Fake Documents

After the Wikileaks scandal, the Department of Defense is using a new software that generates fake documents that send an alert when they are opened. This would allow the DoD to provide misinformation but also to potentially see who opened the file and where they are.

Unfortuneatly, there seems to be a few ways around this techonlogy. You can disconnect your computer from the Internet before you open files, but this can be averted by requireing the document to authenticate and alert before the contents are visible to the user. Once you have access to the contents, you could easily take screenshots of the information and delete the original.

For more info, see: http://www.schneier.com/blog/archives/2011/11/fake_documents.html

Survey says upper managers weak on security issues

A new survey released by McAfee this past week highlighted data center security in 147 companies. 60% of the IT professionals surveyed said their own managers did not understand security concerns. At the same time, 40% said that they did not believe their company’s security was adaquate.

Some other interesting information was included in the survey as well. A large number of companies use security products from seven or more different developers. The majority said that reducing that amount did not increase security. For companies that had their security compromised in the past, 70% said the attack originated from outside their networks.

The survey also asked about cloud computing. 80% of professionals surveyed said security is priority one when going to a public cloud. Not suprisingly, most seemed to prefer a private cloud, with 60% saying security would not be an major obstacle.

The most important lesson to learn from this survey is the centralization of security policies. Company wide security policies should be developed by a core group of IT professionals and forwarded to management for aproval.

3D Printers used for Skimming

Criminals are getting more sophisticated with ATM skimmers. A skimming gang recently stole more than $400,000 using ATM skimmers made with a 3D printer. Up until this point, skimmers were usually made by hand and carefully modeled to blend in with the ATM. Last year, a 3D printing company denied an order to print an ATM skimmer, while back in June, four men were indicted whom authorities said had reinvested their “profits” from skimming into a 3D printer.

Franky De Schouwer, from a leading 3D printer manufacturer, says a high quality 3D printer can cost as much as $20,000. He also said that 3D printers would be able to “print a high quality skimming device that, including some post finishing, will look like the real thing.”

A possible solution to counter these new skimmers made with 3D printers is to use security seals near the card reader on the ATM. Criminals would have a hard time replicating these seals, but the downside is that customers may not know the difference between a real and a fake seal.

Service and Version Info

Before hackers commence an attack, it is almost certain that they will spend a large amount of time researching their target. When hackers want to attack a server, one of the first things they will do is use network scanning tools to obtain information about what OS is being used and what services are running on it. Once the hackers know your OS version, it becomes easier to attack the server because they can narrow down the possible exploits. The more information they can obtain about your server, the easier their job is.

 Simple mail transport protocol (SMTP) is one of the most used and exploited services. Using network scanning tools, hackers can easily see what mail service version you are running. In order to hide this information from scanning tools, certain software has to be used such as MetaEdit, which changes the banner shown to a hacker when they scan the server.

Version info usually is shown by default in the banner. This information is visible to anyone who has a network scanner and scans your server. Changing the default banner is an easy way to make it harder for hackers to attack your resources.

For more info, vist: http://www.techrepublic.com/blog/security/dont-leak-service-and-version-info-to-would-be-hackers-how-to-hide-it/6513

Medical Device Vulnerability

Jerome Radcliffe, an IT security expert and a diabetic, has shown that medical devices such as insulin pumps and glucose monitors can possible be hacked remotely. He found that his insulin pump, which uses a wireless remote, could be reprogrammed to be controlled by any remote.  All that is required is a simple USB device that can be easily bought online. Hackers could send commands to the insulin pump with potentially deadly results.

Glucose monitors are also not secure. Radcliffe also tested his glucose monitor and found that he could intercept the wireless signals containing blood sugar levels and manipulate them. Hackers could send a signal with fake blood sugar levels and fool the user into thinking their blood sugar levels were at safe limits when they were not.

This demonstrates that almost any device can be hacked. Medical devices are particularly troublesome as hackers could seriously injure or even kill someone with one of these devices. Pacemakers and defibrillators have already been shown to be vulnerable, and it’s only a matter of time before other devices are vulnerable.

For more info, see: http://www.techrepublic.com/blog/security/black-hat-demo-shows-vulnerability-of-insulin-pumps-to-remote-attack/6241

Laptop Battery Vulnerability

A new type of vulnerability may be on the forefront, a battery vulnerability. Newer batteries have a PCB that monitor charge levels, initiate charging, and regulate heat. According to Charlie Miller, a leading security expert, batteries in the new Macbooks are shipped with the default username and password. This default username and password is designed to allow Apple to send out updates to the battery. Unfortuneatly, this also allows criminals to exploit the battery and place malware on them or even overcharge the battery, possibly leading to an explosion.

This goes to show that in IT security you need to stay up to date as to what the latest threats are. Not many security professionals would think to check the battery. Staying up to date is the best way to protect your IT resources from harm.

For further reading, visit: http://www.techrepublic.com/blog/security/attack-of-the-apple-laptop-battery-vulnerability-could-be-used-to-install-malware/5835?tag=nl.e101