Fatma Bazargan’s blog


Accountability
January 20, 2009, 8:06 am
Filed under: Blogging
Robin Sharma

Robin Sharma

Below is a great read from the Blog of Robin Sharma

“Ideation without execution is delusion. The greatest idea in the world is useless without the discipline to make it happen. If you can’t create tangible results around your idea then it’s pointless. Great organizations and individuals make things happen. They do what they will say they will do. Very simply, they are meticulous about accountability.

 

Being accountable means that you are committed. That you will achieve the results you promised. Too many people avoid being accountable by blaming circumstances. (Blaming others or circumstances is simply excusing yourself.) So much so, that execution and accountability are a competitive advantage. The Rare Ones are those that get things done and end up defining the marketspace.”

 

Good Day!

Fatma



Various # 09-101
January 18, 2009, 11:47 am
Filed under: Security
Various

Various

Two worms that few security websites and media recently have reported are W32.Conficker.worm and WORM_DOWNAD.AD both have an exploit for the recent Microsoft Server Service Vulnerability (MS08-067). The W32.Conficker.worm uses the exploitation method derived from the metasploit ms08_067_netapi module to spread itself and the WORD_DOWNAD.AD it is an autorun-based malware. The way it works:

§ Sends exploit packets to all machines on network not patched against MS08-067 (patch management); once exploited;

§ The vulnerability allows remote code execution for an attacker and effects every Windows version ever since Windows 2000 (platform); then

§ Drops a copy of itself in the Recycler Folder (Recycle Bin) of all available removable and network drives (propagation); next

§ Creates an obfuscated autorun.inf file on all these drives, so the worm is executed simply by browsing to the network folder or removable drive (weak security policy); then

§ Enumerates the available servers on the network and using that information it gathers a list of user accounts on these machines (segregation); finally,

§ Runs a dictionary attack against the accounts using a predefined password list; if successful it drops a copy of itself on their system and uses a scheduled task (weak passwords – policy).

 

Word to Spread: even if you have one machine UNPATCHED it is enough to cause a catastrophe in the entire network. The patch has been available ever since late last year. If you haven’t patched your machines then it’s highly recommended to do so, download and install MS08-067. (Patch Management)

 

Another news bit: LinkedIn is a professional networking site that connects several millions of users across many different industries. It has been finally touched by cybercriminals; a close to hundred bogus profiles has been created to include links to malware domains, redirectors and droppers to cause infection; using the names and images of famous individuals such as Salma Hayak, Beyonce, Kate Hudson, and several others.  A detailed explanation can be found here.

 

Finally, there is an amusing list put by Lenny Zeltser from dshield about How to Suck in Information Security from, and an informative cheat sheet about Information Security Assessment RFP, worth read.

 

 

Good Day!

Fatma Bazargan



Various # 100-09
January 14, 2009, 10:15 am
Filed under: Security
Cyber Warfare

Cyber Warfare

What have been noticed in the field recently?

Microsoft issued a critical security bulletin MS09-001: Vulnerabilities in Microsoft Server Message Block (SMB) protocol Could Allow Remote Code Execution on affected systems. So patch up your systems.

 

I’m sure so far most of you have been reading about the latest research work on generating rogue Certificate Authority (CA) using MD5 collision attacks. Apparently the Carnegie Melon Lab in collaboration with the NSF has come up with a research about a solution called Perspectives a FireFox extension that detects rogue CAs: Improving SSH-Style Host Authentication with Multi-Path Network Probing. Worth a Read.

 

As security professionals we have always noticed that any political, martial, financial, etc views always had a cyber dimension and we called it Cyber Warfare. Some of the examples can be the cyber attacks on Estonia and Georgia. The Economist had a great article explaining Cyber Warfare called “Marching off to Cyberwar” their insight is..

For a cyberattack to qualify as “cyberwar”, it must take place alongside actual military operations.” They also go in defining cybervandalism or cyberhooliganism as being forms of cybercrime. In that essence, I believe every country or world wide should come up with an agreement on a definition for cyber warfare to accommodate it in their laws or have entirely new laws for it!

 

Well I guess I’ll have another update by tonight as I’m getting late for a meeting here.

 

Good Day All!

Fatma.