Monthly Archive

I have used my PayPal account a fair bit these past months. Both receiving and making payments.

Thus, when I got this email with a payment that the PayPal Investigation had returned, I was on the alert. No, not the phishing alert - I was more worried about someone making a payment and me not getting it. The obvious victim for scams, I might add.

I did not recognize the payers name, and the amount of US$35 sounded a far bit strange to me. Puzzled, I started to read the fine prints, and decided that I needed to check my account to investigate further. I scrolled down the mail to find the link to the PayPal Log on page.

Need I say this was December 26? At the kitchen table, relaxing with my late breakfast. Oh, yes, it was a nice dinner last night!

Upon finding the link again, my mind kicked me in the back, and I decided to check the link before clicking. No surprise there - I was one click away from getting phished (phish, phishing, phisher, phished, - I have no clue of the correct phishing grammar, I must admit).

So Leo, Phishers do have a clue. They are getting better every single day. And if you let the guard down only a split second after a nice dinner party, you might find your account empty. As you note, some are still swearing to old tools and bad quality, but those who mean business adopts and research. And gets their rewards.

Take a good look at the images - they show the email I got. The first shows the standard PayPal template with the serious looking header.

This next picture shows the transaction information - the part of the email that made me believe the authenticity of the scam.

This post only serves the purpose of wishing you all happy holidays! 

There might or might not be more postings this year - I am running a backlog with a security profile and a couple of other things. If times allows, I will make it available this year - or the next ;)

Some lyrics keep ringing in my head, and I just have to let it all out:

### 

It seems like I am getting a white Christmas, just like the ones I used to know. It's Christmas time, no need to be afraid. There will be no virus rocking around the Christmas tree.  

The Santa IM worm will be hurrying down the chimney tonight, especially if you've been an angel all year. Jingle bells swing and jingle bells ring - it's your IPS alarm!

Later on, they'll conspire,
As they dream by the fire
To face unafraid,
The plans that they've made,
hacking in a winter wonderland.

Last Christmas
They hacked your main app,
But the very next day you gave it away
This year
To save them from tears
They'll give it to someone special

We wish you a merry Christmas, we wish you a merry Christmas, we wish you a merry Christmas, and a happy new year!

To all of you, from all of us at Roer.com!!! 

Securing and being in control of your website is increasingly important. Times have changed dramatically since I first started back in 1994 - when the worries was focused around backups and keeping the connections from being dropped.

Today, websites are no longer static. They have evolved into application front ends to back-offices, ERP, CRM, shopping-solutions and logistics. They are tightly bonded with your core business ICT systems.

Still, all too many people seems to think that since websites use HTML to render their pages, there is no need to spend big money on security. True, you add HTTPS for payment, and you might have an audit once in a while. But hacking your own site? Nah, not many do that.

I argue that you should. It is much better - also from a cost-efficiency point of view - to discover your weaknesses yourself. Before hackers corrupts your website. Because now you can patch and plan your actions up front - instead of having to put out fires.

You see - someone will hack you. Is it not better that you be the one to find the holes?

This new version of Burp, from PortSwigger, is there to help you. Take a look at it, and take control!

Not sure how to do the hacking yourself? Then read the book: The Web Application Hackers's handbook 

Authored by the same guys!  

Not convinced? Well, then, why don't you just sit tight and wait for some script kiddie or a real hacker come pay your web application a visit?  

Just came about this KB at Microsoft.

Excerpt:

Your password must be at least 18770 characters and cannot repeat any of your previous 30689 passwords.

This no longer is an issue, after the Windows 2000 Service Pack 3.

Let's just conclude that this must have been a pretty secure password policy! What a brute forcer would have been required to break this password?

The biggest risk here would be to remember the password, the second biggest would be to type it correctly! Perhaps this is one of those times you really wished you had one of those password-saving smart-cards?

And with regards to the part that you are not to repeat the last 30 689 passwords? My bet is that there is easier to get the full Lotto payout than to be able to come up with the same 18 770 character password twice (or 30 689 times).

Only too bad Microsoft decided to remove this security from their Windows 2000 server with the Service Pack 3!

And now the Canadian Passport application web-site was discovered to have a fault - by a simple change of the ID in the URL, all applications and privacy data of other users where available. 

Duh.

Discovered at the I.T. Security Guy. 

I just love Gnucitizen - this time Adrian Pastor explains how to use an Outlook Web Access design flaw to create a phishing attack. 

The post is a bit technical, but it gives you a very good idea of just how easy it is to fool your OWA users to give up their user names / passwords to a hacker.

The scary bit is that Adrian told Microsoft about this a couple of years ago - but since this is a design feature and not a bug, Microsoft is not changing it.

So if you are running OWA - make sure to take precautions!  

Earlier this year, I posted about my experience with 0ww and the HiPoint Ltd hijackers.

This post has generated a few e-mails with requests for help to remove the threat. So here goes a mock-up of one of the answers:

 Steve H. sent me an email asking how to remove the HiPoint tools from his computer. This is my reply: 

### 

From your message, I believe that only one computer is exploited, and that your request is not regarding a business network. Please correct me if I am wrong, as that would require a different approach.

What the HiPoint tools is doing to your computer, I can only guess (as I have no intention of actually trying it currently).
To remove it, you may want to try tools like Spybot Search and Destroy from Kolla in Germany: www.kolla.de - this is free tool, which I use much myself. Make sure you download from Kolla himself - as there are a few rouge versions out there.
There are alternatives that may or may not work better - among those Lavasoft Ad-Aware is well known. http://www.lavasoftusa.com/
It is not free, however.

If it is not possible to remove it (either the tools do not find it, or finds it again and again), then I suggest you low-level format your hard drive, and reinstall your OS. Make sure you do have backups of your data before the formatting, though, or the data is gone.

The re-installation process takes a few hours, and you need to patch your OS after the installation.

The true challenge is in the future - to avoid these kind of attacks. They get smarter by every day, and very few, if anyone, can expect to keep their computer clean all the time. So I hope you do not feel that you have done somethings stupid by clicking the button - remember I almost did the same, and I deal with these things as my job... :)

###

Steve also had some issues with the file MGRS.exe. 

This thread gives valuable input: http://forums.techguy.org/malware-removal-hijackthis-logs/591494-solved-mgrs-exe-startup.html

###

And of course - why not just use the Microsoft own malware scanner? After all, they made the OS, so they should be in control of what is what? Right?  One of the bonuses of using the Microsoft OneCare tools, is that they are free, and you know you can trust the publisher. 

 ###

To end this post, five tips on how to avoid the malware:

1. Keep an updated and trusted AntiVirus tool running at all times. Make sure it focuses on doing its job, and not telling you what it is about all the time. It is a generally good idea to combine it with a software firewall and antispam. 

2. Keep you OS updated at all times. If you run windows, make sure Windows Update is on, and configured for automatic download and update. If you run Linux, make sure you set it up to download and install updates automatically (how? depends on the distros - usually pretty simple by adding an update source and setting it to check automatically)

3. Use common sense when surfing, downloading and running software. Not sure? Then don't do it!  

4. Learn how to deal with it - how to spot a hoax, how to recognize a bad website, and how to see the bad guys. Remember that if an offer sounds too good to be true, it is! Even on the Internet! 

5. Have fun! After all, what is the use of computers and Internet if you cannot have some fun with it? And when you are protected, and know how to deal with the threats, you can surf in confidence!