information, employment, personal preferences, and pictures are being thoroughly analyzed and stored in the mainframe computer. I would be surprised if

China

is not following the same plan, or, perhaps, Russians share their intelligence data with their partner? Thank you, Facebook!

Do you think I am speculating? If the U.S. Government officials reported that in-spite all the efforts to protect the network, they miss at least 20% of all attacks, what the Facebook security personnel can do better? Yes, now they might have enough cash to buy good equipment and security software but we all know that it's not enough. It is the case when "social networking" is being used for "social engineering".

There is a great Top Ten 2010 Social Networking Websites Review Comparison web site that also highlights the security measures applied on each site (Privacy Settings, Block Users, Report Spam, Report Abuse, safety tips). Most sites have information pages dedicated to educating users about the risks of Internet scams but what the chart is missing? One of the most important parameters is how the web sites are protected against phishing and malware attacks. And here is a "proof":

Beware: Spam on Facebook and Twitter has reached epidemic.
Koobface (social networking worm). It gains access to Facebook profile pages and directs you to view a video that then encourages you to update your Flash player. Malicious files such as flash_update.exe and bloivar29.exe are being downloaded and installed which results in a range of visible problems, including modifications to your Facebook profile, with the immediate result being an error message to contact support.
The attack that took down Twitter on 12/9/2009 used legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army. According to Twitter, the DNS (Domain Name System) settings for Twitter.com were hijacked, resulting in roughly 80 percent of the traffic from the site being redirected elsewhere from 9:46 p.m. to 11 p.m. PST.
Lost My Phone, Give Me Your Number!! Groups On Facebook Are A Spammer's Paradise
Facebook password-reset spam is Bredolab botnet attack
Sophos warns of Facebook 'Rubber Duck' identity theft. A Sophos Asia-Pacific recently installed the Facebook equivalent of a honeypot hacker and discovered how easy to steal an identity on Facebook.

Why the social networking sites became the targets of many cyber-gangsters? The answer is simple. According to FBI, those sites are "a gold mine of personal information" that can be stripped down redirecting users to malicious web sites through innocent link or video. Considering the average Facebook user, for instance, has about 120 friends, it's easy to imagine how the links are distributed and multiplied. Now consider the second number: 300 millions. It is the number of Facebook users. Doing a simple math calculation we are facing a nightmare situation with the security.

"The cyber-criminals are very adept to using social engineering," said Donald DeBold, director of threat research for CA, an Internet security company. "Your friend is in trouble traveling in another country, 'I lost my wallet. I need help.' They exploit the curiosity aspect out of human nature."

This information is distributed not only on social networking sites but also by e-mails harvested in advance. A friend of mine recently called me with a warning that I may receive e-mail with a request to send him money since "he is in London now, and someone stole his wallet but this is not true". I have explained him how the e-mail harvesting works and why his contact list may receive the "cry-help" e-mails. The first recommendation is to quickly change your e-mail address.

I don't say that social networking web sites are doing nothing to protect its users. For instance, Facebook has developed automated systems that detect compromised accounts. They spot and freeze accounts that are sending an unusually high number of messages to their friends. However, this "business" is very attractive for cyber-gangsters and they become more and more creative.

The Internet Crime Complaint Center received more than 72,000 complaints about Internet fraud in 2008. These cases involved $265 million of financial losses averaging $931 of lost money per person.

6. Daily problems with Internet browsers

No matter how good today web browsers are, all of them are still vulnerable. Recent hacking of Google in China is a proof since it was attributed to a zero-day vulnerability of Internet Explorer (one of the most difficult vulnerability to fix). By the way, more and more people are discovering zero-day vulnerabilities sometimes existed for a long as 2 years. However, the most troubled is the fact that the core of browser security, Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, could be exploited.

Below are some headlines:

Security Pro Says New SSL Attack Can Hit Many Sites
Zero-Day Flaw in SSL and TLS Protocols (11/05/2009) A zero-day flaw in the secure protocols could be exploited to launch a man-in-the-middle attack. The discovery of this authentication gap vulnerability means that all affected libraries will need to be patched.
Some Firefox extensions may be exploited to install malware.
Firefox hit by multiple drive-by download flaws
Typical week's vulnerabilities in browsers registered by Secunia service:
- [SA37448] Internet Explorer Layout Handling Memory Corruption
- [SA24314] Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability
- [SA37273] Google Chrome Two Vulnerabilities
7. Malicious web sites with pre-built code
Based on some observations, more than 75% of maliciously engineered web sites are actually legitimate destinations like BusinessWeek.com and MLB.com. As you understand, when employees visit those sites, they become the victims of so-called "drive-by downloads" hacking that automatically install some hacker's virus on your network. Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. For instance, rogue on-line pharmacy sites, claiming to sell genuine medicine to naive shoppers, continue to be a problem.

The cyber-gangsters are extremely creative by covering the malicious code with innocent web page content. They use advanced knowledge of web design, programming, and security. I don't want to go into details but I was "impressed" with a hiding technique that is using regular cascading styles sheet (CSS) parameters. Since the style sheets allow creation of several layers of the texts combined with images on the same web page, the cyber-criminals used the CSS parameter that covers the malicious region of a page with innocent content (like advertisement). It could be social networking forum or regular web site that looks exactly like a brand-name counterpart. Looking at the web site, how do you know that that particular web page is infected with a malicious code? Close to impossible!

8. Weak security on most of the hosted sites

My web sites also witnessed the hacking. Apparently, my ISP was not aware but the hacker inserted the Google Analytics - like code into main pages of all web sites residing on that particular server and redirecting web surfers to the web site in China. When I contacted ISP's technical support they said it's my problem and they are not responsible for fixing or protecting against hacking. The hackers would hug and kiss this ISP for such an attitudeâ€¦ It leads to thousands of web sites getting compromised by redirecting to scareware, breaking trough the web servers and stealing data (Hackers hit leading UK climate research unit. Reports are coming in that hackers have breached the servers of one of the world's major climate research units (CRU), posting around 61 megabytes of emails and documents to an FTP server in Russia...).

9. P2P security problems

Most of the employers who are aware of danger to use the peer-to-peer network applications usually restrict any communications for BitTorrent, Kazaa, Gnutella, FreeNet, and Morpheous â€“ the programs that allow the information exchange and uploading/downloading the files through P2P file sharing networking with higher port numbers. A BitTorrent client, for instance, normally associates the TCP port number 6881. However, if this port is busy for some reason, the client will instead try successively higher ports (6882, 6883, and so on up to a limit of 6999).

In the view of recent events, these problems may seem not significant. However, these networks are still very much alive and serve the ground to plant if not the new but the known worms and viruses through the infected files being downloaded.

I don't know if you have a sin of downloading the program with a crack through BitTorrent or eMule network but I can give you almost 100% guarantee that the downloaded programs (especially most popular) have an infected file embedded into executable, serial number generator or cracking file.

The danger from the infected file can be quite real since the cyber-criminals (who usually are hidden with a fancy names or avatars) have many options for exploiting the computers. It can be not only the Trojans or viruses for backdoor access (to build the path from outside world to the trusted device) but even legitimate application but with the old, unpatched, and therefore vulnerable files that later can be exploited with any of the freely available hacking tools. Your confidentiality and authentication â€“ the components of computer security - are no longer in a place since you don't know who actually distributed infected files and who actually gained access to your private folders.

One way to fight with this type of cybercrime is not use the P-2-P networking at all. It may seem obvious but for those who still want to use it, there is only one way to gain the trust is to assign a digital signature to each user, and based on the results and history of downloads or information exchange, assign a level of trust. I don't know if this idea will be implemented soon or it has some flaws but, perhaps, it make sense considering the bad reputation of peer-to-peer networking.

10. New technologies become new targets

Cloud computing.

A subscriber to the Amazon pay-as-you-use EC2 cloud computing has had their website hacked, and a command and control (C&C) system installed for the Zeus botnet, which continues to be a problem for PC users, despite the worm being almost two and a half years old.... More

Smartphones

As I mention in this article, the attacks on Smartphones will increase in volume. They have already started. The first iPhone was Worm Detected in November, 2009. Users, who have not changed their default Secure Shell (SSH) login password and have jailbroken their iPhones to allow third-party applications to run, are vulnerable to the malware. More and more hacking becomes associated with a "ransomware": iHacked: jailbroken iPhones compromised, $5 ransom demanded, New LoroBot ransomware encrypts files, demands $100 for decryption. Once malware-proof, Smartphones actually have enough security holes to be vulnerable to various hacking attacks. I am not surprised that most of the attacks target the most popular iPhone: Second iPhone worm behaves like botnet. It has been identified by security vendor F-Secure, which claims the new worm has botnet capability and is more threatening than its predecessor. SpyPhone appharvests personal data from stock iPhones.

RFID chips

New type of counterfeit credit/debit card fraud that is very disturbing: RFID chips vulnerability. The embedded into credit cards or U.S. passport chips can be hacked with under $100 kit. One simple question arises: how this presumably secure technology was approved for implementation with such a big hole in security?

11. Phishing/Identity Theft and Malicious e-mails / spam

The slogan for this paragraph could be the phrase: "Phishing is a major problem because THERE IS NO PATCH FOR HUMAN STUPIDITY" (Mike Danseglio, program manager at Microsoft). All phishing methods are based on presumption that the PC user is stupid enough to open e-mail, browse to the web site, or click on the offered link without second thought that it may be a phishing attempt. No software or hardware protection can fight with phishing unless the PC users are educated enough about security awareness, and this is the reason why identity and money theft online is so wide-spread.

This is a reason why all sort of online thieves are still ripping the money from naÃ¯ve computer users.

Here is a list of the Top 10 complaints received by the FTC:

1) Identity Theft - 32%

2) Shop-at-Home/Catalogue Sales -8%

3) Internet Services -5%

4) Foreign Money Offers -4%

5) Prizes/Sweepstakes and Lotteries -4%

6) Computer Equipment and Software -3%

7) Internet Auctions -3%

8) Health Care Claims -2%

9) Travel, Vacations and Timeshares -2%

10) Advance-Fee needs and Credit Protection/Repair -2%

Some recent headlines:

- Phishing experiment sneaks through all anti-spam filters.

- A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieveda 100% success rate in bypassing the anti-spam filters it was tested against.

- RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords, leading to possible identity theft.

The word spam is hated by every PC user. Spam now contaminates every form of electronic communication from IM to SMS and from blogs to tweets. The global spam rate for September 2009 is 86.4 %, but the rate for US businesses is reaching 93.8%!

Spam e-mails are used for various reasons but all of them present bigger danger than N1H1 virus that was predicted to overcome the human population quickly. Spam is more successful since e-mails travel across the globe in a matter of seconds and every e-mail box contains this, the most hated type of e-mails. Phishing, re-directing to malicious web sites, infected with a virus legitimate web sites, or faked web sites, e-mail attachments infected with a virus, or combination of methods “all of it“ is not a full list of online threats for PC users.

How do the hackers know your e-mail address? First of all, if you are an active social networking user your e-mail can be easily grabbed by the e-mail harvesting programs. Also, if the web site where you left your e-mail address was hacked, all the information is easily obtained by the hacker. The e-mail lists are being sold on the Internet legally and illegally. I have special e-mail addresses for mass e-mails where I don't care about spam. At the same time, I often resist to provide my e-mail address that I use for business to avoid spam.

With automated spam tools, flexible botnets, and targeted spam campaigns, the spammers constantly improve the technique to overcome any effort to stop them. I am sure that you are familiar with the CAPTCHA technology to verify that you are human when you are filling out the online form. This method helps to fight spammers who use the automatic "fill-out" programs to place the spam links into your online form. Needless to say, the spammers have the tool that can read the image of letters (no matter how distorted they are) and still can fill out the form automatically posting the links they would like you to receive. I design and use the Flash-based online forms for my web sites that are more difficult to circumvent. So far, I was successful and was getting only manually-filled form results.

"Some of the high spam levels seen across the US can be attributed to the economic challenges experienced globally since the end of 2008 as well as Internet advancement including the high adoption of social networking," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec."

Cyber-gangsters are tireless in finding new methods to spam. For instance, they have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments. Faking Verizon Wireless e-mails offer the balance checker that is actually a malicious Trojan horse program.

Did you receive the e-mail "notification" from IRS about your funds? I did. It is so wide-spread that the IRS has a special message for all taxpayers about being careful with those e-mails. In fact, on December 9, 2009 the Project Honey Pot (to learn more about spam and the spammers who send it, the largest community tracking online fraud and abuse) achieved a milestone: receiving its 1 billionth spam message - a United States IRS phishing scam. In accordance to the Project's report, the most significant highlights include:

- Malicious bots have increased at a compound annual growth rate (CAGR) of 378% since Project Honey Pot started 5 years ago;
- Over the last five years, you'd have been 9 times more likely to get a phishing message for Chase Bank than Bank of America, however Facebook is rapidly becoming the most phished organization online;
- Finland has some of the best computer security in the world, China some of the worst;
- It takes the average spammer 2.5 weeks from when they first harvest your email address to when they send you your first spam message, but that's twice as fast as they were five years ago;
- Every time your email address is harvested from a website, you can expect to receive more than 850 spam messages.

Spam levels continue to rise says Symantec. Around 9 out of 10 email messages now include links or information related to spam or phishing, a new study has indicated. I have posted the article about my method of fighting with spam but with today's botnetsthat are spread out across the globe, my method became less effective. At the same time, if you have the opportunity to configure your mail server I still suggest you to filter down all e-mails with the .CN domain extension.

The other folks' experiment in blocking IP addresses originating worm/virus attacks (that was similar to my method) ended up blocking:

- China Anhui Province Network

- China Beijing Province Network

- China Fujian Province Network

- China Guangdong Province Network

China

Hangzhou Node Network

- China Hubei Province Network

China

Jiangmen Broadband Network

China

United Telecommunications Corporation, Beijing

- Oriental Cable Network Co, Shangha

I have seen so many spam e-mails originated from China that, perhaps, I can safely filter down all of them but I cannot do it if the spam from the Chinese spammers comes from the server located in Brazil or Canada.

12. A circumvention of two-factor authentication
As the online banking was growing in popularity and the security concern pushed the developers to create a two-factor authentication technique, more and more people began shopping and managing their finances online. I remember when in 2002 I have been working on implementing RSA Security solution for remote login to the front firewall. I had to activate the security fobs that generated every 30 sec a random number magically synchronized with the server where the RSA software resided. In fact, I still use similar fob with PayPal by complementing my user ID and the password with random characters what surely provides additional layer of security.

Since then, this additional layer as well as two-factor authentication is slowly becoming not so bullet-proof. In fact, cybercriminals have successfully circumvented the authentication process. No, they did not break trough the both factors of authentication but rather, first of all, infected the targeted PC with a malicious program and then patiently waited for the crimeware-infected victim to authenticate himself in order to exploit the access in real-time. A recently published article at MIT's Technology Review, details a case where cybercriminals managed to steal $447K despite that two-factor authentication with a fob (similar to mine) was in place.

With banker malware clearly able to operate even on PCs with up-to-data antivirus product (read about Zeus virus above) how to fight it? Perhaps, timely alerts about online transactions could be sent issuing one-time passwords (OTP) over SMS to report a fraud to the report center in order to freeze the transaction and the account itself. The irony is that SMS alerts itself could be exploited due to "badly implemented processes within particular financial institutions allowing a customer to change the mobile number in any particular moment of time. For instance, a Chinese bank wouldn't accept U.S mobile number for SMS alert and one-time password services because cybercriminals are already using services offering to accept and forward any data sent to a particular mobile number within a country where they maintain local numbers for fraudulent purposes". Let's put simply, we cannot rely on two-factor authentication if the environment where we operate is already compromised.

Always in a "reactive" mode

Do you think Antivirus software will save your PC from infections? Consider this. The May 09 lab test of antivirus software from several known vendors reveals not very bright perspective on detecting new viruses:

http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf

It's actually a scary picture! Do you realize that on average your antivirus software can detect only 50% of new malware programs? I also found very interesting information about what the antivirus programs are being used by the PC users. About 47% of users use free programs, 23% spend money to buy the full-blown product, about 16% use cracked (!) versions of the commercial software, about 10% still use the evaluation copies, and about 4% either don't use it at all or have no clue what it is.

Frankly, after reading the report, I was pleased with the only one fact: I don't use any of the mentioned software. I have switched to VIPRE from Sunbelt Software that offers new detecting technology and the performance superior to other vendors. While I was among those who use the free versions of the software for many years, this time, after VIPRE detected 11 Trojans on my PC that neither Software Doctor, AVG, nor Adware together could not detect, I have purchased 3 licenses for my home PCs and laptop. I still don't regret. I am waiting for the next version of the software that will include not only Antivirus+Antispyware capabilities but also built-in desktop firewall that should be a free upgrade to the licensed users. I mentioned VIPRE in my blog in April 2009.

Let's get back to the facts.

2 years ago, the Dutch company Secunia released data demonstrating that 28% of all installed apps areinsecure. Recently released WorldMap shows a relatively high rate for insecure programs found on a single PC. The U.S has 3 insecure applications installed per PC on average. Now, I want to reveal another scary number. Considering the number of PCs functioning, U.S. - based PC users have more than 2.7 billion vulnerable programs installed. Yes, not millions but big "B"!

The latest version of Secunia software goes beyond simple discovery and elimination of malware and potentially undermining the usefulness of the antivirus programs in general by measuring the exploitability of cross-browser plug-ins such as Adobe Flash Player, QuickTime, or Sun's Java. I believe it's the first company that reveals the sad truth about wrong emphasis on the scanning technology only forgetting about other vulnerabilities and leaving PC users unprotected with a false sense of security.

I am familiar with this online software since I use it periodically to verify my PC (it's a free subscription). More comprehensive checkup would cost you a couple of bucks. The program does not remove the viruses but rather points to the outdated versions of the software and plug-ins that must be updated immediately. For instance, I found that for some reason my PC has 4 different versions of Adobe reader and all of them are outdated and had to be patched with security updates.

If you ever updated Java software on your PC and had curiosity to look at the listing of installed software, you would be surprised to find out that your PC contains several outdated versions of Java because the Java update software never removes the old versions. As you understand, the folders with the old versions might contain the files that are not patched and created the area of vulnerability.

So, the workstations, laptops, and now the notebooks must be patched as soon as possible not only for OS but also for many third-party programs and plug-ins. The failure to ignore it is like playing Russian roulette â€“ even with a good luck, earlier or later your system will be compromised. It only takes a single unpatched application or a browser plug-in to exploit the PC by the cybercriminal. Next moment you lose the ownerships of your PC and the owner becomes someone in China. This time, it will not be the teenager who wants to prove own significance by taking over your PC but your PC will become the tool in the hands of cybercriminals to pursue more financially rewarded plans.

Recently, Secunia conducted comparative review of the detection rate of 12 different Internet Security Suites against 300 popular exploits. They found that even the top performer in the test is in fact performing poorly in general. They concluded:

"These results clearly show that the major security vendors do not focus on vulnerabilities. Instead, they have a much more traditional approach, which leaves their customers exposed to new malware exploiting vulnerabilities."

The table of results from Secunia clearly demonstrates that many of your favorite anti-virus products failed to sense the exploits.

Despite the fact that many applications' vulnerability has been already addressed, the end users are still living in the reactive response world. "Cybercriminals on the other hand, took notice, and following either common sense or publicly obtainable data indicating that end users remain susceptible to already patched vulnerabilities, started integrating outdated exploits into what's to become one of the main growth factors for web malware in the face of today's ubiquitousweb malware exploitation kits."

As you see, with all those tools, simple and quite complicated techniques and hacking methods the sophistication of the cyber-gangsters is growing day after day. They have penetrated into every facet of the Internet. Even Google is also not a proof against malicious software. Google is experiencing SEO (Search Engine Optimization) attacks through crafting custom rogue blogs designed to target the 'long tail' of difficult to understand Google searches to avoid having to compete with more popular searches in Google results, according to cyber intelligence company Cyveillance. The blogs redirect visitors that have found them via a Google search, taking them to Chinese domains that attempt to install fake anti-virus software on victims' computers.Yahoo also targeted by Chinese cyber attacks - similar to the one that affected Google.eSoft investigated the matter further and found over 800,000 active URLs acting as rogue blog middleman sites.

A "quality" of hacking software is often higher than the quality of countermeasures. A recently conducted test by malware researchers exposed that 8 out of 10 malware samples used in the test, successfully bypassed Windows 7's default UAC (user access control) settings. And we are talking about the latest desktop operating software! Yes, we can change some parameters and make the OS more resistant but Microsoft favored the functionality and "likeability" of freshly installed software vs. security probably pursuing the sales goals.

A steady stream of security flaws in the Microsoft Internet Information Services (IIS) software is causing a stir in security researcher circles, with hackers reportedly issuing details of the flaws faster than Microsoft's R&D staff can patch them. Microsoft has warned about hackers starting to use DirectX-enabled files to give them remote access to users' PCs across the internet.

Are you following me? Faster than they can patch them! It is in addition to the fact that the new malware is not being detected in 30% of cases on average! Now, think about our electric grid that is vulnerable to a cyber attack or every other piece of U.S.> infrastructure.

Recently, 60 Minutes (CBS News) disclosed an attack on Brazil's grid. In short:

We're not ready for a cyber attack;
The hackers can move much faster than the U.S. government;
A lot of the worst attacks will revolve around the power grid since everything needs electricity.

"Director of the Center for Strategic and International Studies Jim Lewis spoke of a computer security breach at the CENTCOM network in which intruders managed to gain access to a highly sensitive US military computer system and stay inside for days. The breach may have been made possible through planted, infected flash drives; the

U.S.

military has since banned the use of the portable memory devices."

In addition, at a congressional hearing last year in Washington, U.S. administration officials testified that the government's cyber initiative has fallen far short of what is required. Most alarming, the officials said, there has never been a full damage assessment of federal agency networks.

All of it is not so encouraging information, don't you think? And how many times I mentioned China?

How I built a new Windows 7 PC with an Upgrade version with several surprises..

2010-01-15T23:42:00.001-05:00

It's been awhile since I posted the latest article. It's easy to explain because I am spending my spare time to write an article about Chinese hackers (the second one after I posted the article about Russian hackers). I am 80% done, so if anyone wants to follow me just reply to this one with your e-mail and I'll notify you.

Meanwhile, I got my computer parts all together and began building the Windows 7 box.

PART I: How to build Windows 7 PC from parts.
I have ordered all my computer parts on the Internet. Some of them from Amazon.com since the price was one of the best + free delivery.
1. I used an old but very strong computer case from burned PC that one my customer brought to repair 1 year ago. Since everything (including PS) was burned due to the overloaded Audio, he just decided to buy another PC.
2. Fist of all, I bought 650W power supply with 6 SATA power connectors.
3. Based on the benchmark of the CPUs (it's easy to find one through Google), I have chosen the one pretty close to i7 from Intel. It's AMD Phenom II 3 GHz (Quad) that is cheaper than Intel's but is quite a good performer (almost the best of AMD CPUs).
4. Browsing the pricewatch.com, I found several compatible motherboards and have chosen A780GM-M3 from Elitegroup.
5. Comparing the prices, I found a great deal on NewEgg.com and bought the motherboard combo with a desired CPU. In addition, I have purchasaed 4 GB of compatible RAM (2x2GB).
6. Now, the video card. I could use one that comes built-in with the motherboard but since I watch movies on my PC pretty often (24" Samsung T240 monitor), I have decided to buy the Video card with at least 1GB of RAM. My choice was ATI R4550 that comes with HDMA port and without a fan but a large heatsink. The advantage: no moving parts. I purchased it on Amazon.com.
7. I have also bought 1 TB Maxtor Hard Drive with the same delivery.
8. At this point, I had everything I need except the DVD writer. Usualy you buy one based on what you expect to do with it. Since I am burning a lot of DVDs, I have decided to buy one with Lightscribe capability to be able to burn the label on the face side of DVD. It was Sony 22X DVD writer.
9. I have to mention another piece that I have decided to buy since my motherboard had only 4 USB ports on the back panel and two connectors on the board for add-on USB ports. I have purchased the front panel with 3 USB ports, slots for memory chips (SD, MicroSD, etc), Audio ports, and the E-SATA connector for external SATA device (very useful if you have to backup/move/copy hard drive content to another hard drive).

After assembly, the board booted fine and asked for a hard drive boot sector. At this point, I had to decide how to install my Windows 7 PC (upgrade version). I have decided to install XP with SP2 32-bit, and then upgrade to Windows 7, 64-bit. After almost 3 hrs of formatting the 2/3 of my hard drive (I left 1/3 for another OS - Ubuntu or second partition if I need in the future), the OS began copying the files.

PART II: How to install Windows 7 upgrade version.

SURPRISE I
Suddenly, the PC began beeping during the first reboot required for installation. First, the beeps were short, then longer and longer until the PC has rebooted. I have restarted the PC but the beeps were long and troubling. Hm-m-m, I did not like it. I began to shuffle the hardware suspecting some hardware problem (memory, video,CPU, etc). Nothing helped, the beeping started exactly at the same point even when I re-started the installation over.

SURPRISE II
OK, maybe it happened because the motherboard is quite specific? An overheated CPU? I was confused. Then, using my SHOE troubleshooting principle (software-hardware-operator-environment), I have decided to try installing Vista 32-bit instead of Windows XP. To my surprise, the installation went smoothly and without beeping. Bingo! The only explanation I found that the CPU did not handle Windows XP code well. What else?

SURPRISE III
I was impatient and did not bother to enter the Vista serial number. I have rebooted the PC, loaded Windows 64-bit Upgrade DVD, and using Explorer tried to run the setup. Hold on, boy! I am 64-bit baby, not 32! The setup has refused to continue. I have rebooted the PC again and booted the same DVD instead of Vista.
To my third surprise, the operating system ignored that fact that Vista is not licensed, and installed Windows 7 without any glitch!

Now, what to install on Windows 7 PC?
Beyond updates to Windows 7 from Microsoft web sites, I installed immediately the following programs:
1. VIPRE Antivirus+Antispyware (see why here)
2. ZoneAlarm Software Firewall
3. Adobe Reader 9.2
4. Total Commander v. 7.5a to use instead of File Explorer, WinZIP, FTP client, and perhaps, many more other utilities. This utility is very unique and I highly recommend it. I have registered the copy of this utility but if you are REALLY short on money, it can be used for free with one small annoyance.
5. StarDock's Fences: to group the icons on my desktop and avoid clattering.
6. Office 2007 (ask your kids who have college e-mail (with EDU extension) to buy it for you for only $49.95 from MIcrosoft web site). Also, since the Office 2010 is coming soon, the upgrade to 2010 will be cheaper than full version. Unconfirmed data suggest that the student's copy of Office 2010 will cost $99.95 per copy.

7 . How many browsers should you use on Windows 7 PC?

My answer is 3-4. Of course, it depends on your needs but I use IE8 only when the web site requires IE, otherwise, I use Firefox for everyday browsing with normally 15-25 tabs opened at the same time. I like Firefox for a great set of free plug-ins that enhance browsing, saving, bookmarking, tabbbing, etc.

For short web inquires, I use Google's Chrome 2.0 - it's plain, quick, and doesn't take a lot of memory comparing to Firefox and IE. Sometimes, I also install the Apple's Safari 4.0 for Windows. It's the fastest browser that allows me to test the compatibilities of the web pages when I design the web sites.

Now, some recommendations based on my experience with Windows 7 OS:

1. NEVER install the 32-bit programs into default directories but only to c:\Program Files (x86)\ folder. Otherwise, you will see the degraded performance of the hard drive's I/O operations as well as the CPU overloads to the degree that your PC will start complaining by bipping with an internal PC speaker.

2. If you have the Smart Phone/PDA to synchronize with Windows 7, you should use new Microsoft Windows Mobile Device Center 6.1 Driver for Windows Vista (64-bit), (you should have the valid copy of Windows 7 since you must install the Windows Genuine Software update unless you find the software elsewhere on the web).

3. Do yourself a favor and subscribe to Netflix online movies delivery for only $7.95 (or $8.95 with a delivery of one DVD to your mail box in addition to unlimited number of online movies). With all mentioned above hardware, you can watch plenty of movies through your PC right on your PC monitor or just connect the HDMA cable to your LCD TV (if it has the free port).

I am sick of Twitter, are you?

2009-05-14T13:10:00.006-05:00

I have already mentioned at various forums that the online programs like Twitter, Facebook, etc were created to make money for those who introduced and marketed them. There is nothing wrong with it but how many similar web sites do we really need? There are several new applications AROUND the Twitter. Every one of them wants you to subscribe and login and multiple the number of users. Why? To sell the web site later! Who are those time-wasters beyond teenagers? You and me, and millions of others.

Imagine that there were no Twitter and similar web sites that grow like mushrooms after rain.
Would you really miss it? Maybe 5% of all Twitters would honestly say yes, but the majority including myself simply would not care.
People stopped to socialize personally. They use Facebook, MySpace, Craigslist, Twitter, Delicious, ...
I have counted more than 150 web sites, so far! There are probably more not listed on Wiki. Instead of meeting people personally, we are texting like crazy - everyone is super-busy to even look around - texting, texting, texting...
This is worse than swine flu. Maybe it is another, more crazy form of forgotten Usenet? I would call most of those web site social time-wasters. There are not so many that are truly useful.

I hope some day people will realize that it must be limited, and the identity theft that is a result of social networking can be stopped if people will stop posting full biography and personal data on the web sites and also will be more careful about infected web pages on social networking web sites that became simple target for malware creators/distributors.

Are you aware of the fact that there are many new social networking sites dedicated to hate, racism, anti-antisemitism, recruitment of Muslims for who knows what, hacking, and similar?
While we cannot simply stop it, we have to be at least aware of what's going on. Instead of endless texting just step aside and think for a moment about what's going with all of this craziness. Is it really useful for your life? Can you live without typing?!

There will be some folks that might disagree with me. OK, what's your take on it?

Why I use the VIPRE to protect my PC against malware

2009-04-29T12:23:00.002-05:00

Following the news about a "pig virus" or "swine" as the media call it, I want to share my experience on protecting my home PCs against computer viruses and various spyware.

All of you use PCs on a daily basis and if you work for the company, it is not your headache to protect the end-user PC. Your headache is at home (PC or laptop).Since the viruses/spyware penetration level got to the degree when one anti-virus program installed on PC is ABSOLUTELY not enough, I usually recommend installing 3-4 programs.

1. Free ZoneAlarm Desktop Firewall

2. Free AVG Anti-virus software

3. Free SpyBot anti-spyware software

4. Free AdAware Personal anti-spyware and ad-watch software

Note the word "Free". Until recently, I was pretty much happy with it - what is better than free? The AVG Anti-virus program delivered great results by discovering the spyware like Trojans, key loggers, etc. I use the P-2-P networks as many of us (Torrents, eMule, and similar), browse hundreds of web sites, and download various small and large programs for testing/implementing. As you may guess, I am getting enough of "bad stuff" on my PC that must be cleaned every day.

How do I use all these programs? First of all, two programs are running permanently (Firewall and AVG). Also, I use the other 2 programs weekly to verify how good AVG on removing viruses/spyware. Of course, you have to be very careful about timely updates since the number of viruses/spyware is growing on a daily basis. So, the update check is setup on "every 4 hrs".

As my hard drive grows in capacity, the time to clean up that "bad stuff" is becoming an issue. My AVG Anti-virus program takes about 22-23 hrs to scan both of my drives taking often up to 95% of the CPU cycles and slowing down my PC to the degree that I have to pause the scan when I need to use the PC. I also want to mention that the sizable chunk of memory used by AVG is taken away from my applications.

Recently I got an e-mail from Sunbelt Software Company about their new and advanced product called VIPRE. This product has a combined protection: AntiVirus + AntiSpyware. Isn’t it a time to check what is better than AVG? I have downloaded the PC version of the software for one month of evaluation (try before buy).

To my absolute surprise, the very first time the software ran on my PC, it has discovered 11 spyware programs hidden on my hard drive (and it is after AVG + Spybot + AdAware said that everything is clean!). Needless to say, I have begun respecting this software from the first day. The fact is that it is amazingly FASTER than any other protection program I ever tried (Avast!, Kaspersky, McAfee, Symantec, etc) and takes less PC memory resources.

I am at this end of my evaluation, and I will buy this software without hesitation. I believe that $29.95 is justifiable spending to protect my PC against the "bad stuff".

I have restricted my wife against using the commonly used "social networking" web sites from the PC where she does an online banking to pay for our bills. Why did I do it? I spent totally 9 hrs to clean up her PC from multiple variations of spyware (in spite of installed AVG)!

The problem is that many known "good" web sites are the source of as we call it "malware" (or malicious software). The primary example is a Facebook, not to mention several others. The hackers inject malicious software into the known and respectable web sites such as business or entertainment sites. When you point your browser to one of infected web sites you automatically download the malicious software that silently does its damage. The Antivirus program itself cannot protect you against this type of infections even with a real-time monitoring mode enabled.

I am sure you heard about "confiker" virus (see my blog at http://securecyber.blogspot.com/2009/04/what-to-do-if-you-are-infected-with.html). The millions of PCs worldwide are infected with this virus. It may sit on a hard drive for a long time doing nothing, however, when the hackers want they may upload to your PC any other malicious program (such as password stealers, other viruses, spyware) using the confiker virus as a carrier. Total damage of confiker is already estimated by 9.1 billion dollars worldwide, and this is not the end.

I have compiled the page about VIPRE. You can find it here:

http://www.rtek2000.com/Tech/antivirus-vipre.html

Use it at your own discretion. My slogan is: "It's better to be cautious that sorry later".

Word of caution:
When you use multiple anti-malware programs, make sure they don’t conflict with each other. First of all, they may recognize the competing program as a malicious. Secondly, they often use the same areas of memory or control the same important files of your desktop operating system. If you do not temporary disable other anti-malicious programs while you ran the anti-virus or anti-spyware software your PC can be locked or even worse - the files will get corrupted.

If you want to install VIPRE, please UNINSTALL and REBOOT your PC or laptop before installation; and don’t forget to perform the regular backup of your important files (I hope you do it periodically, don’t you?).

What to do if you are infected with Confiker

2009-04-01T13:07:00.004-05:00

Just to share waht I found:

1. Point your browser to Symantec.com or McAfee.com

If you are able to access the web site, your computer is probably not infected with Conficker as the worm blocks access to most security web sites. One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies.

2. If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here: http://www.800-security.com/tech/FixConfiker.exe

Advice to Stay Safe from the Worm:

1. Run a good security suite (I just began using VIPRE from Sunbelt software, and very pleased with it).
2. Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
3. Don’t use “free” security scans that pop up on many web sites. Many of them are fake. In addition, some of them are using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. In accordance to some security pros, there is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
4. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
5. Be smarter with your passwords:

1. Change your passwords periodically
2. Use complex passwords – no simple names or words, use special characters and numbers
3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.

4. Use fingerprint readers (buy from Digital Persona - I love them). You can avoid typing (and any keylog software won't be able to capture it)

5. Use the multi-word passwords (for instance: "my buddies use rtek2000" or "security is not a measure but process"

Phishing Guide

2009-03-04T13:36:00.005-05:00

I thought you might be interested to read the new articles from PayPal on PHISHING and how to protect your identity and money.

https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/UnderstandPhishing-outside

Please read all 3 parts. The links to each next part are below the article. PayPal has done very good job on explaining the problem with plain English and nice illustrations. Don't miss it!

What's your plan on Windows 7 and new PC?

2008-11-03T13:09:00.000-05:00

Several weeks ago, one of my customers that I am mostly volunteering (he is over 80) asked me to assist him in buying the new PC. He brought several brochures from HP and Dell. To my surprise, ALL of them where 64-bit systems. The surprise was unpleasant since I did not shop for the new PC for at least 2 years since I bought Dell 8400 with 3GHz processor. Why unpleasant? Did you try to install Office 2003 on 64-bit machine? How about a bunch of other applications that you get used to but CANNOT use with 64-bit hardware?

Do you see where I am pointing to? The PC manufacturers force the consumers to buy the 64-bit systems and, at the same time, force to update ALL applications, games, utilities because they are no longer compatible... What amazes me that I did not see the articles that scream aloud about this situation?

There were many discussions about reasons to skip an upgrade to Vista in favor of coming Windows 7, the newest Microsoft’s desktop OS coming in the beginning of 2010. I have contributed to several articles where I explained why I am NOT going to upgrade to Vista but what I would like to discuss is what to do with Windows XP now.

*** Windows 7 is being dubbed "Vista done right" ***

Plenty of sources have detailed the exciting changes that Microsoft is bringing to Windows 7, the successor to Vista. Microsoft heard the screams of PC users who said they hate Vista, and therefore the new version focuses on the user experience heavily.

Here is what I found on the net:
"While some of Microsoft's competitors focus first on flash, then on the underlying architecture, Microsoft took the reverse route this time. Now, at least, the roads come together. Windows 7 is sexy, usable, and streamlined. It was demonstrated on an ultra-lite computer with a 1GHz processor and 1GB of RAM... the OS can run in less than 512MB and boots up much faster. It's likely to have fast boot options that will provide functionality for watching DVDs or other media without requiring the full OS. And because Windows 7 is built on the same kernel as Vista, we won't suffer from vendors who leverage a Windows upgrade to obsolete their drivers and hardware… in other words, no compatibility problems. Thank goodness!" Check this out also:
http://www.wservernews.com/X9Q2B1/081103-Windows-7

At the same time, you know, I am happy about Windows 2008 server, and particularly, Windows Server 2008 R2 that is also on the horizon. It really makes sense to add the power to the servers. The updated version of Win2K8 R2 comes with significant improvements to virtualization and virtual machine (VM) management. What is interesting, this upgrade is 64-bit only (the fact is known since Microsoft did not make a secret from it). The new PowerShell 2.0 and the new PowerShell-based consoles will be added, including the Active Directory Administration Console. Check this out: http://www.wservernews.com/X9Q2B1/081103-SQL-Server-2008

*** Is it a Great Time to Buy a New Computer?!**

All the major vendors have just released brand new models based on the very latest, thinnest, most power-friendly Intel (and AMD) chipsets. New models offer more storage, better power utilization, and key new interfaces including eSATA. On the "high end", there are some laptops that even can edit High Definition video and burn it to a Blu-Ray disc. By the way, about the Blu-Ray. I see that it did not gain mainstream due to high cost of licensing for manufacturers and high retail cost.

How would you justify spending $150/$200 for a new player if you can buy pretty decent quality copies of HD movies that can be played on most of the DVD players? The market of Blu-Ray players is barely 4-5% of total market (and it is after defeating the HP with their own HD format!). I believe that the new format will be introduced by some of the known firms in the closest future.

Since Windows 7's hardware requirements might actually be lower than Vista's, the new PC 2010 could be a power horse.

I don't know about you but I am not going to upgrade my 3GHz system until Windows 7 (or whatever name it will have) will be available along with thousands of utilities and applications compatible with 64-bit system.

How about you?

3 new NIST documents

2008-10-06T10:16:00.000-05:00

There were 3 new documents released by NIST - The US National Institute of Standards and Technology. One of them was related to the Bluetooth Security with suggestions on how to implement the Bluetooth technology securely. It will help those IT professionals who are responsible for Bluetooth communications. If you want to download it, here is the link:
http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf

The second document is a Technical Guide to Information Security Testing and Assessment. The finalized document provides a guidance to designing, conducting, and analyzing the data generated by those tests.
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf

The 3rd document is just a draft, and at this momnet is not so significant (A Guide to Industrial Control Systems (ICS) Security.

DDoS attack from Russian hackers... again

2008-08-19T11:15:00.001-05:00

1) http://blogs.zdnet.com/security/?p=1533&tag=nl.e550
2) http://www.telegraph.co.uk/news/worldnews/europe/georgia/2539157/Georgia-Russia-conducting-cyber-war.html

To confirm my point of view regarding Russian hackers and their employers, read the article above.
The actions described in the article are clear demonstration of knowledge in cyber security used to suppress the web site of a defined enemy (in this case, Georgia - former USSR republic). There are no doubts in my mind that it was pre-designed by the Russian Government. ShadowServer.org mentioned that there is no proof that the Russian Government was behind that attack. However, ask yourself why would you try to suppress the Georgian President's web site unless it's your enemy's web site?

As you can see, when the war began, all weapons in your dispositions are used. The cyber hacking or DoS attacks are the new battlefields, and it must be taken seriously.

Finally! Cheaters are punished... kind of...

2008-08-19T10:44:00.004-05:00

Please read my comments below regarding this article from InfoWorld.

Microsoft sues site to stop certification test leaks

Microsoft claims Freetech Services was selling actual exam questions on its certification test help-site

* By Robert McMillan, IDG News Service
August 18, 2008 | http://www.infoworld.com/article/08/08/18/Microsoft_sues_site_to_stop_certification_test_leaks_1.html

A federal court in Connecticut has ordered a certification test help-site to stop publishing Microsoft-related materials after the software maker sued the company, claiming that it was selling actual certification exam questions.

In a preliminary injunction signed Thursday, U.S. District Court Judge Warren Eginton ordered Pass4sure.com and its parent company, Freetech Services, to stop distributing the materials.

Pass4sure sells "high quality IT exam practice questions and answers," according to its Web site. The company promises a full refund to anyone who does not pass an IT exam on their first try after using its testing engine.

However, Microsoft says that the company is selling actual exam answers. Company investigators downloaded the Pass4sure practice exams for a variety of tests in early May and found that they were "identical or substantially similar" to Microsoft's own certification exams, Microsoft said in court filings.

Pass4sure sells questions for many certification tests, including those offered by Cisco Systems, Oracle and IBM. The tests cost between about $80 and $125.

These kinds of professional certifications are an important measurement of professional advancement amongst IT professionals and can translate into bigger salaries for those who earn them.

Although Pass4sure no longer lists Microsoft tests on its Web site, cached pages linking to dozens of tests can be found on Google.com.

[My Comments] This company along with several others like TestKing are long due to panishing for unfair practice, stealing the revenue from competitors by engaging in the provocative Search Emgine Optimization technique (using the competitors products' keywords), cheating the Google and Yahoo with saturating their pages with hundreds of keywords related to their own products, selling the programs that repeat actual exams questions, and even selling the IT Certification certificates for a nominal fee. In order to stop their activity and bandit methods to conduct business, they have to be panished financially.

I can almost guarantee that they will announce a new web site under a new name and will do the same! Why am I so sure? They have already created the web sites with the Microsoft exams numbers as the domain names. All the links are being redirected to pass4sure.com and testking.com or testking.name (Example: www.640-802.net). I guess, Cisco must follow the Microsoft's steps.

My reply to the Article about CISSP certification

2008-06-20T13:56:00.000-05:00

I posted the reply to the Article about CISSP certification http://www.tssci-security.com/archives/2008/06/19/rip-cissp/#comment-7927 at TS/SCI Security.

Well, I have written an article in 2002 when the certification craziness was in its highest spot (http://www.rtek2000.com/Good/Why_we_have_to_fight_with_hypes.pdf). If you spend 10 min to read the article you will understand my point regarding who particularly benefits from all 5000 existing certifications. It is still the case with some exceptions. I have been an employer and I am an employee, so I know both sides of job market. There are many cases when the certification is a big plus if you want to be hired for certain positions, and as much as I don't like certifications I have to admit that I have few including CISSP that I got last year.
While I was learning the material for about 4 months, I got my horizon expanded. I learned about risk management, disaster recovery strategies, and cryptography. I know for sure that I would never touch those topics otherwise. The CISSP certification is intended mostly for managers who plan the security and risk management within their firms. It is not in any way a substitution for hands-on experience. In fact (and many folks know it) the CISSP certification is about two inches in depth knowledge about 10 CBK domains but two miles wide (a little bit about everything). So, we are talking about generalists here, not hands-on professionals - if you are talking about hands-on knowledge, it has nothing to do with it.

Why it became a popular certification? Mostly due to the good marketing by the ISC(2) marketing team. They were able to penetrate the DoD to make CISSP a standard for any security professional. All other vendors including CompTIA failed to reach such a degree of popularity.
I passed the exam to prove something to myself, and currently I have no benefits of having it in addition to $500 exam, and $85 yearly fees. But you'd be surprised that my resume with the magic letters attracted many job recruiters. The CISSP certification may bring some benefits to job seekers.

Feel free to look for CISSP certification resources here: http://www.rtek2000.com/courses/CISSPresources.html

The lost war in a progress…

2008-06-19T14:44:00.001-05:00

It’s been said a lot about a war with hackers, virus creators, spammers, etc. The war that is in continuous mode – had some start dates but with a high degree of certainty will never have the end date until we use computers connected in the networks.

Unfortunately, we still have a reactive approach to the spyware/virus problems even if there were numerous advances in the anti-virus and anti-spyware technology that deal with sophisticated technique to cause you damage on your desktop or server.

I have recently updated my free AVG anti-virus program with the latest version 8.0. I don’t have a lot of disk space (total probably around 400GB) but the program took about 15 hrs to scan through my files. I was amazed with amount of discovered infected files, registry entries, cookies, etc. It would not surprise me if I’d not use the AVG or any other anti-spyware or anti-virus program before, but after upgrading to the latest version that includes all available protection (even the web links) and the amount of discovered vulnerabilities (keyloggers, Trojans) I was surprised with a level of detecting that was greatly improved with a new version. Of course, all the sophistication of the software comes with a price of being very slow. Agree that 15 hrs of scanning and slowing down the processor to 50% of its capacity is not the best feature of any anti-virus software.

With hundreds of new viruses and spyware program being created and purged in the net, the virus databases are swelling. It takes more and more time to compare each file on your system with thousands of known and possible infections. It is like to have a heavy armory on your body that becomes heavier every hour slowing you down in your quest to fight with an army of virus creators.

Recent news about utilizing the strong 1024-bit RSA encryption that is impossible to crack to screw up your desktop files is a proof of lost war in a progress. Look how shameless the enemy is. To encrypt your data files with 1024-bit encryption and to sell the private key to decrypt it is not something that can be taken easily (http://blogs.zdnet.com/security/?p=1251 ).

Imagine you have the reports or financial spreadsheet files and then suddenly you realize that you cannot open them. Instead of getting the files opened on the screen you are getting a popup message with an e-mail address where you have send money to buy the decryption software. No, you cannot find who the perpetrators are – believe me, they are the same smart to hide their identities as smart to write the software. What would you do?
Some of the folks mentioned that good backup is a protection against this vulnerability. But others properly argued that you usually never check if you can open EVERY file after you performed the backup. It means that you can overwrite them next day with encrypted file if you use the large capacity hard drives or tape to perform the backup operation. There is only one way to preserve the original files if you burn the CD/DVD and collect them day after day.

Something similar happened in a past. If you run Google search you may find the following links: http://www.jahewi.nl/malware/ransomware/ransomware.html, http://news.bbc.co.uk/2/hi/technology/5038330.stm.

Many folks put their two cents about this story. The one comment from Duncan I like I want to re-post here:
“*ransom note received composed of random letters clipped from newspaper*
"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"
..but seriously, folks, this starts to sound like some sort of weird 419 scam. They're not going to decrypt your files even if you pay them, and I'll bet you a whole DOLLAR that if you're stupid enough to contact them, they accept only CREDIT CARDS as payment. Chances are that the data isn't even really encrypted, it's just plain overwritten and GONE, copied over with gobbledygook random data, and you'll just get your identity stolen on top of never getting your files back. On the other hand they think they're being really clever, I'm sure, and the ones that think they're clever are usually the ones that get caught quickly and go to jail for a long, long time.”
I just hope that Duncan is right and the smart a%%$$ will be caught quickly.

COFEE - "Computer Online Forensic Evidence Extractor"

2008-05-12T08:15:00.001-05:00

I think it is a quite significant event... Yes, Microsoft helps Big Brother to sneak into your PC for forensics evidence with a software that is not available to the general public. From one point of view, it's a great help to those folks who are working for FBI. From another point of view, it's a good idea to remember that the Big Brother is watching: don't use your employer's PC for personal (and sensitive!) information as it can be easily extracted any time even if you have emptied your trash can.
Read below.

Microsoft is now talking about COFEE, a tool they have released to some law enforcement agencies to let them take a look at Windows computer in a faster, less intrusive way that's easy to use. COFEE stands for "Computer Online Forensic Evidence Extractor" and details about what it can do are thin on the ground. That's understandable from a law enforcement perspective but when you combine a lack of hard facts to a distrust of Microsoft and some government agencies you get plenty of rumor, guesswork and outright paranoia all across the Internet. Office Watch has the whole story:
http://www.wservernews.com/X9Q2B1/080512-COFEE

My war with a Spam. Continue...

2008-04-25T09:33:00.002-05:00

First of all, my apologies to those who bookmarked this blog. I have no time to post new articles since January, and you can blame me for that, I know...

On another note, I have something interesting to discuss. One of the Forms at RTEK 2000 web site is dedicated to those who want to order the Self-training packages (DVD or CD based tutorials for IT certifications). Recently, RTEK 2000 webmaster began receiving the messages with obvious SPAM information filled out through that form. It is nothing unusual, so the webmaster has re-designed the form adding the captcha code requirements, used Flash for coding, as well as renamed the form header but preserved the file name. After uploading a new file, to his surprise, the spam did not stop. The same information was sent over e-mail with the same form fields from the old file.

How could it be? Of course, we know that it is called e-mail spoofing, however the old Form does not exist but the spammers still use it to push the spam. Could the code in the Form be downloaded to the spammer's web site and then re-used? Possible.

I spoke to the technical support of RTEK 2000's ISP. They mentioned that the spammers could use the cached copy of the file from Google.
In fact, when the webmaster provided me with the files that you might find interesting (see below), I am kind of in doubts about cached file but inclined to believe that that copy of the code was re-used from the spammer's web site. Correct me if I am wrong.

Before you look down on the content of the files, for those who uses my list of spamming web sites and the filtering based on a provided information, I have updated the content of the file and included a bunch of additional IP addresses. Find the file here:
http://www.800-security.com/tech/SPAMaddresses.txt

=============================================
MESSAGE HEADER.

My COMMENTS: Pay attention that the IP address of the sender is 127.0.0.1. Also, I have replaced all HTTP with HTP in order not to promote the spammer. (:-)

==============
Return-path:
Envelope-to: webmaster@rtek2000.com
Delivery-date: Fri, 25 Apr 2008 04:37:06 -0600
Received: from eigzerz9 by box336.bluehost.com with local-bsmtp (Exim 4.68)
(envelope-from )
id 1JpLIf-0008NP-M4
for webmaster@rtek2000.com; Fri, 25 Apr 2008 04:37:06 -0600
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on box336.bluehost.com
X-Spam-Level:
X-Spam-Status: No, score=-0.6 required=5.0 tests=ALL_TRUSTED,BAYES_00,
FORGED_YAHOO_RCVD,MISSING_MID,URIBL_JP_SURBL autolearn=no version=3.2.3
Received: from localhost ([127.0.0.1] helo=box336.bluehost.com)
by box336.bluehost.com with esmtp (Exim 4.68)
(envelope-from )
id 1JpLIf-0008NE-Gf
for webmaster@rtek2000.com; Fri, 25 Apr 2008 04:37:05 -0600
Date: Fri, 25 Apr 2008 04:37:05 -0600
To: webmaster@rtek2000.com
From: 2kdcfv8m@yahoo.com
Subject: [Video Package Order Form]
X-Identified-User: {666:box336.bluehost.com:eigzerz9:800-webdesign.com} {sentby:program running on server}
Message-Id:

Below is the result of a form submission from ht tp://www.duiwashington.com/dui_washington/dui_laws/wa-house-bill-3317.html, ht tp://www.psy.uni-muenchen.de/iva/raum3225.html, ht tp://spectrum.troy.edu/wwwboard/spring2008/jrn3312.html, http://www.rtek2000.com/OrderFormVideo.html on 4/25/2008 at 4:37 AM:
---------------------------------------------------------------------------

title: Video_Package_Order_Form
print_date_in_db: 1
print_blank_fields: 1
a_name: ins01
jobposition: ins01
organization: ins01
address1: ins01
address2: ins01
city: ins01
state: ins01
zip: ins01
zip_foreign: ins01
phonenumHome: htp//home.flash.net/~hesler/dmk/_/ins01/sitemap.html
phonenumBusiness: ins01
email: 2kdcfv8m@yahoo.com
software: ins01
software_price: ins01
shipping_fee: ins01
total_price: ins01
certify: ins01
comments: htp//adigital.pntic.mec.es/~castello/images/trans/ins05/98.html afflac.com [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/98.html] afflac.com [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/97.html geic0 [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/97.html] geic0 [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/96.html esursance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/96.html] esursance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/94.html wawanesa auto insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/94.html] wawanesa auto insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/95.html geico.ocm [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/95.html] geico.ocm [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/93.html stae farm [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/93.html] stae farm [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/92.html progreessive insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/92.html] progreessive insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/90.html giecoautoinsurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/90.html] giecoautoinsurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/91.html cheap health insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/91.html] cheap health insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/89.html cigna health insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/89.html] cigna health insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/88.html wawanessa [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/88.html] wawanessa [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/87.html guardian dental insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/87.html] guardian dental insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/86.html etna insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/86.html] etna insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/85.html auto ins quotes [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/85.html] auto ins quotes [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/84.html progresssive.com [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/84.html] progresssive.com [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/83.html allsatate [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/83.html] allsatate [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/82.html ww.aiginsurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/82.html] ww.aiginsurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/81.html progressive.vom [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/81.html] progressive.vom [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/79.html progreesive [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/79.html] progreesive [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/80.html geicoinsurance.com [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/80.html] geicoinsurance.com [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/78.html progresive insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/78.html] progresive insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/77.html ww.progressive.vom [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/77.html] ww.progressive.vom [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/76.html esurrance.com [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/76.html] esurrance.com [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/75.html aflac insurance quotes [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/75.html] aflac insurance quotes [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/74.html alstate [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/74.html] alstate [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/73.html primerica insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/73.html] primerica insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/72.html progressive.c0m [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/72.html] progressive.c0m [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/71.html home insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/71.html] home insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/70.html statfarm [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/70.html] statfarm [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/69.html assurion [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/69.html] assurion [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/68.html arrp insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/68.html] arrp insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/67.html giecocarinsurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/67.html] giecocarinsurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/65.html atena insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/65.html] atena insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/66.html atnea [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/66.html] atnea [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/64.html geicio [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/64.html] geicio [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/62.html proggressive [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/62.html] proggressive [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/63.html alstate insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/63.html] alstate insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/61.html infinity auto insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/61.html] infinity auto insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/60.html gieco insurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/60.html] gieco insurance [/url] htp//adigital.pntic.mec.es/~castello/images/trans/ins05/59.html eshurance [url=htp//adigital.pntic.mec.es/~castello/images/trans/ins05/59.html] eshurance [/url] htp//ww.bklwebdesign.com/ life insurance [url=htp//ww.bklwebdesign.com/] life insurance [/url] htp://seaba.net/ car insurance [url=htp://seaba.net/] car insurance [/url] htp://homeschoolrunner.com/ home insurance [url=htp://homeschoolrunner.com/] home insurance [/url] htp://delyart.com/ life insurance [url=htp://delyart.com/] life insurance [/url] htp://ww.americasauto-mart.com/ auto insurance [url=htp://ww.americasauto-mart.com/] auto insurance [/url] htp//ww.casino-observer.info/ online casino [url=htp://ww.casino-observer.info/] online casino [/url] htp://ww.insurance-focus.net/ insurance [url=htp//ww.insurance-focus.net/] insurance [/url] htp//ww.urlcorrector.net/ urlcorrector [url=htp//ww.urlcorrector.net/] urlcorrector [/url] htp://ww.freeblackjackcash.com/ blackjack [url=htp//ww.freeblackjackcash.com/] blackjack [/url] htp//ww.dating-sc.info/ dating [url=htp://ww.dating-sc.info/] dating [/url] htp//ww.jewelrytrio.com/ online casino [url=htp://ww.jewelrytrio.com/] online casino [/url] htp//ww.alemanyboysbasketball.com/ online casino [url=htp://ww.alemanyboysbasketball.com/] online casino [/url] htp://ww.jeffmoe.com/ credit cards [url=htp://ww.jeffmoe.com/] credit cards [/url] 3pZkFg0rsp
want_to_learn:
submit_button: Submit Request---------------------------------------------------------------------------

MESSAGE ITSELF:
--------------------
Date: Thu, 24 Apr 2008 05:22:20 -0600 [05:22:20 AM MDT]
From: b1zdn7g6@yahoo.com
To: webmaster@rtek2000.com
Subject: [Video Package Order Form]
Headers: Show All Headers

Below is the result of a form submission from htp//kagura77.blog99.fc2.com/blog-entry-717.html, htp//wanwanlapper.seesaa.net/article/91148882.html, htp//www.sarahloulingerie.com/speed-queen-p-1394.html, htp//kullwee.blog67.fc2.com/blog-entry-1393.html, htp//tak-to.com/archives/401, htp//kullwee.blog67.fc2.com/blog-entry-1392.html, htp//tearoombergamot.blog55.fc2.com/blog-entry-1383.html, htp//77.66.192.239/forum/238/1-10/, htp//tomishu.justblog.jp/blog/2008/04/post-3589.html, htp//color01.blog22.fc2.com/blog-entry-1.html, htp//color01.blog22.fc2.com/blog-entry-2.html, htp//voyage2.blog62.fc2.com/blog-entry-33.html, htp//voyage2.blog62.fc2.com/blog-entry-34.html, htp//www.laosver.gr/about/mailpage.php?NEWS_ID=2662, htp//www.laosver.gr/about/mailpage.php?NEWS_ID=2662, htp//www.digitalgiftstore.com/returnform.html, htp//www.rtek2000.com/OrderFormVideo.html on 4/24/2008 at 5:22 AM:
---------------------------------------------------------------------------

title: Video_Package_Order_Form
print_date_in_db: 1
print_blank_fields: 1
a_name: online casino
jobposition: online casino
organization: online casino
address1: online casino
address2: online casino
city: online casino
state: online casino
zip: online casino
zip_foreign: online casino
phonenumHome: htp//www.carolinaflashlights.com/
phonenumBusiness: online casino
email: b1zdn7g6@yahoo.com
software: online casino
software_price: online casino
shipping_fee: online casino
total_price: online casino
certify: online casino
comments: htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/199.html zurich insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/199.html] zurich insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/198.html zurich car insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/198.html] zurich car insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/197.html www.principalinsurance.com [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/197.html] www.principalinsurance.com [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/196.html www.mypetinsurance.com [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/196.html] www.mypetinsurance.com [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/195.html wawanesa car insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/195.html] wawanesa car insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/194.html wawanesa auto insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/194.html] wawanesa auto insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/193.html village auto insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/193.html] village auto insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/192.html valley forge life insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/192.html] valley forge life insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/191.html usaa insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/191.html] usaa insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/190.html unum life insurance company [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/190.html] unum life insurance company [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/189.html united health care insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/189.html] united health care insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/188.html united automobile insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/188.html] united automobile insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/187.html unicare health insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/187.html] unicare health insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/186.html unemployment insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/186.html] unemployment insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/185.html travelers insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/185.html] travelers insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/184.html travelers car insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/184.html] travelers car insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/183.html travel insurance uk [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/183.html] travel insurance uk [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/182.html travel insurance quote [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/182.html] travel insurance quote [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/181.html transamerica occidental life insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/181.html] transamerica occidental life insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/180.html the hartford insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/180.html] the hartford insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/179.html the guardian life insurance company of america [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/179.html] the guardian life insurance company of america [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/178.html texas department of insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/178.html] texas department of insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/177.html td auto insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/177.html] td auto insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/176.html statefarminsurance.com [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/176.html] statefarminsurance.com [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/175.html state farm insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/175.html] state farm insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/174.html state farm insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/174.html] state farm insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/173.html state farm car insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/173.html] state farm car insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/172.html standard life insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/172.html] standard life insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/171.html stae farm auto insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/171.html] stae farm auto insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/170.html spectara insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/170.html] spectara insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/169.html slade smiley title insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/169.html] slade smiley title insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/168.html site:www.infinityauto.com infinity auto insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/168.html] site:www.infinityauto.com infinity auto insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/167.html site:www.edd.ca.gov california involuntary unemployment insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/167.html] site:www.edd.ca.gov california involuntary unemployment insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/166.html sedgewick insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/166.html] sedgewick insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/165.html second to die life insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/165.html] second to die life insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/164.html safeway auto insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/164.html] safeway auto insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/163.html renters insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/163.html] renters insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/162.html reliastar life insurance company [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/162.html] reliastar life insurance company [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/161.html reliastar life insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/161.html] reliastar life insurance [/url] htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/160.html reliance standard life insurance [url=htp//www-utenti.dsc.unibo.it/~leonardi/dottorato/_notes/_/ins01/160.html] reliance standard life insurance [/url] htp//www.bklwebdesign.com/ life insurance [url=htp//www.bklwebdesign.com/] life insurance [/url] htp//seaba.net/ car insurance [url=htp//seaba.net/] car insurance [/url] htp//homeschoolrunner.com/ home insurance [url=htp//homeschoolrunner.com/] home insurance [/url] htp//delyart.com/ life insurance [url=htp//delyart.com/] life insurance [/url] htp//www.americasauto-mart.com/ auto insurance [url=htp//www.americasauto-mart.com/] auto insurance [/url] htp//www.casino-observer.info/ online casino [url=htp//www.casino-observer.info/] online casino [/url] htp//www.insurance-focus.net/ insurance [url=htp//www.insurance-focus.net/] insurance [/url] htp//www.urlcorrector.net/ urlcorrector [url=htp//www.urlcorrector.net/] urlcorrector [/url] htp//www.freeblackjackcash.com/ blackjack [url=htp//www.freeblackjackcash.com/] blackjack [/url] htp//www.dating-sc.info/ dating [url=htp//www.dating-sc.info/] dating [/url] htp//www.jewelrytrio.com/ online casino [url=htp//www.jewelrytrio.com/] online casino [/url] htp//www.alemanyboysbasketball.com/ online casino [url=htp//www.alemanyboysbasketball.com/] online casino [/url] htp//www.jeffmoe.com/ credit cards [url=htp//www.jeffmoe.com/] credit cards [/url] 3pZkFdkf3r
want_to_learn:
submit_button: Submit Request
=================================

Ouch! 177 links!

Be aware!

Create complex passwords that are easy to remember

2008-01-18T14:11:00.000-05:00

I just have reviewed the following article from TechRepublic:
"Help users create complex passwords that are easy to remember"
Date: January 16th, 2008
Author: Mike Mullins
While I agree with an author that adding the characters to your favorite password is a good way to straighten it, the password like L0u!$ville is not an easy thing to type and to memorize. There were numerous discussions on how to straighten the password to make it less “breakable“ by the brute force software including usage of a “new kid on the block” – image passwords.

I personally use the password system that is more bullet proof against the brute force and at the same time is easy to remember. I use the long phrases.

Well, it quite easy. Let’s say you like the password badboy99. To transform it to the long password, let’s type something like ialwaysabadboy99. The 16-character password is twice as stronger as 8-character password above. You can make it even stronger if to type: IAlwaysaBadBoy99

Some of the systems accept the space a password character, then you can type a regular phrase like this: Never Drink and Drive!99.

Isn't it better?

Update to SPAM text file has been posted

2007-12-22T12:42:00.000-05:00

Those of you who decided to use my technique to fight spam can download an updated text file (URL to the file is specified in the article).
I have new collected data about the spamming sites and domains. The header of a file was updated as well. Njoy

Google cleaned up its index from malware sites

2007-12-14T08:53:00.000-05:00

Just want to share with you some good news.

Google finally made drastic step to remove the malware sites from their index. It was long overdue. Sunbelt first noticed the huge number of infected sites, and their appearance in results lists for a wide array of searches.
Microsoft and Yahoo! admitted that the malware sites is the problem need to be solved, however, they did not inform when they will follow Google's step. One more time: Google is ahead of crowd.

SHOULD WE BE AFRAID OF RUSSIAN HACKERS?

2007-12-12T09:45:00.004-05:00

In accordance to IT security experts, cyber espionage will be the leading IT security threat next year. More than 120 countries utilize the Internet to carry out espionage as sophisticated, inexpensive attacks outpace porous network defenses.
http://www.itcinstitute.com/info.aspx?id=45273

Reading some of the latest reports on the Internet, I would like to add my thoughts about the global-level threats coming from Russian hackers, the one of the greatest source of malicious activity and cyber crime in the world.

First of all, let’s see what the people they are and what actually forces them to carry sophisticated attacks over the Internet.

WHO ARE THEY?
In the times of the existence of the USSR, the kids were brainwashed with the communism ideology starting from the kindergarten. “Grandpa Lenin” was the idol, the leader who “brought the Great October Revolution to all poor and working people”, who created the USSR with a mob of friends and his supporters from oversees (read: Germany). The Communist Party created the social model of the growing socialism that had to be inevitably converted to communism. I don’t need to explain what the communism means except the fact that this utopia still lives in the heads of many people.

In the condition of living under the power of Communist Party and KGB as a main suppressor of bright minds, the people get used to the way they live. The intelligence, particularly, entertained their minds by reading a lot of books, by listening the voice of the West using the transistor AM/FM radio, discussing the life and politics in the close circle of friends, and basically did not expect anything extraordinary from the every-day life. The main rule was “don’t stick your nose out” and you’ll be safe.

Young generation saw a clear path to the acceptable level of living (of course comparing to all other people in that country): get High School Diploma, get College Degree, and find the work as a regular engineer with average, low compensation, or, at least to become the factory worker. All of them knew that there is no way to make more money in that society unless you decide to break the law.

Everything was so standardized in a term of living that no one expected something extraordinary in their lives. To buy the car would take 10-15 years of hard work with above average compensation and saving of every possible ruble (Russian currency).

Time has dramatically changed the people who live in Russia these days. The money making opportunities, the food in the food stores, the clothe in the department stores, the new foreign cars on the streets, the new very rich Russians so–called "New Russians", the cost of living, and of course, the new Information Technology - everything has changed! The intelligent minds are more occupied with "how to make more money" idea than with new books in the book stores even if they don't have to get them through the network of friends anymore or exchange for other goods because they are freely available in the stores (just pay!).

The perception have changed! Now it is close to the Western's: to become rich! Those who were close to the Communist Party in the old days were able to grab the natural resources or entire fabrics/plants and became rich in very short period of time. They became the ideal for young generations: get rich quick. However, those who were ordinary people had no access to the country’s pie that already has been divided among the elite.

Current political situation in Russia does not encourage people at all. Believe or not, the life there still sucks. There is nothing worse than reasonless, apathy and useless life. The life when you have to kiss ^%$ (pardon my French) to every bureaucrat, put yourself down in a front of plumber or person from the Management office of the building where you live when you have to solve the every-day problems - is not something that you want to respect. Corruption has spread its web everywhere, and if you happen to cross the border of Russia it starts right there where the officials take unfairly large fees (or "bribe tax") for bringing the goodies – the fact of life in many sectors of the Russian economy.

This is so known fact that in order to minimize the exposure to corrupt practices the US Commercial Service recommended dealing only with large, well-known companies or publicly visible officials whenever possible. This suggestion is not a guarantee that you can avoid the corruption schemes (ex: 8 Russian banks engaged in money-laundering scheme with over $8 billion over 3 years). When the value of the goods is not in a line with the prices, the corruption occurs. Based on VeriSign data, for instance, the Russian federal government runs on a budget less than in Texas. It surely forces the public officials who are underpaid rely more on the “bribe tax” – the rule "demand vs. supply" in works.

Russia has always been a country that supports personified power and the term "democracy" sounds like foreign word. Russia has constructed a neo-Soviet cult of personality around increasingly clamorous figure of Putin. Putin is in the last year of his two-term serving as a President with no constitutional right to run for a third term. But the Kremlin propaganda constantly reminding Russians that their destiny is based on Putin’s longevity. It’s a known fact that Putin is a former KGB officer... Nobody knows which job Putin is going to take after the 2 terms, but everyone understands that he does not want to give the power away.

The paradox is that people support Putin but they despise his government placing Putin in their minds above corruption. It can be contributed to the fact that in spite of real challenges, the Russian government made some improvements by increasing employment opportunities and stability and decreasing the chaos of 1990s.

Putin was successful in establishing personal control over the central government. In accordance to the research by Moscow Center of Research of Elites, 78% of leading political figures (executive power and legislation) were somehow connected with the former KGB or currently restructured and named FSB during their careers. No wonder that many civil rights slowly but surely are suppressed not only for Russian citizens but also for some of the foreign journalists and actors. The assassinations are not the rare occasions…

There is still a lot of propaganda but now against Georgia, against Ukraine, and against America (do they want to steal our oil?) in addition to a state of fear. Who do they afraid of? Putin, bandits, court, management, or unavoidable crisis? It’s hard to determine. People don’t know but they are paralyzed, are faceless and motionless, and already trying to kiss %^& deeper, to lie harder, to scream louder at those who are lower on the social ladder, and to restrict more if they have any power. The main principle of soviet line [in the department store] came back: hate everyone who is staying ahead of you and despise everyone who is behind you.

The fact is that "mother Russia" is a bad mother that doesn’t love her children. This continuous fear and feeling the lack of own rights – is a life condition of kids that were lacking the love. The kids with not enough love are terrible force.

Horrible...

WHAT THEY DO TO SURVIVE
Russians always "bended heads" in a front of the Western society for their language (recall Tsar Peter and French language that was incorporated into the Russian elite society or hundreds of English technical and non-technical words that are being used today even if most of them can be directly translated in Russian because it's cool to insert them into the phrases), for music (Beatles, Rolling Stones, or even rap that was replicated by the low-class Russian musicians), for jeans (black market with Russian "fartsovschiks" who sold them under the table in 80-ties and 90-ties), and for their fashion and food.

Now, the replication spread to a computer field. Russians quickly adopted Information Technology and became quite sophisticated in many areas of computing. The computers were bought using legal and illegal ways when it was necessary, especially when the supercomputers were needed.

In order to survive and eventually live better, many Russians are looking for ways to make money. Some of them are building new businesses to serve the inside population (food or household service); the others build the connections across the border and import or export the goods or materials. If you have the business skills and connections it's a right way to go. But if you have no business skills or business talent? Maybe to find the job in some existing business as an employee? Join one of the thousands mafia groups? Learn something valuable in order to be in demand, but what? Tough choices.

I happened to talk to one young Russian fellow who came over to make some bucks in the US and was working as a life guard at the pool. On my question why he does not want to work in Russia, he mentioned that his father is a poor man with poor health, and there is no one who can help the family. There are no jobs available unless you have the car and you can speak/read English, so he is trying to find the way to make more money here and legally or illegally stay in U.S. so he'll be able to send some money to the family. I am sure you could meet some young Russians working in our department stores and in the resorts across the US coast. They are the folks who want to earn some money here, in the US, and like the described above fellow either hide and work for cash or get the chance to become a legal immigrant. You can also find them in almost every European country from England to Italy (including Sicily's smallest cities). Amazing...

What if you are an educated man with no business skills and no capital? What would you do? To become a bandit does not sound attractive; to work as an employee does not bring desired compensation and it is a long-long way to the desired level of prosperity. Some of them choose this way but are not happy. No wonder, you rarely see the smile on their faces. It takes years for former Russian immigrants who moved to the US to remove the fear, life dissatisfaction, cynicism, and anger from their faces.

Russia always was reach on smart and talented people. Let's take for instance the Russian scientists who created the space crafts and rockets, or take the artists, writers, or Russian programmers who are now working for many U.S. corporations being already U.S. citizens or still are working across the border (by the way, one of the best anti-virus program, Kaspersky Anti-Virus or popular WebCEO search engine optimization program are the creation of Russian programmers). In fact, the Russian firms exported $2 billion in software with expected 80% growth in foreign sales (in accordance to OSPINT.com).

Because of excellent school education in spite of all described above problems, there are thousands of talented computer enthusiasts who want to use their computer skills to make decent money. They are the greatest Russia's asset for future IT growth. Many of them organize the business offering their programming skills to foreign companies for pennies. Those who are well established and have a number of clients slowly raise their fees. In accordance to the latest figures, there are about 30,000 Russians who are engaged in the Information technology (with a 40% yearly growth). At the same time, the average monthly compensation of Russian programmers is around $650 dollars what is about 15-20% less than in the US.

Keep in mind that the Russian educational system graduates more than 100,000 new programmers each year! This surplus is partially utilized by the foreign companies such as IBM, Google, Microsoft, and Cisco. They built the labs and development centers in Russia. The others programmers choose one of the attractive ways to become rich quickly: to rob the foreign banks or sell valuable information to clients. Is it legal? No. Do I care? No! With unstable banking, legal, infrastructure, and government system; with anger or hate; with total corruption at every level of a society, with a life that sucks, they have no remorse. The sick society builds monsters like Russian Business Network (RBN), widely known for being a willing Internet host for spammers, malware-filled Web sites, and pornography because of its loose policies and willingness to host any Web site operator with no questions asked.

I heard that RBN has disappeared from Russian cyberspace and re-appeared in China recently, only to disappear again. RBN, until recently based in St. Petersburg, Russia, was known as the ISP of choice for cyber criminals. The group closed its Russian operation after its upstream ISP cut off the access to the group. There are some speculations that that group spread out but continues its operations. Who would refuse to make big bucks? Cyber-crime is a big business worth millions of dollars, and a business operation as large as RBN would likely not give up that easily. The analysis shows that there has been very little change in operations. Alexa statistics for Antivirgear - the bogus program, shows that the rankings have actually improved over the last month—indicating that the RBN’s activities are still going strong.

GLOBAL THREAT COMES FROM RUSSIA
As a recent Wall Street Journal article noted, cyber-criminals are exploiting Google searches and social networks – with their myriad sources of personal data – to dig for information about upper-level corporate personnel. Using that information to deliver ever-more believable email solicitations, these criminals are taking direct assault via "phishing" at corporate proprietary information stored on the desktop.

Russia has been and remains today the single greatest source of malicious cyber activity and cyber crime (possibly with the exception of the US). In many ways, Russia’s geography, and social and economic conditions (as you see above) create the perfect ground for cyber criminals. They can find the prestige in addition to money in poorly secured western companies and unprotected individuals. Because even law enforcement is often challenged with corruption, it’s hard to expect that the law in Russia will be enforced once the western company presented the claim supported by the facts and necessary evidence.

All this was contributed to the creation of a highly sophisticated cyber underground network with its own community, newsletters, blogs, and its own moral. Taking into account millions of poor people who are struggling making payments, with lack of food and clothing, and often begging on the streets and in the subways of big cities, this network is like a country within a country. Having less pressure from the law enforcement comparing to hackers in other countries, Russian hackers enjoy the freedom of doing whatever they decided to do.

How much they can make? It's hard to estimate, but I was able to find the article with short information about "the infamous 76service.com, which was run by two enterprising criminals who call themselves 76 and Exoric. The two cleared a cool one million dollars per month in a scheme modeled after portfolio investments". They sold access to infected PCs (think bots) what they called a 'project.' The buyer would harvest any valuable data off the machine, and sell that information to the black market. The buyer acts as a fund manager, and as some stocks perform well, some infected machines had more valuable booty -- such as bank account information -- than others. They could then sell it on the black market for a lot of money".
Needless to say, this example is shocking. No wonder, cyber crime with a profit is so popular among hackers. Forget about "innocent" teenagers who hacked your PC or server and placed some stupid message on the first web page or screen saver. It's all about money!

It's hard to separate the politics from cyber crime in Russia. I have to return back to the political situation inside and outside of Russia, and particularly, US.

As you probably know, the former USSR had 15 Republics, and after the collapse of the Soviet Union, the Republics got separated from Russia in order to become separate countries. Some of them were able to get rid of Russian influence, and joined the West (particularly, Baltic republics that joined NATO); others are still under heavy Russian influence with a various degree.

Due to the large population of native Russians in many of those countries, they are under pressure from Putin who used various vehicles to apply the pressure, for instance, restricting the sale of wine from particular regions (Georgia and Moldova), interfering with elections (Ukraine, where even the hackers were used to break the Central Election Commission’s servers), and placing the military bases at the territories of neighboring countries. It is not hard to understand why Russia wants to preserve the influence or presence taking into account that many former Republics have the natural resources that were used during the USSR era or have strategic geographic locations.

The relations between Russia and the US have become somewhat tense last years. Along with the collapse of the Soviet empire, many neighboring countries also wanted to loose the ties with Russia as being formerly dominated by Russia areas. Therefore, NATO expansion and US military bases in that region along the borders are not pleasant things for Putin.

There is no doubt in my mind that Russian government of FSB are eager to use the expertise of local hackers to test the ability to disrupt the communications or infrastructure of those countries that may be considered as "definitely, not the friends" if not to say enemies. In fact, in recent years, the Russian government allocated significant funding for IT-related projects and initiatives.

As I mentioned earlier in my blog, Estonia experienced distributed denial-of-service (DDoS) attacks on government, news and bank servers for several weeks. The incidents followed the removal of a Soviet statue from a central Tallinn Square. It was discovered that around 20,000 networks of compromised computers from the US, Canada, Brazil, Vietnam and others were linked.

Mikhel Tammet, director of the Estonian communication and information technology department mentioned: "It was a political campaign induced by the Russians; a political campaign designed to destroy our security and destroy our society. The attacks had hierarchy and co-ordination." Estonia is one of the Baltic countries that got separated from the Russia and became an independent, West-oriented country.

Experts believe recent attacks have been far more sophisticated in their nature, designed specifically to slip under the radar of the governmental systems they were targeting. They have progressed from initial curiosity probes to well-funded and well-organized operations for significant political or economic gain.

Evidence suggests that governments and government-allied groups are now using the Internet for espionage and cyber attacks on the critical national infrastructure (financial markets, utility providers, air traffic control) of other countries. There were more reported cases in 2007 than any previous year. This growing threat is acknowledged by the United States Department of Defense.

As the number of security holes is growing every year, the number of hacking attempts is growing, too. In accordance to Secunia Advisories, the number of security holes have been grooving at a steady rate around 25% a year:
• 2003: 2,700 advisories published
• 2004: 3,100 advisories published
• 2005: 4,600 advisories published
• 2006: 5,300 advisories published

Do you see the trend? Then more we protect our operating systems, networks, and applications then more we meet new challenges. Therefore, security now accounts for 20 percent of IT technology and training budget, according to new survey. "It is clear that information security is an increasing concern for many organizations -- 78 percent of those surveyed by CompTIA indicate that management now considers information security a top priority," the report says.

The successful attacks mean weak defense. Weak defense means poor skills of the majority of the security consultants. The director of one of the largest security consulting firms in Washington painted the picture most harshly telling a group of policy makers, "80 percent of our security consultants have soft skills and only twenty percent have hard skills. If we don't reverse that ratio within the next two years, we'll be out of business."

You may see the surprising things happened these days. The Chief Information Security Officers of the large federal agencies and corporations are being registered to attend Hacker Exploits classes. It surely demonstrates that the security field has reached a triggering point.

You could read numerous articles about credit card theft. In fact, the most successful thieves were Russian hackers. With well established networks of credit card sellers and buyers, with the sophisticated technique and attack tools, the Russian groups such as Web Attacker, Snatch, Rock Phish, and MetaFisher have been successful in their efforts. In spite of some efforts and partial success of Russian law enforcement, the network and the market still exist.

When the whole scheme was analyzed, the law enforcement officials discovered a high level of sophistication, organizational capacity, and constantly improved malicious code along with thousands of bots. They are so advanced that they have been thinking about preventive steps such as to mine the data inside the law enforcement agencies in various countries. In fact, the hacking groups go well beyond just credit card theft. They provide fundamental and countermeasure research on organizational structures and processes utilizing various databases and archives by basically employing the principle "knowing your enemy". They even try to plant one of the attackers into the infrastructure of the target organization in order to have more inside information. The thorough research and analysis in addition to a known method of social engineering before attacking the target is a scary trend…

* * * * *
I feel that while you are reading this blog you are thinking how to put together the opposite things like tough life in Russia with beggars on the streets and the explosion of Information Technology with growing number of sophisticated hackers inside of one country? As one of the Russian journalists wrote, "the country, full of talented, smart, and honest people becomes more stupid, more dishonest, and dishonored, and 20 years from now, people will ask again themselves like a maniac after orgy: how could I do this?"

Should we be afraid of Russian Hackers? The answer is above.

Steganos offers free desktop encryption

2007-11-23T09:54:00.001-05:00

Safe One protects up to 2GB of sensitive data

I used some Steganos' freebies in a past but never valued them to the degree so I can recommend them. This time, I want to bring your attention to the new Steganos Safe One product, a freeware version of Steganos Safe for consumers and small businesses.

The privacy software provides protection for up to 2GB of sensitive data by creating two 1GB virtual drives which can store encrypted versions of the data.

According to the company, you can use various portable devices, such as iPod, USB sticks, digital cameras and PDAs that can be used as keys to open the Steganos "safe". The program also features a fully integrated password generator to help users produce secure passwords with a built-in multilingual dictionary.

Steganos PicPass allows users to utilize images as a personalized password by memorising their exact sequence. I have experimented with personalized images about a month ago but did not accept it for my passwords, yet. Personalized images is a new way to password protect your data.

"Steganos Safe One offers users real peace of mind, secure in the knowledge that their privacy is protected without them having to spend anything to do so. "

Steganos Safe One is now available for download. The Steganos Safe One supports Windows XP for the x64 processor architecture, and encrypts data with 256 bit AES. Not bad at all!
http://www.steganos.com/us/products/home-office/safe-one/overview/

* Certified are getting paid less!

2007-10-22T12:44:00.000-05:00

I found a small article written by Tessa Parmenter. She noted that his week, Foote Partners LLC released a study revealing unbelievable information: the average premium pay for uncertified workers INCREASED over those who are certified. They have seen the average premium pay for uncertified workers increase 8% and decrease 2.3% for certified engineers in the past year.

http://itknowledgeexchange.techtarget.com/networkhub/you-mean-i-wont-get-paid-more-for-getting-this-cert/?track=NL-81&ad=610275&asrc=EM_USC_2423108&uid=5617007

What can I say? Certainly, there are some exclusions (CCIE, CISSP, J2EE...) but every rope has the end! Read my previous posting about certifications in details.

* "Thank You" letter for your Friday enjoyment

2007-09-21T13:48:00.000-05:00

Thanks to my son who send me this "jewel" of a "Thank You" letter. I feel that I need to share it with you for a good Friday laugh. He interviwed the guy for a LAN Admin position. On the question what's the difference between the HUB and the SWITCH. He answered: "Hub is just a hub, and the switch it's like a car with a green and red light..." Well, below is a copy of his "Thank You" letter receved just next day over e-mail. I did not correct anything... Njoy! :-)

Dear Mr. YYYYY,

It was very enjoyable to speak with you and your team about the LAN Administrator position at Department of Labor. I think I was too nervous for some technical questions that you and you team asked me such as: how can you joint your server to the domain? The answer should be: go to command prompt then type: DCPROMO then server name. Another question you asked me what if user are not able to see your server? The correct answer should be at the logging window right click on the check box below your user ID change it to the correct server. Then what is the maximum speed of the switch? The correct answer should be 1000 Mbps. I know I get lost this morning from place to place. However, I know that I should have done a better job than what I did this morning. I also know that I am out of your consider about the job you want to hire that's fine with me. I just want to tell you that my brain was shut down this morning (I need a cup of café in the morning) those questions are within my knowledge, and I did do it well. If I have another change I would have done a lot better job.
I appreciate the time you took to interview me; I am very interested in working for you and looking for ward to hearing from you about the second Interview.

Sincerely Yours,
YYYYYY YYYY

* How to hack unencrypted wireless session

2007-08-10T08:18:00.000-05:00

Recently, I came across the information about unsecured WiFi connections. I am sure you are familiar with this scenario when you turn your laptop on in some of the buildings or neighborhoods, and your wireless card can find at least 2-3 unsecured wireless connections. Unfortunately, most of them are the result of the default configurations of the wireless router being pre-configured by the manufacturers and used by inexperienced consumers. While I can understand why they do it this way (for non-IT customers), it leads to a wide-open gate for hackers and this is not news, what is interesting is how easily Web app sessions can be hijacked on these networks.

Infamous Robert Graham, the CEO of Errata Security (I have the links to his web site in our Information Security Index), described the “man in the middle” attack. Robert hijacked a GMail session of a volunteer and showed how easily he could grab cookies and IP addresses and take over a session.

The attack is actually quite simple. First Robert needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement.

1. To ran the “Ferret” utility to copy all the cookies flying through the air

2. To clone the cookies into a browser with a home-grown tool called “Hamster”.

3. The attack can hijack sessions in almost any cookie-based web application (ex: Google’s Gmail, Microsoft’s Hotmail and Yahoo Mail).

4. Since those programs just uses cookies, getting the IP addresses and user names and passwords are not required.

How to protect your session? Hey, just use the SSL from the beginning instead of a pure HTTP session:

https://mail.google.com/mail/ instead of the http equivalent will be a good remedy.

* My War with the SPAM

2007-07-31T13:47:00.000-05:00

Spam hurts.
Spam drives us crazy.
Spam consumes resources on your web site, in your mail box, the traffic on the Internet, and a disk space on your ISP's servers.
Spam kills our precious time when we want to read the e-mails from legitimate senders but forced to read pure junk and delete the stream of offers to buy drugs, to play online casino, to work as the representative of a foreign company, to get the guaranteed cash, to catch the virus of Trojan horse program (hidden behind the text/link of image), to meet hot singles in your area, or porn crap.
How to fight SPAM?

I began with collecting the links to the informational sites that offer knowledge and resources on fighting the spam nightmare. You can find one here, too:
http://www.rtek2000.com/Tech/I-SecureLinks3.html

Reading through the numerous web pages , articles, blogs, and forums, I found that the first source of the spam to my e-mail box is my own e-mail address that can be scanned from any web site where I posted it by the e-mail harvesting programs freely available on the Internet. As far as I know, those programs were designed by the folks who did not want to spam but rather get the attention to their products. So, the simplest way to distribute the news about a particular product was to e-mail to a large number of cyber citizens. It is how the spamming started!

Now, the spamming is extended to the wide range of services, and the millions of affiliates who want to make a buck by selling the product or service need the customers who want to buy. You may ask me, how come I am getting e-mails with a garbage text in it; it's not the offer to buy anything, it's a junk! Well, thanks to the search engines (and particularly, to their "crawlers" or "spiders") that scan not only web sites pages but also the folders that contain e-mails. By sending the garbage-like text in e-mails with the keywords embedded in the text, the spammers hope to raise their web sites' popularity level through the search engine ranking. Particularly the spam that I am getting these days is about 60% of this kind.

I have seen several ways of packaging spam messages: Plain text, Image files, Document files, and lately PDF files.

So, how to protect your e-mail address from being harvested? There were numerous discussions on the web. I have participated in several of them. The common conclusion: there is no way to completely hide the e-mail address. I used to implement various JavaScript-based solutions that may protect against simple harvesting programs, however, as the countermeasures become more complicated, the "harvesters" become more sophisticated. My latest solution is to use the small image of my e-mail address being loaded thought the CSS code (cascading styles sheet method). It greatly reduces the chances to be harvested, however, it does not guarantee 100% protection because there are some programs that can use the character recognition in the image. Don't think it's done manually! Those programs do it automatically!

The biggest problem with the spammers lays in the area of blogging. If you happened to have the blog site of forum, you must clean your blogs from literally hundreds of spamming messages in every corner of your site! If you don't manage one, you are lucky because it is a real nightmare. The automated programs that specialize in breaking through the web site security rules using the weaknesses in the software design can post automated messages within seconds!
To be honest, I gave up on the forums completely by locking it up from posting but I still have to clean it up regularly (less often, at least). It is a very time-consuming task to tweak the web site's files, apply patches, or complicated solutions that in the end only temporarily protect against the stream of spam.

I have decided to concentrate on fighting the e-mail spam. The second step after getting some background on spamming was to identify the domains that are sending the spam. It is not a simple task taking into account that when the spammers send e-mails they rarely specify their real e-mail address but rather the link to their web site. The only way to find out the real sender is to look in the message header, and to grab the IP address from the top of the message. So, I have collected the IP addresses in the text file, day after day spending precious minutes for the purpose of identifying the biggest spammers in the world.

Well, I do not suggest you to repeat it. First of all, it's not the pleasant procedure. Second of all, there are many anonymizer-type of the programs that can hide your real IP address and to substitute it with a random IP address taken from the text file. The only what drives me up in my efforts is the revenge when I will be able to filter the most of the junk and redirect it to the trash can where it belongs.

After collecting the information from my e-mails, I have identified the high-level IP addresses (like 88.xxx.xxx.xxx, 89.xxx.xxx.xxx, etc). Then, using the WHOIS service, I have identified the countries that are originators of the spam e-mails. I realized that I have no customers in China, for instance, who order my products using English-based pages, so I can filter all of them out. Using similar approach, I have set the web site filters accordingly, so the domains that I have identified could not access my web sites.

You won't believe what happened. I have reduced the spam by 80% instantly!!

I felt that the victory is close but I did not expect the problem that I have faced really soon.

My sales dropped by 80%... No, it's not because I have filtered spam but (as I discovered later) because the Google's PR (page rank) of my web pages dropped from PR6 to zero. I began to investigate what happened. My guess that I have prevented the Google's spider to crawl my web site unfortunately was the correct one. The Google's spiders were in my filter-out range. It took me about two months of hard work in optimizing my web site, adding more pages, sending begging e-mails to Google until I have re-instated my position in the search engine.

Moral? Be careful when you implement the filtering!

I have changed my strategy after that and I filter only on the e-mail level, not the web site level. I have the long list of spammers (http://www.800-security.com/tech/SPAMaddresses.txt) that I am updating weekly. So, you can use it at your own discretion. Please keep in mind that the more filters I apply then the less information will be shown in the file. One quick suggestion: filter the e-mails that contain the .tr, .pl, .br, .ma, .th, .ru, .jp, .ch domains in the message header.

I am going to show which filters I used on the top of the text file soon. So, keep monitoring!

To finish my story, I want to point you to a very useful web site:
http://www.projecthoneypot.org/

See the Top 25 Countries Where Spam Servers Are Located.
I utilized a freely available technique to "honeypot" the spammers. So, now I can see how many of the "harvesters" were fooled by my program (oh, the sweet revenge!) as well as I see the updated in a real time list of the biggest spammers in the words by precise IP address. It gives me the opportunity to adjust my filters.

Am I getting the spam now? Yes. But it is 10-12 a day but not 80-120 as it used to be.

Happy fighting!

Russian Hackers...again

2007-06-21T07:38:00.000-05:00

Russian hackers hijack Italian sites to serve exploits blog posted by Ryan Naraine at ZDNET.COM demonstrated again that the war between hackers and security companies is an ongoing event and I doubt that it will be over in the nearest future. Yes, the law enforcement measures were improved across the entire world in the places where we could not expect earlier (China, Malasya). However, the creativity of those who design the malicious software is often above the creativity of those who design the countermeasures. Apparently, Russia is a good source of hackers (as well as the programmers). I would be especially careful to hire the Russian programmers to lower the cost of development if they still live in Russia. You can easily get your financial information stolen by those programmers who may build and hide a back door into your system.

The problem is that the most of the countermeasures are reactive even if some of the vendors

claim that their software includes intelligent engine that can recognize the new malicious program. None of the vendors will ever admit that those "intelligent engines" are good in the lab and on the paper (especially, the marketing) but fail in the field. Could they be sophisticated enough, they would prevent the attacks that involve several components including even the tiny proxy server that after being downloaded serves as a door to download the information stealer(the WebAttacker/MPack exploit toolkit).

While there is no guarantee that the latest-greatest software and OS patches installed on PC will protect you at 100%, it is still important at least to lower the risk of infection. Another countermeasure is to avoid browsing unknown web sites as much as possible. Is it possible? I think so.

While you are reading this article, I recommend you to follow the suggestion of the the blog and to run the Secunia’s free software inspector to scan your machine to look for weak spots.

* New struggle for current MCSEs

2007-06-10T14:42:00.000-05:00

For those who are MCSE 2003, Microsoft has some good news.
Yes, the endless struggle for being certified by Microsoft AND being current MCSE or MCP has entered into a new phase: http://www.microsoft.com/learning/exams/70-649.mspx
What bothers me that the Microsoft Marketing department, well in advance before the final release of Windows 2008 server, already offers the new certification in the run for more revenue that the new certification will generate. The product is not there, yet, but the certification is already there (beta).

Why to offer beta certification? It's pure simple. If you want to try passing the beta for free, you will obviously have to learn the product that was not released to the general public. And this IS the goal. Along with the money current MCSEs will pay for the exam (not the beta) later, Microsoft will achieve the goal to have more ambassadors of a new server operating systems, the ambassadors who will push it to their network environment...

Get your money ready, MCSEs!

* MAC security vs. Vista

2007-06-08T15:35:00.000-05:00

About a week ago, I had a conversation with some of my friends regarding the bullet-proof operating systems. One of them informed us that one of the Government organization decided to replace Windows-based workstation and to use Steve Jobs' MACs because they like UNIX kernel are not penetrainable due to the security architecture and required permissions from the kernel to use any external program. While I agreed on the kernel itself, I disagreed that MAC is a bullet-proof OS. The problem with any OS that it's not only kernel itself but the whole bunch of other files that participate in various services, supporting applications, and much more.
I liked MAC for a sleek interface and performance but not for the price tag. Also, Vista offers the same grade of a quility screen images and comparable performance. To support my statement, I sent them the link to the following article where the number of security problem were addressed:
http://www.crn.com/software/199701019?pgno=3
"If you look at the number of found vulnerabilities in Windows XP (28) vs. Vista (11) this year, Vista wins again. If that seems like a lot, don't forget Mac OS X has had 101 in the same time period".
No matter what the OS is being used and level of the security applied, the weakest link is always the end-user.